Pin python dependencies to hashes and cleanup/unify python setup steps in
various workflows.
We now have one dependency file containing all requirements for github
actions that is managed centrally with hashes. No direct pip installs
are needed in workflow files and everything shall go via the
requirements file.
Pinning to specific version and hashes helps with preventing supply
chain attacks.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Cleanup all pip commands in the various workflow
- drop the install/upgrade for setuptool pip and wheel, seems like this
was introduced few years back to work around some old bug and it's not
needed anymore
- use pip instead of pip3, that's probably been equivalent for quite a
long time in the CI image
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
With gitv2.26, git rebase uses "git merge" mechanism instead of "git
apply". This creates a rebase-merge folder in .git, in case of rebase
conflict. This caused problems in self hosted runners due to old
rebase-merge folder. This commit deletes this folder before git rebase
action.
Signed-off-by: Mert Ekren <mert.ekren@analog.com>
After rebasing the PR on main, the local copy of the repository may
still contain untracked directories and files (for example, the commits
from the pull request are "git mv"ing files out of directories that are
then left empty). Add a git clean so that we run CI in conditions
that are as close as possible to a fresh clone.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Update getting started guide, release notes, and CI actions to
use Python 3.10 as minimum supported version.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
The current version is generating a deprecation warning:
Node.js 16 actions are deprecated. Please update the following actions
to use Node.js 20: actions/setup-python@v4.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Update Github actions to their latest versions to fix the following
warnings on runs:
```
Node.js 16 actions are deprecated. Please update the following actions
to use Node.js 20: actions/checkout@v3, actions/cache@v3,
actions/upload-artifact@v3. For more information see:
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```
`actions/checkout` and `actions/cache` are straight Node version
upgrades, `actions/upload-artifact` and `actions/download-artifact` have
breaking changes, but don't appear to affect our usage.
https://github.com/actions/upload-artifact
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Add a rebase on top of BASE_REF before the pytest run to make sure that
PRs that predates the test introduction runs on top of the current HEAD.
This prevents pytest from failing with error code 5 because no tests are
found.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Add a "Scripts tests" workflow, for now just run pytest against
"scripts/build", but keep the naming generic so this could be reused for
other tests under scripts that are not covered by the other workflows.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
