Skip to content

maintenance/workflows audit#687

Open
greenc-FNAL wants to merge 7 commits into
mainfrom
maintenance/workflows-audit
Open

maintenance/workflows audit#687
greenc-FNAL wants to merge 7 commits into
mainfrom
maintenance/workflows-audit

Conversation

@greenc-FNAL

Copy link
Copy Markdown
Contributor
  • Add audit report for CI workflows and reusable actions
  • Add guide for generating and executing Kilo plans
  • Migrate devcontainer to Docker Compose and update toolchain
  • docs: update Kilo plan generation and execution guide
  • docs: rename plan agent to genplan and expand execution guide
  • ci: implement workflow audit recommendations
  • feat: fold long CodeQL alert lists in PR comments behind
    Details blocks

Introduce a comprehensive audit of GitHub Actions workflows across the `phlex` monorepo and sibling `action/*` repositories.

The report analyzes:
- Structural consistency and naming of `workflow_call` inputs.
- Trigger correctness and `if:` gating logic.
- Fork-PR compatibility, highlighting failures in `*-fix` workflows.
- Permission minimality and `WORKFLOW_PAT` usage.
- CI parity between the primary repo and action repositories.

It concludes with prioritized recommendations to improve security (least-privilege tokens), reliability (split-workflow pattern for forks), and maintainability (centralized CI sync script).
Create a new developer guide explaining the workflow for producing and
running structured execution plans using the Kilo agent system.

The documentation covers:
- Using the `plan` sub-agent to generate JSON-based execution plans.
- The structure of a plan, including idempotency, step definitions,
  and model selection.
- Executing plans via the `orchestrate` agent.
- Model selection policies and verification using `prek`.
Switch `devcontainer.json` to use `docker-compose.yml` for service
definition, volume mounts, and environment variables to improve
configurability and consistency.

Key changes include:
- Update `Dockerfile` to use a pinned base image (`2026-06-24`), install
  additional utilities (`jq`, `tree`, `yq`), and upgrade Node.js to 26.x.
- Replace `kiro-cli` with `@kilocode/cli` installed via npm.
- Refactor `KILO_CONFIG_CONTENT` handling: `ensure-repos.sh` now
  generates a `.phlex-kilo.env` file on the host which is loaded by
  Docker Compose. This ensures the VS Code plugin receives the correct
  configuration (including the `host.docker.internal` relay) at startup,
  replacing the previous `.bashrc` modification in `post-create.sh`.
- Remove Copilot-related extensions and settings from the workspace
  and devcontainer configuration.
Update the guide to reflect recent changes in the Kilo CLI and agent
behavior:

* Update `kilo run` usage to use positional arguments for prompts instead
  of `--prompt` and `--description` flags.
* Rename the `orchestrate` agent to `execute`.
* Document in-flight re-planning, including the `on_error: replan`
  mechanism and the `mode: all` configuration for the `plan` agent.
* Clarify that only `fnal-litellm` provider models are permitted and
  update model examples and defaults.
Rename the `plan` agent to `genplan` to avoid conflicts with the Kilo
CLI's reserved native "Plan mode".

Expand the guide with detailed sections on:
* Model selection policy: Justification for using `gpt-oss-120b` for
  planning and `claude-sonnet-4-6` for orchestration.
* Resuming interrupted executions: Guidance on using `--continue`,
  `--session`, and `--fork` based on plan idempotency.
* Invocation modes: Comparison between non-interactive (headless)
  and interactive (`-i`) modes.
- Create docs/dev/WORKFLOW_CALLS.md documenting reusable workflow
  interfaces, inputs, and trigger models.
- Add scripts/check-gating-block.sh and a corresponding CI job in
  actionlint-check.yaml to enforce consistency of if-gating blocks.
- Standardize boolean inputs in cmake-build.yaml to snake_case
  (perfetto_heap_profile, perfetto_cpu_profile).
- Reduce WORKFLOW_PAT usage in codeql-comment.yaml by switching to
  github.token for PR commenting.
- Update workflow-audit-report.md with corrected analysis on fork
  handling and token requirements, and add
  workflow-audit-implementation-plan.json.
- Apply pre-commit style fixes to form/ and test/python/.
…ocks

Add _render_section() function to wrap alert sections exceeding _FOLD_THRESHOLD
(10 items) in collapsible <details> blocks, improving readability of PR
comments with many alerts. Short lists remain unwrapped.

Replace all _format_section() calls with _render_section() in build_comment()
and _build_multi_section_comment(), passing appropriate summary labels for
each section (new alerts, resolved alerts, etc.).

Add comprehensive test coverage for _render_section() including:
- Short lists not folded
- Long lists wrapped with proper <details>/<summary> structure
- Blank line separation for GFM Markdown rendering inside <details>
- All bullets preserved when folded

Add integration tests verifying folding behavior in build_comment() and
_build_multi_section_comment() workflows.
Copilot AI review requested due to automatic review settings July 2, 2026 02:29
@coderabbitai

coderabbitai Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Warning

Review limit reached

@greenc-FNAL, you've reached your PR review limit, so we couldn't start this review.

Next review available in: 56 minutes

Enable usage-based reviews in Billing to review now. Otherwise, wait until the next included review is available.
You're only billed for reviews past your plan's rate limits ($0.25/file).

How can I continue?

After more reviews become available, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

To avoid repeated limits, reduce automatic review volume by pausing incremental auto-reviews earlier, using label-based review opt-in, excluding WIP or generated PR titles, or requesting reviews manually when the PR is ready. If your team needs uninterrupted high-volume reviews, an organization admin can enable usage-based reviews.

How do review limits work?

CodeRabbit enforces per-developer PR review limits for each organization. Most developers receive the normal plan review availability.

For paid Pro and Pro+ PR reviews, CodeRabbit uses adaptive limits for sustained high-volume activity. When a developer's recent PR review activity reaches the 95th percentile or higher among CodeRabbit users, additional reviews become available more gradually as earlier reviews age out of the rolling window.

Please refer docs for additional details.

Review details
⚙️ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 93186a85-28be-4334-ad63-515896721936

📥 Commits

Reviewing files that changed from the base of the PR and between cf6781a and 289d8d3.

📒 Files selected for processing (20)
  • .devcontainer/Dockerfile
  • .devcontainer/codespace.code-workspace
  • .devcontainer/devcontainer.json
  • .devcontainer/docker-compose.yml
  • .devcontainer/ensure-repos.sh
  • .devcontainer/post-create.sh
  • .github/workflows/actionlint-check.yaml
  • .github/workflows/cmake-build.yaml
  • .github/workflows/codeql-comment.yaml
  • docs/dev/WORKFLOW_CALLS.md
  • docs/dev/generating-executing-kilo-plans.md
  • docs/dev/workflow-audit-implementation-plan.json
  • docs/dev/workflow-audit-report.md
  • form/root_storage/root_rfield_read_container.cpp
  • plugins/python/python/phlex/_typing.py
  • scripts/check-gating-block.sh
  • scripts/check_codeql_alerts.py
  • scripts/test/test_check_codeql_alerts.py
  • test/python/adder.py
  • test/python/jited.py
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch maintenance/workflows-audit

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands.

Comment on lines +132 to +140
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
with:
ref: ${{ needs.setup.outputs.ref }}
path: ${{ needs.setup.outputs.checkout_path }}
repository: ${{ needs.setup.outputs.repo }}
persist-credentials: false

- name: Verify gating-block consistency

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR consolidates a “workflow audit” effort by documenting current GitHub Actions patterns (and recommended policies), adding CI guardrails for workflow gating blocks, improving CodeQL PR-comment readability by folding long alert lists, and updating the devcontainer implementation to a Docker Compose-based setup with refreshed tooling.

Changes:

  • Add workflow audit documentation (report, implementation plan JSON, and WORKFLOW_CALLS.md) plus a Kilo plan generation/execution guide.
  • Add a gating-block verification script and wire it into actionlint-check as an additional CI job.
  • Improve operational UX: fold long CodeQL alert sections behind <details>, standardize Perfetto workflow_dispatch input names, and migrate devcontainer to Docker Compose with updated toolchain.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
test/python/jited.py Minor numeric-literal and formatting normalization for tests.
test/python/adder.py Formatting/indent consistency in an error-path test.
scripts/test/test_check_codeql_alerts.py Adds unit coverage for the new _render_section folding behavior.
scripts/check-gating-block.sh New script to assert required gating phrases exist in workflow files.
scripts/check_codeql_alerts.py Implements folding of long CodeQL alert sections via <details> blocks.
plugins/python/python/phlex/_typing.py Formatting-only adjustments.
form/root_storage/root_rfield_read_container.cpp Minor C++ style tweak (east-const style in catch).
docs/dev/workflow-audit-report.md Adds an audit report capturing workflow semantics and recommendations.
docs/dev/workflow-audit-implementation-plan.json Adds a machine-readable implementation plan for audit recommendations.
docs/dev/WORKFLOW_CALLS.md Adds a reusable-workflow input/usage reference document.
docs/dev/generating-executing-kilo-plans.md Adds a guide for generating/executing Kilo plans (genplan/execute).
.github/workflows/codeql-comment.yaml Uses github.token for comment write actions (PAT retained for artifact download).
.github/workflows/cmake-build.yaml Renames perfetto workflow_dispatch inputs to snake_case and updates references.
.github/workflows/actionlint-check.yaml Adds gating_check job to run the gating-block verification script.
.devcontainer/post-create.sh Removes KILO_CONFIG_CONTENT shell wiring and kiro-cli install.
.devcontainer/ensure-repos.sh Generates .phlex-kilo.env for Docker Compose/devcontainer Kilo config injection.
.devcontainer/Dockerfile Pins base image tag and installs additional dev utilities + Node/Kilo CLI.
.devcontainer/docker-compose.yml New Compose definition for the devcontainer service and mounts.
.devcontainer/devcontainer.json Switches from Dockerfile-only to Docker Compose-based devcontainer config.
.devcontainer/codespace.code-workspace Removes Copilot Chat recommendation from the workspace file.

Comment on lines +539 to +540
class TestRenderSection:
"""Tests for TestRenderSection."""
Comment on lines +4 to +5
# Verify that the shared if-gating blocks are present and consistent across
# GitHub Actions workflows. Exits 1 if any required phrase is missing.
Comment thread .devcontainer/Dockerfile
Comment on lines 95 to +100
apt-get update
apt-get install -y --no-install-recommends ssh podman socat
apt-get install -y --no-install-recommends jq podman ssh socat tree yq
apt purge nodejs npm -y && apt autoremove -y || true
sudo apt-get install -y curl
curl -fsSL https://deb.nodesource.com/setup_26.x | bash -
apt-get install -y nodejs
Comment on lines +108 to +111
github.event_name == 'issue_comment' &&
github.event.issue.pull_request &&
contains(fromJSON('["OWNER","COLLABORATOR","MEMBER"]'), github.event.comment.author_association) &&
startsWith(github.event.comment.body, format('@{0}bot <name>', github.event.repository.name))
Comment on lines +189 to +199
# Generate .env file for the devcontainer to provide KILO_CONFIG_CONTENT
# to the VS Code plugin. This must be done on the host because the plugin
# needs this environment variable at server startup.
if [ -f "${HOME}/.config/kilo/kilo.jsonc" ]; then
# Replace the baseURL for fnal-litellm specifically.
# The range /"fnal-litellm"/,/baseURL/ ensures we only modify the correct provider.
# We avoid stripping comments with sed to prevent corrupting URLs (https://),
# as the Kilo plugin's JSONC parser handles comments correctly.
KILO_CONFIG_CONTENT="$(perl -0777 -pe 's|("fnal-litellm".*?)"baseURL":\s*"[^"]*"|$1"baseURL": "http://host.docker.internal:'${HEADROOM_RELAY_PORT}'"|s; s/"[^"]*"(*SKIP)(*F)|\/\/.*//g; s/^\s+//gm; s/\n//g' "${HOME}/.config/kilo/kilo.jsonc")"
echo "KILO_CONFIG_CONTENT='${KILO_CONFIG_CONTENT}'" > "${HOME}/.phlex-kilo.env"
fi
@greenc-FNAL

Copy link
Copy Markdown
Contributor Author

21 fixed, 1 new since branch point (cf6781a)
21 fixed, 1 new since previous report on PR (a17225e)

❌ 1 new CodeQL alert since the previous PR commit

  • Warning # 248 actions/untrusted-checkout/medium at .github/workflows/actionlint-check.yaml:132:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.

✅ 21 CodeQL alerts resolved since the previous PR commit

21 resolved alerts
  • Warning # 196 actions/untrusted-checkout-toctou/critical at .github/workflows/clang-tidy-fix.yaml:109:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 227 actions/untrusted-checkout-toctou/high at .github/workflows/clang-format-fix.yaml:94:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 228 actions/untrusted-checkout-toctou/high at .github/workflows/python-fix.yaml:94:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 229 actions/untrusted-checkout/high at .github/workflows/clang-format-fix.yaml:94:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 230 actions/untrusted-checkout/high at .github/workflows/python-fix.yaml:94:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 231 actions/untrusted-checkout-toctou/high at .github/workflows/cmake-format-fix.yaml:94:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 232 actions/untrusted-checkout-toctou/high at .github/workflows/jsonnet-format-fix.yaml:95:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 233 actions/untrusted-checkout/high at .github/workflows/cmake-format-fix.yaml:94:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 234 actions/untrusted-checkout/high at .github/workflows/jsonnet-format-fix.yaml:95:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 235 actions/untrusted-checkout/medium at .github/workflows/clang-format-check.yaml:82:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 236 actions/untrusted-checkout/medium at .github/workflows/actionlint-check.yaml:86:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 237 actions/untrusted-checkout/medium at .github/workflows/clang-tidy-check.yaml:59:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 238 actions/untrusted-checkout/medium at .github/workflows/cmake-format-check.yaml:79:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 239 actions/untrusted-checkout/medium at .github/workflows/cmake-build.yaml:159:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 240 actions/untrusted-checkout/medium at .github/workflows/header-guards-check.yaml:82:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 241 actions/untrusted-checkout/medium at .github/workflows/jsonnet-format-check.yaml:79:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 242 actions/untrusted-checkout/medium at .github/workflows/markdown-check.yaml:82:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 243 actions/untrusted-checkout/medium at .github/workflows/python-check.yaml:84:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 244 actions/untrusted-checkout/medium at .github/workflows/yaml-check.yaml:76:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 245 actions/untrusted-checkout-toctou/high at .github/workflows/coverage.yaml:386:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • ✅ …and 1 more alerts (see Code Scanning for the full list).

❌ 1 new CodeQL alert since the branch point

  • Warning # 248 actions/untrusted-checkout/medium at .github/workflows/actionlint-check.yaml:132:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.

✅ 21 CodeQL alerts resolved since the branch point

21 resolved alerts
  • Warning # 196 actions/untrusted-checkout-toctou/critical at .github/workflows/clang-tidy-fix.yaml:109:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 227 actions/untrusted-checkout-toctou/high at .github/workflows/clang-format-fix.yaml:94:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 228 actions/untrusted-checkout-toctou/high at .github/workflows/python-fix.yaml:94:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 229 actions/untrusted-checkout/high at .github/workflows/clang-format-fix.yaml:94:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 230 actions/untrusted-checkout/high at .github/workflows/python-fix.yaml:94:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 231 actions/untrusted-checkout-toctou/high at .github/workflows/cmake-format-fix.yaml:94:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 232 actions/untrusted-checkout-toctou/high at .github/workflows/jsonnet-format-fix.yaml:95:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
    Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • Warning # 233 actions/untrusted-checkout/high at .github/workflows/cmake-format-fix.yaml:94:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 234 actions/untrusted-checkout/high at .github/workflows/jsonnet-format-fix.yaml:95:9 — Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
    Checkout of untrusted code in a privileged workflow with later potential execution (event trigger: issue_comment).
  • Warning # 235 actions/untrusted-checkout/medium at .github/workflows/clang-format-check.yaml:82:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 236 actions/untrusted-checkout/medium at .github/workflows/actionlint-check.yaml:86:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 237 actions/untrusted-checkout/medium at .github/workflows/clang-tidy-check.yaml:59:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 238 actions/untrusted-checkout/medium at .github/workflows/cmake-format-check.yaml:79:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 239 actions/untrusted-checkout/medium at .github/workflows/cmake-build.yaml:159:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 240 actions/untrusted-checkout/medium at .github/workflows/header-guards-check.yaml:82:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 241 actions/untrusted-checkout/medium at .github/workflows/jsonnet-format-check.yaml:79:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 242 actions/untrusted-checkout/medium at .github/workflows/markdown-check.yaml:82:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 243 actions/untrusted-checkout/medium at .github/workflows/python-check.yaml:84:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 244 actions/untrusted-checkout/medium at .github/workflows/yaml-check.yaml:76:9 — Potential unsafe checkout of untrusted pull request on privileged workflow.
  • Warning # 245 actions/untrusted-checkout-toctou/high at .github/workflows/coverage.yaml:386:9 — Insufficient protection against execution of untrusted code on a privileged workflow (issue_comment).
  • ✅ …and 1 more alerts (see Code Scanning for the full list).

Review the full CodeQL report for details.

@codecov

codecov Bot commented Jul 2, 2026

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.

@@            Coverage Diff             @@
##             main     #687      +/-   ##
==========================================
+ Coverage   83.43%   83.63%   +0.20%     
==========================================
  Files         174      174              
  Lines        6820     6913      +93     
  Branches      837      848      +11     
==========================================
+ Hits         5690     5782      +92     
+ Misses        853      851       -2     
- Partials      277      280       +3     
Flag Coverage Δ
scripts 78.92% <100.00%> (+0.05%) ⬆️
unittests 85.72% <100.00%> (+0.24%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines Coverage Δ
form/root_storage/root_rfield_read_container.cpp 87.09% <100.00%> (ø)
plugins/python/python/phlex/_typing.py 91.25% <100.00%> (-1.06%) ⬇️
scripts/check_codeql_alerts.py 83.99% <100.00%> (+0.14%) ⬆️

... and 4 files with indirect coverage changes


Continue to review full report in Codecov by Harness.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update cf6781a...289d8d3. Read the comment docs.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions

github-actions Bot commented Jul 2, 2026

Copy link
Copy Markdown
Contributor

Clang-Tidy Check Results

Found 5762 issue(s); none are newly introduced by this patch.

All issues by check:

  • readability-identifier-naming: 2132
  • readability-redundant-member-init: 1337
  • portability-template-virtual-member-function: 575
  • performance-unnecessary-value-param: 531
  • readability-avoid-const-params-in-decls: 278
  • modernize-pass-by-value: 215
  • readability-braces-around-statements: 123
  • modernize-use-designated-initializers: 90
  • readability-convert-member-functions-to-static: 85
  • readability-const-return-type: 50
  • modernize-use-auto: 31
  • performance-move-const-arg: 29
  • readability-qualified-auto: 24
  • performance-enum-size: 24
  • readability-redundant-control-flow: 23
  • modernize-use-using: 19
  • modernize-use-equals-default: 17
  • modernize-concat-nested-namespaces: 17
  • readability-math-missing-parentheses: 16
  • modernize-avoid-c-arrays: 15
  • readability-function-size: 14
  • readability-static-definition-in-anonymous-namespace: 14
  • bugprone-branch-clone: 12
  • modernize-return-braced-init-list: 10
  • readability-isolate-declaration: 8
  • modernize-use-starts-ends-with: 8
  • cppcoreguidelines-special-member-functions: 7
  • readability-redundant-access-specifiers: 7
  • readability-container-size-empty: 7
  • modernize-use-ranges: 6
  • readability-inconsistent-declaration-parameter-name: 6
  • bugprone-throw-keyword-missing: 6
  • readability-redundant-casting: 5
  • readability-container-contains: 5
  • modernize-use-std-numbers: 3
  • readability-else-after-return: 2
  • modernize-use-integer-sign-comparison: 2
  • readability-use-anyofallof: 2
  • modernize-make-shared: 1
  • readability-redundant-string-init: 1
  • cppcoreguidelines-rvalue-reference-param-not-moved: 1
  • modernize-use-emplace: 1
  • readability-simplify-boolean-expr: 1
  • modernize-redundant-void-arg: 1
  • performance-avoid-endl: 1

See inline comments for details. Comment @phlexbot tidy-fix to auto-fix.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants