name: coverity

on:
  schedule:
    # every day at 9:00 UTC
    - cron: '0 9 * * *'

env:
  CORES: 2
  BUILD_MODE: normal
  GPG_VERSION: stable
  RNP_TESTS: ''
  USE_STATIC_DEPENDENCIES: yes

jobs:
  scan:
    runs-on: ubuntu-latest
    timeout-minutes: 20
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 1
          submodules: true
      - name: Setup environment
        run: |
          . ci/gha/setup-env.inc.sh
          ci/install_noncacheable_dependencies.sh
      - name: Cache
        id: cache
        uses: actions/cache@v3
        with:
          path: ${{ env.CACHE_DIR }}
          key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }}
      - name: Build cache
        if: steps.cache.outputs.cache-hit != 'true'
        run: |
          set -x
          ci/install_cacheable_dependencies.sh botan jsonc
      - name: Download Coverity
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
        run: |
          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz
          mkdir cov-analysis-linux64
          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
      - name: Build
        run: |
          set -x
          export PATH="$PWD/cov-analysis-linux64/bin:$PATH"
          cov-build --dir cov-int ci/main.sh
      - name: Submit
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
        run: |
          tar czvf results.tgz cov-int
          curl \
            --form project=$GITHUB_REPOSITORY \
            --form token=$TOKEN \
            --form email=packaging@ribose.com \
            --form file=@results.tgz \
            --form version=$GITHUB_REF \
            --form description=$GITHUB_SHA \
            https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY