[DLS] PR workflow (by @hteeyeoh via push) #32
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "[DLS] PR workflow" | |
| run-name: "[DLS] PR workflow (by @${{ github.actor }} via ${{ github.event_name }})" | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| paths: | |
| - 'libraries/dl-streamer/*' | |
| - 'libraries/dl-streamer/cmake/**' | |
| - 'libraries/dl-streamer/docker/**' | |
| - 'libraries/dl-streamer/include/**' | |
| - 'libraries/dl-streamer/python/**' | |
| - 'libraries/dl-streamer/samples/**' | |
| - 'libraries/dl-streamer/scripts/**' | |
| - 'libraries/dl-streamer/src/**' | |
| - 'libraries/dl-streamer/tests/**' | |
| - 'libraries/dl-streamer/thirdparty/**' | |
| pull_request: | |
| paths: | |
| - 'libraries/dl-streamer/*' | |
| - 'libraries/dl-streamer/cmake/**' | |
| - 'libraries/dl-streamer/docker/**' | |
| - 'libraries/dl-streamer/include/**' | |
| - 'libraries/dl-streamer/python/**' | |
| - 'libraries/dl-streamer/samples/**' | |
| - 'libraries/dl-streamer/scripts/**' | |
| - 'libraries/dl-streamer/src/**' | |
| - 'libraries/dl-streamer/tests/**' | |
| - 'libraries/dl-streamer/thirdparty/**' | |
| workflow_call: | |
| workflow_dispatch: | |
| permissions: {} | |
| jobs: | |
| code-style: | |
| permissions: | |
| contents: read | |
| name: SCAN code-style | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Remove thirdparty folder | |
| run: rm -rf libraries/dl-streamer/thirdparty | |
| - name: Code-style action | |
| uses: ./.github/actions/common/code-style | |
| with: | |
| target_dir: "libraries/dl-streamer" | |
| check-license-headers: | |
| permissions: | |
| contents: read | |
| name: SCAN check license headers | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Check license headers | |
| uses: ./.github/actions/common/license-namespace-checker | |
| # static-code-analysis: | |
| # permissions: | |
| # security-events: write | |
| # actions: read | |
| # contents: read | |
| # packages: read | |
| # name: SCAN static code analysis | |
| # uses: ./.github/workflows/codeql.yaml | |
| static-code-analysis-for-c-cpp: | |
| permissions: | |
| security-events: write | |
| actions: read | |
| contents: read | |
| packages: read | |
| name: SCAN DLS static C/C++ code analysis | |
| uses: ./.github/workflows/dls-coverity.yaml | |
| secrets: inherit | |
| build-dev-images-and-run-unit-tests: | |
| permissions: | |
| contents: read | |
| packages: read | |
| name: BUILD dev imgs & run unit tests | |
| uses: ./.github/workflows/dls-build-dev-docker-images-and-run-unit.yaml | |
| build-and-test-deb-and-deb_img: | |
| permissions: | |
| contents: read | |
| packages: read | |
| name: BUILD & TEST .deb pkgs & img | |
| uses: ./.github/workflows/dls-build-and-test-deb_pkgs-and-deb_imgs.yaml | |
| filter-docker-related-changes: | |
| permissions: | |
| contents: read | |
| name: SCAN detect changes in docker dir | |
| runs-on: ubuntu-latest | |
| outputs: | |
| docker_changed: ${{ steps.check.outputs.docker_changed }} | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Fetch main branch for comparison | |
| run: git fetch origin main | |
| - id: check | |
| name: Detect changes in docker directory | |
| run: | | |
| echo "🔍 Checking for changes in 'libraries/dl-streamer/docker/'..." | |
| CHANGED_FILES=$(git diff --name-only origin/main HEAD) | |
| echo "📄 Changed files:" | |
| echo "$CHANGED_FILES" | |
| if echo "$CHANGED_FILES" | grep -q '^libraries/dl-streamer/docker/'; then | |
| echo "docker_changed=true" >> "$GITHUB_OUTPUT" | |
| echo "🟡 Docker-related changes detected." | |
| else | |
| echo "docker_changed=false" >> "$GITHUB_OUTPUT" | |
| echo "✅ No docker-related changes." | |
| fi | |
| trivy-config-scan: | |
| permissions: | |
| contents: read | |
| needs: [filter-docker-related-changes] | |
| if: needs.filter-docker-related-changes.outputs.docker_changed == 'true' | |
| name: SCAN Trivy ${{ matrix.name }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: dlstreamer_ubuntu22 | |
| path: libraries/dl-streamer/docker/ubuntu/ubuntu22.Dockerfile | |
| output: reports/trivy-dlstreamer_ubuntu22.json | |
| - name: dlstreamer_ubuntu24 | |
| path: libraries/dl-streamer/docker/ubuntu/ubuntu24.Dockerfile | |
| output: reports/trivy-dlstreamer_ubuntu24.json | |
| - name: dlstreamer_fedora41 | |
| path: libraries/dl-streamer/docker/fedora41/fedora41.Dockerfile | |
| output: reports/trivy-dlstreamer_fedora41.json | |
| - name: dlstreamer-testing-ubuntu | |
| path: libraries/dl-streamer/docker/ubuntu/ubuntu-testing.Dockerfile | |
| output: reports/trivy-dlstreamer-testing-ubuntu.json | |
| uses: ./.github/workflows/trivy-config-mode.yaml | |
| with: | |
| dockerfile-path: ${{ matrix.path }} | |
| trivy-report-format: 'json' | |
| severity-levels: 'HIGH,CRITICAL' | |
| output-report-path: ${{ matrix.output }} | |
| name: ${{ matrix.name }} | |
| hadolint: | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| needs: [filter-docker-related-changes] | |
| if: needs.filter-docker-related-changes.outputs.docker_changed == 'true' | |
| name: SCAN Hadolint | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - name: dlstreamer_ubuntu22 | |
| dockerfile: libraries/dl-streamer/docker/ubuntu/ubuntu22.Dockerfile | |
| output-file: hadolint-dlstreamer_ubuntu22.json | |
| - name: dlstreamer_ubuntu24 | |
| dockerfile: libraries/dl-streamer/docker/ubuntu/ubuntu24.Dockerfile | |
| output-file: hadolint-dlstreamer_ubuntu24.json | |
| - name: dlstreamer_fedora41 | |
| dockerfile: libraries/dl-streamer/docker/fedora41/fedora41.Dockerfile | |
| output-file: hadolint-dlstreamer_fedora41.json | |
| - name: dlstreamer-testing-ubuntu | |
| dockerfile: libraries/dl-streamer/docker/ubuntu/ubuntu-testing.Dockerfile | |
| output-file: hadolint-dlstreamer-testing-ubuntu.json | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run Hadolint Action | |
| uses: ./.github/actions/common/hadolint | |
| with: | |
| dockerfile: ${{ matrix.dockerfile }} | |
| output-file: ${{ matrix.output-file }} | |
| name: ${{ matrix.name }} | |
| enable-reviewdog: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| pylint: | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| name: SCAN pylint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| path: edge-ai-libraries-repo | |
| persist-credentials: false | |
| - name: Run pylint | |
| uses: ./edge-ai-libraries-repo/.github/actions/common/pylint | |
| with: | |
| path: edge-ai-libraries-repo/libraries/dl-streamer | |
| output-file: pylint-report.txt | |
| name: dls | |
| enable-reviewdog: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| shellcheck: | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| name: SCAN shellcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| path: edge-ai-libraries-repo | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Run shellcheck | |
| uses: ./edge-ai-libraries-repo/.github/actions/common/shellcheck | |
| with: | |
| path: edge-ai-libraries-repo/libraries/dl-streamer | |
| output-file: shellcheck-report.txt | |
| name: dls | |
| enable-reviewdog: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| yamllint: | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| name: SCAN yamllint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| path: edge-ai-libraries-repo | |
| persist-credentials: false | |
| - name: Run yamlint | |
| uses: ./edge-ai-libraries-repo/.github/actions/common/yamllint | |
| with: | |
| path: edge-ai-libraries-repo/libraries/dl-streamer | |
| output-file: yamllint-report.txt | |
| name: dls | |
| enable-reviewdog: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| clamav: | |
| permissions: | |
| contents: read | |
| name: SCAN ClamAV antivirus | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| persist-credentials: false | |
| path: edge-ai-libraries-repo | |
| - uses: open-edge-platform/orch-ci/.github/actions/clamav@37eef2d2a0909dfe8ff26bb0730ab2f13dfbcaf6 | |
| with: | |
| project-folder: edge-ai-libraries-repo/libraries/dl-streamer | |
| report-path: clamav_scan_report-dlstreamer.txt | |
| - name: Upload ClamAV Scan Report | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: ${{ env.CLAMAV_ARTIFACT_NAME }} | |
| path: ${{ env.SANITIZED_CLAMAV_REPORT_PATH }} | |
| bandit: | |
| permissions: | |
| contents: read | |
| name: SCAN Bandit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out edge-ai-libraries repository | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #4.2.2 | |
| with: | |
| persist-credentials: false | |
| - name: Run Bandit scan | |
| uses: open-edge-platform/orch-ci/.github/actions/security/bandit@d475e84f8b0b7bff118f0e8f56712390ef8d2828 | |
| with: | |
| scan-scope: "changed" | |
| severity-level: "HIGH" | |
| confidence-level: "HIGH" | |
| output-format: "txt" |