eclipse-score · Komal362000 · May 8, 2026
@@ -0,0 +1,76 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Clang-Tidy Analysis
+
+on:
+  workflow_call:
+    outputs:
+      duration-seconds:
+        description: Runtime of the clang-tidy check in seconds.
+        value: ${{ jobs.clang_tidy.outputs.duration-seconds }}
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: clang_tidy_analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  ANDROID_HOME: ""
+  ANDROID_SDK_ROOT: ""
+
+jobs:
+  clang_tidy:
+    runs-on: ubuntu-24.04
+    outputs:
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
+    steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Free Disk Space (Ubuntu)
+        uses: eclipse-score/more-disk-space@v1
+        with:
+          level: 4
+
+      - uses: castler/setup-bazel@8818d35864b4088fb3a12e7a3191777dc418fd69
+        with:
+          bazelisk-cache: true
+          disk-cache: "clang_tidy_analysis"
+          disk-cache-key: "main"
+          repository-cache: true
+          cache-save: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Allow linux-sandbox
+        uses: ./actions/unblock_user_namespace_for_linux_sandbox
+
+      - name: Run clang-tidy analysis
+        run: |
+          bazel build //... --aspects //tools/lint:clang_tidy_aspect
+
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "clang-tidy duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"
@@ -0,0 +1,89 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: CodeQL Analysis
+
+on:
+  workflow_call:
+    outputs:
+      duration-seconds:
+        description: Runtime of the CodeQL check in seconds.
+        value: ${{ jobs.codeql.outputs.duration-seconds }}
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+concurrency:
+  group: codeql_analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  ANDROID_HOME: ""
+  ANDROID_SDK_ROOT: ""
+
+jobs:
+  codeql:
+    runs-on: ubuntu-24.04
+    outputs:
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
+    steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Free Disk Space (Ubuntu)
+        uses: eclipse-score/more-disk-space@v1
+        with:
+          level: 4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: c-cpp
+          build-mode: manual
+
+      - uses: castler/setup-bazel@8818d35864b4088fb3a12e7a3191777dc418fd69
+        with:
+          bazelisk-cache: true
+          disk-cache: "codeql_analysis"
+          disk-cache-key: "main"
+          repository-cache: true
+          cache-save: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Allow linux-sandbox
+        uses: ./actions/unblock_user_namespace_for_linux_sandbox
+
+      - name: Build for CodeQL extraction
+        run: |
+          bazel build //...
+
+      - name: Analyze with CodeQL
+        uses: github/codeql-action/analyze@v3
+        with:
+          category: /language:c-cpp
+
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "CodeQL duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"
@@ -0,0 +1,78 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Coverity Analysis
+
+on:
+  workflow_call:
+    outputs:
+      duration-seconds:
+        description: Runtime of the Coverity check in seconds.
+        value: ${{ jobs.coverity.outputs.duration-seconds }}
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: coverity_analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  ANDROID_HOME: ""
+  ANDROID_SDK_ROOT: ""
+
+jobs:
+  coverity:
+    runs-on: ubuntu-24.04
+    outputs:
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
+    steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Free Disk Space (Ubuntu)
+        uses: eclipse-score/more-disk-space@v1
+        with:
+          level: 4
+
+      - uses: castler/setup-bazel@8818d35864b4088fb3a12e7a3191777dc418fd69
+        with:
+          bazelisk-cache: true
+          disk-cache: "coverity_analysis"
+          disk-cache-key: "main"
+          repository-cache: true
+          cache-save: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Allow linux-sandbox
+        uses: ./actions/unblock_user_namespace_for_linux_sandbox
+
+      - name: Run Coverity scan
+        run: |
+          echo "Coverity integration placeholder"
+          echo "To enable: configure Coverity account and API token in secrets"
+          bazel build //...
+
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "Coverity duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"
@@ -0,0 +1,130 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Hybrid Quality Demo
+
+on:
+  workflow_dispatch:
+    inputs:
+      run_nightly_checks:
+        description: Run nightly quality checks in addition to fast PR checks.
+        required: false
+        type: boolean
+        default: true
+  schedule:
+    - cron: '0 2 * * *'
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+concurrency:
+  group: hybrid_quality_demo-${{ github.ref }}-${{ github.event_name }}
+  cancel-in-progress: false
+
+jobs:
+  pr_checks:
+    name: Fast PR checks
+    uses: ./.github/workflows/build_and_test_host.yml
+    with:
+      run_all_configurations: false
+
+  coverage:
+    name: Coverage report
+    if: ${{ github.event_name == 'schedule' || inputs.run_nightly_checks }}
+    needs: pr_checks
+    uses: ./.github/workflows/coverage_report.yml
+
+  thread_sanitizer:
+    name: Thread sanitizer
+    if: ${{ github.event_name == 'schedule' || inputs.run_nightly_checks }}
+    needs: pr_checks
+    uses: ./.github/workflows/thread_sanitizer.yml
+
+  address_sanitizer:
+    name: Address/UB/leak sanitizer
+    if: ${{ github.event_name == 'schedule' || inputs.run_nightly_checks }}
+    needs: pr_checks
+    uses: ./.github/workflows/address_undefined_behavior_leak_sanitizer.yml
+
+  codeql:
+    name: CodeQL analysis
+    if: ${{ github.event_name == 'schedule' || inputs.run_nightly_checks }}
+    needs: pr_checks
+    uses: ./.github/workflows/codeql_analysis.yml
+
+  clang_tidy:
+    name: Clang-Tidy analysis
+    if: ${{ github.event_name == 'schedule' || inputs.run_nightly_checks }}
+    needs: pr_checks
+    uses: ./.github/workflows/clang_tidy_analysis.yml
+
+  coverity:
+    name: Coverity analysis
+    if: ${{ github.event_name == 'schedule' || inputs.run_nightly_checks }}
+    needs: pr_checks
+    uses: ./.github/workflows/coverity_analysis.yml
+
+  dashboard:
+    name: Generate quality dashboard with timing
+    if: ${{ always() }}
+    needs:
+      - pr_checks
+      - coverage
+      - thread_sanitizer
+      - address_sanitizer
+      - codeql
+      - clang_tidy
+      - coverity
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Generate dashboard files with timing
+        env:
+          PR_CHECKS_RESULT: ${{ needs.pr_checks.result }}
+          COVERAGE_RESULT: ${{ needs.coverage.result || 'skipped' }}
+          THREAD_SANITIZER_RESULT: ${{ needs.thread_sanitizer.result || 'skipped' }}
+          ADDRESS_SANITIZER_RESULT: ${{ needs.address_sanitizer.result || 'skipped' }}
+          CODEQL_RESULT: ${{ needs.codeql.result || 'skipped' }}
+          CLANG_TIDY_RESULT: ${{ needs.clang_tidy.result || 'skipped' }}
+          COVERITY_RESULT: ${{ needs.coverity.result || 'skipped' }}
+          CODEQL_DURATION_SECONDS: ${{ needs.codeql.outputs.duration-seconds || '' }}
+          CLANG_TIDY_DURATION_SECONDS: ${{ needs.clang_tidy.outputs.duration-seconds || '' }}
+          COVERITY_DURATION_SECONDS: ${{ needs.coverity.outputs.duration-seconds || '' }}
+          COVERAGE_ARTIFACT_NAME: ${{ needs.coverage.outputs.artifact-name }}
+          REPOSITORY_NAME: ${{ github.repository }}
+          RUN_ID: ${{ github.run_id }}
+          REF_NAME: ${{ github.ref_name }}
+          EVENT_NAME: ${{ github.event_name }}
+        run: |
+          python3 tools/ci/generate_hybrid_quality_dashboard.py dashboard
+
+      - name: Publish workflow summary
+        run: cat dashboard/summary.md >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Show timing report
+        if: ${{ always() }}
+        run: |
+          echo "## Quality Check Timing Report" >> "$GITHUB_STEP_SUMMARY"
+          cat dashboard/timing.txt >> "$GITHUB_STEP_SUMMARY" 2>/dev/null || echo "Timing data generated." >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Upload dashboard artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: hybrid_quality_dashboard_${{ github.run_id }}
+          path: dashboard/