username/esp32-hacking
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 9 Wiki Activity
Files
7be795a26e4d13ed892810cd68fc8091af252fc6
esp32-hacking/.gitea/workflows/lint.yml
user 7be795a26e
All checks were successful
Lint & Build / C/C++ Static Analysis (push) Successful in 35s
Details
Lint & Build / Security Flaw Analysis (push) Successful in 19s
Details
Lint & Build / Secret Scanning (push) Successful in 4s
Details
Lint & Build / Shell Script Analysis (push) Successful in 7s
Details
Lint & Build / Build Firmware (push) Successful in 2m16s
Details
Lint & Build / Deploy to ESP Fleet (push) Successful in 1m53s
Details
ci: Fix deploy job - use container with host networking
2026-02-05 12:29:22 +01:00

199 lines
6.1 KiB
YAML
Raw Blame History

name: Lint & Build
on:
push:
branches: [main]
tags: ['v*']
pull_request:
branches: [main]
workflow_dispatch:
inputs:
deploy:
description: 'Deploy to ESP fleet after build'
required: false
default: 'false'
type: choice
options:
- 'false'
- 'true'
jobs:
build:
name: Build Firmware
runs-on: anvil
container:
image: docker.io/espressif/idf:v5.3
steps:
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Build firmware
run: |
. /opt/esp/idf/export.sh
cd get-started/csi_recv_router
idf.py build
- name: Show binary size
run: |
ls -lh get-started/csi_recv_router/build/*.bin
- name: Upload firmware artifact
run: |
mkdir -p /tmp/artifacts
cp get-started/csi_recv_router/build/csi_recv_router.bin /tmp/artifacts/
cp get-started/csi_recv_router/build/bootloader/bootloader.bin /tmp/artifacts/
cp get-started/csi_recv_router/build/partition_table/partition-table.bin /tmp/artifacts/
cp get-started/csi_recv_router/build/ota_data_initial.bin /tmp/artifacts/
echo "Artifacts ready in /tmp/artifacts"
ls -la /tmp/artifacts/
deploy:
name: Deploy to ESP Fleet
runs-on: anvil
needs: build
if: github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'true' || startsWith(github.ref, 'refs/tags/v')
container:
image: docker.io/espressif/idf:v5.3
options: --network host
steps:
- name: Install tools
run: |
apt-get update && apt-get install -y --no-install-recommends netcat-openbsd avahi-utils
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Build firmware
run: |
. /opt/esp/idf/export.sh
cd get-started/csi_recv_router
idf.py build
- name: Deploy via OTA
run: |
SENSORS="muddy-storm amber-maple hollow-acorn"
PORT=8070
# Get host IP (first non-loopback IPv4)
HOST_IP=$(hostname -I | awk '{print $1}')
echo "Host IP: $HOST_IP"
# Start HTTP server in background
cd get-started/csi_recv_router/build
python3 -m http.server $PORT &
HTTP_PID=$!
sleep 2
# Deploy to each sensor
for sensor in $SENSORS; do
echo "=== Deploying to $sensor ==="
# Resolve mDNS hostname
SENSOR_IP=$(getent hosts ${sensor}.local 2>/dev/null | awk '{print $1}')
if [ -z "$SENSOR_IP" ]; then
SENSOR_IP=$(avahi-resolve -4 -n ${sensor}.local 2>/dev/null | awk '{print $2}')
fi
if [ -z "$SENSOR_IP" ]; then
echo "Warning: Could not resolve $sensor.local, skipping"
continue
fi
echo "Sensor IP: $SENSOR_IP"
# Send OTA command via UDP
echo "OTA http://${HOST_IP}:${PORT}/csi_recv_router.bin" | nc -u -w 2 $SENSOR_IP 5501
echo "OTA command sent to $sensor"
# Wait for device to download and reboot
sleep 30
done
# Cleanup
kill $HTTP_PID 2>/dev/null || true
echo "=== Deployment complete ==="
cppcheck:
name: C/C++ Static Analysis
runs-on: anvil
container:
image: docker.io/library/debian:bookworm-slim
steps:
- name: Install tools
run: |
apt-get update && apt-get install -y --no-install-recommends git cppcheck ca-certificates
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Run cppcheck
run: |
cppcheck --enable=warning,style,performance,portability \
--suppress=missingIncludeSystem \
--error-exitcode=1 \
--inline-suppr \
-I get-started/csi_recv_router/main \
get-started/csi_recv_router/main/*.c
flawfinder:
name: Security Flaw Analysis
runs-on: anvil
container:
image: docker.io/library/python:3.12-slim
steps:
- name: Install tools
run: |
apt-get update && apt-get install -y --no-install-recommends git ca-certificates
pip install --no-cache-dir flawfinder
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Run flawfinder
run: |
flawfinder --minlevel=2 --error-level=4 \
get-started/csi_recv_router/main/
gitleaks:
name: Secret Scanning
runs-on: anvil
container:
image: docker.io/zricethezav/gitleaks:latest
steps:
- name: Checkout
run: |
git clone --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Run gitleaks
run: gitleaks detect --source . --verbose --redact
shellcheck:
name: Shell Script Analysis
runs-on: anvil
container:
image: docker.io/koalaman/shellcheck-alpine:stable
steps:
- name: Install git
run: apk add --no-cache git
- name: Checkout
run: |
git clone --depth=1 --branch=${{ github.ref_name }} \
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
- name: Find and check shell scripts
run: |
SCRIPTS=$(find . -name "*.sh" -type f 2>/dev/null || true)
if [ -n "$SCRIPTS" ]; then
echo "Checking: $SCRIPTS"
echo "$SCRIPTS" | xargs shellcheck --severity=warning
else
echo "No shell scripts found, skipping"
fi
Reference in New Issue View Git Blame Copy Permalink