diff --git a/.github/workflows/check-circular-deps.yml b/.github/workflows/check-circular-deps.yml index d995eb6995..ffaa7843f0 100644 --- a/.github/workflows/check-circular-deps.yml +++ b/.github/workflows/check-circular-deps.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Circular dependency check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Circular dependency check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action @@ -28,7 +28,7 @@ jobs: - name: Check for circular dependencies run: | echo "Checking for circular dependency loops..." - # Call this script to sync the toolchain manifests with the LKG daily build. + # This will sync the toolchain manifests with the LKG daily build. #./toolkit/scripts/setuplkgtoolchain.sh # Determine the LKG daily build ID. #LKG_BUILD_ID=$(wget -qO - https://mariner3dailydevrepo.blob.core.windows.net/lkg/lkg-3.0-dev.json | jq -r ".dailybuildid" | tr '\.' '-') diff --git a/.github/workflows/check-entangled-specs.yml b/.github/workflows/check-entangled-specs.yml index 1ce335df7c..091715956b 100644 --- a/.github/workflows/check-entangled-specs.yml +++ b/.github/workflows/check-entangled-specs.yml @@ -4,6 +4,7 @@ # This action checks that certain groups of specs have matching tags. # The main use case is to ensure that signed specs have the same Version and # Release tags as their unsigned counterparts +--- name: Spec Entanglement Mismatch Check on: @@ -22,8 +23,8 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - - # For consistency, we use the same major/minor version of Python that Azure Linux ships + + # We use the same major/minor version of Python that Azure Linux ships - name: Setup Python 3.12 uses: actions/setup-python@v5 with: diff --git a/.github/workflows/check-license-map.yml b/.github/workflows/check-license-map.yml index 3c77d5769e..380ba80588 100644 --- a/.github/workflows/check-license-map.yml +++ b/.github/workflows/check-license-map.yml @@ -3,6 +3,7 @@ # This action checks that the licenses.json file is up-to-date # and that the LICENSES-MAP.md file is up-to-date +--- name: Spec License Map Check on: @@ -18,7 +19,7 @@ permissions: read-all jobs: check: name: Spec License Map Check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action @@ -26,7 +27,7 @@ jobs: uses: actions/checkout@v4 with: persist-credentials: false - + - name: Setup Python 3.12 uses: actions/setup-python@v5 with: diff --git a/.github/workflows/check-manifests.yml b/.github/workflows/check-manifests.yml index 77b0398f32..4dd0beb027 100644 --- a/.github/workflows/check-manifests.yml +++ b/.github/workflows/check-manifests.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Check Manifests on: @@ -17,28 +17,28 @@ permissions: read-all jobs: build: name: Check Manifests - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: - - name: Check out code - uses: actions/checkout@v4 - with: + - name: Check out code + uses: actions/checkout@v4 + with: persist-credentials: false - # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - - name: Define missing rpm macros - run: | - if [[ -n $(rpm --eval '%bcond test 1') ]]; then - echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros - fi + # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond + - name: Define missing rpm macros + run: | + if [[ -n $(rpm --eval '%bcond test 1') ]]; then + echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros + fi - - name: Check x86_64 manifests - run: | - echo ########## - echo "Ensure toolchain and pkggen manifests (./toolkit/resources/manifests/package/*) match the versions in the .spec files" - echo "Run './scripts/toolchain/check_manifests.sh -a \"x86_64\"' to validate locally" - echo ########## - pushd toolkit - ./scripts/toolchain/check_manifests.sh -a "x86_64" - popd - shell: bash + - name: Check x86_64 manifests + run: | + echo ########## + echo "Ensure toolchain and pkggen manifests (./toolkit/resources/manifests/package/*) match the versions in the .spec files" + echo "Run './scripts/toolchain/check_manifests.sh -a \"x86_64\"' to validate locally" + echo ########## + pushd toolkit + ./scripts/toolchain/check_manifests.sh -a "x86_64" + popd + shell: bash diff --git a/.github/workflows/check-package-cgmanifest.yml b/.github/workflows/check-package-cgmanifest.yml index 0922498f56..e93e2c1cb9 100644 --- a/.github/workflows/check-package-cgmanifest.yml +++ b/.github/workflows/check-package-cgmanifest.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Check Package CGManifests on: @@ -20,44 +20,44 @@ jobs: runs-on: [ubuntu-latest] steps: - - name: Check out code - uses: actions/checkout@v4 - with: + - name: Check out code + uses: actions/checkout@v4 + with: persist-credentials: false - # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond - - name: Define missing rpm macros - run: | - if [[ -n $(rpm --eval '%bcond test 1') ]]; then - echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros - fi - - - name: Get base commit for PRs - if: ${{ github.event_name == 'pull_request' }} - run: | - base_ref="${BASE_REF}" - git fetch origin $base_ref - echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into $base_ref" - env: - BASE_REF: ${{ github.base_ref }} - - - name: Get base commit for Pushes - if: ${{ github.event_name == 'push' }} - run: | - git fetch origin ${{ github.event.before }} - echo "base_sha=${{ github.event.before }}" >> "$GITHUB_ENV" - echo "Merging ${{ github.sha }} into ${{ github.event.before }}" - - - name: Get the changed files - run: | - echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'" - changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; } | awk '{printf "%s ", $0}') - echo "Files to validate: '${changed_specs}'" - echo "updated-specs=${changed_specs}" >> "$GITHUB_ENV" - - - name: Check each spec - run: | - .github/workflows/overwrite_shell_link.sh - .github/workflows/validate-cg-manifest.sh ${{ env.updated-specs }} - shell: bash + # This PR runner uses an older Ubuntu with rpm version 4.17, which doesn't understand some newer macros like %bcond + - name: Define missing rpm macros + run: | + if [[ -n $(rpm --eval '%bcond test 1') ]]; then + echo '%bcond() %[ (%{2}) ? "%{expand:%%bcond_without %{1}}" : "%{expand:%%bcond_with %{1}}" ]' > ~/.rpmmacros + fi + + - name: Get base commit for PRs + if: ${{ github.event_name == 'pull_request' }} + run: | + base_ref="${BASE_REF}" + git fetch origin $base_ref + echo "base_sha=$(git rev-parse origin/$base_ref)" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into $base_ref" + env: + BASE_REF: ${{ github.base_ref }} + + - name: Get base commit for Pushes + if: ${{ github.event_name == 'push' }} + run: | + git fetch origin ${{ github.event.before }} + echo "base_sha=${{ github.event.before }}" >> "$GITHUB_ENV" + echo "Merging ${{ github.sha }} into ${{ github.event.before }}" + + - name: Get the changed files + run: | + echo "Files changed: '$(git diff-tree --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }})'" + changed_specs=$(git diff-tree --diff-filter=d --no-commit-id --name-only -r ${{ env.base_sha }} ${{ github.sha }} | { grep "SPECS.*/.*\.spec$" || test $? = 1; } | awk '{printf "%s ", $0}') + echo "Files to validate: '${changed_specs}'" + echo "updated-specs=${changed_specs}" >> "$GITHUB_ENV" + + - name: Check each spec + run: | + .github/workflows/overwrite_shell_link.sh + .github/workflows/validate-cg-manifest.sh ${{ env.updated-specs }} + shell: bash diff --git a/.github/workflows/check-source-signatures.yml b/.github/workflows/check-source-signatures.yml index efd86fc9e8..08c163efa3 100644 --- a/.github/workflows/check-source-signatures.yml +++ b/.github/workflows/check-source-signatures.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Source Signature Check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Source Signature Check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest strategy: matrix: specs-dir: [SPECS, SPECS-EXTENDED] diff --git a/.github/workflows/check-spec.yml b/.github/workflows/check-spec.yml index 4df7f16dc8..2d13e53ecb 100644 --- a/.github/workflows/check-spec.yml +++ b/.github/workflows/check-spec.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Spec files check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Spec files check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action diff --git a/.github/workflows/check-static-glibc.yml b/.github/workflows/check-static-glibc.yml index 709f956f7c..22df2dd10e 100644 --- a/.github/workflows/check-static-glibc.yml +++ b/.github/workflows/check-static-glibc.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Static glibc version check on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-check: name: Static glibc version check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action diff --git a/.github/workflows/go-test-coverage.yml b/.github/workflows/go-test-coverage.yml index e7645372d7..b4c63312e2 100644 --- a/.github/workflows/go-test-coverage.yml +++ b/.github/workflows/go-test-coverage.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Go Test Coverage on: @@ -18,7 +18,7 @@ env: jobs: build: name: Go Test Coverage - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: #- name: Set up Go 1.x @@ -31,80 +31,79 @@ jobs: #run: | #go version && which go - - name: Check out code into the Go module directory - uses: actions/checkout@v4 - with: + - name: Check out code into the Go module directory + uses: actions/checkout@v4 + with: persist-credentials: false - - name: Check go.mod - run: | - if grep -q "go $EXPECTED_GO_VERSION" ./toolkit/tools/go.mod; then - echo "go.mod has correct version ($EXPECTED_GO_VERSION)" - else - actual_version="$(grep -E '^go [0-9]+\.[0-9]+' ./toolkit/tools/go.mod)" - echo "go.mod has bad version expected:$EXPECTED_GO_VERSION, found: $actual_version" - echo "UPDATE ./github/workflows/go-test-coverage.yml AND prerequisite documentation if minimum go version changed" - exit 1 - fi + - name: Check go.mod + run: | + if grep -q "go $EXPECTED_GO_VERSION" ./toolkit/tools/go.mod; then + echo "go.mod has correct version ($EXPECTED_GO_VERSION)" + else + actual_version="$(grep -E '^go [0-9]+\.[0-9]+' ./toolkit/tools/go.mod)" + echo "go.mod has bad version expected:$EXPECTED_GO_VERSION, found: $actual_version" + echo "UPDATE ./github/workflows/go-test-coverage.yml AND prerequisite documentation if minimum go version changed" + exit 1 + fi #- name: Install prerequisites #run: | # sudo apt-get update # sudo apt -y install qemu-utils - - name: Check for bad go formatting - run: | - pushd toolkit - sudo --preserve-env=PATH make go-fmt-all - changes=$(git diff ./*.go) - if [ -n "$changes" ]; then - echo Unformatted go files! - git diff ./*.go - exit 1 - fi - shell: bash - - - name: Check for out of date go modules - run: | - pushd toolkit - sudo make go-mod-tidy - modchanges=$(git diff tools/go.mod) - sumchanges=$(git diff tools/go.sum) - if [ -n "$modchanges$sumchanges" ]; then - echo Module files out of date! - git diff tools/go.mod - git diff tools/go.sum - exit 1 - fi - shell: bash - - - name: Check for missing tests - run: | - pushd toolkit - sudo make go-test-coverage - noTestCount=$(sudo make go-test-coverage | grep -c "no test files") - echo "$noTestCount" - if [ "$noTestCount" -ne "0" ]; then - sudo make go-test-coverage | grep "no test files" - echo Missing "$noTestCount" Go Tests! - fi - shell: bash - - - name: Evaluate test coverage - run: | - pushd toolkit - sudo make go-test-coverage - shell: bash - - - name: Upload test coverage - uses: actions/upload-artifact@v4 - with: - name: TestCoverage - path: toolkit/out/tools/test_coverage_report.html - - - name: Ensure all tools build - run: | - pushd toolkit - sudo make go-tools REBUILD_TOOLS=y - shell: bash - + - name: Check for bad go formatting + run: | + pushd toolkit + sudo --preserve-env=PATH make go-fmt-all + changes=$(git diff ./*.go) + if [ -n "$changes" ]; then + echo Unformatted go files! + git diff ./*.go + exit 1 + fi + shell: bash + + - name: Check for out of date go modules + run: | + pushd toolkit + sudo make go-mod-tidy + modchanges=$(git diff tools/go.mod) + sumchanges=$(git diff tools/go.sum) + if [ -n "$modchanges$sumchanges" ]; then + echo Module files out of date! + git diff tools/go.mod + git diff tools/go.sum + exit 1 + fi + shell: bash + + - name: Check for missing tests + run: | + pushd toolkit + sudo make go-test-coverage + noTestCount=$(sudo make go-test-coverage | grep -c "no test files") + echo "$noTestCount" + if [ "$noTestCount" -ne "0" ]; then + sudo make go-test-coverage | grep "no test files" + echo Missing "$noTestCount" Go Tests! + fi + shell: bash + + - name: Evaluate test coverage + run: | + pushd toolkit + sudo make go-test-coverage + shell: bash + + - name: Upload test coverage + uses: actions/upload-artifact@v4 + with: + name: TestCoverage + path: toolkit/out/tools/test_coverage_report.html + + - name: Ensure all tools build + run: | + pushd toolkit + sudo make go-tools REBUILD_TOOLS=y + shell: bash diff --git a/.github/workflows/lint-specs.yml b/.github/workflows/lint-specs.yml index 47dea50cbf..16e45d7a10 100644 --- a/.github/workflows/lint-specs.yml +++ b/.github/workflows/lint-specs.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Spec Linting on: @@ -16,7 +16,7 @@ permissions: read-all jobs: spec-lint: name: Spec Linting - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action @@ -34,7 +34,7 @@ jobs: echo "Merging ${{ github.sha }} into $base_ref" env: BASE_REF: ${{ github.base_ref }} - + - name: Get base commit for Pushes if: ${{ github.event_name == 'push' }} run: | diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index fdb8bf5a63..683352caa9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -6,9 +6,11 @@ # Documentation: https://github.com/github/super-linter # ############################################################################### +--- name: Linter on: + workflow_dispatch: pull_request: branches: [3.0, 3.0-dev] paths-ignore: @@ -21,7 +23,7 @@ permissions: read-all jobs: lint: name: Lint Workflows and Code - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest permissions: contents: read @@ -39,15 +41,22 @@ jobs: - name: Lint uses: github/super-linter/slim@v7 env: - # the default branch for this stream is 3.0. github.event.repository.default_branch will return main which is not correct + # the default branch for this stream is 3.0. + #github.event.repository.default_branch will return main which is not correct DEFAULT_BRANCH: '3.0' VALIDATE_ALL_CODEBASE: false VALIDATE_GITHUB_ACTIONS: true - GITHUB_ACTIONS_COMMAND_ARGS: -ignore SC2043 -ignore SC2011 -ignore SC2035 -ignore SC2156 -ignore SC2038 -ignore SC2061 -ignore SC2129 -ignore '".+" section is missing in workflow' -ignore 'unexpected key ".+" for "workflow" section' + GITHUB_ACTIONS_COMMAND_ARGS: >- + -ignore SC2043 -ignore SC2011 -ignore SC2035 + -ignore SC2156 -ignore SC2038 -ignore SC2061 + -ignore SC2129 -ignore '".+" section is missing in workflow' + -ignore 'unexpected key ".+" for "workflow" section' VALIDATE_YAML: true VALIDATE_JSON: true VALIDATE_PYTHON: true VALIDATE_BASH: true VALIDATE_MARKDOWN: true SHELLCHECK_OPTS: "--severity=error" + LINTER_RULES_PATH: . + YAML_CONFIG_FILE: .yamllint.yaml GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/merge-conflict-check.yml b/.github/workflows/merge-conflict-check.yml index ffe173c40f..44fb3cbf9d 100644 --- a/.github/workflows/merge-conflict-check.yml +++ b/.github/workflows/merge-conflict-check.yml @@ -1,6 +1,6 @@ # Copyright (c) Microsoft Corporation. # Licensed under the MIT License. - +--- name: Github Merge Conflict Check on: @@ -12,7 +12,7 @@ permissions: read-all jobs: spec-check: name: Github Merge Conflict Check - runs-on: [ ubuntu-latest ] + runs-on: ubuntu-latest steps: # Checkout the branch of our repo that triggered this action diff --git a/.github/workflows/publish-docs.yml b/.github/workflows/publish-docs.yml index a7d565477e..7ec9569ff2 100644 --- a/.github/workflows/publish-docs.yml +++ b/.github/workflows/publish-docs.yml @@ -27,4 +27,3 @@ jobs: with: docs_directory: '.' branch_pattern: '^3\.0.*$' - diff --git a/.yamllint.yaml b/.yamllint.yaml new file mode 100644 index 0000000000..aa2563bd94 --- /dev/null +++ b/.yamllint.yaml @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + truthy: disable + comments: disable + comments-indentation: disable + line-length: disable