Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions .bazelrc
Original file line number Diff line number Diff line change
Expand Up @@ -68,3 +68,46 @@ try-import %workspace%/user.bazelrc
coverage --features=coverage
coverage --combined_report=lcov
coverage --cache_test_results=no

# -------------------------------------------------------------------------------
# Sanitizer configurations — powered by score_cpp_policies
# -------------------------------------------------------------------------------

# Minimal debug info (-g1) for sanitizer stack traces; stripping disabled
build:with_debug_symbols --copt=-g1
build:with_debug_symbols --strip=never

# AddressSanitizer + UndefinedBehaviorSanitizer + LeakSanitizer (recommended)
build:asan_ubsan_lsan --config=with_debug_symbols
build:asan_ubsan_lsan --copt=-fsanitize=undefined,address,leak
build:asan_ubsan_lsan --linkopt=-fsanitize=undefined,address,leak
build:asan_ubsan_lsan --platform_suffix=asan_ubsan_lsan
build:asan_ubsan_lsan --@score_cpp_policies//sanitizers/flags:sanitizer=asan_ubsan_lsan
test:asan_ubsan_lsan --run_under=@score_cpp_policies//sanitizers:wrapper
test:asan_ubsan_lsan --test_tag_filters=-no-asan,-no-lsan,-no-ubsan
test:asan_ubsan_lsan --build_tests_only

# Convenience aliases (all resolve to asan_ubsan_lsan)
build:asan --config=asan_ubsan_lsan
build:ubsan --config=asan_ubsan_lsan
build:lsan --config=asan_ubsan_lsan

# -------------------------------------------------------------------------------
# C++ formatting — powered by score_bazel_tools_cc
# -------------------------------------------------------------------------------

# Run with: bazel build --config=clang_format //score/... //examples/...
build:clang_format --output_groups=clang_format_output
build:clang_format --aspects=@score_bazel_tools_cc//quality:defs.bzl%clang_format_aspect
build:clang_format --@score_bazel_tools_cc//quality:clang_format_config=//:clang_format_config
build:clang_format --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-linux

# -------------------------------------------------------------------------------
# Clang-tidy static analysis — powered by score_cpp_policies
# -------------------------------------------------------------------------------

# Run with: bazel test --config=clang-tidy //score/...
# The LLVM toolchain is used only for the clang-tidy binary; normal builds use GCC.
test:clang-tidy --aspects=//tools/lint:linters.bzl%clang_tidy_aspect
test:clang-tidy --output_groups=+rules_lint_report
test:clang-tidy --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-linux
Original file line number Diff line number Diff line change
Expand Up @@ -10,24 +10,33 @@
#
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************
name: Bazel Build
name: Build / Linux

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

on:
pull_request:
types: [opened, reopened, synchronize]
push:
branches:
- main
merge_group:
types: [checks_requested]
workflow_call:
jobs:
build:
runs-on: ubuntu-latest
linux-build:
runs-on: ubuntu-24.04
strategy:
matrix:
config: [time-x86_64-linux, time-arm64-linux]
steps:
- name: Checkout code
- name: Checkout Repository
uses: actions/checkout@v4.2.2

- name: Setup Bazel
uses: bazel-contrib/setup-bazel@0.18.0
with:
Expand All @@ -38,4 +47,4 @@ jobs:

- name: Build with Bazel
run: |
bazel build --lockfile_mode=error --config ${{ matrix.config }} //score/... //examples/...
bazel build --keep_going --verbose_failures --config ${{ matrix.config }} -- //score/... //examples/...
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,15 @@
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************

name: Bazel Build (QNX8)
name: Build / QNX

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

on:
pull_request_target:
types: [opened, reopened, synchronize]
Expand Down
34 changes: 34 additions & 0 deletions .github/workflows/bzlmod-lock.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
# *******************************************************************************
# Copyright (c) 2026 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************

# Enforces MODULE.bazel.lock versioning and CI drift check as required by
# https://github.com/eclipse-score/score/issues/2628
name: Process / Bzlmod Lock Check

permissions:
contents: read

on:
pull_request:
types: [opened, reopened, synchronize]
merge_group:
types: [checks_requested]
push:
branches:
- main

jobs:
bzlmod-lock:
uses: eclipse-score/cicd-workflows/.github/workflows/bzlmod-lock-check.yml@main
with:
working-directory: .
73 changes: 73 additions & 0 deletions .github/workflows/clang-tidy.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
# *******************************************************************************
# Copyright (c) 2026 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************
name: QA / Clang-Tidy

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

on:
pull_request:
types: [opened, reopened, synchronize]
merge_group:
types: [checks_requested]
push:
branches:
- main

jobs:
clang-tidy:
# Pinned to ubuntu-24.04 — matches the LLVM 19 toolchain from toolchains_llvm.
runs-on: ubuntu-24.04
# Non-blocking until the codebase is clean.
# Remove this line once all clang-tidy violations are resolved.
continue-on-error: true
steps:
- uses: eclipse-score/more-disk-space@6a3b48901846bf7f8cc985925157d71a8973e61f # v1
with:
level: 4

- name: Checkout code
uses: actions/checkout@v4.2.2

- name: Setup Bazel
uses: bazel-contrib/setup-bazel@0.18.0
with:
bazelisk-cache: true
disk-cache: ${{ github.workflow }}
repository-cache: true
cache-save: ${{ github.event_name == 'push' }}

- name: Run clang-tidy via Bazel
# continue-on-error so the artifact upload step always runs.
continue-on-error: true
run: bazel test --keep_going --config=clang-tidy //score/... 2>&1 | tee clang_tidy.log

- name: Collect findings
if: always()
run: |
find -L bazel-bin -name "*.AspectRulesLintClangTidy.out" 2>/dev/null \
| xargs cat 2>/dev/null > clang_tidy_findings.txt || true

- name: Upload findings
if: always()
uses: actions/upload-artifact@v4
with:
name: clang-tidy-findings-${{ github.run_id }}
path: |
clang_tidy.log
clang_tidy_findings.txt
retention-days: 7
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,15 @@
#
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************
name: Code Coverage (>85%)
name: Test / Code Coverage (>85%)

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

on:
pull_request:
types: [opened, reopened, synchronize]
Expand All @@ -19,8 +27,6 @@ on:
- main
merge_group:
types: [checks_requested]
release:
types: [created]

jobs:
code-coverage:
Expand Down
27 changes: 27 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# *******************************************************************************
# Copyright (c) 2026 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
#
# This program and the accompanying materials are made available under the
# terms of the Apache License Version 2.0 which is available at
# https://www.apache.org/licenses/LICENSE-2.0
#
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************
name: QA / CodeQL

on:
schedule:
- cron: "0 2 * * *" # Nightly at 2 AM UTC
workflow_dispatch:

jobs:
codeql:
uses: eclipse-score/cicd-workflows/.github/workflows/codeql.yml@main
with:
build-script: "bazel build --config=time-x86_64-linux //score/..."
permissions:
security-events: write
contents: read
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# *******************************************************************************
# Copyright (c) 2025 Contributors to the Eclipse Foundation
# Copyright (c) 2026 Contributors to the Eclipse Foundation
#
# See the NOTICE file(s) distributed with this work for additional
# information regarding copyright ownership.
Expand All @@ -11,24 +11,23 @@
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************

name: Component Tests execution (Linux)
name: Test / Component Tests

permissions:
contents: write
pages: write
pull-requests: write
id-token: write
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

on:
pull_request:
types: [opened, reopened, synchronize] # Allows forks to trigger the docs build
types: [opened, reopened, synchronize]
push:
branches:
- main
merge_group:
types: [checks_requested]
release:
types: [created]

jobs:
run-comp-tests:
Expand Down
10 changes: 9 additions & 1 deletion .github/workflows/copyright.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,15 @@
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************

name: Copyright checks
name: Process / Copyright

permissions:
contents: read

concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true

on:
pull_request:
types: [opened, reopened, synchronize]
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs-cleanup.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************

name: Documentation Cleanup
name: Docs / Cleanup

permissions:
contents: write
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@
# SPDX-License-Identifier: Apache-2.0
# *******************************************************************************

name: Documentation
name: Docs / Build & Deploy

permissions:
contents: write
Expand Down
Loading
Loading