1 files changed, 63 insertions, 0 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 00000000..eb68c302
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,63 @@
+---
+# Runs coverity-scan.sh every 24h on `master`
+name: Coverity Scan
+on:
+  schedule:
+    - cron: '0 1 * * *'
+  pull_request:
+    paths:
+      - .github/workflows/coverity.yml
+      - coverity-scan.sh
+env:
+  DISABLE_TELEMETRY: 1
+concurrency:
+  group: coverity-${{ github.ref }}
+  cancel-in-progress: true
+jobs:
+  coverity:
+    if: github.repository == 'netdata/netdata'
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        id: checkout
+        with:
+          submodules: recursive
+      - name: Prepare environment
+        id: prepare
+        env:
+          DEBIAN_FRONTEND: 'noninteractive'
+        run: |
+          ./packaging/installer/install-required-packages.sh \
+            --dont-wait --non-interactive netdata
+          sudo apt-get install -y libjson-c-dev libyaml-dev libipmimonitoring-dev \
+                                  libcups2-dev libsnappy-dev libprotobuf-dev \
+                                  libprotoc-dev libssl-dev protobuf-compiler \
+                                  libnetfilter-acct-dev
+      - name: Run coverity-scan
+        id: run
+        env:
+          REPOSITORY: 'netdata/netdata'
+          COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          COVERITY_SCAN_SUBMIT_MAIL: ${{ secrets.COVERITY_SCAN_SUBMIT_MAIL }}
+        run: |
+          bash -x ./coverity-scan.sh --with-install
+      - name: Failure Notification
+        uses: rtCamp/action-slack-notify@v2
+        env:
+          SLACK_COLOR: 'danger'
+          SLACK_FOOTER: ''
+          SLACK_ICON_EMOJI: ':github-actions:'
+          SLACK_TITLE: 'Coverity run failed:'
+          SLACK_USERNAME: 'GitHub Actions'
+          SLACK_MESSAGE: |-
+              ${{ github.repository }}: Coverity failed to run correctly.
+              Checkout: ${{ steps.checkout.outcome }}
+              Environment preparation: ${{ steps.prepare.outcome }}
+              Coverity run: ${{ steps.run.outcome }}
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
+        if: ${{
+            failure()
+            && github.event_name != 'pull_request'
+            && startsWith(github.ref, 'refs/heads/master')
+          }}