Automatically check for SPDX headers and linting (#40)

pq-code-package · May 23, 2024 · ca8031b · ca8031b
1 parent 05226a4
commit ca8031b
Show file tree

Hide file tree

Showing 16 changed files with 134 additions and 28 deletions.
diff --git a/.astylerc b/.astylerc
@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: Apache-2.0
 --style=google 
 --indent=spaces
 --indent-preproc-define

diff --git a/.github/actions/setup-nix/action.yml b/.github/actions/setup-nix/action.yml
@@ -10,4 +10,4 @@ runs:
       with: {load_nixConfig: false}
     - name: Prepare nix dev shell
       shell: nix develop .#ci -c bash -e {0}
-      run: |
+      run: |
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -13,16 +13,10 @@ jobs:
       - uses: actions/checkout@v4
       - name: Setup nix
         uses: ./.github/actions/setup-nix
-      - name: Astyle
+      - name: Lint
         shell: nix develop .#ci -c bash -e {0}
         run: |
-          err=$(astyle $(git ls-files "*.c" "*.h") --options=.astylerc --dry-run --formatted | awk '{print $2}')
-          if [[ ${#err} != 0 ]]; then
-            echo "$err" | while IFS= read -r file; do
-              echo "::error file={"$file"},title={checking}::Formatted $file"
-            done
-            exit 1
-          fi
+          lint
       - name: Build targets
         shell: nix develop .#ci -c bash -e {0}
         run: |

diff --git a/.github/workflows/scorecard.yaml b/.github/workflows/scorecard.yaml
@@ -58,4 +58,4 @@ jobs:
       - name: "Upload SARIF results to code scanning"
         uses: github/codeql-action/upload-sarif@592977e6ae857384aa79bb31e7a1d62d63449ec5 # v2.16.3
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif
diff --git a/CODEOWNERS b/CODEOWNERS
@@ -1,6 +1,4 @@
 # SPDX-License-Identifier: Apache-2.0
 # Last matching pattern has precedence
 
-# Default owner
 * @pq-code-package/pqcp-embedded-maintainers-aarch64
-
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
@@ -3,4 +3,4 @@
 
 # Code of Conduct
 
-Please see [open issue](https://github.com/pq-code-package/tsc/issues/9)
+Please see [open issue](https://github.com/pq-code-package/tsc/issues/9)
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -3,4 +3,4 @@
 
 # Contributing
 
-to be completed
+to be completed
diff --git a/GOVERNANCE.md b/GOVERNANCE.md
@@ -3,4 +3,4 @@
 
 # Governance
 
-to be documented
+to be documented
diff --git a/Makefile b/Makefile
@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 CC ?= /usr/bin/cc
 INCLUDE_FIPS202 = -I fips202
 INCLUDE_MLKEM = -I mlkem

diff --git a/SECURITY.md b/SECURITY.md
@@ -3,4 +3,4 @@
 
 # Security
 
-Please see [open issue](https://github.com/pq-code-package/tsc/issues/8)
+Please see [open issue](https://github.com/pq-code-package/tsc/issues/8)
diff --git a/SUPPORT.md b/SUPPORT.md
@@ -3,4 +3,4 @@
 
 # Support
 
-To be written.
+To be written.
diff --git a/checksum.sh b/checksum.sh
@@ -6,9 +6,9 @@
 output_hash=$(./$1 | sha256sum | awk '{ print $1 }')
 
 if [[ ${output_hash} == "${2}" ]]; then
-	echo "${1} Hashes match."
-	exit 0
+  echo "${1} Hashes match."
+  exit 0
 else
-	echo "${1} Hashes do not match: ${output_hash} vs ${2}"
-	exit 1
+  echo "${1} Hashes do not match: ${output_hash} vs ${2}"
+  exit 1
 fi
diff --git a/fips202/LICENSE b/fips202/LICENSE
@@ -4,4 +4,4 @@ crypto_hash/keccakc512/simple/ from http://bench.cr.yp.to/supercop.html
 by Ronny Van Keer
 and the public domain "TweetFips202" implementation
 from https://twitter.com/tweetfips202
-by Gilles Van Assche, Daniel J. Bernstein, and Peter Schwabe
+by Gilles Van Assche, Daniel J. Bernstein, and Peter Schwabe
diff --git a/flake.nix b/flake.nix
@@ -21,27 +21,27 @@
           core = with pkgs; [
             # formatter & linters
             astyle # 3.4.10
+            nixpkgs-fmt
+            shfmt
           ];
         in
         {
           devShells.default = with pkgs; mkShellNoCC {
             packages = core ++ [
               direnv
               nix-direnv
-
-              # formatter & linters
-              nixpkgs-fmt
-              shfmt
-              codespell
             ];
 
             shellHook = ''
-              export PATH=$PWD/dev-support/bin:$PATH
+              export PATH=$PWD/scripts:$PWD/scripts/ci:$PATH
             '';
           };
 
           devShells.ci = with pkgs; mkShellNoCC {
             packages = core;
+            shellHook = ''
+              export PATH=$PWD/scripts:$PWD/scripts/ci:$PATH
+            '';
           };
 
         };

diff --git a/scripts/ci/lint b/scripts/ci/lint
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o errtrace
+set -o nounset
+set -o pipefail
+
+# consts
+ROOT="$(realpath "$(dirname "$0")"/../../)"
+
+checkerr()
+{
+  if [[ $? == 127 ]]; then
+    SUCCESS=false
+    return
+  fi
+
+  if [[ ${#1} != 0 ]]; then
+    echo "$1" | while read -r file line; do
+      echo "::error file=$file,line=${line:-1},title=Format error::$file require to be formatted"
+    done
+    SUCCESS=false
+  fi
+}
+
+# Formatting
+SUCCESS=true
+
+echo "::group::Linting nix files with nixpkgs-fmt"
+checkerr "$(nixpkgs-fmt --check "$ROOT")"
+echo "::endgroup::"
+
+echo "::group::Linting shell scripts with shfmt"
+checkerr "$(shfmt -s -l -i 2 -ci -fn $(shfmt -f $(git grep -l '' :/)))"
+echo "::endgroup::"
+
+echo "::group::Linting c files with astyle"
+checkerr "$(astyle $(git ls-files ":/*.c" ":/*.h") --options="$ROOT/.astylerc" --dry-run --formatted | awk '{print $2}')"
+echo "::endgroup::"
+
+check-eol-dry-run()
+{
+  for file in $(git ls-files -- ":/"); do
+    if [[ $(tail -c1 "$file" | wc -l) == 0 ]]; then
+      l=$(wc -l <"$file")
+      echo "$file $l"
+    fi
+  done
+}
+echo "::group::Checking eol"
+checkerr "$(check-eol-dry-run)"
+echo "::endgroup::"
+
+check-spdx()
+{
+  for file in $(git ls-files -- ":/" ":/!:*LICENSE*" ":/!:.git*" ":/!:flake.lock"); do
+    if [[ $(grep "SPDX-License-Identifier:" $file | wc -l) == 0 ]]; then
+      echo "$file is missing SPDX License header"
+      SUCCESS=false
+    fi
+  done
+}
+echo "::group::Checking SPDX headers"
+check-spdx
+echo "::endgroup::"
+
+#
+if ! $SUCCESS; then
+  exit 1
+fi
diff --git a/scripts/format b/scripts/format
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o errtrace
+set -o nounset
+set -o pipefail
+
+# consts
+ROOT="$(realpath "$(dirname "$0")"/../)"
+
+GREEN="$(tput setaf 2)"
+NORMAL="$(tput sgr0)"
+
+# utility
+info()
+{
+  printf "%s %b\n" "${GREEN}info" "${NORMAL}${*}"
+}
+
+info "Formatting nix files"
+nixpkgs-fmt "$ROOT"
+
+info "Formatting shell scripts"
+shfmt -s -w -l -i 2 -ci -fn $(shfmt -f $(git grep -l '' :/))
+
+info "Formatting c files"
+astyle $(git ls-files ":/*.c" ":/*.h") --options="$ROOT/.astylerc" --formatted | awk '{print $2}'
+
+info "Checking for eol"
+check-eol()
+{
+  for file in $(git ls-files -- ":/"); do
+    if [[ $(tail -c1 "$file" | wc -l) == 0 ]]; then
+      echo "" >>"$file"
+      echo "$file"
+    fi
+  done
+}
+check-eol
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,4 +3,4 @@

		# Code of Conduct

		Please see [open issue](https://github.com/pq-code-package/tsc/issues/9)
		Please see [open issue](https://github.com/pq-code-package/tsc/issues/9)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,4 +3,4 @@

		# Contributing

		to be completed
		to be completed
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,4 +3,4 @@

		# Governance

		to be documented
		to be documented
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,4 +3,4 @@

		# Security

		Please see [open issue](https://github.com/pq-code-package/tsc/issues/8)
		Please see [open issue](https://github.com/pq-code-package/tsc/issues/8)
Original file line number	Diff line number	Diff line change
Expand Up		@@ -3,4 +3,4 @@

		# Support

		To be written.
		To be written.