1 files changed, 83 insertions, 0 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..290f7e4
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,83 @@
+name: Coverity
+on:
+  schedule:
+    - cron: '42 0 * * *'  # Run once per day, to avoid Coverity's submission limits
+  workflow_dispatch:
+
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
+jobs:
+  scan:
+    runs-on: ubuntu-22.04
+
+    env:
+      CC: gcc
+      DEBIAN_FRONTEND: noninteractive
+      TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+    steps:
+      - name: Checkout repository from github
+        if: env.TOKEN
+        uses: actions/checkout@v4
+
+      - name: Download Coverity
+        if: env.TOKEN
+        run: |
+          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz
+          mkdir cov-scan
+          tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan
+
+      - name: Install packages
+        if: env.TOKEN
+        run: |
+          sudo apt-get update && sudo apt-get install -y \
+            autoconf \
+            gettext \
+            libcanberra-dev \
+            libperl-dev \
+            python2-dev \
+            python3-dev \
+            liblua5.4-dev \
+            lua5.4 \
+            ruby-dev \
+            tcl-dev \
+            libgtk2.0-dev \
+            desktop-file-utils \
+            libtool-bin \
+            libsodium-dev
+
+      - name: Set up environment
+        if: env.TOKEN
+        run: |
+          echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH
+          (
+          echo "NPROC=$(getconf _NPROCESSORS_ONLN)"
+          echo "CONFOPT=--enable-perlinterp --enable-pythoninterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp"
+          ) >> $GITHUB_ENV
+
+      - name: Configure
+        if: env.TOKEN
+        run: |
+          ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing
+          # Append various warning flags to CFLAGS.
+          sed -i -f ci/config.mk.sed src/auto/config.mk
+          sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk
+
+      - name: Build/scan vim
+        if: env.TOKEN
+        run: |
+          cov-build --dir cov-int make -j${NPROC}
+
+      - name: Submit results
+        if: env.TOKEN
+        run: |
+          tar zcf cov-scan.tgz cov-int
+          curl --form token=$TOKEN \
+            --form email=$EMAIL \
+            --form file=@cov-scan.tgz \
+            --form version="$(git rev-parse HEAD)" \
+            --form description="Automatic GHA scan" \
+            'https://scan.coverity.com/builds?project=vim'
+        env:
+          EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}