Skip to content

Run clang-tidy on pull-request changed lines#4982

Open
matthargett wants to merge 1 commit into
bytecodealliance:mainfrom
rebeckerspecialties:ci/clang-tidy-on-prs
Open

Run clang-tidy on pull-request changed lines#4982
matthargett wants to merge 1 commit into
bytecodealliance:mainfrom
rebeckerspecialties:ci/clang-tidy-on-prs

Conversation

@matthargett

Copy link
Copy Markdown
Contributor

What

Run the repository's existing .clang-tidy on pull requests — but only on the lines the PR changes.

The root .clang-tidy is already a maintained, strict config (bugprone-*, cert-*, clang-analyzer-*, ... with WarningsAsErrors), but no workflow runs it today, so the null-deref / sign-conversion / use-after-move class of bug it catches is currently caught only by a reviewer reading the diff.

How

Mirrors the diff-scoping already used by the git-clang-format-14 gate in coding_guidelines.yml:

  • permissions: contents: read, fetch-depth: 0, diff computed from ${{ github.event.pull_request.base.sha }}..HEAD.
  • clang-tidy-diff.py (pinned to the llvm-14 release) turns the changed-line ranges into -line-filter, so a PR is only flagged for issues it introduces on the lines it touches — pre-existing issues on untouched lines stay silent.
  • compile_commands.json comes from the default linux iwasm build (interp + AOT runtime, no LLVM required), covering the highest-traffic loader / interpreter / common sources.

Fork / upstream safety

Same properties as coding_guidelines.yml: only contents: read, diff from the base SHA — so it behaves identically for in-repo and forked pull requests.

Notes

  • Scoped to the default linux config's translation units; changes to files not in that build are skipped. Coverage can be broadened with more configs.
  • clang-tidy version tracks the clang-format-14 already pinned by ci/coding_guidelines_check.py.
  • Trigger is pull_request only: the gate diffs against the PR base, so a manual (workflow_dispatch) run would have no meaningful base.

Verification

Verified on a pull request in a fork with clang-tidy-14: a violation on a changed line fails the job; a clean change passes; a pre-existing violation on an untouched line does not fire (diff-scoping). A PR that touches no C/C++ lines is a clean no-op.

The repository already ships a strict .clang-tidy (bugprone-*, cert-*,
clang-analyzer-*, ... with WarningsAsErrors) but no workflow runs it, so
the bug class it catches is currently caught only by a reviewer reading
the diff.

Add a pull_request workflow that runs clang-tidy-14 on the lines a PR
changes (clang-tidy-diff.py driven from the base SHA, the same
diff-scoping approach as the git-clang-format gate in
coding_guidelines.yml), so a PR is only flagged for issues it introduces
on the lines it touches. Like that gate it needs only contents:read and
computes the diff from the pull_request base SHA, so it behaves
identically for in-repo and forked pull requests.

compile_commands.json is produced from the default linux iwasm build (no
LLVM required), covering the highest-traffic loader / interpreter /
common sources.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant