create glibc check override

Author: aheev

.github/actions/verify-glibc-baseline/action.yml

@@ -9,6 +9,10 @@ inputs:
     description: Shared library filename to verify
     required: false
     default: liblance_c.so
+  workflow_type:
+    description: Workflow type
+    required: false
+    default: dev
 runs:
   using: composite
   steps:
@@ -28,15 +32,25 @@ runs:
         echo "Verifying file: $target_so"
 
         objdump_output=$(objdump -p "$target_so")
-        printf '%s\n' "$objdump_output" | grep -A 10 "Version References:" || true
+        printf '%s\n' "$objdump_output" | grep -A 10 "Version References: (truncated to first 10)" || true
 
         version_gt() {
-          [ "$(printf '%s\n%s\n' "$2" "$1" | sort -V | tail -n1)" = "$1" ] && [ "$1" != "$2" ]
+          [ "$1" = "$2" ] && return 1
+          [ "$(printf '%s\n%s\n' "$1" "$2" | sort -V | tail -n1)" = "$1" ]
         }
 
         while IFS= read -r version; do
           if version_gt "$version" "$baseline"; then
-            echo "::error::GLIBC Leak Detected! The binary contains symbols newer than GLIBC ${baseline}."
+            {
+              echo "## GLIBC baseline violation"
+              echo "One or more symbols in \`$SEARCH_ROOT\` exceed the **$GLIBC_BASELINE** floor."
+              echo "Run \`objdump -T <binary> | grep GLIBC_\` to identify the offending symbols."
+              
+              if [ "${{ inputs.workflow_type }}" = "release" ]; then
+                echo "To override in an emergency, re-dispatch with \`skip_glibc_check=true\`."
+              fi
+            } >> "$GITHUB_STEP_SUMMARY"
+            echo "::error title=GLIBC baseline violated::See job summary for details."
             exit 1
           fi
         done < <(printf '%s\n' "$objdump_output" | grep -oE 'GLIBC_[0-9]+(\.[0-9]+)+' | sed 's/^GLIBC_//' | sort -Vu)

.github/workflows/release.yml

@@ -8,6 +8,10 @@ on:
       version:
         description: "Version to build (without leading 'v')"
         required: true
+      skip_glibc_check:
+        description: "Emergency override: skip GLIBC baseline check (set to 'true' only if intentional)"
+        required: false
+        default: 'false'
 
 permissions:
   contents: write   # needed for softprops/action-gh-release
@@ -87,10 +91,17 @@ jobs:
       - name: Install to staging prefix
         run: cmake --install build --prefix stage
       - name: Verify GLIBC Baseline
-        if: matrix.os_label == 'linux'
+        if: matrix.os_label == 'linux' && inputs.skip_glibc_check != 'true'
         uses: ./.github/actions/verify-glibc-baseline
         with:
           search_root: ${{ github.workspace }}/stage
+          workflow_type: release
+      - name: Annotate skipped GLIBC check
+        if: matrix.os_label == 'linux' && inputs.skip_glibc_check == 'true'
+        run: |
+          echo "::warning title=GLIBC check skipped::skip_glibc_check=true was set — this release may exceed the GLIBC_BASELINE (${{ env.GLIBC_BASELINE }}) floor. Audit the artifact before distributing."
+          echo "## ⚠️ GLIBC baseline check was skipped" >> "$GITHUB_STEP_SUMMARY"
+          echo "skip_glibc_check=true was set on this run. The artifact may link symbols above **${{ env.GLIBC_BASELINE }}**." >> "$GITHUB_STEP_SUMMARY"
       - name: Tar
         id: pack
         run: |

CMakeLists.txt

@@ -21,11 +21,18 @@ project(LanceC
     LANGUAGES C CXX
 )
 
+if(NOT DEFINED CMAKE_C_STANDARD OR CMAKE_C_STANDARD LESS 11)
+    set(CMAKE_C_STANDARD 11)
+endif()
+set(CMAKE_C_STANDARD_REQUIRED ON)
+set(CMAKE_C_EXTENSIONS OFF)
+
 if(NOT DEFINED CMAKE_CXX_STANDARD OR CMAKE_CXX_STANDARD LESS 20)
     set(CMAKE_CXX_STANDARD 20)
 endif()
 set(CMAKE_CXX_STANDARD_REQUIRED ON)
 set(CMAKE_CXX_EXTENSIONS OFF)
+
 set(CMAKE_C_VISIBILITY_PRESET hidden)
 set(CMAKE_CXX_VISIBILITY_PRESET hidden)
 set(CMAKE_VISIBILITY_INLINES_HIDDEN ON)