bus1
ci: submit dbus-broker builds to Coverity automatically
Let's make a full use of Coverity and submit the builds for analysis automatically every midnight. We can't do that for every PR, since there are quite strict rate limits that limit how many builds we can submit per day and per week (see [0]).
The action (and the script) requires two environment variables to be set - $COVERITY_SCAN_TOKEN for authentication (can be found here [1]), and $COVERITY_SCAN_NOTIFICATION_EMAIL for sending the email notification when the build analysis is done. Originally this email used to be set to the email from the latest commit, but since the author of that commit might not even have permissions to see the Coverity report it's best to set it to one of the dbus-broker maintainers.
Resolves: #316
[0] https://scan.coverity.com/faq#frequency [1] https://scan.coverity.com/projects/dbus-broker?tab=project_settings
As mentioned in the commit description (and the GH Actions file), there are two environment variables that need to be configured in the dbus-broker repo for this action to work properly. The configuration can be found under repo settings -> Secrets and variables -> Actions -> Repository secrets:
As for the notification email - this is really up to the maintainers to pick one (feel free to use mine, since that's already the case for other upstream repos). You'll get one email every day with the results of the analysis, and potentially a second one with description of each flaw that was detected if the analysis detected something new.
I gave the action a spin in https://github.com/mrc0mmand/dbus-broker/pull/3 and it seems to work as expected.
/cc @evverx
