Problem:
When auto-backport fails, it adds a `needs:backport` label. But that
label isn't being used AFAIK, based on the fact there were 30+ old PRs
with that label from last year (I have since cleaned those up). So the
extra step of having to remove the label is unnecessary friction.
In practice, when a manual backport is needed, it's best to either do it
immediately or just remove the `backport-xx` label.
Also, the presence of an unresolved "Failed backport" comment from the
bot is already a kind of marker that indicates a backport is needed.
Solution:
Don't add `needs:backport` label on failed backport.
Reverts https://github.com/neovim/neovim/pull/30363
Problem:
- Choosing a new EXX error code is tedious.
- It's possible to accidentally use an EXX error code for different
purposes.
Solution:
Add a lint check which requires EXX error codes to have a :help tag.
This also avoids duplicates because `make doc` does `:helptags ++t doc`
which fails if duplicates are found.
Replace the busted-based Lua test runner with a repo-local harness.
The new harness runs spec files directly under `nvim -ll`, ships its own
reporter and lightweight `luassert` shim, and keeps the helper/preload
flow used by the functional and unit test suites.
Keep the file boundary model shallow and busted-like by restoring `_G`,
`package.loaded`, `package.preload`, `arg`, and the process environment
between files, without carrying extra reset APIs or custom assertion
machinery.
Update the build and test entrypoints to use the new runner, add
black-box coverage for the harness itself, and drop the bundled
busted/luacheck dependency path.
AI-assisted: Codex
Problem:
clangd shows `Implicit conversion 'int' -> 'bool'` warnings.
This is mostly noise in this codebase.
Solution:
- Disable the warning.
- Get latest clang-tidy in CI.
Add a simple AGENTS.md rule for the AI-Assisted trailer in commit
messages and a workflow that adds the AI assisted label when PR commits
include that trailer.
AI-Assisted: Codex
Add workflow that runs Zizmor, a static analysis tool for GitHub
Actions. This will automatically flag various common security issues
with CI workflows.
This avoids false positives from existing uses of `GITHUB_ENV` and
`pull_request_target` that are safe, as well as from cache usage in a
workflow that doesn't produce release artifacts.
Replace all template expansions in code contexts with environment
variable substitutions. Template expansion in code contexts can be a
source of code injection vulnerabilities; for more info, see:
https://docs.zizmor.sh/audits/#template-injection
The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions
Set `persist-credentials: false` for all uses of `actions/checkout`.
This prevents git credentials from being stored on disk, and fixes the
following Zizmor audit:
https://docs.zizmor.sh/audits/#artipacked
This improves CI security by ensuring that action dependencies cannot be
changed by upstream repositories without updating the use of the
dependency in this repo.
Official GitHub-maintained actions are excluded from this requirement
and are left pinned by a tag instead of a commit hash. This action
dependency pinning policy is codified in `.github/zizmor.yml` so that
Zizmor (a static analysis tool for GitHub Actions) doesn't flag these as
unpinned dependencies.
Also add cooldown timer for Dependabot. This fixes these two Zizmor
audits:
* https://docs.zizmor.sh/audits/#dependabot-cooldown
* https://docs.zizmor.sh/audits/#unpinned-uses
Try this since Cirrus CI ran out of compute credits last month.
Previously the tests use less than 1 CPU out of the 2 provided by Cirrus
runner. I'm not sure if CPU usage is taken into account when counting
compute credits, or if it always fully counts the 2 CPUs. But perhaps
this will help in either case?
- Use double underscores for the group targets as these targets usually
shouldn't be used directly.
- Use dash instead of underscore in the two targets that need to be used
directly. I'm not entirely sure about this, as both chars are used in
many targets, but a dash is easier to type than an underscore.
Problem: `install_deps.sh` tries to install `ninja` on macOS, but it is
installed on the runners by default, triggering warnings (and wasting
time) on CI.
Solution: Don't `brew install ninja`.
- Rename ".nvimlog" to "nvim.log"
- doesn't need to be "hidden"/dotfile
- ".log" extension helps with filetype detection
- Also rename "nvim/log" => "nvim/nvim.log"
Define a CMake target for every subdirectory of test/functional that
contains functional tests, and a functionaltest_parallel target that
depends on all those targets, allowing multiple test runners to run in
parallel.
On CI, use at most 2 parallel test runners, as using more may increase
system load and make tests unstable.
Problem:
We want to encourage implementing core features in Lua instead of C, but
it's clumsy because:
- Core Lua code (built into `nvim` so it is available even if VIMRUNTIME
is missing/invalid) requires manually updating CMakeLists.txt, or
stuffing it into `_editor.lua`.
- Core Lua modules are not organized similar to C modules, `_editor.lua`
is getting too big.
Solution:
- Introduce `_core/` where core Lua code can live. All Lua modules added
there will automatically be included as bytecode in the `nvim` binary.
- Move these core modules into `_core/*`:
```
_defaults.lua
_editor.lua
_options.lua
_system.lua
shared.lua
```
TODO:
- Move `_extui/ => _core/ui2/`
Working towards making the build.zig build actually useful for
users..
For building a full runtime distribution in /usr or /opt/nvim or
whatever, use
sudo zig build install -p /usr
by default "zig build" will now work like "make" e.g. just build the binary
and the generated parts of the runtime. This will work for development,
but you need to use both parts of the runtime, just like with
an "uninstalled" cmake build:
zig build
VIM=. ./zig-out/bin/nvim --clean --cmd "set rtp+=./zig-out/runtime"
As a wrapper, `zig build run_dev` can be used
Problem:
`clint.py` is the last python in our codebase, and beyond that it needs
some cleanup. And it lacks tests, so modifying it can be painful.
Also, we need a way to add ad-hoc lint rules for *Lua*, so it will help
to have our ad-hoc rules for C in the same language (the scripts may
share functions/techniques): https://github.com/neovim/neovim/issues/28372
Solution:
- convert to `clint.lua` (mostly AI-generated, but it now has test
coverage, unlike `clint.py`)
- drop rules that are no longer needed:
- "readability/multiline_string"
- technially still relevant, but very uncommon so doesn't really matter.
- "--line-length"
- Not used in the old clint.py, nor the new clint.lua.
- "comment whitespace" check
- It is enforced by uncrustify.
- "TODO" check
- The `-google-readability-function-size` clang-tidy rule enforces
"TODO(user)" format. (It was already enabled long ago.)
Problem:
Sed thinks the argument starting with `1i` (and triple backticks) is the
suffix for the backup file because it comes right after the `-i` flag.
See for example
https://github.com/neovim/neovim/actions/runs/19774967693/job/56665991723.
Solution:
Explicitly mark it as command using the `-e` flag.
