chore: import upstream snapshot with attribution
This commit is contained in:
@@ -0,0 +1,27 @@
|
||||
name: DangerJS Pull Request review
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [opened, edited, reopened, synchronize]
|
||||
|
||||
permissions:
|
||||
pull-requests: write
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
pull-request-style-linter:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Check out PR head
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
ref: ${{ github.event.pull_request.head.sha }}
|
||||
|
||||
- name: DangerJS pull request linter
|
||||
uses: espressif/shared-github-dangerjs@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
with:
|
||||
instructions-gitlab-mirror: 'true'
|
||||
instructions-contributions-file: 'CONTRIBUTING.md'
|
||||
instructions-cla-link: 'https://cla-assistant.io/espressif/esp-idf'
|
||||
@@ -0,0 +1,90 @@
|
||||
name: docker
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
concurrency:
|
||||
group: ${{ github.workflow }}-${{ github.ref }}
|
||||
|
||||
on:
|
||||
push:
|
||||
branches:
|
||||
- 'master'
|
||||
- 'release/*'
|
||||
tags:
|
||||
- 'v*.*'
|
||||
|
||||
env:
|
||||
# Platforms to build the image for
|
||||
BUILD_PLATFORMS: linux/amd64,linux/arm64
|
||||
DOCKERHUB_REPO: ${{ github.repository_owner }}/idf
|
||||
|
||||
jobs:
|
||||
docker:
|
||||
# Disable the job in forks
|
||||
if: ${{ github.repository_owner == 'espressif' }}
|
||||
|
||||
runs-on: ubuntu-24.04-X64-large
|
||||
steps:
|
||||
# Depending on the branch/tag, set CLONE_BRANCH_OR_TAG variable (used in the Dockerfile
|
||||
# as a build arg) and TAG_NAME (used when tagging the image).
|
||||
#
|
||||
# The following 3 steps cover the alternatives (tag, release branch, master branch):
|
||||
- name: Set variables (tags)
|
||||
if: ${{ github.ref_type == 'tag' }}
|
||||
run: |
|
||||
echo "CLONE_BRANCH_OR_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
|
||||
echo "TAG_NAME=$GITHUB_REF_NAME" >> $GITHUB_ENV
|
||||
- name: Set variables (release branches)
|
||||
if: ${{ github.ref_type == 'branch' && startsWith(github.ref_name, 'release/') }}
|
||||
run: |
|
||||
echo "CLONE_BRANCH_OR_TAG=$GITHUB_REF_NAME" >> $GITHUB_ENV
|
||||
echo "TAG_NAME=release-${GITHUB_REF_NAME##release/}" >> $GITHUB_ENV
|
||||
- name: Set variables (main branch)
|
||||
if: ${{ github.ref_type == 'branch' && github.ref_name == 'master' }}
|
||||
run: |
|
||||
echo "CLONE_BRANCH_OR_TAG=master" >> $GITHUB_ENV
|
||||
echo "TAG_NAME=latest" >> $GITHUB_ENV
|
||||
|
||||
# Display the variables set above, just in case.
|
||||
- name: Check variables
|
||||
run: |
|
||||
echo "CLONE_BRANCH_OR_TAG: $CLONE_BRANCH_OR_TAG"
|
||||
echo "CHECKOUT_REF: $CHECKOUT_REF"
|
||||
echo "TAG_NAME: $TAG_NAME"
|
||||
|
||||
# The following steps are the standard boilerplate from
|
||||
# https://github.com/marketplace/actions/build-and-push-docker-images
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Login to Docker Hub
|
||||
uses: docker/login-action@v2
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
||||
- name: Set up QEMU for multiarch builds
|
||||
uses: docker/setup-qemu-action@v2
|
||||
- name: Set up Docker Buildx
|
||||
uses: docker/setup-buildx-action@v2
|
||||
- name: Build and push
|
||||
uses: docker/build-push-action@v3
|
||||
with:
|
||||
context: tools/docker
|
||||
push: true
|
||||
tags: ${{ env.DOCKERHUB_REPO }}:${{ env.TAG_NAME }}
|
||||
platforms: ${{ env.BUILD_PLATFORMS }}
|
||||
build-args: |
|
||||
IDF_CLONE_URL=${{ github.server_url }}/${{ github.repository }}.git
|
||||
IDF_CLONE_BRANCH_OR_TAG=${{ env.CLONE_BRANCH_OR_TAG }}
|
||||
|
||||
- name: Update Docker Hub repository description (master branch)
|
||||
if: ${{ github.ref_type == 'branch' && github.ref_name == 'master' }}
|
||||
uses: peter-evans/dockerhub-description@v3
|
||||
with:
|
||||
username: ${{ secrets.DOCKERHUB_USERNAME }}
|
||||
# Token based authentication is not supported here:
|
||||
# https://github.com/peter-evans/dockerhub-description/issues/10
|
||||
# https://github.com/docker/roadmap/issues/115#issuecomment-891694974
|
||||
password: ${{ secrets.DOCKERHUB_PASSWORD }}
|
||||
repository: ${{ env.DOCKERHUB_REPO }}
|
||||
readme-filepath: ./tools/docker/README.md
|
||||
@@ -0,0 +1,28 @@
|
||||
name: Sync issue comments to JIRA
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
pull-requests: write
|
||||
|
||||
# This workflow will be triggered when new issue comment is created (including PR comments)
|
||||
on: issue_comment
|
||||
|
||||
# Limit to single concurrent run for workflows which can create Jira issues.
|
||||
# Same concurrency group is used in new_issues.yml
|
||||
concurrency: jira_issues
|
||||
|
||||
jobs:
|
||||
sync_issue_comments_to_jira:
|
||||
name: Sync Issue Comments to Jira
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Sync issue comments to JIRA
|
||||
uses: espressif/sync-jira-actions@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
JIRA_PASS: ${{ secrets.JIRA_PASS }}
|
||||
JIRA_PROJECT: IDFGH
|
||||
JIRA_URL: ${{ secrets.JIRA_URL }}
|
||||
JIRA_USER: ${{ secrets.JIRA_USER }}
|
||||
WEBHOOK_URL: ${{ secrets.JIRA_ISSUE_COMMENT_WEBHOOK_URL }}
|
||||
@@ -0,0 +1,27 @@
|
||||
name: Sync issues to Jira
|
||||
|
||||
permissions:
|
||||
issues: write
|
||||
|
||||
# This workflow will be triggered when a new issue is opened
|
||||
on: issues
|
||||
|
||||
# Limit to single concurrent run for workflows which can create Jira issues.
|
||||
# Same concurrency group is used in issue_comment.yml
|
||||
concurrency: jira_issues
|
||||
|
||||
jobs:
|
||||
sync_issues_to_jira:
|
||||
name: Sync issues to Jira
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Sync GitHub issues to Jira project
|
||||
uses: espressif/sync-jira-actions@v1
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
JIRA_PASS: ${{ secrets.JIRA_PASS }}
|
||||
JIRA_PROJECT: IDFGH
|
||||
JIRA_URL: ${{ secrets.JIRA_URL }}
|
||||
JIRA_USER: ${{ secrets.JIRA_USER }}
|
||||
WEBHOOK_URL: ${{ secrets.JIRA_ISSUE_COMMENT_WEBHOOK_URL }}
|
||||
@@ -0,0 +1,31 @@
|
||||
name: Sync remain PRs to Jira
|
||||
|
||||
permissions:
|
||||
pull-requests: write
|
||||
|
||||
# This workflow will be triggered every hour, to sync remaining PRs (i.e. PRs with zero comment) to Jira project
|
||||
# Note that, PRs can also get synced when new PR comment is created
|
||||
on:
|
||||
schedule:
|
||||
- cron: "0 * * * *"
|
||||
|
||||
# Limit to single concurrent run for workflows which can create Jira issues.
|
||||
# Same concurrency group is used in issue_comment.yml
|
||||
concurrency: jira_issues
|
||||
|
||||
jobs:
|
||||
sync_prs_to_jira:
|
||||
name: Sync PRs to Jira
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Sync PRs to Jira project
|
||||
uses: espressif/github-actions/sync_issues_to_jira@master
|
||||
with:
|
||||
cron_job: true
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
JIRA_PASS: ${{ secrets.JIRA_PASS }}
|
||||
JIRA_PROJECT: IDFGH
|
||||
JIRA_URL: ${{ secrets.JIRA_URL }}
|
||||
JIRA_USER: ${{ secrets.JIRA_USER }}
|
||||
@@ -0,0 +1,27 @@
|
||||
name: Sync approved PRs to internal codebase
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
on:
|
||||
pull_request_target:
|
||||
types: [labeled]
|
||||
|
||||
jobs:
|
||||
sync_prs_to_internal_codebase:
|
||||
name: GitHub PR to Internal Codebase Sync
|
||||
runs-on: ubuntu-latest
|
||||
if: (github.event.label.name == 'PR-Sync-Merge') ||
|
||||
(github.event.label.name == 'PR-Sync-Rebase') ||
|
||||
(github.event.label.name == 'PR-Sync-Update')
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Sync approved PRs to internal codebase
|
||||
uses: espressif/github-actions/github_pr_to_internal_pr@master
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
GITLAB_URL: ${{ secrets.GITLAB_URL }}
|
||||
GITLAB_TOKEN: ${{ secrets.GITLAB_TOKEN }}
|
||||
GIT_CONFIG_NAME: ${{ secrets.GIT_CONFIG_NAME }}
|
||||
GIT_CONFIG_EMAIL: ${{ secrets.GIT_CONFIG_EMAIL }}
|
||||
JIRA_PROJECT: IDFGH
|
||||
@@ -0,0 +1,42 @@
|
||||
name: Check pre-commit rules
|
||||
|
||||
on:
|
||||
pull_request:
|
||||
types: [opened, reopened, synchronize]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
pre_commit_check:
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
SKIP: "cleanup-ignore-lists" # Comma-separated string of ignored pre-commit check IDs
|
||||
steps:
|
||||
- name: Checkout
|
||||
uses: actions/checkout@v3
|
||||
- name: Fetch head and base refs
|
||||
# This is necessary for pre-commit to check the changes in the PR branch
|
||||
run: |
|
||||
git fetch origin ${{ github.base_ref }}:base_ref
|
||||
git fetch origin pull/${{ github.event.pull_request.number }}/head:pr_ref
|
||||
- name: Set up Python environment
|
||||
uses: actions/setup-python@master
|
||||
with:
|
||||
python-version: "3.10"
|
||||
- name: Install python packages
|
||||
run: |
|
||||
pip install pre-commit
|
||||
pre-commit install-hooks
|
||||
- name: Run pre-commit and check for any changes
|
||||
run: |
|
||||
echo "Commits being checked:"
|
||||
git log --oneline --no-decorate base_ref..pr_ref
|
||||
echo ""
|
||||
if ! pre-commit run --from-ref base_ref --to-ref pr_ref --show-diff-on-failure ; then
|
||||
echo ""
|
||||
echo "::notice::It looks like the commits in this PR have been made without having pre-commit hooks installed."
|
||||
echo "::notice::Please see https://docs.espressif.com/projects/esp-idf/en/latest/esp32/contribute/install-pre-commit-hook.html for instructions."
|
||||
echo ""
|
||||
exit 1
|
||||
fi
|
||||
@@ -0,0 +1,21 @@
|
||||
name: Create zip file with recursive source clone for release
|
||||
|
||||
permissions:
|
||||
contents: write
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- v*
|
||||
|
||||
jobs:
|
||||
release_zips:
|
||||
name: Create release zip file
|
||||
runs-on: ubuntu-24.04
|
||||
steps:
|
||||
- name: Create a recursive clone source zip
|
||||
uses: espressif/release-zips-action@v1
|
||||
with:
|
||||
github_token: ${{ secrets.GITHUB_TOKEN }}
|
||||
release_project_name: ESP-IDF
|
||||
git_extra_args: --shallow-since="1 year ago"
|
||||
@@ -0,0 +1,35 @@
|
||||
name: Vulnerability scan
|
||||
|
||||
on:
|
||||
schedule:
|
||||
- cron: '0 0 * * *'
|
||||
workflow_dispatch:
|
||||
|
||||
jobs:
|
||||
vulnerability-scan:
|
||||
strategy:
|
||||
# We don't want to run all jobs in parallel, because this would
|
||||
# overload NVD and we would get 503
|
||||
max-parallel: 1
|
||||
matrix:
|
||||
# References/branches which should be scanned for vulnerabilities are
|
||||
# defined in the VULNERABILITY_SCAN_REFS variable as json list.
|
||||
# For example: ['master', 'release/v5.2', 'release/v5.1', 'release/v5.0', 'release/v4.4']
|
||||
ref: ${{ fromJSON(vars.VULNERABILITY_SCAN_REFS) }}
|
||||
name: Vulnerability scan
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v4
|
||||
with:
|
||||
submodules: recursive
|
||||
ref: ${{ matrix.ref }}
|
||||
|
||||
- name: Vulnerability scan
|
||||
env:
|
||||
SBOM_CHECK_LOCAL_DB: ${{ vars.SBOM_CHECK_LOCAL_DB }}
|
||||
SBOM_MATTERMOST_WEBHOOK: ${{ secrets.SBOM_MATTERMOST_WEBHOOK }}
|
||||
NVDAPIKEY: ${{ secrets.NVDAPIKEY }}
|
||||
uses: espressif/esp-idf-sbom-action@master
|
||||
with:
|
||||
ref: ${{ matrix.ref }}
|
||||
Reference in New Issue
Block a user