diff --git a/.gitlab/ci/rules.yml b/.gitlab/ci/rules.yml index cc386ac506..7b348fbe09 100644 --- a/.gitlab/ci/rules.yml +++ b/.gitlab/ci/rules.yml @@ -261,14 +261,14 @@ - <<: *if-dev-push changes: *patterns-python-files -.rules:patterns:static-code-analysis-preview: - rules: - - <<: *if-dev-push - changes: *patterns-c-files - - <<: *if-dev-push - changes: *patterns-python-files - - <<: *if-dev-push - changes: *patterns-sonarqube-files +#.rules:patterns:static-code-analysis-preview: +# rules: +# - <<: *if-dev-push +# changes: *patterns-c-files +# - <<: *if-dev-push +# changes: *patterns-python-files +# - <<: *if-dev-push +# changes: *patterns-sonarqube-files .rules:patterns:idf-pytest-plugin: rules: diff --git a/.gitlab/ci/static-code-analysis.yml b/.gitlab/ci/static-code-analysis.yml index d22f524d54..2773d2cbf7 100644 --- a/.gitlab/ci/static-code-analysis.yml +++ b/.gitlab/ci/static-code-analysis.yml @@ -38,84 +38,84 @@ check_pylint: fi - if [ -z "$files" ]; then echo "No python files found"; exit 0; fi - run_cmd pylint --exit-zero --load-plugins=pylint_gitlab --output-format=gitlab-codeclimate:pylint.json $files - -# build stage -# Sonarqube related jobs put here for this reason: -# Here we have two jobs. code_quality_check and code_quality_report. # -# code_quality_check will analyze the code changes between your MR and -# code repo stored in sonarqube server. The analysis result is only shown in -# the comments under this MR and won't be transferred to the server. +## build stage +## Sonarqube related jobs put here for this reason: +## Here we have two jobs. code_quality_check and code_quality_report. +## +## code_quality_check will analyze the code changes between your MR and +## code repo stored in sonarqube server. The analysis result is only shown in +## the comments under this MR and won't be transferred to the server. +## +## code_quality_report will analyze and transfer both of the newly added code +## and the analysis result to the server. +## +## Put in the front to ensure that the newly merged code can be stored in +## sonarqube server ASAP, in order to avoid reporting unrelated code issues +#.sonar_scan_template: +# stage: build +# extends: .pre_check_template +# # full clone since this image does not support fetch --shallow-since-cutoff +# # shiny runners are used for full clone +# tags: [build, shiny] +# image: $SONARQUBE_SCANNER_IMAGE +# before_script: +# - source tools/ci/utils.sh +# - export PYTHONPATH="$CI_PROJECT_DIR/tools:$CI_PROJECT_DIR/tools/ci/python_packages:$PYTHONPATH" +# - fetch_submodules +# # Exclude the submodules, all paths ends with /** +# - submodules=$(get_all_submodules) +# # get all exclude paths specified in tools/ci/sonar_exclude_list.txt | ignore lines start with # | xargs | replace all to +# - custom_excludes=$(cat $CI_PROJECT_DIR/tools/ci/sonar_exclude_list.txt | grep -v '^#' | xargs | sed -e 's/ /,/g') +# # Exclude the report dir as well +# - export EXCLUSIONS="$custom_excludes,$submodules" +# - export SONAR_SCANNER_OPTS="-Xmx2048m" +# variables: +# GIT_DEPTH: 0 +# REPORT_PATTERN: clang_tidy_reports/**/*.txt +# artifacts: +# paths: +# - $REPORT_PATTERN +# expire_in: 1 week +# when: always +# dependencies: # Here is not a hard dependency relationship, could be skipped when only python files changed. so we do not use "needs" here. +# - clang_tidy_check # -# code_quality_report will analyze and transfer both of the newly added code -# and the analysis result to the server. +#code_quality_check: +# extends: +# - .sonar_scan_template +# - .rules:patterns:static-code-analysis-preview +# allow_failure: true # it's using exit code to indicate the code analysis result, +# # we don't want to block ci when critical issues founded +# script: +# - export CI_MERGE_REQUEST_COMMITS=$(python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py commits --src-branch ${CI_COMMIT_REF_NAME} | tr '\n' ',') +# # test if this branch have merge request, if not, exit 0 +# - test -n "$CI_MERGE_REQUEST_IID" || exit 0 +# - test -n "$CI_MERGE_REQUEST_COMMITS" || exit 0 +# - sonar-scanner +# -Dsonar.analysis.mode=preview +# -Dsonar.branch.name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME +# -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN +# -Dsonar.exclusions=$EXCLUSIONS +# -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID +# -Dsonar.gitlab.commit_sha=$CI_MERGE_REQUEST_COMMITS +# -Dsonar.gitlab.merge_request_discussion=true +# -Dsonar.gitlab.ref_name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME +# -Dsonar.host.url=$SONAR_HOST_URL +# -Dsonar.login=$SONAR_LOGIN # -# Put in the front to ensure that the newly merged code can be stored in -# sonarqube server ASAP, in order to avoid reporting unrelated code issues -.sonar_scan_template: - stage: build - extends: .pre_check_template - # full clone since this image does not support fetch --shallow-since-cutoff - # shiny runners are used for full clone - tags: [build, shiny] - image: $SONARQUBE_SCANNER_IMAGE - before_script: - - source tools/ci/utils.sh - - export PYTHONPATH="$CI_PROJECT_DIR/tools:$CI_PROJECT_DIR/tools/ci/python_packages:$PYTHONPATH" - - fetch_submodules - # Exclude the submodules, all paths ends with /** - - submodules=$(get_all_submodules) - # get all exclude paths specified in tools/ci/sonar_exclude_list.txt | ignore lines start with # | xargs | replace all to - - custom_excludes=$(cat $CI_PROJECT_DIR/tools/ci/sonar_exclude_list.txt | grep -v '^#' | xargs | sed -e 's/ /,/g') - # Exclude the report dir as well - - export EXCLUSIONS="$custom_excludes,$submodules" - - export SONAR_SCANNER_OPTS="-Xmx2048m" - variables: - GIT_DEPTH: 0 - REPORT_PATTERN: clang_tidy_reports/**/*.txt - artifacts: - paths: - - $REPORT_PATTERN - expire_in: 1 week - when: always - dependencies: # Here is not a hard dependency relationship, could be skipped when only python files changed. so we do not use "needs" here. - - clang_tidy_check - -code_quality_check: - extends: - - .sonar_scan_template - - .rules:patterns:static-code-analysis-preview - allow_failure: true # it's using exit code to indicate the code analysis result, - # we don't want to block ci when critical issues founded - script: - - export CI_MERGE_REQUEST_COMMITS=$(python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py commits --src-branch ${CI_COMMIT_REF_NAME} | tr '\n' ',') - # test if this branch have merge request, if not, exit 0 - - test -n "$CI_MERGE_REQUEST_IID" || exit 0 - - test -n "$CI_MERGE_REQUEST_COMMITS" || exit 0 - - sonar-scanner - -Dsonar.analysis.mode=preview - -Dsonar.branch.name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME - -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN - -Dsonar.exclusions=$EXCLUSIONS - -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID - -Dsonar.gitlab.commit_sha=$CI_MERGE_REQUEST_COMMITS - -Dsonar.gitlab.merge_request_discussion=true - -Dsonar.gitlab.ref_name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME - -Dsonar.host.url=$SONAR_HOST_URL - -Dsonar.login=$SONAR_LOGIN - -code_quality_report: - extends: - - .sonar_scan_template - - .rules:protected - allow_failure: true # it's using exit code to indicate the code analysis result, - # we don't want to block ci when critical issues founded - script: - - sonar-scanner - -Dsonar.branch.name=$CI_COMMIT_REF_NAME - -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN - -Dsonar.exclusions=$EXCLUSIONS - -Dsonar.gitlab.commit_sha=$PIPELINE_COMMIT_SHA - -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME - -Dsonar.host.url=$SONAR_HOST_URL - -Dsonar.login=$SONAR_LOGIN +#code_quality_report: +# extends: +# - .sonar_scan_template +# - .rules:protected +# allow_failure: true # it's using exit code to indicate the code analysis result, +# # we don't want to block ci when critical issues founded +# script: +# - sonar-scanner +# -Dsonar.branch.name=$CI_COMMIT_REF_NAME +# -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN +# -Dsonar.exclusions=$EXCLUSIONS +# -Dsonar.gitlab.commit_sha=$PIPELINE_COMMIT_SHA +# -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME +# -Dsonar.host.url=$SONAR_HOST_URL +# -Dsonar.login=$SONAR_LOGIN