diff --git a/.github/workflows/pr_lint_review.yml b/.github/workflows/pr_lint_review.yml index 513e3874c9..0c8164f5a3 100644 --- a/.github/workflows/pr_lint_review.yml +++ b/.github/workflows/pr_lint_review.yml @@ -1,49 +1,45 @@ # Copyright lowRISC contributors. # Licensed under the Apache License, Version 2.0, see LICENSE for details. # SPDX-License-Identifier: Apache-2.0 + +# GitHub Action to run Verible linting on pull requests and add review comments. +# +# See https://github.com/chipsalliance/verible-linter-action. + name: pr-lint-review +# Triggers when there is any activity on a pull request, e.g. opened, updated. +# +# The action runs in the context of the _base_ of the pull request, but later we +# checkout the repository at the pull request's HEAD to run linting. on: - workflow_run: - workflows: ["pr-trigger"] - types: - - completed + pull_request_target: jobs: - review_triggered: + verible-lint: runs-on: ubuntu-latest + # Grant write permissions only for setting checks and adding review comments + # to pull requests. + permissions: + checks: write + contents: read + pull-requests: write + env: + verible_config: 'vendor/lowrisc_ip/lint/tools/veriblelint/lowrisc-styleguide.rules.verible_lint' steps: - - uses: actions/checkout@v2 - - # this workflow does not run in a PR context - # download 'event.json' file from a PR-tiggered workflow - # to mock the PR context and make a review - - name: 'Download artifact' - id: get-artifacts - uses: actions/github-script@v3.1.0 + - uses: actions/checkout@v3 with: - script: | - var artifacts = await github.actions.listWorkflowRunArtifacts({ - owner: context.repo.owner, - repo: context.repo.repo, - run_id: ${{github.event.workflow_run.id }}, - }); - var matchArtifact = artifacts.data.artifacts.filter((artifact) => { - return artifact.name == "event.json" - })[0]; - var download = await github.actions.downloadArtifact({ - owner: context.repo.owner, - repo: context.repo.repo, - artifact_id: matchArtifact.id, - archive_format: 'zip', - }); - var fs = require('fs'); - fs.writeFileSync('${{github.workspace}}/event.json.zip', Buffer.from(download.data)); - - run: | - unzip event.json.zip + # Because `pull_request_target` runs at the PR's base, we need to + # checkout the head of the PR before running the lint. + ref: ${{ github.event.pull_request.head.sha }} + - name: Display Verible config + run: | + echo "::group::Verible config" + cat "$verible_config" + echo "::endgroup::" - name: Run Verible linter action uses: chipsalliance/verible-linter-action@main with: github_token: ${{ secrets.GITHUB_TOKEN }} suggest_fixes: 'false' - config_file: 'vendor/lowrisc_ip/lint/tools/veriblelint/lowrisc-styleguide.rules.verible_lint' + config_file: ${{ env.verible_config }} diff --git a/.github/workflows/pr_trigger.yml b/.github/workflows/pr_trigger.yml deleted file mode 100644 index b969698b2c..0000000000 --- a/.github/workflows/pr_trigger.yml +++ /dev/null @@ -1,25 +0,0 @@ -# Copyright lowRISC contributors. -# Licensed under the Apache License, Version 2.0, see LICENSE for details. -# SPDX-License-Identifier: Apache-2.0 -name: pr-trigger - -on: - pull_request: - -jobs: - upload: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - name: Copy event file - run: cp "$GITHUB_EVENT_PATH" ./event.json - - # If this workflow is triggered by a PR from a fork - # it won't have sufficient access rights to make a review - # so we just save the file needed to do the review - # in a context with proper access rights - - name: Upload event file as artifact - uses: actions/upload-artifact@v2 - with: - name: event.json - path: event.json