esp-idf/.pre-commit-config.yaml
Frantisek Hrbata b20cd8ccfa feat: use esp-idf-sbom pre-commit plugin
Currently sbom manifest is checked only in .gitmodules and
this check is done in pre-commit and also in CI. Meaning it's running
three times(pre-commit before push if user has it enabled, in CI
as there is the pre-commit run again and again with test in CI). Since
esp-idf-sbom contains a full manifest validation support and pre-commit
plugin for it, let's use it. This removes all the current sbom testing
and replaces it with a signle pre-commit plugin which validates all
manifests files(sbom.yml, idf_component.yml, .gitmodules and also
referenced manifests) in repository. Note that this checks all
manifests, not only ones which were modified. The check is reasonably
fast though, so it should not cause any problem. The reason for
validating all manifest files is that we want to make sure that the sbom
information in .gitmodules is updated too and that the hash
recorded in .gitmodules is up-to-date. Meaning submodule update
would not trigger this plugin, because no manifest was changed.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
2023-12-19 12:55:35 +01:00

172 lines
6.3 KiB
YAML

# See https://pre-commit.com for more information
# See https://pre-commit.com/hooks.html for more hooks
default_stages: [commit]
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
- id: trailing-whitespace
# note: whitespace exclusions use multiline regex, see https://pre-commit.com/#regular-expressions
# items are:
# 1 - some file extensions
# 2 - any file matching *test*/*expected* (for host tests, if possible use this naming pattern always)
# 3 - any directory named 'testdata'
# 4 - IDF monitor test data
# 5 - protobuf auto-generated files
exclude: &whitespace_excludes |
(?x)^(
.+\.(md|rst|map|bin)|
.+test.*\/.*expected.*|
.+\/testdata\/.+|
.+test_idf_monitor\/tests\/.+|
.*_pb2.py|
.*.pb-c.h|
.*.pb-c.c|
.*.yuv
)$
- id: end-of-file-fixer
exclude: *whitespace_excludes
- id: check-executables-have-shebangs
- id: mixed-line-ending
args: ['-f=lf']
- id: double-quote-string-fixer
- repo: https://github.com/PyCQA/flake8
rev: 5.0.4
hooks:
- id: flake8
args: ['--config=.flake8', '--tee', '--benchmark']
- repo: https://github.com/pycqa/isort
rev: 5.11.5 # python 3.7 compatible
hooks:
- id: isort
name: isort (python)
exclude: >
(?x)^(
.*_pb2.py
)$
- repo: local
hooks:
- id: check-executables
name: Check File Permissions
entry: tools/ci/check_executables.py --action executables
language: python
types: [executable]
exclude: '\.pre-commit/.+'
- id: check-executable-list
name: Validate executable-list.txt
entry: tools/ci/check_executables.py --action list
language: python
pass_filenames: false
always_run: true
- id: check-kconfigs
name: Validate Kconfig files
entry: tools/ci/check_kconfigs.py
language: python
files: '^Kconfig$|Kconfig.*$'
- id: check-deprecated-kconfigs-options
name: Check if any Kconfig Options Deprecated
entry: tools/ci/check_deprecated_kconfigs.py
language: python
files: 'sdkconfig\.ci$|sdkconfig\.rename$|sdkconfig.*$'
- id: cmake-lint
name: Check CMake Files Format
entry: cmakelint --linelength=120 --spaces=4 --filter=-whitespace/indent
language: python
additional_dependencies:
- cmakelint==1.4.1
files: 'CMakeLists.txt$|\.cmake$'
exclude: '\/third_party\/'
- id: check-codeowners
name: Validate Codeowner File
entry: tools/ci/check_codeowners.py ci-check
language: python
always_run: true
files: '\.gitlab/CODEOWNERS'
pass_filenames: false
- id: check-rules-yml
name: Check rules.yml all rules have at lease one job applied, all rules needed exist
entry: tools/ci/check_rules_yml.py
language: python
files: '\.gitlab/ci/.+\.yml|\.gitlab-ci.yml'
pass_filenames: false
additional_dependencies:
- PyYAML == 5.3.1
- id: check-generated-rules
name: Check rules are generated (based on .gitlab/ci/dependencies/dependencies.yml)
entry: .gitlab/ci/dependencies/generate_rules.py
language: python
files: '\.gitlab/ci/dependencies/.+|\.gitlab/ci/rules\.yml'
pass_filenames: false
additional_dependencies:
- PyYAML == 5.3.1
- id: mypy-check
name: Check type annotations in python files
entry: tools/ci/check_type_comments.py
additional_dependencies:
- 'mypy==0.940'
- 'mypy-extensions==0.4.3'
- 'types-setuptools==57.4.14'
- 'types-PyYAML==0.1.9'
exclude: >
(?x)^(
.*_pb2.py
)$
language: python
types: [python]
- id: check-requirement-files
name: Check requirement files
entry: tools/ci/check_requirement_files.py
additional_dependencies:
- 'jsonschema'
language: python
files: 'tools/requirements.+|tools/requirements/.+'
pass_filenames: false
- id: check-tools-files-patterns
name: Check tools dir files patterns
entry: tools/ci/check_tools_files_patterns.py
language: python
files: '^tools/.+'
additional_dependencies:
- PyYAML == 5.3.1
pass_filenames: false
- id: check-generated-soc-caps-kconfig
name: Check soc caps kconfig files are generated (based on components/soc/IDF_TARGET/include/soc/soc_caps.h)
entry: tools/gen_soc_caps_kconfig/gen_soc_caps_kconfig.py -d 'components/soc/*/include/soc/' 'components/esp_rom/*/'
language: python
files: 'components/soc/.+/include/soc/.+_caps\.h|components/esp_rom/.+/.+_caps\.h|kconfig\.soc_caps.in'
pass_filenames: false
additional_dependencies:
- pyparsing
- id: check-all-apps-readmes
name: Check if all apps readme files match given .build-test-rules.yml files. Modify the supported target tables
entry: tools/ci/check_build_test_rules.py check-readmes
language: python
require_serial: true
files: 'tools/test_apps/.+|examples/.+|components/.+'
additional_dependencies:
- idf_build_apps
- id: sort-build-test-rules-ymls
name: sort .build-test-rules.yml files
entry: tools/ci/check_build_test_rules.py sort-yaml
language: python
files: '\.build-test-rules\.yml'
additional_dependencies:
- ruamel.yaml
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
- id: file-contents-sorter
files: 'tools\/ci\/(executable-list\.txt|mypy_ignore_list\.txt|check_copyright_ignore\.txt)'
- repo: https://github.com/espressif/check-copyright/
rev: v1.0.3
hooks:
- id: check-copyright
args: ['--ignore', 'tools/ci/check_copyright_ignore.txt', '--config', 'tools/ci/check_copyright_config.yaml']
- repo: https://github.com/espressif/esp-idf-sbom.git
rev: v0.13.0
hooks:
- id: validate-sbom-manifest
stages: [post-commit]