kopia lustrzana https://github.com/espressif/esp-idf
22637ff824
Currently sbom manifest is checked only in .gitmodules and this check is done in pre-commit and also in CI. Meaning it's running three times(pre-commit before push if user has it enabled, in CI as there is the pre-commit run again and again with test in CI). Since esp-idf-sbom contains a full manifest validation support and pre-commit plugin for it, let's use it. This removes all the current sbom testing and replaces it with a signle pre-commit plugin which validates all manifests files(sbom.yml, idf_component.yml, .gitmodules and also referenced manifests) in repository. Note that this checks all manifests, not only ones which were modified. The check is reasonably fast though, so it should not cause any problem. The reason for validating all manifest files is that we want to make sure that the sbom information in .gitmodules is updated too and that the hash recorded in .gitmodules is up-to-date. Meaning submodule update would not trigger this plugin, because no manifest was changed. Signed-off-by: Frantisek Hrbata <frantisek.hrbata@espressif.com> |
||
|---|---|---|
| .. | ||
| ci | ||
| merge_request_templates | ||
| CODEOWNERS | ||