Automatically check for SPDX headers and linting

.astylerc

@@ -1,3 +1,4 @@
+# SPDX-License-Identifier: Apache-2.0
 --style=google 
 --indent=spaces
 --indent-preproc-define

.github/actions/setup-nix/action.yml

@@ -10,4 +10,4 @@ runs:
       with: {load_nixConfig: false}
     - name: Prepare nix dev shell
       shell: nix develop .#ci -c bash -e {0}
-      run: |
+      run: |

.github/workflows/build.yml

@@ -13,16 +13,10 @@ jobs:
       - uses: actions/checkout@v4
       - name: Setup nix
         uses: ./.github/actions/setup-nix
-      - name: Astyle
+      - name: Lint
         shell: nix develop .#ci -c bash -e {0}
         run: |
-          err=$(astyle $(git ls-files "*.c" "*.h") --options=.astylerc --dry-run --formatted | awk '{print $2}')
-          if [[ ${#err} != 0 ]]; then
-            echo "$err" | while IFS= read -r file; do
-              echo "::error file={"$file"},title={checking}::Formatted $file"
-            done
-            exit 1
-          fi
+          lint
       - name: Build targets
         shell: nix develop .#ci -c bash -e {0}
         run: |

.github/workflows/scorecard.yaml

@@ -58,4 +58,4 @@ jobs:
       - name: "Upload SARIF results to code scanning"
         uses: github/codeql-action/upload-sarif@592977e6ae857384aa79bb31e7a1d62d63449ec5 # v2.16.3
         with:
-          sarif_file: results.sarif
+          sarif_file: results.sarif

CODEOWNERS

@@ -1,6 +1,4 @@
 # SPDX-License-Identifier: Apache-2.0
 # Last matching pattern has precedence
 
-# Default owner
 * @pq-code-package/pqcp-embedded-maintainers-aarch64
-

CODE_OF_CONDUCT.md

@@ -3,4 +3,4 @@
 
 # Code of Conduct
 
-Please see [open issue](https://github.com/pq-code-package/tsc/issues/9)
+Please see [open issue](https://github.com/pq-code-package/tsc/issues/9)

CONTRIBUTING.md

@@ -3,4 +3,4 @@
 
 # Contributing
 
-to be completed
+to be completed

GOVERNANCE.md

@@ -3,4 +3,4 @@
 
 # Governance
 
-to be documented
+to be documented

Makefile

@@ -1,3 +1,5 @@
+# SPDX-License-Identifier: Apache-2.0
+
 CC ?= /usr/bin/cc
 INCLUDE_FIPS202 = -I fips202
 INCLUDE_MLKEM = -I mlkem

SECURITY.md

@@ -3,4 +3,4 @@
 
 # Security
 
-Please see [open issue](https://github.com/pq-code-package/tsc/issues/8)
+Please see [open issue](https://github.com/pq-code-package/tsc/issues/8)

SUPPORT.md

@@ -3,4 +3,4 @@
 
 # Support
 
-To be written.
+To be written.

checksum.sh

@@ -6,9 +6,9 @@
 output_hash=$(./$1 | sha256sum | awk '{ print $1 }')
 
 if [[ ${output_hash} == "${2}" ]]; then
-	echo "${1} Hashes match."
-	exit 0
+  echo "${1} Hashes match."
+  exit 0
 else
-	echo "${1} Hashes do not match: ${output_hash} vs ${2}"
-	exit 1
+  echo "${1} Hashes do not match: ${output_hash} vs ${2}"
+  exit 1
 fi

fips202/LICENSE

@@ -4,4 +4,4 @@ crypto_hash/keccakc512/simple/ from http://bench.cr.yp.to/supercop.html
 by Ronny Van Keer
 and the public domain "TweetFips202" implementation
 from https://twitter.com/tweetfips202
-by Gilles Van Assche, Daniel J. Bernstein, and Peter Schwabe
+by Gilles Van Assche, Daniel J. Bernstein, and Peter Schwabe

flake.nix

@@ -21,27 +21,27 @@
           core = with pkgs; [
             # formatter & linters
             astyle # 3.4.10
+            nixpkgs-fmt
+            shfmt
           ];
         in
         {
           devShells.default = with pkgs; mkShellNoCC {
             packages = core ++ [
               direnv
               nix-direnv
-
-              # formatter & linters
-              nixpkgs-fmt
-              shfmt
-              codespell
             ];
 
             shellHook = ''
-              export PATH=$PWD/dev-support/bin:$PATH
+              export PATH=$PWD/scripts:$PWD/scripts/ci:$PATH
             '';
           };
 
           devShells.ci = with pkgs; mkShellNoCC {
             packages = core;
+            shellHook = ''
+              export PATH=$PWD/scripts:$PWD/scripts/ci:$PATH
+            '';
           };
 
         };

scripts/ci/lint

@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o errtrace
+set -o nounset
+set -o pipefail
+
+# consts
+ROOT="$(realpath "$(dirname "$0")"/../../)"
+
+checkerr()
+{
+  if [[ $? == 127 ]]; then
+    SUCCESS=false
+    return
+  fi
+
+  if [[ ${#1} != 0 ]]; then
+    echo "$1" | while read -r file line; do
+      echo "::error file=$file,line=${line:-1},title=Format error::$file require to be formatted"
+    done
+    SUCCESS=false
+  fi
+}
+
+# Formatting
+SUCCESS=true
+
+echo "::group::Linting nix files with nixpkgs-fmt"
+checkerr "$(nixpkgs-fmt --check "$ROOT")"
+echo "::endgroup::"
+
+echo "::group::Linting shell scripts with shfmt"
+checkerr "$(shfmt -s -l -i 2 -ci -fn $(shfmt -f $(git grep -l '' :/)))"
+echo "::endgroup::"
+
+echo "::group::Linting c files with astyle"
+checkerr "$(astyle $(git ls-files ":/*.c" ":/*.h") --options="$ROOT/.astylerc" --dry-run --formatted | awk '{print $2}')"
+echo "::endgroup::"
+
+check-eol-dry-run()
+{
+  for file in $(git ls-files -- ":/"); do
+    if [[ $(tail -c1 "$file" | wc -l) == 0 ]]; then
+      l=$(wc -l <"$file")
+      echo "$file $l"
+    fi
+  done
+}
+echo "::group::Checking eol"
+checkerr "$(check-eol-dry-run)"
+echo "::endgroup::"
+
+check-spdx()
+{
+  for file in $(git ls-files -- ":/" ":/!:*LICENSE*" ":/!:.git*" ":/!:flake.lock"); do
+    if [[ $(grep "SPDX-License-Identifier:" $file | wc -l) == 0 ]]; then
+      echo "$file is missing SPDX License header"
+      SUCCESS=false
+    fi
+  done
+}
+echo "::group::Checking SPDX headers"
+check-spdx
+echo "::endgroup::"
+
+#
+if ! $SUCCESS; then
+  exit 1
+fi

scripts/format

@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: Apache-2.0
+
+set -o errexit
+set -o errtrace
+set -o nounset
+set -o pipefail
+
+# consts
+ROOT="$(realpath "$(dirname "$0")"/../)"
+
+GREEN="$(tput setaf 2)"
+NORMAL="$(tput sgr0)"
+
+# utility
+info()
+{
+  printf "%s %b\n" "${GREEN}info" "${NORMAL}${*}"
+}
+
+info "Formatting nix files"
+nixpkgs-fmt "$ROOT"
+
+info "Formatting shell scripts"
+shfmt -s -w -l -i 2 -ci -fn $(shfmt -f $(git grep -l '' :/))
+
+info "Formatting c files"
+astyle $(git ls-files ":/*.c" ":/*.h") --options="$ROOT/.astylerc" --formatted | awk '{print $2}'
+
+info "Checking for eol"
+check-eol()
+{
+  for file in $(git ls-files -- ":/"); do
+    if [[ $(tail -c1 "$file" | wc -l) == 0 ]]; then
+      echo "" >>"$file"
+      echo "$file"
+    fi
+  done
+}
+check-eol