You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
126 lines
3.5 KiB
126 lines
3.5 KiB
name: Validate and Build
|
|
on: [push]
|
|
jobs:
|
|
lint-py:
|
|
runs-on: ubuntu-18.04
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Set up Python 3.9
|
|
uses: actions/setup-python@v2
|
|
with:
|
|
python-version: 3.9
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m pip install --upgrade pip
|
|
pip install pycodestyle
|
|
- name: Setup just
|
|
uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
|
|
- name: Analysing the code
|
|
run: just ports/stm32/lint-py
|
|
continue-on-error: true
|
|
|
|
lint-c:
|
|
runs-on: ubuntu-18.04
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Analysing the code
|
|
uses: jidicula/clang-format-action@7f6b4bf5a7eb211c0872364ccd8072ff8a77ac44
|
|
with:
|
|
clang-format-version: '10'
|
|
check-path: ./ports/stm32
|
|
exclude-regex: trezor-firmware
|
|
continue-on-error: true
|
|
|
|
build-firmware:
|
|
runs-on: ubuntu-18.04
|
|
needs: [lint-py, lint-c]
|
|
services:
|
|
registry:
|
|
image: registry:2
|
|
ports:
|
|
- 5000:5000
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v2
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v1
|
|
with:
|
|
driver-opts: network=host
|
|
|
|
- name: Cache Docker layers
|
|
uses: actions/cache@v2
|
|
with:
|
|
path: /tmp/.buildx-cache
|
|
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
|
restore-keys: |
|
|
${{ runner.os }}-buildx-
|
|
|
|
- name: Build the dependency Docker image
|
|
uses: docker/build-push-action@v2
|
|
with:
|
|
push: true
|
|
tags: localhost:5000/foundation-devices/firmware-builder:${{ github.sha }}
|
|
cache-from: type=local,src=/tmp/.buildx-cache
|
|
cache-to: type=local,dest=/tmp/.buildx-cache
|
|
|
|
- name: Setup just
|
|
uses: extractions/setup-just@aa5d15c144db4585980a44ebfdd2cf337c4f14cb
|
|
|
|
- name: Build the firmware
|
|
run: |
|
|
echo "$SIGNING_KEY" > signing_key.pem
|
|
version=$(git describe --all --match *dev* | awk '{print $NF}' | cut -d '-' -f 2)
|
|
|
|
just DOCKER_REGISTRY_BASE="$D_BASE" sign signing_key.pem "${version#?}"
|
|
env:
|
|
SIGNING_KEY: ${{ secrets.UserSigningKey }}
|
|
D_BASE: localhost:5000/
|
|
|
|
- name: Build the bootloader
|
|
run: just DOCKER_REGISTRY_BASE="$D_BASE" bootloader-build
|
|
env:
|
|
D_BASE: localhost:5000/
|
|
|
|
- name: Build and make tools available
|
|
run: just DOCKER_REGISTRY_BASE="$D_BASE" tools
|
|
env:
|
|
D_BASE: localhost:5000/
|
|
|
|
- name: Upload built firmware file
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: firmware.bin
|
|
path: ports/stm32/build-Passport/firmware.bin
|
|
|
|
- name: Upload signed firmware file
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: firmware-key-user.bin
|
|
path: ports/stm32/build-Passport/firmware-key-user.bin
|
|
|
|
- name: Upload bootloader
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: bootloader.bin
|
|
path: ports/stm32/boards/Passport/bootloader/arm/release/bootloader.bin
|
|
|
|
- name: Upload cosign
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: cosign
|
|
path: cosign
|
|
|
|
- name: Upload add-secrets
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: add-secrets
|
|
path: ports/stm32/boards/Passport/tools/add-secrets/x86/release/add-secrets
|
|
|
|
- name: Upload word_list_gen
|
|
uses: actions/upload-artifact@v2
|
|
with:
|
|
name: word_list_gen
|
|
path: ports/stm32/boards/Passport/tools/word_list_gen/word_list_gen
|
|
|