space-game001/thirdparty/libzip-1.11.3/.github/workflows/coverity.yml

name: Coverity

on:
  schedule:
    - cron: '0 3 * * 1'
      # Mondays at 03:00
  workflow_dispatch:

jobs:
  build:
    name: Coverity
    runs-on: ubuntu-latest
    environment: coverity

    env:
      TOKEN: ${{ secrets.COVERITY_TOKEN }}
      PROJECT: libzip
      SHORT_PROJECT: libzip
      EMAIL: wiz@gatalith.at
      COV_TOOLS: cov-tools
      COV_RESULTS: cov-int

    steps:
    - name: Check Secret
      run: |
        [ -n "${{ secrets.COVERITY_TOKEN }}" ]        

    - name: Checkout Code
      uses: actions/checkout@v4

    - name: Install Dependencies
      run: |
        sudo apt-get install libzstd-dev        

    - name: Configure
      run: |
        cmake -E make_directory ${{runner.workspace}}/build
        cmake ${{ matrix.cmake_extra }} ${{github.workspace}}        

    - name: Download Coverity
      run: |
        wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=$PROJECT" -O "$COV_TOOLS.tar.gz"
        mkdir "$COV_TOOLS"
        tar xzf "$COV_TOOLS.tar.gz" --strip 1 -C "$COV_TOOLS"
        ls -l "$COV_TOOLS"        

    - name: Build with Coverity
      run: |
        export PATH="$(pwd)/$COV_TOOLS/bin:$PATH"
        cov-build --dir $COV_RESULTS make -j ${{steps.cpu-cores.outputs.count}}
        # Filter out private info
        sed -E -i 's/TOKEN=([-_A-Za-z0-9]+)/TOKEN=XXX/g' cov-int/build-log.txt        

    - name: Upload build log
      uses: actions/upload-artifact@v4
      with:
        name: build-log
        path: cov-int/build-log.txt
        retention-days: 10

    - name: Submit Results
      run: |
        tar -czf $SHORT_PROJECT.tgz $COV_RESULTS
        ls -lh $SHORT_PROJECT.tgz
        git config --global --add safe.directory "$GITHUB_WORKSPACE"
        GIT_HASH="$(git rev-parse --short HEAD)"
        echo "HASH: $GIT_HASH"
        GIT_DESC="$(git log -n1 --format="%s" $GIT_HASH)"
        echo "DESC: $GIT_DESC"
        curl --fail --output curl.log \
          --form token=$TOKEN \
          --form email=$EMAIL \
          --form file=@$SHORT_PROJECT.tgz \
          --form version="$GIT_HASH" \
          --form description="$GIT_DESC" \
          https://scan.coverity.com/builds?project=$PROJECT
        # If we go over quota, alert the user
        cat curl.log
        grep -qv "quota.*reached" curl.log || false