Integrate codeql code scanning from github to do basic static code
analysis on python, actions, js.
c/cpp to be added later.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Moved away from a texlive docker container to a vanilla ubuntu runner
so that we can better track the actual dependencies a user needs to
build the PDF rather than relying on the gigabytes of random stuff
that the texlive docker container pulls in.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Removed coverxygen installation from the CI workflow and added it to the
requirements.txt/.in files and make it easier for anyone to potentially
use it locally.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Default to `permissions: read-all` in all workflows and then add
additional permissions as needed at the job level
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Building docs just works on vanilla GH runner so it can be convenient
to not prevent the workflow to run on forks.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Ensure we run the latest version of this action (and align with what is
already used for bsim-tests)
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Following the revert in the previous commit, pin the actions/checkout
action to align with what is now the accepted practice in the project.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This reverts commit b80526658c
and restores the original use of looking for changed files
before triggering a documentation build.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Apply dependabot suggested updates to the `scorecard` workflow to pull
latest versions of the actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit follows up on e808ccfxy and completes the pinning of *all*
GitHub Actions to SHAs, including GitHub-owned `actions/*` actions.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This commit updates all GitHub Actions workflows to use specific
SHAs for the actions when they're not GitHub owned (`actions/*`)
instead of using tag-based versioning since tags are mutable.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Remove check for changed files for now until we have a better way to do
that without the 3rd party action.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Reduce the number of parallel jobs for documentation build since we use
GH-hosted runner with only 4 vCPUs and 16GiB of RAM.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Make CI run on latest Ubuntu LTS so that default Python version
is effectively 3.12.
This allows to build against latest Sphinx 8.2 release, as it
dropped support for Python 3.10.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Setup a fully working Zephyr workspace so that documentation steps that
require e.g. building Zephyr apps have the ability to do so.
The "turbo" builds running on pull requests get a minimal setup, with
no toolchain being installed.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
The "raw" junit.xml is a useful artifact to make available to developers
as it can be ingested by various tools to help dig into failures, look
at evolution of test results over time, etc.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This reverts commit 2dcb61858b.
Completely breaks CI due to concurrency key being wrong and
the same for every PR...
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
This addresses issues were CI jobs would wrongly get cancelled due to
sharing the concurrency group as other workflows.
For example:
- Twister runs being cancelled if both contributor submitting PRs named
their branch the same (often, `main` :))
- The scheduled doc-build systematically kills any ongoing
"on_pull_request_target" workflow runs.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Increase matrix size to deal with builds aborting under heavy load or
when running out of resources.
Also increase number of tests per node to deal with growth.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
There is no point in including source .rst files in html-output.tar.xz
as it unnecessarily slows down the creation of html-output.tar.xz as well
as transfer to/decompression on S3. Same for Doxygen XML output which is
only useful at build time.
Signed-off-by: Benjamin Cabé <benjamin@zephyrproject.org>
Checkout code early, so files are downloaded and read from one single
place.
Check for job results, only run script on failures.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Twister supports building with multiple toolchains in the same workflow
already, so there is no need for doing this in own workflow.
This will allow us to have a few targeted tests that are built with
multiple toolchains and frees up resources spent on duplicated builds in
a second workflow.
Signed-off-by: Anas Nashif <anas.nashif@intel.com>
Added steps to analyze Twister reports and upload the results
if Twister build fails
Signed-off-by: Grzegorz Chwierut <grzegorz.chwierut@nordicsemi.no>
Reconfigure the manifest action to use a manifest specific DNM label, so
that the "DNM" one can be used by humans.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Add "DNM (manifest)" to the "do not merge" labels. This is meant to be a
DNM controlled by the manifest action specific, so that the normal one
can be used by humans and the two are not going to fight with each
other.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Introduce sysbuild-specific variants of existing Kconfig checks:
* SysbuildKconfig
* SysbuildKconfigBasic
* SysbuildKconfigBasicNoModules
This involves a few additions to the base `KconfigCheck` class:
* Supporting a variable symbol prefix, to handle `SB_CONFIG_`.
* Generating extra files, including `Kconfig.sysbuild.modules`.
Although these are never sourced outside of sysbuild Kconfig,
they're still generated for every regular Zephyr build, so it's
natural to let all Kconfig checks follow this behavior.
Signed-off-by: Grzegorz Swiderski <grzegorz.swiderski@nordicsemi.no>
We should also trigger this workflow on changes to the
module integration files.
Signed-off-by: Alberto Escolar Piedras <alberto.escolar.piedras@nordicsemi.no>
Cleanup all pip commands in the various workflow
- drop the install/upgrade for setuptool pip and wheel, seems like this
was introduced few years back to work around some old bug and it's not
needed anymore
- use pip instead of pip3, that's probably been equivalent for quite a
long time in the CI image
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
Change the workflow to pass instead of skip if the PR is mergeable,
just trying to see if it helps with PRs not appearing as mergeable
because they do not match status:success when they should.
Signed-off-by: Fabio Baltieri <fabiobaltieri@google.com>
