Enable NPS (#5383) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Contains jobs corresponding to static checks (such as syntax correctness & prohibited patterns). | |
name: Static Checks | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
- develop | |
jobs: | |
check_codeowners: | |
name: Check CODEOWNERS & Repository files | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: mszostok/[email protected] | |
with: | |
checks: "duppatterns,files,syntax" | |
experimental_checks: "notowned" | |
check_base_branch: | |
name: Check base branch | |
runs-on: ubuntu-20.04 | |
if: github.event_name == 'pull_request' | |
steps: | |
- name: "Branch is not based on develop or release branch" | |
if: ${{ github.base_ref != 'develop' && !startsWith(github.base_ref, 'release-') }} | |
run: | | |
echo "Current base branch: $BASE_BRANCH" | |
echo "Note: this check is expected to fail for chained PRs so that they can't accidentally be merged. PRs should only ever be merged directly into develop or a release branch." | |
exit 1 | |
env: | |
BASE_BRANCH: ${{ github.base_ref }} | |
- name: "Branch verified as based on develop/release branch" | |
if: ${{ github.base_ref == 'develop' || startsWith(github.base_ref, 'release-') }} | |
run: | | |
echo "Branch is correctly branched off of valid base branch to merge PRs into: $BASE_BRANCH" | |
env: | |
BASE_BRANCH: ${{ github.base_ref }} | |
linters: | |
name: Lint Tests | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Create oppia android tools directory | |
run: mkdir -p $HOME/oppia-android-tools | |
# Java 11 is specifically needed for Checkstyle. | |
- name: Set up JDK 1.11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 1.11 | |
- name: Download Checkstyle | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_download.sh | |
- name: Download Ktlint | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_download.sh | |
- name: Download Buf | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_download.sh | |
- name: Download Buildifier | |
run: | | |
cd $HOME/oppia-android-tools | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_download.sh | |
- name: Java lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/checkstyle_lint_check.sh $HOME | |
- name: Kotlin lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/ktlint_lint_check.sh $HOME | |
- name: Protobuf lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buf_lint_check.sh $HOME | |
- name: Bazel lint check | |
run: | | |
bash /home/runner/work/oppia-android/oppia-android/scripts/buildifier_lint_check.sh $HOME | |
script_checks: | |
name: Script Checks | |
runs-on: ubuntu-20.04 | |
env: | |
CACHE_DIRECTORY: ~/.bazel_cache | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 4.0.0 | |
- uses: actions/cache@v2 | |
id: scripts_cache | |
with: | |
path: ${{ env.CACHE_DIRECTORY }} | |
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-scripts- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel- | |
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a | |
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit) | |
# thereby only ever using the last successful cache version. This solution will result in a | |
# few slower CI actions around the time cache is detected to be too large, but it should | |
# incrementally improve thereafter. | |
- name: Ensure cache size | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
# See https://stackoverflow.com/a/27485157 for reference. | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1) | |
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB" | |
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem | |
# to only increase by a few hundred megabytes across changes for unrelated branches. This | |
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build | |
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB | |
# compressed cache). | |
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then | |
echo "Cache exceeds cut-off; resetting it (will result in a slow build)" | |
rm -rf $EXPANDED_BAZEL_CACHE_PATH | |
fi | |
- name: Configure Bazel to use a local cache | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path" | |
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc | |
shell: bash | |
- name: Regex Patterns Validation Check | |
if: always() | |
run: | | |
bazel run //scripts:regex_pattern_validation_check -- $(pwd) | |
- name: XML Syntax Validation Check | |
if: always() | |
run: | | |
bazel run //scripts:xml_syntax_check -- $(pwd) | |
- name: Testfile Presence Check | |
if: always() | |
run: | | |
bazel run //scripts:test_file_check -- $(pwd) | |
- name: Accessibility label Check | |
if: always() | |
run: | | |
bazel run //scripts:accessibility_label_check -- $(pwd) scripts/assets/accessibility_label_exemptions.pb app/src/main/AndroidManifest.xml | |
- name: KDoc Validation Check | |
if: always() | |
run: | | |
bazel run //scripts:kdoc_validity_check -- $(pwd) scripts/assets/kdoc_validity_exemptions.pb | |
- name: Todo Check | |
if: always() | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
run: | | |
bazel run //scripts:todo_open_check -- $(pwd) scripts/assets/todo_open_exemptions.pb | |
- name: String Resource Validation Check | |
if: always() | |
run: | | |
bazel run //scripts:string_resource_validation_check -- $(pwd) | |
# Note that caching is intentionally not enabled for this check since licenses should always be | |
# verified without any potential influence from earlier builds (i.e. always from a clean build to | |
# ensure the results exactly match the current state of the repository). | |
third_party_dependencies_check: | |
name: Maven Dependencies Checks | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 4.0.0 | |
- name: Maven Repin Check | |
if: always() | |
run: | | |
REPIN=1 bazel run @unpinned_maven//:pin | |
- name: Maven Dependencies Update Check | |
if: always() | |
run: | | |
bazel run //scripts:maven_dependencies_list_check -- $(pwd) third_party/maven_install.json scripts/assets/maven_dependencies.pb | |
- name: License Texts Check | |
if: always() | |
run: | | |
bazel run //scripts:license_texts_check -- $(pwd)/app/src/main/res/values/third_party_dependencies.xml |