feat(ci): move Linux CI to UBI 10 container images#8
Merged
viniciusferrao merged 19 commits intomasterfrom Mar 18, 2026
Merged
Conversation
Replace ubuntu-latest + setup-cpp with UBI 10 container images for all Linux CI jobs, eliminating devcontainer/CI drift and enabling IWYU and Bloaty in CI. Intel coverage now works via llvm-cov from oneAPI. - Add Containerfile.intel extending main image with Intel oneAPI - Add build-ci-image.yml to build/push images to GHCR - Split ci.yml into Linux (container), macOS, and Windows jobs - Update CodeQL workflow to use container - Add gcovr, lizard, bloaty to main Containerfile Resolves #6 Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Adds the feature branch to build-ci-image.yml push triggers so container images get built for testing. Will be removed before merge. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
New workflow files don't trigger push events until they exist on the default branch. Add pull_request trigger with paths filter so images get built during this PR. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
UBI 10 requires RHEL subscription for CRB repos, which isn't available on GitHub Actions runners. Use AlmaLinux 10 (1:1 RHEL-compatible) as the CI base image. The Containerfile handles both UBI (local dev) and AlmaLinux (CI) via a BASE_IMAGE build arg. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
System re2-devel on AlmaLinux/RHEL 10 uses std::optional which requires C++17. Bloaty v1.1 defaults to C++11. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Codecov Report✅ All modified and coverable lines are covered by tests. 📢 Thoughts on this report? Let us know! |
System re2-devel on AlmaLinux 10 is too new for Bloaty v1.1. Clone with --recurse-submodules and use bundled third-party libs. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Bloaty v1.1 fuzz_driver.cc fails on GCC 14 (missing cstdint). Only the bloaty binary is needed, not tests. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
AlmaLinux 10 may ship a different Clang version than UBI 10. Detect the installed Clang major version and use the matching IWYU branch (e.g., clang_19 or clang_20) automatically. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Docker's Dockerfile parser doesn't support shell heredocs in RUN. Use printf to write the oneAPI repo file instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GHCR requires lowercase image names. Use a computed lowercase output from the CI image job for the Intel build-arg. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
IWYU is Clang-based and rejects GCC-specific warning flags (-Wduplicated-cond, -Wlogical-op, etc.) with -Werror. Only enable IWYU on Clang builds. GCC-15 toolset enable script may not exist on AlmaLinux 10. Fall back to checking for gcc-15 binary if the toolset isn't available. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
GCC IPO/LTO fails when linking against Conan-built Catch2 (built without LTO objects). Disable IPO for GCC builds in the container. GCC-15 enable script may not exist on AlmaLinux 10 — fall back to directly adding the toolset bin directory to PATH. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
The cmake-conan provider doesn't set compiler.libcxx=libstdc++11 for GCC, causing ABI mismatch: Conan builds libraries with the old std::string ABI while the project uses std::__cxx11::basic_string. Pre-install deps with an explicit GCC profile and skip the provider, matching the approach already used for Intel ICX and macOS GCC. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
CodeQL workflow sets explicit permissions which override defaults. Must include packages:read to pull the GHCR container image. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Same ABI mismatch fix needed as in ci.yml — pre-install Conan deps with libstdc++11 and skip the cmake-conan provider. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Revert the AlmaLinux workaround — UBI 10 CRB repos are freely available, just with a different name than UBI 9: codeready-builder-for-ubi-10-$(arch)-rpms Also rename clang-19 matrix entry to clang since the version depends on the UBI 10 minor release (19 on 10.0, 20 on 10.1). Simplify GCC-15 toolset enable back to the standard path. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
UBI repos are a curated subset of RHEL AppStream. The llvm-toolset meta-package is not available — install individual LLVM packages directly instead. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Doxygen is only used for the optional 'docs' target, never built in CI. Not available in UBI 10 repos or EPEL 10. The devcontainer on subscribed hosts still gets it from full RHEL repos. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
UBI 10 gcc-toolset-15-runtime (15.0-11.el10) does not include the enable script. Fall back to adding the toolset bin directory to PATH directly. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
ci:latestfor GCC/Clang,ci-intel:latestfor Intel ICX)build-ci-image.ymlworkflow to build and push images to GHCR (on Containerfile changes, weekly cron, manual dispatch)Containerfile.intelextending main devcontainer with Intel oneAPI DPC++/C++ compilerci.ymlinto three jobs: Linux (container), macOS (bare runner), Windows (bare runner)llvm-cov gcovfrom oneAPI (resolves Intel ICX: coverage report skipped (gcov incompatible) #6)aminya/setup-cppTest plan
build-ci-image.ymlmust run first to push container images to GHCRllvm-cov gcov🤖 Generated with Claude Code