# pre_check stage
clang_tidy_check:
  extends:
    - .pre_check_template
    - .rules:patterns:clang_tidy
  artifacts:
    paths:
      - clang_tidy_reports/
    expire_in: 1 week
    when: always
  variables:
    IDF_TOOLCHAIN: clang
  script:
    - run_cmd idf_clang_tidy $(cat tools/ci/clang_tidy_dirs.txt | xargs)
      --output-path clang_tidy_reports
      --limit-file tools/ci/static-analysis-rules.yml
      --xtensa-include-dir

check_pylint:
  extends:
    - .pre_check_template
    - .rules:patterns:python-files
  needs:
    - pipeline_variables
  artifacts:
    reports:
      codequality: pylint.json
    paths:
      - pylint.json
    expire_in: 1 week
    when: always
  script:
    - |
      if [ -n "$CI_MERGE_REQUEST_IID" ]; then
        export files=$(echo "$GIT_DIFF_OUTPUT" | grep ".py$" | xargs);
      else
        export files=$(git ls-files "*.py" | xargs);
      fi
    - if [ -z "$files" ]; then echo "No python files found"; exit 0; fi
    - run_cmd pylint --exit-zero --load-plugins=pylint_gitlab --output-format=gitlab-codeclimate:pylint.json $files

# build stage
# Sonarqube related jobs put here for this reason:
# Here we have two jobs. code_quality_check and code_quality_report.
#
# code_quality_check will analyze the code changes between your MR and
# code repo stored in sonarqube server. The analysis result is only shown in
# the comments under this MR and won't be transferred to the server.
#
# code_quality_report will analyze and transfer both of the newly added code
# and the analysis result to the server.
#
# Put in the front to ensure that the newly merged code can be stored in
# sonarqube server ASAP, in order to avoid reporting unrelated code issues
.sonar_scan_template:
  stage: build
  extends: .pre_check_template
  # full clone since this image does not support fetch --shallow-since-cutoff
  # shiny runners are used for full clone
  tags: [build, shiny]
  image: $SONARQUBE_SCANNER_IMAGE
  before_script:
    - source tools/ci/utils.sh
    - export PYTHONPATH="$CI_PROJECT_DIR/tools:$CI_PROJECT_DIR/tools/ci/python_packages:$PYTHONPATH"
    - fetch_submodules
    # Exclude the submodules, all paths ends with /**
    - submodules=$(get_all_submodules)
    # get all exclude paths specified in tools/ci/sonar_exclude_list.txt | ignore lines start with # | xargs | replace all <space> to <comma>
    - custom_excludes=$(cat $CI_PROJECT_DIR/tools/ci/sonar_exclude_list.txt | grep -v '^#' | xargs | sed -e 's/ /,/g')
    # Exclude the report dir as well
    - export EXCLUSIONS="$custom_excludes,$submodules"
    - export SONAR_SCANNER_OPTS="-Xmx2048m"
  variables:
    GIT_DEPTH: 0
    REPORT_PATTERN: clang_tidy_reports/**/*.txt
  artifacts:
    paths:
      - $REPORT_PATTERN
    expire_in: 1 week
    when: always
  dependencies:  # Here is not a hard dependency relationship, could be skipped when only python files changed. so we do not use "needs" here.
    - clang_tidy_check

code_quality_check:
  extends:
    - .sonar_scan_template
    - .rules:patterns:static-code-analysis-preview
  allow_failure: true  # it's using exit code to indicate the code analysis result,
                       # we don't want to block ci when critical issues founded
  script:
    - export CI_MERGE_REQUEST_COMMITS=$(python ${CI_PROJECT_DIR}/tools/ci/ci_get_mr_info.py commits --src-branch ${CI_COMMIT_REF_NAME} | tr '\n' ',')
    # test if this branch have merge request, if not, exit 0
    - test -n "$CI_MERGE_REQUEST_IID" || exit 0
    - test -n "$CI_MERGE_REQUEST_COMMITS" || exit 0
    - sonar-scanner
      -Dsonar.analysis.mode=preview
      -Dsonar.branch.name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
      -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN
      -Dsonar.exclusions=$EXCLUSIONS
      -Dsonar.gitlab.ci_merge_request_iid=$CI_MERGE_REQUEST_IID
      -Dsonar.gitlab.commit_sha=$CI_MERGE_REQUEST_COMMITS
      -Dsonar.gitlab.merge_request_discussion=true
      -Dsonar.gitlab.ref_name=$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
      -Dsonar.host.url=$SONAR_HOST_URL
      -Dsonar.login=$SONAR_LOGIN

code_quality_report:
  extends:
    - .sonar_scan_template
    - .rules:protected
  allow_failure: true  # it's using exit code to indicate the code analysis result,
                       # we don't want to block ci when critical issues founded
  script:
    - sonar-scanner
      -Dsonar.branch.name=$CI_COMMIT_REF_NAME
      -Dsonar.cxx.clangtidy.reportPath=$REPORT_PATTERN
      -Dsonar.exclusions=$EXCLUSIONS
      -Dsonar.gitlab.commit_sha=$PIPELINE_COMMIT_SHA
      -Dsonar.gitlab.ref_name=$CI_COMMIT_REF_NAME
      -Dsonar.host.url=$SONAR_HOST_URL
      -Dsonar.login=$SONAR_LOGIN