-
Notifications
You must be signed in to change notification settings - Fork 528
252 lines (215 loc) · 10.9 KB
/
static_checks.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# Contains jobs corresponding to static checks (such as syntax correctness & prohibited patterns).
name: Static Checks
on:
workflow_dispatch:
pull_request:
push:
branches:
- develop
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.run_id }}
cancel-in-progress: true
jobs:
check_codeowners:
name: Check CODEOWNERS & Repository files
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- uses: mszostok/[email protected]
with:
checks: "duppatterns,files,syntax"
experimental_checks: "notowned"
check_base_branch:
name: Check base branch
runs-on: ubuntu-20.04
if: github.event_name == 'pull_request'
steps:
- name: "Branch is not based on develop or release branch"
if: ${{ github.base_ref != 'develop' && !startsWith(github.base_ref, 'release-') }}
run: |
echo "Current base branch: $BASE_BRANCH"
echo "Note: this check is expected to fail for chained PRs so that they can't accidentally be merged. PRs should only ever be merged directly into develop or a release branch."
exit 1
env:
BASE_BRANCH: ${{ github.base_ref }}
- name: "Branch verified as based on develop/release branch"
if: ${{ github.base_ref == 'develop' || startsWith(github.base_ref, 'release-') }}
run: |
echo "Branch is correctly branched off of valid base branch to merge PRs into: $BASE_BRANCH"
env:
BASE_BRANCH: ${{ github.base_ref }}
linters:
name: Lint Tests
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Create oppia android tools directory
run: mkdir -p $HOME/oppia-android-tools
- name: Set up JDK 11
uses: actions/setup-java@v1
with:
java-version: 11
- name: Download Checkstyle
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_download.sh
- name: Download Ktlint
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_download.sh
- name: Download Buf
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_download.sh
- name: Download Buildifier
run: |
cd $HOME/oppia-android-tools
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_download.sh
- name: Java lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_lint_check.sh $HOME
- name: Kotlin lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_lint_check.sh $HOME
- name: Feature flag checks
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/feature_flags_check.sh $HOME
- name: Protobuf lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_lint_check.sh $HOME
- name: Bazel lint check
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_lint_check.sh $HOME
script_checks:
name: Script Checks
runs-on: ubuntu-20.04
env:
CACHE_DIRECTORY: ~/.bazel_cache
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Set up Bazel
uses: abhinavsingh/setup-bazel@v3
with:
version: 6.5.0
- uses: actions/cache@v2
id: scripts_cache
with:
path: ${{ env.CACHE_DIRECTORY }}
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts-
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit)
# thereby only ever using the last successful cache version. This solution will result in a
# few slower CI actions around the time cache is detected to be too large, but it should
# incrementally improve thereafter.
- name: Ensure cache size
env:
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }}
run: |
# See https://stackoverflow.com/a/27485157 for reference.
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}"
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1)
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB"
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem
# to only increase by a few hundred megabytes across changes for unrelated branches. This
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB
# compressed cache).
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then
echo "Cache exceeds cut-off; resetting it (will result in a slow build)"
rm -rf $EXPANDED_BAZEL_CACHE_PATH
fi
- name: Configure Bazel to use a local cache
env:
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }}
run: |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}"
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path"
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc
shell: bash
- name: Regex Patterns Validation Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:regex_pattern_validation_check -- $(pwd)
- name: XML Syntax Validation Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:xml_syntax_check -- $(pwd)
- name: Testfile Presence Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:test_file_check -- $(pwd)
- name: Accessibility label Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:accessibility_label_check -- $(pwd) scripts/assets/accessibility_label_exemptions.pb app/src/main/AndroidManifest.xml
- name: KDoc Validation Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:kdoc_validity_check -- $(pwd) scripts/assets/kdoc_validity_exemptions.pb
- name: Todo Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
bazel run //scripts:todo_open_check -- $(pwd) scripts/assets/todo_open_exemptions.pb
- name: String Resource Validation Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:string_resource_validation_check -- $(pwd)
- name: Binary files check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bash /home/runner/work/oppia-android/oppia-android/scripts/pre-commit.sh
echo "No binary files found in commit"
echo "BINARY FILES CHECK PASSED"
# Note that caching is intentionally not enabled for this check since licenses should always be
# verified without any potential influence from earlier builds (i.e. always from a clean build to
# ensure the results exactly match the current state of the repository).
third_party_dependencies_check:
name: Maven Dependencies Checks
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Set up Bazel
uses: abhinavsingh/setup-bazel@v3
with:
version: 6.5.0
- name: Maven Repin Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
REPIN=1 bazel run @unpinned_maven//:pin
- name: Maven Dependencies Update Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:maven_dependencies_list_check -- $(pwd) third_party/maven_install.json scripts/assets/maven_dependencies.pb
- name: License Texts Check
# The expression if: ${{ !cancelled() }} runs a job or step regardless of its success or failure while responding to cancellations,
# serving as a cancellation-compliant alternative to if: ${{ always() }} in concurrent workflows.
if: ${{ !cancelled() }}
run: |
bazel run //scripts:license_texts_check -- $(pwd)/app/src/main/res/values/third_party_dependencies.xml