1name: Compliance Checks
2
3on:
4  pull_request:
5    types:
6    - edited
7    - opened
8    - reopened
9    - synchronize
10
11jobs:
12  check_compliance:
13    runs-on: ubuntu-22.04
14    name: Run compliance checks on patch series (PR)
15    steps:
16    - name: Update PATH for west
17      run: |
18        echo "$HOME/.local/bin" >> $GITHUB_PATH
19
20    - name: Checkout the code
21      uses: actions/checkout@v4
22      with:
23        ref: ${{ github.event.pull_request.head.sha }}
24        fetch-depth: 0
25
26    - name: Rebase onto the target branch
27      env:
28        BASE_REF: ${{ github.base_ref }}
29      run: |
30        git config --global user.email "you@example.com"
31        git config --global user.name "Your Name"
32        git remote -v
33        # Ensure there's no merge commits in the PR
34        [[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \
35        (echo "::error ::Merge commits not allowed, rebase instead";false)
36        rm -fr ".git/rebase-apply"
37        rm -fr ".git/rebase-merge"
38        git rebase origin/${BASE_REF}
39        git clean -f -d
40        # debug
41        git log  --pretty=oneline | head -n 10
42
43    - name: Set up Python
44      uses: actions/setup-python@v5
45      with:
46        python-version: 3.11
47
48    - name: cache-pip
49      uses: actions/cache@v4
50      with:
51        path: ~/.cache/pip
52        key: ${{ runner.os }}-pip-${{ hashFiles('.github/workflows/compliance.yml') }}
53
54    - name: Install python dependencies
55      run: |
56        pip install -r scripts/requirements-compliance.txt
57        pip install west
58
59    - name: west setup
60      run: |
61        west init -l . || true
62        west config manifest.group-filter -- +ci,-optional
63        west update -o=--depth=1 -n 2>&1 1> west.update.log || west update -o=--depth=1 -n 2>&1 1> west.update2.log
64
65    - name: Check for PR description
66      if: ${{ github.event.pull_request.body == '' }}
67      continue-on-error: true
68      id: pr_description
69      run: |
70        echo "Pull request description cannot be empty."
71        exit 1
72
73    - name: Run Compliance Tests
74      continue-on-error: true
75      id: compliance
76      env:
77        BASE_REF: ${{ github.base_ref }}
78      run: |
79        export ZEPHYR_BASE=$PWD
80        # debug
81        ls -la
82        git log  --pretty=oneline | head -n 10
83        # Increase rename limit to allow for large PRs
84        git config diff.renameLimit 10000
85        ./scripts/ci/check_compliance.py --annotate -e KconfigBasic -e ClangFormat \
86        -c origin/${BASE_REF}..
87
88    - name: upload-results
89      uses: actions/upload-artifact@v4
90      continue-on-error: true
91      with:
92        name: compliance.xml
93        path: compliance.xml
94
95    - name: check-warns
96      run: |
97        if [[ ! -s "compliance.xml" ]]; then
98          exit 1;
99        fi
100
101        warns=("ClangFormat")
102        files=($(./scripts/ci/check_compliance.py -l))
103
104        for file in "${files[@]}"; do
105          f="${file}.txt"
106          if [[ -s $f ]]; then
107            results=$(cat $f)
108            results="${results//'%'/'%25'}"
109            results="${results//$'\n'/'%0A'}"
110            results="${results//$'\r'/'%0D'}"
111
112            if [[ "${warns[@]}" =~ "${file}" ]]; then
113              echo "::warning file=${f}::$results"
114            else
115              echo "::error file=${f}::$results"
116              exit=1
117            fi
118          fi
119        done
120
121        if [ "${exit}" == "1" ]; then
122          echo "Compliance error, check for error messages in the \"Run Compliance Tests\" step"
123          echo "You can run this step locally with the ./scripts/ci/check_compliance.py script."
124          exit 1;
125        fi
126
127        if [ "${{ steps.pr_description.outcome }}" == "failure" ]; then
128          echo "PR description cannot be empty"
129          exit 1;
130        fi
131