Skip to content

ci: Add static analysis jobs

This requires extra effort on the part of maintainers, and is therefore disabled by default. To activate these jobs, you need to add the CI/CD variables GCC_ANALYZER and/or SCAN_BUILD to each project.

These static analysis tools are quite prone to false positives, so for these jobs to be useful, it seems the right approach is to not allow them to fail and maintain false positive files (otherwise we risk getting used to seeing them fail and simply not paying attention). How to fill in these files is indicated in the comments.

As we only change software versions every two years in CI, the extra maintenance effort should be quite small though, once the first warnings have been fixed or ignored. The fact remains, however, that their analysis can be more tortuous and time-consuming than that of simple compiler warnings.

Also, the list of warnings not to be turned into errors for the gcc analyzer will need to be updated every time we change version, i.e. again every two years (otherwise the build-gcc job is likely to fail when checking the compiler during configuration).

Depends-on: !109 (closed)
Closes: #51 (closed)

Merge request reports