Cross-platform CI/CD pipeline#6
Conversation
6 GitHub Actions workflows: - ci.yml: 5-platform matrix (Linux/Windows AMD64+ARM64, macOS ARM64) - lint.yml: clang-format + clang-tidy + cppcheck - sanitizers.yml: ASan+UBSan on PR, TSan nightly - codeql.yml: CodeQL security-extended analysis - coverage.yml: llvm-cov + Codecov upload - dependency-scan.yml: OSV-Scanner weekly Config files: .clang-format (C++20), .clang-tidy, renovate.json CMake: FABRIC_USE_MIMALLOC option, sanitizer/coverage presets
Greptile SummaryAdded comprehensive CI/CD infrastructure with 6 GitHub Actions workflows covering build matrix (5 platforms), code quality (lint, sanitizers, coverage), security (CodeQL, OSV-Scanner), and automated dependency updates (Renovate). Key change:
Confidence Score: 5/5
Important Files Changed
Flowchart%%{init: {'theme': 'neutral'}}%%
flowchart TD
A[Push/PR to main] --> B{Which workflow?}
B -->|Code changes| C[CI: Build Matrix]
B -->|Code changes| D[Lint: Format/Tidy/Cppcheck]
B -->|Code changes| E[Sanitizers: ASan+UBSan]
B -->|Code changes| F[Coverage: llvm-cov]
B -->|Code/Schedule| G[CodeQL Security]
B -->|CMake/Schedule| H[Dependency Scan]
C --> C1[Linux AMD64/ARM64]
C --> C2[Windows AMD64/ARM64]
C --> C3[macOS ARM64]
C1 --> C4[sccache + FetchContent cache]
C2 --> C4
C3 --> C4
C4 --> C5[Build + Test]
E --> E1{Event type?}
E1 -->|PR| E2[ASan+UBSan]
E1 -->|Nightly| E3[TSan]
E2 --> E4[FABRIC_USE_MIMALLOC=OFF]
E3 --> E4
F --> F1[clang instrumentation]
F1 --> F2[llvm-profdata merge]
F2 --> F3[Codecov upload]
H --> H1[Configure to populate _deps]
H1 --> H2[OSV-Scanner]
Last reviewed commit: 44c0518 |
Linux: add full SDL3 build dependencies (libxss-dev, libasound2-dev, libwayland-dev, etc.) to all workflow apt-get steps. Windows: add FetchContent fallback for Freetype in FabricRmlUi.cmake so RmlUi builds without system Freetype. macOS: enable OBJCXX language and force ObjC++ compilation for bgfx renderer_vk.cpp and renderer_webgpu.cpp (Xcode 26 SDK compatibility).
CI fixes: - Enable GNU extensions (CMAKE_CXX_EXTENSIONS ON) for Quill's ##__VA_ARGS__ comma-eating on GCC - Suppress DXBC/DXIL shader symbols on non-Windows platforms (bgfx embedded_shader.h enables them on Linux) - Fix Windows shader ext naming: dx11 -> dxbc to match bgfx convention - Strip sanitizer/coverage flags from bgfx subtree build to prevent glsl-optimizer UBSan crashes in shaderc - Replace M_PI with std::numbers::pi_v<T> for MSVC compatibility CI performance: - Migrate Linux/macOS from sccache to ccache (avoids GHA 200 uploads/min rate limit that caused ~81% cache write failures) - Keep sccache for Windows (ccache doesn't support MSVC well) - Enable BGFX_AMALGAMATED (reduces ~50 TUs to 1) - Add GIT_SHALLOW TRUE to SDL3 and webview FetchContent - Add FetchContent cache to CodeQL and dependency-scan workflows - Add ccache to lint and CodeQL workflows Dependency updates: - Flecs v4.0.5 -> v4.1.4 (migrate get<T>() -> try_get<T>() for nullable access; use reference get<T>() for known-present) - RmlUi 6.0 -> 6.2 - FreeType VER-2-13-3 -> VER-2-14-1
Linux: X11/X.h defines bare-word macros (Always, None, Never, Bool, Status, Success, True, False) that replace Quill enum member names when WebKitGTK headers are included before Log.hh. Add #undef guards before Quill includes. Windows: <windows.h> defines min/max macros that break std::numeric_limits<T>::max() in Quill's Codec.h and RdtscClock.h. Add NOMINMAX and WIN32_LEAN_AND_MEAN compile definitions.
- Reformat all src/ and include/ files to match .clang-format config (4-space indent, 120 column limit, Attach braces) - Fix cppcheck stlFindInsert: use insert().second instead of find()+insert() in CoordinatedGraph.hh (3 locations) - Fix cppcheck stlIfStrFind: use starts_with() instead of find() == 0 in SyntaxTree.cc (3 locations)
The previous fix in Log.hh only protected Quill includes, but any TU that includes WebView.hh (which transitively brings in X11/X.h via WebKitGTK) still had X11 macros polluting all subsequent headers. Move the undef block to WebView.hh immediately after the webview.h include so GoogleTest's struct None, Quill enums, and any other downstream code get a clean namespace.
- ECSTest.cc: add #include <algorithm> for std::find (implicit on macOS via transitive includes, explicit required on Linux Clang) - ThreadPoolExecutor.hh: reformat with clang-format 18 to match CI (v21 and v18 disagree on trailing return type line breaks)
embedded_shader.h expects vs_rmlui_dxil/fs_rmlui_dxil symbols when BGFX_PLATFORM_SUPPORTS_DXIL is set (default on Windows), but we only compile DXBC (SM 5.0) shaders. Suppress DXIL globally since we don't compile SM 6.x shaders on any platform.
ctest needs LLVM_PROFILE_FILE to write profraw files with the expected fabric-*.profraw pattern. Without it, Clang writes to default.profraw in the working directory, and the merge step can't find the files.
MSVC defines `near` and `far` as empty macros (legacy x86 segmented memory model), which silently deletes parameter names and produces syntax errors. Use zNear/zFar following GLM/OpenGL convention.
WIN32_EXECUTABLE TRUE requires WinMain, but Fabric.cc defines main(). SDL3's SDL_main.h provides the WinMain→SDL_main trampoline, which is the recommended approach for SDL3 GUI applications.
- Add explicit uint8_t base types to 11 small enums (performance-enum-size) - NOLINT reinterpret_cast in Codec.hh (necessary for byte-level ops) - NOLINTBEGIN/END for CMake-generated constants in Constants.g.hh - Update .clang-tidy: add NamespaceIgnoredRegexp for Space/Utils/Test, ConstexprVariableCase UPPER_CASE, VariableIgnoredRegexp for ALL_CAPS The 79 readability-identifier-naming warnings (private member suffix) require a coordinated project-wide refactor and are deferred.
CodeQL analyze step needs actions:read to query workflow run metadata.
GitHub Advanced Security must be enabled for code scanning uploads on private repositories. Since the repo is private and GHAS is not available, the workflow wastes CI minutes without producing results. Re-add when the repo goes public.
- Remove Windows ARM64 from CI matrix (slow, no Blacksmith runner) - Re-add CodeQL workflow (repo is now public, GHAS available) - Add mise tasks: format, format:fix, cppcheck, sanitize, sanitize:tsan, coverage - Full local-CI parity: all CI checks reproducible locally via mise
- Fix clang-format violation in ThreadPoolExecutor.hh - Return errorMsg by const ref in ArgumentParser.hh (cppcheck perf) - Add lint:changed task for fast iteration on dirty files - Scope lint:fix to changed files only (limits auto-fix blast radius) - Suppress clang-tidy "N warnings generated" noise in output
Move CC/CXX/CPPFLAGS/LDFLAGS from global ~/.bash_env to project-scoped mise.toml [env] section. Homebrew manages the LLVM install (macOS ABI compatibility), mise scopes the environment per-project. The GitHub-released LLVM binary has ABI incompatibilities with macOS SDK's libc++, so Homebrew LLVM remains the correct choice on macOS.
Consistently exceeds 18+ minutes. Run locally if needed.
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
CodeQL CLI managed by mise (github:github/codeql-cli-binaries). Task script creates database by observing build, runs cpp-code-scanning suite, outputs SARIF with jq-powered summary.
CI was using clang-format 18 while local uses Homebrew LLVM 21. Trailing return type formatting differs between versions, causing false failures on ThreadPoolExecutor.hh.
- build.sh now uses CMakePresets instead of manual cmake flags, so preset changes propagate to local dev builds automatically - Default build dir is build/dev-debug (matches preset binaryDir), fixing the split between build/ and build/<preset>/ - test.sh, lint.sh updated to match new default build dir - coverage.yml: profdata and lcov now write to build/ci-coverage/ (matching local coverage.sh paths) - lint.yml: document clang-tidy config discovery behavior
Cpp-Linter Report
|
2 participants
Summary
Cross-platform CI/CD pipeline with full local development parity via mise tasks.
CI workflows (5):
ci.yml— 4-platform build matrix (Linux/Windows AMD64, Linux ARM64, macOS ARM64)lint.yml— clang-format 21 + clang-tidy + cppchecksanitizers.yml— ASan+UBSan on PR, TSan nightlycoverage.yml— llvm-cov + Codecov uploaddependency-scan.yml— OSV-Scanner weeklyLocal mise tasks (17):
build, build:release, clean, test, test:e2e, test:all, test:filter, format, format:fix, lint, lint:changed, lint:fix, cppcheck, sanitize, sanitize:tsan, coverage, codeql
Cross-platform fixes:
Build system:
[env]Config: .clang-format (C++20), .clang-tidy, renovate.json
Dependency updates: Flecs 4.0.5→4.1.4, RmlUi 6.0→6.2, FreeType 2.13.3→2.14.1