vim/.github/workflows/coverity.yml

name: Coverity
on:
  schedule:
    - cron: '42 0 * * *'  # Run once per day, to avoid Coverity's submission limits
  workflow_dispatch:

permissions:
  contents: read # to fetch code (actions/checkout)

jobs:
  scan:
    runs-on: ubuntu-22.04

    env:
      CC: gcc
      DEBIAN_FRONTEND: noninteractive
      TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}

    steps:
      - name: Checkout repository from github
        if: env.TOKEN
        uses: actions/checkout@v4

      - name: Download Coverity
        if: env.TOKEN
        run: |
          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz
          mkdir cov-scan
          tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan

      - name: Install packages
        if: env.TOKEN
        run: |
          sudo apt-get update && sudo apt-get install -y \
            autoconf \
            gettext \
            libcanberra-dev \
            libperl-dev \
            python2-dev \
            python3-dev \
            liblua5.4-dev \
            lua5.4 \
            ruby-dev \
            tcl-dev \
            libgtk2.0-dev \
            desktop-file-utils \
            libtool-bin \
            libsodium-dev

      - name: Set up environment
        if: env.TOKEN
        run: |
          echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH
          (
          echo "NPROC=$(getconf _NPROCESSORS_ONLN)"
          echo "CONFOPT=--enable-perlinterp --enable-pythoninterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp"
          ) >> $GITHUB_ENV

      - name: Configure
        if: env.TOKEN
        run: |
          ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing
          # Append various warning flags to CFLAGS.
          sed -i -f ci/config.mk.sed src/auto/config.mk
          sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk
          # -O2 gives false warning and turns it into an error:
          # warning: function may return address of local variable [-Wreturn-local-addr]
          sed -i 's/-O2 \?//' src/auto/config.mk

      - name: Build/scan vim
        if: env.TOKEN
        run: |
          cov-build --dir cov-int make -j${NPROC}

      - name: Submit results
        if: env.TOKEN
        run: |
          tar zcf cov-scan.tgz cov-int
          curl --form token=$TOKEN \
            --form email=$EMAIL \
            --form file=@cov-scan.tgz \
            --form version="$(git rev-parse HEAD)" \
            --form description="Automatic GHA scan" \
            'https://scan.coverity.com/builds?project=vim'
        env:
          EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}