1# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
2#
3# Licensed under the Apache License 2.0 (the "License").  You may not use
4# this file except in compliance with the License.  You can obtain a copy
5# in the file LICENSE in the source distribution or at
6# https://www.openssl.org/source/license.html
7
8name: Static Analysis
9
10#Run once a day
11on:
12  schedule:
13    - cron:  '20 0 * * *'
14
15permissions:
16  contents: read
17
18jobs:
19  coverity:
20    runs-on: ubuntu-latest
21    steps:
22    - uses: actions/checkout@v4
23    - name: tool download
24      run: |
25        wget https://scan.coverity.com/download/linux64 \
26             --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
27             --progress=dot:giga -O coverity_tool.tgz
28    - name: config
29      run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
30    - name: config dump
31      run: ./configdata.pm --dump
32    - name: tool install
33      run: tar xzf coverity_tool.tgz
34    - name: make
35      run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
36    - name: archive
37      run: tar czvf openssl.tgz cov-int
38    - name: Coverity upload
39      run: |
40        curl --form token="${{ secrets.COVERITY_TOKEN }}" \
41             --form email=openssl-commits@openssl.org \
42             --form file=@openssl.tgz \
43             --form version="`date -u -I` `git rev-parse --short HEAD`" \
44             --form description="analysis of `git branch --show-current`" \
45             https://scan.coverity.com/builds?project=openssl%2Fopenssl
46