[clang-tools-extra] [llvm] [Github][CI] Add default gha user for tooling containers (PR #164294)
Baranov Victor via llvm-commits
llvm-commits at lists.llvm.org
Fri Oct 24 15:15:52 PDT 2025
https://github.com/vbvictor updated https://github.com/llvm/llvm-project/pull/164294
>From e21c01db0cfeae856cb2f88d64f6fb8cd760fa85 Mon Sep 17 00:00:00 2001
From: Victor Baranov <bar.victor.2002 at gmail.com>
Date: Mon, 20 Oct 2025 21:14:57 +0300
Subject: [PATCH 1/5] [Github][CI] Add default gha user for tooling containers
---
.../containers/github-action-ci-tooling/Dockerfile | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/.github/workflows/containers/github-action-ci-tooling/Dockerfile b/.github/workflows/containers/github-action-ci-tooling/Dockerfile
index 9d2aaf6bbd48a..4135ae839cd47 100644
--- a/.github/workflows/containers/github-action-ci-tooling/Dockerfile
+++ b/.github/workflows/containers/github-action-ci-tooling/Dockerfile
@@ -37,6 +37,11 @@ RUN apt-get update && \
apt-get clean && \
rm -rf /var/lib/apt/lists/*
+# Create a new user with id 1001 as that is the user id that
+# Github Actions uses to perform the checkout action.
+RUN useradd gha -u 1001 -m -s /bin/bash
+RUN adduser gha sudo
+RUN echo '%sudo ALL=(ALL) NOPASSWD:ALL' >> /etc/sudoers
FROM base AS ci-container-code-format
ARG LLVM_VERSION
@@ -51,6 +56,8 @@ ENV PATH=${LLVM_SYSROOT}/bin:${PATH}
COPY llvm/utils/git/requirements_formatting.txt requirements_formatting.txt
RUN pip install -r requirements_formatting.txt --break-system-packages && \
rm requirements_formatting.txt
+USER gha
+WORKDIR /home/gha
FROM base AS ci-container-code-lint
@@ -80,3 +87,5 @@ RUN apt-get update && \
COPY llvm/utils/git/requirements_linting.txt requirements_linting.txt
RUN pip install -r requirements_linting.txt --break-system-packages && \
rm requirements_linting.txt
+USER gha
+WORKDIR /home/gha
>From c8f08a1f25ec79d7cf0427385794b26b54816807 Mon Sep 17 00:00:00 2001
From: Victor Baranov <bar.victor.2002 at gmail.com>
Date: Sat, 25 Oct 2025 01:03:31 +0300
Subject: [PATCH 2/5] add code violations and test container
---
.github/workflows/pr-code-format.yml | 10 +---------
clang-tools-extra/clang-tidy/ClangTidy.cpp | 2 +-
llvm/utils/git/code-format-helper.py | 2 +-
3 files changed, 3 insertions(+), 11 deletions(-)
diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 2b85d8b59869c..4ff6bae30f5ce 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -13,7 +13,7 @@ jobs:
code_formatter:
runs-on: ubuntu-24.04
container:
- image: 'ghcr.io/llvm/ci-ubuntu-24.04-format'
+ image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha'
timeout-minutes: 30
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
@@ -25,14 +25,6 @@ jobs:
with:
fetch-depth: 2
- # We need to set the repo checkout as safe, otherwise tj-actions/changed-files
- # will fail due to the changed ownership inside the container.
- # TODO(boomanaiden154): We should probably fix this by having the default user
- # in the container have the same ID as the GHA user on the host.
- - name: Set Safe Directory
- run: |
- chown -R root $(pwd)
-
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files at ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
diff --git a/clang-tools-extra/clang-tidy/ClangTidy.cpp b/clang-tools-extra/clang-tidy/ClangTidy.cpp
index 7e18f3806a143..2f6f992ae3d66 100644
--- a/clang-tools-extra/clang-tidy/ClangTidy.cpp
+++ b/clang-tools-extra/clang-tidy/ClangTidy.cpp
@@ -70,7 +70,7 @@ class AnalyzerDiagnosticConsumer : public ento::PathDiagnosticConsumer {
public:
AnalyzerDiagnosticConsumer(ClangTidyContext &Context) : Context(Context) {}
- void FlushDiagnosticsImpl(std::vector<const ento::PathDiagnostic *> &Diags,
+ void FlushDiagnosticsImpl( std::vector<const ento::PathDiagnostic *> &Diags,
FilesMade *FilesMade) override {
for (const ento::PathDiagnostic *PD : Diags) {
SmallString<64> CheckName(AnalyzerCheckNamePrefix);
diff --git a/llvm/utils/git/code-format-helper.py b/llvm/utils/git/code-format-helper.py
index 406a72817acb8..9a7d3ab8532cf 100755
--- a/llvm/utils/git/code-format-helper.py
+++ b/llvm/utils/git/code-format-helper.py
@@ -265,7 +265,7 @@ def format_run(self, changed_files: List[str], args: FormatArgs) -> Optional[str
proc = subprocess.run(cf_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
sys.stdout.write(proc.stderr.decode("utf-8"))
- if proc.returncode != 0:
+ if proc.returncode != 0:
# formatting needed, or the command otherwise failed
if args.verbose:
print(f"error: {self.name} exited with code {proc.returncode}")
>From 1d0d99420a548f93cf7a91ced75412f96e41bcf0 Mon Sep 17 00:00:00 2001
From: Victor Baranov <bar.victor.2002 at gmail.com>
Date: Sat, 25 Oct 2025 01:06:14 +0300
Subject: [PATCH 3/5] add latest tag
---
.github/workflows/pr-code-format.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 4ff6bae30f5ce..26db18e42840f 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -13,7 +13,7 @@ jobs:
code_formatter:
runs-on: ubuntu-24.04
container:
- image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha'
+ image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha:latest'
timeout-minutes: 30
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
>From 6787f720deec2f555722e0ff43cdb2952c15aca2 Mon Sep 17 00:00:00 2001
From: Victor Baranov <bar.victor.2002 at gmail.com>
Date: Sat, 25 Oct 2025 01:15:18 +0300
Subject: [PATCH 4/5] Revert "add latest tag"
This reverts commit 1d0d99420a548f93cf7a91ced75412f96e41bcf0.
---
.github/workflows/pr-code-format.yml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 26db18e42840f..4ff6bae30f5ce 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -13,7 +13,7 @@ jobs:
code_formatter:
runs-on: ubuntu-24.04
container:
- image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha:latest'
+ image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha'
timeout-minutes: 30
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
>From fa5a841a26e4862c9ee018c5f3d60c28d9ea0107 Mon Sep 17 00:00:00 2001
From: Victor Baranov <bar.victor.2002 at gmail.com>
Date: Sat, 25 Oct 2025 01:15:30 +0300
Subject: [PATCH 5/5] Revert "add code violations and test container"
This reverts commit c8f08a1f25ec79d7cf0427385794b26b54816807.
---
.github/workflows/pr-code-format.yml | 10 +++++++++-
clang-tools-extra/clang-tidy/ClangTidy.cpp | 2 +-
llvm/utils/git/code-format-helper.py | 2 +-
3 files changed, 11 insertions(+), 3 deletions(-)
diff --git a/.github/workflows/pr-code-format.yml b/.github/workflows/pr-code-format.yml
index 4ff6bae30f5ce..2b85d8b59869c 100644
--- a/.github/workflows/pr-code-format.yml
+++ b/.github/workflows/pr-code-format.yml
@@ -13,7 +13,7 @@ jobs:
code_formatter:
runs-on: ubuntu-24.04
container:
- image: 'ghcr.io/llvm/ci-ubuntu-24.04-format-fix-gha'
+ image: 'ghcr.io/llvm/ci-ubuntu-24.04-format'
timeout-minutes: 30
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
@@ -25,6 +25,14 @@ jobs:
with:
fetch-depth: 2
+ # We need to set the repo checkout as safe, otherwise tj-actions/changed-files
+ # will fail due to the changed ownership inside the container.
+ # TODO(boomanaiden154): We should probably fix this by having the default user
+ # in the container have the same ID as the GHA user on the host.
+ - name: Set Safe Directory
+ run: |
+ chown -R root $(pwd)
+
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files at ed68ef82c095e0d48ec87eccea555d944a631a4c # v46.0.5
diff --git a/clang-tools-extra/clang-tidy/ClangTidy.cpp b/clang-tools-extra/clang-tidy/ClangTidy.cpp
index 2f6f992ae3d66..7e18f3806a143 100644
--- a/clang-tools-extra/clang-tidy/ClangTidy.cpp
+++ b/clang-tools-extra/clang-tidy/ClangTidy.cpp
@@ -70,7 +70,7 @@ class AnalyzerDiagnosticConsumer : public ento::PathDiagnosticConsumer {
public:
AnalyzerDiagnosticConsumer(ClangTidyContext &Context) : Context(Context) {}
- void FlushDiagnosticsImpl( std::vector<const ento::PathDiagnostic *> &Diags,
+ void FlushDiagnosticsImpl(std::vector<const ento::PathDiagnostic *> &Diags,
FilesMade *FilesMade) override {
for (const ento::PathDiagnostic *PD : Diags) {
SmallString<64> CheckName(AnalyzerCheckNamePrefix);
diff --git a/llvm/utils/git/code-format-helper.py b/llvm/utils/git/code-format-helper.py
index 9a7d3ab8532cf..406a72817acb8 100755
--- a/llvm/utils/git/code-format-helper.py
+++ b/llvm/utils/git/code-format-helper.py
@@ -265,7 +265,7 @@ def format_run(self, changed_files: List[str], args: FormatArgs) -> Optional[str
proc = subprocess.run(cf_cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
sys.stdout.write(proc.stderr.decode("utf-8"))
- if proc.returncode != 0:
+ if proc.returncode != 0:
# formatting needed, or the command otherwise failed
if args.verbose:
print(f"error: {self.name} exited with code {proc.returncode}")
More information about the llvm-commits
mailing list