102 lines (91 loc) · 4.21 KB
/
reusable_guidelines_enforcer.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
name: Ensure app compliance with Ledger guidelines
on:
workflow_call:
inputs:
run_for_devices:
description: |
The list of device(s) on which the test will run.
Defaults to the full list of device(s) supported by the application as configured in the
'ledger_app.toml' manifest.
If the manifest is missing, defaults to ALL (["nanos", "nanox", "nanosp", "stax", "flex"]).
required: false
default: 'None'
type: string
secrets:
git_token:
description: 'A token used as authentication for GIT operations. Useful when including this workflow in a private repository.'
required: false
jobs:
# We can't simply know the current ledger-app-workflow ref from inside the reusable workflow
# We use the workaround linked in the following Github issue until a proper API is available at Github API level
# https://github.com/actions/toolkit/issues/1264
call_get_workflow_version:
name: Get workflow version
uses: ./.github/workflows/_get_workflow_version.yaml
with:
repository-name: LedgerHQ/ledger-app-workflows
file-name: reusable_guidelines_enforcer.yml
secrets:
git_token: ${{ secrets.git_token }}
call_get_app_metadata:
# This job digests inputs and repository metadata provided by the `ledger_app.toml` manifest
# file, in order to output relevant directories, compatible devices, and other variables needed
# by following jobs.
name: Retrieve application metadata
uses: ./.github/workflows/_get_app_metadata.yml
with:
compatible_devices: ${{ inputs.run_for_devices }}
call_get_app_manifest:
name: Dump app information
needs: [call_get_workflow_version, call_get_app_metadata]
uses: ./.github/workflows/_get_app_manifest.yml
with:
ledger-app-workflows_ref: ${{ needs.call_get_workflow_version.outputs.version }}
run_for_devices: ${{ needs.call_get_app_metadata.outputs.compatible_devices }}
relative_app_directory: ${{ needs.call_get_app_metadata.outputs.build_directory }}
is_rust: ${{ needs.call_get_app_metadata.outputs.is_rust }}
upload_manifest_artifact_name: manifests
call_check_icons:
name: Dispatch check
needs: [call_get_workflow_version, call_get_app_manifest]
uses: ./.github/workflows/_check_icons.yml
with:
download_manifest_artifact_name: manifests
ledger-app-workflows_ref: ${{ needs.call_get_workflow_version.outputs.version }}
call_check_app_load_params:
name: Dispatch check
needs: [call_get_workflow_version, call_get_app_manifest]
uses: ./.github/workflows/_check_app_load_params.yml
with:
download_manifest_artifact_name: manifests
ledger-app-workflows_ref: ${{ needs.call_get_workflow_version.outputs.version }}
call_check_makefile:
name: Dispatch check
needs: [call_get_workflow_version, call_get_app_manifest]
uses: ./.github/workflows/_check_makefile.yml
with:
download_manifest_artifact_name: manifests
ledger-app-workflows_ref: ${{ needs.call_get_workflow_version.outputs.version }}
call_check_readme:
name: Dispatch check
needs: call_get_workflow_version
uses: ./.github/workflows/_check_readme.yml
with:
ledger-app-workflows_ref: ${{ needs.call_get_workflow_version.outputs.version }}
call_clang_static_analyzer:
name: Dispatch check
needs: call_get_app_metadata
uses: ./.github/workflows/_check_clang_static_analyzer.yml
with:
run_for_devices: ${{ needs.call_get_app_metadata.outputs.compatible_devices }}
relative_app_directory: ${{ needs.call_get_app_metadata.outputs.build_directory }}
is_rust: ${{ needs.call_get_app_metadata.outputs.is_rust }}
call_clang_static_analyzer_latest_sdk:
name: Dispatch check
needs: call_get_app_metadata
uses: ./.github/workflows/_check_clang_static_analyzer_latest_sdk.yml
if: github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'scan_on_latest_sdk')
with:
run_for_devices: ${{ needs.call_get_app_metadata.outputs.compatible_devices }}
relative_app_directory: ${{ needs.call_get_app_metadata.outputs.build_directory }}
is_rust: ${{ needs.call_get_app_metadata.outputs.is_rust }}