diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e790ddf1d6..17feb07fbe 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -475,6 +475,20 @@ check_commit_msg: # commit start with "WIP: " need to be squashed before merge - 'git log --pretty=%s master.. -- | grep "^WIP: " && exit 1 || exit 0' +check_permissions: + stage: deploy + image: $CI_DOCKER_REGISTRY/esp32-ci-env$BOT_DOCKER_IMAGE_TAG + tags: + - build + except: + - master + - /^release\/v/ + - /^v\d+\.\d+(\.\d+)?($|-)/ + dependencies: [] + before_script: *do_nothing_before + script: + - tools/ci/check-executable.sh + check_submodule_sync: stage: deploy image: $CI_DOCKER_REGISTRY/esp32-ci-env$BOT_DOCKER_IMAGE_TAG diff --git a/tools/ci/check-executable.sh b/tools/ci/check-executable.sh new file mode 100755 index 0000000000..35b1b7704a --- /dev/null +++ b/tools/ci/check-executable.sh @@ -0,0 +1,48 @@ +#!/bin/bash +# This script finds executable files in the repository, excluding some directories, +# then prints the list of all files which are not in executable-list.txt. +# Returns with error if this list is non-empty. + +cd $IDF_PATH + +tmp_list=$(mktemp) +out_list=$(mktemp) + +# build exclude pattern like '-o -path ./components/component/submodule' for each submodule +submodule_excludes=$(git config --file .gitmodules --get-regexp path | awk '{ print "-o -path ./" $2 }') + +# figure out which flag to use when searching for executable files +if [ "$(uname -s)" == "Darwin" ]; then + perm_flag="-perm +111" +else + perm_flag="-executable" +fi + +find . -type d \( \ + -path ./.git \ + -o -name build \ + -o -name builds \ + $submodule_excludes \ + \) -prune -o -type f $perm_flag -print \ + | sed "s|^\./||" > $tmp_list + +# this looks for lines present in tmp_list but not in executable-list.txt +comm -13 <(cat tools/ci/executable-list.txt | sed -n "/^#/!p" | sort) <(sort $tmp_list) > $out_list + +ret=0 +if [ -s $out_list ]; then + ret=1 + echo "Error: the following file(s) have executable flag set:" + echo "" + cat $out_list + echo "" + echo "If any files need to be executable (usually, scripts), add them to tools/ci/executable-list.txt" + echo "Make the rest of the files non-executable using 'chmod -x '." + echo "On Windows, use 'git update-index --chmod=-x filename' instead." + echo "" +fi + +rm $tmp_list +rm $out_list + +exit $ret diff --git a/tools/ci/executable-list.txt b/tools/ci/executable-list.txt new file mode 100644 index 0000000000..a78581024d --- /dev/null +++ b/tools/ci/executable-list.txt @@ -0,0 +1,33 @@ +# Some tools +components/esp32/ld/elf_to_ld.sh +components/espcoredump/espcoredump.py +components/heap/test_multi_heap_host/test_all_configs.sh +components/idf_test/unit_test/TestCaseScript/IDFUnitTest/__init__.py +components/partition_table/gen_esp32part.py +components/partition_table/test_gen_esp32part_host/gen_esp32part_tests.py +components/ulp/esp32ulp_mapgen.py +docs/check_doc_warnings.sh +docs/check_lang_folder_sync.sh +docs/gen-kconfig-doc.py +tools/ci/apply_bot_filter.py +tools/ci/build_examples.sh +tools/ci/check-executable.sh +tools/ci/checkout_project_ref.py +tools/ci/get-full-sources.sh +tools/ci/mirror-submodule-update.sh +tools/ci/mirror-synchronize.sh +tools/ci/test_build_system.sh +tools/ci/test_configure_ci_environment.sh +tools/esp_app_trace/apptrace_proc.py +tools/esp_app_trace/logtrace_proc.py +tools/format.sh +tools/gen_esp_err_to_name.py +tools/idf_monitor.py +tools/idf_size.py +tools/kconfig/check.sh +tools/kconfig/lxdialog/check-lxdialog.sh +tools/kconfig/merge_config.sh +tools/kconfig/streamline_config.pl +tools/kconfig/conf +tools/kconfig/mconf +tools/windows/eclipse_make.sh