Skip to content

Add Clang-Tidy GitHub Action Linter #171

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
ReginaldWang wants to merge 14 commits into
base: main
Choose a base branch
from
Draft

Add Clang-Tidy GitHub Action Linter #171

ReginaldWang wants to merge 14 commits into from

Conversation

@ReginaldWang
Copy link
Contributor

@ReginaldWang ReginaldWang commented Jan 7, 2026
edited by dchansen06
Loading

Clang-Tidy Linter

Problem and Scope

Meant to solve issue #163. Clang-tidy system is set up.

Description

Default clang-tidy file is added. Should cover most limitations of CodeQL. Github action is added (pretty simple, runs on pull request).

Gotchas and Limitations

I have no idea how it interacts with the other .yml files.

Testing

  • HOOTL testing
  • HITL testing
  • Human tested

Testing Details

Larger Impact

Additional Context and Ticket

@ReginaldWang ReginaldWang marked this pull request as draft January 7, 2026 18:11
@dchansen06 dchansen06 linked an issue Jan 7, 2026 that may be closed by this pull request
Setup Clang-Tidy System and Incorporate A GitHub Action #163
Open
@dchansen06 dchansen06 added this to the Monorepo Niceties milestone Jan 7, 2026
@dchansen06 dchansen06 added Enhancement New feature or request GitHub Meta, anything related to or dealing with GitHub HOOTL Testing Having to do with or interacting with HOOTL testing Big Fry Something that is complex and/or large Pipe Dream Would be amazing... but realistically... it might be dubious to get it on the car 4 REDUCED Explicitly not a priority but would be nice to do down the road labels Jan 7, 2026
@dchansen06 dchansen06 added 3 NORMAL Important but not really a priority and removed 4 REDUCED Explicitly not a priority but would be nice to do down the road labels Jan 7, 2026
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 9, 2026
View reviewed changes
@dchansen06
Copy link
Contributor

dchansen06 commented Jan 9, 2026

Updated your branch with a rebase to keep it updated in prep for #165

@dchansen06 dchansen06 changed the title Add .clang-tidy configuration file Add Clang-Tidy GitHub Action Linter Jan 9, 2026
dchansen06
dchansen06 reviewed Jan 9, 2026
View reviewed changes
.github/workflows/Linter.yml Outdated
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y clang-tidy cmake ninja-build
Copy link
Contributor

@dchansen06 dchansen06 Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These 3 pieces of software are installed by default on the ubuntu-latest runner you do not need to install them again see the docs for a list of other installed packages.

dchansen06
dchansen06 reviewed Jan 9, 2026
View reviewed changes
.clang-tidy
Copy link
Contributor

@dchansen06 dchansen06 Jan 9, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I imagine as part of this you will find actual bugs in our codebase, when you do please document them to the best of your ability in a new GitHub issue for each, thanks!

@dchansen06
Copy link
Contributor

dchansen06 commented Jan 9, 2026

Updating with rebase again

github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 16, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 16, 2026
View reviewed changes
github-advanced-security[bot]
github-advanced-security bot found potential problems Jan 16, 2026
View reviewed changes
.github/workflows/Linter.yml
Comment on lines +7 to +29
runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0

- name: Install Arm Toolchain
uses: carlosperate/arm-none-eabi-gcc-action@v1
with:
release: '12.2.Rel1'

- name: Configure
run: cmake --preset Debug

- name: Run clang-tidy
run: |
files=$(git diff --name-only origin/${{ github.base_ref }} | grep -E '\.(cpp|cc|cxx|c)$' || true)
if [ -z "$files" ]; then
echo "No C/C++ source files changed"
exit 0
fi
clang-tidy -p build $files

Check warning

Code scanning / CodeQL

Workflow does not contain permissions Medium

Actions job or workflow does not limit the permissions of the GITHUB_TOKEN. Consider setting an explicit permissions block, using the following as a minimal starting point: {contents: read}

Copilot Autofix

AI 3 days ago

In general, the fix is to explicitly declare a minimal permissions: block for the workflow or the specific job so that the GITHUB_TOKEN does not inherit potentially broad repository defaults. For this workflow, the job only needs to read the repository contents and diff, so contents: read is sufficient.

The best fix with minimal functional impact is to add a permissions: block at the top (root) level of .github/workflows/Linter.yml, right after the on: declaration and before jobs:. This will apply to all jobs in the workflow (currently just build) and constrain the token to read-only access to repository contents. No steps depend on write permissions (no commenting on PRs, status updates beyond what GitHub does automatically, or pushes), so this change should not break existing behavior.

Concretely: edit .github/workflows/Linter.yml to insert

permissions:
  contents: read

between line 3 (on: [pull_request]) and line 5 (jobs:). No imports or additional methods are needed.

Suggested changeset 1
.github/workflows/Linter.yml

Autofix patch

Autofix patch
Run the following command in your local git repository to apply this patch
cat << 'EOF' | git apply
diff --git a/.github/workflows/Linter.yml b/.github/workflows/Linter.yml
--- a/.github/workflows/Linter.yml
+++ b/.github/workflows/Linter.yml
@@ -2,6 +2,9 @@
 
 on: [pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   build:
     runs-on: ubuntu-latest
EOF
@@ -2,6 +2,9 @@

on: [pull_request]

permissions:
contents: read

jobs:
build:
runs-on: ubuntu-latest
Copilot is powered by AI and may make mistakes. Always verify output.
@dchansen06
Copy link
Contributor

dchansen06 commented Jan 16, 2026

Updated with rebase

@ReginaldWang @dchansen06
Add .clang-tidy configuration file
ad32ff3 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Create Linter.yml
757e6ec 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Update Linter.yml
f3d60b7 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Enhance Linter workflow with installation and config steps
fa2e2c6 
Added steps to install dependencies and configure the build.

Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Update Linter.yml to disable Docker usage
0f62ae5 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Update clang-tidy-review action version
cddc122 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Update Linter.yml to use clang-tidy directly
34d2176 
Replaced clang-tidy-review actions with a direct clang-tidy command.

Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Simplify CMake configuration step in Linter workflow
3f15ca7 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Change CMake preset from default to Debug
fe41537 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Update Linter workflow to remove unused dependencies
da3f597 
Removed installation of clang-tidy and cmake from dependencies.

Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Remove 'Configure' step from Linter workflow
c44a7ec 
Removed the 'Configure' step from the Linter workflow.

Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Update Linter.yml to set fetch-depth for checkout
307066f 
Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Remove AnalyzeTemporaryDtors from .clang-tidy
1b1e5e2 
Removed AnalyzeTemporaryDtors option from clang-tidy configuration.

Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
@ReginaldWang @dchansen06
Enhance Linter workflow with configuration and file check
af3a385 
Added a configuration step and improved clang-tidy invocation.

Signed-off-by: ReginaldWang <114448545+ReginaldWang@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@dchansen06 dchansen06 dchansen06 left review comments

At least 1 approving review is required to merge this pull request.

Assignees

@ReginaldWang ReginaldWang

Labels

3 NORMAL Important but not really a priority Big Fry Something that is complex and/or large Enhancement New feature or request GitHub Meta, anything related to or dealing with GitHub HOOTL Testing Having to do with or interacting with HOOTL testing Pipe Dream Would be amazing... but realistically... it might be dubious to get it on the car

Projects

None yet

Milestone

Monorepo Niceties

Development

Successfully merging this pull request may close these issues.

Setup Clang-Tidy System and Incorporate A GitHub Action

2 participants

@ReginaldWang @dchansen06