Make compilation to fail on warnings#1104
Conversation
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
from
fe3610d to
1ffaa0c
Compare
|
This will be kept until compilation warnings are fixed in |
sarroutbi
changed the title
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
3 times, most recently
from
a3b1702 to
6da554c
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files
Flags with carried forward coverage won't be shown. Click here to find out more. 🚀 New features to boost your workflow:
|
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
2 times, most recently
from
5a00dd1 to
0672ac6
Compare
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
from
0672ac6 to
18e6de8
Compare
sarroutbi
changed the title
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
from
18e6de8 to
6644542
Compare
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
2 times, most recently
from
db03739 to
dede790
Compare
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
2 times, most recently
from
c7f35d2 to
6ac9052
Compare
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
from
6ac9052 to
690f817
Compare
|
Warning Rate limit exceeded
To keep reviews running without waiting, you can enable usage-based add-on for your organization. This allows additional reviews beyond the hourly cap. Account admins can enable it under billing. ⌛ How to resolve this issue?After the wait time has elapsed, a review can be triggered using the We recommend that you space out your commits to avoid hitting the rate limit. 🚦 How do rate limits work?CodeRabbit enforces hourly rate limits for each developer per organization. Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout. Please see our FAQ for further information. ℹ️ Review info⚙️ Run configurationConfiguration used: Organization UI Review profile: ASSERTIVE Plan: Pro Run ID: 📒 Files selected for processing (1)
📝 WalkthroughWalkthroughAdds a GitHub Actions workflow that runs on Changes
Estimated code review effort🎯 2 (Simple) | ⏱️ ~10 minutes 🚥 Pre-merge checks | ✅ 5✅ Passed checks (5 passed)
✏️ Tip: You can configure your own custom pre-merge checks in the settings. ✨ Finishing Touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 4
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/compile-no-warnings.yml:
- Around line 10-28: Remove this separate compile-no-warnings workflow and fold
its checks into the existing Rust workflow by adding a new job (or extra steps
in the existing tests job) that runs the same commands (the basic-compilation
job’s steps: RUSTFLAGS="-D warnings" cargo build, RUSTFLAGS="-D warnings" cargo
test, cargo clippy --all-features --all-targets -- -D clippy::all -D warnings,
and the clippy tests invocation) and reuse the same container configuration and
triggers as rust.yml; ensure the job name is unique (not duplicating the "Rust"
workflow display name), preserve the RUSTFLAGS/clippy flags and matrix/runner
settings from compile-no-warnings, and then delete compile-no-warnings.yml to
avoid duplicate checkouts and CI minutes.
- Line 2: The workflow's display name "Rust" collides with the existing
rust.yml; update the workflow name value (the YAML top-level name field
currently set to "Rust") to a unique, descriptive string such as "No-Warnings
Compilation" so it no longer conflicts with the existing rust workflow and
produces unambiguous status checks in the PR UI.
- Around line 23-24: The step currently runs `RUSTFLAGS="-D warnings" cargo
test`, which executes tests; change it to run compile-only by adding the
`--no-run` flag so the job only checks that test code compiles without warnings.
Update the step that invokes `cargo test` (the command string RUSTFLAGS="-D
warnings" cargo test) to use RUSTFLAGS="-D warnings" cargo test --no-run so it
does not run the tests.
- Around line 27-28: The CI step named "Check clippy test errors (no warnings
included)" is redundant because the command cargo clippy --all-features
--all-targets --tests -- -D clippy::all -D warnings duplicates the coverage of
the earlier clippy invocation; remove this step or change its flags so it
actually differs (for example, keep the step but remove --all-targets and use
--tests only, or remove --tests and run a more specific invocation without
--all-features), ensuring the unique step name and the command string are
updated accordingly so CI does not re-run identical linting.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: ab53e4f6-eb3f-432c-8fd1-a2481aa52e7d
📒 Files selected for processing (1)
.github/workflows/compile-no-warnings.yml
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
from
690f817 to
3d51ebc
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/compile-no-warnings.yml:
- Around line 19-20: Add the same safe.directory git config used in rust.yml by
inserting a step immediately after the checkout step (the step using
actions/checkout@v6) that runs git config --system --add safe.directory "$PWD"
so the container won’t hit Git “dubious ownership” errors when build scripts or
tools (e.g., vergen, git-backed dependencies) access repository metadata; place
this as a plain run step in the container job steps sequence right after the
checkout step.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: db342a37-495e-4f8e-8c4b-2cc2bd662c9b
📒 Files selected for processing (1)
.github/workflows/compile-no-warnings.yml
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
2 times, most recently
from
872ce93 to
d2866d3
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
♻️ Duplicate comments (1)
.github/workflows/compile-no-warnings.yml (1)
19-20:⚠️ Potential issue | 🟡 MinorAdd
safe.directorygit config for container compatibility.The existing
rust.ymlworkflow includes agit config --system --add safe.directory "$PWD"step after checkout to prevent "dubious ownership" errors when the workspace UID differs from the container user. Build scripts that access Git metadata (e.g.,vergen, git dependencies) may fail without this configuration.♻️ Proposed fix
- uses: actions/checkout@v6 + - name: Set git safe.directory for the working directory + run: git config --system --add safe.directory "$PWD" - name: Check compilation (no warnings) run: RUSTFLAGS="-D warnings" cargo build🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed. In @.github/workflows/compile-no-warnings.yml around lines 19 - 20, After the actions/checkout@v6 step, add a step that runs git config --system --add safe.directory "$PWD" to mark the workspace safe for container users; specifically insert a new run step (run: git config --system --add safe.directory "$PWD") immediately after the uses: actions/checkout@v6 entry so builds that access Git metadata (vergen/git deps) won’t fail with "dubious ownership".
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/compile-no-warnings.yml:
- Around line 25-26: The clippy workflow command contains an extra space before
the `--` separator in the string "cargo clippy --all-features --all-targets --
-D clippy::all -D warnings"; remove the duplicate space so the command reads
with a single space before `--` to keep formatting consistent (update the `Check
clippy errors (no warnings included)` run command).
---
Duplicate comments:
In @.github/workflows/compile-no-warnings.yml:
- Around line 19-20: After the actions/checkout@v6 step, add a step that runs
git config --system --add safe.directory "$PWD" to mark the workspace safe for
container users; specifically insert a new run step (run: git config --system
--add safe.directory "$PWD") immediately after the uses: actions/checkout@v6
entry so builds that access Git metadata (vergen/git deps) won’t fail with
"dubious ownership".
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 28f030d8-049c-4c3b-815e-2ea4d5b6b86f
📒 Files selected for processing (1)
.github/workflows/compile-no-warnings.yml
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
from
c48b692 to
4f20bd9
Compare
Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
Rename workflow from "Rust" to "No-Warnings Compilation" to avoid collision with rust.yml, add --no-run to cargo test so it only checks compilation, and remove the duplicate clippy step since --all-targets already includes test targets. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
The container job can hit "dubious ownership" errors when build scripts or tools access repository metadata. Add the same safe.directory step already used in rust.yml. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
sarroutbi
force-pushed
the
202509030938-fail-compilation-on-warnings
branch
from
3d3d750 to
ff70eb0
Compare
There was a problem hiding this comment.
Actionable comments posted: 1
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.
Inline comments:
In @.github/workflows/compile-no-warnings.yml:
- Around line 17-18: Replace the mutable image tag
"quay.io/keylime/keylime-ci:latest" under the container.image key with a
digest-pinned reference (e.g. "quay.io/keylime/keylime-ci@sha256:<digest>");
locate the string "quay.io/keylime/keylime-ci:latest" in the workflow and update
it to the digest you obtain from Quay (or your registry) so the CI uses an
immutable, reproducible image; ensure you commit the exact sha256 value and
update any documentation or comments explaining how to refresh the digest when
intentionally upgrading the image.
🪄 Autofix (Beta)
Fix all unresolved CodeRabbit comments on this PR:
- Push a commit to this branch (recommended)
- Create a new PR with the fixes
ℹ️ Review info
⚙️ Run configuration
Configuration used: Organization UI
Review profile: ASSERTIVE
Plan: Pro
Run ID: 57072011-a25b-42d1-be32-df206d1b9fc4
📒 Files selected for processing (1)
.github/workflows/compile-no-warnings.yml
Replace mutable :latest tag with sha256 digest for reproducible builds. Include a comment with the skopeo command to refresh the digest. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> Signed-off-by: Sergio Arroutbi <sarroutb@redhat.com>
3 participants
The new workflow runs on every push and pull request to the master branch and performs the following checks:
Both steps are executed with the
RUSTFLAGS="-D warnings"environment variable. This flag instructs the Rust compiler to treat all warnings as fatal errors, which will cause the build to fail if any warnings are present. This helps prevent latent bugs and ensures the code base remains clean.These are some reasons to enforce a "No Warnings" Policy:
Future-Proofing Code: A warning in the current version of a compiler might become a hard error in a future version. Code that compiles with warnings today may fail to compile tomorrow after a simple rustup update, causing unexpected build failures. Enforcing a "no warnings" policy ensures your code is robust against compiler updates.
Preventing Latent Bugs: Many warnings are not just stylistic suggestions; they often point to subtle logical flaws, potential null pointer dereferences, race conditions, or undefined behavior. A classic example is an "unused variable" warning, which can indicate that a necessary calculation was performed but its result was never used.
Improving Code Readability and Reducing Noise: When a build produces dozens of warnings, developers become desensitized to them. This "warning fatigue" can cause them to miss a new, critical warning that appears among the noise. A clean, warning-free build ensures that any new message from the compiler gets immediate attention.
Maintaining a Culture of Quality: A strict "no warnings" policy sets a high standard for the team. It encourages developers to write clean, precise, and intentional code, fostering a culture where quality is not negotiable.
Summary by CodeRabbit