chore: import upstream snapshot with attribution

This commit is contained in:
wehub-resource-sync
2026-07-13 13:04:25 +08:00
commit 548b49ebc0
20937 changed files with 5455372 additions and 0 deletions
+27
View File
@@ -0,0 +1,27 @@
name: DangerJS Pull Request review
on:
pull_request_target:
types: [opened, edited, reopened, synchronize]
permissions:
pull-requests: write
contents: read
jobs:
pull-request-style-linter:
runs-on: ubuntu-latest
steps:
- name: Check out PR head
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: DangerJS pull request linter
uses: espressif/shared-github-dangerjs@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
instructions-gitlab-mirror: 'true'
instructions-contributions-file: 'CONTRIBUTING.md'
instructions-cla-link: 'https://cla-assistant.io/espressif/esp-idf'
+90
View File
@@ -0,0 +1,90 @@
name: docker
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
on:
push:
branches:
- 'master'
- 'release/*'
tags:
- 'v*.*'
env:
# Platforms to build the image for
BUILD_PLATFORMS: linux/amd64,linux/arm64
DOCKERHUB_REPO: ${{ github.repository_owner }}/idf
jobs:
docker:
# Disable the job in forks
if: ${{ github.repository_owner == 'espressif' }}
runs-on: ubuntu-24.04-X64-large
steps:
# Depending on the branch/tag, set CLONE_BRANCH_OR_TAG variable (used in the Dockerfile
# as a build arg) and TAG_NAME (used when tagging the image).
#
# The following 3 steps cover the alternatives (tag, release branch, master branch):
- name: Set variables (tags)
if: ${{ github.ref_type == 'tag' }}
run: |
echo "CLONE_BRANCH_OR_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
echo "TAG_NAME=$GITHUB_REF_NAME" >> $GITHUB_ENV
- name: Set variables (release branches)
if: ${{ github.ref_type == 'branch' && startsWith(github.ref_name, 'release/') }}
run: |
echo "CLONE_BRANCH_OR_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
echo "TAG_NAME=release-${GITHUB_REF_NAME##release/}" >> $GITHUB_ENV
- name: Set variables (main branch)
if: ${{ github.ref_type == 'branch' && github.ref_name == 'master' }}
run: |
echo "CLONE_BRANCH_OR_TAG=master" >> $GITHUB_ENV
echo "TAG_NAME=latest" >> $GITHUB_ENV
# Display the variables set above, just in case.
- name: Check variables
run: |
echo "CLONE_BRANCH_OR_TAG: $CLONE_BRANCH_OR_TAG"
echo "CHECKOUT_REF: $CHECKOUT_REF"
echo "TAG_NAME: $TAG_NAME"
# The following steps are the standard boilerplate from
# https://github.com/marketplace/actions/build-and-push-docker-images
- name: Checkout
uses: actions/checkout@v3
- name: Login to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Set up QEMU for multiarch builds
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Build and push
uses: docker/build-push-action@v3
with:
context: tools/docker
push: true
tags: ${{ env.DOCKERHUB_REPO }}:${{ env.TAG_NAME }}
platforms: ${{ env.BUILD_PLATFORMS }}
build-args: |
IDF_CLONE_URL=${{ github.server_url }}/${{ github.repository }}.git
IDF_CLONE_BRANCH_OR_TAG=${{ env.CLONE_BRANCH_OR_TAG }}
- name: Update Docker Hub repository description (master branch)
if: ${{ github.ref_type == 'branch' && github.ref_name == 'master' }}
uses: peter-evans/dockerhub-description@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
# Token based authentication is not supported here:
# https://github.com/peter-evans/dockerhub-description/issues/10
# https://github.com/docker/roadmap/issues/115#issuecomment-891694974
password: ${{ secrets.DOCKERHUB_PASSWORD }}
repository: ${{ env.DOCKERHUB_REPO }}
readme-filepath: ./tools/docker/README.md
+28
View File
@@ -0,0 +1,28 @@
name: Sync issue comments to JIRA
permissions:
issues: write
pull-requests: write
# This workflow will be triggered when new issue comment is created (including PR comments)
on: issue_comment
# Limit to single concurrent run for workflows which can create Jira issues.
# Same concurrency group is used in new_issues.yml
concurrency: jira_issues
jobs:
sync_issue_comments_to_jira:
name: Sync Issue Comments to Jira
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Sync issue comments to JIRA
uses: espressif/sync-jira-actions@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JIRA_PASS: ${{ secrets.JIRA_PASS }}
JIRA_PROJECT: IDFGH
JIRA_URL: ${{ secrets.JIRA_URL }}
JIRA_USER: ${{ secrets.JIRA_USER }}
WEBHOOK_URL: ${{ secrets.JIRA_ISSUE_COMMENT_WEBHOOK_URL }}
+27
View File
@@ -0,0 +1,27 @@
name: Sync issues to Jira
permissions:
issues: write
# This workflow will be triggered when a new issue is opened
on: issues
# Limit to single concurrent run for workflows which can create Jira issues.
# Same concurrency group is used in issue_comment.yml
concurrency: jira_issues
jobs:
sync_issues_to_jira:
name: Sync issues to Jira
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Sync GitHub issues to Jira project
uses: espressif/sync-jira-actions@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JIRA_PASS: ${{ secrets.JIRA_PASS }}
JIRA_PROJECT: IDFGH
JIRA_URL: ${{ secrets.JIRA_URL }}
JIRA_USER: ${{ secrets.JIRA_USER }}
WEBHOOK_URL: ${{ secrets.JIRA_ISSUE_COMMENT_WEBHOOK_URL }}
+31
View File
@@ -0,0 +1,31 @@
name: Sync remain PRs to Jira
permissions:
pull-requests: write
# This workflow will be triggered every hour, to sync remaining PRs (i.e. PRs with zero comment) to Jira project
# Note that, PRs can also get synced when new PR comment is created
on:
schedule:
- cron: "0 * * * *"
# Limit to single concurrent run for workflows which can create Jira issues.
# Same concurrency group is used in issue_comment.yml
concurrency: jira_issues
jobs:
sync_prs_to_jira:
name: Sync PRs to Jira
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Sync PRs to Jira project
uses: espressif/github-actions/sync_issues_to_jira@master
with:
cron_job: true
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JIRA_PASS: ${{ secrets.JIRA_PASS }}
JIRA_PROJECT: IDFGH
JIRA_URL: ${{ secrets.JIRA_URL }}
JIRA_USER: ${{ secrets.JIRA_USER }}
+27
View File
@@ -0,0 +1,27 @@
name: Sync approved PRs to internal codebase
permissions:
contents: read
on:
pull_request_target:
types: [labeled]
jobs:
sync_prs_to_internal_codebase:
name: GitHub PR to Internal Codebase Sync
runs-on: ubuntu-latest
if: (github.event.label.name == 'PR-Sync-Merge') ||
(github.event.label.name == 'PR-Sync-Rebase') ||
(github.event.label.name == 'PR-Sync-Update')
steps:
- uses: actions/checkout@v3
- name: Sync approved PRs to internal codebase
uses: espressif/github-actions/github_pr_to_internal_pr@master
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITLAB_URL: ${{ secrets.GITLAB_URL }}
GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
GIT_CONFIG_NAME: ${{ secrets.GIT_CONFIG_NAME }}
GIT_CONFIG_EMAIL: ${{ secrets.GIT_CONFIG_EMAIL }}
JIRA_PROJECT: IDFGH
+42
View File
@@ -0,0 +1,42 @@
name: Check pre-commit rules
on:
pull_request:
types: [opened, reopened, synchronize]
permissions:
contents: read
jobs:
pre_commit_check:
runs-on: ubuntu-latest
env:
SKIP: "cleanup-ignore-lists" # Comma-separated string of ignored pre-commit check IDs
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Fetch head and base refs
# This is necessary for pre-commit to check the changes in the PR branch
run: |
git fetch origin ${{ github.base_ref }}:base_ref
git fetch origin pull/${{ github.event.pull_request.number }}/head:pr_ref
- name: Set up Python environment
uses: actions/setup-python@master
with:
python-version: "3.10"
- name: Install python packages
run: |
pip install pre-commit
pre-commit install-hooks
- name: Run pre-commit and check for any changes
run: |
echo "Commits being checked:"
git log --oneline --no-decorate base_ref..pr_ref
echo ""
if ! pre-commit run --from-ref base_ref --to-ref pr_ref --show-diff-on-failure ; then
echo ""
echo "::notice::It looks like the commits in this PR have been made without having pre-commit hooks installed."
echo "::notice::Please see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/contribute/install-pre-commit-hook.html for instructions."
echo ""
exit 1
fi
+21
View File
@@ -0,0 +1,21 @@
name: Create zip file with recursive source clone for release
permissions:
contents: write
on:
push:
tags:
- v*
jobs:
release_zips:
name: Create release zip file
runs-on: ubuntu-24.04
steps:
- name: Create a recursive clone source zip
uses: espressif/release-zips-action@v1
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
release_project_name: ESP-IDF
git_extra_args: --shallow-since="1 year ago"
+35
View File
@@ -0,0 +1,35 @@
name: Vulnerability scan
on:
schedule:
- cron: '0 0 * * *'
workflow_dispatch:
jobs:
vulnerability-scan:
strategy:
# We don't want to run all jobs in parallel, because this would
# overload NVD and we would get 503
max-parallel: 1
matrix:
# References/branches which should be scanned for vulnerabilities are
# defined in the VULNERABILITY_SCAN_REFS variable as json list.
# For example: ['master', 'release/v5.2', 'release/v5.1', 'release/v5.0', 'release/v4.4']
ref: ${{ fromJSON(vars.VULNERABILITY_SCAN_REFS) }}
name: Vulnerability scan
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: recursive
ref: ${{ matrix.ref }}
- name: Vulnerability scan
env:
SBOM_CHECK_LOCAL_DB: ${{ vars.SBOM_CHECK_LOCAL_DB }}
SBOM_MATTERMOST_WEBHOOK: ${{ secrets.SBOM_MATTERMOST_WEBHOOK }}
NVDAPIKEY: ${{ secrets.NVDAPIKEY }}
uses: espressif/esp-idf-sbom-action@master
with:
ref: ${{ matrix.ref }}