From d7b8bb26a9671cfa3e50bba89d967e913422a0fb Mon Sep 17 00:00:00 2001 From: dehanj Date: Wed, 17 Apr 2024 11:23:15 +0200 Subject: [PATCH] CI: move check-hash to separate job. - This makes it easier to see if CI fails on hashes (which might be expected during development) or something else. --- .github/workflows/ci.yaml | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index c6df55b..070621b 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -62,10 +62,40 @@ jobs: working-directory: hw/application_fpga run: make all - - name: check matching hashes for firmware.bin & application_fpga.bin - working-directory: hw/application_fpga - run: make check-binary-hashes + - name: Cache binaries + uses: actions/cache@v4 + with: + path: | + hw/application_fpga/application_fpga.bin + hw/application_fpga/firmware.bin + key: ${{ runner.os }}-build-${{ github.sha }} + restore-keys: ${{ runner.os }}-build- + # TODO? first deal with hw/boards/ and hw/production_test/ # - name: check for SPDX tags # run: ./LICENSES/spdx-ensure + + check-hashes: + needs: ci + runs-on: ubuntu-latest + container: + image: ghcr.io/tillitis/tkey-builder:4 + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + persist-credentials: false + + - name: Retrieve binaries from cache + uses: actions/cache@v4 + with: + path: | + hw/application_fpga/application_fpga.bin + hw/application_fpga/firmware.bin + key: ${{ runner.os }}-build-${{ needs.build.outputs.commit_sha }} + restore-keys: ${{ runner.os }}-build- + + - name: check matching hashes for firmware.bin & application_fpga.bin + working-directory: hw/application_fpga + run: make check-binary-hashes