ci: add GitHub Actions workflow for clang-format.

[ipapadop]

No description provided.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[qodo-code-review]

Review Summary by Qodo

Add GitHub Actions workflow for automated clang-format

✨ Enhancement

Walkthroughs

Description

• Adds GitHub Actions workflow for automated code formatting
• Installs and runs clang-format-22 on C++ source files
• Automatically commits formatting changes to pull requests

Diagram

flowchart LR
  PR["Pull Request Triggered"]
  CHECKOUT["Checkout Repository"]
  INSTALL["Install clang-format-22"]
  FORMAT["Run clang-format on C++ files"]
  COMMIT["Auto-commit formatting changes"]
  PR -- "on: pull_request" --> CHECKOUT
  CHECKOUT --> INSTALL
  INSTALL --> FORMAT
  FORMAT --> COMMIT

Loading

File Changes

1. .github/workflows/clang-format.yml ⚙️ Configuration changes +32/-0

GitHub Actions workflow for clang-format automation

• Creates new GitHub Actions workflow triggered on pull requests
• Installs clang-format-22 via apt-get on Ubuntu runner
• Runs clang-format-22 on all C++ files in include, examples, and test directories
• Automatically commits and pushes formatting changes using git-auto-commit-action

.github/workflows/clang-format.yml

---

[qodo-code-review]

Code Review by Qodo

🐞 Bugs (4) 📘 Rule violations (0) 📎 Requirement gaps (0)

1. Fork PR checkout fails ☑ 🐞 Bug ⛯ Reliability

Description

The workflow checks out ${{ github.head_ref }} (branch name only) and later pushes to the same
name, which will fail for fork-based pull requests because that branch does not exist in the base
repository (and cannot be pushed to), breaking the job for external contributors.

Code

.github/workflows/clang-format.yml[R12-16]

+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref }}
+

Evidence

The workflow explicitly checks out ref: github.head_ref and later targets `branch:
github.head_ref`, tying both checkout and push to a branch name without qualifying the PR head
repository; this pattern is incompatible with fork PRs where the head branch lives in a different
repo namespace.

.github/workflows/clang-format.yml[12-16]
.github/workflows/clang-format.yml[26-32]
Best Practice: GitHub Actions docs (pull_request context & fork behavior)

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow uses `${{ github.head_ref }}` for checkout and push. For fork-based PRs, that branch name does not exist in the base repository, so checkout/push will fail.
### Issue Context
This workflow runs on `pull_request` and attempts to commit changes back to the PR branch.
### Fix Focus Areas
- .github/workflows/clang-format.yml[3-32]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

2. Missing contents write permission 🐞 Bug ⛨ Security

Description

The workflow pushes commits via git-auto-commit-action but does not declare `permissions:
contents: write, so it will fail in repositories configured with read-only default GITHUB_TOKEN`
permissions.

Code

.github/workflows/clang-format.yml[R26-32]

+    - name: Commit and push changes
+      uses: stefanzweifel/git-auto-commit-action@v5
+      with:
+        commit_message: "style: apply clang-format-22"
+        commit_user_name: "github-actions[bot]"
+        commit_user_email: "github-actions[bot]@users.noreply.github.com"
+        branch: ${{ github.head_ref }}

Evidence

A push requires write access to repository contents; the workflow defines a push step but has no
explicit permissions block, so behavior depends on repository/org defaults and can break under
read-only defaults.

.github/workflows/clang-format.yml[1-32]
Best Practice: GitHub Actions docs (GITHUB_TOKEN permissions)

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow performs a commit+push but does not declare `permissions: contents: write`, which can cause authorization failures when default token permissions are read-only.
### Issue Context
`stefanzweifel/git-auto-commit-action` needs to push to the repository.
### Fix Focus Areas
- .github/workflows/clang-format.yml[1-32]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

3. Self-triggering push races 🐞 Bug ⛯ Reliability

Description

Because the workflow runs on pull_request and pushes commits back to the PR branch, it can
re-trigger itself and run concurrently on the same ref, causing non-fast-forward push failures or
redundant CI load.

Code

.github/workflows/clang-format.yml[R3-5]

+on:
+  pull_request:
+

Evidence

The trigger is pull_request, and the workflow includes a push back to the PR branch; this
combination naturally re-emits PR synchronize events and can overlap without concurrency/loop
guards.

.github/workflows/clang-format.yml[3-5]
.github/workflows/clang-format.yml[26-32]
Best Practice: GitHub Actions best practices (concurrency / avoiding workflow loops)

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
The workflow can re-trigger itself by pushing to the PR branch on a `pull_request` trigger, and can overlap without concurrency controls.
### Issue Context
A formatting commit updates the PR head branch, which can emit additional PR synchronize events.
### Fix Focus Areas
- .github/workflows/clang-format.yml[3-5]
- .github/workflows/clang-format.yml[26-32]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

4. Unpinned runner dependency ☑ 🐞 Bug ⛯ Reliability

Description

The workflow uses runs-on: ubuntu-latest and installs a specific package name (clang-format-22),
making the job sensitive to runner image changes and Ubuntu repository/package naming changes over
time.

Code

.github/workflows/clang-format.yml[R9-21]

+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        ref: ${{ github.head_ref }}
+
+    - name: Install clang-format-22
+      run: |
+        sudo apt-get update
+        sudo DEBIAN_FRONTEND=noninteractive apt-get install -y clang-format-22
+

Evidence

The workflow pins neither the runner OS version nor the clang-format distribution source beyond an
apt package name, which increases maintenance risk when ubuntu-latest advances.

.github/workflows/clang-format.yml[9-10]
.github/workflows/clang-format.yml[17-21]
Best Practice: CI stability best practices

Agent prompt

The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
Using `ubuntu-latest` plus a specific apt package name increases the chance CI breaks when runner images or apt repositories change.
### Issue Context
This workflow is intended to run on every PR, so stability matters.
### Fix Focus Areas
- .github/workflows/clang-format.yml[9-21]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools

---

ⓘ The new review experience is currently in Beta. Learn more