add recommendation from the coverity people

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 8dc8b2089b55b6301d456e34a7ba89577135c198..e96c38214ffbc0f9e5a90d2799392149aaa65d67 100644 (file)
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -65,6 +65,74 @@ jobs:
         run: |
           export PATH=`pwd`/coverity_tool/bin:$PATH
           ./configure -with-rlm-python-bin=/usr/bin/python2.7
+         name: Coverity
+
+on:
+  push:
+    branches:
+      - coverity_scan
+  schedule:
+    - cron: '0 20 * * *'
+
+jobs:
+  coverity:
+    runs-on: ubuntu-20.04
+    if: github.repository_owner == 'FreeRADIUS' || github.ref == 'refs/heads/coverity_scan'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Package manager performance improvements
+        run: |
+          sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup'
+          echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections
+          sudo dpkg-reconfigure man-db
+          sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf
+          sudo apt-get update
+
+      - name: Install build dependencies
+        run: |
+          sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt
+          debian/rules debian/control
+          sudo mk-build-deps -irt"apt-get -y --no-install-recommends" debian/control
+          sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control
+
+      - name: Download coverity tool MD5
+        run: |
+          wget https://scan.coverity.com/download/linux64 \
+            --post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server&md5=1" \
+            -O coverity_tool.tar.gz.md5
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
+
+      - name: Cache coverity tool
+        uses: actions/cache@v2
+        id: cache-coverity
+        with:
+          path: coverity_tool.tar.gz
+          key: coverity-tool-cache-${{ hashFiles('coverity_tool.tar.gz.md5') }}
+
+      - name: Download coverity tool
+        if: steps.cache-coverity.outputs.cache-hit != 'true'
+        run: |
+          wget https://scan.coverity.com/download/linux64 \
+            --post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server" \
+            -O coverity_tool.tar.gz
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
+
+      - name: Extract coverity tool
+        run: |
+          mkdir coverity_tool
+          tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+
+      - name: Build with Coverity
+        run: |
+          export PATH=`pwd`/coverity_tool/bin:$PATH
+          ./configure -with-rlm-python-bin=/usr/bin/python2.7
+         cov-configure --config coverity.xml --comptype gcc --compiler cc1 --template
           cov-build --dir cov-int make
 
       - name: Display build result