1 files changed, 60 insertions, 0 deletions

diff --git a/.github/workflows/covscan.yml b/.github/workflows/covscan.yml
new file mode 100644
index 0000000..28dc46f
--- /dev/null
+++ b/.github/workflows/covscan.yml
@@ -0,0 +1,60 @@
+name: coverity-scan
+on:
+  schedule:
+    - cron: '0 18 * * 0' # Sundays at 18:00 UTC
+  push:
+    branches: [ "coverity_scan" ]
+
+jobs:
+  latest:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository code
+        uses: actions/checkout@v2
+        with:
+          submodules: recursive
+
+      - name: Prepare packages
+        run: |
+          sudo apt-get update
+          sudo apt-get install zstd binutils-dev elfutils libpcap-dev libelf-dev gcc-multilib pkg-config wireshark tshark bpfcc-tools python3 python3-pip python3-setuptools qemu-kvm rpm2cpio libdw-dev libdwarf-dev
+
+      - name: Prepare Clang
+        run: |
+          wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
+          echo "deb http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main" | sudo tee -a /etc/apt/sources.list
+          sudo apt-get -qq update
+          sudo apt-get -qq -y install clang-11 lld-11 llvm-11
+
+      - name: Download Coverity Build Tool
+        run: |
+          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=xdp-project%2Fxdp-tools" -O cov-analysis-linux64.tar.gz
+          mkdir cov-analysis-linux64
+          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+      - name: Configure
+        run: ./configure
+        env:
+          CLANG: clang-11
+          LLC: llc-11
+
+      - name: Build with cov-build
+        run: |
+          export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
+          cov-build --dir cov-int make
+
+      - name: Submit the result to Coverity Scan
+        run: |
+          tar czvf xdp-tools.tgz cov-int
+          curl \
+            --form project=xdp-project/xdp-tools \
+            --form token=$TOKEN \
+            --form email=toke@redhat.com \
+            --form file=@xdp-tools.tgz \
+            --form version=trunk \
+            --form description="xdp-tools" \
+            https://scan.coverity.com/builds?project=xdp-project%2Fxdp-tools
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}