Add sonarqube code static analysis for idf project

2024-10-05 20:47:46 -04:00 · 2020-07-10 11:24:33 +08:00 · 2020-07-10 11:24:33 +08:00 · aeb3c02746
commit aeb3c02746
parent 8a9dc46b14
7 changed files with 753 additions and 36 deletions
--- a/.pylintrc
+++ b/.pylintrc
@ -0,0 +1,600 @@
 [MASTER]
 # A comma-separated list of package or module names from where C extensions may
 # be loaded. Extensions are loading into the active Python interpreter and may
 # run arbitrary code.
 extension-pkg-whitelist=
 # Specify a score threshold to be exceeded before program exits with error.
 fail-under=10
 # Add files or directories to the blacklist. They should be base names, not
 # paths.
 ignore=CVS
 # Add files or directories matching the regex patterns to the blacklist. The
 # regex matches against base names, not paths.
 ignore-patterns=
 # Python code to execute, usually for sys.path manipulation such as
 # pygtk.require().
 #init-hook=
 # Use multiple processes to speed up Pylint. Specifying 0 will auto-detect the
 # number of processors available to use.
 jobs=1
 # Control the amount of potential inferred values when inferring a single
 # object. This can help the performance when dealing with large functions or
 # complex, nested conditions.
 limit-inference-results=100
 # List of plugins (as comma separated values of python module names) to load,
 # usually to register additional checkers.
 load-plugins=
 # Pickle collected data for later comparisons.
 persistent=yes
 # When enabled, pylint would attempt to guess common misconfiguration and emit
 # user-friendly hints instead of false-positive error messages.
 suggestion-mode=yes
 # Allow loading of arbitrary C extensions. Extensions are imported into the
 # active Python interpreter and may run arbitrary code.
 unsafe-load-any-extension=no
 [MESSAGES CONTROL]
 # Only show warnings with the listed confidence levels. Leave empty to show
 # all. Valid levels: HIGH, INFERENCE, INFERENCE_FAILURE, UNDEFINED.
 confidence=
 # Disable the message, report, category or checker with the given id(s). You
 # can either give multiple identifiers separated by comma (,) or put this
 # option multiple times (only on the command line, not in the configuration
 # file where it should appear only once). You can also use "--disable=all" to
 # disable everything first and then reenable specific checks. For example, if
 # you want to run only the similarities checker, you can use "--disable=all
 # --enable=similarities". If you want to run only the classes checker, but have
 # no Warning level messages displayed, use "--disable=all --enable=classes
 # --disable=W".
 disable=print-statement,
        parameter-unpacking,
        unpacking-in-except,
        old-raise-syntax,
        backtick,
        long-suffix,
        old-ne-operator,
        old-octal-literal,
        import-star-module-level,
        non-ascii-bytes-literal,
        raw-checker-failed,
        bad-inline-option,
        locally-disabled,
        file-ignored,
        suppressed-message,
        useless-suppression,
        deprecated-pragma,
        use-symbolic-message-instead,
        apply-builtin,
        basestring-builtin,
        buffer-builtin,
        cmp-builtin,
        coerce-builtin,
        execfile-builtin,
        file-builtin,
        long-builtin,
        raw_input-builtin,
        reduce-builtin,
        standarderror-builtin,
        unicode-builtin,
        xrange-builtin,
        coerce-method,
        delslice-method,
        getslice-method,
        setslice-method,
        no-absolute-import,
        old-division,
        dict-iter-method,
        dict-view-method,
        next-method-called,
        metaclass-assignment,
        indexing-exception,
        raising-string,
        reload-builtin,
        oct-method,
        hex-method,
        nonzero-method,
        cmp-method,
        input-builtin,
        round-builtin,
        intern-builtin,
        unichr-builtin,
        map-builtin-not-iterating,
        zip-builtin-not-iterating,
        range-builtin-not-iterating,
        filter-builtin-not-iterating,
        using-cmp-argument,
        eq-without-hash,
        div-method,
        idiv-method,
        rdiv-method,
        exception-message-attribute,
        invalid-str-codec,
        sys-max-int,
        bad-python3-import,
        deprecated-string-function,
        deprecated-str-translate-call,
        deprecated-itertools-function,
        deprecated-types-field,
        next-method-defined,
        dict-items-not-iterating,
        dict-keys-not-iterating,
        dict-values-not-iterating,
        deprecated-operator-function,
        deprecated-urllib-function,
        xreadlines-attribute,
        deprecated-sys-function,
        exception-escape,
        comprehension-escape,
        missing-function-docstring, # Modified since here, include this line
        missing-class-docstring,
        missing-module-docstring,
        wrong-import-order,
        invalid-name,
 # Enable the message, report, category or checker with the given id(s). You can
 # either give multiple identifier separated by comma (,) or put this option
 # multiple time (only on the command line, not in the configuration file where
 # it should appear only once). See also the "--disable" option for examples.
 enable=c-extension-no-member
 [REPORTS]
 # Python expression which should return a score less than or equal to 10. You
 # have access to the variables 'error', 'warning', 'refactor', and 'convention'
 # which contain the number of messages in each category, as well as 'statement'
 # which is the total number of statements analyzed. This score is used by the
 # global evaluation report (RP0004).
 evaluation=10.0 - ((float(5 * error + warning + refactor + convention) / statement) * 10)
 # Template used to display messages. This is a python new-style format string
 # used to format the message information. See doc for all details.
 #msg-template=
 # Set the output format. Available formats are text, parseable, colorized, json
 # and msvs (visual studio). You can also give a reporter class, e.g.
 # mypackage.mymodule.MyReporterClass.
 output-format=text
 # Tells whether to display a full report or only the messages.
 reports=no
 # Activate the evaluation score.
 score=yes
 [REFACTORING]
 # Maximum number of nested blocks for function / method body
 max-nested-blocks=5
 # Complete name of functions that never returns. When checking for
 # inconsistent-return-statements if a never returning function is called then
 # it will be considered as an explicit return statement and no message will be
 # printed.
 never-returning-functions=sys.exit
 [TYPECHECK]
 # List of decorators that produce context managers, such as
 # contextlib.contextmanager. Add to this list to register other decorators that
 # produce valid context managers.
 contextmanager-decorators=contextlib.contextmanager
 # List of members which are set dynamically and missed by pylint inference
 # system, and so shouldn't trigger E1101 when accessed. Python regular
 # expressions are accepted.
 generated-members=
 # Tells whether missing members accessed in mixin class should be ignored. A
 # mixin class is detected if its name ends with "mixin" (case insensitive).
 ignore-mixin-members=yes
 # Tells whether to warn about missing members when the owner of the attribute
 # is inferred to be None.
 ignore-none=yes
 # This flag controls whether pylint should warn about no-member and similar
 # checks whenever an opaque object is returned when inferring. The inference
 # can return multiple potential results while evaluating a Python object, but
 # some branches might not be evaluated, which results in partial inference. In
 # that case, it might be useful to still emit no-member and other checks for
 # the rest of the inferred objects.
 ignore-on-opaque-inference=yes
 # List of class names for which member attributes should not be checked (useful
 # for classes with dynamically set attributes). This supports the use of
 # qualified names.
 ignored-classes=optparse.Values,thread._local,_thread._local
 # List of module names for which member attributes should not be checked
 # (useful for modules/projects where namespaces are manipulated during runtime
 # and thus existing member attributes cannot be deduced by static analysis). It
 # supports qualified module names, as well as Unix pattern matching.
 ignored-modules=
 # Show a hint with possible names when a member name was not found. The aspect
 # of finding the hint is based on edit distance.
 missing-member-hint=yes
 # The minimum edit distance a name should have in order to be considered a
 # similar match for a missing member name.
 missing-member-hint-distance=1
 # The total number of similar names that should be taken in consideration when
 # showing a hint for a missing member.
 missing-member-max-choices=1
 # List of decorators that change the signature of a decorated function.
 signature-mutators=
 [SPELLING]
 # Limits count of emitted suggestions for spelling mistakes.
 max-spelling-suggestions=4
 # Spelling dictionary name. Available dictionaries: none. To make it work,
 # install the python-enchant package.
 spelling-dict=
 # List of comma separated words that should not be checked.
 spelling-ignore-words=
 # A path to a file that contains the private dictionary; one word per line.
 spelling-private-dict-file=
 # Tells whether to store unknown words to the private dictionary (see the
 # --spelling-private-dict-file option) instead of raising a message.
 spelling-store-unknown-words=no
 [FORMAT]
 # Expected format of line ending, e.g. empty (any line ending), LF or CRLF.
 expected-line-ending-format=
 # Regexp for a line that is allowed to be longer than the limit.
 ignore-long-lines=^\s*(# )?<?https?://\S+>?$
 # Number of spaces of indent required inside a hanging or continued line.
 indent-after-paren=4
 # String used as indentation unit. This is usually "    " (4 spaces) or "\t" (1
 # tab).
 indent-string='    '
 # Maximum number of characters on a single line.
 max-line-length=160
 # Maximum number of lines in a module.
 max-module-lines=1000
 # List of optional constructs for which whitespace checking is disabled. `dict-
 # separator` is used to allow tabulation in dicts, etc.: {1  : 1,\n222: 2}.
 # `trailing-comma` allows a space between comma and closing bracket: (a, ).
 # `empty-line` allows space-only lines.
 no-space-check=trailing-comma,
               dict-separator
 # Allow the body of a class to be on the same line as the declaration if body
 # contains single statement.
 single-line-class-stmt=no
 # Allow the body of an if to be on the same line as the test if there is no
 # else.
 single-line-if-stmt=no
 [STRING]
 # This flag controls whether inconsistent-quotes generates a warning when the
 # character used as a quote delimiter is used inconsistently within a module.
 check-quote-consistency=no
 # This flag controls whether the implicit-str-concat should generate a warning
 # on implicit string concatenation in sequences defined over several lines.
 check-str-concat-over-line-jumps=no
 [LOGGING]
 # The type of string formatting that logging methods do. `old` means using %
 # formatting, `new` is for `{}` formatting.
 logging-format-style=old
 # Logging modules to check that the string format arguments are in logging
 # function parameter format.
 logging-modules=logging
 [MISCELLANEOUS]
 # List of note tags to take in consideration, separated by a comma.
 notes=FIXME,
      XXX,
      TODO
 # Regular expression of note tags to take in consideration.
 #notes-rgx=
 [SIMILARITIES]
 # Ignore comments when computing similarities.
 ignore-comments=yes
 # Ignore docstrings when computing similarities.
 ignore-docstrings=yes
 # Ignore imports when computing similarities.
 ignore-imports=no
 # Minimum lines number of a similarity.
 min-similarity-lines=4
 [VARIABLES]
 # List of additional names supposed to be defined in builtins. Remember that
 # you should avoid defining new builtins when possible.
 additional-builtins=
 # Tells whether unused global variables should be treated as a violation.
 allow-global-unused-variables=yes
 # List of strings which can identify a callback function by name. A callback
 # name must start or end with one of those strings.
 callbacks=cb_,
          _cb
 # A regular expression matching the name of dummy variables (i.e. expected to
 # not be used).
 dummy-variables-rgx=_+$|(_[a-zA-Z0-9_]*[a-zA-Z0-9]+?$)|dummy|^ignored_|^unused_
 # Argument names that match this expression will be ignored. Default to name
 # with leading underscore.
 ignored-argument-names=_.*|^ignored_|^unused_
 # Tells whether we should check for unused import in __init__ files.
 init-import=no
 # List of qualified module names which can have objects that can redefine
 # builtins.
 redefining-builtins-modules=six.moves,past.builtins,future.builtins,builtins,io
 [BASIC]
 # Naming style matching correct argument names.
 argument-naming-style=snake_case
 # Regular expression matching correct argument names. Overrides argument-
 # naming-style.
 #argument-rgx=
 # Naming style matching correct attribute names.
 attr-naming-style=snake_case
 # Regular expression matching correct attribute names. Overrides attr-naming-
 # style.
 #attr-rgx=
 # Bad variable names which should always be refused, separated by a comma.
 bad-names=foo,
          bar,
          baz,
          toto,
          tutu,
          tata
 # Bad variable names regexes, separated by a comma. If names match any regex,
 # they will always be refused
 bad-names-rgxs=
 # Naming style matching correct class attribute names.
 class-attribute-naming-style=any
 # Regular expression matching correct class attribute names. Overrides class-
 # attribute-naming-style.
 #class-attribute-rgx=
 # Naming style matching correct class names.
 class-naming-style=PascalCase
 # Regular expression matching correct class names. Overrides class-naming-
 # style.
 #class-rgx=
 # Naming style matching correct constant names.
 const-naming-style=UPPER_CASE
 # Regular expression matching correct constant names. Overrides const-naming-
 # style.
 #const-rgx=
 # Minimum line length for functions/classes that require docstrings, shorter
 # ones are exempt.
 docstring-min-length=-1
 # Naming style matching correct function names.
 function-naming-style=snake_case
 # Regular expression matching correct function names. Overrides function-
 # naming-style.
 #function-rgx=
 # Good variable names which should always be accepted, separated by a comma.
 good-names=i,
           j,
           k,
           ex,
           Run,
           _
 # Good variable names regexes, separated by a comma. If names match any regex,
 # they will always be accepted
 good-names-rgxs=
 # Include a hint for the correct naming format with invalid-name.
 include-naming-hint=no
 # Naming style matching correct inline iteration names.
 inlinevar-naming-style=any
 # Regular expression matching correct inline iteration names. Overrides
 # inlinevar-naming-style.
 #inlinevar-rgx=
 # Naming style matching correct method names.
 method-naming-style=snake_case
 # Regular expression matching correct method names. Overrides method-naming-
 # style.
 #method-rgx=
 # Naming style matching correct module names.
 module-naming-style=snake_case
 # Regular expression matching correct module names. Overrides module-naming-
 # style.
 #module-rgx=
 # Colon-delimited sets of names that determine each other's naming style when
 # the name regexes allow several styles.
 name-group=
 # Regular expression which should only match function or class names that do
 # not require a docstring.
 no-docstring-rgx=^_
 # List of decorators that produce properties, such as abc.abstractproperty. Add
 # to this list to register other decorators that produce valid properties.
 # These decorators are taken in consideration only for invalid-name.
 property-classes=abc.abstractproperty
 # Naming style matching correct variable names.
 variable-naming-style=snake_case
 # Regular expression matching correct variable names. Overrides variable-
 # naming-style.
 #variable-rgx=
 [DESIGN]
 # Maximum number of arguments for function / method.
 max-args=5
 # Maximum number of attributes for a class (see R0902).
 max-attributes=7
 # Maximum number of boolean expressions in an if statement (see R0916).
 max-bool-expr=5
 # Maximum number of branch for function / method body.
 max-branches=12
 # Maximum number of locals for function / method body.
 max-locals=15
 # Maximum number of parents for a class (see R0901).
 max-parents=7
 # Maximum number of public methods for a class (see R0904).
 max-public-methods=20
 # Maximum number of return / yield for function / method body.
 max-returns=6
 # Maximum number of statements in function / method body.
 max-statements=50
 # Minimum number of public methods for a class (see R0903).
 min-public-methods=2
 [CLASSES]
 # List of method names used to declare (i.e. assign) instance attributes.
 defining-attr-methods=__init__,
                      __new__,
                      setUp,
                      __post_init__
 # List of member names, which should be excluded from the protected access
 # warning.
 exclude-protected=_asdict,
                  _fields,
                  _replace,
                  _source,
                  _make
 # List of valid names for the first argument in a class method.
 valid-classmethod-first-arg=cls
 # List of valid names for the first argument in a metaclass class method.
 valid-metaclass-classmethod-first-arg=cls
 [IMPORTS]
 # List of modules that can be imported at any level, not just the top level
 # one.
 allow-any-import-level=
 # Allow wildcard imports from modules that define __all__.
 allow-wildcard-with-all=no
 # Analyse import fallback blocks. This can be used to support both Python 2 and
 # 3 compatible code, which means that the block might have code that exists
 # only in one or another interpreter, leading to false positives when analysed.
 analyse-fallback-blocks=no
 # Deprecated modules which should not be used, separated by a comma.
 deprecated-modules=optparse,tkinter.tix
 # Create a graph of external dependencies in the given file (report RP0402 must
 # not be disabled).
 ext-import-graph=
 # Create a graph of every (i.e. internal and external) dependencies in the
 # given file (report RP0402 must not be disabled).
 import-graph=
 # Create a graph of internal dependencies in the given file (report RP0402 must
 # not be disabled).
 int-import-graph=
 # Force import order to recognize a module as part of the standard
 # compatibility libraries.
 known-standard-library=
 # Force import order to recognize a module as part of a third party library.
 known-third-party=enchant
 # Couples of modules and preferred modules, separated by a comma.
 preferred-modules=
 [EXCEPTIONS]
 # Exceptions that will emit a warning when being caught. Defaults to
 # "BaseException, Exception".
 overgeneral-exceptions=BaseException,
                       Exception
--- a/tools/ci/config/build.yml
+++ b/tools/ci/config/build.yml
@ -408,3 +408,87 @@ build_installer:
 # This job builds template app with permutations of targets and optimization levels
 build_template_app:
  extends: .build_template_app_template
 # Sonarqube related jobs put here for this reason:
 # Here we have two jobs. code_quality_check and code_quality_report.
 #
 # code_quality_check will analyze the code changes between your MR and
 # code repo stored in sonarqube server. The analysis result is only shown in
 # the comments under this MR and won't be transferred to the server.
 #
 # code_quality_report will analyze and transfer both of the newly added code
 # and the analysis result to the server.
 #
 # Put in the front to ensure that the newly merged code can be stored in
 # sonarqube server ASAP, in order to avoid reporting unrelated code issues
 .sonar_scan_template:
  stage: build
  image:
    name: $CI_DOCKER_REGISTRY/sonarqube-scanner:1
  before_script:
    - export PYTHONPATH="$CI_PROJECT_DIR/tools:$CI_PROJECT_DIR/tools/ci/python_packages:$PYTHONPATH"
    - python $SUBMODULE_FETCH_TOOL
    # Exclude the submodules, all paths ends with /**
    # get all submodules configs | get all paths | add /** as suffix | xargs | replace all <space> to <comma>
    - export SUBMODULES=$(git config --file .gitmodules --get-regexp path | awk '{ print $2 }' | sed -e 's|$|/**|' | xargs | sed -e 's/ /,/g')
    # Exclude the report dir
    - export EXCLUSIONS="$SUBMODULES,$REPORT_DIR/**,docs/_static/**,**/*.png,**/*.jpg"
    - python $NORMALIZE_CLANGTIDY_PY $CI_PROJECT_DIR/$REPORT_DIR/warnings.txt $CI_PROJECT_DIR/$REPORT_DIR/clang_tidy_report.txt $CI_PROJECT_DIR
  variables:
    GIT_DEPTH: 0
    NORMALIZE_CLANGTIDY_PY: $CI_PROJECT_DIR/tools/ci/normalize_clangtidy_path.py
    REPORT_DIR: examples/get-started/hello_world/tidybuild/report
  tags:
    - host_test
 code_quality_check:
  extends: .sonar_scan_template
  dependencies:
    - clang_tidy_check_regular_for_MR_review
  only:
    - merge_requests
  script:
    - sonar-scanner -X
      -Dsonar.analysis.mode=preview
      -Dsonar.host.url=$SONAR_HOST_URL
      -Dsonar.login=$SONAR_LOGIN
      -Dsonar.sources=$CI_PROJECT_DIR
      -Dsonar.sourceEncoding=UTF-8
      -Dsonar.projectKey=esp-idf
      -Dsonar.projectBaseDir=$CI_PROJECT_DIR
      -Dsonar.exclusions=$EXCLUSIONS
      -Dsonar.gitlab.project_id=$CI_PROJECT_ID
      -Dsonar.gitlab.commit_sha=$(git log --pretty=format:%H origin/master..origin/$CI_COMMIT_REF_NAME | tr '\n' ',')
      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
      -Dsonar.cxx.clangtidy.reportPath=$REPORT_DIR/clang_tidy_report.txt
      -Dsonar.cxx.includeDirectories=components,/usr/include
      -Dsonar.python.pylint_config=.pylintrc
      -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID
      -Dsonar.gitlab.merge_request_discussion=true
      -Dsonar.branch.name=$CI_COMMIT_REF_NAME
 code_quality_report:
  extends: .sonar_scan_template
  only:
    - master
    - /^release\/v/
    - /^v\d+\.\d+(\.\d+)?($|-)/
    - schedules
  dependencies:
    - clang_tidy_check_regular
  script:
    - sonar-scanner
      -Dsonar.host.url=$SONAR_HOST_URL
      -Dsonar.login=$SONAR_LOGIN
      -Dsonar.sources=$CI_PROJECT_DIR
      -Dsonar.sourceEncoding=UTF-8
      -Dsonar.projectKey=esp-idf
      -Dsonar.projectBaseDir=$CI_PROJECT_DIR
      -Dsonar.exclusions=$EXCLUSIONS
      -Dsonar.gitlab.project_id=$CI_PROJECT_ID
      -Dsonar.gitlab.commit_sha=$CI_COMMIT_SHA
      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
      -Dsonar.cxx.clangtidy.reportPath=$REPORT_DIR/clang_tidy_report.txt
      -Dsonar.cxx.includeDirectories=components,/usr/include
      -Dsonar.python.pylint_config=.pylintrc
      -Dsonar.branch.name=$CI_COMMIT_REF_NAME
--- a/tools/ci/config/host-test.yml
+++ b/tools/ci/config/host-test.yml
@ -1,4 +1,3 @@
 .host_test_template:
  stage: host_test
  image: $CI_DOCKER_REGISTRY/esp32-ci-env$BOT_DOCKER_IMAGE_TAG
@ -36,25 +35,6 @@
    # check no crashes found
    - test -z "$(ls out/crashes/)" || exit 1
 .clang_tidy_check_template:
  stage: host_test
  image: ${CI_DOCKER_REGISTRY}/clang-static-analysis
  tags:
    - host_test
  dependencies: []
  artifacts:
    reports:
      junit: $IDF_PATH/output.xml
    when: always
    paths:
      - $IDF_PATH/examples/get-started/hello_world/tidybuild/report/*
    expire_in: 1 day
  script:
    - ./tools/ci/retry_failed.sh git clone $IDF_ANALYSIS_UTILS static_analysis_utils && cd static_analysis_utils
    # Setup parameters of triggered/regular job
    - export TRIGGERED_RELATIVE=${BOT_LABEL_STATIC_ANALYSIS-} && export TRIGGERED_ABSOLUTE=${BOT_LABEL_STATIC_ANALYSIS_ALL-} && export TARGET_BRANCH=${BOT_CUSTOMIZED_REVISION-}
    - ./analyze.sh $IDF_PATH/examples/get-started/hello_world/ $IDF_PATH/tools/ci/static-analysis-rules.yml $IDF_PATH/output.xml
 test_nvs_on_host:
  extends: .host_test_template
  script:
@ -107,21 +87,6 @@ test_ldgen_on_host:
    - ./test_fragments.py
    - ./test_generation.py
 clang_tidy_check:
  extends: .clang_tidy_check_template
  variables:
    BOT_NEEDS_TRIGGER_BY_NAME: 1
    BOT_LABEL_STATIC_ANALYSIS: 1
 clang_tidy_check_regular:
  extends: .clang_tidy_check_template
 clang_tidy_check_all:
  extends: .clang_tidy_check_template
  variables:
    BOT_NEEDS_TRIGGER_BY_NAME: 1
    BOT_LABEL_STATIC_ANALYSIS_ALL: 1
 test_mdns_fuzzer_on_host:
  extends: .host_fuzzer_test_template
  variables:
--- a/tools/ci/config/post_check.yml
+++ b/tools/ci/config/post_check.yml
@ -18,7 +18,7 @@ check_submodule_sync:
    - git submodule deinit --force .
    # setting the default remote URL to the public one, to resolve relative location URLs
    - git config remote.origin.url ${PUBLIC_IDF_URL}
-    # check if all submodules are correctly synced to public repostory
+    # check if all submodules are correctly synced to public repository
    - git submodule init
    - *show_submodule_urls
    - git submodule update --recursive
--- a/tools/ci/config/pre_check.yml
+++ b/tools/ci/config/pre_check.yml
@ -168,3 +168,42 @@ check_readme_links:
    PYTHON_VER: 3
  script:
    - python ${IDF_PATH}/tools/ci/check_readme_links.py
 .clang_tidy_check_template:
  stage: pre_check
  image: ${CI_DOCKER_REGISTRY}/clang-static-analysis
  tags:
    - host_test
  dependencies: []
  artifacts:
    reports:
      junit: $IDF_PATH/output.xml
    when: always
    paths:
      - $IDF_PATH/examples/get-started/hello_world/tidybuild/report/*
    expire_in: 1 day
  script:
    - ./tools/ci/retry_failed.sh git clone $IDF_ANALYSIS_UTILS static_analysis_utils && cd static_analysis_utils
    # Setup parameters of triggered/regular job
    - export TRIGGERED_RELATIVE=${BOT_LABEL_STATIC_ANALYSIS-} && export TRIGGERED_ABSOLUTE=${BOT_LABEL_STATIC_ANALYSIS_ALL-} && export TARGET_BRANCH=${BOT_CUSTOMIZED_REVISION-}
    - ./analyze.sh $IDF_PATH/examples/get-started/hello_world/ $IDF_PATH/tools/ci/static-analysis-rules.yml $IDF_PATH/output.xml
 clang_tidy_check:
  extends: .clang_tidy_check_template
  variables:
    BOT_NEEDS_TRIGGER_BY_NAME: 1
    BOT_LABEL_STATIC_ANALYSIS: 1
 clang_tidy_check_regular:
  extends: .clang_tidy_check_template
 clang_tidy_check_regular_for_MR_review:
  extends: .clang_tidy_check_template
  only:
    - merge_requests
 clang_tidy_check_all:
  extends: .clang_tidy_check_template
  variables:
    BOT_NEEDS_TRIGGER_BY_NAME: 1
    BOT_LABEL_STATIC_ANALYSIS_ALL: 1
--- a/tools/ci/executable-list.txt
+++ b/tools/ci/executable-list.txt
@ -55,6 +55,7 @@ tools/ci/get-full-sources.sh
 tools/ci/get_supported_examples.sh
 tools/ci/mirror-submodule-update.sh
 tools/ci/multirun_with_pyenv.sh
 tools/ci/normalize_clangtidy_path.py
 tools/ci/push_to_github.sh
 tools/ci/retry_failed.sh
 tools/ci/test_build_system.sh
--- a/tools/ci/normalize_clangtidy_path.py
+++ b/tools/ci/normalize_clangtidy_path.py
@ -0,0 +1,28 @@
 #!/usr/bin/env python
 import argparse
 import re
 from os.path import join, normpath, dirname, relpath
 CLANG_TIDY_REGEX = re.compile(r'(.+|[a-zA-Z]:\\\\.+):([0-9]+):([0-9]+): ([^:]+): (.+)')
 def normalize_clang_tidy_path(file_path, output_path, base_dir):
    with open(output_path, 'w') as fw:
        for line in open(file_path):
            result = CLANG_TIDY_REGEX.match(line)
            if result:
                path = result.group(1)
                abs_path = normpath(join(dirname(file_path), path))
                rel_path = relpath(abs_path, base_dir)
                line = line.replace(path, rel_path)
            fw.write(line)
 if __name__ == '__main__':
    parser = argparse.ArgumentParser()
    parser.add_argument('file', help='clang tidy report path')
    parser.add_argument('output_file', help='normalized clang tidy report path')
    parser.add_argument('base_dir', help='relative path base dir')
    args = parser.parse_args()
    normalize_clang_tidy_path(args.file, args.output_file, args.base_dir)