Add complete checks for invalid memory accesses #703
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- 'main' | |
pull_request: {} | |
# allow manual runs: | |
workflow_dispatch: {} | |
jobs: | |
check-firmware: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: check indentation in firmware C code | |
working-directory: hw/application_fpga | |
run: | | |
make -C fw/tk1 checkfmt | |
make -C fw/testfw checkfmt | |
- name: run static analysis on firmware C code | |
working-directory: hw/application_fpga | |
run: | | |
make check | |
- name: compile firmware and testfw | |
working-directory: hw/application_fpga | |
run: make firmware.bin testfw.bin | |
check-verilog: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: lint verilog using verilator | |
working-directory: hw/application_fpga | |
run: make lint | |
build-usb-firmware: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: compile ch552 firmware | |
working-directory: hw/usb_interface/ch552_fw | |
run: make | |
build-bitstream: | |
outputs: | |
commit_sha: ${{ github.sha }} | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: make application FPGA gateware | |
working-directory: hw/application_fpga | |
run: make all | |
- name: Cache binaries | |
uses: actions/cache@v4 | |
with: | |
path: | | |
hw/application_fpga/application_fpga.bin | |
hw/application_fpga/firmware.bin | |
key: build-${{ github.run_number }}-${{ github.sha }}-${{ github.run_attempt }} | |
check-hashes: | |
needs: build-bitstream | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Retrieve binaries from cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
hw/application_fpga/application_fpga.bin | |
hw/application_fpga/firmware.bin | |
key: build-${{ github.run_number }}-${{ needs.build-bitstream.outputs.commit_sha }}-${{ github.run_attempt }} | |
- name: check matching hashes for firmware.bin & application_fpga.bin | |
working-directory: hw/application_fpga | |
run: make check-binary-hashes | |
# TODO? first deal with hw/boards/ and hw/production_test/ | |
# - name: check for SPDX tags | |
# run: ./LICENSES/spdx-ensure |