From a3baaf17942839bab9f794751b935439e16594bd Mon Sep 17 00:00:00 2001
From: Alexey Rivkin <arivkin@nvidia.com>
Date: Mon, 13 Jan 2025 12:28:37 +0200
Subject: [PATCH] AZP: Add header check for copyrights scan

---
 buildlib/pr/codestyle.yml               | 16 ++++++
 buildlib/pr/main.yml                    |  3 ++
 buildlib/tools/copyright-check-map.yaml | 30 +++++++++++
 buildlib/tools/copyright_check.sh       | 68 +++++++++++++++++++++++++
 4 files changed, 117 insertions(+)
 create mode 100644 buildlib/tools/copyright-check-map.yaml
 create mode 100755 buildlib/tools/copyright_check.sh

diff --git a/buildlib/pr/codestyle.yml b/buildlib/pr/codestyle.yml
index 2b643a2bd05..5154b6814ab 100644
--- a/buildlib/pr/codestyle.yml
+++ b/buildlib/pr/codestyle.yml
@@ -123,3 +123,19 @@ jobs:
       - bash: |
           ./buildlib/tools/test_ctags.sh
         displayName: ctags generation test
+
+  - job: copyright_check
+    displayName: Copyright Check
+    pool:
+      name: MLNX
+      demands:
+      - ucx_docker
+    steps:
+      - checkout: self
+        clean: true
+        fetchDepth: 100
+        retryCountOnTaskFailure: 5
+
+      - bash: |
+          ./buildlib/tools/copyright_check.sh
+        displayName: Copyright Check
diff --git a/buildlib/pr/main.yml b/buildlib/pr/main.yml
index 0f2ea1c60de..fdc4113dbae 100644
--- a/buildlib/pr/main.yml
+++ b/buildlib/pr/main.yml
@@ -180,6 +180,9 @@ resources:
     - container: ubuntu2204_rocm_6_0_0
       image: rdmz-harbor.rdmz.labs.mlnx/ucx/x86_64/ubuntu2204:rocm-6.0.0
       options: $(DOCKER_OPT_ARGS) $(DOCKER_OPT_VOLUMES)
+    - container: header_check
+      image: rdmz-harbor.rdmz.labs.mlnx/toolbox/header_check
+      options: --config copyright-check-map.yaml --git-repo ${WORKSPACE} --path ${WORKSPACE}
 
 stages:
   - stage: Codestyle
diff --git a/buildlib/tools/copyright-check-map.yaml b/buildlib/tools/copyright-check-map.yaml
new file mode 100644
index 00000000000..67153eab54a
--- /dev/null
+++ b/buildlib/tools/copyright-check-map.yaml
@@ -0,0 +1,30 @@
+general:
+  exclude:
+    - "\\.git.*"
+    - "\\.(yml|md|txt)"
+    - "^\\.ci.*"
+    - "NEWS"
+    - "\\.(m4|ac)"
+    - "\\.conf"
+    - "src/components/tl/nvat/*"
+    - "\\.cu"
+    - "AUTHORS"
+    - "LICENSE"
+    - "docs/*"
+    - "\\.Dockerfile"      # might need an update from this point on
+    - "perftest_msg_pow2"
+    - "contrib/*"
+    - "debian/*"
+    - "src/\\*/Makefile"
+    - "src/ucg/Makefile"
+    - "src/ucg/base/Makefile"
+    - "src/ucg/builtin/Makefile"
+    - "src/ucs/arch/aarch64/memcpy_thunderx2.S"
+    - "\\.mod"
+    - "\\.supp"
+    - "\\.log"
+
+bsd:
+  validate-spdx-license: true
+  include:
+    - ".*\\.(am|in|hpp|cpp|py|cc|h|c|sh|go|xml|java|yaml|inl)$"
diff --git a/buildlib/tools/copyright_check.sh b/buildlib/tools/copyright_check.sh
new file mode 100755
index 00000000000..91eafd21064
--- /dev/null
+++ b/buildlib/tools/copyright_check.sh
@@ -0,0 +1,68 @@
+#!/bin/bash -x
+
+if [ -z "$WORKSPACE" ]; then
+    echo "ERROR: WORKSPACE variable is empty"
+    exit 1
+fi
+
+if [ ! -d "$WORKSPACE" ]; then
+    echo "ERROR: ""$WORKSPACE"" does not exist"
+    exit 1
+fi
+
+# this variable is mandatory for header_check.py
+if [[ -z $GITHUB_TOKEN ]]; then
+    echo "ERROR: GITHUB_TOKEN variable is empty"
+    exit 1
+fi
+
+IMAGE="rdmz-harbor.rdmz.labs.mlnx/toolbox/header_check"
+IMAGE="harbor.mellanox.com/toolbox/header_check"
+HEADER_CHECK_TOOL="docker run --rm \
+    --user $(id -u):$(id -g) \
+    -v $PWD:$PWD -w $PWD \
+    $IMAGE"
+
+$HEADER_CHECK_TOOL \
+    --config "${WORKSPACE}"/buildlib/tools/copyright-check-map.yaml \
+    --path "$WORKSPACE" \
+    --git-repo "$WORKSPACE" | tee copyrights.log
+
+exit_code=$?
+echo "exit_code=${exit_code}"
+# Correct error code is not returned by the script, need to check output file if its empty it failed
+if [[ ! -s copyrights.log ]]; then
+    echo "copyrights.log is empty which means the script failed internally"
+    exit 1
+fi
+set +eE
+grep -rn ERROR copyrights.log
+exit_code=$?
+set -eE
+if [ ${exit_code} -eq 0 ]; then
+    echo "Please refer to https://confluence.nvidia.com/pages/viewpage.action?pageId=788418816"
+    ${HEADER_CHECK_TOOL} \
+      --config "${WORKSPACE}"/buildlib/tools/copyright-check-map.yaml \
+      --path "${WORKSPACE}" \
+      --repair \
+      --git-repo "${WORKSPACE}" | tee copyrights_repair.log
+    # create list of modified files
+    # needed for new git versions (from the check header docker image)
+    git config --global --add safe.directory "$WORKSPACE"
+    files=$(git status | grep 'modified:' | awk '{print $NF}'  )
+    mkdir "$WORKSPACE"/repaired_files/
+    cp --parents "$files" "$WORKSPACE"/repaired_files/
+    cd "$WORKSPACE"/repaired_files/
+    tar -czf "$WORKSPACE"/copyright_repaired_files.tar.gz .
+    exit 1
+fi
+if [ "${do_release}" == "true" ] && [ ! -z "${RMAX_SDK_VERSION}" ]; then
+    REPORTS_DIR="${release_dir}/${RMAX_SDK_VERSION}/reports"
+    sudo -E -u swx-jenkins mkdir -p "${REPORTS_DIR}"
+    sudo -E -u swx-jenkins cp -v copyrights.log "${REPORTS_DIR}"
+
+    # upload to artifactory - experimental does not fail build
+    TARGET_PATH="$ARTIFACTORY_URL/$ARTIFACTORY_REPO/release/$RMAX_SDK_VERSION/linux/reports/copyright/"
+    curl --silent --show-error --fail -u "$ARTIFACTORY_USER:$ARTIFACTORY_KEY" -T copyrights.log \
+        -X PUT "$TARGET_PATH" || true
+fi