1 files changed, 68 insertions, 0 deletions
diff --git a/third_party/heimdal/.github/workflows/coverity.yml b/third_party/heimdal/.github/workflows/coverity.yml
new file mode 100644
index 0000000..78ec7e5
--- /dev/null
+++ b/third_party/heimdal/.github/workflows/coverity.yml
@@ -0,0 +1,68 @@
+name: Linux Coverity Build
+
+on:
+    push:
+      # Pushes to this branch get the scan-build treatment
+      branches:
+         - 'coverity*'
+
+jobs:
+    linux:
+        #if: ${{ secrets.COVERITY_SCAN_TOKEN }} != ''
+        runs-on: ${{ matrix.os }}
+        strategy:
+            fail-fast: false
+            matrix:
+                name: [linux-clang]
+                include:
+                    - name: linux-clang
+                      os: ubuntu-22.04
+                      compiler: clang
+        steps:
+            - name: Clone repository
+              uses: actions/checkout@v1
+            - name: Install packages
+              if: startsWith(matrix.os, 'ubuntu')
+              run: |
+                sudo apt-get update -qq
+                sudo apt-get install -y bison comerr-dev flex libcap-ng-dev libdb-dev libedit-dev libjson-perl libldap2-dev libncurses5-dev libperl4-corelibs-perl libsqlite3-dev libkeyutils-dev pkg-config python3 ss-dev texinfo unzip netbase keyutils ldap-utils gdb apport curl libmicrohttpd-dev clang-tools clang-format jq valgrind
+                # Temporary workaround for:
+                # https://github.com/actions/virtual-environments/issues/3185
+                sudo hostname localhost
+            - name: Download Coverity Build Tool
+              env:
+                  TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+                  PROJECT: ${{ secrets.COVERITY_SCAN_PROJECT }}
+              run: |
+                  wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$PROJECT" -O cov-analysis-linux64.tar.gz
+                  mkdir cov-analysis-linux64
+                  tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+            - name: Build
+              env:
+                CC: ${{ matrix.compiler }}
+                MAKEVARS: ${{ matrix.makevars }}
+                CONFIGURE_OPTS:  ${{ matrix.configureopts }}
+              run: |
+                /bin/sh ./autogen.sh
+                export PATH="$PWD/cov-analysis-linux64/bin:$PATH"
+                mkdir build
+                cd build
+                ../configure --srcdir=`dirname "$PWD"` --enable-maintainer-mode --enable-developer --with-ldap $CONFIGURE_OPTS --prefix=$HOME/inst CFLAGS="-Wno-error=shadow -Wno-error=bad-function-cast -Wno-error=unused-function -Wno-error=unused-result -Wno-error=deprecated-declarations"
+                ulimit -c unlimited
+                # We don't want to scan-build libedit nor SQLite3 because ETOOSLOW
+                (cd lib/libedit && make -j4)
+                (cd lib/sqlite && make -j4)
+                cov-build --dir cov-int make -j4
+                tar czvf ../heimdal.tgz cov-int
+            - name: Submit the result to Coverity Scan
+              env:
+                  TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+                  EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
+                  PROJECT: ${{ secrets.COVERITY_SCAN_PROJECT }}
+              run: |
+                  curl \
+                  --form "token=$TOKEN" \
+                  --form "email=$EMAIL" \
+                  --form "file=@heimdal.tgz" \
+                  --form version="$(git rev-parse HEAD)" \
+                  --form description="$GITHUB_REF / $GITHUB_SHA" "https://scan.coverity.com/builds?project=$PROJECT"