From: Michael Brown <mcb30@ipxe.org>
Date: Fri, 13 Feb 2026 23:37:46 +0000 (+0000)
Subject: [ci] Schedule Coverity Scan run via GitHub Actions
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1d23d5a037a6c63c48f4c41940376e97ff01d346;p=thirdparty%2Fipxe.git

[ci] Schedule Coverity Scan run via GitHub Actions

Trigger the daily Coverity Scan submission via a GitHub Actions
schedule (or via a manual workflow run), rather than relying on an
external process pushing to the "coverity_scan" branch.

Since the scheduled workflow will run even on forks of the repository,
add a check to cause the submission to be skipped if the relevant
secret is not configured.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
---

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index a7024142b..b16051e61 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -1,17 +1,37 @@
 name: Coverity Scan
 
 on:
-  push:
-    branches:
-      - coverity_scan
+  workflow_dispatch:
+  schedule:
+    - cron: '42 0 * * *'
 
 jobs:
+
+  secrets:
+    name: Secrets check
+    runs-on: ubuntu-latest
+    env:
+      COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+    outputs:
+      present: ${{ steps.check.outputs.present }}
+    steps:
+
+      - name: Check secret presence
+        id: check
+        if: env.COVERITY_SCAN_TOKEN
+        run: |
+          echo "present=true" >> $GITHUB_OUTPUT
+
   submit:
     name: Submit
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
+    needs: secrets
+    if: needs.secrets.outputs.present
     steps:
+
       - name: Check out code
         uses: actions/checkout@v4
+
       - name: Download Coverity Scan
         run: |
           curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
@@ -20,13 +40,16 @@ jobs:
                https://scan.coverity.com/download/cxx/linux64
           mkdir -p /opt/coverity
           sudo tar xvzf coverity.tar.gz --strip 1 --directory /opt/coverity
+
       - name: Build via Coverity Scan
         run: |
           make -C src bin/deps
           /opt/coverity/bin/cov-build --dir cov-int make -C src bin/blib.a
+
       - name: Create submission
         run : |
           tar cvzf cov-int.tar.gz cov-int
+
       - name: Submit to Coverity Scan
         run: |
           curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \