eclipse-score · Komal362000 · May 8, 2026 · May 10, 2026 · May 11, 2026 · May 11, 2026
@@ -0,0 +1,76 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Clang-Tidy Analysis
+
+on:
+  workflow_call:
+    outputs:
+      duration-seconds:
+        description: Runtime of the clang-tidy check in seconds.
+        value: ${{ jobs.clang_tidy.outputs.duration-seconds }}
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: clang_tidy_analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  ANDROID_HOME: ""
+  ANDROID_SDK_ROOT: ""
+
+jobs:
+  clang_tidy:
+    runs-on: ubuntu-24.04
+    outputs:
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
+    steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Free Disk Space (Ubuntu)
+        uses: eclipse-score/more-disk-space@v1
+        with:
+          level: 4
+
+      - uses: castler/setup-bazel@8818d35864b4088fb3a12e7a3191777dc418fd69
+        with:
+          bazelisk-cache: true
+          disk-cache: "clang_tidy_analysis"
+          disk-cache-key: "main"
+          repository-cache: true
+          cache-save: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Allow linux-sandbox
+        uses: ./actions/unblock_user_namespace_for_linux_sandbox
+
+      - name: Run clang-tidy analysis
+        run: |
+          bazel build //... --aspects=//:tools/lint/linters.bzl%clang_tidy_aspect
+
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "clang-tidy duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"
@@ -0,0 +1,116 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: CodeQL Analysis
+
+on:
+  workflow_call:
+    outputs:
+      duration-seconds:
+        description: Runtime of the CodeQL check in seconds.
+        value: ${{ jobs.codeql.outputs.duration-seconds }}
+  workflow_dispatch:
+
+permissions:
+  actions: read
+  contents: read
+  security-events: write
+
+concurrency:
+  group: codeql_analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  ANDROID_HOME: ""
+  ANDROID_SDK_ROOT: ""
+
+jobs:
+  codeql:
+    runs-on: ubuntu-24.04
+    outputs:
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
+    steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Free Disk Space (Ubuntu)
+        uses: eclipse-score/more-disk-space@v1
+        with:
+          level: 4
+
+      - name: Setup Bazel with shared caching
+        uses: bazel-contrib/setup-bazel@0.18.0
+        with:
+          bazelisk-cache: true
+          disk-cache: "codeql_analysis"
+          repository-cache: true
+          # --config=codeql sets --disk_cache= (disabled), so saving the disk cache
+          # would always write an empty entry. Bazelisk cache and repo cache are still useful.
+          cache-save: false
+
+      - name: Allow linux-sandbox
+        uses: ./actions/unblock_user_namespace_for_linux_sandbox
+
+      - name: Run CodeQL via Bazel
+        run: |
+          bazel run //quality/static_analysis:codeql_lint -- --target=//...
+
+      - name: Locate SARIF output
+        if: always()
+        id: sarif_path
+        run: |
+          OUTPUT_PATH="$(bazel info output_path)"
+          echo "sarif=${OUTPUT_PATH}/codeql.sarif" >> "$GITHUB_OUTPUT"
+          echo "csv=${OUTPUT_PATH}/codeql.csv" >> "$GITHUB_OUTPUT"
+
+      - name: Check SARIF file exists
+        if: always()
+        id: sarif_check
+        run: |
+          if [ -f "${{ steps.sarif_path.outputs.sarif }}" ]; then
+            echo "exists=true" >> "$GITHUB_OUTPUT"
+          else
+            echo "exists=false" >> "$GITHUB_OUTPUT"
+            echo "No SARIF file found — skipping upload."
+          fi
+
+      - name: Upload SARIF to GitHub Security tab
+        if: always() && steps.sarif_check.outputs.exists == 'true'
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.sarif_path.outputs.sarif }}
+          category: codeql-misra-cpp
+
+      - name: Upload CodeQL artifacts
+        if: always() && steps.sarif_check.outputs.exists == 'true'
+        uses: actions/upload-artifact@v4
+        with:
+          name: codeql-results-${{ github.sha }}
+          path: |
+            ${{ steps.sarif_path.outputs.sarif }}
+            ${{ steps.sarif_path.outputs.csv }}
+          if-no-files-found: ignore
+
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "CodeQL duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"
@@ -18,6 +18,9 @@ on:
       artifact-name:
         description: 'Name of the coverage report artifact'
         value: ${{ jobs.coverage_report.outputs.artifact-name }}
+      duration-seconds:
+        description: Runtime of the coverage check in seconds.
+        value: ${{ jobs.coverage_report.outputs.duration-seconds }}
 
 permissions:
   contents: read
@@ -33,8 +36,13 @@ jobs:
     runs-on: ubuntu-24.04
     outputs:
       artifact-name: ${{ steps.set-artifact-name.outputs.artifact-name }}
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
 
     steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
       - name: Checkout Repository
         uses: actions/checkout@v6.0.2
 
@@ -93,4 +101,14 @@ jobs:
           name: ${{ steps.set-artifact-name.outputs.artifact-name }}
           path: ${{ github.event.repository.name }}_coverage_report_${{ github.sha }}.zip
 
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "Coverage duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"
+
 
@@ -0,0 +1,78 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Coverity Analysis
+
+on:
+  workflow_call:
+    outputs:
+      duration-seconds:
+        description: Runtime of the Coverity check in seconds.
+        value: ${{ jobs.coverity.outputs.duration-seconds }}
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: coverity_analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  ANDROID_HOME: ""
+  ANDROID_SDK_ROOT: ""
+
+jobs:
+  coverity:
+    runs-on: ubuntu-24.04
+    outputs:
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
+    steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Free Disk Space (Ubuntu)
+        uses: eclipse-score/more-disk-space@v1
+        with:
+          level: 4
+
+      - uses: castler/setup-bazel@8818d35864b4088fb3a12e7a3191777dc418fd69
+        with:
+          bazelisk-cache: true
+          disk-cache: "coverity_analysis"
+          disk-cache-key: "main"
+          repository-cache: true
+          cache-save: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Allow linux-sandbox
+        uses: ./actions/unblock_user_namespace_for_linux_sandbox
+
+      - name: Run Coverity scan
+        run: |
+          echo "Coverity integration placeholder"
+          echo "To enable: configure Coverity account and API token in secrets"
+          bazel build //...
+
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "Coverity duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"