Secrety delivery to next app #1071

Workflow file for this run


	name: ci

	on:
	push:
	branches:
	- 'main'
	pull_request: {}
	# allow manual runs:
	workflow_dispatch: {}

	jobs:
	check-formatting:
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/tillitis/tkey-builder:5rc2
	steps:
	- name: checkout
	uses: actions/checkout@v4
	with:
	# fetch-depth: 0
	persist-credentials: false

	- name: fix
	# https://github.com/actions/runner-images/issues/6775
	run: \|
	git config --global --add safe.directory "$GITHUB_WORKSPACE"

	- name: check formatting on Verilog and C
	working-directory: hw/application_fpga
	run: \|
	make checkfmt

	check-firmware:
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/tillitis/tkey-builder:5rc2
	steps:
	- name: checkout
	uses: actions/checkout@v4
	with:
	# fetch-depth: 0
	persist-credentials: false

	- name: fix
	# https://github.com/actions/runner-images/issues/6775
	run: \|
	git config --global --add safe.directory "$GITHUB_WORKSPACE"

	- name: compile firmware and testfw
	working-directory: hw/application_fpga
	run: make firmware.bin testfw.bin

	- name: run static analysis on firmware C code
	working-directory: hw/application_fpga
	run: \|
	make check

	check-verilog:
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/tillitis/tkey-builder:5rc2
	steps:
	- name: checkout
	uses: actions/checkout@v4
	with:
	# fetch-depth: 0
	persist-credentials: false

	- name: fix
	# https://github.com/actions/runner-images/issues/6775
	run: \|
	git config --global --add safe.directory "$GITHUB_WORKSPACE"

	- name: lint verilog using verilator
	working-directory: hw/application_fpga
	run: make lint

	build-usb-firmware:
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/tillitis/tkey-builder:5rc2
	steps:
	- name: checkout
	uses: actions/checkout@v4
	with:
	# fetch-depth: 0
	persist-credentials: false

	- name: fix
	# https://github.com/actions/runner-images/issues/6775
	run: \|
	git config --global --add safe.directory "$GITHUB_WORKSPACE"

	- name: compile ch552 firmware
	working-directory: hw/usb_interface/ch552_fw
	run: make

	build-bitstream:
	outputs:
	commit_sha: ${{ github.sha }}
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/tillitis/tkey-builder:5rc2
	steps:
	- name: checkout
	uses: actions/checkout@v4
	with:
	# fetch-depth: 0
	persist-credentials: false

	- name: fix
	# https://github.com/actions/runner-images/issues/6775
	run: \|
	git config --global --add safe.directory "$GITHUB_WORKSPACE"

	- name: make application FPGA gateware
	working-directory: hw/application_fpga
	run: make all

	- name: Cache binaries
	uses: actions/cache@v4
	with:
	path: \|
	hw/application_fpga/application_fpga.bin
	hw/application_fpga/firmware.bin
	key: build-${{ github.run_number }}-${{ github.sha }}-${{ github.run_attempt }}

	check-hashes:
	needs: build-bitstream
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/tillitis/tkey-builder:5rc2
	steps:
	- name: Checkout
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Retrieve binaries from cache
	uses: actions/cache@v4
	with:
	path: \|
	hw/application_fpga/application_fpga.bin
	hw/application_fpga/firmware.bin
	key: build-${{ github.run_number }}-${{ needs.build-bitstream.outputs.commit_sha }}-${{ github.run_attempt }}

	- name: check matching hashes for firmware.bin & application_fpga.bin
	working-directory: hw/application_fpga
	run: make check-binary-hashes


	reuse-compliance-check:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout
	uses: actions/checkout@v4

	- name: REUSE Compliance Check
	uses: fsfe/reuse-action@v4
	with:
	args: lint

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Secrety delivery to next app #1071

Workflow file

Secrety delivery to next app #1071

Uh oh!

Workflow file for this run