name: ci on: push: branches: - 'main' pull_request: {} # allow manual runs: workflow_dispatch: {} jobs: check-firmware: runs-on: ubuntu-latest container: image: ghcr.io/tillitis/tkey-builder:4 steps: - name: checkout uses: actions/checkout@v4 with: # fetch-depth: 0 persist-credentials: false - name: fix # https://github.com/actions/runner-images/issues/6775 run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: check indentation in firmware C code working-directory: hw/application_fpga run: | make -C fw/tk1 checkfmt make -C fw/testfw checkfmt - name: run static analysis on firmware C code working-directory: hw/application_fpga run: | make check - name: compile firmware and testfw working-directory: hw/application_fpga run: make firmware.bin testfw.bin check-verilog: runs-on: ubuntu-latest container: image: ghcr.io/tillitis/tkey-builder:4 steps: - name: checkout uses: actions/checkout@v4 with: # fetch-depth: 0 persist-credentials: false - name: fix # https://github.com/actions/runner-images/issues/6775 run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: lint verilog using verilator working-directory: hw/application_fpga run: make lint build-usb-firmware: runs-on: ubuntu-latest container: image: ghcr.io/tillitis/tkey-builder:4 steps: - name: checkout uses: actions/checkout@v4 with: # fetch-depth: 0 persist-credentials: false - name: fix # https://github.com/actions/runner-images/issues/6775 run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: compile ch552 firmware working-directory: hw/usb_interface/ch552_fw run: make build-bitstream: outputs: commit_sha: ${{ github.sha }} runs-on: ubuntu-latest container: image: ghcr.io/tillitis/tkey-builder:4 steps: - name: checkout uses: actions/checkout@v4 with: # fetch-depth: 0 persist-credentials: false - name: fix # https://github.com/actions/runner-images/issues/6775 run: | git config --global --add safe.directory "$GITHUB_WORKSPACE" - name: make application FPGA gateware working-directory: hw/application_fpga run: make all - name: Cache binaries uses: actions/cache@v4 with: path: | hw/application_fpga/application_fpga.bin hw/application_fpga/firmware.bin key: build-${{ github.run_number }}-${{ github.sha }}-${{ github.run_attempt }} check-hashes: needs: build-bitstream runs-on: ubuntu-latest container: image: ghcr.io/tillitis/tkey-builder:4 steps: - name: Checkout uses: actions/checkout@v4 with: persist-credentials: false - name: Retrieve binaries from cache uses: actions/cache@v4 with: path: | hw/application_fpga/application_fpga.bin hw/application_fpga/firmware.bin key: build-${{ github.run_number }}-${{ needs.build-bitstream.outputs.commit_sha }}-${{ github.run_attempt }} - name: check matching hashes for firmware.bin & application_fpga.bin working-directory: hw/application_fpga run: make check-binary-hashes # TODO? first deal with hw/boards/ and hw/production_test/ # - name: check for SPDX tags # run: ./LICENSES/spdx-ensure