From f05a7fa20808b8ffae7348612ca80d795e348ea0 Mon Sep 17 00:00:00 2001
From: Roger Pau Monne <roger.pau@citrix.com>
Date: Fri, 18 Feb 2022 13:00:41 +0100
Subject: [PATCH] CI: add github workflow to run Coverity scans
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Add a workflow that performs a build like it's done by osstest
Coverity flight and uploads the result to Coverity for analysis. The
build process is exactly the same as the one currently used in
osstest, and it's also run at the same time (bi-weekly).

This has one big benefit over using osstest: we no longer have to care
about keeping the Coverity tools up to date in osstest.

Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>
---
 .github/workflows/coverity.yml | 41 ++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000000..8f7ef4d718
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,41 @@
+name: Coverity Scan
+
+# We only want to test official release code, not every pull request.
+on:
+  schedule:
+    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
+
+jobs:
+  coverity:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install build dependencies
+      run: |
+        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
+          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
+          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
+          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
+          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
+          ocaml-findlib xz-utils libyajl-dev libpixman-1-dev \
+          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
+          libtool libfuse-dev liblzma-dev ninja-build \
+          kpartx python3-dev golang python-dev libsystemd-dev
+
+    - uses: actions/checkout@v2
+      with:
+        ref: staging
+
+    - name: Configure Xen
+      run: |
+        ./configure
+
+    - name: Pre build stuff
+      run: |
+        make -C tools/firmware/etherboot all && make mini-os-dir
+
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        command: make xen tools && make -C extras/mini-os/
+        project: XenProject
+        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
-- 
2.30.2