--- /dev/null
+name: Coverity Scan
+
+on:
+ workflow_dispatch:
+ schedule:
+ - cron: '0 14 * * 1'
+
+jobs:
+ scan:
+ environment: CoverityScan
+ name: Coverity Scan
+ runs-on: ubuntu-20.04
+
+ steps:
+ - name: Clone Atheme source code repository
+ uses: actions/checkout@v2
+ with:
+ ref: master
+ repository: 'atheme/atheme'
+ submodules: recursive
+
+ - name: Update Atheme contrib submodule
+ run: |
+ cd modules/contrib/
+ git checkout master
+ git pull
+ cd ../../
+
+ - name: Install dependencies
+ working-directory: /tmp
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y --no-install-recommends \
+ build-essential \
+ curl \
+ gcc \
+ git \
+ libargon2-0-dev \
+ libcrack2-dev \
+ libgcrypt20-dev \
+ libidn11-dev \
+ libldap2-dev \
+ libpasswdqc-dev \
+ libpcre3-dev \
+ libqrencode-dev \
+ libsodium-dev \
+ libssl-dev \
+ # EOF
+
+ - name: Download Coverity Scan
+ env:
+ COVERITY_SCAN_PROJECT: ${{ secrets.COVERITY_SCAN_PROJECT }}
+ COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ run: |
+ mkdir -p "${HOME}/utils"
+ curl \
+ --form "project=${COVERITY_SCAN_PROJECT}" \
+ --form "token=${COVERITY_SCAN_TOKEN}" \
+ 'https://scan.coverity.com/download/cxx/linux64' | tar -C "${HOME}/utils/" -xz
+
+ - name: Run Coverity Scan
+ run: |
+ export PATH="${PATH}:$(find "${HOME}/utils/" -mindepth 1 -maxdepth 1 -type d -name 'cov-analysis-*')/bin"
+ hash -r
+ which cov-build
+ echo -n $(git rev-parse --short=20 HEAD) > /tmp/version.txt
+ ./configure \
+ --prefix="${HOME}/atheme-build" \
+ --disable-heap-allocator \
+ --enable-contrib \
+ --without-libmowgli \
+ --with-digest-api-frontend=internal \
+ --with-rng-api-frontend=internal
+ cov-build --dir cov-int make
+ tar czf /tmp/cov-int.tgz cov-int/
+
+ - name: Submit scan results
+ env:
+ COVERITY_SCAN_PROJECT: ${{ secrets.COVERITY_SCAN_PROJECT }}
+ COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ run: |
+ curl \
+ --form 'description=GitHub Actions Job (Master Branch)' \
+ --form 'email=coverity-scan@atheme.org' \
+ --form 'file=@/tmp/cov-int.tgz' \
+ --form "project=${COVERITY_SCAN_PROJECT}" \
+ --form "token=${COVERITY_SCAN_TOKEN}" \
+ --form 'version=</tmp/version.txt' \
+ 'https://scan.coverity.com/builds'