Skip to content

Add check -- for Pull Requests only -- on compile.yml modification #6

Add check -- for Pull Requests only -- on compile.yml modification

Add check -- for Pull Requests only -- on compile.yml modification #6

Workflow file for this run

# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
# This workflow implements a check that allows integrators to enforce
# successful completion of testcases that should have been performed
# on internal environments against the code base in the submitted branch.
# For example, this allows internal pipelines to run proprietary toolchains
# to sign-off on the code before allowing GitHub workflows to start.
name: Pre Run Check
on:
workflow_dispatch:
workflow_call:
# TODO TMP remove this vv
push:
branches: ["cwhitehead-msft-pipeline-hash-check"]
jobs:
# Fail if any compile.yml has been modified
# (Microsoft employees use these to run an internal tool)
# Don't run this job for manual runs
compile_yml_check:
name: compile.yml Check
runs-on: ubuntu-22.04
if: ${{ github.event_name }} == "pull_request"
steps:
- name: Checkout RTL repo
uses: actions/checkout@v4
- name: Compare against target
env:
SOURCE_BR: ${{ github.ref }}
TARGET_BR: ${{ github.base_ref }}
run: |
compiles=$(git diff --name-only $TARGET_BR...$SOURCE_BR)
if [[ $(echo "$compiles" | grep -c compile.yml) -gt 0 ]]; then
echo "compile.yml should not be modified for pull requests! Found:"
echo "$compiles"
exit 1
fi
# Build the comparison hash file
hash_check:
name: Hash Check
runs-on: ubuntu-22.04
steps:
- name: Checkout RTL repo
uses: actions/checkout@v4
- name: Gen File List
run: |
find "$GITHUB_WORKSPACE" -type f -name "*.sv" \
-o -name "*.svh" \
-o -name "*.rdl" \
-o -name "*.v" \
-o -name "*.vh" \
-o -name "*.c" \
-o -name "*.h" \
-o -name "pr_timestamp" | sort | tee $GITHUB_WORKSPACE/file_list.txt
sed -i "s,^$GITHUB_WORKSPACE/,," $GITHUB_WORKSPACE/file_list.txt
- name: Run File Hash
run: |
hash=$($GITHUB_WORKSPACE/.github/scripts/rtl_hash.sh $GITHUB_WORKSPACE $GITHUB_WORKSPACE/file_list.txt)
if [[ -z ${hash:+"empty"} ]]; then
echo "Failed to run hash script"
echo $hash
exit 1;
fi
echo "RTL hash is $result"
- name: Check Timestamp
run: |
timestamp_exp=$(bc <<< "$(git log -n1 --pretty=tformat:'%ct')-3600")
if [[ ! -f $GITHUB_WORKSPACE/.github/workflow_metadata/pr_timestamp ]]; then
echo "Error, file not found: $GITHUB_WORKSPACE/.github/workflow_metadata/pr_timestamp"
exit 1
fi
timestamp=$(tail -1 $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash)
if [[ ${timestamp} -lt ${timestamp_exp} ]]; then
echo "Error, submitted timestamp [${timestamp}] is outdated: it precedes the latest commit to branch by more than an hour [${timestamp_exp}]"
exit 1
fi
- name: Check Hash
run: |
if [[ ! -f $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash ]]; then
echo "Error, file not found: $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash"
exit 1
fi
hash_orig=$(tail -1 ${hash_file_org})
if [[ ${hash_orig} != ${hash} ]]; then
echo "Error, submitted hash [${hash_orig}] does not match calculated hash [${hash}]"
exit 1
fi
# Check License Headers
# Check for microsoft employee or that all compile.yml/.vf are untouched
hdr_check:
name: License Header Check
runs-on: ubuntu-22.04
steps:
- name: Checkout RTL repo
uses: actions/checkout@v4
- name: Run Script
run: |
export CALIPTRA_ROOT=$GITHUB_WORKSPACE
$GITHUB_WORKSPACE/.github/scripts/licenseHeaderCheck.sh