1 files changed, 96 insertions, 0 deletions

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..5998a1d
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,96 @@
+
+name: Coverity
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  scan:
+    runs-on: ubuntu-latest
+    if: ${{ github.repository_owner == 'FreeRDP' }}
+    steps:
+    - uses: actions/checkout@v4
+    - name: Install apt dependencies
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y \
+         libxrandr-dev \
+         libxinerama-dev \
+         libusb-1.0-0-dev \
+         xserver-xorg-dev \
+         libswscale-dev \
+         libswresample-dev \
+         libavutil-dev \
+         libavcodec-dev \
+         libcups2-dev \
+         libpulse-dev \
+         libasound2-dev \
+         libpcsclite-dev \
+         xsltproc \
+         libxcb-cursor-dev \
+         libxcursor-dev \
+         libcairo2-dev \
+         libfaac-dev \
+         libfaad-dev \
+         libjpeg-dev \
+         libgsm1-dev \
+         ninja-build \
+         libxfixes-dev \
+         libxkbcommon-dev \
+         libwayland-dev \
+         libpam0g-dev \
+         libxdamage-dev \
+         libxcb-damage0-dev \
+         ccache \
+         libxtst-dev \
+         libfuse3-dev \
+         libsystemd-dev \
+         libcairo2-dev \
+         libsoxr-dev \
+         libsdl2-dev \
+         docbook-xsl \
+         libkrb5-dev \
+         libcjson-dev \
+         libpkcs11-helper1-dev \
+         libsdl2-ttf-dev \
+         libsdl2-image-dev \
+         libwebkit2gtk-4.0-dev \
+         clang \
+         libopus-dev \
+         libwebp-dev \
+         libpng-dev \
+         libjpeg-dev \
+         liburiparser-dev
+    - name: Download Coverity build tool
+      run: |
+        wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=FreeRDP" -O coverity_tool.tar.gz
+        mkdir coverity_tool
+        tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+    - name: Build with Coverity build tool
+      run: |
+        export PATH=`pwd`/coverity_tool/bin:$PATH
+        export CC=/usr/bin/clang
+        export CXX=/usr/bin/clang++
+        # in source build is used to help coverity to determine relative file path
+        cmake \
+              -GNinja \
+              -C ci/cmake-preloads/config-coverity.txt \
+              -DALLOW_IN_SOURCE_BUILD=true \
+              -B. \
+              -S.
+        cov-build --dir cov-int cmake --build .
+
+    - name: Submit build result to Coverity Scan
+      run: |
+        tar czvf cov.tar.gz cov-int
+        curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
+          --form email=team+coverity@freerdp.com \
+          --form file=@cov.tar.gz \
+          --form version="Commit $GITHUB_SHA" \
+          --form description="Build submitted via CI" \
+          https://scan.coverity.com/builds?project=FreeRDP