ci: Remove shellcheck, run deploy in container with host network
Some checks failed
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 4s
Lint & Build / C/C++ Static Analysis (push) Successful in 27s
Lint & Build / Build Firmware (push) Successful in 2m41s
Lint & Build / Deploy to ESP Fleet (push) Has been cancelled
Some checks failed
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 4s
Lint & Build / C/C++ Static Analysis (push) Successful in 27s
Lint & Build / Build Firmware (push) Successful in 2m41s
Lint & Build / Deploy to ESP Fleet (push) Has been cancelled
- Remove shellcheck job (no shell scripts) - Deploy job now uses espressif/idf container with --network=host - Install git, curl, jq, netcat in deploy container
This commit is contained in:
user
@@ -20,7 +20,7 @@ on:
|
||||
jobs:
|
||||
build:
|
||||
name: Build Firmware
|
||||
needs: [cppcheck, flawfinder, gitleaks, shellcheck]
|
||||
needs: [cppcheck, flawfinder, gitleaks]
|
||||
runs-on: anvil
|
||||
container:
|
||||
image: docker.io/espressif/idf:v5.3
|
||||
@@ -89,19 +89,25 @@ jobs:
|
||||
runs-on: anvil
|
||||
needs: build
|
||||
if: github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'true' || startsWith(github.ref, 'refs/tags/v')
|
||||
# Run directly on host (no container) to access local network
|
||||
container:
|
||||
image: docker.io/espressif/idf:v5.3
|
||||
options: --network=host
|
||||
steps:
|
||||
- name: Install tools
|
||||
run: apt-get update && apt-get install -y --no-install-recommends git curl jq netcat-openbsd
|
||||
|
||||
- name: Checkout
|
||||
run: |
|
||||
git clone --depth=1 --branch=${{ github.ref_name }} \
|
||||
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git workspace
|
||||
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
|
||||
|
||||
- name: Build firmware
|
||||
run: |
|
||||
cd workspace && . $HOME/esp/esp-idf/export.sh && cd get-started/csi_recv_router && idf.py build
|
||||
. /opt/esp/idf/export.sh
|
||||
cd get-started/csi_recv_router
|
||||
idf.py build
|
||||
|
||||
- name: Validate version tag
|
||||
working-directory: workspace
|
||||
run: |
|
||||
TAG="${{ github.ref_name }}"
|
||||
# Extract version from binary metadata
|
||||
@@ -117,7 +123,6 @@ jobs:
|
||||
- name: Create release and upload firmware
|
||||
env:
|
||||
GITEA_TOKEN: ${{ github.token }}
|
||||
working-directory: workspace
|
||||
run: |
|
||||
TAG="${{ github.ref_name }}"
|
||||
REPO="${{ github.repository }}"
|
||||
@@ -150,7 +155,6 @@ jobs:
|
||||
"$API_URL/repos/$REPO/releases/$RELEASE_ID/assets?name=csi_recv_router.bin"
|
||||
|
||||
- name: Deploy via OTA
|
||||
working-directory: workspace
|
||||
run: |
|
||||
SENSORS="muddy-storm:192.168.129.29 amber-maple:192.168.129.30 hollow-acorn:192.168.129.31"
|
||||
OTA_PORT=8899
|
||||
@@ -290,27 +294,3 @@ jobs:
|
||||
|
||||
- name: Run gitleaks
|
||||
run: gitleaks detect --source . --verbose --redact
|
||||
|
||||
shellcheck:
|
||||
name: Shell Script Analysis
|
||||
runs-on: anvil
|
||||
container:
|
||||
image: docker.io/koalaman/shellcheck-alpine:stable
|
||||
steps:
|
||||
- name: Install git
|
||||
run: apk add --no-cache git
|
||||
|
||||
- name: Checkout
|
||||
run: |
|
||||
git clone --depth=1 --branch=${{ github.ref_name }} \
|
||||
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
|
||||
|
||||
- name: Find and check shell scripts
|
||||
run: |
|
||||
SCRIPTS=$(find . -name "*.sh" -type f 2>/dev/null || true)
|
||||
if [ -n "$SCRIPTS" ]; then
|
||||
echo "Checking: $SCRIPTS"
|
||||
echo "$SCRIPTS" | xargs shellcheck --severity=warning
|
||||
else
|
||||
echo "No shell scripts found, skipping"
|
||||
fi
|
||||
|
||||
Reference in New Issue
Block a user