Skip to content

Refactor the CI workflows#102

Open
lavrovvalera wants to merge 13 commits into
eclipse-score:mainfrom
lavrovvalera:vala_quality_jobs
Open

Refactor the CI workflows#102
lavrovvalera wants to merge 13 commits into
eclipse-score:mainfrom
lavrovvalera:vala_quality_jobs

Conversation

@lavrovvalera

@lavrovvalera lavrovvalera commented Jun 24, 2026

Copy link
Copy Markdown
Contributor

Integrate score_cpp_policies as central C++ quality tooling

Closes #12
Closes #42
Closes #43

Changes

score_cpp_policies integration

  • Added score_cpp_policies dep with git_override to pick up the clang_tidy package not yet released in the registry (v0.0.1)
  • Upgraded aspect_rules_lint 1.5.32.7.1 and added toolchains_llvm 1.7.0 (LLVM 19.1.7) as required by score_cpp_policies clang-tidy API
  • Created tools/lint/BUILD + tools/lint/linters.bzl wiring make_clang_tidy_aspect with the S-CORE baseline .clang-tidy
  • Added sanitizer (asan_ubsan_lsan) and clang-tidy config blocks to .bazelrc

New CI workflows

  • sanitizers.yml — runs ASan/UBSan/LSan on PRs and main; non-blocking until code is clean (closes Add sanitizer CI (ASAN/TSAN/UBSAN) #43)
  • clang-tidy.yml — runs clang-tidy via score_cpp_policies on PRs and main; non-blocking until violations are resolved (closes Add Clang-Tidy CI workflow #42)
  • codeql.yml — nightly CodeQL scan with MISRA C++ pack via the cicd-workflows reusable workflow
  • bzlmod-lock.yml — enforces that MODULE.bazel.lock is committed and up-to-date on every PR (eclipse-score/score#2628)

C++ clang-format enforcement

  • Added score_bazel_tools_cc 0.1.0 providing clang_format_aspect
  • Added --config=clang_format to .bazelrc and root BUILD config target
  • Added clang-format job to format.yml; non-blocking until existing violations are fixed (tracked in Fix C++ clang-format violations #103)
  • Uses eclipse-score/more-disk-space action to free runner disk before LLVM toolchain download (same as score_baselibs)

CI workflow quality improvements

  • Added --keep_going to clang-tidy, sanitizers, and build-linux to collect all failures rather than stopping at the first error; added --verbose_failures to build
  • Fixed broken/outdated action versions, excessive permissions, missing concurrency groups, stale triggers, and inconsistent runner pins across all existing workflows
  • Restored arm64 matrix build (time-x86_64-linux, time-arm64-linux) in build-linux.yml; added merge_group trigger for merge queue support
  • Renamed 6 workflow files from underscore_style to hyphen-style
  • Applied name: Group / Job convention to all workflows for visual grouping in GitHub Actions UI

Dependency updates (rebased onto upstream main)

  • All deps updated to SCORE v0.7 release versions (≥ upstream): score_baselibs 0.2.4→0.2.7, score_lifecycle_health 0.1.0→0.2.0, score_logging 0.1.0→0.2.1, score_bazel_platforms 0.0.4→0.1.2, score_bazel_cpp_toolchains 0.2.2→0.5.4, score_docs_as_code 3.0.0→4.5.0, etc.
  • Bazel updated 8.3.0→8.6.0
  • MODULE.bazel.lock regenerated and committed

Docs

  • Added Quick Start commands for: bazel mod tidy (lock file update), clang-format check/fix, clang-tidy, sanitizers

@github-actions

github-actions Bot commented Jun 24, 2026

Copy link
Copy Markdown

License Check Results

🚀 The license check job ran with the Bazel command:

bazel run //:license-check

Status: ⚠️ Needs Review

Click to expand output
[License Check Output]
Extracting Bazel installation...
Starting local Bazel server (8.6.0) and connecting to it...
INFO: Invocation ID: 233015a7-cbfd-4d53-96da-9fb5a8afa732
Computing main repo mapping: 
WARNING: /home/runner/work/time/time/MODULE.bazel:13:7: The attribute 'compatibility_level' in module() is a no-op and will be removed in a future Bazel release. Please remove it from your MODULE.bazel file.
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
Computing main repo mapping: 
Loading: 
Loading: 3 packages loaded
Loading: 3 packages loaded
    currently loading: 
Loading: 3 packages loaded
    currently loading: 
Loading: 3 packages loaded
    currently loading: 
Loading: 3 packages loaded
    currently loading: 
Analyzing: target //:license-check (4 packages loaded, 0 targets configured)
Analyzing: target //:license-check (4 packages loaded, 0 targets configured)

Analyzing: target //:license-check (25 packages loaded, 10 targets configured)

Analyzing: target //:license-check (85 packages loaded, 10 targets configured)

Analyzing: target //:license-check (140 packages loaded, 1605 targets configured)

Analyzing: target //:license-check (149 packages loaded, 5429 targets configured)

Analyzing: target //:license-check (159 packages loaded, 6390 targets configured)

Analyzing: target //:license-check (161 packages loaded, 8198 targets configured)

Analyzing: target //:license-check (161 packages loaded, 8198 targets configured)

Analyzing: target //:license-check (161 packages loaded, 8198 targets configured)

Analyzing: target //:license-check (164 packages loaded, 10086 targets configured)

Analyzing: target //:license-check (164 packages loaded, 10086 targets configured)

Analyzing: target //:license-check (165 packages loaded, 10210 targets configured)

INFO: Analyzed target //:license-check (166 packages loaded, 10336 targets configured).
[12 / 16] JavaToolchainCompileClasses external/rules_java+/toolchains/platformclasspath_classes; 0s disk-cache, processwrapper-sandbox ... (2 actions running)
INFO: From Generating Dash formatted dependency file ...:
INFO: Successfully converted 2 packages from Cargo.lock to bazel-out/k8-fastbuild/bin/formatted.txt
[14 / 16] JavaToolchainCompileBootClasspath external/rules_java+/toolchains/platformclasspath.jar; 0s disk-cache, processwrapper-sandbox
[15 / 16] Building license.check.license_check.jar (); 0s disk-cache, multiplex-worker
INFO: Found 1 target...
Target //:license.check.license_check up-to-date:
  bazel-bin/license.check.license_check
  bazel-bin/license.check.license_check.jar
INFO: Elapsed time: 27.707s, Critical Path: 2.59s
INFO: 16 processes: 12 internal, 3 processwrapper-sandbox, 1 worker.
INFO: Build completed successfully, 16 total actions
INFO: Running command line: bazel-bin/license.check.license_check ./formatted.txt <args omitted>
usage: org.eclipse.dash.licenses.cli.Main [-batch <int>] [-cd <url>]
       [-confidence <int>] [-ef <url>] [-excludeSources <sources>] [-help] [-lic
       <url>] [-project <shortname>] [-repo <url>] [-review] [-summary <file>]
       [-timeout <seconds>] [-token <token>]

@github-actions

Copy link
Copy Markdown

The created documentation from the pull request is available at: docu-html

MODULE.bazel.lock is gitignored; --lockfile_mode=error always fails on a
fresh checkout. Remove the flag to match how all other CI workflows run.

Also apply buildifier formatting to MODULE.bazel (3 missing blank lines).
- Add score_bazel_tools_cc 0.1.0 (dev_dependency) to MODULE.bazel
- Add python.single_version_override for 3.8.20 (required by
  score_bazel_tools_cc which registers Python 3.8 toolchains;
  rules_python 1.8.x removed 3.8 from default download list)
- Add clang_format_config BUILD target pointing to //:.clang-format
- Add build:clang_format config block to .bazelrc (uses LLVM toolchain
  so the clang-format binary is co-located with the C++ compiler)
- Add clang-format job to format.yml; non-blocking (continue-on-error)
  until existing violations in the codebase are resolved
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: In Progress

Development

Successfully merging this pull request may close these issues.

Add sanitizer CI (ASAN/TSAN/UBSAN) Add Clang-Tidy CI workflow Use the score_cpp_policies as central quality tooling

1 participant