Create qcom-preflight-checks.yml#48
Conversation
|
You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool. What Enabling Code Scanning Means:
For more information about GitHub Code Scanning, check out the documentation. |
Sandhya1236
force-pushed
the
QC-Preflight-Checks-Workflow-Addition
branch
from
0baae8b to
1448dc2
Compare
|
The LAVA failure is expected. After switching from pull_request_target to pull_request, GitHub no longer injects repository secrets for fork PRs by design. As a result, lava_token is empty and the job fails. This is a GitHub security restriction, not a token or YAML issue. |
| name: Run QC Preflight Checks | ||
| uses: qualcomm/qcom-reusable-workflows/.github/workflows/reusable-qcom-preflight-checks-orchestrator.yml@v2 | ||
| with: | ||
| enable-semgrep-scan: true |
There was a problem hiding this comment.
What will semgrep analyse and find in this repo?
| uses: qualcomm/qcom-reusable-workflows/.github/workflows/reusable-qcom-preflight-checks-orchestrator.yml@v2 | ||
| with: | ||
| enable-semgrep-scan: true | ||
| enable-dependency-review: true |
There was a problem hiding this comment.
What kind of dependencies are you reviewing / trackign for this repo?
|
Will rebase commits and PR and will update shortly |
Add QC Preflight Checks to surface potential OSS compliance issues early in the PR lifecycle. The workflow warns maintainers about licensing and copyright problems, enforces Qualcomm email policy, and checks for required repository files (e.g. README.md). Signed-off-by: Sandhya Adavikolanu <sadaviko@qti.qualcomm.com>
Sandhya1236
force-pushed
the
QC-Preflight-Checks-Workflow-Addition
branch
from
67ee45e to
1d1bb52
Compare
lumag
left a comment
lumag
left a comment
There was a problem hiding this comment.
Please fix your editor settings. The line length is too short.
4 participants
This pull request adds the QC Preflight Checks GitHub Actions workflow to the repository using the latest Qualcomm reusable preflight orchestrator (v2).
The intent of this workflow is to ensure that all pull requests and updates to the main branch comply with Qualcomm’s standard CI, security, and repository compliance requirements. These checks are applicable to this repository as it is part of the Qualcomm Linux ecosystem and is expected to follow the same baseline validation standards used across other Qualcomm-maintained projects.
The enabled checks provide the following coverage:
Semgrep scan: Identifies potential security and coding issues early in the development workflow.
Dependency review: Prevents the introduction of vulnerable or insecure third‑party dependencies.
Repolinter checks: Ensures repository structure and metadata follow expected conventions.
Copyright and license checks: Verifies proper licensing and copyright headers.
Commit email validation: Enforces valid and traceable commit authorship.
The commit message check and ARMOR checkers are intentionally disabled, as they are currently not required or applicable for this repository’s development workflow.
Using the reusable workflow helps maintain consistency with other Qualcomm repositories, reduces duplication, and ensures the repository stays aligned with ongoing CI and security improvements.
For more details, refer to the https://github.com/qualcomm/qcom-reusable-workflows