initial commit

LICENSE

@@ -0,0 +1,19 @@
+Copyright (c) 2021 Mike Frysinger and contributors
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in
+all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+THE SOFTWARE.

README.md

@@ -0,0 +1,116 @@
+# Coverity Scan Action
+
+**This is not an official Coverity or Synopsys project.**
+
+Make it easy to build your project using
+[Coverity Scan](https://scan.coverity.com/)'s tools, and then upload the results
+to their site for analysis.  This is great for OSS projects.
+
+# Example
+
+```yaml
+# Your .github/workflows/coverity.yml file.
+name: Coverity Scan
+
+# We only want to test official release code, not every pull request.
+on:
+  push:
+    branches: [main]
+
+jobs:
+  coverity:
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        cc: [gcc]
+    runs-on: ${{ matrix.os }}
+    env:
+      CC: ${{ matrix.cc }}
+    steps:
+    - uses: actions/checkout@v2
+    - uses: vapier/coverity-scan-action@v0
+      with:
+        project: gentoo%2Fpax-utils
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+```
+
+Make sure to define `COVERITY_SCAN_TOKEN` in your
+[project's secrets](https://docs.github.com/en/actions/security-guides/encrypted-secrets).
+
+# Usage
+
+```yaml
+- uses: vapier/coverity-scan-action@v0
+  with:
+    # Project name in Coverity Scan.
+    #
+    # Find this in your dashboard:
+    # https://scan.coverity.com/dashboard
+    #
+    # This value is URL encoded, so e.g. replace / with %2F.
+    # A GitHub project like "gentoo/pax-utils" would be "gentoo%2Fpax-utils" here.
+    #
+    # REQUIRED.
+    project: ''
+
+    # Secret project token for accessing this project in Coverity Scan.
+    #
+    # Find this in the project's "Project Settings" tab under "Project token".
+    #
+    # This value should not be specified in the yaml file directly.  Instead it
+    # should be set in your repositories secrets.  "COVERITY_SCAN_TOKEN" is a
+    # common name here.
+    # https://docs.github.com/en/actions/security-guides/encrypted-secrets
+    #
+    # You still have to list ${{ secrets.COVERITY_SCAN_TOKEN }} explicitly as
+    # GitHub Actions are not allowed to access secrets directly.
+    #
+    # REQUIRED.
+    token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+    # Where Coverity Scan should send notifications.
+    #
+    # The Coverity Scan tool requires this be set.
+    #
+    # REQUIRED.
+    email: '[email protected]'
+
+    # Which Coverity Scan language pack to download.
+    #
+    # May be "cxx", "java", "csharp", "javascript", or "other".
+    #
+    # See the Coverity Scan download page for possible values:
+    # https://scan.coverity.com/download
+    # The tab strip along the top lists the languages.
+    #
+    # Default: 'cxx'
+    build_language: 'cxx'
+
+    # Which Coverity Scan platform pack to download.
+    #
+    # See the Coverity Scan download page for possible values:
+    # https://scan.coverity.com/download
+    # The tab strip along the right side lists the platforms.
+    #
+    # Default: 'linux64'
+    build_platform: ''
+
+    # Command to pass to cov-build.
+    #
+    # Default: 'make'
+    command: ''
+
+    # (Informational) The source version being built.
+    #
+    # Default: ${{ github.sha }}
+    version: ''
+
+    # (Informational) A description for this particular build.
+    #
+    # Default: coverity-scan-action ${{ github.repository }} / ${{ github.ref }}
+    description: ''
+```
+
+# License
+
+This project uses the [MIT License](LICENSE).

action.yml

@@ -0,0 +1,73 @@
+# https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
+
+name: Unofficial Coverity Scan
+description: Run Coverity Scan and upload the results.
+
+inputs:
+  project:
+    description: Project name in Coverity Scan.
+    required: true
+
+  token:
+    description: Secret project token for accessing Coverity Scan.
+    required: true
+
+  email:
+    description: Where Coverity Scan should send notifications.
+    required: true
+
+  build_language:
+    description: Which Coverity Scan language pack to download.
+    default: cxx
+
+  build_platform:
+    description: Which Coverity Scan platform pack to download.
+    default: linux64
+
+  command:
+    description: Command to pass to cov-build.
+    default: make
+
+  version:
+    description: (Informational) The source version being built.
+    default: ${{ github.sha }}
+
+  description:
+    description: (Informational) A description for this particular build.
+    default: coverity-scan-action ${{ github.repository }} / ${{ github.ref }}
+
+runs:
+  using: composite
+  steps:
+    - name: Download Coverity Build Tool (${{ inputs.build_language }} / ${{ inputs.build_platform }})
+      run: |
+        wget -nv \
+          --post-data "token=${TOKEN}&project=${{ inputs.project }}" \
+          -O cov-analysis.tar.gz \
+          https://scan.coverity.com/download/${{ inputs.build_language }}/${{ inputs.build_platform }}
+        mkdir cov-analysis
+        tar -xzf cov-analysis.tar.gz --strip 1 -C cov-analysis
+      shell: bash
+      env:
+        TOKEN: ${{ inputs.token }}
+
+    - name: Build with cov-build
+      run: |
+        export PATH="${PWD}/cov-analysis/bin:${PATH}"
+        cov-build --dir cov-int make
+      shell: bash
+
+    - name: Submit results to Coverity Scan
+      run: |
+        tar -czvf cov-int.tgz cov-int
+        curl \
+          --form project="${{ inputs.project }}" \
+          --form token="${TOKEN}" \
+          --form email="${{ inputs.email }}" \
+          --form [email protected] \
+          --form version="${{ inputs.version }}" \
+          --form description="${{ inputs.description }}" \
+          "https://scan.coverity.com/builds?project=${{ inputs.project }}"
+      shell: bash
+      env:
+        TOKEN: ${{ inputs.token }}