ci: resolve config-audit findings and prune unused tooling#14572
Open
HTRamsey wants to merge 4 commits into
Open
ci: resolve config-audit findings and prune unused tooling#14572HTRamsey wants to merge 4 commits into
HTRamsey wants to merge 4 commits into
Conversation
github-actions
Bot
added
github_actions
Contributor
There was a problem hiding this comment.
Pull request overview
This pull request cleans up CI/lint configuration to address config-audit findings, centralizes self-hosted runner pool selection via .github/runs-on.yml, and removes developer tooling under tools/ that is no longer consumed.
Changes:
- Tighten/normalize repo hygiene configs (
.typos.toml, Renovate/Dependabot, labeler, pre-commit Vale sync) and update pinned toolchain versions (.nvmrc,juston Debian). - Update GitHub Actions workflows to reference named RunsOn runner pools (
runs-on=<run_id>/runner=<pool>) instead of inlining runner specs. - Remove unused tooling directories (custom LSP + editor integrations, locators, log analyzer) and scrub CI/docs references; add a minimal
CHANGELOG.mdpointer and relocate the Windows Store plan doc.
Reviewed changes
Copilot reviewed 40 out of 43 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| tools/setup/install_dependencies/_debian.py | Bumps pinned just version for Debian-based setup. |
| tools/README.md | Removes documentation for deleted tools (LSP/locators/log-analyzer/qtcreator). |
| tools/qtcreator/snippets/qgc-cpp.xml | Removes Qt Creator snippet bundle (tooling removed). |
| tools/qtcreator/README.md | Removes Qt Creator integration docs (tooling removed). |
| tools/qtcreator/lua/QGCTools/QGCTools.lua | Removes Qt Creator Lua extension entrypoint (tooling removed). |
| tools/qtcreator/lua/QGCTools/init.lua | Removes Qt Creator Lua extension implementation (tooling removed). |
| tools/lsp/vscode-extension/tsconfig.json | Removes VS Code extension config (tooling removed). |
| tools/lsp/vscode-extension/src/extension.ts | Removes VS Code extension client code (tooling removed). |
| tools/lsp/vscode-extension/package.json | Removes VS Code extension package manifest (tooling removed). |
| tools/lsp/server.py | Removes custom Python LSP server (tooling removed). |
| tools/lsp/README.md | Removes LSP documentation (tooling removed). |
| tools/lsp/mavlink_parser.py | Removes MAVLink XML parsing helper for LSP (tooling removed). |
| tools/lsp/mavlink_data.py | Removes MAVLink metadata loader for LSP (tooling removed). |
| tools/lsp/goto.py | Removes Fact go-to-definition logic for LSP (tooling removed). |
| tools/lsp/fact_schema.py | Removes Fact schema completion data (tooling removed). |
| tools/lsp/diagnostics.py | Removes LSP diagnostics implementation (tooling removed). |
| tools/lsp/completions/mavlink.py | Removes MAVLink completion provider (tooling removed). |
| tools/lsp/completions/fact.py | Removes Fact JSON completion provider (tooling removed). |
| tools/lsp/completions/init.py | Removes LSP completions module exports (tooling removed). |
| tools/lsp/main.py | Removes module entrypoint for python -m tools.lsp (tooling removed). |
| tools/lsp/init.py | Removes LSP package initializer (tooling removed). |
| tools/log-analyzer/README.md | Removes log analyzer documentation (tooling removed). |
| tools/log-analyzer/analyze_log.py | Removes log analyzer CLI (tooling removed). |
| tools/locators/README.md | Removes locator CLI documentation (tooling removed). |
| tools/locators/qgc_locator.py | Removes locator CLI implementation (tooling removed). |
| ruff.toml | Removes per-file ignores tied to deleted tooling. |
| deploy/windows/qgc-windows-store-plan.md | Adds/moves Windows Store publishing plan doc under deploy/windows/. |
| CHANGELOG.md | Adds a minimal changelog file pointing to user-guide release notes. |
| .typos.toml | Tightens ignore regexes for typos scanning. |
| .pre-commit-config.yaml | Adds a local vale sync hook to ensure Vale styles are present before linting. |
| .nvmrc | Pins Node version. |
| .gitmodules | Removes the (previously empty) gitmodules file. |
| .github/workflows/windows.yml | Switches RunsOn usage to named runner pool(s). |
| .github/workflows/linux.yml | Switches RunsOn usage to named runner pool(s). |
| .github/workflows/docker.yml | Switches RunsOn usage to named runner pool(s). |
| .github/workflows/custom-build.yml | Switches RunsOn usage to named runner pool(s). |
| .github/workflows/ci-scripts.yml | Removes deleted tool directories from triggers/sparse-checkout/compileall. |
| .github/workflows/android.yml | Switches RunsOn usage to named runner pool(s). |
| .github/runs-on.yml | Updates header comment and serves as the central runner pool definition source. |
| .github/renovate.json | Removes dormant git-submodules manager config. |
| .github/lsp.json | Removes orphaned file tied to deleted tooling. |
| .github/labeler.yml | Fixes stale/incorrect globs (VideoReceiver removal; Comms path casing). |
| .github/dependabot.yml | Removes Dependabot updates for deleted VS Code extension. |
Comment on lines
5
to
10
| extend-ignore-identifiers-re = [ | ||
| # Hexadecimal values | ||
| "[0-9a-fA-F]+", | ||
| # 0x-prefixed hex literals and long bare hex/hash strings (SHAs, colors). | ||
| # Must stay anchored — a bare "[0-9a-fA-F]+" exempts any word with a-f, hiding real typos. | ||
| "\\b0x[0-9a-fA-F]+\\b", | ||
| "\\b[0-9a-fA-F]{6,}\\b", | ||
| ] |
Comment on lines
+152
to
+159
| - id: vale-sync | ||
| name: vale sync (download styles) | ||
| language: golang | ||
| additional_dependencies: | ||
| - 'github.com/errata-ai/vale/v3@v3.14.2' | ||
| entry: vale sync | ||
| files: ^docs/ | ||
| pass_filenames: false |
Config/CI hygiene: - .typos.toml: anchor extend-ignore-identifiers-re so a bare hex regex no longer exempts any word containing a-f and mask real typos - .github/labeler.yml: drop stale src/VideoReceiver path, fix Comms glob - .github/renovate.json: strip dormant git-submodules manager (Dependabot is the SSOT for GitHub Actions; see dependabot.yml) - .github/runs-on.yml + workflows: reference named runner pools via runs-on=<run_id>/runner=<pool> instead of inline family= specs - .pre-commit-config.yaml: add local vale-sync hook to fetch prose styles - .gitmodules: remove empty file - CHANGELOG.md: add, linking to the user-guide What's New page - .nvmrc / install_dependencies: pin node 24, just 1.53.0 Remove unused tooling (CLIs nothing consumes but their own CI smoke test): - tools/lsp + vscode-extension + qtcreator (custom LSP triad and its two editor frontends) - tools/locators, tools/log-analyzer - .github/lsp.json (orphaned 0-byte file) - scrub ci-scripts.yml path triggers/sparse-checkout/compileall, ruff.toml exceptions, dependabot.yml npm entry, and tools/README sections Move qgc-windows-store-plan.md to deploy/windows/.
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #14572 +/- ##
==========================================
+ Coverage 25.47% 30.42% +4.95%
==========================================
Files 769 787 +18
Lines 65912 67460 +1548
Branches 30495 31258 +763
==========================================
+ Hits 16788 20522 +3734
+ Misses 37285 33029 -4256
- Partials 11839 13909 +2070
Flags with carried forward coverage won't be shown. Click here to find out more. Continue to review full report in Codecov by Harness.
🚀 New features to boost your workflow:
|
Replace ~50 raw ::error::/::warning::/::notice:: print() sites across the .github/scripts Python suite with gh_error/gh_warning/gh_notice helpers added to tools/common/gh_actions.py. The helpers percent-encode message payloads and emit to stdout, centralizing the workflow-command format. Update the android_sdk_helper and android_build_retry tests to assert on stdout to match the helper's emission target.
HTRamsey
force-pushed
the
CI-Refactor
branch
2 times, most recently
from
d01dc35 to
bee781d
Compare
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| steps: | ||
| - name: Enable RunsOn magic cache | ||
| if: github.repository_owner == 'mavlink' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) | ||
| uses: runs-on/action@v2 |
| steps: | ||
| - name: Enable RunsOn magic cache | ||
| if: github.repository_owner == 'mavlink' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) | ||
| uses: runs-on/action@v2 |
| timeout-minutes: 120 | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@v2 |
| timeout-minutes: 180 | ||
| steps: | ||
| - name: Harden Runner | ||
| uses: step-security/harden-runner@v2 |
Add tools/common/markdown.py with a GitHub-flavored md_table() builder and register it in the common lazy facade. Migrate six hand-rolled header/separator/row blocks onto it: ccache_helper, size_analysis, collect_build_status, gstreamer_archive, coverage_comment and test_duration_report. Replace direct json.load/json.dump file I/O with common.io.read_json / write_json in check_baseline_ready, collect_build_status, collect_artifact_sizes and download_artifacts.
HTRamsey
force-pushed
the
CI-Refactor
branch
7 times, most recently
from
f22092c to
0cfda41
Compare
HTRamsey
force-pushed
the
CI-Refactor
branch
2 times, most recently
from
365c362 to
f34f303
Compare
vm-builds.yml is a new workflow; harden the Multipass and Vagrant/libvirt provisioner paths so both build QGC end-to-end, and stop the heavy nested-VM builds from gating PRs: - mark both jobs continue-on-error: they still run on deploy/** PRs for bit-rot visibility, but a failure no longer fails the PR. - vagrant validate --ignore-provider: the docker override (box set, no image) failed validation though CI only builds with libvirt. - install qemu-utils: vagrant-libvirt shells out to qemu-img. - Vagrant source via an rsync synced folder, not 9p: the guest needs a writable, vagrant-owned copy of the tree (QGC cmake creates .venv in the source dir); pull the AppImage out over scp from the guest $HOME. - multipass: wait for `multipass find` before launching so the daemon has synced image manifests (was racing it: `Remote "release" is unknown`). - multipass: copy the source in as a tarball via `multipass transfer`, staged under $HOME (the snap is strict-confined with a private /tmp); `multipass mount` needs the multipass-sshfs snap (unreachable on CI) and piping tar through `multipass exec` truncates large streams. - multipass: set iptables FORWARD ACCEPT so the guest has outbound network (Docker on the runner sets FORWARD=DROP, which blocks the bridge NAT; libvirt adds its own rules, hence Vagrant was unaffected). - multipass build-in-vm: put the pipx and aqtinstall venv bins on PATH so cmake/ninja/aqt resolve in the non-interactive build shell.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Cleanup pass over CI/lint config and
tools/, splitting into two concerns: fixing config-audit findings, and removing developer tooling that nothing consumes except its own CI smoke test.Config / CI hygiene
.typos.toml— anchoredextend-ignore-identifiers-re; the previous bare[0-9a-fA-F]+exempted any word containinga–f, silently masking real typos. Now only0x-prefixed literals and long hex/hash strings are ignored..github/labeler.yml— dropped a stalesrc/VideoReceiver/**path and fixed thesrc/Comms/**glob (wassrc/comm)..github/renovate.json— stripped the dormantgit-submodulesmanager; Dependabot is the single source of truth for GitHub Actions (seedependabot.yml)..github/runs-on.yml+ workflows — workflows now reference the named runner pools viaruns-on=<run_id>/runner=<pool>instead of inliningfamily=/image/volume specs, so a pool change is made in one place..pre-commit-config.yaml— added a localvale-synchook so the gitignored prose styles are fetched before Vale runs..gitmodules— removed (empty file).CHANGELOG.md— added, pointing at the user-guide What's New page..nvmrc/install_dependencies— pin Node 24 andjust1.53.0.Removed unused tooling
These are CLIs/integrations with no consumer other than the CI job that compile-checks them:
tools/lsp/+ itsvscode-extension/+tools/qtcreator/— the custom LSP server and its two editor frontends.tools/locators/,tools/log-analyzer/..github/lsp.json— orphaned 0-byte file.Their references in
ci-scripts.yml(path triggers, sparse-checkout,compileall),ruff.toml,dependabot.yml, andtools/README.mdare scrubbed in the same commit.Other
qgc-windows-store-plan.mdtodeploy/windows/.Notes
generators/), enforced pre-commit gates (analyzers/), and the i18n workflow (translations/) were evaluated and kept — they have real consumers.Related: system-libraries dependency mode (in progress on this branch)
Wiring
QGC_USE_SYSTEM_LIBS(preferfind_package, fall back to CPM download)and
QGC_SYSTEM_LIBS_ONLY(system only, never download) onto CPM'sCPM_USE_LOCAL_PACKAGES/CPM_LOCAL_PACKAGES_ONLY, plus per-packageFIND_PACKAGE_ARGUMENTSso each dependency resolves its real system config name.Lets packagers build against system libraries in network-isolated sandboxes.
Refs #14569, #11617 — partial: the option plumbing and per-package conversions
are incremental; not all dependencies are system-resolvable yet, so neither
issue is closed by this work.