Common actions and workflows for Qualcomm repositories.
qcom-preflight-checks calls a reusable-workflow that runs a series of preflight checks on your proposed contribution. The checks include:
| Action/Workflow | Description | POC |
|---|---|---|
| todogroup/repolinter | GitHub action for checking the repository for consistency and adherence to coding standards | @mynameistechno |
| semgrep/semgrep | GitHub action for running Semgrep static analysis tool | @njjetha and @igibek |
| qualcomm/commit-emails-check-action | GitHub action for checking email addresses in PR/Push commits | @quic-nasserg |
| qualcomm/copyright-license-checker-action | GitHub action for copyright and license issues in PR/Push commits | @targoy-qti |
| actions/dependency-review-action | Detects vulnerable dependencies and invalid licenses in PRs | @igibek |
Each check can be individually disabled when not applicable to your project, however in general they should not be disabled. Create an Issue if you run into any issues.
To start using qcom-preflight-checks use one of the below options to create the workflow file in your repository:
- Copy the file ./github/workflows/qcom-preflight-checks.yml to your repository's
.github/workflowsdirectory. - Repositories created using qualcomm/qualcomm-repository-template, will include the file at
./github/workflows/qcom-preflight-checks.yml. - Create the file via the Actions tab in the UI:
- Click on Actions
- If you have existing actions in the repo, click "New workflow", else skip to next step
- Scroll to
By Qualcomm Technologies, Inc.section and clickConfigureunderQualcomm Preflight Checker Workflow - Click "Commit changes...", select "Commit directly to the main branch" (or feel free to create a new branch and start a PR), ensure your Qualcomm email is selected under "Commit Email", and then click "Sign off and commit changes"
- This will create a GitHub Action config file in your repo under the path
.github/workflows/qcom-preflight-checks.yml - Adjust it as needed, e.g. the qcom-preflight-checks workflow is configured to run on Push and Pull Requests into the default branch (typically main), but you may want to further adjust when it runs.
If you need to disable individual checks, open ./github/workflows/qcom-preflight-checks.yml in your repository and set the check to false. E.g. if you want to disable semgrep, you can set semgrep: false in the with section of the workflow. Default value is true for all checkers.
After updating your workflow or action, ensure you tag it following SemVer:
Given a version number MAJOR.MINOR.PATCH, increment the:
MAJOR version when you make incompatible API changes
MINOR version when you add functionality in a backward compatible manner
PATCH version when you make backward compatible bug fixes
Use GitHub's "Create a new release" in the Releases section. Click the "Generate release notes" to pre-populate a list of merged PRs in the diff, updating as needed.
Rulesets can be used to require workflows to pass prior to merge. Some workflows are required for all repos and managed at an organization level. Individual repositories can also require workflows and checks to pass prior to merge. See About Rulesets for more information.
main: Primary development branch. Contributors should develop submissions based on this branch, and submit pull requests to this branch.
qcom-actions is licensed under the BSD-3-clause License. See LICENSE.txt for the full license text.