ci: Remove shellcheck, run deploy in container with host network
Some checks failed
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 4s
Lint & Build / C/C++ Static Analysis (push) Successful in 27s
Lint & Build / Build Firmware (push) Successful in 2m41s
Lint & Build / Deploy to ESP Fleet (push) Has been cancelled
Some checks failed
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 4s
Lint & Build / C/C++ Static Analysis (push) Successful in 27s
Lint & Build / Build Firmware (push) Successful in 2m41s
Lint & Build / Deploy to ESP Fleet (push) Has been cancelled
- Remove shellcheck job (no shell scripts) - Deploy job now uses espressif/idf container with --network=host - Install git, curl, jq, netcat in deploy container
This commit is contained in:
user
@@ -20,7 +20,7 @@ on:
|
|||||||
jobs:
|
jobs:
|
||||||
build:
|
build:
|
||||||
name: Build Firmware
|
name: Build Firmware
|
||||||
needs: [cppcheck, flawfinder, gitleaks, shellcheck]
|
needs: [cppcheck, flawfinder, gitleaks]
|
||||||
runs-on: anvil
|
runs-on: anvil
|
||||||
container:
|
container:
|
||||||
image: docker.io/espressif/idf:v5.3
|
image: docker.io/espressif/idf:v5.3
|
||||||
@@ -89,19 +89,25 @@ jobs:
|
|||||||
runs-on: anvil
|
runs-on: anvil
|
||||||
needs: build
|
needs: build
|
||||||
if: github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'true' || startsWith(github.ref, 'refs/tags/v')
|
if: github.event_name == 'workflow_dispatch' && github.event.inputs.deploy == 'true' || startsWith(github.ref, 'refs/tags/v')
|
||||||
# Run directly on host (no container) to access local network
|
container:
|
||||||
|
image: docker.io/espressif/idf:v5.3
|
||||||
|
options: --network=host
|
||||||
steps:
|
steps:
|
||||||
|
- name: Install tools
|
||||||
|
run: apt-get update && apt-get install -y --no-install-recommends git curl jq netcat-openbsd
|
||||||
|
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
run: |
|
run: |
|
||||||
git clone --depth=1 --branch=${{ github.ref_name }} \
|
git clone --depth=1 --branch=${{ github.ref_name }} \
|
||||||
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git workspace
|
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
|
||||||
|
|
||||||
- name: Build firmware
|
- name: Build firmware
|
||||||
run: |
|
run: |
|
||||||
cd workspace && . $HOME/esp/esp-idf/export.sh && cd get-started/csi_recv_router && idf.py build
|
. /opt/esp/idf/export.sh
|
||||||
|
cd get-started/csi_recv_router
|
||||||
|
idf.py build
|
||||||
|
|
||||||
- name: Validate version tag
|
- name: Validate version tag
|
||||||
working-directory: workspace
|
|
||||||
run: |
|
run: |
|
||||||
TAG="${{ github.ref_name }}"
|
TAG="${{ github.ref_name }}"
|
||||||
# Extract version from binary metadata
|
# Extract version from binary metadata
|
||||||
@@ -117,7 +123,6 @@ jobs:
|
|||||||
- name: Create release and upload firmware
|
- name: Create release and upload firmware
|
||||||
env:
|
env:
|
||||||
GITEA_TOKEN: ${{ github.token }}
|
GITEA_TOKEN: ${{ github.token }}
|
||||||
working-directory: workspace
|
|
||||||
run: |
|
run: |
|
||||||
TAG="${{ github.ref_name }}"
|
TAG="${{ github.ref_name }}"
|
||||||
REPO="${{ github.repository }}"
|
REPO="${{ github.repository }}"
|
||||||
@@ -150,7 +155,6 @@ jobs:
|
|||||||
"$API_URL/repos/$REPO/releases/$RELEASE_ID/assets?name=csi_recv_router.bin"
|
"$API_URL/repos/$REPO/releases/$RELEASE_ID/assets?name=csi_recv_router.bin"
|
||||||
|
|
||||||
- name: Deploy via OTA
|
- name: Deploy via OTA
|
||||||
working-directory: workspace
|
|
||||||
run: |
|
run: |
|
||||||
SENSORS="muddy-storm:192.168.129.29 amber-maple:192.168.129.30 hollow-acorn:192.168.129.31"
|
SENSORS="muddy-storm:192.168.129.29 amber-maple:192.168.129.30 hollow-acorn:192.168.129.31"
|
||||||
OTA_PORT=8899
|
OTA_PORT=8899
|
||||||
@@ -290,27 +294,3 @@ jobs:
|
|||||||
|
|
||||||
- name: Run gitleaks
|
- name: Run gitleaks
|
||||||
run: gitleaks detect --source . --verbose --redact
|
run: gitleaks detect --source . --verbose --redact
|
||||||
|
|
||||||
shellcheck:
|
|
||||||
name: Shell Script Analysis
|
|
||||||
runs-on: anvil
|
|
||||||
container:
|
|
||||||
image: docker.io/koalaman/shellcheck-alpine:stable
|
|
||||||
steps:
|
|
||||||
- name: Install git
|
|
||||||
run: apk add --no-cache git
|
|
||||||
|
|
||||||
- name: Checkout
|
|
||||||
run: |
|
|
||||||
git clone --depth=1 --branch=${{ github.ref_name }} \
|
|
||||||
https://oauth2:${{ github.token }}@git.mymx.me/${{ github.repository }}.git .
|
|
||||||
|
|
||||||
- name: Find and check shell scripts
|
|
||||||
run: |
|
|
||||||
SCRIPTS=$(find . -name "*.sh" -type f 2>/dev/null || true)
|
|
||||||
if [ -n "$SCRIPTS" ]; then
|
|
||||||
echo "Checking: $SCRIPTS"
|
|
||||||
echo "$SCRIPTS" | xargs shellcheck --severity=warning
|
|
||||||
else
|
|
||||||
echo "No shell scripts found, skipping"
|
|
||||||
fi
|
|
||||||
|
|||||||
Reference in New Issue
Block a user