From 70b7513bb2ea545028b2e73babea5e32be704c75 Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <talha.can.havadar@canonical.com>
Date: Thu, 11 Sep 2025 22:26:15 +0000
Subject: [PATCH 1/8] workflows: add tics into the linter for quality gating

TICS allows us to track the quality of our project. `client` mode can be
used to gate the PRs if they are under certain threshold.

Signed-off-by: Talha Can Havadar <talha.can.havadar@canonical.com>
---
 ...n_tests.yaml.yml => integration_tests.yml} |  1 +
 .github/workflows/linter.yml                  | 30 +++++++++++++
 .github/workflows/tics_scan.yml               | 44 +++++++++++++++++++
 3 files changed, 75 insertions(+)
 rename .github/workflows/{integration_tests.yaml.yml => integration_tests.yml} (99%)
 create mode 100644 .github/workflows/tics_scan.yml

diff --git a/.github/workflows/integration_tests.yaml.yml b/.github/workflows/integration_tests.yml
similarity index 99%
rename from .github/workflows/integration_tests.yaml.yml
rename to .github/workflows/integration_tests.yml
index 78398903..fc4a9007 100644
--- a/.github/workflows/integration_tests.yaml.yml
+++ b/.github/workflows/integration_tests.yml
@@ -1,5 +1,6 @@
 name: Run integration tests on a DUT via testflinger
 on:
+  workflow_call:
   workflow_dispatch:
   pull_request:
 jobs:
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index b55dec33..33066e64 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -166,3 +166,33 @@ jobs:
           echo "::group::unit test results"
           cargo test --bins
           echo "::endgroup::"
+  tics:
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
+    runs-on: ubuntu-latest
+    env:
+      TICS_CHANGED_LIST: tics_changed.list
+      GH_TOKEN: ${{ github.token }}
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Get PR files
+        env:
+          PR_NUMBER: ${{ github.event.number }}
+        run: |
+          gh pr diff "$PR_NUMBER" --name-only >> "$TICS_CHANGED_LIST"
+          echo "::group::===== Changed Files ====="
+          cat "$TICS_CHANGED_LIST"
+          echo "::endgroup::"
+      - name: Run TICS analysis
+        uses: tiobe/tics-github-action@v3.4.0
+        with:
+          mode: client
+          project: fpgad
+          viewerUrl: https://canonical.tiobe.com/tiobeweb/TICS/api/cfg?name=default
+          ticsAuthToken: ${{ secrets.TICSAUTHTOKEN }}
+          installTics: true
+          filelist: ${{ env.TICS_CHANGED_LIST }}
diff --git a/.github/workflows/tics_scan.yml b/.github/workflows/tics_scan.yml
new file mode 100644
index 00000000..361ccffe
--- /dev/null
+++ b/.github/workflows/tics_scan.yml
@@ -0,0 +1,44 @@
+name: TiCS Scan
+on:
+  pull_request:
+  schedule:
+    - cron: '17 1 * * 0' # Runs at 01:17 (UTC) on Sunday
+jobs:
+  integration-tests:
+    secrets: inherit
+    uses: ./.github/workflows/integration_tests.yml
+  TICS:
+    needs:
+      - integration-tests
+    runs-on: [self-hosted, amd64, tiobe]
+    env:
+      GH_TOKEN: ${{ github.token }}
+      DEBIAN_FRONTEND: noninteractive
+      COVERAGE_DIR: ${{ github.workspace }}/${{ vars.TICS_COVERAGE_DIR || 'coverage' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v5
+        with:
+          fetch-depth: 0
+      - name: Download coverage report
+        uses: actions/download-artifact@v4
+        with:
+          name: llvm-cov-artifacts
+          path: artifacts
+      - uses: actions-rust-lang/setup-rust-toolchain@v1.15
+      - name: Move coverage results for TICS
+        shell: bash
+        run: |
+          find ./artifacts
+          echo "COVERAGE_DIR=${COVERAGE_DIR}"
+          mkdir -p "$COVERAGE_DIR"
+          mv -v ./artifacts/*.lcov "$COVERAGE_DIR/"
+      - name: Run TICS analysis
+        uses: tiobe/tics-github-action@v3.5.0
+        with:
+          mode: qserver
+          project: fpgad
+          viewerUrl: https://canonical.tiobe.com/tiobeweb/TICS/api/cfg?name=default
+          branchdir: ${{ github.workspace }}
+          ticsAuthToken: ${{ secrets.TICSAUTHTOKEN }}
+          installTics: true

From 3b8785f27d456c238de4669634c0d2b7604a0b24 Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <havadartalha@gmail.com>
Date: Tue, 30 Sep 2025 08:01:37 +0200
Subject: [PATCH 2/8] dropme: pls pls

---
 .github/workflows/integration_tests.yml | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/integration_tests.yml b/.github/workflows/integration_tests.yml
index fc4a9007..84341b12 100644
--- a/.github/workflows/integration_tests.yml
+++ b/.github/workflows/integration_tests.yml
@@ -2,7 +2,15 @@ name: Run integration tests on a DUT via testflinger
 on:
   workflow_call:
   workflow_dispatch:
-  pull_request:
+  # pull_request:
+  #   branches:
+  #     - main
+  #   types:
+  #     - opened
+  #     - reopened
+  #     - synchronize
+  #     - ready_for_review
+  #     - labeled
 jobs:
   binary-integration-tests:
     name: Build and Test the Daemon Binary on DUT

From 5e4858fbc403f29679f285b3b8b2f2218672b9fa Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <havadartalha@gmail.com>
Date: Tue, 30 Sep 2025 08:59:49 +0200
Subject: [PATCH 3/8] workflows: add permissions to tics job

This should allow tics action to update the Pull Request/Issue when
needed with the result of the analysis

Signed-off-by: Talha Can Havadar <havadartalha@gmail.com>
---
 .github/workflows/tics_scan.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/tics_scan.yml b/.github/workflows/tics_scan.yml
index 361ccffe..61351b78 100644
--- a/.github/workflows/tics_scan.yml
+++ b/.github/workflows/tics_scan.yml
@@ -8,6 +8,10 @@ jobs:
     secrets: inherit
     uses: ./.github/workflows/integration_tests.yml
   TICS:
+    permissions:
+      contents: read
+      issues: write
+      pull-requests: write
     needs:
       - integration-tests
     runs-on: [self-hosted, amd64, tiobe]

From 51e829775f2de27262ad4c86e389215c6f838b31 Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <havadartalha@gmail.com>
Date: Tue, 30 Sep 2025 09:01:13 +0200
Subject: [PATCH 4/8] dropme: let coverage tests continue on failure

Signed-off-by: Talha Can Havadar <havadartalha@gmail.com>
---
 tests/coverage_test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/coverage_test.sh b/tests/coverage_test.sh
index b8a23b60..e439d289 100755
--- a/tests/coverage_test.sh
+++ b/tests/coverage_test.sh
@@ -12,7 +12,7 @@
 #
 # You should have received a copy of the GNU General Public License along with this program.  If not, see http://www.gnu.org/licenses/.
 
-set -xeu
+set -xu
 
 # Enable llvm-coverage build results
 eval "$(cargo llvm-cov show-env --export-prefix)"

From 248e10b9c3799a995e548c761d2bcf3cefdb3518 Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <talha.can.havadar@canonical.com>
Date: Thu, 2 Oct 2025 06:19:44 +0000
Subject: [PATCH 5/8] linter: diable tics on pull request

---
 .github/workflows/linter.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 33066e64..12544b4b 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -167,6 +167,7 @@ jobs:
           cargo test --bins
           echo "::endgroup::"
   tics:
+    if: false # disabled until we get confirmation
     permissions:
       contents: read
       issues: write

From 34c6c06990ad5b5333d61cd547c5dad3bbccc959 Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <talha.can.havadar@canonical.com>
Date: Fri, 3 Oct 2025 02:00:10 +0000
Subject: [PATCH 6/8] tests: RUSTFLAGS causing unboundflag error in bash
 removed set -u

---
 tests/coverage_test.sh | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tests/coverage_test.sh b/tests/coverage_test.sh
index e439d289..15731886 100755
--- a/tests/coverage_test.sh
+++ b/tests/coverage_test.sh
@@ -12,7 +12,7 @@
 #
 # You should have received a copy of the GNU General Public License along with this program.  If not, see http://www.gnu.org/licenses/.
 
-set -xu
+set -x
 
 # Enable llvm-coverage build results
 eval "$(cargo llvm-cov show-env --export-prefix)"

From 8d7761b1ecdbdaba75a58c46ea571baa0c9f1fee Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <talha.can.havadar@canonical.com>
Date: Tue, 16 Dec 2025 12:11:45 +0100
Subject: [PATCH 7/8] workflows: make sure to build before tics

---
 .github/workflows/tics_scan.yml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/.github/workflows/tics_scan.yml b/.github/workflows/tics_scan.yml
index 61351b78..d4ddcba8 100644
--- a/.github/workflows/tics_scan.yml
+++ b/.github/workflows/tics_scan.yml
@@ -30,6 +30,10 @@ jobs:
           name: llvm-cov-artifacts
           path: artifacts
       - uses: actions-rust-lang/setup-rust-toolchain@v1.15
+      - name: Build
+        run: |
+          rustup component add clippy
+          cargo build --workspace -v
       - name: Move coverage results for TICS
         shell: bash
         run: |

From e86ef4df5d34e6393b8daa203fe849baa3499031 Mon Sep 17 00:00:00 2001
From: Talha Can Havadar <havadartalha@gmail.com>
Date: Fri, 20 Feb 2026 11:23:18 +0100
Subject: [PATCH 8/8] dropme: run clippy to see what is failing

---
 .github/workflows/tics_scan.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/tics_scan.yml b/.github/workflows/tics_scan.yml
index d4ddcba8..6154345e 100644
--- a/.github/workflows/tics_scan.yml
+++ b/.github/workflows/tics_scan.yml
@@ -33,6 +33,7 @@ jobs:
       - name: Build
         run: |
           rustup component add clippy
+          cargo clippy
           cargo build --workspace -v
       - name: Move coverage results for TICS
         shell: bash