Also trigger the bluetooth tests if tests/bluetooth/common/testlib/
is changed.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Use uv compile to generate requirements.txt from requirements.in
This works better to capture dependencies that work for multiple python
versions, not just the one that was used to generate the
requirements.txt file.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
We've previously restricted Blackbox test
runs to just one test file - test_output.py.
That was a mistake.
This commit makes the relevant workflow run
all of the blackbox test files again.
Signed-off-by: Lukasz Mrugala <lukaszx.mrugala@intel.com>
Updated the bsim-tests workflow to exclude all .rst files.
As per GitHub docs:
The order that you define paths patterns matters:
A matching negative pattern (prefixed with !) after a positive match
will exclude the path.
A matching positive pattern after a negative match will include the path
again.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
No functional change. This is only so as to adopt a versioning scheme
where the Zephyr version of the action is considered more recent than
the upstream version (here, v1.1.1) by means of using dots instead of
dashes.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Speed things up by using GH runners, we do not need the power of our own
runners to create the test plan. This also simplifies the workflow
considerably.
PRs now will get queued immediately, ie. no need to wait for a Zephyr
hosted runner to create the plan and then wait again for another round
to get more runners for execution.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Pin python dependencies to hashes and cleanup/unify python setup steps in
various workflows.
We now have one dependency file containing all requirements for github
actions that is managed centrally with hashes. No direct pip installs
are needed in workflow files and everything shall go via the
requirements file.
Pinning to specific version and hashes helps with preventing supply
chain attacks.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move PR body check to a workflow that monitors editing of PRs.
Avoids rerunnin compliance check and other heavy weights workflows on
just an edit of the PR body.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit introduces a new workflow that checks for SHA-pinned GitHub
Actions on pull requests.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Integrate codeql code scanning from github to do basic static code
analysis on python, actions, js.
c/cpp to be added later.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Moved away from a texlive docker container to a vanilla ubuntu runner
so that we can better track the actual dependencies a user needs to
build the PDF rather than relying on the gigabytes of random stuff
that the texlive docker container pulls in.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Removed coverxygen installation from the CI workflow and added it to the
requirements.txt/.in files and make it easier for anyone to potentially
use it locally.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Building docs just works on vanilla GH runner so it can be convenient
to not prevent the workflow to run on forks.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Ensure we run the latest version of this action (and align with what is
already used for bsim-tests)
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Following the revert in the previous commit, pin the actions/checkout
action to align with what is now the accepted practice in the project.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This reverts commit b80526658c
and restores the original use of looking for changed files
before triggering a documentation build.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Apply dependabot suggested updates to the `scorecard` workflow to pull
latest versions of the actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit updates all GitHub Actions workflows to use specific
SHAs for the actions when they're not GitHub owned (`actions/*`)
instead of using tag-based versioning since tags are mutable.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Add a security section in the external source code issue template
requesting information about known vulnerabilities and cryptographic
usage.
Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com>
Remove check for changed files for now until we have a better way to do
that without the 3rd party action.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Updates the GitHub security page with the current supported versions
after the v4.1.0 release.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Reduce the number of parallel jobs for documentation build since we use
GH-hosted runner with only 4 vCPUs and 16GiB of RAM.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Make CI run on latest Ubuntu LTS so that default Python version
is effectively 3.12.
This allows to build against latest Sphinx 8.2 release, as it
dropped support for Python 3.10.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Setup a fully working Zephyr workspace so that documentation steps that
require e.g. building Zephyr apps have the ability to do so.
The "turbo" builds running on pull requests get a minimal setup, with
no toolchain being installed.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
The "raw" junit.xml is a useful artifact to make available to developers
as it can be ingested by various tools to help dig into failures, look
at evolution of test results over time, etc.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
