name: ci

on:
  push:
    branches:
      - 'main'
  pull_request: {}
  # allow manual runs:
  workflow_dispatch: {}

jobs:
  ci:
    runs-on: ubuntu-latest
    container:
      image: ghcr.io/tillitis/tkey-builder:4
    steps:
      - name: checkout
        uses: actions/checkout@v4
        with:
          # fetch-depth: 0
          persist-credentials: false

      - name: fix
        # https://github.com/actions/runner-images/issues/6775
        run: |
          git config --global --add safe.directory "$GITHUB_WORKSPACE"

      - name: compile ch552 firmware
        working-directory: hw/boards/mta1-usb-v1/ch552_fw
        run: make

      - name: make production test gateware
        working-directory: hw/production_test/application_fpga_test_gateware
        run: make

      - name: compile firmware and testfw
        working-directory: hw/application_fpga
        run: make firmware.bin testfw.bin

      - name: check fmt of our firmware C code
        working-directory: hw/application_fpga
        run: |
          make -C fw/tk1 checkfmt
          make -C fw/testfw checkfmt

      - name: lint verilog using verilator
        working-directory: hw/application_fpga
        run: make lint

      # doing this last as it takes long time
      - name: make application FPGA gateware
        working-directory: hw/application_fpga
        run: make all

      - name: check matching hashes for firmware.bin & application_fpga.bin
        working-directory: hw/application_fpga
        run: make check-binary-hashes

      # TODO? first deal with hw/boards/ and hw/production_test/
      # - name: check for SPDX tags
      #   run: ./LICENSES/spdx-ensure