Run clang-tidy on pull-request changed lines#4982
Open
matthargett wants to merge 1 commit into
Open
Conversation
The repository already ships a strict .clang-tidy (bugprone-*, cert-*, clang-analyzer-*, ... with WarningsAsErrors) but no workflow runs it, so the bug class it catches is currently caught only by a reviewer reading the diff. Add a pull_request workflow that runs clang-tidy-14 on the lines a PR changes (clang-tidy-diff.py driven from the base SHA, the same diff-scoping approach as the git-clang-format gate in coding_guidelines.yml), so a PR is only flagged for issues it introduces on the lines it touches. Like that gate it needs only contents:read and computes the diff from the pull_request base SHA, so it behaves identically for in-repo and forked pull requests. compile_commands.json is produced from the default linux iwasm build (no LLVM required), covering the highest-traffic loader / interpreter / common sources.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Run the repository's existing
.clang-tidyon pull requests — but only on the lines the PR changes.The root
.clang-tidyis already a maintained, strict config (bugprone-*,cert-*,clang-analyzer-*, ... withWarningsAsErrors), but no workflow runs it today, so the null-deref / sign-conversion / use-after-move class of bug it catches is currently caught only by a reviewer reading the diff.How
Mirrors the diff-scoping already used by the
git-clang-format-14gate incoding_guidelines.yml:permissions: contents: read,fetch-depth: 0, diff computed from${{ github.event.pull_request.base.sha }}..HEAD.clang-tidy-diff.py(pinned to the llvm-14 release) turns the changed-line ranges into-line-filter, so a PR is only flagged for issues it introduces on the lines it touches — pre-existing issues on untouched lines stay silent.compile_commands.jsoncomes from the default linuxiwasmbuild (interp + AOT runtime, no LLVM required), covering the highest-traffic loader / interpreter / common sources.Fork / upstream safety
Same properties as
coding_guidelines.yml: onlycontents: read, diff from the base SHA — so it behaves identically for in-repo and forked pull requests.Notes
ci/coding_guidelines_check.py.pull_requestonly: the gate diffs against the PR base, so a manual (workflow_dispatch) run would have no meaningful base.Verification
Verified on a pull request in a fork with clang-tidy-14: a violation on a changed line fails the job; a clean change passes; a pre-existing violation on an untouched line does not fire (diff-scoping). A PR that touches no C/C++ lines is a clean no-op.