neovim/.github/workflows/coverity.yml

name: coverity
on:
  schedule:
    - cron: '10 0 * * *'  # Run every day at 00:10
  workflow_dispatch:

permissions:
  contents: read

jobs:
  scan:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v6.0.2
        with:
          persist-credentials: false

      - uses: ./.github/actions/setup

      - name: Download Coverity
        run: |
          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=neovim%2Fneovim" -O coverity_tool.tgz
          mkdir cov-scan
          tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}

      - name: Build dependencies
        run: make deps

      - name: Build/scan neovim
        run: |
          env PATH=$(pwd)/cov-scan/bin:$PATH cov-build --dir cov-int make

      - name: Submit results
        run: |
          tar zcf cov-scan.tgz cov-int
          curl --form token=$TOKEN \
            --form email=$EMAIL \
            --form file=@cov-scan.tgz \
            --form version="$(git rev-parse HEAD)" \
            --form description="Daily GHA scan" \
            'https://scan.coverity.com/builds?project=neovim%2Fneovim'
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
          EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}