Koma task cache validation main push v2

.github/workflows/clang_tidy_analysis.yml

@@ -0,0 +1,89 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Clang-Tidy Analysis
+
+on:
+  workflow_call:
+    outputs:
+      duration-seconds:
+        description: Runtime of the clang-tidy check in seconds.
+        value: ${{ jobs.clang_tidy.outputs.duration-seconds }}
+  workflow_dispatch:
+
+permissions:
+  contents: read
+
+concurrency:
+  group: clang_tidy_analysis-${{ github.event.pull_request.number || github.run_id }}
+  cancel-in-progress: ${{ github.event_name == 'pull_request' }}
+
+env:
+  ANDROID_HOME: ""
+  ANDROID_SDK_ROOT: ""
+
+jobs:
+  clang_tidy:
+    runs-on: ubuntu-24.04
+    outputs:
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
+    steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Free Disk Space (Ubuntu)
+        uses: eclipse-score/more-disk-space@v1
+        with:
+          level: 4
+
+      - uses: castler/setup-bazel@8818d35864b4088fb3a12e7a3191777dc418fd69
+        with:
+          bazelisk-cache: true
+          disk-cache: "clang_tidy_analysis"
+          disk-cache-key: "main"
+          repository-cache: true
+          cache-save: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Configure QNX credentials
+        if: ${{ secrets.SCORE_QNX_USER != '' && secrets.SCORE_QNX_PASSWORD != '' }}
+        env:
+          SCORE_QNX_USER: ${{ secrets.SCORE_QNX_USER }}
+          SCORE_QNX_PASSWORD: ${{ secrets.SCORE_QNX_PASSWORD }}
+        run: |
+          umask 077
+          {
+            echo "machine qnx.com"
+            echo "  login ${SCORE_QNX_USER}"
+            echo "  password ${SCORE_QNX_PASSWORD}"
+          } > "$HOME/.netrc"
+
+      - name: Allow linux-sandbox
+        uses: ./actions/unblock_user_namespace_for_linux_sandbox
+
+      - name: Run clang-tidy analysis
+        run: |
+          bazel --credential_helper= build //... --aspects=//:tools/lint/linters.bzl%clang_tidy_aspect
+
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "clang-tidy duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"

.github/workflows/coverage_report.yml

@@ -18,6 +18,9 @@ on:
       artifact-name:
         description: 'Name of the coverage report artifact'
         value: ${{ jobs.coverage_report.outputs.artifact-name }}
+      duration-seconds:
+        description: Runtime of the coverage check in seconds.
+        value: ${{ jobs.coverage_report.outputs.duration-seconds }}
 
 permissions:
   contents: read
@@ -33,8 +36,13 @@ jobs:
     runs-on: ubuntu-24.04
     outputs:
       artifact-name: ${{ steps.set-artifact-name.outputs.artifact-name }}
+      duration-seconds: ${{ steps.timer.outputs.duration-seconds }}
 
     steps:
+      - name: Start timer
+        id: start_time
+        run: echo "start=$(date +%s)" >> "$GITHUB_OUTPUT"
+
       - name: Checkout Repository
         uses: actions/checkout@v6.0.2
 
@@ -54,14 +62,27 @@ jobs:
           bazelisk-cache: true
           disk-cache: "coverage_report"
           repository-cache: true
-          cache-save: ${{ github.event_name == 'merge_group' }}
+          cache-save: ${{ github.ref == 'refs/heads/main' }}
+
+      - name: Configure QNX credentials
+        if: ${{ secrets.SCORE_QNX_USER != '' && secrets.SCORE_QNX_PASSWORD != '' }}
+        env:
+          SCORE_QNX_USER: ${{ secrets.SCORE_QNX_USER }}
+          SCORE_QNX_PASSWORD: ${{ secrets.SCORE_QNX_PASSWORD }}
+        run: |
+          umask 077
+          {
+            echo "machine qnx.com"
+            echo "  login ${SCORE_QNX_USER}"
+            echo "  password ${SCORE_QNX_PASSWORD}"
+          } > "$HOME/.netrc"
 
       - name: Allow linux-sandbox
         uses: ./actions/unblock_user_namespace_for_linux_sandbox
 
       - name: Run Unit Test with Coverage for C++
         run: |
-          bazel coverage //... --build_tests_only
+          bazel --credential_helper= coverage //... --build_tests_only
 
       - name: Generate HTML Coverage Report
         # FIXME: "--ignore-errors category,inconsistent" is a workaround to cope with gcov messing up hit counts because of internal data races
@@ -93,4 +114,14 @@ jobs:
           name: ${{ steps.set-artifact-name.outputs.artifact-name }}
           path: ${{ github.event.repository.name }}_coverage_report_${{ github.sha }}.zip
 
+      - name: End timer
+        if: ${{ always() }}
+        id: timer
+        run: |
+          end=$(date +%s)
+          start=${{ steps.start_time.outputs.start }}
+          duration=$((end - start))
+          echo "duration-seconds=$duration" >> "$GITHUB_OUTPUT"
+          echo "Coverage duration: ${duration}s" >> "$GITHUB_STEP_SUMMARY"
+
 

.github/workflows/hybrid_quality_demo.yml

@@ -0,0 +1,118 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Hybrid Quality Demo
+
+on:
+  push:
+    branches: [main]
+  pull_request:
+    types: [opened, reopened, synchronize]
+  workflow_dispatch:
+    inputs:
+      run_nightly_checks:
+        description: Run nightly quality checks in addition to fast PR checks.
+        required: false
+        type: boolean
+        default: true
+  schedule:
+    - cron: '0 2 * * *'
+
+permissions:
+  actions: write
+  contents: read
+
+concurrency:
+  group: hybrid_quality_demo-${{ github.ref }}-${{ github.event_name }}
+  cancel-in-progress: false
+
+jobs:
+  pr_checks:
+    name: Fast PR checks
+    uses: ./.github/workflows/build_and_test_host.yml
+    with:
+      run_all_configurations: false
+
+  coverage:
+    name: Coverage report
+    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.run_nightly_checks == 'true') }}
+    needs: pr_checks
+    uses: ./.github/workflows/coverage_report.yml
+    secrets: inherit
+
+  thread_sanitizer:
+    name: Thread sanitizer
+    if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.run_nightly_checks == 'true') }}
+    needs: pr_checks
+    uses: ./.github/workflows/thread_sanitizer.yml
+
+  address_sanitizer:
+    name: Address/UB/leak sanitizer
+    if: ${{ github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.run_nightly_checks == 'true') }}
+    needs: pr_checks
+    uses: ./.github/workflows/address_undefined_behavior_leak_sanitizer.yml
+
+  clang_tidy:
+    name: Clang-Tidy analysis
+    if: ${{ github.event_name == 'push' || github.event_name == 'pull_request' || github.event_name == 'schedule' || (github.event_name == 'workflow_dispatch' && github.event.inputs.run_nightly_checks == 'true') }}
+    needs: pr_checks
+    uses: ./.github/workflows/clang_tidy_analysis.yml
+    secrets: inherit
+
+  dashboard:
+    name: Generate quality dashboard with timing
+    if: ${{ always() }}
+    needs:
+      - pr_checks
+      - coverage
+      - thread_sanitizer
+      - address_sanitizer
+      - clang_tidy
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v6.0.2
+
+      - name: Generate dashboard files with timing
+        env:
+          PR_CHECKS_RESULT: ${{ needs.pr_checks.result }}
+          COVERAGE_RESULT: ${{ needs.coverage.result || 'skipped' }}
+          THREAD_SANITIZER_RESULT: ${{ needs.thread_sanitizer.result || 'skipped' }}
+          ADDRESS_SANITIZER_RESULT: ${{ needs.address_sanitizer.result || 'skipped' }}
+          CLANG_TIDY_RESULT: ${{ needs.clang_tidy.result || 'skipped' }}
+          CLANG_TIDY_DURATION_SECONDS: ${{ needs.clang_tidy.outputs.duration-seconds || '' }}
+          COVERAGE_DURATION_SECONDS: ${{ needs.coverage.outputs.duration-seconds || '' }}
+          COVERAGE_ARTIFACT_NAME: ${{ needs.coverage.outputs.artifact-name }}
+          REPOSITORY_NAME: ${{ github.repository }}
+          RUN_ID: ${{ github.run_id }}
+          REF_NAME: ${{ github.ref_name }}
+          EVENT_NAME: ${{ github.event_name }}
+        run: |
+          python3 tools/ci/generate_hybrid_quality_dashboard.py dashboard
+
+      - name: Publish workflow summary
+        run: cat dashboard/summary.md >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Show timing report
+        if: ${{ always() }}
+        run: |
+          echo "## Quality Check Timing Report" >> "$GITHUB_STEP_SUMMARY"
+          cat dashboard/timing.txt >> "$GITHUB_STEP_SUMMARY" 2>/dev/null || echo "Timing data generated." >> "$GITHUB_STEP_SUMMARY"
+
+      - name: Upload dashboard artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: hybrid_quality_dashboard_${{ github.run_id }}
+          path: dashboard/