From 10b95454c5eddf37343f9b6b1c4540962b8885df Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstephen@redhat.com>
Date: Thu, 14 Nov 2024 14:53:06 -0500
Subject: [PATCH] ci: Add workflow for 'coverity' label in PRs

---
 .github/workflows/coverity.yml | 29 +++++++++++++++++++++++++++--
 1 file changed, 27 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 28b6e7b7f91..329ad13d24d 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -1,15 +1,40 @@
 name: Coverity scan
 on:
-  # run once daily at 00:30 UTC due to
+  # coverity_daily job runs once daily at 00:30 UTC due to
   # https://scan.coverity.com/faq#frequency
   schedule:
     - cron: "30 0 * * *"
+  # coverity_label job triggers if PR has 'coverity' label set.
+  # This job likely cannot be re-run on the same day or we will
+  # hit the build submission limit (see above link)
+  pull_request_target:
+    branches: [master]
   workflow_dispatch:
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 jobs:
-  coverity:
+  coverity_daily:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+
+    - name: Install dependencies
+      uses: ./.github/actions/install-dependencies
+
+    - name: Configure
+      uses: ./.github/actions/configure
+
+    - name: Execute and submit coverity scan
+      uses: vapier/coverity-scan-action@v1.8.0
+      with:
+        email: "sssd-maint@redhat.com"
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        working-directory: x86_64
+
+  coverity_label:
+    if: ${{ github.event.label.name == 'coverity' && github.event_name == 'pull_request' }}
     runs-on: ubuntu-latest
     steps:
     - name: Checkout repository