tillitis-key/.github/workflows/ci.yaml


name: ci

on:
  push:
    branches:
      - 'main'
  pull_request: {}
  # allow manual runs:
  workflow_dispatch: {}

jobs:
  ci:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/tillitis/tkey-builder:4
    steps:
      - name: checkout
        uses: actions/checkout@v4
        with:
          # fetch-depth: 0
          persist-credentials: false

      - name: fix
        # https://github.com/actions/runner-images/issues/6775
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"

      - name: check indentation of our firmware C code
        working-directory: hw/application_fpga
        run: |
          make -C fw/tk1 checkfmt
          make -C fw/testfw checkfmt

      - name: run static analysis on firmware C code
        working-directory: hw/application_fpga
        run: |
          make check

      - name: lint verilog using verilator
        working-directory: hw/application_fpga
        run: make lint

      - name: compile ch552 firmware
        working-directory: hw/boards/mta1-usb-v1/ch552_fw
        run: make

      - name: compile tp1 firmware
        working-directory: hw/boards/tp1/firmware
        run: ./build.sh

      - name: make production test gateware
        working-directory: hw/production_test/application_fpga_test_gateware
        run: make

      - name: compile firmware and testfw
        working-directory: hw/application_fpga
        run: make firmware.bin testfw.bin

      # doing this last as it takes long time
      - name: make application FPGA gateware
        working-directory: hw/application_fpga
        run: make all

      - name: Cache binaries
        uses: actions/cache@v4
        with:
          path: |
            hw/application_fpga/application_fpga.bin
            hw/application_fpga/firmware.bin
          key: ${{ runner.os }}-build-${{ github.sha }}
          restore-keys: ${{ runner.os }}-build-


      # TODO? first deal with hw/boards/ and hw/production_test/
      # - name: check for SPDX tags
      #   run: ./LICENSES/spdx-ensure

  check-hashes:
    needs: ci
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/tillitis/tkey-builder:4
    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          persist-credentials: false

      - name: Retrieve binaries from cache
        uses: actions/cache@v4
        with:
          path: |
            hw/application_fpga/application_fpga.bin
            hw/application_fpga/firmware.bin
          key: ${{ runner.os }}-build-${{ needs.build.outputs.commit_sha }}
          restore-keys: ${{ runner.os }}-build-

      - name: check matching hashes for firmware.bin & application_fpga.bin
        working-directory: hw/application_fpga
        run: make check-binary-hashes
Add github action with basic CI that builds Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-02-02 15:27:21 -05:00
			`name: ci`

			`on:`
			`push:`
			`branches:`
			`- 'main'`
			`pull_request: {}`
			`# allow manual runs:`
			`workflow_dispatch: {}`

			`jobs:`
			`ci:`
			`runs-on: ubuntu-latest`
			`container:`
Use tkey-builder:4 2024-03-21 10:54:58 -04:00			`image: ghcr.io/tillitis/tkey-builder:4`
Add github action with basic CI that builds Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-02-02 15:27:21 -05:00			`steps:`
			`- name: checkout`
Use tkey-builder:4 2024-03-21 10:54:58 -04:00			`uses: actions/checkout@v4`
Add github action with basic CI that builds Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-02-02 15:27:21 -05:00			`with:`
			`# fetch-depth: 0`
			`persist-credentials: false`

			`- name: fix`
			`# https://github.com/actions/runner-images/issues/6775`
			`run: \|`
			`git config --global --add safe.directory "$GITHUB_WORKSPACE"`

Include static analysis in CI - Exclude splint from CI, so we make another target for it "splint", which we might include in the "check" target later. - Move the analysis runs earlier in CI so they, including indentation checks, fail first. - Include printouts of hashen in check-binary-hashes to easier see what the digest are if it fails in CI. 2024-03-21 07:11:33 -04:00			`- name: check indentation of our firmware C code`
			`working-directory: hw/application_fpga`
			`run: \|`
			`make -C fw/tk1 checkfmt`
			`make -C fw/testfw checkfmt`

			`- name: run static analysis on firmware C code`
			`working-directory: hw/application_fpga`
			`run: \|`
			`make check`

			`- name: lint verilog using verilator`
			`working-directory: hw/application_fpga`
			`run: make lint`

ci: compile also CH552 firmware, production test gateware; reorder 2023-02-13 10:57:34 -05:00			`- name: compile ch552 firmware`
			`working-directory: hw/boards/mta1-usb-v1/ch552_fw`
			`run: make`
Add github action with basic CI that builds Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-02-02 15:27:21 -05:00
Build tp1 firmware in CI 2024-03-20 07:42:47 -04:00			`- name: compile tp1 firmware`
			`working-directory: hw/boards/tp1/firmware`
			`run: ./build.sh`

ci: compile also CH552 firmware, production test gateware; reorder 2023-02-13 10:57:34 -05:00			`- name: make production test gateware`
			`working-directory: hw/production_test/application_fpga_test_gateware`
			`run: make`

			`- name: compile firmware and testfw`
ci: add the verilator lint Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-02-06 03:09:37 -05:00			`working-directory: hw/application_fpga`
ci: compile also CH552 firmware, production test gateware; reorder 2023-02-13 10:57:34 -05:00			`run: make firmware.bin testfw.bin`
ci: add the verilator lint Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-02-06 03:09:37 -05:00
ci: compile also CH552 firmware, production test gateware; reorder 2023-02-13 10:57:34 -05:00			`# doing this last as it takes long time`
			`- name: make application FPGA gateware`
			`working-directory: hw/application_fpga`
			`run: make all`

CI: move check-hash to separate job. - This makes it easier to see if CI fails on hashes (which might be expected during development) or something else. 2024-04-17 05:23:15 -04:00			`- name: Cache binaries`
			`uses: actions/cache@v4`
			`with:`
			`path: \|`
			`hw/application_fpga/application_fpga.bin`
			`hw/application_fpga/firmware.bin`
			`key: ${{ runner.os }}-build-${{ github.sha }}`
			`restore-keys: ${{ runner.os }}-build-`

Use tkey-builder:2; add hashes & checks for bitstream & fw bins Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-03-31 04:18:35 -04:00
Add github action with basic CI that builds Signed-off-by: Daniel Lublin <daniel@lublin.se> 2023-02-02 15:27:21 -05:00			`# TODO? first deal with hw/boards/ and hw/production_test/`
			`# - name: check for SPDX tags`
			`# run: ./LICENSES/spdx-ensure`
CI: move check-hash to separate job. - This makes it easier to see if CI fails on hashes (which might be expected during development) or something else. 2024-04-17 05:23:15 -04:00
			`check-hashes:`
			`needs: ci`
			`runs-on: ubuntu-latest`
			`container:`
			`image: ghcr.io/tillitis/tkey-builder:4`
			`steps:`
			`- name: Checkout`
			`uses: actions/checkout@v4`
			`with:`
			`persist-credentials: false`

			`- name: Retrieve binaries from cache`
			`uses: actions/cache@v4`
			`with:`
			`path: \|`
			`hw/application_fpga/application_fpga.bin`
			`hw/application_fpga/firmware.bin`
			`key: ${{ runner.os }}-build-${{ needs.build.outputs.commit_sha }}`
			`restore-keys: ${{ runner.os }}-build-`

			`- name: check matching hashes for firmware.bin & application_fpga.bin`
			`working-directory: hw/application_fpga`
			`run: make check-binary-hashes`