From aa11f7371053755311d599144ff88e281cbbf83b Mon Sep 17 00:00:00 2001
From: "Maxim [maxirmx] Samsonov" <m.samsonov@computer.org>
Date: Mon, 30 Oct 2023 21:00:45 +0300
Subject: [PATCH] Coverity workflow refactoring

---
 .github/workflows/coverity.yml | 63 ++++++++++------------------------
 1 file changed, 18 insertions(+), 45 deletions(-)

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 35f1ea5078..3e16728206 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -5,13 +5,6 @@ on:
     # every day at 9:00 UTC
     - cron: '0 9 * * *'
 
-env:
-  CORES: 2
-  BUILD_MODE: normal
-  GPG_VERSION: stable
-  RNP_TESTS: ''
-  USE_STATIC_DEPENDENCIES: yes
-
 jobs:
   scan:
     runs-on: ubuntu-latest
@@ -21,43 +14,23 @@ jobs:
         with:
           fetch-depth: 1
           submodules: true
-      - name: Setup environment
-        run: |
-          . ci/gha/setup-env.inc.sh
-          ci/install_noncacheable_dependencies.sh
-      - name: Cache
-        id: cache
-        uses: actions/cache@v3
-        with:
-          path: ${{ env.CACHE_DIR }}
-          key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }}
-      - name: Build cache
-        if: steps.cache.outputs.cache-hit != 'true'
-        run: |
-          set -x
-          ci/install_cacheable_dependencies.sh botan jsonc
-      - name: Download Coverity
-        env:
-          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
-        run: |
-          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz
-          mkdir cov-analysis-linux64
-          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
-      - name: Build
+
+      - name: Install dependencies
         run: |
-          set -x
-          export PATH="$PWD/cov-analysis-linux64/bin:$PATH"
-          cov-build --dir cov-int ci/main.sh
-      - name: Submit
-        env:
-          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          sudo apt-get -y update
+          sudo apt-get -y install cmake libjson-c-dev libbotan-2-dev asciidoctor
+
+      - name: Configure
         run: |
-          tar czvf results.tgz cov-int
-          curl \
-            --form project=$GITHUB_REPOSITORY \
-            --form token=$TOKEN \
-            --form email=packaging@ribose.com \
-            --form file=@results.tgz \
-            --form version=$GITHUB_REF \
-            --form description=$GITHUB_SHA \
-            https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY
+          echo CORES="$(nproc --all)" >> $GITHUB_ENV
+          cmake -B build   -DBUILD_SHARED_LIBS=ON      \
+                           -DCRYPTO_BACKEND=botan      \
+                           -DDOWNLOAD_GTEST=ON         \
+                           -DCMAKE_BUILD_TYPE=Release  .
+
+      - name: Coverity Scan
+        uses: vapier/coverity-scan-action@v1
+        with:
+          email: packaging@ribose.com
+          token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          command: cmake --build build --parallel $CORES