Problem: The `with-external-deps` workflow keeps failing because
adding the neovim-ppa/stable times out.
Solution: Don't add the PPA; it doesn't look to be necessary for
installing current dependencies.
Problem: Optional CI reevaluates on unrelated label events and shares
one workflow-wide concurrency group. One optional label change can
cancel in-flight jobs for the other optional suite.
Solution: Only reevaluate each optional job when its own label changes,
and move concurrency to the job level. This keeps `s390x` and
`windows-asan` from restarting each other.
Problem: The reviewer assignment workflow can run multiple times for
the same PR.
Solution: Ensure only the newest review-assignment run continues with
workflow concurrency.
Problem:
When auto-backport fails, it adds a `needs:backport` label. But that
label isn't being used AFAIK, based on the fact there were 30+ old PRs
with that label from last year (I have since cleaned those up). So the
extra step of having to remove the label is unnecessary friction.
In practice, when a manual backport is needed, it's best to either do it
immediately or just remove the `backport-xx` label.
Also, the presence of an unresolved "Failed backport" comment from the
bot is already a kind of marker that indicates a backport is needed.
Solution:
Don't add `needs:backport` label on failed backport.
Reverts https://github.com/neovim/neovim/pull/30363
Problem:
- Choosing a new EXX error code is tedious.
- It's possible to accidentally use an EXX error code for different
purposes.
Solution:
Add a lint check which requires EXX error codes to have a :help tag.
This also avoids duplicates because `make doc` does `:helptags ++t doc`
which fails if duplicates are found.
Replace the busted-based Lua test runner with a repo-local harness.
The new harness runs spec files directly under `nvim -ll`, ships its own
reporter and lightweight `luassert` shim, and keeps the helper/preload
flow used by the functional and unit test suites.
Keep the file boundary model shallow and busted-like by restoring `_G`,
`package.loaded`, `package.preload`, `arg`, and the process environment
between files, without carrying extra reset APIs or custom assertion
machinery.
Update the build and test entrypoints to use the new runner, add
black-box coverage for the harness itself, and drop the bundled
busted/luacheck dependency path.
AI-assisted: Codex
Problem:
clangd shows `Implicit conversion 'int' -> 'bool'` warnings.
This is mostly noise in this codebase.
Solution:
- Disable the warning.
- Get latest clang-tidy in CI.
Add a simple AGENTS.md rule for the AI-Assisted trailer in commit
messages and a workflow that adds the AI assisted label when PR commits
include that trailer.
AI-Assisted: Codex
Add workflow that runs Zizmor, a static analysis tool for GitHub
Actions. This will automatically flag various common security issues
with CI workflows.
This avoids false positives from existing uses of `GITHUB_ENV` and
`pull_request_target` that are safe, as well as from cache usage in a
workflow that doesn't produce release artifacts.
Replace all template expansions in code contexts with environment
variable substitutions. Template expansion in code contexts can be a
source of code injection vulnerabilities; for more info, see:
https://docs.zizmor.sh/audits/#template-injection
The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions
Set `persist-credentials: false` for all uses of `actions/checkout`.
This prevents git credentials from being stored on disk, and fixes the
following Zizmor audit:
https://docs.zizmor.sh/audits/#artipacked
This improves CI security by ensuring that action dependencies cannot be
changed by upstream repositories without updating the use of the
dependency in this repo.
Official GitHub-maintained actions are excluded from this requirement
and are left pinned by a tag instead of a commit hash. This action
dependency pinning policy is codified in `.github/zizmor.yml` so that
Zizmor (a static analysis tool for GitHub Actions) doesn't flag these as
unpinned dependencies.
Also add cooldown timer for Dependabot. This fixes these two Zizmor
audits:
* https://docs.zizmor.sh/audits/#dependabot-cooldown
* https://docs.zizmor.sh/audits/#unpinned-uses
Try this since Cirrus CI ran out of compute credits last month.
Previously the tests use less than 1 CPU out of the 2 provided by Cirrus
runner. I'm not sure if CPU usage is taken into account when counting
compute credits, or if it always fully counts the 2 CPUs. But perhaps
this will help in either case?
- Use double underscores for the group targets as these targets usually
shouldn't be used directly.
- Use dash instead of underscore in the two targets that need to be used
directly. I'm not entirely sure about this, as both chars are used in
many targets, but a dash is easier to type than an underscore.
Problem: `install_deps.sh` tries to install `ninja` on macOS, but it is
installed on the runners by default, triggering warnings (and wasting
time) on CI.
Solution: Don't `brew install ninja`.
- Rename ".nvimlog" to "nvim.log"
- doesn't need to be "hidden"/dotfile
- ".log" extension helps with filetype detection
- Also rename "nvim/log" => "nvim/nvim.log"
Define a CMake target for every subdirectory of test/functional that
contains functional tests, and a functionaltest_parallel target that
depends on all those targets, allowing multiple test runners to run in
parallel.
On CI, use at most 2 parallel test runners, as using more may increase
system load and make tests unstable.
Problem:
We want to encourage implementing core features in Lua instead of C, but
it's clumsy because:
- Core Lua code (built into `nvim` so it is available even if VIMRUNTIME
is missing/invalid) requires manually updating CMakeLists.txt, or
stuffing it into `_editor.lua`.
- Core Lua modules are not organized similar to C modules, `_editor.lua`
is getting too big.
Solution:
- Introduce `_core/` where core Lua code can live. All Lua modules added
there will automatically be included as bytecode in the `nvim` binary.
- Move these core modules into `_core/*`:
```
_defaults.lua
_editor.lua
_options.lua
_system.lua
shared.lua
```
TODO:
- Move `_extui/ => _core/ui2/`
dependabot[bot]