feat: display CodeQL MISRA findings on nightly quality dashboard#720
Draft
Komal362000 wants to merge 1 commit into
Draft
feat: display CodeQL MISRA findings on nightly quality dashboard#720Komal362000 wants to merge 1 commit into
Komal362000 wants to merge 1 commit into
Conversation
Enable the nightly quality dashboard to surface CodeQL MISRA compliance reports generated in CI, and fix the CodeQL CI job so the reports are produced and uploaded reliably. CI fixes (.github/workflows/_codeql.yml, quality/static_analysis/codeql_lint.py): - Resolve the CodeQL analysis_report binary path correctly. - Trigger a bazel cquery fetch of @codeql_coding_standards before searching for the pack root, so the pack root discovery reliably finds cpp/common/src in the bazel external cache. - Add the CodeQL bin directory to PATH so analysis_report can find its dependencies. - Make MISRA report generation/upload non-fatal, so a single report failure doesn't fail the whole workflow. Dashboard wiring (.github/workflows/nightly_quality.yml, bazel/rules/generate_quality_links.bzl, quality/dashboard/*, quality/scripts/bundle_quality_reports.sh, quality/quality.md, docs/sphinx/quality_reports.rst): - Copy CodeQL MISRA reports into the quality output directory. - Wire generated report links into the dashboard and docs.
Komal362000
requested review from
LittleHuba,
bemerybmw,
castler,
crimson11 and
hoe-jo
as code owners
July 16, 2026 17:35
Komal362000
marked this pull request as draft
July 16, 2026 17:36
castler
reviewed
Jul 17, 2026
| exit 1 | ||
| fi | ||
|
|
||
| "${CODEQL_BIN}" pack install "${PACK_ROOT}" |
Contributor
There was a problem hiding this comment.
We do not want todo these steps in the CI. Are we sure that this is required? Because this would be a lot of logic outside of Bazel - which cannot be reproduced locally.
IMHO we should avoid this whole section.
Comment on lines
-39
to
-55
| release_coverage_asset_url = "" | ||
| if docs_base_url.startswith("https://"): | ||
| url_without_scheme = docs_base_url[8:] | ||
| url_parts = url_without_scheme.split("/") | ||
| if len(url_parts) >= 2: | ||
| host = url_parts[0] | ||
| repo = url_parts[1] | ||
| if host.endswith(".github.io") and repo: | ||
| owner = host[:-len(".github.io")] | ||
| if owner.endswith("."): | ||
| owner = owner[:-1] | ||
| if owner: | ||
| release_coverage_asset_url = ( | ||
| "https://github.com/" + owner + "/" + repo + | ||
| "/releases/download/" + docs_version + "/" + | ||
| repo + "_coverage_report_" + docs_version + ".zip" | ||
| ) |
Contributor
There was a problem hiding this comment.
These changes were required to get correct links for release builds - why are we removing it?
| bazel run //quality/dashboard:generate_dashboard -- \\ | ||
| --lcov /tmp/coverage_zip/extracted/artifacts/coverage_report.dat \\ | ||
| --clang-tidy /tmp/clang_tidy/clang_tidy_findings.txt \\ | ||
| --codeql-csv /tmp/codeql-results/codeql-nightly.csv \\ |
Contributor
There was a problem hiding this comment.
Why do we need this? If we do not use the attribute?
Comment on lines
+50
to
+53
| In local Sphinx builds and in versioned release archives the link cells | ||
| above show the equivalent ``bazel run`` command or a link to the | ||
| ``latest`` reports respectively. The deploy workflow controls this | ||
| automatically via the ``DOCS_VERSION`` build variable. |
Contributor
There was a problem hiding this comment.
Why do we want to change this?
| csv_path = f"{output_base}/{output_prefix}.csv" | ||
|
|
||
| # Run CodeQL analysis (generates SARIF) | ||
| print("\n Running CodeQL analysis...") |
|
|
||
| # Generate reports using CodeQL analysis_report tool | ||
| if analysis_report_path and os.path.exists(analysis_report_path): | ||
| print(" Generating MISRA C++ compliance reports...") |
Comment on lines
-101
to
-103
| # Remove existing reports directory if it exists | ||
| if os.path.exists(reports_output_dir): | ||
| shutil.rmtree(reports_output_dir) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Enable the nightly quality dashboard to surface CodeQL MISRA compliance reports generated in CI, and