From e21c01db0cfeae856cb2f88d64f6fb8cd760fa85 Mon Sep 17 00:00:00 2001 From: Victor Baranov Date: Mon, 20 Oct 2025 21:14:57 +0300 Subject: [PATCH 1/6] [Github][CI] Add default gha user for tooling containers --- .../containers/github-action-ci-tooling/Dockerfile | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/containers/github-action-ci-tooling/Dockerfile b/.github/workflows/containers/github-action-ci-tooling/Dockerfile index 9d2aaf6bbd48a..4135ae839cd47 100644 --- a/.github/workflows/containers/github-action-ci-tooling/Dockerfile +++ b/.github/workflows/containers/github-action-ci-tooling/Dockerfile @@ -37,6 +37,11 @@ RUN apt-get update && \ apt-get clean && \ rm -rf /var/lib/apt/lists/* +# Create a new user with id 1001 as that is the user id that +# Github Actions uses to perform the checkout action. +RUN useradd gha -u 1001 -m -s /bin/bash +RUN adduser gha sudo +RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers FROM base AS ci-container-code-format ARG LLVM_VERSION @@ -51,6 +56,8 @@ ENV PATH=${LLVM_SYSROOT}/bin:${PATH} COPY llvm/utils/git/requirements_formatting.txt requirements_formatting.txt RUN pip install -r requirements_formatting.txt --break-system-packages && \ rm requirements_formatting.txt +USER gha +WORKDIR /home/gha FROM base AS ci-container-code-lint @@ -80,3 +87,5 @@ RUN apt-get update && \ COPY llvm/utils/git/requirements_linting.txt requirements_linting.txt RUN pip install -r requirements_linting.txt --break-system-packages && \ rm requirements_linting.txt +USER gha +WORKDIR /home/gha From c8f08a1f25ec79d7cf0427385794b26b54816807 Mon Sep 17 00:00:00 2001 From: Victor Baranov Date: Sat, 25 Oct 2025 01:03:31 +0300 Subject: [PATCH 2/6] add code violations and test container --- .github/workflows/pr-code-format.yml | 10 +--------- clang-tools-extra/clang-tidy/ClangTidy.cpp | 2 +- llvm/utils/git/code-format-helper.py | 2 +- 3 files changed, 3 insertions(+), 11 deletions(-) diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 2b85d8b59869c..4ff6bae30f5ce 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -13,7 +13,7 @@ jobs: code_formatter: runs-on: ubuntu-24.04 container: - image: 'ghcr.io/llvm/ci-ubuntu-24.04-format' + image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha' timeout-minutes: 30 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} @@ -25,14 +25,6 @@ jobs: with: fetch-depth: 2 - # We need to set the repo checkout as safe, otherwise tj-actions/changed-files - # will fail due to the changed ownership inside the container. - # TODO(boomanaiden154): We should probably fix this by having the default user - # in the container have the same ID as the GHA user on the host. - - name: Set Safe Directory - run: | - chown -R root $(pwd) - - name: Get changed files id: changed-files uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 diff --git a/clang-tools-extra/clang-tidy/ClangTidy.cpp b/clang-tools-extra/clang-tidy/ClangTidy.cpp index 7e18f3806a143..2f6f992ae3d66 100644 --- a/clang-tools-extra/clang-tidy/ClangTidy.cpp +++ b/clang-tools-extra/clang-tidy/ClangTidy.cpp @@ -70,7 +70,7 @@ class AnalyzerDiagnosticConsumer : public ento::PathDiagnosticConsumer { public: AnalyzerDiagnosticConsumer(ClangTidyContext &Context) : Context(Context) {} - void FlushDiagnosticsImpl(std::vector &Diags, + void FlushDiagnosticsImpl( std::vector &Diags, FilesMade *FilesMade) override { for (const ento::PathDiagnostic *PD : Diags) { SmallString<64> CheckName(AnalyzerCheckNamePrefix); diff --git a/llvm/utils/git/code-format-helper.py b/llvm/utils/git/code-format-helper.py index 406a72817acb8..9a7d3ab8532cf 100755 --- a/llvm/utils/git/code-format-helper.py +++ b/llvm/utils/git/code-format-helper.py @@ -265,7 +265,7 @@ def format_run(self, changed_files: List[str], args: FormatArgs) -> Optional[str proc = subprocess.run(cf_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) sys.stdout.write(proc.stderr.decode("utf-8")) - if proc.returncode != 0: + if proc.returncode != 0: # formatting needed, or the command otherwise failed if args.verbose: print(f"error: {self.name} exited with code {proc.returncode}") From 1d0d99420a548f93cf7a91ced75412f96e41bcf0 Mon Sep 17 00:00:00 2001 From: Victor Baranov Date: Sat, 25 Oct 2025 01:06:14 +0300 Subject: [PATCH 3/6] add latest tag --- .github/workflows/pr-code-format.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 4ff6bae30f5ce..26db18e42840f 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -13,7 +13,7 @@ jobs: code_formatter: runs-on: ubuntu-24.04 container: - image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha' + image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha:latest' timeout-minutes: 30 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} From 6787f720deec2f555722e0ff43cdb2952c15aca2 Mon Sep 17 00:00:00 2001 From: Victor Baranov Date: Sat, 25 Oct 2025 01:15:18 +0300 Subject: [PATCH 4/6] Revert "add latest tag" This reverts commit 1d0d99420a548f93cf7a91ced75412f96e41bcf0. --- .github/workflows/pr-code-format.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 26db18e42840f..4ff6bae30f5ce 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -13,7 +13,7 @@ jobs: code_formatter: runs-on: ubuntu-24.04 container: - image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha:latest' + image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha' timeout-minutes: 30 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} From fa5a841a26e4862c9ee018c5f3d60c28d9ea0107 Mon Sep 17 00:00:00 2001 From: Victor Baranov Date: Sat, 25 Oct 2025 01:15:30 +0300 Subject: [PATCH 5/6] Revert "add code violations and test container" This reverts commit c8f08a1f25ec79d7cf0427385794b26b54816807. --- .github/workflows/pr-code-format.yml | 10 +++++++++- clang-tools-extra/clang-tidy/ClangTidy.cpp | 2 +- llvm/utils/git/code-format-helper.py | 2 +- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml index 4ff6bae30f5ce..2b85d8b59869c 100644 --- a/.github/workflows/pr-code-format.yml +++ b/.github/workflows/pr-code-format.yml @@ -13,7 +13,7 @@ jobs: code_formatter: runs-on: ubuntu-24.04 container: - image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha' + image: 'ghcr.io/llvm/ci-ubuntu-24.04-format' timeout-minutes: 30 concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number }} @@ -25,6 +25,14 @@ jobs: with: fetch-depth: 2 + # We need to set the repo checkout as safe, otherwise tj-actions/changed-files + # will fail due to the changed ownership inside the container. + # TODO(boomanaiden154): We should probably fix this by having the default user + # in the container have the same ID as the GHA user on the host. + - name: Set Safe Directory + run: | + chown -R root $(pwd) + - name: Get changed files id: changed-files uses: tj-actions/changed-files@ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5 diff --git a/clang-tools-extra/clang-tidy/ClangTidy.cpp b/clang-tools-extra/clang-tidy/ClangTidy.cpp index 2f6f992ae3d66..7e18f3806a143 100644 --- a/clang-tools-extra/clang-tidy/ClangTidy.cpp +++ b/clang-tools-extra/clang-tidy/ClangTidy.cpp @@ -70,7 +70,7 @@ class AnalyzerDiagnosticConsumer : public ento::PathDiagnosticConsumer { public: AnalyzerDiagnosticConsumer(ClangTidyContext &Context) : Context(Context) {} - void FlushDiagnosticsImpl( std::vector &Diags, + void FlushDiagnosticsImpl(std::vector &Diags, FilesMade *FilesMade) override { for (const ento::PathDiagnostic *PD : Diags) { SmallString<64> CheckName(AnalyzerCheckNamePrefix); diff --git a/llvm/utils/git/code-format-helper.py b/llvm/utils/git/code-format-helper.py index 9a7d3ab8532cf..406a72817acb8 100755 --- a/llvm/utils/git/code-format-helper.py +++ b/llvm/utils/git/code-format-helper.py @@ -265,7 +265,7 @@ def format_run(self, changed_files: List[str], args: FormatArgs) -> Optional[str proc = subprocess.run(cf_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) sys.stdout.write(proc.stderr.decode("utf-8")) - if proc.returncode != 0: + if proc.returncode != 0: # formatting needed, or the command otherwise failed if args.verbose: print(f"error: {self.name} exited with code {proc.returncode}") From e677aeb44fa6fc53ddce8c57a94d17e09b52e173 Mon Sep 17 00:00:00 2001 From: Victor Baranov Date: Sat, 25 Oct 2025 01:16:50 +0300 Subject: [PATCH 6/6] add comment --- .../workflows/containers/github-action-ci-tooling/Dockerfile | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/containers/github-action-ci-tooling/Dockerfile b/.github/workflows/containers/github-action-ci-tooling/Dockerfile index 4135ae839cd47..8aaa2e88f2bab 100644 --- a/.github/workflows/containers/github-action-ci-tooling/Dockerfile +++ b/.github/workflows/containers/github-action-ci-tooling/Dockerfile @@ -42,6 +42,9 @@ RUN apt-get update && \ RUN useradd gha -u 1001 -m -s /bin/bash RUN adduser gha sudo RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers +# Don't set USER gha right away because we still need to install packages +# as root in 'ci-container-code-format' and 'ci-container-code-lint' containers + FROM base AS ci-container-code-format ARG LLVM_VERSION