TOOL-4: Create CI for firmware build

.githooks/commit-msg

@@ -2,13 +2,12 @@
 # SPDX-FileCopyrightText: 2021 Foundation Devices, Inc. <hello@foundationdevices.com>
 # SPDX-License-Identifier: GPL-3.0-or-later
 
-TEAM_PREFIX='PASS1'
-commit_regex="^($TEAM_PREFIX-[0-9]+:\ )"
+commit_regex="^([A-Z]+[0-9]*-[0-9]+:\ )"
 
-if ! `grep -iqE "$commit_regex" "$1"`; then
+if ! grep -iqE "$commit_regex" "$1"; then
     echo "=========================================================================================" >&2
     echo "Aborting commit. Your commit message must start with a Linear issue ID, colon then space." >&2
-    echo "Example: '$TEAM_PREFIX-123: '                     (To commit anyway, use the --no-verify option)" >&2
+    echo "Example: 'PASS1-123: '                     (To commit anyway, use the --no-verify option)" >&2
     echo "=========================================================================================" >&2
     exit 1
 fi

.github/workflows/validate_and_build.yaml

@@ -0,0 +1,66 @@
+name: Validate and Build
+on: [push]
+jobs:
+  lint-py:
+    runs-on: ubuntu-18.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: Set up Python 3.9
+      uses: actions/setup-python@v2
+      with:
+        python-version: 3.9
+    - name: Install dependencies
+      run: |
+        python -m pip install --upgrade pip
+        pip install pycodestyle
+    - name: Setup just
+      uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
+    - name: Analysing the code
+      run: just ports/stm32/lint-py
+      continue-on-error: true
+
+  lint-c:
+    runs-on: ubuntu-18.04
+    steps:
+    - uses: actions/checkout@v2
+    - name: Analysing the code
+      uses: DoozyX/clang-format-lint-action@2a28e3a8d9553f244243f7e1ff94f6685dff87be
+      with:
+        source: ./ports/stm32
+        exclude: trezor-firmware
+        extensions: 'c,h'
+        style: file
+        inplace: true
+      continue-on-error: true
+
+  build-firmware:
+    runs-on: ubuntu-18.04
+    needs: [lint-py, lint-c]
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v2
+      with:
+        fetch-depth: 0
+    - name: Setup just
+      uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
+    - name: Test branch name existence
+      run: git branch -a
+    - name: Build the firmware
+      run: |
+        echo "$SIGNING_KEY" > signing_key.pem
+        version=$(git describe --all --match dev* | cut -d '-' -f 2)
+
+        just docker-build
+        just sign signing_key.pem "${version#?}"
+      env:
+        SIGNING_KEY: ${{ secrets.UserSigningKey }}
+    - name: Upload built firmware file
+      uses: actions/upload-artifact@v2
+      with:
+        name: firmware.bin
+        path: ports/stm32/build-Passport/firmware.bin
+    - name: Upload signed firmware file
+      uses: actions/upload-artifact@v2
+      with:
+        name: firmware-key-user.bin
+        path: ports/stm32/build-Passport/firmware-key-user.bin

Dockerfile

@@ -2,6 +2,7 @@ FROM ubuntu:18.04 AS cross_build
 RUN apt-get update && \
     apt-get install -y git make gcc-arm-none-eabi python3 gcc && \
     rm -rf /var/lib/apt/lists/*
+COPY drivers /workspace/passport-firmware/drivers
 COPY docs /workspace/passport-firmware/docs
 COPY extmod /workspace/passport-firmware/extmod
 COPY lib /workspace/passport-firmware/lib

justfile

@@ -7,7 +7,7 @@ docker-build:
   #!/usr/bin/env bash
   set -euxo pipefail
   docker build -t foundation-devices/firmware-builder:{{ commit_sha }} .
-  docker run -it --rm -v "$PWD":/workspace \
+  docker run --rm -v "$PWD":/workspace \
     -w /workspace/{{ base_path }} \
     --entrypoint bash \
     foundation-devices/firmware-builder:{{ commit_sha }} \
@@ -31,7 +31,7 @@ sign keypath version filepath=firmware_path: docker-build
   #!/usr/bin/env bash
   set -euxo pipefail
 
-  docker run -it --rm -v "$PWD":/workspace \
+  docker run --rm -v "$PWD":/workspace \
     -w /workspace \
     --entrypoint bash \
     foundation-devices/firmware-builder:{{ commit_sha }} \
@@ -39,7 +39,7 @@ sign keypath version filepath=firmware_path: docker-build
 
 # clean firmware build
 clean:
-  docker run -it --rm -v "$PWD":/workspace \
+  docker run --rm -v "$PWD":/workspace \
     -w /workspace/{{ base_path }} \
     --entrypoint bash \
     foundation-devices/firmware-builder:{{ commit_sha }} \

ports/stm32/Justfile

@@ -10,14 +10,24 @@ deps:
 init: deps
     git config core.hooksPath .githooks
 
-# Lint only the code of the project
-lint-code:
+# Lint only the python code of the project
+lint-py:
+    pycodestyle --exclude trezor-firmware --statistics .
+
+# Lint only the C code of the project
+lint-c:
     @echo "TBD"
 
-# Lint all of the project
-lint: lint-code
+# Lint only the code of the project
+lint-code: lint-py lint-c
+
+# Lint the licensing
+lint-license:
     reuse lint
 
+# Lint all of the project
+lint: lint-code lint-license
+
 #
 # Firmware Commands
 #

requirements.txt

@@ -0,0 +1,2 @@
+autopep8==1.5.7
+pycodestyle==2.7.0