Skip to content

Create qcom-preflight-checks.yaml #99

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Sandhya1236 wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Create qcom-preflight-checks.yaml #99

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
24 changes: 24 additions & 0 deletions .github/workflows/qcom-preflight-checks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
name: QC Preflight Checks

on:
pull_request:
push:
branches: [main]
workflow_dispatch:

jobs:
preflight:
name: Run QC Preflight Checks
uses: qualcomm/qcom-reusable-workflows/.github/workflows/reusable-qcom-preflight-checks-orchestrator.yml@v2
with:
enable-semgrep-scan: true
Copy link
Copy Markdown
Contributor

@lumag lumag Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What for?

enable-dependency-review: true
Copy link
Copy Markdown
Contributor

@lumag lumag Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is this?

Copy link
Copy Markdown
Author

@Sandhya1236 Sandhya1236 Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is Qualcomm’s reusable preflight checks orchestrator workflow (v2).
It acts as a central entry point that runs a set of standardized CI and compliance validations used across Qualcomm-maintained repositories. Using the reusable workflow keeps this repository aligned with current Qualcomm CI standards and avoids duplicating individual checks locally.

enable-repolinter-check: true
enable-copyright-license-check: true
enable-commit-email-check: true
Copy link
Copy Markdown
Contributor

@lumag lumag Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What kind of checks is this?

Copy link
Copy Markdown
Author

@Sandhya1236 Sandhya1236 Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These flags enable specific preflight validation checks provided by the reusable workflow:
• Dependency review – checks introduced dependencies in PRs to catch insecure or unexpected changes
• Repolinter – validates repository structure and required metadata
• Copyright / license – verifies that files include proper license and copyright headers
• Commit email – ensures commits have valid and traceable author email addresses
These checks are commonly required for repositories under Qualcomm governance to ensure security, compliance, and repository hygiene.

Copy link
Copy Markdown
Contributor

@lumag lumag Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dependencies on what? GH actions? Python packages?

enable-commit-msg-check: false
enable-armor-checkers: false
Copy link
Copy Markdown
Contributor

@lumag lumag Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

??

Copy link
Copy Markdown
Author

@Sandhya1236 Sandhya1236 Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some checks are intentionally disabled:
• Commit message check is disabled because this repository does not currently enforce a strict commit message format.
• ARMOR checkers are disabled as they are not applicable to this repository’s current workflow or content.
The enabled checks represent the minimum set applicable and useful for this repo.

Copy link
Copy Markdown
Contributor

@lumag lumag Apr 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What is semgrep checking here?


permissions:
contents: read
security-events: write
Loading