From 979f787c6ec77793418f3008629eeff1c05d39a2 Mon Sep 17 00:00:00 2001
From: Vivek Kumar Dutta <vivek.dutta@iopsys.eu>
Date: Sun, 1 Sep 2024 17:43:01 +0530
Subject: [PATCH] Tidy-up workspace and infer option for suppression

---
 docker/code-analysis/static_code_analysis.sh | 59 ++++++++++++++++----
 static-code-analysis.yml                     |  5 +-
 2 files changed, 50 insertions(+), 14 deletions(-)

diff --git a/docker/code-analysis/static_code_analysis.sh b/docker/code-analysis/static_code_analysis.sh
index 873b49f..44c069f 100755
--- a/docker/code-analysis/static_code_analysis.sh
+++ b/docker/code-analysis/static_code_analysis.sh
@@ -5,60 +5,95 @@ log()
 	echo "# $* #"
 }
 
+log_err()
+{
+	RED='\033[0;31m'
+	NC='\033[0m'
+
+	echo -e "${RED}# $* #${NC}"
+}
+
 exec_cmd()
 {
 	log "Running [$@]"
 	$@
 	if [ "$?" -ne 0 ]; then
-		log "Failed to run [$@]..."
+		log_err "Failed to run [$@]..."
 		if [ -n "${CI}" ]; then
 			exit 1
 		else
 			# Ignore errors for development environment
-			log "Ignoring the last error ..."
+			log_err "Ignoring the last error ..."
 		fi
 	fi
 }
 
 generate_compilation_db()
 {
+	if [ -f "compile_commands.json" ]; then
+		if jq -e '. | length == 0' compile_commands.json; then
+			log_err "Compilation db empty, probably COMPILATION_FIXUP not set"
+			exit 1
+		fi
+		log "Compilation db already exits, skip generation"
+		return 0
+	fi
+
 	if [ -n "${COMPILATION_FIXUP}" ]; then
 		COMPILATION_FIXUP="${COMPILATION_FIXUP/cmake /cmake -DCMAKE_EXPORT_COMPILE_COMMANDS=ON }"
 		exec_cmd ${COMPILATION_FIXUP}
 	fi
 
+	if [ -f "compile_commands.json" ]; then
+		if jq -e '. | length == 0' compile_commands.json; then
+			log_err "Empty compilation db, probably COMPILATION_FIXUP incorrect"
+			exit 3
+		fi
+		log "Compilation db got generated with COMPILATION_FIXUP ..."
+		return 0
+	fi
+
 	exec_cmd bear -- make -C ${SOURCE_FOLDER}
 	make -C ${SOURCE_FOLDER} clean
 
 	if [ ! -f "compile_commands.json" ]; then
-		log "Failed to generate compilation db"
+		log_err "Failed to generate compilation db"
 		exit 2
 	fi
+
+	if jq -e '. | length == 0' compile_commands.json; then
+		log_err "Empty compilation db, probably COMPILATION_FIXUP not set"
+		exit 4
+	fi
 }
 
 run_cppcheck_validation()
 {
+	mkdir -p /tmp/cppcheck
 	if [ -f "compile_commands.json" ]; then
-		exec_cmd cppcheck --error-exitcode=1 --addon=threadsafety --addon=cert -i ./test --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json
-	else
-		exec_cmd cppcheck --error-exitcode=1 --addon=threadsafety --addon=cert -i ./test --inline-suppr ${CPPCHECK_OPTIONS} ${SOURCE_FOLDER}
+		exec_cmd cppcheck --error-exitcode=1 --addon=threadsafety --addon=cert -i ./test --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json --cppcheck-build-dir=/tmp/cppcheck
 	fi
 }
 
 run_cppcheck_clang_validation()
 {
+	mkdir -p /tmp/cppcheck
 	if [ -f "compile_commands.json" ]; then
 		if [ -n "${CI}" ]; then
-			cppcheck --error-exitcode=1 --clang -i ./test --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json
+			cppcheck --error-exitcode=1 --clang -i ./test --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json --cppcheck-build-dir=/tmp/cppcheck
 		else
-			exec_cmd cppcheck --error-exitcode=1 --clang -i ./test --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json
+			exec_cmd cppcheck --error-exitcode=1 --clang -i ./test --inline-suppr ${CPPCHECK_OPTIONS} --project=compile_commands.json --cppcheck-build-dir=/tmp/cppcheck
 		fi
 	fi
 }
 
 run_infer_analysis()
 {
-	exec_cmd infer --fail-on-issue --compilation-database compile_commands.json
+	cmd="infer --fail-on-issue --compilation-database compile_commands.json -o /tmp/infer ${INFER_OPTIONS}"
+	if ! ${cmd}; then
+		log_err "Failed to execute [$cmd]"
+		cp /tmp/infer/report.txt .
+	fi
 }
 
 run_flawfinder_checks()
@@ -97,6 +132,9 @@ main()
 		exec_cmd ./gitlab-ci/install-dependencies.sh
 	fi
 
+	# Run CPD checks
+	run_cpd_check
+
 	# Run flawfinder
 	run_flawfinder_checks
 
@@ -113,9 +151,6 @@ main()
 
 	# Run infer analysis
 	run_infer_analysis
-
-	# Run CPD checks
-	run_cpd_check
 }
 
 main "$@"
diff --git a/static-code-analysis.yml b/static-code-analysis.yml
index f9dd0b4..36ecd82 100644
--- a/static-code-analysis.yml
+++ b/static-code-analysis.yml
@@ -1,8 +1,9 @@
 variables:
-  COMMON_IMAGE: "dev.iopsys.eu:5050/iopsys/gitlab-ci-pipeline/code-analysis:1.1"
+  COMMON_IMAGE: "dev.iopsys.eu:5050/iopsys/gitlab-ci-pipeline/code-analysis:1.2"
   FLAWFINDER_OPTIONS: ""
   CPD_OPTIONS: "--minimum-tokens 200"
   CPPCHECK_OPTIONS: ""
+  INFER_OPTIONS: ""
   COMPILATION_FIXUP: ""
   SHELL_SRC: ""
   SHELLCHECK_OPTIONS: "-e SC2039,SC2034,SC1091 -S info"
@@ -20,7 +21,7 @@ run_static_code_analysis:
   artifacts:
     when: on_failure
     paths:
-      - infer-out/report.txt
+      - report.txt
 
 
 run_shell_checks:
-- 
GitLab