Update follow DS template format

Author: silabs-CongD

.github/workflows/00-Check-Code-Convention.yml

@@ -1,22 +1,19 @@
 name: 00-Check-Code-Convention
 on:
-#Only manual trigger for now
-# TODO analyse what to enable  
-#  push:
-#    branches-ignore:
-#      - main
-#      - "tests/**"
-#  pull_request:
-#    branches:
-#      - main
-#      - develop
-#      - "release/**"
+  push:
+    branches-ignore:
+      - main
+      - "tests/**"
+  pull_request:
+    branches:
+      - main
+      - "release/**"
   workflow_dispatch:
     inputs:
       branch:
         description: 'Branch to test'
         type: string
-        default: 'dev'
+        default: 'main'
 
 jobs:
   job1:
@@ -39,9 +36,6 @@ jobs:
         ref: "${{ github.event_name == 'workflow_dispatch' && github.event.inputs.branch || github.ref }}"
         submodules: true
         fetch-depth: 0
-        ## an internal repo as a submodule is present therefore PAT is needed
-        token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
-
     - name: Log Current Branch and Commit
       run: |
           echo "Current branch: $(git rev-parse --abbrev-ref HEAD)"
@@ -63,21 +57,28 @@ jobs:
           sudo make install
           echo "Uncrustify has been installed successfully!"
           cd ../../
-          sudo cp ./.github/coding-convention-tool/tools/uncrustify.cfg ./uncrustify/uncrustify.cfg
-          echo "Install clang-tidy and cppcheck ..."
-          sudo apt-get install clang-tidy cppcheck
+          sudo cp ./.github/coding-convention-tool/tools/uncrustify/uncrustify.cfg ./uncrustify/uncrustify.cfg
+          echo "Install clang-tidy"
+          sudo apt-get install clang-tidy
     - name: Run test
       run: |
-        pre-commit install
-        pre-commit run --all-files 2>&1 | tee CodingConventionTool.txt
+        pre-commit install --config .github/coding-convention-tool/.pre-commit-config.yaml
+        pre-commit run --config .github/coding-convention-tool/.pre-commit-config.yaml --all-files 2>&1 | tee CodingConventionTool.txt
+        git diff > code-fix.patch || echo "No changes to patch."
+        ls -lah code-fix.patch
 
     - name: Upload Result
-      if: always()
       uses: actions/[email protected]
       with:
         name: CodingConventionResult
         path: CodingConventionTool.txt
         retention-days: 90
+    - name: Upload Patch
+      uses: actions/[email protected]
+      with:
+        name: code-fix.patch
+        path: code-fix.patch
+        retention-days: 90
     - name: Check log file to set status of the job
       run: |
         keywords=("Failed")
@@ -88,4 +89,4 @@ jobs:
           else
             echo "Keyword '$keyword' not found in the file."
           fi
-        done
+        done

.github/workflows/01-CLA-Assistant.yml

@@ -3,13 +3,11 @@ name: 01-CLA-Assistant
 ## uncomment the other trigger conditions for public repositories
 
 on:
-  workflow_dispatch:
-# issue_comment:
-#   types: [created]
-# pull_request_target:
-#   types: [opened,closed,synchronize,reopened]
+  issue_comment:
+    types: [created]
+  pull_request_target:
+    types: [opened,closed,synchronize,reopened]
 
-# explicitly configure permissions, in case your GITHUB_TOKEN workflow permissions are set to read-only in repository settings
 permissions:
   actions: write
   contents: read # this can be 'read' if the signatures are in remote repository
@@ -20,22 +18,28 @@ jobs:
   CLAAssistant:
     runs-on: ubuntu-24.04
     steps:
+      - name: Create CLA Assistant Lite bot token
+        uses: actions/create-github-app-token@v2
+        id: app-token
+        with:
+          app-id: ${{ secrets.GH_APP_ID }}
+          private-key: ${{ secrets.GH_APP_PRIVATE_KEY }}
+          owner: SiliconLabsInternal
+          repositories: contributor-license-agreements
+
       - name: "CLA Assistant"
         if: ${{ contains(github.event.comment.body, 'I have read the CLA Document and I hereby sign the CLA') }} || github.event_name == 'pull_request_target'
-        uses: SiliconLabsWorkflows/cla-assistant@silabs_flavour_v2
+        uses: SiliconLabsSoftware/action-cla-assistant@silabs_flavour_v2
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-          # the below token should have repo scope and must be manually added by you in the repository's secret
-          # This token is required only if you have configured to store the signatures in a remote repository/organization
-          PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          PERSONAL_ACCESS_TOKEN: ${{ steps.app-token.outputs.token }}
         with:
           path-to-signatures: "cla_signatures_db.json"
-          path-to-document: "https://github.com/SiliconLabsSoftware/bluetooth-AoA-example/blob/main/cla.md"
-          # branch should not be protected
+          path-to-document: "https://github.com/SiliconLabsSoftware/agreements-and-guidelines/blob/main/contributor_license_agreement.md"
           branch: 'cla-database'
           allowlist: silabs-*,bot*
           # the following are the optional inputs - If the optional inputs are not given, then default values will be taken
           remote-organization-name: "SiliconLabsInternal"
           remote-repository-name: "contributor-license-agreements"
           create-file-commit-message: "Created the CLA database file. CLA Assistant Lite bot created this file."
-          signed-commit-message: "$contributorName has signed the CLA in $owner/$repo#$pullRequestNo"
+          signed-commit-message: "$contributorName has signed the CLA in $owner/$repo#$pullRequestNo"

.github/workflows/04-TruffleHog-Security-Scan.yml

@@ -1,15 +1,12 @@
 name: 04-TruffleHog-Security-Scan
 on:
-  #Only manual trigger for now
-  # TODO analyse what to enable    
-  #pull_request:
-    #    branches:
-    #        - main
-    #        - develop
-    workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+  workflow_dispatch:
 jobs:
   trufflehog_scan:
-    runs-on: ubuntu-24.04
+    runs-on: ubuntu-latest
     steps:
     - name: Checkout code
       uses: actions/checkout@v4
@@ -18,4 +15,4 @@ jobs:
     - name: Secret Scanning
       uses: trufflesecurity/[email protected]
       with:
-        extra_args: --only-verified
+        extra_args: --only-verified