name: coverity on: schedule: # every day at 9:00 UTC - cron: '0 9 * * *' env: CORES: 2 BUILD_MODE: normal GPG_VERSION: stable RNP_TESTS: '' USE_STATIC_DEPENDENCIES: yes jobs: scan: runs-on: ubuntu-latest timeout-minutes: 20 steps: - uses: actions/checkout@v3 with: fetch-depth: 1 submodules: true - name: Setup environment run: | . ci/gha/setup-env.inc.sh ci/install_noncacheable_dependencies.sh - name: Cache id: cache uses: actions/cache@v3 with: path: ${{ env.CACHE_DIR }} key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }} - name: Build cache if: steps.cache.outputs.cache-hit != 'true' run: | set -x ci/install_cacheable_dependencies.sh botan jsonc - name: Download Coverity env: TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} run: | wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz mkdir cov-analysis-linux64 tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 - name: Build run: | set -x export PATH="$PWD/cov-analysis-linux64/bin:$PATH" cov-build --dir cov-int ci/main.sh - name: Submit env: TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} run: | tar czvf results.tgz cov-int curl \ --form project=$GITHUB_REPOSITORY \ --form token=$TOKEN \ --form email=packaging@ribose.com \ --form file=@results.tgz \ --form version=$GITHUB_REF \ --form description=$GITHUB_SHA \ https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY