Details at: https://scan.coverity.com/dashboard
The Coverity software (Roughly 1.5GB worth unpacked from a tarball)
can only be downloaded from an authentication web sessions, so I've
uploaded it to my Google drive and use 'gdown' to pull it inside
the workflow. This sounds ugly, but it's not too bad: Coverity last
updated their software nine months ago, so this will be a once-a-year
change, maybe twice.
The Google drive ID, SHA256 checksum, and other specifics are all
variables at the top YAML, so they're easy to adjust when Coverity
makes their next update. The download, extraction, and sha256
verification are all done in parallel via pipes, and extracting to
/dev/shm. It should be pretty quick. Edit: it is; 4 seconds.
To keep the tarball small, I remove unecessary bits (but this is
optional), before tar & zstd compressing it:
``` bash
rm -rf closure-compiler jars jdk11 jre node support-angularjs
cd bin
rm *java* *js* *php* *python* *ruby*
```
cbdd1f3382