Blackbox tests now shall include smoke tests,
that is Twister calls in the environment.
Additionally, those smoke tests will run
on multiple platforms.
Signed-off-by: Lukasz Mrugala <lukaszx.mrugala@intel.com>
This reverts commit 370e0882cb, the
condition is evaluated at workout creation time so this does not work at
all, plus some conditions don't have a label removal logic so pairing
this with the manifest run does not work anyway.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
The current CI setup sets the manifest DNM label in a workflow and
checks it in a different workflow. The one performing the check is
configured to rerun on label changes but it's been reported few times
that the rerun logic does not seem to always run effectively and there's
been cases where the manifest has been fixed but the label has not been
removed by the automation, resulting in a stale PR.
Since the manifest has its own dedicated label, fix this race condition
by checking for that label specifically in the manifest workflow rather
than in a separate one, this means that the check is always performed
after the script that sets the label.
It also means that on manifest changes the manifest step itself will
fail rather than the PR metadata check one.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Also trigger the bluetooth tests if tests/bluetooth/common/testlib/
is changed.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Use uv compile to generate requirements.txt from requirements.in
This works better to capture dependencies that work for multiple python
versions, not just the one that was used to generate the
requirements.txt file.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
We've previously restricted Blackbox test
runs to just one test file - test_output.py.
That was a mistake.
This commit makes the relevant workflow run
all of the blackbox test files again.
Signed-off-by: Lukasz Mrugala <lukaszx.mrugala@intel.com>
Updated the bsim-tests workflow to exclude all .rst files.
As per GitHub docs:
The order that you define paths patterns matters:
A matching negative pattern (prefixed with !) after a positive match
will exclude the path.
A matching positive pattern after a negative match will include the path
again.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
No functional change. This is only so as to adopt a versioning scheme
where the Zephyr version of the action is considered more recent than
the upstream version (here, v1.1.1) by means of using dots instead of
dashes.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Speed things up by using GH runners, we do not need the power of our own
runners to create the test plan. This also simplifies the workflow
considerably.
PRs now will get queued immediately, ie. no need to wait for a Zephyr
hosted runner to create the plan and then wait again for another round
to get more runners for execution.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Pin python dependencies to hashes and cleanup/unify python setup steps in
various workflows.
We now have one dependency file containing all requirements for github
actions that is managed centrally with hashes. No direct pip installs
are needed in workflow files and everything shall go via the
requirements file.
Pinning to specific version and hashes helps with preventing supply
chain attacks.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Move PR body check to a workflow that monitors editing of PRs.
Avoids rerunnin compliance check and other heavy weights workflows on
just an edit of the PR body.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
This commit introduces a new workflow that checks for SHA-pinned GitHub
Actions on pull requests.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Integrate codeql code scanning from github to do basic static code
analysis on python, actions, js.
c/cpp to be added later.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Moved away from a texlive docker container to a vanilla ubuntu runner
so that we can better track the actual dependencies a user needs to
build the PDF rather than relying on the gigabytes of random stuff
that the texlive docker container pulls in.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Removed coverxygen installation from the CI workflow and added it to the
requirements.txt/.in files and make it easier for anyone to potentially
use it locally.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Building docs just works on vanilla GH runner so it can be convenient
to not prevent the workflow to run on forks.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Ensure we run the latest version of this action (and align with what is
already used for bsim-tests)
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Following the revert in the previous commit, pin the actions/checkout
action to align with what is now the accepted practice in the project.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This reverts commit b80526658c
and restores the original use of looking for changed files
before triggering a documentation build.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Apply dependabot suggested updates to the `scorecard` workflow to pull
latest versions of the actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit updates all GitHub Actions workflows to use specific
SHAs for the actions when they're not GitHub owned (`actions/*`)
instead of using tag-based versioning since tags are mutable.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Add a security section in the external source code issue template
requesting information about known vulnerabilities and cryptographic
usage.
Signed-off-by: Flavio Ceolin <flavio@hubblenetwork.com>
Remove check for changed files for now until we have a better way to do
that without the 3rd party action.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Updates the GitHub security page with the current supported versions
after the v4.1.0 release.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
