Coverity #73

	name: Coverity
	on:
	schedule:
	- cron: '42 0 * * *' # Run once per day, to avoid Coverity's submission limits
	workflow_dispatch:

	permissions:
	contents: read # to fetch code (actions/checkout)

	jobs:
	scan:
	runs-on: ubuntu-22.04

	env:
	CC: gcc
	DEBIAN_FRONTEND: noninteractive
	TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}

	steps:
	- name: Checkout code
	if: env.TOKEN
	uses: actions/checkout@v3

	- name: Install dependencies on ubuntu
	run: \|
	sudo apt-get update
	sudo apt-get --reinstall install -y build-essential gcc cmake
	sudo apt-get install -y gzip

	- name: Download coverity
	if: env.TOKEN
	run: \|
	wget -q https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=Hakkadaikon%2Fwebsocket" -O coverity_tool.tgz
	mkdir cov-scan
	tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan

	- name: Install Nix
	uses: DeterminateSystems/nix-installer-action@main
	with:
	github-token: ${{ secrets.GH_TOKEN }}

	- name: Add coverity path
	if: env.TOKEN
	run: \|
	echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH

	- name: Build/scan websocket
	if: env.TOKEN
	run: \|
	cov-build --dir cov-int cmake -S . -B build -DCMAKE_BUILD_TYPE=Debug && cmake --build build

	- name: Submit results
	if: env.TOKEN
	run: \|
	tar zcf cov-scan.tgz cov-int
	curl --form token=$TOKEN \
	--form email=$EMAIL \
	--form file=@cov-scan.tgz \
	--form version="$(git rev-parse HEAD)" \
	--form description="Automatic GHA scan" \
	'https://scan.coverity.com/builds?project=Hakkadaikon%2Fwebsocket'
	env:
	EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}

Provide feedback