From: Alan T. DeKok <aland@freeradius.org>
Date: Thu, 25 Nov 2021 15:43:02 +0000 (-0500)
Subject: add recommendation from the coverity people
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5d2149b16656b9ed2fe29de33aef598b2526049;p=thirdparty%2Ffreeradius-server.git

add recommendation from the coverity people
---

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 8dc8b2089b5..e96c38214ff 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -65,6 +65,74 @@ jobs:
         run: |
           export PATH=`pwd`/coverity_tool/bin:$PATH
           ./configure -with-rlm-python-bin=/usr/bin/python2.7
+	  name: Coverity
+
+on:
+  push:
+    branches:
+      - coverity_scan
+  schedule:
+    - cron: '0 20 * * *'
+
+jobs:
+  coverity:
+    runs-on: ubuntu-20.04
+    if: github.repository_owner == 'FreeRADIUS' || github.ref == 'refs/heads/coverity_scan'
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Package manager performance improvements
+        run: |
+          sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup'
+          echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections
+          sudo dpkg-reconfigure man-db
+          sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf
+          sudo apt-get update
+
+      - name: Install build dependencies
+        run: |
+          sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt
+          debian/rules debian/control
+          sudo mk-build-deps -irt"apt-get -y --no-install-recommends" debian/control
+          sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control
+
+      - name: Download coverity tool MD5
+        run: |
+          wget https://scan.coverity.com/download/linux64 \
+            --post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server&md5=1" \
+            -O coverity_tool.tar.gz.md5
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
+
+      - name: Cache coverity tool
+        uses: actions/cache@v2
+        id: cache-coverity
+        with:
+          path: coverity_tool.tar.gz
+          key: coverity-tool-cache-${{ hashFiles('coverity_tool.tar.gz.md5') }}
+
+      - name: Download coverity tool
+        if: steps.cache-coverity.outputs.cache-hit != 'true'
+        run: |
+          wget https://scan.coverity.com/download/linux64 \
+            --post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server" \
+            -O coverity_tool.tar.gz
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          OWNER: ${{ github.repository_owner }}
+
+      - name: Extract coverity tool
+        run: |
+          mkdir coverity_tool
+          tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+
+      - name: Build with Coverity
+        run: |
+          export PATH=`pwd`/coverity_tool/bin:$PATH
+          ./configure -with-rlm-python-bin=/usr/bin/python2.7
+	  cov-configure --config coverity.xml --comptype gcc --compiler cc1 --template
           cov-build --dir cov-int make
 
       - name: Display build result