This is needed for #187905. Unless we disable the check, Zizmor will
flag uses of `actions/checkout` without an explicit
`persist-credentials` setting.
Of course, some workflows could rely on the credentials persisted by
`actions/checkout`. I asked Claude to check each affected job, and it
flagged only `prune-branches.yml`. The script `prune-unused-branches.py`
relies on the persisted credentials, so I've left that as
`persist-credentials: true` for now.
At the moment, no CI job tests whether the fuzzing tests build
correctly.
This patch adds the build of fuzzing tests to the pre-merge CI job.
Only two configurations have it enabled for now. The none-eabi
configurations seemingly do not support it because in their cmake
configs compiler-rt is not enabled, hence libFuzzer isn't built. I did
not dig too much to understand why that is, preferring to just leave it
disabled for these configurations. For the remaining ones that seem to
support it, I selected one x86 and one aarch64.
In addition, it removes one outdated comment about the build type used
and changes the action to run on all branches, not only on PRs that
target main.
If we limit it to run only on PRs to the main branch, it will not run on
stacked PRs. I believe it is also okay to run it on PRs to release
branches. Therefore it is just easier to remove the limit altogether.
- Rename `clang/{include,lib,unittests}/Analysis/Scalable/` to
`clang/{include,lib,unittests}/ScalableStaticAnalysisFramework/Core/`
- Update header-guards with their new paths
- Rename the library `clangAnalysisScalable` to
`clangScalableStaticAnalysisFrameworkCore`
- Add a new `Clang_ScalableStaticAnalysisFramework` module to
`module.modulemap`
- Update GN build files, GitHub PR labeler, and documentation
- Harmonise license comments
- Add a missing header-guard
The check whether a stream is associated with a terminal or not and the
flushing of the stream in `std::print()` is needed only on Windows.
Additionally, the correct flush should be used. When `std::print` is
called with a C stream, `std::fflush()` should be used. When it is
called with C++ `ostream`, `ostream::flush()` should be called.
Because POSIX does not have a separate Unicode API for terminal output,
checking for terminal (`isatty`) and flushing is not needed at all.
Moreover, `isatty` has noticeable performance cost.
See also https://wg21.link/LWG4044.
Fixes#70142
We want to add some basic precommit CI for `libsycl`, similar to what we
have for `SPIR-V`.
Here it just builds `libsycl` and runs `check-sycl`, but only non-GPU
tests will be run because this job is run on GitHub-hosted runners which
don't have a GPU, so we will never run GPU tests in this CI job.
Postcommit already runs SYCL GPU tests.
We have runtime GPU detection as part of the `check-sycl` lit setup so
everything works fine.
Currently there is only one `check-sycl` test at all and it is a GPU
test, so `check-sycl` is basically a no op, so this is de-facto build
only.
---------
Signed-off-by: Nick Sarnie <nick.sarnie@intel.com>
Otherwise setting LLVM_VERSION does not actually do anything. This
avoids needing to update ~8 different locations in the file when doing a
toolchain bump to just 1 place.
This did not actually bump the LLVM version (see fixes in #184231) and
will not be necessary now that other patches will be going in forcing a
rebuild anyways.
This patch turns on the prune-unused-branches workflow for everyone
rather than just my user branches now that all feedback from the
discourse thread has been addressed.
Revert branches were not being correctly excluded from the list of
branches to delete as we never even looked for them. Look for them, and
add some comments to explain.
I have verified that after this patch, the workflow only deletes
branches that are not associated with any PR.
I removed some whitespace on a workflow job, which only had spaces.
I did not remove the newline completelty, only the whitespace junk,
which I found by git diffing the head.
The motivator here is that Python allows class methods to be redefined.
But in the vast majority of cases this is a bug. E.g., in our API
test-suite two methods with the same name cause the latest definition to
shadow the earlier, in which case only one test-case runs. This happens
silently. Every couple of months i've been running the script from
https://github.com/llvm/llvm-project/pull/97043 manually on the
code-base and it catches a handful of these every time.
This patch sets up a github action that runs on pull requests that
change any files under `lldb/test/API`. The action runs `pylint` on the
changed Python files. The caveat here is that `pylint` isn't set up to
run cleanly on our test-suite. So I just use the [specific redefinition
error
code](https://pylint.readthedocs.io/en/stable/user_guide/messages/error/function-redefined.html).
Any other errors won't cause `pylint` to fail for now (hence the
`--error-under=0`).
Here's an example:
<img width="1412" height="367" alt="Screenshot From 2026-02-20 10-29-28"
src="https://github.com/user-attachments/assets/20093be8-a122-4e17-944a-4472eb12ab25"
/>
Some of the libc full build tests also run on AArch64 machines. We need
to build an ARM container or otherwise the container fails to start and
we never end up running anything.
Add git/cmake which are needed by the workflow. Add some comments pulled
from the libc workflow. Also use a user rather than running as root to
prevent file permissions tests from failing.
This will let us run the libc full build tests inside of a container
which means that we have same time by not having to install dependencies
on every run in addition to not running into issues due to dependencies
failing to install particularly around LLVM releases with the llvm.sh
script.
Some users (as reported in the discourse thread) use user branches
purely as a diff base for cross repo pull requests. This patch makes it
so that we do not delete branches that are used in this way.
This replaces the use of an access token associated with the llvmbot
account with one that is generated by a GitHub App. This is slightly
better, because it eliminates the need to periodically rotate the
llvmbot tokens, which is difficult to do, since it requires sharing a
password and 2fa code among all the admins.
The tokens generated by the app automatically expire after an hour, and
the private key that is used to request it can be easily rotated by an
LLVM Organization owner. Also, since a single private key can be used to
generate many tokens, there is only one secret to rotate instead of
many.
This reverts commit 31f31dd9d0460834f2ae67247d3886fec4931d6d.
This commit was causing PRs to be spammed with messages like:
"llvmbot temporarily deployed to main-branch-only — with GitHub Actions
Inactive"
This was causing confusion, and is not worth the marginal security
benefit. I also think this can be avoided by using called workflows, but
I still need to investigate this.
