TC-OPCREDS-3.4: Automate #86263
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright (c) 2020-2021 Project CHIP Authors | |
# | |
# Licensed under the Apache License, Version 2.0 (the "License"); | |
# you may not use this file except in compliance with the License. | |
# You may obtain a copy of the License at | |
# | |
# http://www.apache.org/licenses/LICENSE-2.0 | |
# | |
# Unless required by applicable law or agreed to in writing, software | |
# distributed under the License is distributed on an "AS IS" BASIS, | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
# See the License for the specific language governing permissions and | |
# limitations under the License. | |
name: Lint Code Base | |
on: | |
push: | |
branches: | |
- master | |
- 'v*-branch' | |
pull_request: | |
merge_group: | |
workflow_dispatch: | |
concurrency: | |
group: | |
${{ github.ref }}-${{ github.workflow }}-${{ (github.event_name == | |
'pull_request' && github.event.number) || (github.event_name == | |
'workflow_dispatch' && github.run_number) || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
code-lints: | |
runs-on: ubuntu-latest | |
if: github.actor != 'restyled-io[bot]' | |
container: | |
image: ghcr.io/project-chip/chip-build:81 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
# Bootstrap and checkout for internal scripts (like idl_lint) | |
# to run | |
- name: Checkout submodules & Bootstrap | |
uses: ./.github/actions/checkout-submodules-and-bootstrap | |
with: | |
platform: linux | |
- name: Check for orphaned gn files | |
if: always() | |
# We should enforce that ALL new files are referenced in our build scripts. | |
# Several things do not have a clear fix path: | |
# - various platform implementations (including darwin-specific files as they | |
# are not using GN) | |
# - app/clusters (they are fetched dynamically - this should probably be fixed) | |
# | |
# All the rest of the exceptions should be driven down to 0: chip should fully | |
# be defined in build rules. | |
# | |
# This check enforces that for any newly added file, it must be part of some | |
# BUILD.gn file | |
run: | | |
./scripts/run_in_build_env.sh "./scripts/tools/not_known_to_gn.py \ | |
src \ | |
--skip-dir app/clusters \ | |
--skip-dir darwin \ | |
--skip-dir include \ | |
--skip-dir platform/Ameba \ | |
--skip-dir platform/android \ | |
--skip-dir platform/ASR \ | |
--skip-dir platform/Beken \ | |
--skip-dir platform/bouffalolab \ | |
--skip-dir platform/cc13xx_26xx \ | |
--skip-dir platform/cc32xx \ | |
--skip-dir platform/Darwin \ | |
--skip-dir platform/ESP32 \ | |
--skip-dir platform/fake \ | |
--skip-dir platform/FreeRTOS \ | |
--skip-dir platform/Infineon \ | |
--skip-dir platform/Linux \ | |
--skip-dir platform/mbed \ | |
--skip-dir platform/mt793x \ | |
--skip-dir platform/nxp \ | |
--skip-dir platform/OpenThread \ | |
--skip-dir platform/qpg \ | |
--skip-dir platform/silabs \ | |
--skip-dir platform/telink \ | |
--skip-dir platform/webos \ | |
--skip-dir platform/Zephyr \ | |
--skip-dir test_driver \ | |
--skip-dir platform/NuttX \ | |
--known-failure app/app-platform/ContentApp.cpp \ | |
--known-failure app/app-platform/ContentApp.h \ | |
--known-failure app/app-platform/ContentAppPlatform.cpp \ | |
--known-failure app/app-platform/ContentAppPlatform.h \ | |
--known-failure controller/ExamplePersistentStorage.cpp \ | |
--known-failure controller/ExamplePersistentStorage.h \ | |
--known-failure app/AttributeAccessToken.h \ | |
--known-failure app/CommandResponseSender.h \ | |
--known-failure app/CommandSenderLegacyCallback.h \ | |
--known-failure app/ReadHandler.h \ | |
--known-failure app/reporting/reporting.cpp \ | |
--known-failure app/reporting/tests/MockReportScheduler.cpp \ | |
--known-failure app/reporting/tests/MockReportScheduler.h \ | |
--known-failure app/util/attribute-storage.cpp \ | |
--known-failure app/util/attribute-storage-detail.h \ | |
--known-failure app/util/attribute-storage.h \ | |
--known-failure app/util/attribute-table.cpp \ | |
--known-failure app/util/attribute-table-detail.h \ | |
--known-failure app/util/attribute-table.h \ | |
--known-failure app/util/binding-table.cpp \ | |
--known-failure app/util/binding-table.h \ | |
--known-failure app/util/config.h \ | |
--known-failure app/util/DataModelHandler.cpp \ | |
--known-failure app/util/DataModelHandler.h \ | |
--known-failure app/util/ember-compatibility-functions.cpp \ | |
--known-failure app/util/ember-compatibility-functions.h \ | |
--known-failure app/util/ember-global-attribute-access-interface.cpp \ | |
--known-failure app/util/ember-global-attribute-access-interface.h \ | |
--known-failure app/util/ember-io-storage.cpp \ | |
--known-failure app/util/ember-io-storage.h \ | |
--known-failure app/util/endpoint-config-api.h \ | |
--known-failure app/util/generic-callbacks.h \ | |
--known-failure app/util/generic-callback-stubs.cpp \ | |
--known-failure app/util/im-client-callbacks.h \ | |
--known-failure app/util/IMClusterCommandHandler.h \ | |
--known-failure app/util/util.cpp \ | |
--known-failure app/util/util.h \ | |
--known-failure app/WriteHandler.h \ | |
--known-failure platform/DeviceSafeQueue.cpp \ | |
--known-failure platform/DeviceSafeQueue.h \ | |
--known-failure platform/GLibTypeDeleter.h \ | |
--known-failure platform/SingletonConfigurationManager.cpp \ | |
" | |
- name: Check for matter lint errors | |
if: always() | |
run: | | |
for idl_file in $(find . -name '*.matter'); do | |
# TODO: all these conformance failures should be fixed | |
# Issues exist for most of them: | |
# https://github.com/project-chip/connectedhomeip/issues/19176 | |
# https://github.com/project-chip/connectedhomeip/issues/19175 | |
# https://github.com/project-chip/connectedhomeip/issues/19173 | |
if [ "$idl_file" = './examples/log-source-app/log-source-common/log-source-app.matter' ]; then continue; fi | |
if [ "$idl_file" = './examples/placeholder/linux/apps/app1/config.matter' ]; then continue; fi | |
if [ "$idl_file" = './examples/placeholder/linux/apps/app2/config.matter' ]; then continue; fi | |
if [ "$idl_file" = './examples/thermostat/thermostat-common/thermostat.matter' ]; then continue; fi | |
if [ "$idl_file" = './examples/window-app/common/window-app.matter' ]; then continue; fi | |
# Example is intentionally not spe compliant for use in cert testing | |
if [ "$idl_file" = './examples/lighting-app-data-mode-no-unique-id/lighting-common/lighting-app.matter' ]; then continue; fi | |
# Test files are intentionally small and not spec-compilant, just parse-compliant | |
if [ "$idl_file" = "./scripts/py_matter_idl/matter_idl/tests/inputs/cluster_struct_attribute.matter" ]; then continue; fi | |
if [ "$idl_file" = "./scripts/py_matter_idl/matter_idl/tests/inputs/global_struct_attribute.matter" ]; then continue; fi | |
if [ "$idl_file" = "./scripts/py_matter_idl/matter_idl/tests/inputs/optional_argument.matter" ]; then continue; fi | |
if [ "$idl_file" = "./scripts/py_matter_idl/matter_idl/tests/inputs/several_clusters.matter" ]; then continue; fi | |
if [ "$idl_file" = "./scripts/py_matter_idl/matter_idl/tests/inputs/simple_attribute.matter" ]; then continue; fi | |
if [ "$idl_file" = "./scripts/py_matter_idl/matter_idl/tests/inputs/large_lighting_app.matter" ]; then continue; fi | |
if [ "$idl_file" = "./scripts/py_matter_idl/matter_idl/tests/inputs/large_all_clusters_app.matter" ]; then continue; fi | |
./scripts/run_in_build_env.sh "./scripts/idl_lint.py --log-level warn $idl_file" >/dev/null || exit 1 | |
done | |
- name: Check broken links | |
# On-push disabled until the job can run fully green | |
# At that point the step should be enabled. | |
if: github.event_name == 'workflow_dispatch' | |
uses: gaurav-nelson/github-action-markdown-link-check@v1 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: Check for incorrect error use in VerifyOrExit | |
if: always() | |
run: | | |
git grep -I -n "VerifyOrExit(.*, [A-Za-z]*_ERROR" -- './*' ':(exclude).github/workflows/lint.yml' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: | |
Check for use of PRI*8, which are not supported on some libcs. | |
if: always() | |
run: | | |
git grep -I -n "PRI.8" -- './*' ':(exclude).github/workflows/lint.yml' ':(exclude)third_party/lwip/repo/lwip/src/include/lwip/arch.h' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: | |
Check for use of PRI*16, which are not supported on some | |
libcs. | |
if: always() | |
run: | | |
git grep -I -n "PRI.16" -- './*' ':(exclude).github/workflows/lint.yml' ':(exclude)third_party/lwip/repo/lwip/src/include/lwip/arch.h' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: | |
Check for use of PRI*64, which are not supported on some | |
libcs. | |
if: always() | |
run: | | |
# TODO: MessageDefHelper should ideally not be excluded here. | |
# TODO: chip_im_initiatore should ideally not be excluded here. | |
# TODO: TLVDebug should ideally not be excluded here. | |
# TODO: protocol_decoder.cpp should ideally not be excluded here. | |
# TODO: PersistentStorageMacros.h should ideally not be excluded here. | |
git grep -I -n "PRI.64" -- './*' ':(exclude).github/workflows/lint.yml' ':(exclude)examples/chip-tool' ':(exclude)examples/tv-casting-app' ':(exclude)src/app/MessageDef/MessageDefHelper.cpp' ':(exclude)src/app/tests/integration/chip_im_initiator.cpp' ':(exclude)src/lib/core/TLVDebug.cpp' ':(exclude)src/lib/dnssd/tests/TestTxtFields.cpp' ':(exclude)src/lib/format/protocol_decoder.cpp' ':(exclude)src/lib/support/PersistentStorageMacros.h' ':(exclude)src/messaging/tests/echo/echo_requester.cpp' ':(exclude)src/platform/Linux' ':(exclude)src/platform/Ameba' ':(exclude)src/platform/ESP32' ':(exclude)src/platform/Darwin' ':(exclude)src/darwin' ':(exclude)src/platform/webos' ':(exclude)zzz_generated/chip-tool' ':(exclude)src/tools/chip-cert/Cmd_PrintCert.cpp' ':(exclude)src/platform/NuttX' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: Check for use of %zu, which are not supported on some libcs. | |
if: always() | |
run: | | |
git grep -I -n "%zu" -- './*' ':(exclude).github/workflows/lint.yml' && exit 1 || exit 0 | |
# Comments like '{{! ... }}' should be used in zap files | |
- name: Do not allow TODO in generated files | |
if: always() | |
run: | | |
git grep -n 'TODO:' -- ./zzz_generated './*/zap-generated/*' && exit 1 || exit 0 | |
- name: Check for disallowed include files | |
if: always() | |
run: scripts/tools/check_includes.sh | |
- name: Check for zcl.json and extension sync status | |
if: always() | |
run: scripts/tools/check_zcl_file_sync.py . | |
- name: Ensure all PICS are set for tests (to true or false) | |
if: always() | |
run: | | |
scripts/tools/check_test_pics.py src/app/tests/suites/certification/ci-pics-values src/app/tests/suites/certification/PICS.yaml | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: | |
Check for use of 0x%u and the like, which lead to misleading | |
output. | |
if: always() | |
run: | | |
git grep -I -n '0x%[0-9l.*-]*[^xX"0-9l.*-]' -- './*' ':(exclude).github/workflows/lint.yml' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: | |
Check for use of '"0x" PRIu*' and the like, which lead to | |
misleading output. | |
if: always() | |
run: | | |
git grep -I -n '0x%[0-9-]*" *PRI[^xX]' -- './*' ':(exclude).github/workflows/lint.yml' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. | |
- name: | |
Check for use of NSLog instead of Matter logging in Matter | |
framework | |
if: always() | |
run: | | |
git grep -n 'NSLog(' -- src/darwin/Framework/CHIP && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself, as well as excluding the files | |
# that implement the type-safe accessors | |
- name: | |
Check for use of 'emberAfReadAttribute' instead of the | |
type-safe getters | |
if: always() | |
run: | | |
git grep -I -n 'emberAfReadAttribute' -- './*' ':(exclude).github/workflows/lint.yml' ':(exclude)src/app/util/attribute-table.h' ':(exclude)zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp' ':(exclude)src/app/zap-templates/templates/app/attributes/Accessors-src.zapt' ':(exclude)src/app/util/attribute-table.cpp' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself, as well as excluding the files | |
# that implement the type-safe accessors, attribute writing from the wire, and some | |
# Pigweed RPC code that seems hard to update. | |
- name: | |
Check for use of 'emberAfWriteAttribute' instead of the | |
type-safe setters | |
if: always() | |
run: | | |
git grep -I -n 'emberAfWriteAttribute' -- './*' \ | |
':(exclude).github/workflows/lint.yml' \ | |
':(exclude)examples/common/pigweed/rpc_services/Attributes.h' \ | |
':(exclude)src/app/codegen-data-model-provider/CodegenDataModelProvider_Write.cpp' \ | |
':(exclude)src/app/codegen-data-model-provider/tests/EmberReadWriteOverride.cpp' \ | |
':(exclude)src/app/util/attribute-table.cpp' \ | |
':(exclude)src/app/util/attribute-table.h' \ | |
':(exclude)src/app/util/ember-compatibility-functions.cpp' \ | |
':(exclude)src/app/util/mock/CodegenEmberMocks.cpp' \ | |
':(exclude)src/app/zap-templates/templates/app/attributes/Accessors-src.zapt' \ | |
':(exclude)zzz_generated/app-common/app-common/zap-generated/attributes/Accessors.cpp' \ | |
&& exit 1 || exit 0 | |
# Run ruff python linter | |
- name: Check for errors using ruff Python linter | |
if: always() | |
run: | | |
ruff check | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: | |
Check for use of "SuccessOrExit(CHIP_ERROR_*)", which should | |
probably be "SuccessOrExit(err = CHIP_ERROR_*)" | |
if: always() | |
run: | | |
git grep -I -n 'SuccessOrExit(CHIP_ERROR' -- './*' ':(exclude).github/workflows/lint.yml' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. And we want to exclude this file, | |
# to avoid our grep regexp matching itself. | |
- name: | |
Check for use of | |
"SuccessOrExit(something-without-assignment(", which should | |
probably be "SuccessOrExit(err = something(" | |
if: always() | |
run: | | |
git grep -I -n 'SuccessOrExit([^=)]*(' -- './*' ':(exclude).github/workflows/lint.yml' && exit 1 || exit 0 | |
# git grep exits with 0 if it finds a match, but we want | |
# to fail (exit nonzero) on match. | |
- name: | |
Check for use of "using namespace" outside of a class/function | |
in headers. | |
if: always() | |
run: | | |
# Various platforms have `using namespace chip::Ble` in their BLEManager* headers; just exclude those for now. | |
# | |
# Exclude platform openiotsdk bits that do this in their persistent storage header. | |
# | |
# Also exclude examples (for now) and third_party, which have various instances of this. | |
# | |
# Ignore uses of `System::Clock::Literals`, because that's the only way to have things using _ms32 or whatnot | |
# in a header file. | |
git grep -I -n -e '^using namespace' --and --not -e 'System::Clock::Literals' -- './**/*.h' ':(exclude)src/platform/*/BLEManager*.h' ':(exclude)src/platform/openiotsdk/KVPsaPsStore.h' ':(exclude)./examples' ':(exclude)./third_party' && exit 1 || exit 0 |