From: Terry Burton <tez@terryburton.co.uk>
Date: Fri, 22 Oct 2021 18:28:30 +0000 (+0100)
Subject: Some coverity workflow fixes (#4288)
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f847d983bdf4f0c563ae51ea411c78381cd5f1f;p=thirdparty%2Ffreeradius-server.git

Some coverity workflow fixes (#4288)

* Don't trigger package builds on push to coverity_scan branch

* Allow out-of-project coverity scans on push to coverity_scan

* Key the cache for the Coverity scan tool based on its MD5
---

diff --git a/.github/workflows/ci-deb.yml b/.github/workflows/ci-deb.yml
index bf6967d03f6..d70c41fa911 100644
--- a/.github/workflows/ci-deb.yml
+++ b/.github/workflows/ci-deb.yml
@@ -2,6 +2,8 @@ name: CI DEB
 
 on:
   push:
+    branches-ignore:
+      - coverity_scan
   schedule:
     - cron: '0 20 * * *'
 
diff --git a/.github/workflows/ci-rpm.yml b/.github/workflows/ci-rpm.yml
index 3ae63c9c93b..1f13238f10e 100644
--- a/.github/workflows/ci-rpm.yml
+++ b/.github/workflows/ci-rpm.yml
@@ -2,6 +2,8 @@ name: CI RPM
 
 on:
   push:
+    branches-ignore:
+      - coverity_scan
   schedule:
     - cron: '0 20 * * *'
 
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 537eec23755..8dc8b2089b5 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -10,7 +10,7 @@ on:
 jobs:
   coverity:
     runs-on: ubuntu-20.04
-    if: github.repository_owner == 'FreeRADIUS'
+    if: github.repository_owner == 'FreeRADIUS' || github.ref == 'refs/heads/coverity_scan'
     steps:
       - name: Checkout
         uses: actions/checkout@v2
@@ -30,21 +30,31 @@ jobs:
           sudo mk-build-deps -irt"apt-get -y --no-install-recommends" debian/control
           sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control
 
+      - name: Download coverity tool MD5
+        run: |
+          wget https://scan.coverity.com/download/linux64 \
+            --post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server&md5=1" \
+            -O coverity_tool.tar.gz.md5
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
+
       - name: Cache coverity tool
         uses: actions/cache@v2
         id: cache-coverity
         with:
-          key: coverity-tool-cache-${{ runner.os }}
           path: coverity_tool.tar.gz
+          key: coverity-tool-cache-${{ hashFiles('coverity_tool.tar.gz.md5') }}
 
       - name: Download coverity tool
         if: steps.cache-coverity.outputs.cache-hit != 'true'
         run: |
           wget https://scan.coverity.com/download/linux64 \
-            --post-data "token=${TOKEN}&project=FreeRADIUS%2Ffreeradius-server" \
+            --post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server" \
             -O coverity_tool.tar.gz
         env:
           TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
 
       - name: Extract coverity tool
         run: |
@@ -70,6 +80,7 @@ jobs:
             --form file=@cov-int.tar.gz \
             --form version="`cat VERSION`" \
             --form description="FreeRADIUS" \
-            https://scan.coverity.com/builds?project=freeradius%2Ffreeradius-server
+            https://scan.coverity.com/builds?project=${OWNER}%2Ffreeradius-server
         env:
           TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          OWNER: ${{ github.repository_owner }}