Skip to content

ci: fix lint failures blocking main#2496

Merged
dunglas merged 1 commit into
mainfrom
fix-ci-lint
Jun 30, 2026
Merged

ci: fix lint failures blocking main#2496
dunglas merged 1 commit into
mainfrom
fix-ci-lint

Conversation

@dunglas

@dunglas dunglas commented Jun 29, 2026

Copy link
Copy Markdown
Member

Main is red on the Lint Code Base job for two deterministic reasons.

clang-format

frankenphp.c:141 — the empty while body must sit on its own line.

zizmor github-app

zizmor 1.26 added the github-app audit, which flags actions/create-github-app-token invocations that inherit blanket installation permissions. Scoped the release app token (dunglas-release) to what it actually uses:

  • contents: write — commits, tags, refs, GitHub releases
  • actions: writegh workflow run dispatch of downstream builds (static/docker/windows)

Both verified locally: zizmor reports no findings, clang-format --dry-run --Werror is clean.

clang-format wants the empty while-loop body on its own line.
zizmor's github-app audit (added in 1.26) flags create-github-app-token
without explicit permission-* inputs; the release app only needs
contents:write (commits, tags, refs, releases) and actions:write
(gh workflow run dispatch of downstream builds).
Copilot AI review requested due to automatic review settings June 29, 2026 12:07

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Fixes deterministic lint failures currently breaking main by aligning C formatting with clang-format expectations and addressing zizmor’s new github-app audit requirement in the release workflow.

Changes:

  • Adjusted an empty-body while loop in frankenphp.c to match clang-format’s required layout.
  • Scoped the GitHub App installation token permissions in the release workflow to only contents: write and actions: write.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File Description
frankenphp.c Reformats the kevent EINTR retry loop so clang-format --Werror passes.
.github/workflows/release.yaml Restricts actions/create-github-app-token@v3 token permissions to satisfy zizmor github-app audit.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@dunglas dunglas changed the title ci: fix lint failures blocking main ci: fix lint and flaky autoscale test blocking main Jun 29, 2026
@AlliBalliBaba

Copy link
Copy Markdown
Contributor

Not sure the autoscaling test is flaky.
2 that I know are flaky are TestRestartWorkerViaAdminApi and TestHotReload (fixed in #2364 to get green CI)

Copilot AI review requested due to automatic review settings June 30, 2026 12:02

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

Comment thread .github/workflows/release.yaml
@dunglas dunglas changed the title ci: fix lint and flaky autoscale test blocking main ci: fix lint failures blocking main Jun 30, 2026
@dunglas dunglas merged commit 7ff9480 into main Jun 30, 2026
99 of 171 checks passed
@dunglas dunglas deleted the fix-ci-lint branch June 30, 2026 12:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants