[libgweather/ebassi/gtk4: 51/56] ci: Add (fallible) static analysis and asan jobs

[Emmanuele Bassi <ebassi src gnome org>]

commit 7610e26c3b1a2ce9bc5d686a05e223a8f6d089b1
Author: Emmanuele Bassi <ebassi gnome org>
Date:   Tue Oct 12 18:20:28 2021 +0100

    ci: Add (fallible) static analysis and asan jobs
    
    Libgweather is a C library, and it's reading and parsing files, and
    poking at web services: we should really be doing some minimum safety
    checks that our code isn't just an exploit waiting to happen.
    
    For the time being, both jobs are marked to allow failure, with the
    explicit intent to lead us towards fixing the issues they find.

 .gitlab-ci.yml | 74 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 74 insertions(+)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 2d96b05d..c1d706f6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -134,6 +134,80 @@ abi-check:
     - meson compile -C _build
     - ./.ci/check-abi ${LAST_ABI_BREAK} $(git rev-parse HEAD)
 
+static-scan:
+  extends: .build-setup
+  stage: analysis
+  needs: []
+  variables:
+    PROJECT_DEPS:
+      clang
+      clang-analyzer
+      clang-tools-extra
+      geocode-glib-devel
+      gettext
+      git
+      gobject-introspection-devel
+      gtk3-devel
+      itstool
+      libsoup-devel
+      libxml2-devel
+      ninja-build
+      pylint
+      python3
+      python3-gobject
+      python3-pip
+      python3-wheel
+      redhat-rpm-config
+    MESON_VERSION: "0.55.3"
+    MESON_EXTRA_FLAGS: "--buildtype=debug -Dgtk_doc=false -Dintrospection=false"
+  script:
+    - meson setup --prefix /usr ${MESON_EXTRA_FLAGS} _scan_build .
+    - ninja -C _scan_build scan-build
+  artifacts:
+    name: "gweather-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
+    when: always
+    paths:
+      - "_scan_build/meson-logs/scanbuild"
+  allow_failure: true
+
+asan-build:
+  extends: .build-setup
+  stage: analysis
+  needs: []
+  variables:
+    PROJECT_DEPS:
+      clang
+      clang-analyzer
+      clang-tools-extra
+      geocode-glib-devel
+      gettext
+      git
+      gobject-introspection-devel
+      gtk3-devel
+      itstool
+      libasan
+      libsoup-devel
+      libxml2-devel
+      ninja-build
+      pylint
+      python3
+      python3-gobject
+      python3-pip
+      python3-wheel
+      redhat-rpm-config
+      vala
+    MESON_VERSION: "0.55.3"
+    MESON_EXTRA_FLAGS: "--buildtype=debugoptimized -Db_sanitize=address -Db_lundef=false 
-Dintrospection=false -Dgtk_doc=false"
+  script:
+    - CC=clang meson setup --prefix /usr ${MESON_EXTRA_FLAGS} _asan_build .
+    - meson compile -C _asan_build
+  artifacts:
+    name: "gweather-${CI_JOB_NAME}-${CI_COMMIT_REF_NAME}"
+    when: always
+    paths:
+      - "_asan_build/meson-logs"
+  allow_failure: true
+
 reference:
   stage: docs
   needs: []