mirror of
https://github.com/tillitis/tillitis-key1.git
synced 2025-01-27 07:47:04 -05:00
a5e30f1203
- Gives a better overview of CI and the different checks, without going into the logs too deeply. - Cache: use a unique key for each run, and remove 'restore key' since it could potentially retrieve the wrong bitstream. The stragegy should be to fail if a cache is not present, not fetch a bitstream from a different build.
149 lines
4.0 KiB
YAML
149 lines
4.0 KiB
YAML
|
|
name: ci
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- 'main'
|
|
pull_request: {}
|
|
# allow manual runs:
|
|
workflow_dispatch: {}
|
|
|
|
jobs:
|
|
check-firmware:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ghcr.io/tillitis/tkey-builder:4
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
# fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: fix
|
|
# https://github.com/actions/runner-images/issues/6775
|
|
run: |
|
|
git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: check indentation in firmware C code
|
|
working-directory: hw/application_fpga
|
|
run: |
|
|
make -C fw/tk1 checkfmt
|
|
make -C fw/testfw checkfmt
|
|
|
|
- name: run static analysis on firmware C code
|
|
working-directory: hw/application_fpga
|
|
run: |
|
|
make check
|
|
|
|
- name: compile firmware and testfw
|
|
working-directory: hw/application_fpga
|
|
run: make firmware.bin testfw.bin
|
|
|
|
check-verilog:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ghcr.io/tillitis/tkey-builder:4
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
# fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: fix
|
|
# https://github.com/actions/runner-images/issues/6775
|
|
run: |
|
|
git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: lint verilog using verilator
|
|
working-directory: hw/application_fpga
|
|
run: make lint
|
|
|
|
build-other-firmwares:
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ghcr.io/tillitis/tkey-builder:4
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
# fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: fix
|
|
# https://github.com/actions/runner-images/issues/6775
|
|
run: |
|
|
git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: compile ch552 firmware
|
|
working-directory: hw/boards/mta1-usb-v1/ch552_fw
|
|
run: make
|
|
|
|
- name: compile tp1 firmware
|
|
working-directory: hw/boards/tp1/firmware
|
|
run: ./build.sh
|
|
|
|
build-bitstream:
|
|
outputs:
|
|
commit_sha: ${{ github.sha }}
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ghcr.io/tillitis/tkey-builder:4
|
|
steps:
|
|
- name: checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
# fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: fix
|
|
# https://github.com/actions/runner-images/issues/6775
|
|
run: |
|
|
git config --global --add safe.directory "$GITHUB_WORKSPACE"
|
|
|
|
- name: make production test gateware
|
|
working-directory: hw/production_test/application_fpga_test_gateware
|
|
run: make
|
|
|
|
- name: make application FPGA gateware
|
|
working-directory: hw/application_fpga
|
|
run: make all
|
|
|
|
- name: Cache binaries
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
hw/application_fpga/application_fpga.bin
|
|
hw/application_fpga/firmware.bin
|
|
key: build-${{ github.run_number }}-${{ github.sha }}-${{ github.run_attempt }}
|
|
|
|
check-hashes:
|
|
needs: build-bitstream
|
|
runs-on: ubuntu-latest
|
|
container:
|
|
image: ghcr.io/tillitis/tkey-builder:4
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
persist-credentials: false
|
|
|
|
- name: Retrieve binaries from cache
|
|
uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
hw/application_fpga/application_fpga.bin
|
|
hw/application_fpga/firmware.bin
|
|
key: build-${{ github.run_number }}-${{ needs.build-bitstream.outputs.commit_sha }}-${{ github.run_attempt }}
|
|
|
|
- name: check matching hashes for firmware.bin & application_fpga.bin
|
|
working-directory: hw/application_fpga
|
|
run: make check-binary-hashes
|
|
|
|
|
|
# TODO? first deal with hw/boards/ and hw/production_test/
|
|
# - name: check for SPDX tags
|
|
# run: ./LICENSES/spdx-ensure
|