ci: Add DCO workflow and associated Docker files

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>
agherzan · Feb 9, 2022 · ef94843 · ef94843
1 parent e1014d4
commit ef94843
Show file tree

Hide file tree

Showing 6 changed files with 114 additions and 0 deletions.
diff --git a/.github/workflows/dco.yml b/.github/workflows/dco.yml
@@ -0,0 +1,41 @@
+name: dco
+
+on:
+  pull_request:
+
+env:
+  DOCKER_IMAGE: ghcr.io/agherzan/dco-check:latest
+
+jobs:
+  dco-image:
+    # We run this unconditinally even if the PR doesn't include changes to the
+    # relevant docker files because there is a chance that another PR (or
+    # something else) pushed changes to the docker image.
+    runs-on: [self-hosted, Linux]
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Build and push the DCO image
+      run: |
+        cd .github/workflows/docker-images/
+        docker build . -f dco-check/Dockerfile -t "$DOCKER_IMAGE"
+        docker push "$DOCKER_IMAGE"
+    - name: Clean dangling images
+      run: |
+        docker rmi $(docker images --filter "dangling=true" -q --no-trunc) > /dev/null 2>&1 || true
+  check:
+    needs: dco-image
+    runs-on: [self-hosted, Linux]
+    steps:
+    - name: Checkout the code
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Do DCO check
+      run: |
+        docker pull "$DOCKER_IMAGE"
+        docker run --rm -v "$GITHUB_WORKSPACE:/work:ro" \
+          --env "BASE_REF=$GITHUB_BASE_REF" \
+          --user "$(id -u):$(id -g)" "$DOCKER_IMAGE"
diff --git a/.github/workflows/docker-images/README.md b/.github/workflows/docker-images/README.md
@@ -0,0 +1,17 @@
+# Docker images for CI
+
+Each directory contains the files for a docker image.
+
+## Building an image
+
+When building the a docker image, the build context is expected to be where
+this `README.md` file resides. This means that building the images will require
+passing the appropriate `-f` argument.
+
+Here is an example for building the `dco-check` image:
+
+```
+docker build . -f dco-check/Dockerfile -t ghcr.io/agherzan/dco-check:latest
+```
+
+**NOTE**: If you are copy-pasting the above, replace the image name accordingly.
diff --git a/.github/workflows/docker-images/dco-check/Dockerfile b/.github/workflows/docker-images/dco-check/Dockerfile
@@ -0,0 +1,5 @@
+FROM christophebedard/dco-check:latest
+WORKDIR /container-workdir
+COPY ./dco-check/entrypoint.sh /
+COPY ./utils.sh /
+ENTRYPOINT ["/entrypoint.sh"]
diff --git a/.github/workflows/docker-images/dco-check/README.md b/.github/workflows/docker-images/dco-check/README.md
@@ -0,0 +1,10 @@
+# Docker image for DCO checks
+
+This image provides the environment and the logic of running a DCO check
+against a repository
+
+## Configuration
+
+The `entrypoint.sh` script assumes at runtime that the repository to be checked
+is available under `/work`. This path is to be populated via bind mounts when
+running the container.
diff --git a/.github/workflows/docker-images/dco-check/entrypoint.sh b/.github/workflows/docker-images/dco-check/entrypoint.sh
@@ -0,0 +1,17 @@
+#!/bin/sh
+
+set -e
+
+# shellcheck disable=SC1091
+. /utils.sh
+
+GIT_REPO_PATH="/work"
+
+[ -n "$BASE_REF" ] ||
+	error "DCO checks needs to know the target branch. Make sure that is set in BASE_REF."
+[ -d "$GIT_REPO_PATH/.git" ] ||
+	error "Can't find a git checkout under $GIT_REPO_PATH ."
+cd "$GIT_REPO_PATH"
+dco-check \
+	--verbose \
+	--default-branch "origin/$BASE_REF"
diff --git a/.github/workflows/docker-images/utils.sh b/.github/workflows/docker-images/utils.sh
@@ -0,0 +1,24 @@
+#!/bin/sh
+
+_log() {
+	_level="$1"
+	_msg="$2"
+	echo "[$_level] $_msg"
+}
+
+error() {
+	_msg="$1"
+	_log "ERR" "$1"
+	exit 1
+}
+
+warn() {
+	_msg="$1"
+	_log "WRN" "$1"
+	exit 1
+}
+
+log() {
+	_msg="$1"
+	_log "LOG" "$1"
+}