Re: [PATCH] CI: Don't run Coverity on forks

[Roger Pau Monné <roger.pau@xxxxxxxxxx>]

On Mon, Mar 21, 2022 at 01:58:28PM +0000, Andrew Cooper wrote:
> By default, workflows run in all forks, but the Coverity token is specific to
> us, causing all other runs to fail.
> 
> Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Acked-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>

Albeit I have a suggestion to make this more useful I think

> ---
> CC: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> CC: George Dunlap <George.Dunlap@xxxxxxxxxxxxx>
> CC: Jan Beulich <JBeulich@xxxxxxxx>
> CC: Stefano Stabellini <sstabellini@xxxxxxxxxx>
> CC: Wei Liu <wl@xxxxxxx>
> CC: Julien Grall <julien@xxxxxxx>
> ---
>  .github/workflows/coverity.yml | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> index 427fb86f947f..f613f9ed3652 100644
> --- a/.github/workflows/coverity.yml
> +++ b/.github/workflows/coverity.yml
> @@ -8,6 +8,7 @@ on:
>  
>  jobs:
>    coverity:
> +    if: github.repository_owner == 'xen-project'

Since I don't know anything else similar, why not make this a secret,
ie: ${{ secrets.RUN_COVERITY_SCAN }}? So that people could decide to
enable coverity on their own repos if desired.

We would also need to introduce a ${{ secrets.COVERITY_SCAN_PROJECT }}

To allow setting a different project name.

Thanks, Roger.