name: Coverity Scan
on:
  workflow_dispatch:
  schedule:
    - cron: '0 0 * * 1' # On every Monday at midnight UTC


# Automatically cancel any previous workflow on new push.
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
  cancel-in-progress: true

jobs:
  latest:
    runs-on: ubuntu-latest
    steps:
      - name: Determine current repository
        id: "determine-repo"
        run: echo "repo=${GITHUB_REPOSITORY}" >> $GITHUB_OUTPUT

      - uses: actions/checkout@v4
      - name: Download Coverity Build Tool
        run: |
          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=capstone-next" -O cov-analysis-linux64.tar.gz
          mkdir cov-analysis-linux64
          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
        env:
          TOKEN: ${{ secrets.COVERITY_TOKEN }}
        
      - name: Installing build dependencies
        run: |
           sudo apt-get --assume-yes install cmake

      - name: Setup
        run: |
          cmake . -B build -DCAPSTONE_BUILD_CSTEST=ON

      - name: Build with cov-build
        run: |
          export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
          cov-build --dir cov-int cmake --build build
          tar czvf capstone.tgz cov-int


      - uses: actions/upload-artifact@v4
        with:
          path: capstone.tgz

      - name: Submit the result to Coverity Scan
        run: |
          curl \
            --form token=$TOKEN \
            --form email=capstone.engine@gmail.com \
            --form file=@capstone.tgz \
            --form version=trunk \
            --form description="capstone" \
            https://scan.coverity.com/builds?project=capstone-next
        env:
          TOKEN: ${{ secrets.COVERITY_TOKEN }}
        if: steps.determine-repo.outputs.repo == 'capstone-engine/capstone'