ci: Introduce workflow for compliance

It includes jobs for checking DCO and reuse. The latter is set to allow
fails as the repository is not yet reuse compliant. When that is done,
we can switch it.

Signed-off-by: Andrei Gherzan <andrei.gherzan@huawei.com>

.github/workflows/compliance.yml

@@ -0,0 +1,47 @@
+# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
+#
+# SPDX-License-Identifier: MIT
+
+name: Compliance
+
+on:
+  pull_request:
+
+jobs:
+  dco:
+    name: DCO
+    runs-on: [self-hosted, Linux]
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Build a temporary DCO image
+        uses: ./.github/actions/docker-build
+        with:
+          docker_image: dco-check
+          id: ${{ github.event.number }}
+      - name: Do DCO check
+        run: |
+          docker run --rm -v "$GITHUB_WORKSPACE:/work:ro" \
+            --env "BASE_REF=$GITHUB_BASE_REF" \
+            "dco-check-${{ github.event.number }}"
+      - name: Cleanup temporary docker image
+        uses: ./.github/actions/docker-clean-image
+        with:
+          docker_image: dco-check-${{ github.event.number }}
+        if: always()
+      - name: Cleanup dangling docker images
+        uses: ./.github/actions/docker-clean-dangling
+        if: always()
+  reuse:
+    name: reuse
+    runs-on: [self-hosted, Linux]
+    steps:
+      - name: Checkout the code
+        uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Do reuse check
+        continue-on-error: true
+        uses: fsfe/reuse-action@v1

.github/workflows/docker-images/README.md

@@ -0,0 +1,21 @@
+<!--
+SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
+
+SPDX-License-Identifier: MIT
+-->
+
+# Docker images for CI
+
+Each directory contains the files for a docker image.
+
+## Building an image
+
+When building a docker image, the build context is expected to be where this
+`README.md` file resides. This means that building the images will require
+passing the appropriate `-f` argument.
+
+Here is an example for building the `dco-check` image:
+
+```
+docker build . -f dco-check/Dockerfile -t dco-check
+```

.github/workflows/docker-images/dco-check/Dockerfile

@@ -0,0 +1,13 @@
+# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
+#
+# SPDX-License-Identifier: MIT
+
+FROM christophebedard/dco-check:latest
+
+# Run under normal user called 'ci'
+RUN useradd --create-home --uid 1000 --shell /usr/bin/bash ci
+USER ci
+
+COPY ./dco-check/entrypoint.sh /
+COPY ./utils.sh /
+ENTRYPOINT ["/entrypoint.sh"]

.github/workflows/docker-images/dco-check/README.md

@@ -0,0 +1,16 @@
+<!--
+SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
+
+SPDX-License-Identifier: MIT
+-->
+
+# Docker image for DCO checks
+
+This image provides the environment and the logic of running a DCO check
+against a repository.
+
+## Configuration
+
+The `entrypoint.sh` script assumes at runtime that the repository to be checked
+is available under `/work`. This path is to be populated via bind mounts when
+running the container.

.github/workflows/docker-images/dco-check/entrypoint.sh

@@ -0,0 +1,21 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
+#
+# SPDX-License-Identifier: MIT
+
+set -e
+
+# shellcheck disable=SC1091
+. /utils.sh
+
+GIT_REPO_PATH="/work"
+
+[ -n "$BASE_REF" ] ||
+	error "DCO checks needs to know the target branch. Make sure that is set in BASE_REF."
+[ -d "$GIT_REPO_PATH/.git" ] ||
+	error "Can't find a git checkout under $GIT_REPO_PATH ."
+cd "$GIT_REPO_PATH"
+dco-check \
+	--verbose \
+	--default-branch "origin/$BASE_REF"

.github/workflows/docker-images/utils.sh

@@ -0,0 +1,28 @@
+#!/bin/sh
+
+# SPDX-FileCopyrightText: Andrei Gherzan <andrei.gherzan@huawei.com>
+#
+# SPDX-License-Identifier: MIT
+
+_log() {
+	_level="$1"
+	_msg="$2"
+	echo "[$_level] $_msg"
+}
+
+error() {
+	_msg="$1"
+	_log "ERR" "$1"
+	exit 1
+}
+
+warn() {
+	_msg="$1"
+	_log "WRN" "$1"
+	exit 1
+}
+
+log() {
+	_msg="$1"
+	_log "LOG" "$1"
+}