sdk-nrf/.github/workflows/compliance.yml at faa7a350f1648126dea9771d2961fa4c6f140d6a · nrfconnect/sdk-nrf · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Compliance

on: pull_request

permissions:
  contents: read

jobs:
  compliance_job:
    runs-on: ubuntu-24.04
    name: Run compliance checks on patch series (PR)
    steps:
      - name: Update PATH for west
        run: |
          echo "$HOME/.local/bin" >> $GITHUB_PATH

      - name: Checkout sources
        uses: nrfconnect/action-checkout-west-update@main
        with:
          git-fetch-depth: 0
          git-ref: ${{ github.event.pull_request.head.sha }}
          rebase: true

      - name: cache-pip
        uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4
        with:
          path: ~/.cache/pip
          key: ${{ runner.os }}-doc-pip

      - name: Install python dependencies
        working-directory: ncs/nrf
        run: |
          pip3 install -U pip
          pip3 install -U wheel
          grep -E "^setuptools" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U
          grep -E "^python-magic=|^junitparser|^lxml|^gitlint|^pylint|^pykwalify|^yamllint|^unidiff|^vermin|^python-dotenv|^tabulate|^ruff|^reuse" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U
          grep -E "^west" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U
          pip3 show -f west

      - name: Setup Node.js
        uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
        with:
          node-version: "lts/*"
          cache: npm
          check-latest: true
          cache-dependency-path: ./ncs/zephyr/scripts/ci/package-lock.json

      - name: Install Node dependencies
        run: npm --prefix ./ncs/zephyr/scripts/ci ci

      - name: Run merge commits test
        env:
          BASE_REF: ${{ github.base_ref }}
        working-directory: ncs/nrf
        run: |
          # Ensure there's no merge commits in the PR
          [[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \
          (echo "::error ::Merge commits not allowed, rebase instead";false)

      - name: Run CODEOWNERS test
        id: codeowners
        env:
          BASE_REF: ${{ github.base_ref }}
        working-directory: ncs/nrf
        if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
        run: |
          ./scripts/ci/codeowners.py -c origin/${BASE_REF}..

      - name: Run Compliance Tests
        continue-on-error: true
        id: compliance
        env:
          BASE_REF: ${{ github.base_ref }}
        working-directory: ncs/nrf
        if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
        run: |
          export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr"
          # debug
          ls -la
          git log --pretty=oneline | head -n 10
          $ZEPHYR_BASE/scripts/ci/check_compliance.py --annotate \
          -e KconfigBasicNoModules -e ClangFormat -e SysbuildKconfigBasicNoModules \
          -e LicenseAndCopyrightCheck -c origin/${BASE_REF}..

      - name: upload-results
        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4
        continue-on-error: true
        if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
        with:
          name: compliance.xml
          path: ncs/nrf/compliance.xml
          overwrite: true

      - name: check-warns
        working-directory: ncs/nrf
        if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
        run: |
          export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr"
          if [[ ! -s "compliance.xml" ]]; then
            exit 1;
          fi

          files=($($ZEPHYR_BASE/scripts/ci/check_compliance.py -l))
          for file in "${files[@]}"; do
            f="${file}.txt"
            if [[ -s $f ]]; then
              errors=$(cat $f)
              errors="${errors//'%'/'%25'}"
              errors="${errors//$'\n'/'%0A'}"
              errors="${errors//$'\r'/'%0D'}"
              echo "::error file=${f}::$errors"
              exit=1
            fi
          done

          if [ "${exit}" == "1" ]; then
            exit 1;
          fi

      - name: Check added or updated links
        working-directory: ncs/nrf
        run: |
          RE='.. _`(.*)`: (.*)'
          LINKS=$(git diff --unified=0 "${{ github.event.pull_request.base.sha }}..HEAD" -- "doc/nrf/links.txt" | \
                  grep "^+" || true | \
                  grep -Ev "^(---|\+\+\+)" || true)

          while IFS= read -r link; do
            if [[ $link =~ $RE ]]; then
              NAME=${BASH_REMATCH[1]}
              URL=${BASH_REMATCH[2]}

              echo -n "Checking URL for '$NAME' ($URL)... "
              if [[ "$URL" == *"files.nordicsemi.com"* ]]; then
                # files.nordicsemi.com server does not allow downloading only headers
                status=$(curl --write-out "%{http_code}" --output /dev/null --silent "$URL" || true)
              else
                status=$(curl --write-out "%{http_code}" --output /dev/null --silent --head "$URL" || true)
              fi

              if [[ "$status" -ne 200 ]]; then
                echo "FAIL (HTTP code: ${status})"
                exit 1
              else
                echo "OK"
              fi
            fi
          done <<< "$LINKS"