Coverity Scan #76

	name: Coverity Scan

	on:
	workflow_dispatch:
	schedule:
	- cron: '21 0 * * *'

	jobs:

	secrets:
	name: Secrets check
	runs-on: ubuntu-latest
	env:
	COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
	outputs:
	present: ${{ steps.check.outputs.present }}
	steps:

	- name: Check secret presence
	id: check
	if: env.COVERITY_SCAN_TOKEN
	run: \|
	echo "present=true" >> $GITHUB_OUTPUT

	submit:
	name: Submit
	runs-on: ubuntu-latest
	needs: secrets
	if: needs.secrets.outputs.present
	steps:

	- name: Check out code
	uses: actions/checkout@v4

	- name: Install packages
	run: \|
	sudo apt update
	sudo apt install -y -o Acquire::Retries=50 \
	pesign gcab gcc-aarch64-linux-gnu

	- name: Download Coverity Scan
	run: \|
	curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
	--form project=${{ github.repository }} \
	--output coverity.tar.gz \
	https://scan.coverity.com/download/cxx/linux64
	mkdir -p /opt/coverity
	sudo tar xvzf coverity.tar.gz --strip 1 --directory /opt/coverity

	- name: Build via Coverity Scan
	working-directory: src
	run: \|
	/opt/coverity/bin/cov-build --dir cov-int \
	make

	- name: Create submission
	working-directory: src
	run : \|
	tar cvzf cov-int.tar.gz cov-int

	- name: Submit to Coverity Scan
	working-directory: src
	run: \|
	curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
	--form email=${{ secrets.COVERITY_SCAN_EMAIL }} \
	--form file=@cov-int.tar.gz \
	--form version=${{ github.sha }} \
	--form description=${{ github.ref }} \
	https://scan.coverity.com/builds?project=${{ github.repository }}

Provide feedback