# pre_check stage clang_tidy_check: extends: - .pre_check_template - .rules:patterns:clang_tidy artifacts: paths: - clang_tidy_reports/ variables: IDF_TOOLCHAIN: clang script: - run_cmd idf_clang_tidy $(cat tools/ci/clang_tidy_dirs.txt | xargs) --output-path clang_tidy_reports --limit-file tools/ci/static-analysis-rules.yml --xtensa-include-dir check_pylint: extends: - .pre_check_template - .rules:patterns:python-files needs: - pipeline_variables artifacts: reports: codequality: pylint.json script: - | if [ -n "$CI_MERGE_REQUEST_IID" ]; then export files=$(echo "$GIT_DIFF_OUTPUT" | grep ".py$" | xargs); else export files=$(git ls-files "*.py" | xargs); fi - if [ -z "$files" ]; then echo "No python files found"; exit 0; fi - run_cmd pylint --exit-zero --load-plugins=pylint_gitlab --output-format=gitlab-codeclimate:pylint.json $files # build stage # Sonarqube related jobs put here for this reason: # Here we have two jobs. code_quality_check and code_quality_report. # # code_quality_check will analyze the code changes between your MR and # code repo stored in sonarqube server. The analysis result is only shown in # the comments under this MR and won't be transferred to the server. # # code_quality_report will analyze and transfer both of the newly added code # and the analysis result to the server. # # Put in the front to ensure that the newly merged code can be stored in # sonarqube server ASAP, in order to avoid reporting unrelated code issues .sonar_scan_template: stage: build extends: .pre_check_template # full clone since this image does not support fetch --shallow-since-cutoff # shiny runners are used for full clone tags: [build, shiny] image: $SONARQUBE_SCANNER_IMAGE before_script: - source tools/ci/utils.sh - export PYTHONPATH="$CI_PROJECT_DIR/tools:$CI_PROJECT_DIR/tools/ci/python_packages:$PYTHONPATH" - fetch_submodules # Exclude the submodules, all paths ends with /** - submodules=$(get_all_submodules) # get all exclude paths specified in tools/ci/sonar_exclude_list.txt | ignore lines start with # | xargs | replace all to - custom_excludes=$(cat $CI_PROJECT_DIR/tools/ci/sonar_exclude_list.txt | grep -v '^#' | xargs | sed -e 's/ /,/g') # Exclude the report dir as well - export EXCLUSIONS="$custom_excludes,$submodules" - export SONAR_SCANNER_OPTS="-Xmx2048m" variables: GIT_DEPTH: 0 REPORT_PATTERN: clang_tidy_reports/**/*.txt artifacts: paths: - $REPORT_PATTERN dependencies: # Here is not a hard dependency relationship, could be skipped when only python files changed. so we do not use "needs" here. - clang_tidy_check code_quality_check: extends: - .sonar_scan_template - .rules:patterns:static-code-analysis-preview allow_failure: true # it's using exit code to indicate the code analysis result, # we don't want to block ci when critical issues founded script: - export CI_MERGE_REQUEST_COMMITS=$(python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py commits --src-branch ${CI_COMMIT_REF_NAME} | tr '\n' ',') # test if this branch have merge request, if not, exit 0 - test -n "$CI_MERGE_REQUEST_IID" || exit 0 - test -n "$CI_MERGE_REQUEST_COMMITS" || exit 0 - sonar-scanner -Dsonar.analysis.mode=preview -Dsonar.branch.name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN -Dsonar.exclusions=$EXCLUSIONS -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID -Dsonar.gitlab.commit_sha=$CI_MERGE_REQUEST_COMMITS -Dsonar.gitlab.merge_request_discussion=true -Dsonar.gitlab.ref_name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN code_quality_report: extends: - .sonar_scan_template - .rules:protected allow_failure: true # it's using exit code to indicate the code analysis result, # we don't want to block ci when critical issues founded script: - sonar-scanner -Dsonar.branch.name=$CI_COMMIT_REF_NAME -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN -Dsonar.exclusions=$EXCLUSIONS -Dsonar.gitlab.commit_sha=$PIPELINE_COMMIT_SHA -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME -Dsonar.host.url=$SONAR_HOST_URL -Dsonar.login=$SONAR_LOGIN