coverity #1332

	name: coverity

	on:
	schedule:
	# every day at 9:00 UTC
	- cron: '0 9 * * *'

	env:
	CORES: 2
	BUILD_MODE: normal
	GPG_VERSION: stable
	RNP_TESTS: ''
	USE_STATIC_DEPENDENCIES: yes

	jobs:
	scan:
	runs-on: ubuntu-latest
	timeout-minutes: 20
	steps:
	- uses: actions/checkout@v3
	with:
	fetch-depth: 1
	submodules: true
	- name: Setup environment
	run: \|
	. ci/gha/setup-env.inc.sh
	ci/install_noncacheable_dependencies.sh
	- name: Cache
	id: cache
	uses: actions/cache@v3
	with:
	path: ${{ env.CACHE_DIR }}
	key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/') }}-${{ hashFiles('.github/workflows/') }}
	- name: Build cache
	if: steps.cache.outputs.cache-hit != 'true'
	run: \|
	set -x
	ci/install_cacheable_dependencies.sh botan jsonc
	- name: Download Coverity
	env:
	TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
	run: \|
	wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz
	mkdir cov-analysis-linux64
	tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
	- name: Build
	run: \|
	set -x
	export PATH="$PWD/cov-analysis-linux64/bin:$PATH"
	cov-build --dir cov-int ci/main.sh
	- name: Submit
	env:
	TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
	run: \|
	tar czvf results.tgz cov-int
	curl \
	--form project=$GITHUB_REPOSITORY \
	--form token=$TOKEN \
	--form [email protected] \
	--form [email protected] \
	--form version=$GITHUB_REF \
	--form description=$GITHUB_SHA \
	https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY

Provide feedback