From 4502b196e41b5ec5d49da267f823331b7d08b903 Mon Sep 17 00:00:00 2001
From: Thiago Silva <82097354+thsfs@users.noreply.github.com>
Date: Tue, 18 Jan 2022 15:54:15 -0300
Subject: [PATCH] Adds the code-inspector script (#3675)

* Adds the code-inspector script
* Sets the code-inspector to run together with the others GitHub Analyzers
* Removes code inspection from build-travis and refactors code-inspector so it can be reused
---
 .github/workflows/analyzers.yml |  8 ++++++++
 ci/build-travis.sh              | 19 ++-----------------
 ci/code-inspector-check.sh      | 17 +++++++++++++++++
 ci/impl/code-inspector.sh       | 33 +++++++++++++++++++++++++++++++++
 4 files changed, 60 insertions(+), 17 deletions(-)
 create mode 100755 ci/code-inspector-check.sh
 create mode 100644 ci/impl/code-inspector.sh

diff --git a/.github/workflows/analyzers.yml b/.github/workflows/analyzers.yml
index cea239a8..90cc1953 100644
--- a/.github/workflows/analyzers.yml
+++ b/.github/workflows/analyzers.yml
@@ -30,3 +30,11 @@ jobs:
             cmake-format
       - name: Check cmake-format
         run: ci/cmake-format-check.sh
+
+  code_inspector:
+    runs-on: ubuntu-20.04
+    if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository
+    steps:
+      - uses: actions/checkout@50fbc622fc4ef5163becd7fab6573eac35f8462e
+      - name: Run code-inspector
+        run: ci/code-inspector-check.sh
diff --git a/ci/build-travis.sh b/ci/build-travis.sh
index 7b2f2256..2c879402 100755
--- a/ci/build-travis.sh
+++ b/ci/build-travis.sh
@@ -7,24 +7,9 @@ set -o nounset
 set -o xtrace
 OS=$(uname)
 
-# This is to prevent out of scope access in async_write from asio which is not picked up by static analysers
-if [[ $(grep -rl --exclude="*asio.hpp" "asio::async_write" ./nano) ]]; then
-    echo "Using boost::asio::async_write directly is not permitted (except in nano/lib/asio.hpp). Use nano::async_write instead"
-    exit 1
-fi
+source "$(dirname "$BASH_SOURCE")/impl/code-inspector.sh"
+code_inspect "${ROOTPATH:-.}"
 
-# prevent unsolicited use of std::lock_guard, std::unique_lock, std::condition_variable & std::mutex outside of allowed areas
-if [[ $(grep -rl --exclude={"*random_pool.cpp","*random_pool.hpp","*random_pool_shuffle.hpp","*locks.hpp","*locks.cpp"} "std::unique_lock\|std::lock_guard\|std::condition_variable\|std::mutex" ./nano) ]]; then
-    echo "Using std::unique_lock, std::lock_guard, std::condition_variable or std::mutex is not permitted (except in nano/lib/locks.hpp and non-nano dependent libraries). Use the nano::* versions instead"
-    exit 1
-fi
-
-if [[ $(grep -rlP "^\s*assert \(" ./nano) ]]; then
-    echo "Using assert is not permitted. Use debug_assert instead."
-    exit 1
-fi
-
-# prevent unsolicited use of std::lock_guard & std::unique_lock outside of allowed areas
 mkdir build
 pushd build
 
diff --git a/ci/code-inspector-check.sh b/ci/code-inspector-check.sh
new file mode 100755
index 00000000..a1f50e4c
--- /dev/null
+++ b/ci/code-inspector-check.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+
+###################################################################################################
+
+source "$(dirname "$BASH_SOURCE")/impl/common.sh"
+source "$(dirname "$BASH_SOURCE")/impl/code-inspector.sh"
+
+###################################################################################################
+
+set -o errexit
+set -o nounset
+
+code_inspect "${ROOTPATH:-.}"
+
+echo "code-inspector check passed"
+
+###################################################################################################
diff --git a/ci/impl/code-inspector.sh b/ci/impl/code-inspector.sh
new file mode 100644
index 00000000..d0f18fae
--- /dev/null
+++ b/ci/impl/code-inspector.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+
+###################################################################################################
+
+code_inspect()
+{
+    local SOURCE_ROOT_PATH=$1
+    if [[ $SOURCE_ROOT_PATH == "" ]]; then
+        echo "Missing the source code path" >&2
+        return 1
+    fi
+
+    # This is to prevent out of scope access in async_write from asio which is not picked up by static analysers
+    if [[ $(grep -rl --exclude="*asio.hpp" "asio::async_write" $SOURCE_ROOT_PATH/nano) ]]; then
+        echo "Using boost::asio::async_write directly is not permitted (except in nano/lib/asio.hpp). Use nano::async_write instead" >&2
+        return 1
+    fi
+
+    # prevent unsolicited use of std::lock_guard, std::unique_lock, std::condition_variable & std::mutex outside of allowed areas
+    if [[ $(grep -rl --exclude={"*random_pool.cpp","*random_pool.hpp","*random_pool_shuffle.hpp","*locks.hpp","*locks.cpp"} "std::unique_lock\|std::lock_guard\|std::condition_variable\|std::mutex" $SOURCE_ROOT_PATH/nano) ]]; then
+        echo "Using std::unique_lock, std::lock_guard, std::condition_variable or std::mutex is not permitted (except in nano/lib/locks.hpp and non-nano dependent libraries). Use the nano::* versions instead" >&2
+        return 1
+    fi
+
+    if [[ $(grep -rlP "^\s*assert \(" $SOURCE_ROOT_PATH/nano) ]]; then
+        echo "Using assert is not permitted. Use debug_assert instead." >&2
+        return 1
+    fi
+
+    return 0
+}
+
+###################################################################################################