coverity.yml

name: Coverity build and upload
on:
  push:
    branches:
      - main
permissions:
  contents: read

jobs:
  test:
    runs-on: ubuntu-22.04
    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Download Coverity Build Tool
        run: |
          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=lxc/lxc" -O cov-analysis-linux64.tar.gz
          mkdir cov-analysis-linux64
          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}

      - name: Install dependencies
        run: |
          sudo apt-get update -qq
          sudo apt-get install -qq gcc clang meson
          sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev libselinux1-dev linux-libc-dev libpam0g-dev docbook2x libdbus-1-dev

      - name: Compiler version
        run: |
          gcc --version

      - name: Kernel version
        run: |
          uname -a

      - name: Mount table
        run: |
          findmnt

      - name: Run coverity
        run: |
          # Configure
          export PATH="$(pwd)/cov-analysis-linux64/bin:${PATH}"
          export CFLAGS="-Wall -Werror"
          export LDFLAGS="-pthread -lpthread"

          BUILD="$(pwd)/build"
          meson setup -Dtests=true -Dpam-cgroup=true -Dcoverity-build=true build/

          # Build
          cov-build --dir cov-int ninja -C ${BUILD}
          tar czvf lxc.tgz cov-int

          # Submit the results
          curl \
            --form project=lxc/lxc \
            --form token=${TOKEN} \
            --form email=lxc-devel@lists.linuxcontainers.org \
            --form file=@lxc.tgz \
            --form version=main \
            --form description="${GITHUB_SHA}" \
            https://scan.coverity.com/builds?project=lxc/lxc
        env:
          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}