# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

name: Static Analysis

#Run once a day
on:
  schedule:
    - cron:  '20 0 * * *'

permissions:
  contents: read

jobs:
  coverity:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: tool download
      run: |
        wget https://scan.coverity.com/download/linux64 \
             --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
             --progress=dot:giga -O coverity_tool.tgz
    - name: config
      run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
    - name: config dump
      run: ./configdata.pm --dump
    - name: tool install
      run: tar xzf coverity_tool.tgz
    - name: make
      run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
    - name: archive
      run: tar czvf openssl.tgz cov-int
    - name: Coverity upload
      run: |
        curl --form token="${{ secrets.COVERITY_TOKEN }}" \
             --form email=openssl-commits@openssl.org \
             --form file=@openssl.tgz \
             --form version="`date -u -I` `git rev-parse --short HEAD`" \
             --form description="analysis of `git branch --show-current`" \
             https://scan.coverity.com/builds?project=openssl%2Fopenssl