Merge coverity changes to main (#151)

Use better coverity api

.github/workflows/coverity.yml

@@ -6,6 +6,7 @@ jobs:
   verify:
     name: Verify Code
     runs-on: ubuntu-latest
+    if: ${{ startsWith(github.repository, 'teragrep/') }}
 
     env:
       COVERITY: coverity_tool
@@ -26,6 +27,12 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
+      - name: Install jq
+        run: sudo apt-get update && sudo apt-get install jq
+
+      - name: Get version
+        run: printf "RELEASE_VERSION=%q\n" "$(git describe --tags)" >> $GITHUB_ENV
+
       - name: Initialize MariaDB
         env:
           MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
@@ -55,8 +62,13 @@ jobs:
           server-id: github
           settings-path: ${{ github.workspace }}
 
-      - name: Get version
-        run: echo "RELEASE_VERSION=$(git describe --tags)" >> $GITHUB_ENV
+      - name: Cache local Maven repository
+        uses: actions/cache@v4
+        with:
+          path: ~/.m2/repository
+          key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
+          restore-keys: |
+            ${{ runner.os }}-maven-
 
       - name: Generate sources
         run: mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= generate-sources
@@ -68,27 +80,65 @@ jobs:
         run: bash add_headers_to_generated.sh
 
       - name: Test run
-        run: mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify
+        run: mvn -DskipTests -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify
         env:
           MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
           GITHUB_TOKEN: ${{ github.token }}
 
-      - name: Download Coverity
+      - name: Download Coverity distribution md5sum for cache key
+        run: wget https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}&md5=1" -O coverity_tool.md5
+
+      - name: Cache pull Coverity distribution, extracted
+        id: cache-pull-coverity-distribution
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COVERITY }}
+          key: ${{ runner.os }}-coverity-${{ hashFiles('coverity_tool.md5') }}
+
+      - name: Download and extract Coverity distribution if cache-miss
+        if: steps.cache-pull-coverity-distribution.outputs.cache-hit != 'true'
         run: |
-          wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=pth_06" -O ${{ env.COVERITY }}.tgz
+          wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}" -O ${{ env.COVERITY }}.tgz
           mkdir -p ${{ env.COVERITY }}
-          tar zxvf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
+          tar zxf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
+
+      - name: Wait for Coverity analysis slot
+        run: |
+          while true; do
+            curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o response;
+
+            if grep -q 'build submission quota' response; then
+              cat response
+              echo 'Giving up, submission quota met'
+              exit 1
+            fi;
+
+            if grep -q 'already in the queue' response; then
+              cat response
+              echo 'Waiting for 15 seconds and retrying'
+              sleep 15
+            else
+              break
+            fi
+          done
 
       - name: Compile Coverity
         run: |
-           ${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean compile
-           tar czvf pth_06.tgz cov-int
+           ${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -DskipTests -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean compile
+           tar czvf ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz cov-int
+
+      - name: Prepare response url
+        run: printf "RESPONSE_URL=%q\n" "$(jq -r '.url' response)" >> $GITHUB_ENV
 
       - name: Upload to Coverity
         run: |
-            curl --silent --form token=${{ secrets.COVERITY_TOKEN }} \
-            --form email=${{ secrets.COVERITY_EMAIL }}  \
-            --form file=@pth_06.tgz \
-            --form version="${GITHUB_REF##*/}" \
-            --form description="automated upload" \
-            https://scan.coverity.com/builds?project=pth_06
+          curl -X PUT --header 'Content-Type: application/json' --upload-file ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz ${{ env.RESPONSE_URL }}
+
+      - name: Prepare build id
+        run: printf "COVERITY_BUILD_ID=%q\n" "$(jq -r '.build_id' response)" >> $GITHUB_ENV
+
+      - name: Build Coverity Submit URL
+        run: printf 'COVERITY_SUBMIT_URL=%q/%s/builds/%s/enqueue' "https://scan.coverity.com/projects" "${{ vars.COVERITY_PROJECT_URL_ID }}" "${{ env.COVERITY_BUILD_ID }}" >> $GITHUB_ENV
+
+      - name: Trigger Coverity analysis
+        run: curl -X PUT -d token=${{ secrets.COVERITY_TOKEN }} ${{ env.COVERITY_SUBMIT_URL }}