-
Notifications
You must be signed in to change notification settings - Fork 42
120 lines (114 loc) · 4.81 KB
/
pre-run-check.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
# docs: https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions
# This workflow implements a check that allows integrators to enforce
# successful completion of testcases that should have been performed
# on internal environments against the code base in the submitted branch.
# For example, this allows internal pipelines to run proprietary toolchains
# to sign-off on the code before allowing GitHub workflows to start.
name: Pre Run Check
on:
workflow_dispatch:
workflow_call:
# TODO TMP remove this vv
push:
branches: ["cwhitehead-msft-pipeline-hash-check"]
jobs:
# Fail if any compile.yml has been modified
# (Microsoft employees use these to run an internal tool)
# Don't run this job for manual runs
compile_yml_check:
name: compile.yml Check
runs-on: ubuntu-22.04
if: ${{ github.event_name == 'pull_request' }}
steps:
- name: Checkout RTL repo
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Compare against target
env:
SOURCE_BR: ${{ github.head_ref }}
TARGET_BR: ${{ github.base_ref }}
run: |
echo "${{ github.base_ref }}"
compiles=$(git diff --name-only origin/$TARGET_BR...origin/$SOURCE_BR)
if [[ $(echo "$compiles" | grep -c compile.yml) -gt 0 ]]; then
echo "compile.yml should not be modified for pull requests! Found:"
echo "$compiles"
exit 1
fi
# Build the comparison hash file
hash_check:
name: Hash Check
runs-on: ubuntu-22.04
steps:
- name: Checkout RTL repo
uses: actions/checkout@v4
- name: Gen File List
run: |
find "$GITHUB_WORKSPACE" -type f -name "*.sv" \
-o -name "*.svh" \
-o -name "*.rdl" \
-o -name "*.v" \
-o -name "*.vh" \
-o -name "*.c" \
-o -name "*.h" \
-o -name "pr_timestamp" | sort | tee $GITHUB_WORKSPACE/file_list.txt
sed -i "s,^$GITHUB_WORKSPACE/,," $GITHUB_WORKSPACE/file_list.txt
- name: Run File Hash
run: |
hash=$($GITHUB_WORKSPACE/.github/scripts/rtl_hash.sh $GITHUB_WORKSPACE $GITHUB_WORKSPACE/file_list.txt)
if [[ -z ${hash:+"empty"} ]]; then
echo "Failed to run hash script"
echo $hash
exit 1;
fi
echo "RTL hash is $result"
- name: Check Timestamp
run: |
timestamp_exp=$(bc <<< "$(git log -n1 --pretty=tformat:'%ct')-3600")
if [[ ! -f $GITHUB_WORKSPACE/.github/workflow_metadata/pr_timestamp ]]; then
echo "Error, file not found: $GITHUB_WORKSPACE/.github/workflow_metadata/pr_timestamp"
exit 1
fi
timestamp=$(tail -1 $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash)
if [[ ${timestamp} -lt ${timestamp_exp} ]]; then
echo "Error, submitted timestamp [${timestamp}] is outdated: it precedes the latest commit to branch by more than an hour [${timestamp_exp}]"
exit 1
fi
- name: Check Hash
run: |
if [[ ! -f $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash ]]; then
echo "Error, file not found: $GITHUB_WORKSPACE/.github/workflow_metadata/pr_hash"
exit 1
fi
hash_orig=$(tail -1 ${hash_file_org})
if [[ ${hash_orig} != ${hash} ]]; then
echo "Error, submitted hash [${hash_orig}] does not match calculated hash [${hash}]"
exit 1
fi
# Check License Headers
# Check for microsoft employee or that all compile.yml/.vf are untouched
hdr_check:
name: License Header Check
runs-on: ubuntu-22.04
steps:
- name: Checkout RTL repo
uses: actions/checkout@v4
- name: Run Script
run: |
export CALIPTRA_ROOT=$GITHUB_WORKSPACE
$GITHUB_WORKSPACE/.github/scripts/license_header_check.sh
# Check RDL files for modifications
rdl_check:
name: RDL File Check
runs-on: ubuntu-22.04
if: ${{ github.event_name == 'push' || (github.event_name == 'pull_request' && github.base_ref == 'refs/heads/main') }}
steps:
- name: Checkout RTL repo
uses: actions/checkout@v4
# Avoid passing ${{ github.base_ref }} directly to pr_rdl_check.sh in order
# to mitigate possible script injection attacks against repository
- name: Run Script
run: |
export CALIPTRA_ROOT=$GITHUB_WORKSPACE
$GITHUB_WORKSPACE/.github/scripts/pr_rdl_check.sh 'main'