f59a054ad7
Bumps the actions-deps group with 8 updates in the / directory: | Package | From | To | | --- | --- | --- | | [actions/setup-python](https://github.com/actions/setup-python) | `5.4.0` | `5.6.0` | | [EnricoMi/publish-unit-test-result-action](https://github.com/enricomi/publish-unit-test-result-action) | `2.18.0` | `2.19.0` | | [tj-actions/changed-files](https://github.com/tj-actions/changed-files) | `46.0.3` | `46.0.5` | | [actions/download-artifact](https://github.com/actions/download-artifact) | `4.2.1` | `4.3.0` | | [codecov/codecov-action](https://github.com/codecov/codecov-action) | `5.4.0` | `5.4.2` | | [github/codeql-action](https://github.com/github/codeql-action) | `3.28.13` | `3.28.17` | | [carpentries/actions](https://github.com/carpentries/actions) | `0.14.0` | `0.15.0` | | [zgosalvez/github-actions-ensure-sha-pinned-actions](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions) | `3.0.23` | `3.0.24` | Updates `actions/setup-python` from 5.4.0 to 5.6.0 - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v5.4.0...a26af69be951a213d495a4c3e4e4022e16d87065) Updates `EnricoMi/publish-unit-test-result-action` from 2.18.0 to 2.19.0 - [Release notes](https://github.com/enricomi/publish-unit-test-result-action/releases) - [Commits](170bf24d20...afb2984f4d) Updates `tj-actions/changed-files` from 46.0.3 to 46.0.5 - [Release notes](https://github.com/tj-actions/changed-files/releases) - [Changelog](https://github.com/tj-actions/changed-files/blob/main/HISTORY.md) - [Commits](823fcebdb3...ed68ef82c0) Updates `actions/download-artifact` from 4.2.1 to 4.3.0 - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](95815c38cf...d3f86a106a) Updates `codecov/codecov-action` from 5.4.0 to 5.4.2 - [Release notes](https://github.com/codecov/codecov-action/releases) - [Changelog](https://github.com/codecov/codecov-action/blob/main/CHANGELOG.md) - [Commits](0565863a31...ad3126e916) Updates `github/codeql-action` from 3.28.13 to 3.28.17 - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](1b549b9259...60168efe1c) Updates `carpentries/actions` from 0.14.0 to 0.15.0 - [Release notes](https://github.com/carpentries/actions/releases) - [Commits](e27aa6c531...2e20fd5ee5) Updates `zgosalvez/github-actions-ensure-sha-pinned-actions` from 3.0.23 to 3.0.24 - [Release notes](https://github.com/zgosalvez/github-actions-ensure-sha-pinned-actions/releases) - [Commits](4830be28ce...2d6823da40) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: 5.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: EnricoMi/publish-unit-test-result-action dependency-version: 2.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: tj-actions/changed-files dependency-version: 46.0.5 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: actions/download-artifact dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: codecov/codecov-action dependency-version: 5.4.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: github/codeql-action dependency-version: 3.28.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps - dependency-name: carpentries/actions dependency-version: 0.15.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions-deps - dependency-name: zgosalvez/github-actions-ensure-sha-pinned-actions dependency-version: 3.0.24 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: actions-deps ... Signed-off-by: dependabot[bot] <support@github.com>
125 lines
3.7 KiB
YAML
125 lines
3.7 KiB
YAML
name: Compliance Checks
|
|
|
|
on:
|
|
pull_request:
|
|
types:
|
|
- edited
|
|
- opened
|
|
- reopened
|
|
- synchronize
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
check_compliance:
|
|
runs-on: ubuntu-24.04
|
|
name: Run compliance checks on patch series (PR)
|
|
steps:
|
|
- name: Update PATH for west
|
|
run: |
|
|
echo "$HOME/.local/bin" >> $GITHUB_PATH
|
|
|
|
- name: Checkout the code
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
ref: ${{ github.event.pull_request.head.sha }}
|
|
fetch-depth: 0
|
|
|
|
- name: Rebase onto the target branch
|
|
env:
|
|
BASE_REF: ${{ github.base_ref }}
|
|
run: |
|
|
git config --global user.email "you@example.com"
|
|
git config --global user.name "Your Name"
|
|
git remote -v
|
|
# Ensure there's no merge commits in the PR
|
|
[[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \
|
|
(echo "::error ::Merge commits not allowed, rebase instead";false)
|
|
rm -fr ".git/rebase-apply"
|
|
rm -fr ".git/rebase-merge"
|
|
git rebase origin/${BASE_REF}
|
|
git clean -f -d
|
|
# debug
|
|
git log --pretty=oneline | head -n 10
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0
|
|
with:
|
|
python-version: 3.12
|
|
cache: pip
|
|
cache-dependency-path: scripts/requirements-actions.txt
|
|
|
|
- name: Install Python packages
|
|
run: |
|
|
pip install -r scripts/requirements-actions.txt --require-hashes
|
|
|
|
- name: west setup
|
|
run: |
|
|
west init -l . || true
|
|
west config manifest.group-filter -- +ci,-optional
|
|
west update -o=--depth=1 -n 2>&1 1> west.update.log || west update -o=--depth=1 -n 2>&1 1> west.update2.log
|
|
|
|
- name: Run Compliance Tests
|
|
continue-on-error: true
|
|
id: compliance
|
|
env:
|
|
BASE_REF: ${{ github.base_ref }}
|
|
run: |
|
|
export ZEPHYR_BASE=$PWD
|
|
# debug
|
|
ls -la
|
|
git log --pretty=oneline | head -n 10
|
|
# Increase rename limit to allow for large PRs
|
|
git config diff.renameLimit 10000
|
|
excludes="-e KconfigBasic -e SysbuildKconfigBasic -e ClangFormat"
|
|
# The signed-off-by check for dependabot should be skipped
|
|
if [ "${{ github.actor }}" == "dependabot[bot]" ]; then
|
|
excludes="$excludes -e Identity"
|
|
fi
|
|
./scripts/ci/check_compliance.py --annotate $excludes -c origin/${BASE_REF}..
|
|
|
|
- name: upload-results
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
continue-on-error: true
|
|
with:
|
|
name: compliance.xml
|
|
path: compliance.xml
|
|
|
|
- name: check-warns
|
|
run: |
|
|
if [[ ! -s "compliance.xml" ]]; then
|
|
exit 1;
|
|
fi
|
|
|
|
warns=("ClangFormat")
|
|
files=($(./scripts/ci/check_compliance.py -l))
|
|
|
|
for file in "${files[@]}"; do
|
|
f="${file}.txt"
|
|
if [[ -s $f ]]; then
|
|
results=$(cat $f)
|
|
results="${results//'%'/'%25'}"
|
|
results="${results//$'\n'/'%0A'}"
|
|
results="${results//$'\r'/'%0D'}"
|
|
|
|
if [[ "${warns[@]}" =~ "${file}" ]]; then
|
|
echo "::warning file=${f}::$results"
|
|
else
|
|
echo "::error file=${f}::$results"
|
|
exit=1
|
|
fi
|
|
fi
|
|
done
|
|
|
|
if [ "${exit}" == "1" ]; then
|
|
echo "Compliance error, check for error messages in the \"Run Compliance Tests\" step"
|
|
echo "You can run this step locally with the ./scripts/ci/check_compliance.py script."
|
|
exit 1;
|
|
fi
|
|
|
|
if [ "${{ steps.pr_description.outcome }}" == "failure" ]; then
|
|
echo "PR description cannot be empty"
|
|
exit 1;
|
|
fi
|