futriix/.github/workflows/coverity.yml

# Creates and uploads a Coverity build on a schedule
name: Coverity Scan
on:
  schedule:
    # Run once daily, since below 500k LOC can have 21 builds per week, per https://scan.coverity.com/faq#frequency
    - cron: '0 1 * * *'
  # Support manual execution
  workflow_dispatch:

concurrency:
  group: coverity-${{ github.head_ref || github.ref }}
  cancel-in-progress: true

permissions:
  contents: read

jobs:
  coverity:
    if: github.repository == 'valkey-io/valkey'
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
      - name: Download and extract the Coverity Build Tool
        run: |
          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=valkey-io%2Fvalkey" -O cov-analysis-linux64.tar.gz
          mkdir cov-analysis-linux64
          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
      - name: Install Valkey dependencies
        run: sudo apt install -y gcc procps libssl-dev
      - name: Build with cov-build
        run: cov-analysis-linux64/bin/cov-build --dir cov-int make
      - name: Upload the result
        run: |
          tar czvf cov-int.tgz cov-int
          curl \
            --form email=${{ secrets.COVERITY_SCAN_EMAIL }} \
            --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
            --form file=@cov-int.tgz \
            https://scan.coverity.com/builds?project=valkey-io%2Fvalkey