Mirrors/esp-idf
1
0
Fork 0
mirror of https://github.com/espressif/esp-idf.git synced 2026-06-04 20:26:38 +03:00
Code Issues Packages Projects Releases Wiki Activity

feat: use esp-idf-sbom pre-commit plugin

Browse Source 
Currently sbom manifest is checked only in .gitmodules and
this check is done in pre-commit and also in CI. Meaning it's running
three times(pre-commit before push if user has it enabled, in CI
as there is the pre-commit run again and again with test in CI). Since
esp-idf-sbom contains a full manifest validation support and pre-commit
plugin for it, let's use it. This removes all the current sbom testing
and replaces it with a signle pre-commit plugin which validates all
manifests files(sbom.yml, idf_component.yml, .gitmodules and also
referenced manifests) in repository. Note that this checks all
manifests, not only ones which were modified. The check is reasonably
fast though, so it should not cause any problem. The reason for
validating all manifest files is that we want to make sure that the sbom
information in .gitmodules is updated too and that the hash
recorded in .gitmodules is up-to-date. Meaning submodule update
would not trigger this plugin, because no manifest was changed.

Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com>
This commit is contained in:
Frantisek Hrbata
2023-12-05 10:06:05 +01:00
parent 8005821b09
commit a6cbcb91d2
5 changed files with 4 additions and 111 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
.gitlab/ci/host-test.yml
View File

@@ -208,14 +208,6 @@ test_mkdfu:
- cd ${IDF_PATH}/tools/test_mkdfu
- ./test_mkdfu.py
test_sbom:
extends:
- .host_test_template
- .rules:patterns:sbom
script:
- cd ${IDF_PATH}/tools/test_sbom
- pytest
test_autocomplete:
extends:
- .host_test_template

11
.gitlab/ci/rules.yml
View File

@@ -67,9 +67,6 @@
- "tools/ci/ci_build_apps.py"
- "tools/test_build_system/**/*"
.patterns-sbom: &patterns-sbom
- "tools/test_sbom/*"
.patterns-custom_test: &patterns-custom_test
- "tools/ci/idf_pytest/**/*"
- "tools/ci/python_packages/gitlab_api.py"
@@ -446,14 +443,6 @@
- <<: *if-dev-push
changes: *patterns-sonarqube-files
.rules:patterns:sbom:
rules:
- <<: *if-protected
- <<: *if-dev-push
changes: *patterns-sbom
- <<: *if-dev-push
changes: *patterns-submodule
# !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# DO NOT place comments or maintain any code from this line
#