[nrf noup] ci: Add compliance test

Use standard Zephyr's compliance in CI, copy the dependencies from Zephyr repo. Signed-off-by: Chaitanya Tata <[email protected]>
nrfconnect · Sep 8, 2023 · 04cac2c · 04cac2c
1 parent db9f97f
commit 04cac2c
Show file tree

Hide file tree

Showing 8 changed files with 766 additions and 0 deletions.
diff --git a/.checkpatch.conf b/.checkpatch.conf
@@ -0,0 +1,32 @@
+--emacs
+--summary-file
+--show-types
+--max-line-length=100
+--min-conf-desc-length=1
+
+--ignore BRACES
+--ignore PRINTK_WITHOUT_KERN_LEVEL
+--ignore SPLIT_STRING
+--ignore VOLATILE
+--ignore CONFIG_EXPERIMENTAL
+--ignore PREFER_KERNEL_TYPES
+--ignore PREFER_SECTION
+--ignore AVOID_EXTERNS
+--ignore NETWORKING_BLOCK_COMMENT_STYLE
+--ignore DATE_TIME
+--ignore MINMAX
+--ignore CONST_STRUCT
+--ignore FILE_PATH_CHANGES
+--ignore SPDX_LICENSE_TAG
+--ignore C99_COMMENT_TOLERANCE
+--ignore REPEATED_WORD
+--ignore UNDOCUMENTED_DT_STRING
+--ignore DT_SPLIT_BINDING_PATCH
+--ignore DT_SCHEMA_BINDING_PATCH
+--ignore TRAILING_SEMICOLON
+--ignore COMPLEX_MACRO
+--ignore MULTISTATEMENT_MACRO_USE_DO_WHILE
+--ignore ENOSYS
+--ignore IS_ENABLED_CONFIG
+--ignore EMBEDDED_FUNCTION_NAME
+--ignore MACRO_WITH_FLOW_CONTROL
diff --git a/.github/workflows/compliance.yml b/.github/workflows/compliance.yml
@@ -0,0 +1,112 @@
+name: Compliance Checks
+
+on: pull_request
+
+jobs:
+  check_compliance:
+    runs-on: ubuntu-22.04
+    name: Run compliance checks on patch series (PR)
+    steps:
+    - name: Update PATH for west
+      run: |
+        echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+    - name: Checkout the code
+      uses: actions/checkout@v3
+      with:
+        path: sdk-hostap
+        ref: ${{ github.event.pull_request.head.sha }}
+        fetch-depth: 0
+
+    - name: cache-pip
+      uses: actions/cache@v3
+      with:
+        path: ~/.cache/pip
+        key: ${{ runner.os }}-doc-pip
+
+    - name: Install python dependencies
+      working-directory: sdk-hostap
+      run: |
+        pip3 install setuptools
+        pip3 install wheel
+        pip3 install python-magic lxml junitparser gitlint pylint pykwalify yamllint
+        pip3 install west
+
+    - name: Clone Zephyr downstream
+      env:
+        BASE_REF: ${{ github.base_ref }}
+      working-directory: sdk-hostap
+      run: |
+        git config --global user.email "[email protected]"
+        git config --global user.name "Your Name"
+        git remote -v
+        # Ensure there's no merge commits in the PR
+        #[[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \
+        #(echo "::error ::Merge commits not allowed, rebase instead";false)
+        # Sauce tag checks before rebasing
+        git rev-list --first-parent origin/${BASE_REF}..HEAD | tr '\n' ',' | \
+        xargs gitlint -c ncs-sauce-tags.enable=true \
+        -c title-starts-with-subsystem.regex=".*" --commits
+        git rebase origin/${BASE_REF}
+        # debug
+        git log  --pretty=oneline | head -n 10
+        # Clone downstream Zephyr (no west needed as we only need the scripts)
+        git clone https://github.com/nrfconnect/sdk-zephyr
+
+    - name: Run CODEOWNERS test
+      id: codeowners
+      env:
+        BASE_REF: ${{ github.base_ref }}
+      working-directory: sdk-hostap
+      if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
+      run: |
+        ./scripts/ci/codeowners.py -c origin/${BASE_REF}..
+
+    - name: Run Compliance Tests
+      continue-on-error: true
+      id: compliance
+      env:
+        BASE_REF: ${{ github.base_ref }}
+      working-directory: sdk-hostap
+      if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
+      run: |
+        export ZEPHYR_BASE="$(dirname "$(pwd)")/sdk-hostap/sdk-zephyr"
+        # debug
+        ls -la
+        git log  --pretty=oneline | head -n 10
+        ./scripts/ci/check_compliance.py --annotate -e KconfigBasic -e Kconfig \
+        -c origin/${BASE_REF}..
+
+    - name: upload-results
+      uses: actions/upload-artifact@v3
+      continue-on-error: true
+      if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
+      with:
+        name: compliance.xml
+        path: sdk-hostap/compliance.xml
+
+    - name: check-warns
+      working-directory: sdk-hostap
+      if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true
+      run: |
+        export ZEPHYR_BASE="$(dirname "$(pwd)")/sdk-hostap/sdk-zephyr"
+        if [[ ! -s "compliance.xml" ]]; then
+          exit 1;
+        fi
+
+        files=($($ZEPHYR_BASE/scripts/ci/check_compliance.py -l))
+        for file in "${files[@]}"; do
+          f="${file}.txt"
+          if [[ -s $f ]]; then
+            errors=$(cat $f)
+            errors="${errors//'%'/'%25'}"
+            errors="${errors//$'\n'/'%0A'}"
+            errors="${errors//$'\r'/'%0D'}"
+            echo "::error file=${f}::$errors"
+            exit=1
+          fi
+        done
+
+        if [ "${exit}" == "1" ]; then
+          exit 1;
+        fi
diff --git a/.gitlint b/.gitlint
@@ -0,0 +1,60 @@
+# All these sections are optional, edit this file as you like.
+[general]
+ignore=title-trailing-punctuation, T3, title-max-length, T1, body-hard-tab, B3, B1
+# verbosity should be a value between 1 and 3, the commandline -v flags take precedence over this
+verbosity = 3
+# By default gitlint will ignore merge commits. Set to 'false' to disable.
+ignore-merge-commits=false
+ignore-revert-commits=false
+ignore-fixup-commits=false
+ignore-squash-commits=false
+# Enable debug mode (prints more output). Disabled by default
+debug = false
+
+# Set the extra-path where gitlint will search for user defined rules
+# See http://jorisroovers.github.io/gitlint/user_defined_rules for details
+extra-path=scripts/gitlint
+
+[title-max-length-no-revert]
+line-length=120
+
+[body-min-line-count]
+min-line-count=1
+
+[body-max-line-count]
+max-line-count=200
+
+[title-starts-with-subsystem]
+regex = ^(?!subsys:)(([^:]+):)(\s([^:]+):)*\s(.+)$
+
+[title-must-not-contain-word]
+# Comma-separated list of words that should not occur in the title. Matching is case
+# insensitive. It's fine if the keyword occurs as part of a larger word (so "WIPING"
+# will not cause a violation, but "WIP: my title" will.
+words=wip
+
+[title-match-regex]
+# python like regex (https://docs.python.org/2/library/re.html) that the
+# commit-msg title must be matched to.
+# Note that the regex can contradict with other rules if not used correctly
+# (e.g. title-must-not-contain-word).
+#regex=^US[0-9]*
+
+[max-line-length-with-exceptions]
+# B1 = body-max-line-length
+line-length=120
+
+[body-min-length]
+min-length=3
+
+[body-is-missing]
+# Whether to ignore this rule on merge commits (which typically only have a title)
+# default = True
+ignore-merge-commits=false
+
+[body-changed-file-mention]
+# List of files that need to be explicitly mentioned in the body when they are changed
+# This is useful for when developers often erroneously edit certain files or git submodules.
+# By specifying this rule, developers can only change the file when they explicitly reference
+# it in the commit message.
+#files=gitlint/rules.py,README.md