.github/workflows/coverity.yml

---
name: Static analysis with Coverity

on:
  workflow_run: # to allow coverity to be run for forked branches, run this on the head branch but checkout the original head
    workflows:
      - dispatch_coverity
    types:
      - completed
  schedule:
    - cron: '0 0 15 * *' # request run on the 15. of every month
  release:
    types: [ created ]

jobs:
  coverityscan:
    name: Static analysis with Coverity
    runs-on: ubuntu-18.04
    environment: coverity # environment needs to be manually triggered only use on demand
    steps:
      - name: Checkout branch on that the Coverity scan was dispatched
        uses: actions/checkout@v2
        if: ${{ github.event_name == 'workflow_run' }}
        with:
          ref: ${{ github.event.workflow_run.head_branch }}
          fetch-depth: 25
      - uses: actions/checkout@v2
        if: ${{ github.event_name != 'workflow_run' }}
        with:
          fetch-depth: 25
      - id: version
        uses: ./.github/actions/get-version
        with:
          versionPattern: '${{ env.JAVA_REFERENCE_VERSION }}.[0-9]*.[0-9]*'
      - name: Cache the Maven packages to speed up build
        uses: actions/cache@v1
        with:
          path: ~/.m2
          key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
          restore-keys: ${{ runner.os }}-m2
      - name: Set up JDK11
        uses: actions/setup-java@v2.1.0
        with:
          java-version: 11
          distribution: 'adopt'
      - name: Download Coverity Build Tool
        run: |
          wget -q https://scan.coverity.com/download/java/Linux --post-data "token=$TOKEN&project=fair-acc/opencmw-java" -O cov-analysis-linux64.tar.gz
          mkdir cov-analysis-linux64
          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
        env:
          TOKEN: ${{ secrets.COVERITY_TOKEN }}
      - name: Build with cov-build
        run: |
          export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
          cov-build --dir cov-int mvn clean compile --batch-mode -Drevision=${REVISION} -Dsha1=${SHA1} -Dchangelist=${CHANGELIST}
        env:
          REVISION: ${{ steps.version.outputs.revision }}
          SHA1: ${{ steps.version.outputs.sha1 }}
          CHANGELIST: ${{ steps.version.outputs.changelist }}
      - name: Submit the result to Coverity Scan
        run: |
          tar czvf fair-acc-opencmw-java.tgz cov-int
          curl -sS \
            --form project=fair-acc/opencmw-java \
            --form token=$TOKEN \
            --form email=${COVERITY_EMAIL} \
            --form file=@fair-acc-opencmw-java.tgz \
            --form version=${{ github.ref }}\
            --form description="Description" \
            https://scan.coverity.com/builds?project=fair-acc/opencmw-java
        env:
          TOKEN: ${{ secrets.COVERITY_TOKEN }}
          COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}

...