From a34b16fc73d42570cca4ad3afa6f683101e531b5 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Fri, 17 Oct 2025 12:49:55 -0400 Subject: [PATCH 01/10] github actions: Add reusable workflow for validating kernel commits Converts the upstream-commit-check workflow (from ciqlts9_2) to a reusable workflow that can be referenced from branches. This allows maintaining the workflow definition in one place while using it across many branches. The workflow uses workflow_call trigger and accepts all necessary context from the calling workflow via github context variables. We are renaming the workflow and some of the labels it uses to be more general. In the future, more kernel commit validation will happen in this workflow besides just the upstream fixes check --- .github/workflows/validate-kernel-commits.yml | 80 +++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 .github/workflows/validate-kernel-commits.yml diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml new file mode 100644 index 0000000000000..368585fda7995 --- /dev/null +++ b/.github/workflows/validate-kernel-commits.yml @@ -0,0 +1,80 @@ +name: Validate Kernel Commits + +on: + workflow_call: + # No inputs needed - uses github context from caller + +permissions: + contents: read + pull-requests: write + +jobs: + validate-kernel-commits: + runs-on: ubuntu-latest + + steps: + - name: Checkout PR branch + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ github.head_ref }} + + - name: Checkout base branch + run: | + git fetch origin ${{ github.base_ref }}:${{ github.base_ref }} + + - name: Download check_kernel_commits.py + run: | + curl -sL \ + https://raw.githubusercontent.com/ctrliq/kernel-src-tree-tools/mainline/check_kernel_commits.py \ + -o check_kernel_commits.py + chmod +x check_kernel_commits.py + + - name: Set up Python + uses: actions/setup-python@v5 + with: + python-version: '3.x' + + - name: Run upstream fixes check + id: check-kernel-commits + run: | + set +e # Don't exit on error, we want to capture the output + python3 check_kernel_commits.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown | tee result.txt + EXIT_CODE=$? + + # Check if the script failed + if [ $EXIT_CODE -ne 0 ]; then + echo "❌ Kernel commits check failed with exit code $EXIT_CODE" + exit $EXIT_CODE + fi + + # Check for findings: + # 1. Verify the success message exists + # 2. If it exists, check if there are any OTHER lines (which would indicate issues) + # 3. If success message doesn't exist, that's also a finding + if grep -q "All referenced commits exist upstream and have no Fixes: tags." result.txt; then + # Success message found, check if there are any other lines + LINE_COUNT=$(wc -l < ../ckc_result.txt) + if [ "$LINE_COUNT" -gt 1 ]; then + echo "has_findings=true" >> $GITHUB_OUTPUT + else + echo "has_findings=false" >> $GITHUB_OUTPUT + fi + else + # Success message not found, there must be findings + echo "has_findings=true" >> $GITHUB_OUTPUT + fi + + set -e # Re-enable exit on error + + - name: Comment on PR if issues found + if: steps.check-kernel-commits.outputs.has_findings == 'true' + env: + GH_TOKEN: ${{ github.token }} + run: | + if ! gh pr comment ${{ github.event.pull_request.number }} \ + --body-file result.txt \ + --repo ${{ github.repository }}; then + echo "❌ Failed to post check-kernel-commits comment to PR" + exit 1 + fi From 60c0269ec03c503bb713e92493bba979397d6c5c Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Wed, 22 Oct 2025 15:12:54 -0400 Subject: [PATCH 02/10] github actions: validate-kernel-commits: Add --check-cves This causes check_kernel_commits.py to check the kernel's vulns database to ensure the CVEs referenced in the commit are correct, check for missing CVE references, and to add CVE references to suggested upstream bugfixes --- .github/workflows/validate-kernel-commits.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index 368585fda7995..7e16eef16e972 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -39,7 +39,7 @@ jobs: id: check-kernel-commits run: | set +e # Don't exit on error, we want to capture the output - python3 check_kernel_commits.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown | tee result.txt + python3 check_kernel_commits.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --check-cves | tee result.txt EXIT_CODE=$? # Check if the script failed From c161fd10ac6d0859e23d94809eacd5ae575d90fa Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Wed, 22 Oct 2025 15:17:42 -0400 Subject: [PATCH 03/10] github actions: validate-kernel-commits: Add interdiff Add steps to look for differences between upsteam commits referenced in PR commit and the upsteam change they are backporting. This is accomplished with a customized version of interdiff with fuzzy diffing and the run_interdiff.py helper script. Since the custom fuzzy diffing changes aren't available in upstream patchutils yet this workflow pulls down and builds the custom version. --- .github/workflows/validate-kernel-commits.yml | 65 +++++++++++++++++++ 1 file changed, 65 insertions(+) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index 7e16eef16e972..e44e0c698f363 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -78,3 +78,68 @@ jobs: echo "❌ Failed to post check-kernel-commits comment to PR" exit 1 fi + + - name: Install build dependencies for patchutils + run: | + sudo apt-get update + sudo apt-get install -y build-essential autoconf automake libtool gnulib + + - name: Clone and build custom patchutils + run: | + git clone https://github.com/kerneltoast/patchutils.git --depth=1 --revision=32e5f1df96920f1d24beb910346f01acab8b0bd8 + cd patchutils + ./bootstrap + ./configure + make -j$(nproc) + + - name: Download run_interdiff.py + run: | + curl -sL \ + https://raw.githubusercontent.com/ctrliq/kernel-src-tree-tools/mainline/run_interdiff.py \ + -o run_interdiff.py + chmod +x run_interdiff.py + + - name: Run interdiff check + id: interdiff + run: | + set +e # Don't exit on error, we want to capture the output + python3 run_interdiff.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --interdiff ../patchutils/src/interdiff | tee interdiff_result.txt + EXIT_CODE=$? + + # Check if the script failed + if [ $EXIT_CODE -ne 0 ]; then + echo "❌ Interdiff check failed with exit code $EXIT_CODE" + exit $EXIT_CODE + fi + + # Check for differences: + # 1. Verify the success message exists + # 2. If it exists, check if there are any OTHER lines (which would indicate differences) + # 3. If success message doesn't exist, that's also a difference + if grep -q "All backported commits match their upstream counterparts." interdiff_result.txt; then + # Success message found, check if there are any other lines + LINE_COUNT=$(wc -l < ../interdiff_result.txt) + if [ "$LINE_COUNT" -gt 1 ]; then + echo "has_differences=true" >> $GITHUB_OUTPUT + else + echo "has_differences=false" >> $GITHUB_OUTPUT + fi + else + # Success message not found, there must be differences + echo "has_differences=true" >> $GITHUB_OUTPUT + fi + + set -e # Re-enable exit on error + + - name: Comment on PR if interdiff differences found + if: steps.interdiff.outputs.has_differences == 'true' + env: + GH_TOKEN: ${{ github.token }} + run: | + if ! gh pr comment ${{ github.event.pull_request.number }} \ + --body-file interdiff_result.txt \ + --repo ${{ github.repository }}; then + echo "❌ Failed to post interdiff comment to PR" + exit 1 + fi + From 49f5ed2944bf59537a84d66ff3081e343426833a Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Wed, 22 Oct 2025 15:41:00 -0400 Subject: [PATCH 04/10] github actions: validate-kernel-commits: Clone kernel-src-tree-tools We are using two scripts from that repo and there will be more. Just clone the whole thing instead of fetching scripts one by one. --- .github/workflows/validate-kernel-commits.yml | 29 ++++++++----------- 1 file changed, 12 insertions(+), 17 deletions(-) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index e44e0c698f363..567c4319b5870 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -23,12 +23,12 @@ jobs: run: | git fetch origin ${{ github.base_ref }}:${{ github.base_ref }} - - name: Download check_kernel_commits.py - run: | - curl -sL \ - https://raw.githubusercontent.com/ctrliq/kernel-src-tree-tools/mainline/check_kernel_commits.py \ - -o check_kernel_commits.py - chmod +x check_kernel_commits.py + - name: Checkout kernel-src-tree-tools + uses: actions/checkout@v4 + with: + repository: ctrliq/kernel-src-tree-tools + ref: 'mainline' + path: kernel-src-tree-tools - name: Set up Python uses: actions/setup-python@v5 @@ -37,9 +37,10 @@ jobs: - name: Run upstream fixes check id: check-kernel-commits + working-directory: kernel-src-tree-tools run: | set +e # Don't exit on error, we want to capture the output - python3 check_kernel_commits.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --check-cves | tee result.txt + python3 check_kernel_commits.py --repo .. --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --check-cves | tee ../result.txt EXIT_CODE=$? # Check if the script failed @@ -52,7 +53,7 @@ jobs: # 1. Verify the success message exists # 2. If it exists, check if there are any OTHER lines (which would indicate issues) # 3. If success message doesn't exist, that's also a finding - if grep -q "All referenced commits exist upstream and have no Fixes: tags." result.txt; then + if grep -q "All referenced commits exist upstream and have no Fixes: tags." ../result.txt; then # Success message found, check if there are any other lines LINE_COUNT=$(wc -l < ../ckc_result.txt) if [ "$LINE_COUNT" -gt 1 ]; then @@ -92,18 +93,12 @@ jobs: ./configure make -j$(nproc) - - name: Download run_interdiff.py - run: | - curl -sL \ - https://raw.githubusercontent.com/ctrliq/kernel-src-tree-tools/mainline/run_interdiff.py \ - -o run_interdiff.py - chmod +x run_interdiff.py - - name: Run interdiff check id: interdiff + working-directory: kernel-src-tree-tools run: | set +e # Don't exit on error, we want to capture the output - python3 run_interdiff.py --repo . --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --interdiff ../patchutils/src/interdiff | tee interdiff_result.txt + python3 run_interdiff.py --repo .. --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --interdiff ../patchutils/src/interdiff | tee ../interdiff_result.txt EXIT_CODE=$? # Check if the script failed @@ -116,7 +111,7 @@ jobs: # 1. Verify the success message exists # 2. If it exists, check if there are any OTHER lines (which would indicate differences) # 3. If success message doesn't exist, that's also a difference - if grep -q "All backported commits match their upstream counterparts." interdiff_result.txt; then + if grep -q "All backported commits match their upstream counterparts." ../interdiff_result.txt; then # Success message found, check if there are any other lines LINE_COUNT=$(wc -l < ../interdiff_result.txt) if [ "$LINE_COUNT" -gt 1 ]; then From ac3c8b23288ec8fbcd13414b2cadcd4eec8ca420 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Wed, 22 Oct 2025 15:44:54 -0400 Subject: [PATCH 05/10] github actions: Add JIRA PR Check We will be reaching into our JIRA to check the state of each commits jira. In this we want to ensure that the target branch matches the defined branch for that product and validate that the CVE ID is also correct for the ticket. It will also check to confirm that the tickets are in progress and have time logged, if either are untrue then it will produce a warning. In the event there are Product or CVE mis matches it will block the PR and request changes. --- .github/workflows/validate-kernel-commits.yml | 94 +++++++++++++++++++ 1 file changed, 94 insertions(+) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index 567c4319b5870..7f684b0234f79 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -138,3 +138,97 @@ jobs: exit 1 fi + - name: Install JIRA PR Check dependencies + run: | + python -m pip install --upgrade pip + pip install jira + + - name: Mask JIRA credentials + run: | + echo "::add-mask::${{ secrets.JIRA_API_TOKEN }}" + echo "::add-mask::${{ secrets.JIRA_API_USER }}" + echo "::add-mask::${{ secrets.JIRA_URL }}" + + - name: Run JIRA PR Check + id: jira_check + continue-on-error: true # Allow PR comments to be posted before failing workflow + env: + JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} + JIRA_API_USER: ${{ secrets.JIRA_API_USER }} + JIRA_URL: ${{ secrets.JIRA_URL }} + working-directory: kernel-src-tree-tools + run: | + # Run script and capture output, ensuring credentials are never echoed + set +x # Disable command echo to prevent credential exposure + set +e # Don't exit on error, we want to capture the output + OUTPUT=$(python3 jira_pr_check.py \ + --kernel-src-tree .. \ + --merge-target ${{ github.base_ref }} \ + --pr-branch ${{ github.head_ref }} 2>&1) + EXIT_CODE=$? + + # Filter out any potential credential leaks from output + FILTERED_OUTPUT=$(echo "$OUTPUT" | grep -v "jira-user\|jira-key\|basic_auth\|Authorization\|$JIRA_API_TOKEN") + + echo "$FILTERED_OUTPUT" + echo "output<<'EOF'" >> $GITHUB_OUTPUT + echo "$FILTERED_OUTPUT" >> $GITHUB_OUTPUT + echo "EOF" >> $GITHUB_OUTPUT + + # Check if there are any issues based on output patterns + if echo "$FILTERED_OUTPUT" | grep -q "❌ Errors:"; then + echo "has_issues=true" >> $GITHUB_OUTPUT + + # Check specifically for LTS mismatch errors + if echo "$FILTERED_OUTPUT" | grep -q "expects branch"; then + echo "has_lts_mismatch=true" >> $GITHUB_OUTPUT + else + echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT + fi + elif echo "$FILTERED_OUTPUT" | grep -q "⚠️ Warnings:"; then + echo "has_issues=true" >> $GITHUB_OUTPUT + echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT + else + echo "has_issues=false" >> $GITHUB_OUTPUT + echo "has_lts_mismatch=false" >> $GITHUB_OUTPUT + fi + + # Exit with the script's exit code + exit $EXIT_CODE + + - name: Comment PR with JIRA issues + if: steps.jira_check.outputs.has_issues == 'true' + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + const output = process.env.CHECK_OUTPUT; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: output + }); + env: + CHECK_OUTPUT: ${{ steps.jira_check.outputs.output }} + + - name: Request changes if LTS mismatch + if: steps.jira_check.outputs.has_lts_mismatch == 'true' + uses: actions/github-script@v7 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + github.rest.pulls.createReview({ + owner: context.repo.owner, + repo: context.repo.repo, + pull_number: context.issue.number, + event: 'REQUEST_CHANGES', + body: '⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.' + }); + + - name: Fail workflow if JIRA errors found + if: steps.jira_check.outcome == 'failure' + run: | + echo "❌ JIRA PR check failed - errors were found in one or more commits" + exit 1 From 40d2d453cbb6447ea69500b4c8b9a47cf6c958ef Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Mon, 27 Oct 2025 14:46:11 -0400 Subject: [PATCH 06/10] github actions: Give ckc results a unique name s/result.txt/ckc_result.txt/g --- .github/workflows/validate-kernel-commits.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index 7f684b0234f79..488fd203f241e 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -40,7 +40,7 @@ jobs: working-directory: kernel-src-tree-tools run: | set +e # Don't exit on error, we want to capture the output - python3 check_kernel_commits.py --repo .. --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --check-cves | tee ../result.txt + python3 check_kernel_commits.py --repo .. --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --check-cves | tee ../ckc_result.txt EXIT_CODE=$? # Check if the script failed @@ -53,7 +53,7 @@ jobs: # 1. Verify the success message exists # 2. If it exists, check if there are any OTHER lines (which would indicate issues) # 3. If success message doesn't exist, that's also a finding - if grep -q "All referenced commits exist upstream and have no Fixes: tags." ../result.txt; then + if grep -q "All referenced commits exist upstream and have no Fixes: tags." ../ckc_result.txt; then # Success message found, check if there are any other lines LINE_COUNT=$(wc -l < ../ckc_result.txt) if [ "$LINE_COUNT" -gt 1 ]; then @@ -74,7 +74,7 @@ jobs: GH_TOKEN: ${{ github.token }} run: | if ! gh pr comment ${{ github.event.pull_request.number }} \ - --body-file result.txt \ + --body-file ckc_result.txt \ --repo ${{ github.repository }}; then echo "❌ Failed to post check-kernel-commits comment to PR" exit 1 From 82dc114e995eb88c2c8ca1ecee489fd0b339b615 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Wed, 29 Oct 2025 09:58:57 -0400 Subject: [PATCH 07/10] github actions: Convert github-script usage to gh This keeps all of our PR interaction consistent --- .github/workflows/validate-kernel-commits.yml | 39 +++++++------------ 1 file changed, 15 insertions(+), 24 deletions(-) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index 488fd203f241e..a790d150e6f0d 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -198,34 +198,25 @@ jobs: - name: Comment PR with JIRA issues if: steps.jira_check.outputs.has_issues == 'true' - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - const output = process.env.CHECK_OUTPUT; - - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: output - }); env: - CHECK_OUTPUT: ${{ steps.jira_check.outputs.output }} + GH_TOKEN: ${{ github.token }} + run: | + if ! gh pr comment ${{ github.event.pull_request.number }} \ + --body "${{ steps.jira_check.outputs.output }}" \ + --repo ${{ github.repository }}; then + echo "❌ Failed to post JIRA check comment to PR" + exit 1 + fi - name: Request changes if LTS mismatch if: steps.jira_check.outputs.has_lts_mismatch == 'true' - uses: actions/github-script@v7 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - script: | - github.rest.pulls.createReview({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number, - event: 'REQUEST_CHANGES', - body: '⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch.' - }); + env: + GH_TOKEN: ${{ github.token }} + run: | + gh pr review ${{ github.event.pull_request.number }} \ + --request-changes \ + --body "⚠️ This PR contains VULN tickets that do not match the target LTS product. Please review the JIRA ticket assignments and ensure they match the merge target branch." \ + --repo ${{ github.repository }} - name: Fail workflow if JIRA errors found if: steps.jira_check.outcome == 'failure' From 853f587c0f9d7aa03be9c9938273de4eda0c5b24 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Fri, 31 Oct 2025 12:56:10 -0400 Subject: [PATCH 08/10] github actions: Wrap long command lines for readability --- .github/workflows/validate-kernel-commits.yml | 14 ++++++++++++-- 1 file changed, 12 insertions(+), 2 deletions(-) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index a790d150e6f0d..1dcbc3475f15e 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -40,7 +40,12 @@ jobs: working-directory: kernel-src-tree-tools run: | set +e # Don't exit on error, we want to capture the output - python3 check_kernel_commits.py --repo .. --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --check-cves | tee ../ckc_result.txt + python3 check_kernel_commits.py \ + --repo .. \ + --pr_branch "${{ github.head_ref }}" \ + --base_branch "${{ github.base_ref }}" \ + --markdown \ + --check-cves | tee ../ckc_result.txt EXIT_CODE=$? # Check if the script failed @@ -98,7 +103,12 @@ jobs: working-directory: kernel-src-tree-tools run: | set +e # Don't exit on error, we want to capture the output - python3 run_interdiff.py --repo .. --pr_branch "${{ github.head_ref }}" --base_branch "${{ github.base_ref }}" --markdown --interdiff ../patchutils/src/interdiff | tee ../interdiff_result.txt + python3 run_interdiff.py \ + --repo .. \ + --pr_branch "${{ github.head_ref }}" \ + --base_branch "${{ github.base_ref }}" \ + --markdown \ + --interdiff ../patchutils/src/interdiff | tee ../interdiff_result.txt EXIT_CODE=$? # Check if the script failed From 2f0a577fed90bd271eab17a940bd6335303454aa Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Fri, 31 Oct 2025 12:56:32 -0400 Subject: [PATCH 09/10] github actions: Add 120 minute timeout --- .github/workflows/validate-kernel-commits.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index 1dcbc3475f15e..c6d4b6023aa7f 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -11,6 +11,7 @@ permissions: jobs: validate-kernel-commits: runs-on: ubuntu-latest + timeout-minutes: 120 steps: - name: Checkout PR branch From 6acca96a035b720ac6e810279883480da1d2c1b9 Mon Sep 17 00:00:00 2001 From: Brett Mastbergen Date: Mon, 3 Nov 2025 15:35:40 -0500 Subject: [PATCH 10/10] github actions: Get the correct return code We want the return code of our python scripts, not of tee --- .github/workflows/validate-kernel-commits.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/validate-kernel-commits.yml b/.github/workflows/validate-kernel-commits.yml index c6d4b6023aa7f..c039764238eba 100644 --- a/.github/workflows/validate-kernel-commits.yml +++ b/.github/workflows/validate-kernel-commits.yml @@ -41,6 +41,7 @@ jobs: working-directory: kernel-src-tree-tools run: | set +e # Don't exit on error, we want to capture the output + set -o pipefail # Capture exit code from python script, not tee python3 check_kernel_commits.py \ --repo .. \ --pr_branch "${{ github.head_ref }}" \ @@ -104,6 +105,7 @@ jobs: working-directory: kernel-src-tree-tools run: | set +e # Don't exit on error, we want to capture the output + set -o pipefail # Capture exit code from python script, not tee python3 run_interdiff.py \ --repo .. \ --pr_branch "${{ github.head_ref }}" \