[clang-tools-extra] [llvm] [Github][CI] Add default gha user for tooling containers (PR #164294)

Baranov Victor via llvm-commits llvm-commits at lists.llvm.org
Fri Oct 24 15:03:47 PDT 2025 

https://github.com/vbvictor updated https://github.com/llvm/llvm-project/pull/164294

>From e21c01db0cfeae856cb2f88d64f6fb8cd760fa85 Mon Sep 17 00:00:00 2001
From: Victor Baranov <bar.victor.2002 at gmail.com>
Date: Mon, 20 Oct 2025 21:14:57 +0300
Subject: [PATCH 1/2] [Github][CI] Add default gha user for tooling containers

---
 .../containers/github-action-ci-tooling/Dockerfile       | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/containers/github-action-ci-tooling/Dockerfile b/.github/workflows/containers/github-action-ci-tooling/Dockerfile
index 9d2aaf6bbd48a..4135ae839cd47 100644
--- a/.github/workflows/containers/github-action-ci-tooling/Dockerfile
+++ b/.github/workflows/containers/github-action-ci-tooling/Dockerfile
@@ -37,6 +37,11 @@ RUN apt-get update && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
+# Create a new user with id 1001 as that is the user id that
+# Github Actions uses to perform the checkout action.
+RUN useradd gha -u 1001 -m -s /bin/bash
+RUN adduser gha sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
 
 FROM base AS ci-container-code-format
 ARG LLVM_VERSION
@@ -51,6 +56,8 @@ ENV PATH=${LLVM_SYSROOT}/bin:${PATH}
 COPY llvm/utils/git/requirements_formatting.txt requirements_formatting.txt
 RUN pip install -r requirements_formatting.txt --break-system-packages && \
     rm requirements_formatting.txt
+USER gha
+WORKDIR /home/gha
 
 
 FROM base AS ci-container-code-lint
@@ -80,3 +87,5 @@ RUN apt-get update && \
 COPY llvm/utils/git/requirements_linting.txt requirements_linting.txt
 RUN pip install -r requirements_linting.txt --break-system-packages && \
     rm requirements_linting.txt
+USER gha
+WORKDIR /home/gha

>From c8f08a1f25ec79d7cf0427385794b26b54816807 Mon Sep 17 00:00:00 2001
From: Victor Baranov <bar.victor.2002 at gmail.com>
Date: Sat, 25 Oct 2025 01:03:31 +0300
Subject: [PATCH 2/2] add code violations and test container

---
 .github/workflows/pr-code-format.yml       | 10 +---------
 clang-tools-extra/clang-tidy/ClangTidy.cpp |  2 +-
 llvm/utils/git/code-format-helper.py       |  2 +-
 3 files changed, 3 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 2b85d8b59869c..4ff6bae30f5ce 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -13,7 +13,7 @@ jobs:
   code_formatter:
     runs-on: ubuntu-24.04
     container:
-      image: 'ghcr.io/llvm/ci-ubuntu-24.04-format'
+      image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha'
     timeout-minutes: 30
     concurrency:
       group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
@@ -25,14 +25,6 @@ jobs:
         with:
           fetch-depth: 2
 
-      # We need to set the repo checkout as safe, otherwise tj-actions/changed-files
-      # will fail due to the changed ownership inside the container.
-      # TODO(boomanaiden154): We should probably fix this by having the default user
-      # in the container have the same ID as the GHA user on the host.
-      - name: Set Safe Directory
-        run: |
-          chown -R root $(pwd)
-
       - name: Get changed files
         id: changed-files
         uses: tj-actions/changed-files at ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
diff --git a/clang-tools-extra/clang-tidy/ClangTidy.cpp b/clang-tools-extra/clang-tidy/ClangTidy.cpp
index 7e18f3806a143..2f6f992ae3d66 100644
--- a/clang-tools-extra/clang-tidy/ClangTidy.cpp
+++ b/clang-tools-extra/clang-tidy/ClangTidy.cpp
@@ -70,7 +70,7 @@ class AnalyzerDiagnosticConsumer : public ento::PathDiagnosticConsumer {
 public:
   AnalyzerDiagnosticConsumer(ClangTidyContext &Context) : Context(Context) {}
 
-  void FlushDiagnosticsImpl(std::vector<const ento::PathDiagnostic *> &Diags,
+  void FlushDiagnosticsImpl(  std::vector<const ento::PathDiagnostic *> &Diags,
                             FilesMade *FilesMade) override {
     for (const ento::PathDiagnostic *PD : Diags) {
       SmallString<64> CheckName(AnalyzerCheckNamePrefix);
diff --git a/llvm/utils/git/code-format-helper.py b/llvm/utils/git/code-format-helper.py
index 406a72817acb8..9a7d3ab8532cf 100755
--- a/llvm/utils/git/code-format-helper.py
+++ b/llvm/utils/git/code-format-helper.py
@@ -265,7 +265,7 @@ def format_run(self, changed_files: List[str], args: FormatArgs) -> Optional[str
         proc = subprocess.run(cf_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
         sys.stdout.write(proc.stderr.decode("utf-8"))
 
-        if proc.returncode != 0:
+        if proc.returncode    != 0:
             # formatting needed, or the command otherwise failed
             if args.verbose:
                 print(f"error: {self.name} exited with code {proc.returncode}")

More information about the llvm-commits mailing list