-
Notifications
You must be signed in to change notification settings - Fork 39
122 lines (106 loc) · 3.9 KB
/
compliance.yml
File metadata and controls
122 lines (106 loc) · 3.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Compliance
on: pull_request
permissions:
contents: read
jobs:
compliance_job:
runs-on: ubuntu-24.04
name: Run compliance checks on patch series (PR)
steps:
- name: Update PATH for west
run: |
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Checkout sources
uses: nrfconnect/action-checkout-west-update@main
with:
git-fetch-depth: 0
git-ref: ${{ github.event.pull_request.head.sha }}
rebase: true
path: ncs/nrf-bm
- name: cache-pip
uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
with:
path: ~/.cache/pip
key: ${{ runner.os }}-doc-pip
- name: Install python dependencies
working-directory: ncs/zephyr
run: |
pip3 install -U pip
pip3 install -U wheel
pip install -r scripts/requirements-compliance.txt
- name: Setup Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: "lts/*"
cache: npm
check-latest: true
cache-dependency-path: ./ncs/zephyr/scripts/ci/package-lock.json
- name: Install Node dependencies
run: npm --prefix ./ncs/zephyr/scripts/ci ci
- name: Run merge commits test
env:
BASE_REF: ${{ github.base_ref }}
working-directory: ncs/nrf-bm
run: |
# Ensure there's no merge commits in the PR
[[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \
(echo "::error ::Merge commits not allowed, rebase instead";false)
- name: Run CODEOWNERS test
id: codeowners
env:
BASE_REF: ${{ github.base_ref }}
working-directory: ncs/nrf-bm
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
run: |
../nrf/scripts/ci/codeowners.py -c origin/${BASE_REF}..
- name: Get NCS modules needed for compliance tests to run
working-directory: ncs/nrf-bm
run: |
patch -p1 < scripts/ci/ci-compliance.diff
west update
- name: Run Compliance Tests
continue-on-error: true
id: compliance
env:
BASE_REF: ${{ github.base_ref }}
working-directory: ncs/nrf-bm
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
run: |
export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr"
# debug
ls -la
git log --pretty=oneline | head -n 10
$ZEPHYR_BASE/scripts/ci/check_compliance.py --annotate \
-e KconfigBasicNoModules -e ClangFormat -e SysbuildKconfigBasicNoModules \
-e LicenseAndCopyrightCheck -e BinaryFiles -c origin/${BASE_REF}..
- name: upload-results
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
continue-on-error: true
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
with:
name: compliance.xml
path: ncs/nrf-bm/compliance.xml
overwrite: true
- name: check-warns
working-directory: ncs/nrf-bm
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
run: |
export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr"
if [[ ! -s "compliance.xml" ]]; then
exit 1;
fi
files=($($ZEPHYR_BASE/scripts/ci/check_compliance.py -l))
for file in "${files[@]}"; do
f="${file}.txt"
if [[ -s $f ]]; then
errors=$(cat $f)
errors="${errors//'%'/'%25'}"
errors="${errors//$'\n'/'%0A'}"
errors="${errors//$'\r'/'%0D'}"
echo "::error file=${f}::$errors"
exit=1
fi
done
if [ "${exit}" == "1" ]; then
exit 1;
fi