8. Step 8 — Code quality#
What it unlocks
Static analysis & style checks — Your module’s source is statically analysed and style-checked on every pull request, on top of the unit, component and integration tests of the previous steps.
The integration runs several language-specific code-quality checks. They operate
on //... (or on the pinned module checkouts), so they pick up your module
automatically once it is in the graph — there is nothing module-specific to wire
in.
8.1. What runs today#
Formatting checks (all languages) — format.yml runs the shared S-CORE formatter (a reusable workflow from cicd-workflows) and fails if any file is not formatted. Reproduce / fix locally by running the format targets before pushing.
Bazel Clippy (Rust) — Rust static analysis runs through the
rules_rustClippy aspect over the Rust targets, flagging lint violations as build errors.CodeQL multi-repo scan (C++) — codeql-multiple-repo-scan.yml checks out every module pinned in
known_good.jsonand runs CodeQL with the MISRA C++ coding standards pack across all of them.
Note
Missing — to be introduced. There is no clang-tidy stage for C++ yet. clang-tidy is planned to complement the CodeQL / MISRA scan for C++ static analysis, but it is currently not wired into the integration or its CI. Until then, C++ static analysis relies on the CodeQL scan only.
8.2. Generated reports#
The CodeQL scan exports its findings as build artifacts on the workflow run:
a SARIF result file (
sarif-results/cpp.sarif), uploaded as thecodeql-sarif-resultsartifact, anda human-readable HTML report (
codeql-report.html), generated from the SARIF withsarif-toolsand uploaded as thecodeql-html-reportartifact.
Download these from the Artifacts section of the CodeQL workflow run to review the C++ findings. The formatting and Clippy checks do not produce a separate report — they pass or fail directly on the workflow run, with the offending files / lints shown in the job log.