[libgweather/ebassi/gtk4] ci: Add (fallible) static analysis and asan jobs

[Emmanuele Bassi <ebassi src gnome org>]

commit 3e3e6aaa20b3660aeb1355e164fc6a6c6f4cf25d
Author: Emmanuele Bassi <ebassi gnome org>
Date:   Tue Oct 12 18:20:28 2021 +0100

    ci: Add (fallible) static analysis and asan jobs
    
    Libgweather is a C library, and it's reading and parsing files, and
    poking at web services: we should really be doing some minimum safety
    checks that our code isn't just an exploit waiting to happen.
    
    For the time being, both jobs are marked to allow failure, with the
    explicit intent to lead us towards fixing the issues they find.

 .gitlab-ci.yml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2d96b05d..c1d706f6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -134,6 +134,80 @@ abi-check:
     - meson compile -C _build
     - ./.ci/check-abi ${LAST_ABI_BREAK} $(git rev-parse HEAD)
 
+static-scan:
+  extends: .build-setup
+  stage: analysis
+  needs: []
+  variables:
+    PROJECT_DEPS:
+      clang
+      clang-analyzer
+      clang-tools-extra
+      geocode-glib-devel
+      gettext
+      git
+      gobject-introspection-devel
+      gtk3-devel
+      itstool
+      libsoup-devel
+      libxml2-devel
+      ninja-build
+      pylint
+      python3
+      python3-gobject
+      python3-pip
+      python3-wheel
+      redhat-rpm-config
+    MESON_VERSION: "0.55.3"
+    MESON_EXTRA_FLAGS: "--buildtype=debug -Dgtk_doc=false -Dintrospection=false"
+  script:
+    - meson setup --prefix /usr ${MESON_EXTRA_FLAGS} _scan_build .
+    - ninja -C _scan_build scan-build
+  artifacts:
+    name: "gweather-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
+    when: always
+    paths:
+      - "_scan_build/meson-logs/scanbuild"
+  allow_failure: true
+
+asan-build:
+  extends: .build-setup
+  stage: analysis
+  needs: []
+  variables:
+    PROJECT_DEPS:
+      clang
+      clang-analyzer
+      clang-tools-extra
+      geocode-glib-devel
+      gettext
+      git
+      gobject-introspection-devel
+      gtk3-devel
+      itstool
+      libasan
+      libsoup-devel
+      libxml2-devel
+      ninja-build
+      pylint
+      python3
+      python3-gobject
+      python3-pip
+      python3-wheel
+      redhat-rpm-config
+      vala
+    MESON_VERSION: "0.55.3"
+    MESON_EXTRA_FLAGS: "--buildtype=debugoptimized -Db_sanitize=address -Db_lundef=false 
-Dintrospection=false -Dgtk_doc=false"
+  script:
+    - CC=clang meson setup --prefix /usr ${MESON_EXTRA_FLAGS} _asan_build .
+    - meson compile -C _asan_build
+  artifacts:
+    name: "gweather-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
+    when: always
+    paths:
+      - "_asan_build/meson-logs"
+  allow_failure: true
+
 reference:
   stage: docs
   needs: []