From 616e37b8bace9045d596295b843953ed9a86196b Mon Sep 17 00:00:00 2001
From: Strongest Number 9 <16169054+StrongestNumber9@users.noreply.github.com>
Date: Thu, 26 Jan 2023 17:31:05 +0200
Subject: [PATCH] Adds coverity, makes maven-publish only on releases (#2)

Adds coverity, makes maven-publish only on releases
---
 .github/workflows/coverity.yml      | 67 +++++++++++++++++++++++++++++
 .github/workflows/maven-publish.yml |  3 +-
 2 files changed, 69 insertions(+), 1 deletion(-)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..05c1355
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,67 @@
+name: Coverity Scan
+
+on:
+  pull_request_review:
+    types: [submitted]
+    secrets:
+      COVERITY_TOKEN:
+        required: true
+      COVERITY_EMAIL:
+        required: true
+
+jobs:
+  verify:
+    name: Verify Code
+    runs-on: ubuntu-latest
+
+    env:
+      COVERITY: coverity_tool
+
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          fetch-depth: 0
+
+      - name: Set up JDK 8
+        uses: actions/setup-java@v3
+        with:
+          java-version: '8'
+          distribution: 'temurin'
+          server-id: github
+          settings-path: ${{ github.workspace }}
+
+      - name: Get version
+        run: echo "RELEASE_VERSION=$(git describe --tags)" >> $GITHUB_ENV
+
+      - name: Test run
+        run: mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify -s ${{ github.workspace }}/settings.xml
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
+
+      - name: Cache Coverity
+        id: cache_coverity
+        uses: actions/cache@v2
+        with:
+          path: ${{ env.COVERITY }}
+          key: coverity
+
+      - name: Download Coverity
+        if: steps.cache_coverity.outputs.cache-hit != 'true'
+        run: |
+          wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=blf_01" -O ${{ env.COVERITY }}.tgz
+          mkdir -p ${{ env.COVERITY }}
+          tar zxvf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
+
+      - name: Compile Coverity
+        run: |
+           ${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean compile -s ${{ github.workspace }}/settings.xml
+           tar czvf blf_01.tgz cov-int
+
+      - name: Upload to Coverity
+        run: |
+            curl --silent --form token=${{ secrets.COVERITY_TOKEN }} \
+            --form email=${{ secrets.COVERITY_EMAIL }}  \
+            --form file=@blf_01.tgz \
+            --form version="${GITHUB_REF##*/}" \
+            --form description="automated upload" \
+            https://scan.coverity.com/builds?project=blf_01
diff --git a/.github/workflows/maven-publish.yml b/.github/workflows/maven-publish.yml
index 8fb787b..7228d7a 100644
--- a/.github/workflows/maven-publish.yml
+++ b/.github/workflows/maven-publish.yml
@@ -1,7 +1,8 @@
 name: Maven Package
 
 on:
-  push:
+  release:
+    types: [published]
 
 jobs:
   build: