Use coverity-scan-action in CI

Simplifies the CI job and adds a cache to avoid downloading the 1GB+ tool archive on every run. See: https://github.com/vapier/coverity-scan-action Only run this job when a commit is pushed to the default branch 2.0 (like when a PR is merged) since the required Coverity token/secret is not available when this job is triggered by forks.
c9s · Oct 16, 2023 · bf1bab9 · bf1bab9
1 parent 91405ad
commit bf1bab9
Showing 1 changed file with 11 additions and 23 deletions.
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -1,33 +1,21 @@
 name: coverity
-on: [push, pull_request]
+on:
+  push:
+    branches: [2.0]
 
 jobs:
   analyze:
     if: github.repository == 'c9s/r3'
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/checkout@v2
-    - name: Download Coverity
-      run: |
-        cd ..
-        wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{secrets.COVERITY_TOKEN}}&project=r3" -O coverity-linux64.tgz
-        mkdir coverity
-        tar xzf coverity-linux64.tgz --strip 1 -C coverity
-        echo "$(pwd)/coverity/bin" >> $GITHUB_PATH
-
-    - name: Build with Coverity
+    - uses: actions/checkout@v3
+    - name: Prepare
       run: |
         ./autogen.sh
-        ./configure --enable-check --enable-debug
-        cov-build --dir cov-int make V=1
-
-    - name: Submit the result to Coverity
-      run: |
-        tar czvf r3.tgz cov-int
-        curl \
-          --form token=${{secrets.COVERITY_TOKEN}} \
-          --form email=yoanlin93+github@gmail.com \
-          --form file=@r3.tgz \
-          --form version=${GITHUB_SHA} \
-          https://scan.coverity.com/builds?project=r3
+        ./configure --enable-check
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        project: r3
+        email: yoanlin93+github@gmail.com
+        token: ${{ secrets.COVERITY_TOKEN }}