-
Notifications
You must be signed in to change notification settings - Fork 533
215 lines (181 loc) · 7.75 KB
/
static_checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
# Contains jobs corresponding to static checks (such as syntax correctness & prohibited patterns).
name: Static Checks
on:
workflow_dispatch:
pull_request:
push:
branches:
- develop
jobs:
check_codeowners:
name: Check CODEOWNERS & Repository files
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: mszostok/[email protected]
with:
checks: "duppatterns,files,syntax"
experimental_checks: "notowned"
check_base_branch:
name: Check base branch
runs-on: ubuntu-20.04
if: github.event_name == 'pull_request'
steps:
- name: "Branch is not based on develop or release branch"
if: ${{ github.base_ref != 'develop' && !startsWith(github.base_ref, 'release-') }}
run: |
echo "Current base branch: $BASE_BRANCH"
echo "Note: this check is expected to fail for chained PRs so that they can't accidentally be merged. PRs should only ever be merged directly into develop or a release branch."
exit 1
env:
BASE_BRANCH: ${{ github.base_ref }}
- name: "Branch verified as based on develop/release branch"
if: ${{ github.base_ref == 'develop' || startsWith(github.base_ref, 'release-') }}
run: |
echo "Branch is correctly branched off of valid base branch to merge PRs into: $BASE_BRANCH"
env:
BASE_BRANCH: ${{ github.base_ref }}
linters:
name: Lint Tests
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Create oppia android tools directory
run: mkdir -p $HOME/oppia-android-tools
# Java 11 is specifically needed for Checkstyle.
- name: Set up JDK 1.11
uses: actions/setup-java@v1
with:
java-version: 1.11
- name: Download Checkstyle
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_download.sh
- name: Download Ktlint
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_download.sh
- name: Download Buf
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_download.sh
- name: Download Buildifier
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_download.sh
- name: Java lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_lint_check.sh $HOME
- name: Kotlin lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_lint_check.sh $HOME
- name: Protobuf lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_lint_check.sh $HOME
- name: Bazel lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_lint_check.sh $HOME
script_checks:
name: Script Checks
runs-on: ubuntu-20.04
env:
CACHE_DIRECTORY: ~/.bazel_cache
steps:
- uses: actions/checkout@v2
- name: Set up Bazel
uses: abhinavsingh/setup-bazel@v3
with:
version: 4.0.0
- uses: actions/cache@v2
id: scripts_cache
with:
path: ${{ env.CACHE_DIRECTORY }}
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts-
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit)
# thereby only ever using the last successful cache version. This solution will result in a
# few slower CI actions around the time cache is detected to be too large, but it should
# incrementally improve thereafter.
- name: Ensure cache size
env:
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }}
run: |
# See https://stackoverflow.com/a/27485157 for reference.
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}"
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1)
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB"
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem
# to only increase by a few hundred megabytes across changes for unrelated branches. This
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB
# compressed cache).
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then
echo "Cache exceeds cut-off; resetting it (will result in a slow build)"
rm -rf $EXPANDED_BAZEL_CACHE_PATH
fi
- name: Configure Bazel to use a local cache
env:
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }}
run: |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}"
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path"
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc
shell: bash
- name: Regex Patterns Validation Check
if: always()
run: |
bazel run //scripts:regex_pattern_validation_check -- $(pwd)
- name: XML Syntax Validation Check
if: always()
run: |
bazel run //scripts:xml_syntax_check -- $(pwd)
- name: Testfile Presence Check
if: always()
run: |
bazel run //scripts:test_file_check -- $(pwd)
- name: Accessibility label Check
if: always()
run: |
bazel run //scripts:accessibility_label_check -- $(pwd) scripts/assets/accessibility_label_exemptions.pb app/src/main/AndroidManifest.xml
- name: KDoc Validation Check
if: always()
run: |
bazel run //scripts:kdoc_validity_check -- $(pwd) scripts/assets/kdoc_validity_exemptions.pb
- name: Todo Check
if: always()
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
gh issue list --limit 2000 --repo oppia/oppia-android --json number > $(pwd)/open_issues.json
bazel run //scripts:todo_open_check -- $(pwd) scripts/assets/todo_open_exemptions.pb open_issues.json
- name: String Resource Validation Check
if: always()
run: |
bazel run //scripts:string_resource_validation_check -- $(pwd)
# Note that caching is intentionally not enabled for this check since licenses should always be
# verified without any potential influence from earlier builds (i.e. always from a clean build to
# ensure the results exactly match the current state of the repository).
third_party_dependencies_check:
name: Maven Dependencies Checks
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Set up Bazel
uses: abhinavsingh/setup-bazel@v3
with:
version: 4.0.0
- name: Maven Repin Check
if: always()
run: |
REPIN=1 bazel run @unpinned_maven//:pin
- name: Maven Dependencies Update Check
if: always()
run: |
bazel run //scripts:maven_dependencies_list_check -- $(pwd) third_party/maven_install.json scripts/assets/maven_dependencies.pb
- name: License Texts Check
if: always()
run: |
bazel run //scripts:license_texts_check -- $(pwd)/app/src/main/res/values/third_party_dependencies.xml