Configure Mend for GitHub.com#1
Open
mend-for-github-com[bot] wants to merge 93 commits into
Open
Conversation
Signed-off-by: Gavin Zhao <git@gzgz.dev>
Signed-off-by: Gavin Zhao <git@gzgz.dev>
Signed-off-by: Gavin Zhao <git@gzgz.dev>
Signed-off-by: Gavin Zhao <git@gzgz.dev>
Signed-off-by: Gavin Zhao <git@gzgz.dev>
Seems to be a bad merge, these things are in a separate file now
Doesn't work for me
`label` is an attribute of `dep`, not `ddep`.
So make it part of d_toolchain.lib_flags and set for LDC only
When we build a library for a test, we need to set `version(unittest)`, since ocasionally the code has some hacks for tests. We can't set this version directly, so need to pass `-unittest` flag. This has an unfortunate side effect that the tests inside the library are also included.
To allow suppressing imports from workspace directly. This is needed for instrumented code: we create a copy of directory structure with instrumented files in `bazel-out` and we need to make sure we never import non-instrumented version.
Currently only for d_library and d_source_library. When we generated sources, we need to patch imports flags, so the generated files are found by the compiler. In theory, string imports also need this. But currently I don't generate files I want to import as strings (though I will). Currently there is an issue with `d_library`: it doesn't accumulate transitive imports, so we if A imports from B and B imports from C and C requires non-standard import location, this won't work. This works with d_source_library though.
TODO: Do we need that also for d_library?
This is useful for remote toolchains
TODO: move it to toolchain declaration
not sure this is needed
don't create broken symlinks. TODO: filter generated_sources dictionary and add validation
not used so far
to get `-fdebug-prefix-map` support
not used yet
To be actually useful, we need: 1. a way to set codegen flags 2. probably also expose bc libs with the DInfo
We actually need to pass optimization options to codegen
This is questionable: most resources say llc is only for debugging and in production people should use clang as a driver. But clang has different backend options wrt to ldc, while llc has exactly the same. In the long run, I guess the right way is to use _ldc_ as a driver. But right now it doesn't seem to support .bc -> .o compilation.
such that we can do something smart with them, like pass bc libs directly to linker to get LTO, or pre-compile them together.
itsikharel
approved these changes
Nov 26, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Welcome to Mend for GitHub.com (formerly WhiteSource). This is an onboarding PR to help you understand and configure settings before Mend starts scanning your repository for security vulnerabilities.
🚦 Mend for GitHub.com will start scanning your repository only once you merge this Pull Request. To disable Mend for GitHub.com, simply close this Pull Request.
What to Expect
This PR contains a '.whitesource' configuration file which can be customized to your needs. If no changes were applied to this file, Mend for GitHub.com will use the default configuration.
Before merging this PR, Make sure the Issues tab is enabled. Once you merge this PR, Mend for GitHub.com will scan your repository and create a GitHub Issue for every vulnerability detected in your repository.
If you do not want a GitHub Issue to be created for each detected vulnerability, you can edit the '.whitesource' file and set the 'minSeverityLevel' parameter to 'NONE'.
If Mend Remediate Workflow Rules are set on your repository (from the Mend 'Integrate' tab), Mend will also generate a fix Pull Request for relevant vulnerabilities.
❓ Got questions? Check out Mend for GitHub.com docs.
If you need any further assistance then you can also request help here.