|
1 | 1 | name: Compliance |
2 | 2 |
|
3 | | -# Controls when the workflow will run |
4 | | -on: |
5 | | - pull_request: |
6 | | - types: [opened, synchronize, reopened] |
| 3 | +on: pull_request |
7 | 4 |
|
8 | | - # Allows you to run this workflow manually from the Actions tab |
9 | | - workflow_dispatch: |
| 5 | +permissions: |
| 6 | + contents: read |
10 | 7 |
|
11 | | -# A workflow run is made up of one or more jobs that can run sequentially or in parallel |
12 | 8 | jobs: |
13 | | - # This workflow contains a single job called "build" |
14 | 9 | compliance_job: |
15 | | - # The type of runner that the job will run on |
16 | | - runs-on: ubuntu-latest |
| 10 | + runs-on: ubuntu-24.04 |
17 | 11 | name: Run compliance checks on patch series (PR) |
18 | | - |
19 | | - # Steps represent a sequence of tasks that will be executed as part of the job |
20 | 12 | steps: |
21 | | - # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it |
22 | | - - name: Checkout the code |
23 | | - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 |
| 13 | + - name: Update PATH for west |
| 14 | + run: | |
| 15 | + echo "$HOME/.local/bin" >> $GITHUB_PATH |
| 16 | +
|
| 17 | + - name: Checkout sources |
| 18 | + uses: nrfconnect/action-checkout-west-update@main |
24 | 19 | with: |
25 | | - path: nrf-bm |
26 | | - ref: ${{ github.event.pull_request.head.sha }} |
27 | | - fetch-depth: 0 |
| 20 | + git-fetch-depth: 0 |
| 21 | + git-ref: ${{ github.event.pull_request.head.sha }} |
| 22 | + rebase: true |
| 23 | + path: ncs/nrf-bm |
28 | 24 |
|
29 | 25 | - name: cache-pip |
30 | | - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4 |
| 26 | + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4 |
31 | 27 | with: |
32 | 28 | path: ~/.cache/pip |
33 | 29 | key: ${{ runner.os }}-doc-pip |
34 | 30 |
|
35 | | - - name: Install python prerequisites |
36 | | - working-directory: nrf-bm |
37 | | - run: | |
38 | | - export PATH="$HOME/.local/bin:$PATH" |
39 | | - pip3 install -U -r scripts/requirements.txt |
40 | | - pip3 show -f west |
41 | | -
|
42 | | - - name: West init and update |
43 | | - env: |
44 | | - BASE_REF: ${{ github.base_ref }} |
45 | | - working-directory: nrf-bm |
46 | | - run: | |
47 | | - git config --global user.email "[email protected]" |
48 | | - git config --global user.name "Your Name" |
49 | | - git remote -v |
50 | | - # Ensure there's no merge commits in the PR |
51 | | - #[[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \ |
52 | | - #(echo "::error ::Merge commits not allowed, rebase instead";false) |
53 | | - git rebase origin/${BASE_REF} |
54 | | - # debug |
55 | | - git log --pretty=oneline | head -n 10 |
56 | | - west init -l . || true |
57 | | - west config manifest.group-filter -- +ci,-optional |
58 | | - west update -o=--depth=1 -n 2>&1 1> west.update.log || west update -o=--depth=1 -n 2>&1 1> west.update2.log |
59 | | -
|
60 | 31 | - name: Install python dependencies |
61 | | - working-directory: nrf |
| 32 | + working-directory: ncs/nrf |
62 | 33 | run: | |
63 | 34 | pip3 install -U pip |
64 | 35 | pip3 install -U wheel |
65 | 36 | grep -E "^setuptools" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U |
66 | | - grep -E "^python-magic=|^junitparser|^lxml|^gitlint|^pylint|^python-dotenv|^tabulate|^pykwalify|^yamllint|^unidiff" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U |
| 37 | + grep -E "^python-magic=|^junitparser|^lxml|^gitlint|^pylint|^pykwalify|^yamllint|^unidiff|^vermin|^python-dotenv|^tabulate" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U |
67 | 38 | grep -E "^west" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U |
68 | 39 | pip3 show -f west |
69 | 40 |
|
| 41 | + - name: Run merge commits test |
| 42 | + env: |
| 43 | + BASE_REF: ${{ github.base_ref }} |
| 44 | + working-directory: ncs/nrf-bm |
| 45 | + run: | |
| 46 | + # Ensure there's no merge commits in the PR |
| 47 | + [[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \ |
| 48 | + (echo "::error ::Merge commits not allowed, rebase instead";false) |
| 49 | +
|
70 | 50 | - name: Run CODEOWNERS test |
71 | 51 | id: codeowners |
72 | 52 | env: |
73 | 53 | BASE_REF: ${{ github.base_ref }} |
74 | | - working-directory: nrf-bm |
| 54 | + working-directory: ncs/nrf-bm |
75 | 55 | if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true |
76 | 56 | run: | |
77 | 57 | ../nrf/scripts/ci/codeowners.py -c origin/${BASE_REF}.. |
78 | 58 |
|
| 59 | + - name: Get NCS modules needed for compliance tests to run |
| 60 | + working-directory: ncs/nrf-bm |
| 61 | + run: | |
| 62 | + patch -p1 < scripts/ci/ci-compliance.diff |
| 63 | + west update |
| 64 | +
|
79 | 65 | - name: Run Compliance Tests |
80 | 66 | continue-on-error: true |
81 | 67 | id: compliance |
82 | 68 | env: |
83 | 69 | BASE_REF: ${{ github.base_ref }} |
84 | | - working-directory: nrf-bm |
| 70 | + working-directory: ncs/nrf-bm |
85 | 71 | if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true |
86 | 72 | run: | |
87 | | - export PATH="$HOME/.local/bin:$PATH" |
88 | | - export PATH="$HOME/bin:$PATH" |
89 | 73 | export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr" |
90 | 74 | # debug |
91 | 75 | ls -la |
92 | 76 | git log --pretty=oneline | head -n 10 |
93 | | - exec 2> compliance_errors.txt |
94 | | - $ZEPHYR_BASE/scripts/ci/check_compliance.py -m Codeowners -m Devicetree -m Identity -m Nits -m Gitlint -m pylint -c origin/${BASE_REF}.. |
95 | | - if [[ $? -ne 0 ]]; then |
96 | | - echo "$?" >&2 |
97 | | - fi |
| 77 | + $ZEPHYR_BASE/scripts/ci/check_compliance.py --annotate \ |
| 78 | + -e KconfigBasicNoModules -e ClangFormat \ |
| 79 | + -e SysbuildKconfigBasicNoModules \ |
| 80 | + -c origin/${BASE_REF}.. |
98 | 81 |
|
99 | 82 | - name: upload-results |
100 | | - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4 |
101 | | - continue-on-error: True |
| 83 | + uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4 |
| 84 | + continue-on-error: true |
102 | 85 | if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true |
103 | 86 | with: |
104 | 87 | name: compliance.xml |
105 | | - path: nrf-bm/compliance.xml |
| 88 | + path: ncs/nrf-bm/compliance.xml |
| 89 | + overwrite: true |
106 | 90 |
|
107 | 91 | - name: check-warns |
108 | | - working-directory: nrf-bm |
| 92 | + working-directory: ncs/nrf-bm |
| 93 | + if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true |
109 | 94 | run: | |
110 | | - if [[ -s 'compliance_errors.txt' ]]; then |
111 | | - echo "ERRORS FOUND! Exiting" |
112 | | - echo "$(<compliance_errors.txt )" |
113 | | - exit 1; |
| 95 | + export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr" |
| 96 | + if [[ ! -s "compliance.xml" ]]; then |
| 97 | + exit 1; |
114 | 98 | fi |
115 | 99 |
|
116 | | - - name: check-warns |
117 | | - working-directory: nrf-bm |
118 | | - run: | |
119 | | - for file in Codeowners.txt Devicetree.txt Gitlint.txt Identity.txt Nits.txt pylint.txt |
120 | | - do |
121 | | - if [[ -s $file ]]; then |
122 | | - errors=$(cat $file) |
| 100 | + files=($($ZEPHYR_BASE/scripts/ci/check_compliance.py -l)) |
| 101 | + for file in "${files[@]}"; do |
| 102 | + f="${file}.txt" |
| 103 | + if [[ -s $f ]]; then |
| 104 | + errors=$(cat $f) |
123 | 105 | errors="${errors//'%'/'%25'}" |
124 | 106 | errors="${errors//$'\n'/'%0A'}" |
125 | 107 | errors="${errors//$'\r'/'%0D'}" |
126 | | - echo "::error file=${file}::$errors" |
| 108 | + echo "::error file=${f}::$errors" |
127 | 109 | exit=1 |
128 | 110 | fi |
129 | 111 | done |
130 | 112 |
|
131 | | - if [[ $exit == 1 ]]; then |
132 | | - exit 1 |
| 113 | + if [ "${exit}" == "1" ]; then |
| 114 | + exit 1; |
133 | 115 | fi |
0 commit comments