add static analysis workflow for on-premise Coverity Connect

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/24534)

diff --git a/.github/workflows/static-analysis-on-prem.yml b/.github/workflows/static-analysis-on-prem.yml
new file mode 100644 (file)
index 0000000..4c920fc
--- /dev/null
+++ b/.github/workflows/static-analysis-on-prem.yml
@@ -0,0 +1,39 @@
+# Copyright 2021-2024 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License").  You may not use
+# this file except in compliance with the License.  You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+name: Static Analysis On Prem
+
+on:
+  schedule:
+    - cron:  '20 0 * * *'
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+jobs:
+  coverity-analysis:
+    runs-on: ubuntu-latest
+    container: quay.io/openssl-ci/coverity-analysis:2024.3.1
+    steps:
+    - name: Put license
+      run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat
+    - name: Put auth key file
+      run: |
+        echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt
+        chmod 0600 /auth_key_file.txt
+    - uses: actions/checkout@v4
+    - name: Config
+      run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
+    - name: Config dump
+      run: ./configdata.pm --dump
+    - name: Make
+      run: cov-build --dir cov-int make -s -j4
+    - name: Analyze
+      run: cov-analyze --dir cov-int --strip-path $(pwd)
+    - name: Commit defects
+      run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt