Problem:
clangd shows `Implicit conversion 'int' -> 'bool'` warnings.
This is mostly noise in this codebase.
Solution:
- Disable the warning.
- Get latest clang-tidy in CI.
Add a simple AGENTS.md rule for the AI-Assisted trailer in commit
messages and a workflow that adds the AI assisted label when PR commits
include that trailer.
AI-Assisted: Codex
Add workflow that runs Zizmor, a static analysis tool for GitHub
Actions. This will automatically flag various common security issues
with CI workflows.
This avoids false positives from existing uses of `GITHUB_ENV` and
`pull_request_target` that are safe, as well as from cache usage in a
workflow that doesn't produce release artifacts.
Replace all template expansions in code contexts with environment
variable substitutions. Template expansion in code contexts can be a
source of code injection vulnerabilities; for more info, see:
https://docs.zizmor.sh/audits/#template-injection
The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions
Set `persist-credentials: false` for all uses of `actions/checkout`.
This prevents git credentials from being stored on disk, and fixes the
following Zizmor audit:
https://docs.zizmor.sh/audits/#artipacked
This improves CI security by ensuring that action dependencies cannot be
changed by upstream repositories without updating the use of the
dependency in this repo.
Official GitHub-maintained actions are excluded from this requirement
and are left pinned by a tag instead of a commit hash. This action
dependency pinning policy is codified in `.github/zizmor.yml` so that
Zizmor (a static analysis tool for GitHub Actions) doesn't flag these as
unpinned dependencies.
Also add cooldown timer for Dependabot. This fixes these two Zizmor
audits:
* https://docs.zizmor.sh/audits/#dependabot-cooldown
* https://docs.zizmor.sh/audits/#unpinned-uses
Try this since Cirrus CI ran out of compute credits last month.
Previously the tests use less than 1 CPU out of the 2 provided by Cirrus
runner. I'm not sure if CPU usage is taken into account when counting
compute credits, or if it always fully counts the 2 CPUs. But perhaps
this will help in either case?
- Use double underscores for the group targets as these targets usually
shouldn't be used directly.
- Use dash instead of underscore in the two targets that need to be used
directly. I'm not entirely sure about this, as both chars are used in
many targets, but a dash is easier to type than an underscore.
Problem: `install_deps.sh` tries to install `ninja` on macOS, but it is
installed on the runners by default, triggering warnings (and wasting
time) on CI.
Solution: Don't `brew install ninja`.
- Rename ".nvimlog" to "nvim.log"
- doesn't need to be "hidden"/dotfile
- ".log" extension helps with filetype detection
- Also rename "nvim/log" => "nvim/nvim.log"
Define a CMake target for every subdirectory of test/functional that
contains functional tests, and a functionaltest_parallel target that
depends on all those targets, allowing multiple test runners to run in
parallel.
On CI, use at most 2 parallel test runners, as using more may increase
system load and make tests unstable.
Problem:
We want to encourage implementing core features in Lua instead of C, but
it's clumsy because:
- Core Lua code (built into `nvim` so it is available even if VIMRUNTIME
is missing/invalid) requires manually updating CMakeLists.txt, or
stuffing it into `_editor.lua`.
- Core Lua modules are not organized similar to C modules, `_editor.lua`
is getting too big.
Solution:
- Introduce `_core/` where core Lua code can live. All Lua modules added
there will automatically be included as bytecode in the `nvim` binary.
- Move these core modules into `_core/*`:
```
_defaults.lua
_editor.lua
_options.lua
_system.lua
shared.lua
```
TODO:
- Move `_extui/ => _core/ui2/`
Working towards making the build.zig build actually useful for
users..
For building a full runtime distribution in /usr or /opt/nvim or
whatever, use
sudo zig build install -p /usr
by default "zig build" will now work like "make" e.g. just build the binary
and the generated parts of the runtime. This will work for development,
but you need to use both parts of the runtime, just like with
an "uninstalled" cmake build:
zig build
VIM=. ./zig-out/bin/nvim --clean --cmd "set rtp+=./zig-out/runtime"
As a wrapper, `zig build run_dev` can be used
Problem:
`clint.py` is the last python in our codebase, and beyond that it needs
some cleanup. And it lacks tests, so modifying it can be painful.
Also, we need a way to add ad-hoc lint rules for *Lua*, so it will help
to have our ad-hoc rules for C in the same language (the scripts may
share functions/techniques): https://github.com/neovim/neovim/issues/28372
Solution:
- convert to `clint.lua` (mostly AI-generated, but it now has test
coverage, unlike `clint.py`)
- drop rules that are no longer needed:
- "readability/multiline_string"
- technially still relevant, but very uncommon so doesn't really matter.
- "--line-length"
- Not used in the old clint.py, nor the new clint.lua.
- "comment whitespace" check
- It is enforced by uncrustify.
- "TODO" check
- The `-google-readability-function-size` clang-tidy rule enforces
"TODO(user)" format. (It was already enabled long ago.)
Problem:
Sed thinks the argument starting with `1i` (and triple backticks) is the
suffix for the backup file because it comes right after the `-i` flag.
See for example
https://github.com/neovim/neovim/actions/runs/19774967693/job/56665991723.
Solution:
Explicitly mark it as command using the `-e` flag.
Problem:
No way to detect at runtime if the build includes unibilium (or whatever
terminfo layer we swap it with later).
Solution:
Support `has('terminfo')`.
Problem:
On macOS Tahoe, `make unittest` started failing with the following error.
````
test/unit/testutil.lua:784: test/unit/testutil.lua:768: (string) '
test/unit/testutil.lua:295: declaration specifier expected near 'ipc_info_object_type_t' at line 2297'
exit code: 256
stack traceback:
test/unit/testutil.lua:784: in function 'itp_parent'
test/unit/testutil.lua:822: in function <test/unit/testutil.lua:812>
````
Solution:
Update filter_complex_blocks.
Problem:
scripts/check_urls.vim manually matches urls in the help pages and then
synchronously checks them via curl/wget/powershell. This is extremely
slow (~5 minutes for Nvims runtime on my machine) and prone to errors in
how the urls are matched.
Solution:
- Use Tree-sitter to find the urls in the help pages and `vim.net.request` to
check the responses.
- Add a `lintdocurls` build task and check it in CI (every Friday).
- Reopens a dedicated issue if it finds unreachable URLs.
- Drop the old check_urls.vim script.
docs: fix issue query in github templates
Problem:
Error "Filter contains 1 issue: Invalid value enhancement for label" when
clicking on the "existing feature requests" links in the github feature
template or github lsp bug template.
Solution:
Update the queries to use the new type:Enhancement categorization instead of the
old label:enhancement system.
Similar to #36107.
> The macOS 13 runner image will be retired by December 4th, 2025.
Update to the macos-15-intel runner.
It seems that runners ending with "large" require an enterprise plan, so
macos-15-intel is the only other available macOS Intel runner.
- Bump zig version to 0.15.1 and workaround zig fetch hang (ziglang/zig#24916)
- add mac os zig build (currently without luajit, linker failure)
- Add windows zig build, currently with very limited testing
