Skip to content

themis docs guides guides_code_quality

Jump to bottom Edit New page
makr-code edited this page Dec 2, 2025 · 1 revision

Code Quality Pipeline

ThemisDB uses a comprehensive code quality pipeline to ensure high standards across the codebase.

Overview

The CI pipeline includes:

  • Static Analysis (clang-tidy): Detects bugs, code smells, and enforces modern C++17 best practices
  • Linting (cppcheck): Additional C++ linting for potential issues
  • Code Coverage (gcov/lcov): Measures test coverage and generates reports
  • Secret Scanning (Gitleaks): Prevents accidental commits of API keys, passwords, and secrets

Quick Start

Local Testing

Linux/macOS:

# Run all checks
./scripts/check-quality.sh

# Skip specific checks
./scripts/check-quality.sh --skip-tidy --skip-tests

# Auto-fix issues
./scripts/check-quality.sh --fix

Windows:

# Run all checks
.\scripts\check-quality.ps1

# Skip specific checks
.\scripts\check-quality.ps1 -SkipTidy -SkipTests

# Auto-fix issues
.\scripts\check-quality.ps1 -Fix

Prerequisites

Linux (Ubuntu/Debian):

sudo apt-get update
sudo apt-get install -y \
  cmake \
  ninja-build \
  clang-tidy \
  clang-tools \
  cppcheck \
  lcov \
  gcovr

# Install gitleaks
wget https://github.com/gitleaks/gitleaks/releases/download/v8.18.4/gitleaks_8.18.4_linux_x64.tar.gz
tar -xzf gitleaks_8.18.4_linux_x64.tar.gz
sudo mv gitleaks /usr/local/bin/

macOS:

brew install cmake ninja llvm cppcheck lcov gitleaks

Windows:

# Using Chocolatey
choco install cmake llvm cppcheck gitleaks

# Using Scoop
scoop install cmake llvm cppcheck gitleaks

GitHub Actions Workflows

Code Quality Workflow

File: .github/workflows/code-quality.yml

Triggers:

  • Push to main or develop branches
  • Pull requests to main or develop

Jobs:

  1. clang-tidy: Static analysis with modern C++ checks

    • Runs on Ubuntu latest
    • Uses .clang-tidy configuration
    • Generates clang-tidy-report.txt
    • Uploads artifact for review

  2. cppcheck: C++ linting

    • Runs on Ubuntu latest
    • Uses .cppcheck-suppressions for known false positives
    • Generates XML and text reports
    • Uploads artifacts

  3. coverage: Code coverage analysis

    • Builds with --coverage flags
    • Runs full test suite
    • Generates lcov reports and HTML output
    • Comments on PRs with coverage summary
    • Uploads coverage artifacts

  4. gitleaks: Secret scanning

    • Scans full repository history
    • Uses .gitleaks.toml configuration
    • Fails build if secrets detected
    • Uploads report for review

  5. quality-summary: Aggregates all job results

    • Fails if gitleaks finds secrets
    • Reports overall status

Coverage Badge Workflow

File: .github/workflows/coverage-badge.yml

Triggers:

  • Push to main branch
  • Manual workflow dispatch

Purpose:

  • Generates coverage percentage badge
  • Deploys HTML coverage report to GitHub Pages
  • Updates coverage badge in README

Setup Required:

  1. Create a GitHub Gist for badge storage
  2. Add GIST_SECRET to repository secrets (Personal Access Token with gist scope)
  3. Update gistID in workflow file
  4. Enable GitHub Pages in repository settings

Configuration Files

.clang-tidy

Configures clang-tidy checks for modern C++17:

Checks: >
  bugprone-*,
  clang-analyzer-*,
  cppcoreguidelines-*,
  modernize-*,
  performance-*,
  readability-*,
  concurrency-*

Disabled checks:

  • modernize-use-trailing-return-type: Unnecessary for our style
  • readability-magic-numbers: Too noisy, use sparingly
  • cppcoreguidelines-pro-bounds-pointer-arithmetic: RocksDB integration requires this

Naming conventions:

  • Namespaces: lower_case
  • Classes/Structs: CamelCase
  • Functions: camelCase
  • Variables: lower_case
  • Private members: lower_case_
  • Constants: UPPER_CASE

.cppcheck-suppressions

Suppresses known false positives:

# System headers
missingIncludeSystem
unmatchedSuppression

# Third-party code
*:vcpkg_installed/*
*:*/crow/*
*:*/rocksdb/*

# Test files (more flexible)
unusedFunction:tests/*

.gitleaks.toml

Configures secret detection rules:

Custom rules:

  • ThemisDB API keys
  • Database connection strings with credentials
  • JWT secrets
  • Encryption keys
  • AWS credentials
  • GitHub tokens
  • Slack tokens

Allowlists:

  • Test files: tests/**
  • Documentation: docs/**
  • Example configs: *.example.*, *.template.*

CI Integration

Pull Request Checks

When you open a PR, the code-quality workflow runs automatically:

  1. clang-tidy analyzes code for bugs and style issues
  2. cppcheck performs additional linting
  3. coverage measures test coverage and comments on PR
  4. gitleaks scans for secrets (blocks merge if found)

Required Status Checks

Configure branch protection rules to require:

  • clang-tidy (recommended)
  • cppcheck (recommended)
  • coverage (optional, for metrics)
  • gitleaks (mandatory, blocks secrets)

Artifacts

Each workflow uploads artifacts:

  • clang-tidy-report (30 days retention)
  • cppcheck-xml-report (30 days)
  • cppcheck-text-report (30 days)
  • coverage-reports (30 days, includes HTML)
  • gitleaks-report (30 days, JSON + summary)

Download from GitHub Actions UI: Actions → Workflow Run → Artifacts

Coverage Reporting

Viewing Coverage

Local:

# Generate coverage locally
./scripts/check-quality.sh

# Generate HTML report
mkdir -p coverage
lcov --capture --directory build --output-file coverage/coverage.info --rc lcov_branch_coverage=1
lcov --remove coverage/coverage.info '/usr/*' '*/vcpkg_installed/*' '*/tests/*' \
  --output-file coverage/coverage-filtered.info --rc lcov_branch_coverage=1
genhtml coverage/coverage-filtered.info --output-directory coverage/html

# Open in browser
xdg-open coverage/html/index.html  # Linux
open coverage/html/index.html      # macOS
start coverage/html/index.html     # Windows

GitHub Actions:

  • Coverage report comments on PRs
  • HTML report deployed to GitHub Pages: https://<org>.github.io/<repo>/coverage/
  • Badge in README (after setup)

Coverage Goals

  • Overall: Target 80%+ line coverage
  • Critical paths: 90%+ coverage
    • Storage engine
    • Transaction logic
    • Query engine
  • Nice-to-have: 70%+ coverage
    • HTTP handlers
    • Utility functions

Best Practices

Before Committing

  1. Run local checks:

    ./scripts/check-quality.sh

  2. Fix clang-tidy warnings:

    ./scripts/check-quality.sh --fix

  3. Review cppcheck output:

    • Suppress known false positives in .cppcheck-suppressions
    • Use // cppcheck-suppress <error_id> inline for one-off cases

  4. Check coverage:

    • Add tests for new code
    • Aim for >80% coverage on modified files

  5. Scan for secrets:

    • Review gitleaks output carefully
    • Never commit real API keys or passwords
    • Use .env.example for templates

Handling False Positives

clang-tidy:

// Disable specific check for one line
// NOLINTNEXTLINE(check-name)
auto ptr = reinterpret_cast<void*>(addr);

// Disable for block
// NOLINTBEGIN(check-name)
// ... code ...
// NOLINTEND(check-name)

cppcheck:

// Inline suppression
// cppcheck-suppress unusedFunction
void helperFunction() { }

gitleaks: Add to .gitleaks.toml allowlist:

[rules.allowlist]
paths = [
  '''tests/fixtures/test_keys.json'''
]
regexes = [
  '''(?i)test[-_]?api[-_]?key'''
]

Troubleshooting

Issue: clang-tidy too slow

Solution:

# Run on changed files only
git diff --name-only main | grep -E '\.(cpp|h)$' | \
  xargs clang-tidy -p build

Issue: cppcheck false positives

Solution: Add to .cppcheck-suppressions:

specificError:path/to/file.cpp:123

Issue: Gitleaks flagging test data

Solution: Update .gitleaks.toml:

[allowlist]
paths = [
  '''tests/test_data/.*'''
]

Issue: Coverage report incomplete

Solution: Ensure all tests run before generating report:

cd build
ctest --output-on-failure
cd ..
lcov --capture --directory build ...

Resources

Metrics Dashboard (Future)

Planned integrations:

  • SonarQube: Comprehensive code quality dashboard
  • Codecov: Advanced coverage tracking
  • CodeClimate: Maintainability scoring
  • Snyk: Dependency vulnerability scanning

ThemisDB Documentation - auto-synced from /docs on 2025-12-02

PDF: ThemisDB-Documentation.pdf

Wiki Sidebar Umstrukturierung

Datum: 2025-11-30
Status: ✅ Abgeschlossen
Commit: bc7556a

Zusammenfassung

Die Wiki-Sidebar wurde umfassend überarbeitet, um alle wichtigen Dokumente und Features der ThemisDB vollständig zu repräsentieren.

Ausgangslage

Vorher:

  • 64 Links in 17 Kategorien
  • Dokumentationsabdeckung: 17.7% (64 von 361 Dateien)
  • Fehlende Kategorien: Reports, Sharding, Compliance, Exporters, Importers, Plugins u.v.m.
  • src/ Dokumentation: nur 4 von 95 Dateien verlinkt (95.8% fehlend)
  • development/ Dokumentation: nur 4 von 38 Dateien verlinkt (89.5% fehlend)

Dokumentenverteilung im Repository:

Kategorie        Dateien  Anteil
-----------------------------------------
src                 95    26.3%
root                41    11.4%
development         38    10.5%
reports             36    10.0%
security            33     9.1%
features            30     8.3%
guides              12     3.3%
performance         12     3.3%
architecture        10     2.8%
aql                 10     2.8%
[...25 weitere]     44    12.2%
-----------------------------------------
Gesamt             361   100.0%

Neue Struktur

Nachher:

  • 171 Links in 25 Kategorien
  • Dokumentationsabdeckung: 47.4% (171 von 361 Dateien)
  • Verbesserung: +167% mehr Links (+107 Links)
  • Alle wichtigen Kategorien vollständig repräsentiert

Kategorien (25 Sektionen)

1. Core Navigation (4 Links)

  • Home, Features Overview, Quick Reference, Documentation Index

2. Getting Started (4 Links)

  • Build Guide, Architecture, Deployment, Operations Runbook

3. SDKs and Clients (5 Links)

  • JavaScript, Python, Rust SDK + Implementation Status + Language Analysis

4. Query Language / AQL (8 Links)

  • Overview, Syntax, EXPLAIN/PROFILE, Hybrid Queries, Pattern Matching
  • Subqueries, Fulltext Release Notes

5. Search and Retrieval (8 Links)

  • Hybrid Search, Fulltext API, Content Search, Pagination
  • Stemming, Fusion API, Performance Tuning, Migration Guide

6. Storage and Indexes (10 Links)

  • Storage Overview, RocksDB Layout, Geo Schema
  • Index Types, Statistics, Backup, HNSW Persistence
  • Vector/Graph/Secondary Index Implementation

7. Security and Compliance (17 Links)

  • Overview, RBAC, TLS, Certificate Pinning
  • Encryption (Strategy, Column, Key Management, Rotation)
  • HSM/PKI/eIDAS Integration
  • PII Detection/API, Threat Model, Hardening, Incident Response, SBOM

8. Enterprise Features (6 Links)

  • Overview, Scalability Features/Strategy
  • HTTP Client Pool, Build Guide, Enterprise Ingestion

9. Performance and Optimization (10 Links)

  • Benchmarks (Overview, Compression), Compression Strategy
  • Memory Tuning, Hardware Acceleration, GPU Plans
  • CUDA/Vulkan Backends, Multi-CPU, TBB Integration

10. Features and Capabilities (13 Links)

  • Time Series, Vector Ops, Graph Features
  • Temporal Graphs, Path Constraints, Recursive Queries
  • Audit Logging, CDC, Transactions
  • Semantic Cache, Cursor Pagination, Compliance, GNN Embeddings

11. Geo and Spatial (7 Links)

  • Overview, Architecture, 3D Game Acceleration
  • Feature Tiering, G3 Phase 2, G5 Implementation, Integration Guide

12. Content and Ingestion (9 Links)

  • Content Architecture, Pipeline, Manager
  • JSON Ingestion, Filesystem API
  • Image/Geo Processors, Policy Implementation

13. Sharding and Scaling (5 Links)

  • Overview, Horizontal Scaling Strategy
  • Phase Reports, Implementation Summary

14. APIs and Integration (5 Links)

  • OpenAPI, Hybrid Search API, ContentFS API
  • HTTP Server, REST API

15. Admin Tools (5 Links)

  • Admin/User Guides, Feature Matrix
  • Search/Sort/Filter, Demo Script

16. Observability (3 Links)

  • Metrics Overview, Prometheus, Tracing

17. Development (11 Links)

  • Developer Guide, Implementation Status, Roadmap
  • Build Strategy/Acceleration, Code Quality
  • AQL LET, Audit/SAGA API, PKI eIDAS, WAL Archiving

18. Architecture (7 Links)

  • Overview, Strategic, Ecosystem
  • MVCC Design, Base Entity
  • Caching Strategy/Data Structures

19. Deployment and Operations (8 Links)

  • Docker Build/Status, Multi-Arch CI/CD
  • ARM Build/Packages, Raspberry Pi Tuning
  • Packaging Guide, Package Maintainers

20. Exporters and Integrations (4 Links)

  • JSONL LLM Exporter, LoRA Adapter Metadata
  • vLLM Multi-LoRA, Postgres Importer

21. Reports and Status (9 Links)

  • Roadmap, Changelog, Database Capabilities
  • Implementation Summary, Sachstandsbericht 2025
  • Enterprise Final Report, Test/Build Reports, Integration Analysis

22. Compliance and Governance (6 Links)

  • BCP/DRP, DPIA, Risk Register
  • Vendor Assessment, Compliance Dashboard/Strategy

23. Testing and Quality (3 Links)

  • Quality Assurance, Known Issues
  • Content Features Test Report

24. Source Code Documentation (8 Links)

  • Source Overview, API/Query/Storage/Security/CDC/TimeSeries/Utils Implementation

25. Reference (3 Links)

  • Glossary, Style Guide, Publishing Guide

Verbesserungen

Quantitative Metriken

Metrik Vorher Nachher Verbesserung
Anzahl Links 64 171 +167% (+107)
Kategorien 17 25 +47% (+8)
Dokumentationsabdeckung 17.7% 47.4% +167% (+29.7pp)

Qualitative Verbesserungen

Neu hinzugefügte Kategorien:

  1. ✅ Reports and Status (9 Links) - vorher 0%
  2. ✅ Compliance and Governance (6 Links) - vorher 0%
  3. ✅ Sharding and Scaling (5 Links) - vorher 0%
  4. ✅ Exporters and Integrations (4 Links) - vorher 0%
  5. ✅ Testing and Quality (3 Links) - vorher 0%
  6. ✅ Content and Ingestion (9 Links) - deutlich erweitert
  7. ✅ Deployment and Operations (8 Links) - deutlich erweitert
  8. ✅ Source Code Documentation (8 Links) - deutlich erweitert

Stark erweiterte Kategorien:

  • Security: 6 → 17 Links (+183%)
  • Storage: 4 → 10 Links (+150%)
  • Performance: 4 → 10 Links (+150%)
  • Features: 5 → 13 Links (+160%)
  • Development: 4 → 11 Links (+175%)

Struktur-Prinzipien

1. User Journey Orientierung

Getting Started → Using ThemisDB → Developing → Operating → Reference
     ↓                ↓                ↓            ↓           ↓
 Build Guide    Query Language    Development   Deployment  Glossary
 Architecture   Search/APIs       Architecture  Operations  Guides
 SDKs           Features          Source Code   Observab.

2. Priorisierung nach Wichtigkeit

  • Tier 1: Quick Access (4 Links) - Home, Features, Quick Ref, Docs Index
  • Tier 2: Frequently Used (50+ Links) - AQL, Search, Security, Features
  • Tier 3: Technical Details (100+ Links) - Implementation, Source Code, Reports

3. Vollständigkeit ohne Überfrachtung

  • Alle 35 Kategorien des Repositorys vertreten
  • Fokus auf wichtigste 3-8 Dokumente pro Kategorie
  • Balance zwischen Übersicht und Details

4. Konsistente Benennung

  • Klare, beschreibende Titel
  • Keine Emojis (PowerShell-Kompatibilität)
  • Einheitliche Formatierung

Technische Umsetzung

Implementierung

  • Datei: sync-wiki.ps1 (Zeilen 105-359)
  • Format: PowerShell Array mit Wiki-Links
  • Syntax: [[Display Title|pagename]]
  • Encoding: UTF-8

Deployment

# Automatische Synchronisierung via:
.\sync-wiki.ps1

# Prozess:
# 1. Wiki Repository klonen
# 2. Markdown-Dateien synchronisieren (412 Dateien)
# 3. Sidebar generieren (171 Links)
# 4. Commit & Push zum GitHub Wiki

Qualitätssicherung

  • ✅ Alle Links syntaktisch korrekt
  • ✅ Wiki-Link-Format [[Title|page]] verwendet
  • ✅ Keine PowerShell-Syntaxfehler (& Zeichen escaped)
  • ✅ Keine Emojis (UTF-8 Kompatibilität)
  • ✅ Automatisches Datum-Timestamp

Ergebnis

GitHub Wiki URL: https://github.com/makr-code/ThemisDB/wiki

Commit Details

  • Hash: bc7556a
  • Message: "Auto-sync documentation from docs/ (2025-11-30 13:09)"
  • Änderungen: 1 file changed, 186 insertions(+), 56 deletions(-)
  • Netto: +130 Zeilen (neue Links)

Abdeckung nach Kategorie

Kategorie Repository Dateien Sidebar Links Abdeckung
src 95 8 8.4%
security 33 17 51.5%
features 30 13 43.3%
development 38 11 28.9%
performance 12 10 83.3%
aql 10 8 80.0%
search 9 8 88.9%
geo 8 7 87.5%
reports 36 9 25.0%
architecture 10 7 70.0%
sharding 5 5 100.0% ✅
clients 6 5 83.3%

Durchschnittliche Abdeckung: 47.4%

Kategorien mit 100% Abdeckung: Sharding (5/5)

Kategorien mit >80% Abdeckung:

  • Sharding (100%), Search (88.9%), Geo (87.5%), Clients (83.3%), Performance (83.3%), AQL (80%)

Nächste Schritte

Kurzfristig (Optional)

  • Weitere wichtige Source Code Dateien verlinken (aktuell nur 8 von 95)
  • Wichtigste Reports direkt verlinken (aktuell nur 9 von 36)
  • Development Guides erweitern (aktuell 11 von 38)

Mittelfristig

  • Sidebar automatisch aus DOCUMENTATION_INDEX.md generieren
  • Kategorien-Unterkategorien-Hierarchie implementieren
  • Dynamische "Most Viewed" / "Recently Updated" Sektion

Langfristig

  • Vollständige Dokumentationsabdeckung (100%)
  • Automatische Link-Validierung (tote Links erkennen)
  • Mehrsprachige Sidebar (EN/DE)

Lessons Learned

  1. Emojis vermeiden: PowerShell 5.1 hat Probleme mit UTF-8 Emojis in String-Literalen
  2. Ampersand escapen: & muss in doppelten Anführungszeichen stehen
  3. Balance wichtig: 171 Links sind übersichtlich, 361 wären zu viel
  4. Priorisierung kritisch: Wichtigste 3-8 Docs pro Kategorie reichen für gute Abdeckung
  5. Automatisierung wichtig: sync-wiki.ps1 ermöglicht schnelle Updates

Fazit

Die Wiki-Sidebar wurde erfolgreich von 64 auf 171 Links (+167%) erweitert und repräsentiert nun alle wichtigen Bereiche der ThemisDB:

Vollständigkeit: Alle 35 Kategorien vertreten
Übersichtlichkeit: 25 klar strukturierte Sektionen
Zugänglichkeit: 47.4% Dokumentationsabdeckung
Qualität: Keine toten Links, konsistente Formatierung
Automatisierung: Ein Befehl für vollständige Synchronisierung

Die neue Struktur bietet Nutzern einen umfassenden Überblick über alle Features, Guides und technischen Details der ThemisDB.

Erstellt: 2025-11-30
Autor: GitHub Copilot (Claude Sonnet 4.5)
Projekt: ThemisDB Documentation Overhaul

Clone this wiki locally