esp-idf/.gitlab/ci/static-code-analysis.yml

131 wiersze
5.1 KiB
YAML

# pre_check stage
clang_tidy_check:
extends:
- .pre_check_base_template
- .rules:patterns:clang_tidy
image: ${CLANG_STATIC_ANALYSIS_IMAGE}
artifacts:
paths:
- $OUTPUT_DIR
when: always
expire_in: 1 day
variables:
CLANG_TIDY_RUNNER_PROJ: 2107 # idf/clang-tidy-runner
CLANG_TIDY_DIRS_TXT: ${CI_PROJECT_DIR}/tools/ci/clang_tidy_dirs.txt
RULES_FILE: ${CI_PROJECT_DIR}/tools/ci/static-analysis-rules.yml
OUTPUT_DIR: ${CI_PROJECT_DIR}/clang_tidy_reports
script:
- python -m pip install -U pip
- internal_pip_install $CLANG_TIDY_RUNNER_PROJ pyclang
- export PATH=$PATH:$(python -c "import sys; print(sys.executable.rsplit('/', 1)[0])")
- dirs=$(cat ${CLANG_TIDY_DIRS_TXT} | while read line; do echo ${CI_PROJECT_DIR}/${line}; done | xargs)
- run_cmd idf_clang ${dirs}
--output-path ${OUTPUT_DIR}
--limit-file ${RULES_FILE}
--xtensa-include-dir
--run-clang-tidy-py ${RUN_CLANG_TIDY_PY}
check_pylint:
extends:
- .pre_check_base_template
- .rules:patterns:python-files
- .before_script_minimal
image: $SONARQUBE_SCANNER_IMAGE
artifacts:
when: always
paths:
- pylint-report.txt
expire_in: 1 week
script:
- export PYTHONPATH="$IDF_PATH/tools:$IDF_PATH/tools/ci/python_packages:$PYTHONPATH"
- |
if [ -n "$CI_MERGE_REQUEST_IID" ]; then
export files=$(python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py files ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME} | grep ".py");
else
export files=$(find . -iname "*.py" -print);
fi
- pylint --rcfile=.pylintrc $files -r n --output-format=parseable > pylint-report.txt || exit 0
# build stage
# Sonarqube related jobs put here for this reason:
# Here we have two jobs. code_quality_check and code_quality_report.
#
# code_quality_check will analyze the code changes between your MR and
# code repo stored in sonarqube server. The analysis result is only shown in
# the comments under this MR and won't be transferred to the server.
#
# code_quality_report will analyze and transfer both of the newly added code
# and the analysis result to the server.
#
# Put in the front to ensure that the newly merged code can be stored in
# sonarqube server ASAP, in order to avoid reporting unrelated code issues
.sonar_scan_template:
stage: build
image:
name: $SONARQUBE_SCANNER_IMAGE
before_script:
- source tools/ci/utils.sh
- export PYTHONPATH="$CI_PROJECT_DIR/tools:$CI_PROJECT_DIR/tools/ci/python_packages:$PYTHONPATH"
- fetch_submodules
# Exclude the submodules, all paths ends with /**
- submodules=$(get_all_submodules)
# get all exclude paths specified in tools/ci/sonar_exclude_list.txt | ignore lines start with # | xargs | replace all <space> to <comma>
- custom_excludes=$(cat $CI_PROJECT_DIR/tools/ci/sonar_exclude_list.txt | grep -v '^#' | xargs | sed -e 's/ /,/g')
# Exclude the report dir as well
- export EXCLUSIONS="$custom_excludes,$submodules"
- export SONAR_SCANNER_OPTS="-Xmx2048m"
variables:
GIT_DEPTH: 0
REPORT_PATTERN: clang_tidy_reports/*.txt
artifacts:
when: always
paths:
- $REPORT_PATTERN
tags:
- host_test
dependencies: # Here is not a hard dependency relationship, could be skipped when only python files changed. so we do not use "needs" here.
- clang_tidy_check
- check_pylint
code_quality_check:
extends:
- .sonar_scan_template
- .rules:patterns:static-code-analysis-preview
allow_failure: true # since now it's using exit code to indicate the code analysis result,
# we don't want to block ci when critical issues founded
script:
- export CI_MERGE_REQUEST_COMMITS=$(python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py commits ${CI_COMMIT_REF_NAME} | tr '\n' ',')
# test if this branch have merge request, if not, exit 0
- test -n "$CI_MERGE_REQUEST_IID" || exit 0
- test -n "$CI_MERGE_REQUEST_COMMITS" || exit 0
- sonar-scanner
-Dsonar.analysis.mode=preview
-Dsonar.branch.name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
-Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN
-Dsonar.exclusions=$EXCLUSIONS
-Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID
-Dsonar.gitlab.commit_sha=$CI_MERGE_REQUEST_COMMITS
-Dsonar.gitlab.merge_request_discussion=true
-Dsonar.gitlab.ref_name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
-Dsonar.host.url=$SONAR_HOST_URL
-Dsonar.login=$SONAR_LOGIN
-Dsonar.python.pylint.reportPath=pylint-report.txt
code_quality_report:
extends:
- .sonar_scan_template
- .rules:protected
allow_failure: true # since now it's using exit code to indicate the code analysis result,
# we don't want to block ci when critical issues founded
script:
- sonar-scanner
-Dsonar.branch.name=$CI_COMMIT_REF_NAME
-Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN
-Dsonar.exclusions=$EXCLUSIONS
-Dsonar.gitlab.commit_sha=$PIPELINE_COMMIT_SHA
-Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
-Dsonar.host.url=$SONAR_HOST_URL
-Dsonar.login=$SONAR_LOGIN
-Dsonar.python.pylint.reportPath=pylint-report.txt