Skip to content

Comments

Clean permissions of workflows and enable coverage reporting for PRs#152

Draft
LittleHuba wants to merge 19 commits intomainfrom
ulhu_add_perms_to_workflows
Draft

Clean permissions of workflows and enable coverage reporting for PRs#152
LittleHuba wants to merge 19 commits intomainfrom
ulhu_add_perms_to_workflows

Conversation

@LittleHuba
Copy link
Contributor

@LittleHuba LittleHuba commented Feb 3, 2026

Reduce the permissions of all workflows as far as possible. Further, actively specify permissions as action to the codeql findings.

This also enables us to run the coverage report workflow on PRs.

@LittleHuba LittleHuba force-pushed the ulhu_add_perms_to_workflows branch 6 times, most recently from 4a6af2e to 9019459 Compare February 20, 2026 12:54
@LittleHuba
Fix ABI test for LLVM
f8a5e30 
LLVM toolchain uses the builtin libc++ to remain hermetic.
This implementation of the standard library does not support
fancy pointers (like offset pointers) in std::basic_string.
This is required for shared memory allocators though.

The correct solution would be to provide a sysroot to the
LLVM toolchain that contains libstdc++.
Because of the amount of effort to achieve this we take the shortcut for the moment and deactivate the problematic code.
@LittleHuba
Fix flakiness of integration tests (1/2)
92f0dde 
Many of the integration tests had race conditions.
Most expected that the service is there once the client searches for it.
But there was no synchronization between the skeleton offer being made
available and the client doing a one-time FindService call.

Switches to StartFindService to effectively synchronize the service
discovery.
@LittleHuba
Fix flakiness of integration tests (2/2)
42b5564 
StartFindService does not provide incremental updates of new
service offers. Instead, it gives the full list of existing
service offers at that current moment.
User applications must filter out the diff on their own.

Uses an unordered_map to correctly filter for individual service
offers.
@LittleHuba
Fix lock inversion
4680d60 
Thread sanitizer highlighted a lock inversion in this test.
By adding a lock that spans the FindServiceHandler and the
creation of a proxy, we get this inversion.

The handler runs under a lock held in the service discovery.
The proxy also calls the service discovery.
Connecting both creates the lock inversion.

Solves the lock inversion by storing the handle required for
the proxy creation locally and then unlocking the mutex before
the proxy creation.
@LittleHuba
Fix data race in transaction log set
add584b 
When multiple proxies try to do a rollback at the same time,
the rollback may be performed multiple times.

Fixes the data race by making the relevant flag atomic.
@LittleHuba
Revert "fix: Use libstdc++ instead of libc++ for LLVM toolchain"
b6f44b3 
This reverts commit 6935fea.
@LittleHuba
Update dependencies
20eeeeb 
The new S-CORE GCC toolchain requires a very specific host
platform to be manually selected. This is not suitable for
our default toolchain setup.

Therefore, we move this toolchain to a specific configuration
and use an opensource GCC toolchain as alternative.
@LittleHuba
Drop manual selection of host platform for QNX configs
92d2f61 
Manually specifying the host platform can lead to tremendous
problems if the specified host platform does match the actual
platform.

Removes the selection to let Bazel automatically select the
appropriate host platform.
@LittleHuba
Clean permissions of workflows and enable coverage reporting for PRs
afb956a 
Reduce the permissions of all workflows as far as possible.
Further, actively specify permissions as action to the codeql findings.

This also enables us to run the coverage report workflow on PRs.
@LittleHuba
Simplify build_and_test_host to support more scenarios
0e15b73 
Makes workflow more versatile to support testing more toolchains.
@LittleHuba
Alphabetically order packages in ubuntu image manifest
6416a1c
@LittleHuba
Add libstdc++6 to packages in Ubuntu image manifest
88bd7ce
@LittleHuba
Add additional exclusions in QNX build
b22ee9f 
These targets fail with the QNX toolchains.
Since both targets are about documentation, fixing this has very
low priority.
@LittleHuba
Enable sanitizer backtraces in integration tests
0cae64f 
Sanitizers rely on the addr2line utility to
symbolize the backtraces in their reports.

Adds this tool to the Ubuntu image.
@LittleHuba
Introduce support for suppressions in sanitizers
88986d5
@LittleHuba
Provide better information to bazel about integration_test size
f0ab9e1 
Bazel requires more information about test size to
determine concurrent execution capabilities.
@LittleHuba
Do not duplicate logs in integration tests
a1118cc
@LittleHuba
Use canonical reproducable way of fetching codeql_coding_standards
ff7f35f
@LittleHuba
Suppress findings of thread sanitizer
04daac4 
Some findings of the thread sanitizer are not easy to fix.
For these findings tickets were created and the test was
disabled.
@LittleHuba LittleHuba force-pushed the ulhu_add_perms_to_workflows branch from 9019459 to 04daac4 Compare February 20, 2026 17:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@castler castler Awaiting requested review from castler castler will be requested when the pull request is marked ready for review castler is a code owner

@hoe-jo hoe-jo Awaiting requested review from hoe-jo hoe-jo will be requested when the pull request is marked ready for review hoe-jo is a code owner

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LittleHuba