add coverity support for github actions

[jeking3]

This change adds Coverity Scan integration.
It requires two GitHub Secrets in your repository.

I created a Coverity Scan project for boost-ci so we can test this is isolation.
I added GitHub Secrets COVERITY_SCAN_NOTIFICATION_EMAIL and COVERITY_SCAN_TOKEN to the repo.

Note that there is no way to disable a matrix run at the job level (easily). I configured it so coverity does not run on pull requests, only on pushes into develop, master, and feature/* branches by default. Therefore, in the checks for this pull request you will see a Coverity job that completes, but it does not submit anything as the Coverity step is skipped in pull requests. I also pushed a feature branch called feature/coverity, which does push results. Here's the fully enabled job in that branch push: https://github.com/boostorg/boost-ci/runs/5013565237?check_suite_focus=true, and here's a link to Coverity where it uploaded: https://scan.coverity.com/projects/boostorg-boost-ci?tab=overview

To eliminate the coverity job on pull requests I would have to copy most of the posix job steps into their own coverity job, and I figured that level of step code duplication without GHA support for YAML anchors would be less than awesome. So this is the best compromise.

I also did more work to allow ccache to be fully disabled; this is important because I could not get coverity to work correctly with ccache running before the compiler (I tried at least 20 times with different options and whatnot).

[codecov]

Codecov Report

Merging #128 (c53cae1) into master (39c21a0) will not change coverage.
The diff coverage is n/a.

❗ Current head c53cae1 differs from pull request most recent head df147c7. Consider uploading reports for the commit df147c7 to get more accurate results

@@            Coverage Diff            @@
##            master      #128   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           16        16           
  Branches         7         7           
=========================================
  Hits            16        16           

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 39c21a0...df147c7. Read the comment docs.

[Flamefire]

A few comments.
BTW: Where is the yamllint used actually? Should we have a boost-ci exclusive job running that?

Also good idea about the if: env.B2_USE_CCACHE condition for the cache action. Missed that.

[jeking3]

You will see a number of force pushes to this PR so I can test the changes.

[jeking3]

I used yamllint to make sure the ci.yml file was okay structurally. We could have a CI job for it if we want but I did not add it.

[jeking3]

I'm using a separate branch to prove out changes so this doesn't keep running CI.

[jeking3]

@Flamefire got this passing with uuid again, I think I addressed concerns. Let me know!

[Flamefire]

Sorry forgot to submit the review.
A few minor things, check what you like to do.

[jeking3]

I simplified the changes. The feature branch push resulted in a Coverity Scan upload:

https://scan.coverity.com/projects/boostorg-boost-ci?tab=overview

I could not get a job to be skipped from a matrix input. The if statement at the job level cannot see the matrix object. So this is the best we're going to have for now.

[jeking3]

@Flamefire ready for another review

[Flamefire]

Thanks! Almost done. Found 2 remaining issues (1 only stylistic) and added my thoughts to the coverity-not-skip-issue.