mirror of
https://github.com/espressif/esp-idf.git
synced 2024-10-05 20:47:46 -04:00
1ba5757fed
Following commit c3afbebf23
("fix: bump esp-idf-sbom to v0.13.0 in pre-commit"),
the validation of submodule hash now relies solely on the information recorded
in the git-tree. Previously, the hash verification used submodule's
working tree hash if available. Since the new submodule hash is recorded
in git-tree only after the commit is created, we need to move the check
into post-commit, otherwise the hash validation checks the old value.
For example:
1. in .gitmodules
[submodule "components/json/cJSON"]
sbom-hash = cb8693b058ba302f4829ec6d03f609ac6f848546
2. update the cJSON
$ git -C components/json/cJSON checkout b45f48e600671feade0b6bd65d1c69de7899f2be
3. update cJSON hash in .gitmodules
[submodule "components/json/cJSON"]
sbom-hash = b45f48e600671feade0b6bd65d1c69de7899f2be
4. commit the changes
$ git commit -a -s
Step 4. will fail, because the validation is currently started in pre-commit stage,
where the hash for cJSON recorded in git-tree is still
cb8693b058ba302f4829ec6d03f609ac6f848546. The new hash b45f48e600671feade0b6bd65d1c69de7899f2be
will be stored in git-tree after the new commit is created.
Note that this means we cannot prevent the commit creation, but only
notify user about the hash inconsistency. If he/she still decides to
push it, it will fail in pre-commit checks in CI.
Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
133 lines
4.4 KiB
YAML
133 lines
4.4 KiB
YAML
# See https://pre-commit.com for more information
|
|
# See https://pre-commit.com/hooks.html for more hooks
|
|
|
|
default_stages: [commit]
|
|
|
|
repos:
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.0.1
|
|
hooks:
|
|
- id: trailing-whitespace
|
|
# note: whitespace exclusions use multiline regex, see https://pre-commit.com/#regular-expressions
|
|
# items are:
|
|
# 1 - some file extensions
|
|
# 2 - any file matching *test*/*expected* (for host tests, if possible use this naming pattern always)
|
|
# 3 - any directory named 'testdata'
|
|
# 4 - IDF monitor test data
|
|
# 5 - protobuf auto-generated files
|
|
exclude: &whitespace_excludes |
|
|
(?x)^(
|
|
.+\.(md|rst|map|bin)|
|
|
.+test.*\/.*expected.*|
|
|
.+\/testdata\/.+|
|
|
.+test_idf_monitor\/tests\/.+|
|
|
.*_pb2.py|
|
|
.*.pb-c.h|
|
|
.*.pb-c.c
|
|
)$
|
|
- id: end-of-file-fixer
|
|
exclude: *whitespace_excludes
|
|
- id: check-executables-have-shebangs
|
|
- id: mixed-line-ending
|
|
args: ['-f=lf']
|
|
- id: double-quote-string-fixer
|
|
- repo: https://github.com/PyCQA/flake8
|
|
rev: 3.9.2
|
|
hooks:
|
|
- id: flake8
|
|
args: ['--config=.flake8', '--tee', '--benchmark']
|
|
- repo: https://github.com/pycqa/isort
|
|
rev: 5.11.5 # python 3.7 compatible
|
|
hooks:
|
|
- id: isort
|
|
name: isort (python)
|
|
exclude: >
|
|
(?x)^(
|
|
.*_pb2.py
|
|
)$
|
|
|
|
- repo: local
|
|
hooks:
|
|
- id: check-executables
|
|
name: Check File Permissions
|
|
entry: tools/ci/check_executables.py --action executables
|
|
language: python
|
|
types: [executable]
|
|
exclude: '\.pre-commit/.+'
|
|
- id: check-executable-list
|
|
name: Validate executable-list.txt
|
|
entry: tools/ci/check_executables.py --action list
|
|
language: python
|
|
pass_filenames: false
|
|
always_run: true
|
|
- id: check-kconfigs
|
|
name: Validate Kconfig files
|
|
entry: tools/ci/check_kconfigs.py
|
|
language: python
|
|
files: '^Kconfig$|Kconfig.*$'
|
|
- id: check-deprecated-kconfigs-options
|
|
name: Check if any Kconfig Options Deprecated
|
|
entry: tools/ci/check_deprecated_kconfigs.py
|
|
language: python
|
|
files: 'sdkconfig\.ci$|sdkconfig\.rename$|sdkconfig.*$'
|
|
- id: cmake-lint
|
|
name: Check CMake Files Format
|
|
entry: cmakelint --linelength=120 --spaces=4 --filter=-whitespace/indent
|
|
language: python
|
|
additional_dependencies:
|
|
- cmakelint==1.4.1
|
|
files: 'CMakeLists.txt$|\.cmake$'
|
|
exclude: '\/third_party\/'
|
|
- id: check-codeowners
|
|
name: Validate Codeowner File
|
|
entry: tools/ci/check_codeowners.py ci-check
|
|
language: python
|
|
files: '\.gitlab/CODEOWNERS'
|
|
pass_filenames: false
|
|
- id: check-rules-yml
|
|
name: Check rules.yml all rules have at lease one job applied, all rules needed exist
|
|
entry: tools/ci/check_rules_yml.py
|
|
language: python
|
|
files: '\.gitlab/ci/.+\.yml|\.gitlab-ci.yml'
|
|
pass_filenames: false
|
|
additional_dependencies:
|
|
- PyYAML == 5.3.1
|
|
- id: check-generated-rules
|
|
name: Check rules are generated (based on .gitlab/ci/dependencies/dependencies.yml)
|
|
entry: .gitlab/ci/dependencies/generate_rules.py
|
|
language: python
|
|
files: '\.gitlab/ci/dependencies/.+|\.gitlab/ci/rules\.yml'
|
|
pass_filenames: false
|
|
additional_dependencies:
|
|
- PyYAML == 5.3.1
|
|
- id: mypy-check
|
|
name: Check type annotations in python files
|
|
entry: tools/ci/check_type_comments.py
|
|
additional_dependencies:
|
|
- 'mypy==1.0.1'
|
|
- 'mypy-extensions==1.0.0'
|
|
exclude: >
|
|
(?x)^(
|
|
.*_pb2.py
|
|
)$
|
|
language: python
|
|
types: [python]
|
|
- id: check-tools-files-patterns
|
|
name: Check tools dir files patterns
|
|
entry: tools/ci/check_tools_files_patterns.py
|
|
language: python
|
|
files: '^tools/.+'
|
|
additional_dependencies:
|
|
- PyYAML == 5.3.1
|
|
pass_filenames: false
|
|
- repo: https://github.com/pre-commit/pre-commit-hooks
|
|
rev: v4.0.1
|
|
hooks:
|
|
- id: file-contents-sorter
|
|
files: 'tools\/ci\/(executable-list\.txt|mypy_ignore_list\.txt)'
|
|
- repo: https://github.com/espressif/esp-idf-sbom.git
|
|
rev: v0.13.0
|
|
hooks:
|
|
- id: validate-sbom-manifest
|
|
stages: [post-commit]
|