Update to a revision of the manifest action that includes:
https://github.com/zephyrproject-rtos/action-manifest/pull/21
Also add the corresponding binary blobs labels parameters to the
workflow.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
This reverts commit 370e0882cb, the
condition is evaluated at workout creation time so this does not work at
all, plus some conditions don't have a label removal logic so pairing
this with the manifest run does not work anyway.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
The current CI setup sets the manifest DNM label in a workflow and
checks it in a different workflow. The one performing the check is
configured to rerun on label changes but it's been reported few times
that the rerun logic does not seem to always run effectively and there's
been cases where the manifest has been fixed but the label has not been
removed by the automation, resulting in a stale PR.
Since the manifest has its own dedicated label, fix this race condition
by checking for that label specifically in the manifest workflow rather
than in a separate one, this means that the check is always performed
after the script that sets the label.
It also means that on manifest changes the manifest step itself will
fail rather than the PR metadata check one.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Pin python dependencies to hashes and cleanup/unify python setup steps in
various workflows.
We now have one dependency file containing all requirements for github
actions that is managed centrally with hashes. No direct pip installs
are needed in workflow files and everything shall go via the
requirements file.
Pinning to specific version and hashes helps with preventing supply
chain attacks.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit updates all GitHub Actions workflows to use specific
SHAs for the actions when they're not GitHub owned (`actions/*`)
instead of using tag-based versioning since tags are mutable.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Reconfigure the manifest action to use a manifest specific DNM label, so
that the "DNM" one can be used by humans.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Cleanup all pip commands in the various workflow
- drop the install/upgrade for setuptool pip and wheel, seems like this
was introduced few years back to work around some old bug and it's not
needed anymore
- use pip instead of pip3, that's probably been equivalent for quite a
long time in the CI image
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Update Github actions to their latest versions to fix the following
warnings on runs:
```
Node.js 16 actions are deprecated. Please update the following actions
to use Node.js 20: actions/checkout@v3, actions/cache@v3,
actions/upload-artifact@v3. For more information see:
https://github.blog/changelog/2023-09-22-github-actions-transitioning-from-node-16-to-node-20/.
```
`actions/checkout` and `actions/cache` are straight Node version
upgrades, `actions/upload-artifact` and `actions/download-artifact` have
breaking changes, but don't appear to affect our usage.
https://github.com/actions/upload-artifact
Signed-off-by: Jordan Yates <jordan.yates@data61.csiro.au>
Upgrade to v1.2.0, which comes with a bugfix and support for processing
PRs that have removed modifications to the manifest.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
Update action-manifest to the latest commit, pick up:
a6d0c6e action: match revisions with a refs/ prefix
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
This commit updates the manifest workflow to not label the pull
requests updating the west manifest (`west.yml`) with the `west` label
because the `manifest` label alone is enough for this purpose and the
`west` label can be easily confused with the `area: West` label.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
The GitHub Actions trigger-on-file-change mechanism may fail to trigger
for very large PRs (300+ files changed).
This commit updates the manifest workflow such that it runs on all pull
requests, regardless of whether `west.yml` is modified.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the CI workflows to use the latest "checkout"
action v3, which is based on Node.js 16.
Note that Node.js 12-based actions are now deprecated by GitHub and may
stop working in the near future.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the manifest check workflow to use a specific
runner image version, ubuntu-20.04, instead of the latest version in
order to prevent any potential breakages due to the 'latest' version
change by GitHub.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
This commit updates the CI manifest workflow to run the manifest action
as the 'zephyrbot' user instead of the 'github-actions' user.
The 'github-actions' user does not have the permissions required to
trigger another workflow and fails to trigger the "Do Not Merge"
workflow when it (un)labels a pull request with the "DNM" label.
Signed-off-by: Stephanos Ioannidis <root@stephanos.io>
With this setting enabled, Git credentials are not kept after checkout.
Credentials are not necessary after the checkout step since we do not
do any further manual push/pull operations.
Signed-off-by: Gerard Marull-Paretas <gerard.marull@nordicsemi.no>
This new release adds support for diffs as well as being able to list
added and removed projects.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
In order to develop further functionality in the action-manifest repo,
pin the version to v1.0.0 here.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The manifest GitHub action now optionally takes a checked out tree in
order to find the merge base of the pull request branch. Provide this to
avoid artifacts in edge cases.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
The manifest workflow uses the manifest action to detect changes in the
west manifest. It then analyzes the changes and posts labels and a
comment in table format accordingly.
It is meant to be used as a helper bot for developers submitting changes
to modules, reducing the need for manual work and oversight and
automating common operations.
Signed-off-by: Carles Cufi <carles.cufi@nordicsemi.no>
