Add check -- for Pull Requests only -- on compile.yml modification #6
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions | |
# This workflow implements a check that allows integrators to enforce | |
# successful completion of testcases that should have been performed | |
# on internal environments against the code base in the submitted branch. | |
# For example, this allows internal pipelines to run proprietary toolchains | |
# to sign-off on the code before allowing GitHub workflows to start. | |
name: Pre Run Check | |
on: | |
workflow_dispatch: | |
workflow_call: | |
# TODO TMP remove this vv | |
push: | |
branches: ["cwhitehead-msft-pipeline-hash-check"] | |
jobs: | |
# Fail if any compile.yml has been modified | |
# (Microsoft employees use these to run an internal tool) | |
# Don't run this job for manual runs | |
compile_yml_check: | |
name: compile.yml Check | |
runs-on: ubuntu-22.04 | |
if: ${{ github.event_name }} == "pull_request" | |
steps: | |
- name: Checkout RTL repo | |
uses: actions/checkout@v4 | |
- name: Compare against target | |
env: | |
SOURCE_BR: ${{ github.ref }} | |
TARGET_BR: ${{ github.base_ref }} | |
run: | | |
compiles=$(git diff --name-only $TARGET_BR...$SOURCE_BR) | |
if [[ $(echo "$compiles" | grep -c compile.yml) -gt 0 ]]; then | |
echo "compile.yml should not be modified for pull requests! Found:" | |
echo "$compiles" | |
exit 1 | |
fi | |
# Build the comparison hash file | |
hash_check: | |
name: Hash Check | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout RTL repo | |
uses: actions/checkout@v4 | |
- name: Gen File List | |
run: | | |
find "$GITHUB_WORKSPACE" -type f -name "*.sv" \ | |
-o -name "*.svh" \ | |
-o -name "*.rdl" \ | |
-o -name "*.v" \ | |
-o -name "*.vh" \ | |
-o -name "*.c" \ | |
-o -name "*.h" \ | |
-o -name "pr_timestamp" | sort | tee $GITHUB_WORKSPACE/file_list.txt | |
sed -i "s,^$GITHUB_WORKSPACE/,," $GITHUB_WORKSPACE/file_list.txt | |
- name: Run File Hash | |
run: | | |
hash=$($GITHUB_WORKSPACE/.github/scripts/rtl_hash.sh $GITHUB_WORKSPACE $GITHUB_WORKSPACE/file_list.txt) | |
if [[ -z ${hash:+"empty"} ]]; then | |
echo "Failed to run hash script" | |
echo $hash | |
exit 1; | |
fi | |
echo "RTL hash is $result" | |
- name: Check Timestamp | |
run: | | |
timestamp_exp=$(bc <<< "$(git log -n1 --pretty=tformat:'%ct')-3600") | |
if [[ ! -f $GITHUB_WORKSPACE/.github/workflow_metadata/pr_timestamp ]]; then | |
echo "Error, file not found: $GITHUB_WORKSPACE/.github/workflow_metadata/pr_timestamp" | |
exit 1 | |
fi | |
timestamp=$(tail -1 $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash) | |
if [[ ${timestamp} -lt ${timestamp_exp} ]]; then | |
echo "Error, submitted timestamp [${timestamp}] is outdated: it precedes the latest commit to branch by more than an hour [${timestamp_exp}]" | |
exit 1 | |
fi | |
- name: Check Hash | |
run: | | |
if [[ ! -f $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash ]]; then | |
echo "Error, file not found: $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash" | |
exit 1 | |
fi | |
hash_orig=$(tail -1 ${hash_file_org}) | |
if [[ ${hash_orig} != ${hash} ]]; then | |
echo "Error, submitted hash [${hash_orig}] does not match calculated hash [${hash}]" | |
exit 1 | |
fi | |
# Check License Headers | |
# Check for microsoft employee or that all compile.yml/.vf are untouched | |
hdr_check: | |
name: License Header Check | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout RTL repo | |
uses: actions/checkout@v4 | |
- name: Run Script | |
run: | | |
export CALIPTRA_ROOT=$GITHUB_WORKSPACE | |
$GITHUB_WORKSPACE/.github/scripts/licenseHeaderCheck.sh |