name: Compliance Checks

on:
  pull_request:
    types:
    - edited
    - opened
    - reopened
    - synchronize

jobs:
  check_compliance:
    runs-on: ubuntu-22.04
    name: Run compliance checks on patch series (PR)
    steps:
    - name: Update PATH for west
      run: |
        echo "$HOME/.local/bin" >> $GITHUB_PATH

    - name: Checkout the code
      uses: actions/checkout@v4
      with:
        ref: ${{ github.event.pull_request.head.sha }}
        fetch-depth: 0

    - name: Set up Python
      uses: actions/setup-python@v5
      with:
        python-version: 3.11

    - name: cache-pip
      uses: actions/cache@v4
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('.github/workflows/compliance.yml') }}

    - name: Install python dependencies
      run: |
        pip3 install setuptools
        pip3 install wheel
        pip3 install python-magic lxml junitparser gitlint pylint pykwalify yamllint clang-format unidiff sphinx-lint
        pip3 install west

    - name: west setup
      env:
        BASE_REF: ${{ github.base_ref }}
      run: |
        git config --global user.email "you@example.com"
        git config --global user.name "Your Name"
        git remote -v
        # Ensure there's no merge commits in the PR
        [[ "$(git rev-list --merges --count origin/${BASE_REF}..)" == "0" ]] || \
        (echo "::error ::Merge commits not allowed, rebase instead";false)
        git rebase origin/${BASE_REF}
        git clean -f -d
        # debug
        git log  --pretty=oneline | head -n 10
        west init -l . || true
        west config manifest.group-filter -- +ci,-optional
        west update -o=--depth=1 -n 2>&1 1> west.update.log || west update -o=--depth=1 -n 2>&1 1> west.update2.log

    - name: Check for PR description
      if: ${{ github.event.pull_request.body == '' }}
      continue-on-error: true
      id: pr_description
      run: |
        echo "Pull request description cannot be empty."
        exit 1

    - name: Run Compliance Tests
      continue-on-error: true
      id: compliance
      env:
        BASE_REF: ${{ github.base_ref }}
      run: |
        export ZEPHYR_BASE=$PWD
        # debug
        ls -la
        git log  --pretty=oneline | head -n 10
        # Increase rename limit to allow for large PRs
        git config diff.renameLimit 10000
        ./scripts/ci/check_compliance.py --annotate -e KconfigBasic \
        -c origin/${BASE_REF}..

    - name: upload-results
      uses: actions/upload-artifact@v4
      continue-on-error: true
      with:
        name: compliance.xml
        path: compliance.xml

    - name: check-warns
      run: |
        if [[ ! -s "compliance.xml" ]]; then
          exit 1;
        fi

        warns=("ClangFormat")
        files=($(./scripts/ci/check_compliance.py -l))

        for file in "${files[@]}"; do
          f="${file}.txt"
          if [[ -s $f ]]; then
            results=$(cat $f)
            results="${results//'%'/'%25'}"
            results="${results//$'\n'/'%0A'}"
            results="${results//$'\r'/'%0D'}"

            if [[ "${warns[@]}" =~ "${file}" ]]; then
              echo "::warning file=${f}::$results"
            else
              echo "::error file=${f}::$results"
              exit=1
            fi
          fi
        done

        if [ "${exit}" == "1" ]; then
          echo "Compliance error, check for error messages in the \"Run Compliance Tests\" step"
          echo "You can run this step locally with the ./scripts/ci/check_compliance.py script."
          exit 1;
        fi

        if [ "${{ steps.pr_description.outcome }}" == "failure" ]; then
          echo "PR description cannot be empty"
          exit 1;
        fi