tests: add tests for KMU and keys provisioning #76429
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Compliance | |
on: pull_request | |
jobs: | |
compliance_job: | |
runs-on: ubuntu-latest | |
name: Run compliance checks on patch series (PR) | |
steps: | |
- name: Update PATH for west | |
run: | | |
echo "$HOME/.local/bin" >> $GITHUB_PATH | |
- name: Checkout sources | |
uses: nrfconnect/action-checkout-west-update@main | |
with: | |
git-fetch-depth: 0 | |
git-ref: ${{ github.event.pull_request.head.sha }} | |
- name: cache-pip | |
uses: actions/cache@v3 | |
with: | |
path: ~/.cache/pip | |
key: ${{ runner.os }}-doc-pip | |
- name: Install python dependencies | |
working-directory: ncs/nrf | |
run: | | |
pip3 install -U pip | |
pip3 install -U setuptools | |
pip3 install -U wheel | |
grep -E "^python-magic=|^junitparser|^lxml|^gitlint|^pylint|^pykwalify|^yamllint|^unidiff" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U | |
grep -E "^west" scripts/requirements-fixed.txt | cut -d ' ' -f '1' | xargs pip3 install -U | |
pip3 show -f west | |
- name: Run merge commits test | |
env: | |
BASE_REF: ${{ github.base_ref }} | |
working-directory: ncs/nrf | |
run: | | |
git remote -v | |
# Ensure there's no merge commits in the PR | |
[[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \ | |
(echo "::error ::Merge commits not allowed, rebase instead";false) | |
git rebase origin/${BASE_REF} | |
# debug | |
git log --pretty=oneline | head -n 10 | |
- name: Run CODEOWNERS test | |
id: codeowners | |
env: | |
BASE_REF: ${{ github.base_ref }} | |
working-directory: ncs/nrf | |
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true | |
run: | | |
./scripts/ci/codeowners.py -c origin/${BASE_REF}.. | |
- name: Run Compliance Tests | |
continue-on-error: true | |
id: compliance | |
env: | |
BASE_REF: ${{ github.base_ref }} | |
working-directory: ncs/nrf | |
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true | |
run: | | |
export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr" | |
# debug | |
ls -la | |
git log --pretty=oneline | head -n 10 | |
# For now we run KconfigBasic, but we should transition to Kconfig | |
$ZEPHYR_BASE/scripts/ci/check_compliance.py --annotate -e Kconfig \ | |
-e KconfigBasicNoModules -e ClangFormat -c origin/${BASE_REF}.. | |
- name: upload-results | |
uses: actions/upload-artifact@v3 | |
continue-on-error: true | |
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true | |
with: | |
name: compliance.xml | |
path: ncs/nrf/compliance.xml | |
- name: check-warns | |
working-directory: ncs/nrf | |
if: contains(github.event.pull_request.user.login, 'dependabot[bot]') != true | |
run: | | |
export ZEPHYR_BASE="$(dirname "$(pwd)")/zephyr" | |
if [[ ! -s "compliance.xml" ]]; then | |
exit 1; | |
fi | |
files=($($ZEPHYR_BASE/scripts/ci/check_compliance.py -l)) | |
for file in "${files[@]}"; do | |
f="${file}.txt" | |
if [[ -s $f ]]; then | |
errors=$(cat $f) | |
errors="${errors//'%'/'%25'}" | |
errors="${errors//$'\n'/'%0A'}" | |
errors="${errors//$'\r'/'%0D'}" | |
echo "::error file=${f}::$errors" | |
exit=1 | |
fi | |
done | |
if [ "${exit}" == "1" ]; then | |
exit 1; | |
fi |