Merge tests: pair of cleanups for the coverity job

Avoid a deprecated feature and reduce YAML complexity.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>

MR: https://gitlab.com/apparmor/apparmor/-/merge_requests/1491
Approved-by: Georgia Garcia <georgia.garcia@canonical.com>
Merged-by: Georgia Garcia <georgia.garcia@canonical.com>

.gitlab-ci.yml

@@ -168,21 +168,10 @@ variables:
   SAST_EXCLUDED_ANALYZERS: "eslint,flawfinder,semgrep,spotbugs"
   SAST_BANDIT_EXCLUDED_PATHS: "*/tst/*, */test/*"
 
-.send-to-coverity: &send-to-coverity
-  - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
-    --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL
-    --form file=@$(ls apparmor-*-cov-int.tar.gz) --form version="$(git describe --tags)"
-    --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
-
 coverity:
   stage: .post
   extends:
     - .ubuntu-before_script
-  only:
-    refs:
-      - master
-    variables:
-      - $CI_PROJECT_PATH == "apparmor/apparmor"
   script:
       - apt-get install --no-install-recommends -y curl git texlive-latex-recommended
       - *install-c-build-deps
@@ -192,7 +181,12 @@ coverity:
       - COV_VERSION=$(ls -dt cov-analysis-linux64-* | head -1)
       - PATH=$PATH:$(pwd)/$COV_VERSION/bin
       - make coverity
-      - *send-to-coverity
+      - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
+        --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL
+        --form file=@$(ls apparmor-*-cov-int.tar.gz) --form version="$(git describe --tags)"
+        --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
   artifacts:
     paths:
       - "apparmor-*.tar.gz"
+  rules:
+    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_PROJECT_PATH == "apparmor/apparmor"