Add sanitizer reusable workflow

.github/workflows/sanitizers.yml

@@ -0,0 +1,97 @@
+# *******************************************************************************
+# Copyright (c) 2026 Contributors to the Eclipse Foundation
+#
+# See the NOTICE file(s) distributed with this work for additional
+# information regarding copyright ownership.
+#
+# This program and the accompanying materials are made available under the
+# terms of the Apache License Version 2.0 which is available at
+# https://www.apache.org/licenses/LICENSE-2.0
+#
+# SPDX-License-Identifier: Apache-2.0
+# *******************************************************************************
+
+name: Sanitizers (Reusable)
+
+on:
+  workflow_call:
+    inputs:
+      sanitizer_configs:
+        description: 'Comma-separated list of sanitizer configs (e.g., asan_ubsan_lsan,tsan)'
+        required: false
+        default: 'asan_ubsan_lsan,tsan'
+        type: string
+      test_targets:
+        description: 'Bazel test targets'
+        required: false
+        default: '//tests/...'
+        type: string
+      bazelisk_version:
+        description: 'Bazelisk version'
+        required: false
+        default: '1.26.0'
+        type: string
+      runner_label:
+        description: 'Runner label fallback'
+        required: false
+        default: 'ubuntu-latest'
+        type: string
+
+permissions:
+  contents: read
+
+jobs:
+  prepare-matrix:
+    name: Prepare Matrix
+    runs-on: ubuntu-latest
+    outputs:
+      configs: ${{ steps.parse.outputs.configs }}
+    steps:
+      - name: Parse configs
+        id: parse
+        run: |
+          CONFIGS='${{ inputs.sanitizer_configs }}'
+          CONFIGS=$(echo "$CONFIGS" | tr -d ' ' | tr ',' '\n' | jq -R . | jq -s .)
+          echo "configs=$CONFIGS" >> $GITHUB_OUTPUT
+
+  sanitizer-tests:
+    name: ${{ matrix.sanitizer_config }}
+    runs-on: ${{ vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || inputs.runner_label }}
+    needs: prepare-matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        sanitizer_config: ${{ fromJson(needs.prepare-matrix.outputs.configs) }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4.2.2
+        with:
+          ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }}
+          repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }}
+
+      - name: Setup Bazel
+        uses: bazel-contrib/setup-bazel@0.18.0
+        with:
+          bazelisk-version: ${{ inputs.bazelisk_version }}
+          disk-cache: ${{ github.workflow }}
+          repository-cache: true
+          bazelisk-cache: true
+          cache-save: ${{ github.event_name == 'push' }}
+
+      - name: Run tests
+        run: |
+          bazel test \
+            --config=${{ matrix.sanitizer_config }} \
+            ${{ inputs.test_targets }} \
+            --test_output=errors \
+            --verbose_failures
+
+      - name: Upload logs
+        if: failure()
+        uses: actions/upload-artifact@v6
+        with:
+          name: testlogs-${{ matrix.sanitizer_config }}-${{ github.run_id }}
+          path: bazel-testlogs/**/test.log
+          if-no-files-found: warn
+          retention-days: 7
+

README.md

@@ -18,6 +18,7 @@ These workflows integrate with **Bazel** and provide a consistent way to run **d
 | **Formatting Check**    | Verifies code formatting using Bazel-based tools                   |
 | **Copyright Check**     | Ensures all source files have the required copyright headers        |
 | **Required Approvals**     | Enforces stricter CODEOWNERS rules for multi-team approvals         |
+| **Sanitizers**          | Runs Google Sanitizers (ASan, TSan, UBSan, LSan) for C++ modules   |
 | **QNX Build (Gated)**   | Builds QNX Bazel targets with environment-gated secrets for forks   |
 | **Documentation Verification** | Verifies documentation builds correctly and uploads results    |
 | **CodeQL Scan**         | Performs security and quality analysis using GitHub CodeQL          |
@@ -318,8 +319,37 @@ jobs:
 
 ---
 
+### **11️⃣ Sanitizers Workflow**
 
-### **11. QNX Build (Gated) Workflow**
+**Usage Example**
+```yaml
+name: Sanitizers CI
+
+on:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  sanitizers:
+    uses: eclipse-score/cicd-workflows/.github/workflows/sanitizers.yml@main
+    with:
+      sanitizer_configs: 'asan_ubsan_lsan,tsan' # optional
+      test_targets: '//tests/...' # optional
+```
+
+This workflow:  
+✅ Runs sanitizers (ASan, TSan, UBSan, LSan)  
+✅ Executes tests in parallel  
+✅ Uploads logs on failure
+
+> ℹ️ **Note:** Module must define configs in `quality/sanitizer/sanitizer.bazelrc` and import via `.bazelrc`
+
+---
+
+
+### **12. QNX Build (Gated) Workflow**
 
 Use this workflow when you need QNX secrets for forked PRs and want a manual approval gate via an environment.
 
@@ -355,7 +385,7 @@ jobs:
 
 ---
 
-### **12. Documentation Verification Workflow**
+### **13. Documentation Verification Workflow**
 
 This workflow verifies that documentation builds correctly and can be used to validate documentation changes in pull requests.
 
@@ -386,7 +416,7 @@ jobs:
 
 ---
 
-### **13. CodeQL Security Scan Workflow**
+### **14. CodeQL Security Scan Workflow**
 
 This workflow performs security and quality analysis using GitHub's CodeQL with MISRA C++ coding standards.
 
@@ -422,7 +452,7 @@ jobs:
 
 ---
 
-### **14. SCORE PR Checks Workflow**
+### **15. SCORE PR Checks Workflow**
 
 This workflow enforces SCORE-specific standards, particularly Bazel module naming conventions.
 
@@ -455,7 +485,7 @@ jobs:
 
 ---
 
-### **15. Template Sync Workflow**
+### **16. Template Sync Workflow**
 
 This workflow automatically synchronizes your repository with the latest changes from `eclipse-score/module_template`.