do basic CI code checks in the docker #2
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Basic checks on the code, incl. coding style, spelling, bandit analysis. | ||
| # TODO: add license check | ||
| name: Basic checks | ||
| on: workflow_call | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| CodeChecks: | ||
| name: Basic code checks | ||
| runs-on: 'DSS-L0-FLEX' | ||
| container: ubuntu:22.04 | ||
| #container: localhost:5000/umf_docker:latest | ||
| steps: | ||
| # Latest distros do not allow global pip installation | ||
| - name: Install Python requirements in venv | ||
| run: | | ||
| apt-get update | ||
| DEBIAN_FRONTEND=noninteractive apt-get install -y git python3-venv libenchant-2-dev | ||
| python3 -m venv .venv | ||
| . .venv/bin/activate | ||
| echo "$PATH" >> $GITHUB_PATH | ||
| python3 -m pip install -r third_party/requirements.txt | ||
| python3 -m pip install bandit codespell | ||
| - name: Checkout repository | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| fetch-depth: 0 | ||
| path: "${{github.workspace}}/umf | ||
| - name: Install dependencies | ||
| run: | | ||
| DEBIAN_FRONTEND=noninteractive apt-get install -y git black cmake clang-format-15 cmake-format libhwloc-dev doxygen libtbb-dev automake wget | ||
| - name: Configure CMake | ||
| run: > | ||
| cmake | ||
| -B build | ||
| -DUMF_FORMAT_CODE_STYLE=ON | ||
| -DUMF_BUILD_TESTS=OFF | ||
| -DUMF_BUILD_LEVEL_ZERO_PROVIDER=OFF | ||
| -DUMF_BUILD_CUDA_PROVIDER=OFF | ||
| -DUMF_BUILD_LIBUMF_POOL_JEMALLOC=OFF | ||
| - name: Check C/C++ formatting | ||
| run: cmake --build build --target clang-format-check | ||
| - name: Check CMake formatting | ||
| run: | | ||
| cmake --build build --target cmake-format-apply | ||
| git diff --exit-code | ||
| - name: Check Python formatting | ||
| run: cmake --build build --target black-format-check | ||
| - name: Run check-license | ||
| run: | | ||
| ./scripts/check_license/check_headers.sh . "Apache-2.0 WITH LLVM-exception" -v | ||
| - name: Run a spell check | ||
| uses: crate-ci/typos@b63f421581dce830bda2f597a678cb7776b41877 # v1.18.2 | ||
| with: | ||
| config: ./.github/workflows/.spellcheck-conf.toml | ||
| - name: Run codespell | ||
| run: python3 ./.github/scripts/run-codespell.py | ||
| - name: Check spelling in docs | ||
| run: | | ||
| cmake --build build --target docs | ||
| sphinx-build -b spelling ./build/docs_build/config ./build/docs_build/spelling_log -W | ||
| # Run Bandit recursively, but omit _deps directory (with 3rd party code) | ||
| # and python's venv | ||
| - name: Run Bandit | ||
| run: python3 -m bandit -r . -x '/_deps/,/.venv/' | ||
