name: coverity-linux

on: [push, pull_request]

permissions:
  contents: read

jobs:
  coverity_scan:
    if: github.event_name == 'pull_request'
    runs-on: ubuntu-latest
    name: Coverity Scan
    steps:
      - uses: actions/checkout@v4

      - name: Install dependencies
        run: |
          sudo apt-get update
          sudo apt-get install -y curl build-essential cmake pkg-config libsystemd-dev

      - name: Download Coverity Tool
        run: |
          curl -s -L --output coverity_tool.tgz "https://scan.coverity.com/download/linux64?token=${{ secrets.COVERITY_TOKEN }}&project=gabime%2Fspdlog"
          mkdir coverity_tool
          tar -C coverity_tool --strip-components=1 -xf coverity_tool.tgz
          echo "$PWD/coverity_tool/bin" >> $GITHUB_PATH

      - name: Build with Coverity
        run: |
          mkdir build && cd build
          cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_CXX_STANDARD=17
          cd ..
          cov-build --dir cov-int make -C build -j4

      - name: Submit results to Coverity
        run: |
          tar czf cov-int.tgz cov-int
          curl --form token="${{ secrets.COVERITY_TOKEN }}" \
               --form file=@cov-int.tgz \
               --form version="GitHub PR #${{ github.event.pull_request.number }}" \
               --form description="CI run for PR" \
               https://scan.coverity.com/builds?project=gabime%2Fspdlog