Skip to content

Additional Warning/Hardening Test in CI#3568

Open
Easton97-Jens wants to merge 5 commits into
owasp-modsecurity:v3/masterfrom
Easton97-Jens:v3/master-workflows
Open

Additional Warning/Hardening Test in CI#3568
Easton97-Jens wants to merge 5 commits into
owasp-modsecurity:v3/masterfrom
Easton97-Jens:v3/master-workflows

Conversation

@Easton97-Jens

@Easton97-Jens Easton97-Jens commented May 15, 2026

Copy link
Copy Markdown
Contributor
  • I added a separate CI workflow/build job for ModSecurity v3 to make compiler warnings and hardening-related issues visible earlier in the development process.
  • The job intentionally builds ModSecurity with stricter GCC warning flags such as -Wall, -Wextra, -Wformat, and -Wformat-security.
  • The run currently operates in a warn-only mode so existing warnings become visible in CI without immediately failing the entire workflow because of -Werror.
  • This helps detect potential issues and regressions early and allows them to be fixed proactively before they appear in Fedora/RHEL packaging or downstream builds.
  • In addition, all relevant compiler, linker, and configure flags are printed in the CI logs to improve transparency and reproducibility of the build environment.
  • The long-term goal is to continuously reduce warnings and hardening issues and eventually re-enable stricter error handling (-Werror).

#3567

@airween airween requested a review from Copilot June 12, 2026 19:34
Copilot AI reviewed Jun 12, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds an additional CI job intended to surface GCC warnings and common hardening-related build issues for ModSecurity v3 earlier in the development cycle, while keeping the job “warn-only” to avoid immediately breaking CI.

Changes:

  • Introduces a new “ModSecurity v3 (warn-only hardening build)” job on Ubuntu 24.04.
  • Builds with stricter compiler/linker flags and prints toolchain + build flag configuration to CI logs.
  • Auto-detects and installs the latest libluaX.Y-dev package before building.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread .github/workflows/ci_new.yml Outdated
Comment thread .github/workflows/ci_new.yml
Comment thread .github/workflows/ci_new.yml
Comment thread .github/workflows/ci_new.yml
Comment thread .github/workflows/ci_new.yml
@sonarqubecloud

sonarqubecloud Bot commented Jun 13, 2026

Copy link
Copy Markdown

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Easton97-Jens