Following commit c3afbebf23 ("fix: bump esp-idf-sbom to v0.13.0 in pre-commit"),
the validation of submodule hash now relies solely on the information recorded
in the git-tree. Previously, the hash verification used submodule's
working tree hash if available. Since the new submodule hash is recorded
in git-tree only after the commit is created, we need to move the check
into post-commit, otherwise the hash validation checks the old value.
For example:
1. in .gitmodules
[submodule "components/json/cJSON"]
sbom-hash = cb8693b058ba302f4829ec6d03f609ac6f848546
2. update the cJSON
$ git -C components/json/cJSON checkout b45f48e600671feade0b6bd65d1c69de7899f2be
3. update cJSON hash in .gitmodules
[submodule "components/json/cJSON"]
sbom-hash = b45f48e600671feade0b6bd65d1c69de7899f2be
4. commit the changes
$ git commit -a -s
Step 4. will fail, because the validation is currently started in pre-commit stage,
where the hash for cJSON recorded in git-tree is still
cb8693b058ba302f4829ec6d03f609ac6f848546. The new hash b45f48e600671feade0b6bd65d1c69de7899f2be
will be stored in git-tree after the new commit is created.
Note that this means we cannot prevent the commit creation, but only
notify user about the hash inconsistency. If he/she still decides to
push it, it will fail in pre-commit checks in CI.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
If pre-commit hook does not specify stage[1], neither in
.pre-commit-config.yaml nor in .pre-commit-hooks.yaml, it's started for every
installed pre-commit hook. Limit the default stages to pre-commit only by default.
This also sets the default_install_hook_types and
minimum_pre_commit_version and sets conventional-precommit-linter to
v1.4.1.
[1] https://pre-commit.com/#confining-hooks-to-run-at-certain-stages
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
v0.13.0 contains fix for the submodule hash validation. Let's
bump its version in pre-commit, so the fix is used.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Currently sbom manifest is checked only in .gitmodules and
this check is done in pre-commit and also in CI. Meaning it's running
three times(pre-commit before push if user has it enabled, in CI
as there is the pre-commit run again and again with test in CI). Since
esp-idf-sbom contains a full manifest validation support and pre-commit
plugin for it, let's use it. This removes all the current sbom testing
and replaces it with a signle pre-commit plugin which validates all
manifests files(sbom.yml, idf_component.yml, .gitmodules and also
referenced manifests) in repository. Note that this checks all
manifests, not only ones which were modified. The check is reasonably
fast though, so it should not cause any problem. The reason for
validating all manifest files is that we want to make sure that the sbom
information in .gitmodules is updated too and that the hash
recorded in .gitmodules is up-to-date. Meaning submodule update
would not trigger this plugin, because no manifest was changed.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
pyyaml have problem with newer cython(3.0), this was fixed in pyyaml
6.0.1, which requires cython<3.0. The pyyaml dependency in astyle
was fixed in v1.0.5, but the pre-commit config is still useing v1.0.2.
As a result the pre-commit hooks installation of astyle can fail
on pyyaml. Fix this by bumping the astyle version for pre-commit.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
- maximum length of commit message summary 72 characters (before 50)
- drop rule for commit message summary to start with capital letter
- AI generated commit message only for poor messages
- updated version of pre-commit hook 'conventional-precommit-linter'
- update prompt AI generated commit message
This uses the test from CI introduced in MR !23989. Even though the
original CI test is run with pytest, it doesn't use any pytest specific
code/features and it should never need them. So it make sense just to
re-use the code.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
Newer check-copyright version 1.0.2 contains fixes for copyrights
with single year and also the proposed date update is applied only
if number of changed lines is greater or equal to a limit. The default
limit is 5 and can be changed with the --lines-changed option if needed.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
