user
796c6ced28
fix: Exclude known NVS key names from secret detection
...
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 34s
Lint & Build / Build Firmware (push) Failing after 2m13s
The strings check was matching 'auth_secret' (NVS key) and
'secret=%s' (printf format) as false positives. Filter out
known firmware patterns.
2026-02-15 00:14:05 +01:00
user
ba6a2a13ee
fix: Add IDF_PATH_FORCE for export.sh detection
...
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 35s
Lint & Build / Build Firmware (push) Failing after 2m14s
export.sh requires IDF_PATH_FORCE=1 to honor the IDF_PATH env var
instead of auto-detecting from script location.
2026-02-15 00:09:43 +01:00
user
e96ec06a18
fix: Set IDF_PATH explicitly in build job
...
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 6s
Lint & Build / C/C++ Static Analysis (push) Successful in 35s
Lint & Build / Build Firmware (push) Failing after 16s
The espressif/idf:v5.5 container fails to auto-detect IDF_PATH
from export.sh when run under Gitea Actions. Set it explicitly
as an env var.
2026-02-15 00:07:24 +01:00
user
c895f52151
feat: Push firmware to Harbor for Trivy scanning
...
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Failing after 34s
Lint & Build / Build Firmware (push) Has been skipped
Add crane-based OCI image push step to CI workflow.
Packages firmware binary into scratch image and pushes to
harbor.mymx.me/library/firmware:<sha> on every build.
Tag pushes also get a version tag. Harbor auto-scans with Trivy.
2026-02-14 23:03:27 +01:00
user
c76c1ee61b
feat: OTA TLS cert verification + CI release pipeline
...
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Failing after 34s
Lint & Build / Build Firmware (push) Has been skipped
Wire ESP-IDF's built-in 150-CA root bundle to the OTA HTTP client
so HTTPS OTA verifies server certificates. Pin bundle config in
sdkconfig.defaults. Replace dead artifact-copy step with Gitea
release creation on tag push. Bump CI container to IDF v5.5.
2026-02-14 22:38:41 +01:00
user
2e4fa30b84
ci: Remove deploy job (deploy locally instead)
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 28s
Lint & Build / Build Firmware (push) Successful in 2m58s
2026-02-05 23:46:37 +01:00
user
89e05bbb7e
ci: Use absolute path for ESP-IDF on host runner
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Lint & Build / Secret Scanning (push) Successful in 6s
Lint & Build / C/C++ Static Analysis (push) Successful in 28s
Lint & Build / Deploy to ESP Fleet (push) Failing after 1s
Lint & Build / Build Firmware (push) Has been cancelled
2026-02-05 23:43:59 +01:00
user
f9d22cbe39
ci: Use curl/tar for deploy checkout (host has no git)
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 28s
Lint & Build / Build Firmware (push) Has been skipped
Lint & Build / Deploy to ESP Fleet (push) Failing after 1s
2026-02-05 23:29:52 +01:00
user
9e3038e85f
ci: Run deploy on host with local HTTP server for OTA
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 28s
Lint & Build / Build Firmware (push) Successful in 1m53s
Lint & Build / Deploy to ESP Fleet (push) Has been skipped
2026-02-05 23:23:45 +01:00
user
de3e120c7e
ci: Use Gitea release URL for OTA instead of local HTTP server
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 27s
Lint & Build / Build Firmware (push) Has been skipped
Lint & Build / Deploy to ESP Fleet (push) Successful in 4m24s
2026-02-05 23:14:06 +01:00
user
a84abf03ca
ci: Add security checks (secrets scan, config validation)
2026-02-05 23:02:46 +01:00
user
4da0679d4e
ci: Skip build job on tag pushes (deploy rebuilds)
2026-02-05 23:00:10 +01:00
user
da9859571b
ci: Remove shellcheck, run deploy in container with host network
...
Lint & Build / Security Flaw Analysis (push) Successful in 16s
Lint & Build / Secret Scanning (push) Successful in 4s
Lint & Build / C/C++ Static Analysis (push) Successful in 27s
Lint & Build / Build Firmware (push) Successful in 2m41s
Lint & Build / Deploy to ESP Fleet (push) Has been cancelled
- Remove shellcheck job (no shell scripts)
- Deploy job now uses espressif/idf container with --network=host
- Install git, curl, jq, netcat in deploy container
2026-02-05 22:54:16 +01:00
user
52603fb097
fix: Use git clone instead of curl for deploy checkout
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 28s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Build Firmware (push) Successful in 2m52s
Lint & Build / Deploy to ESP Fleet (push) Failing after 0s
2026-02-05 22:47:51 +01:00
user
974ffadb1c
ci: Add firmware size check and version tag validation
...
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 28s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Build Firmware (push) Successful in 1m51s
Lint & Build / Deploy to ESP Fleet (push) Failing after 1s
- Fail build if binary exceeds 1920 KB partition
- Warn at 85% capacity
- Warn if git tag differs from embedded version
2026-02-05 22:42:49 +01:00
user
456b4f0b9a
ci: Run build after checks pass, fix deploy checkout
Lint & Build / Security Flaw Analysis (push) Successful in 15s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / C/C++ Static Analysis (push) Successful in 27s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Build Firmware (push) Successful in 1m53s
Lint & Build / Deploy to ESP Fleet (push) Has been skipped
2026-02-05 22:24:38 +01:00
user
a338c9f65f
ci: Fix multiline command syntax for host runner
Lint & Build / C/C++ Static Analysis (push) Successful in 29s
Lint & Build / Security Flaw Analysis (push) Successful in 20s
Lint & Build / Secret Scanning (push) Successful in 8s
Lint & Build / Shell Script Analysis (push) Successful in 9s
Lint & Build / Build Firmware (push) Successful in 2m4s
Lint & Build / Deploy to ESP Fleet (push) Failing after 1s
2026-02-05 22:18:50 +01:00
user
fbf2e9a7c1
ci: Add OTA progress monitoring with version checks
Lint & Build / C/C++ Static Analysis (push) Successful in 29s
Lint & Build / Deploy to ESP Fleet (push) Blocked by required conditions
Lint & Build / Security Flaw Analysis (push) Successful in 21s
Lint & Build / Secret Scanning (push) Successful in 8s
Lint & Build / Shell Script Analysis (push) Successful in 9s
Lint & Build / Build Firmware (push) Successful in 2m24s
2026-02-05 22:11:13 +01:00
user
1377abe248
ci: Run deploy on host instead of container for network access
Lint & Build / Deploy to ESP Fleet (push) Has been cancelled
Lint & Build / Security Flaw Analysis (push) Has been cancelled
Lint & Build / Secret Scanning (push) Has been cancelled
Lint & Build / Shell Script Analysis (push) Has been cancelled
Lint & Build / C/C++ Static Analysis (push) Has been cancelled
Lint & Build / Build Firmware (push) Has been cancelled
2026-02-05 22:09:47 +01:00
user
7f2e3f6dad
ci: Add ccache for faster builds + parallel OTA deployment
...
Lint & Build / C/C++ Static Analysis (push) Failing after 32s
Lint & Build / Security Flaw Analysis (push) Successful in 21s
Lint & Build / Secret Scanning (push) Successful in 8s
Lint & Build / Shell Script Analysis (push) Successful in 10s
Lint & Build / Build Firmware (push) Successful in 2m7s
Lint & Build / Deploy to ESP Fleet (push) Successful in 3m0s
Build improvements:
- Enable ccache via IDF_CCACHE_ENABLE=1
- Mount /var/cache/ccache volume for persistent cache
- Show ccache stats after build
Deployment improvements:
- Deploy to all sensors in parallel (max 3)
- Reduced total deploy time from ~2.5min to ~1min
Note: Runner needs /var/cache/ccache directory with write permissions
2026-02-05 22:02:29 +01:00
user
a85a2d776b
ci: Use host network for deploy container
Lint & Build / C/C++ Static Analysis (push) Failing after 34s
Lint & Build / Security Flaw Analysis (push) Successful in 21s
Lint & Build / Secret Scanning (push) Successful in 7s
Lint & Build / Shell Script Analysis (push) Successful in 10s
Lint & Build / Build Firmware (push) Successful in 1m56s
Lint & Build / Deploy to ESP Fleet (push) Successful in 4m18s
2026-02-05 21:55:21 +01:00
user
6dbab23329
ci: Serve firmware from runner for OTA deployment
...
Lint & Build / C/C++ Static Analysis (push) Failing after 37s
Lint & Build / Security Flaw Analysis (push) Successful in 21s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / Shell Script Analysis (push) Successful in 6s
Lint & Build / Build Firmware (push) Successful in 2m12s
Lint & Build / Deploy to ESP Fleet (push) Successful in 4m19s
Instead of having ESP devices download from Gitea (TLS cert issues),
the runner now serves firmware via local HTTP server and triggers
OTA with the local URL.
2026-02-05 21:48:53 +01:00
user
a1074319f2
ci: Upload firmware to Gitea releases for OTA
Lint & Build / C/C++ Static Analysis (push) Successful in 35s
Lint & Build / Security Flaw Analysis (push) Successful in 19s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Build Firmware (push) Successful in 2m17s
Lint & Build / Deploy to ESP Fleet (push) Successful in 3m29s
2026-02-05 13:48:08 +01:00
user
9ece83bac0
ci: Simplify deploy script to pure POSIX sh
Lint & Build / C/C++ Static Analysis (push) Successful in 35s
Lint & Build / Security Flaw Analysis (push) Successful in 18s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Build Firmware (push) Successful in 2m17s
Lint & Build / Deploy to ESP Fleet (push) Successful in 3m28s
2026-02-05 13:28:28 +01:00
user
cfa22e9e2a
ci: Fix deploy script for POSIX sh, use explicit bash
Lint & Build / C/C++ Static Analysis (push) Successful in 35s
Lint & Build / Security Flaw Analysis (push) Successful in 19s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Build Firmware (push) Successful in 2m18s
Lint & Build / Deploy to ESP Fleet (push) Failing after 1m51s
2026-02-05 13:21:38 +01:00
user
baf2c69aee
ci: Use hardcoded sensor IPs for deploy
Lint & Build / C/C++ Static Analysis (push) Successful in 34s
Lint & Build / Security Flaw Analysis (push) Successful in 19s
Lint & Build / Secret Scanning (push) Successful in 5s
Lint & Build / Build Firmware (push) Successful in 2m17s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Deploy to ESP Fleet (push) Failing after 1m51s
2026-02-05 13:14:38 +01:00
user
7be795a26e
ci: Fix deploy job - use container with host networking
Lint & Build / C/C++ Static Analysis (push) Successful in 35s
Lint & Build / Security Flaw Analysis (push) Successful in 19s
Lint & Build / Secret Scanning (push) Successful in 4s
Lint & Build / Shell Script Analysis (push) Successful in 7s
Lint & Build / Build Firmware (push) Successful in 2m16s
Lint & Build / Deploy to ESP Fleet (push) Successful in 1m53s
2026-02-05 12:29:22 +01:00
user
63ff9c4931
ci: Add deploy job for OTA firmware updates
...
Lint & Build / C/C++ Static Analysis (push) Successful in 29s
Lint & Build / Security Flaw Analysis (push) Successful in 22s
Lint & Build / Secret Scanning (push) Successful in 8s
Lint & Build / Shell Script Analysis (push) Successful in 9s
Lint & Build / Build Firmware (push) Successful in 1m56s
Lint & Build / Deploy to ESP Fleet (push) Failing after 0s
- Triggers on manual workflow_dispatch with deploy=true
- Triggers automatically on version tags (v*)
- Deploys to muddy-storm, amber-maple, hollow-acorn via OTA
- Uses podman to rebuild, then serves firmware via HTTP
2026-02-05 12:20:19 +01:00
user
b4c898a741
ci: Source ESP-IDF export.sh before build
Lint & Build / Secret Scanning (push) Successful in 2s
Lint & Build / Shell Script Analysis (push) Successful in 3s
Lint & Build / Security Flaw Analysis (push) Successful in 10s
Lint & Build / C/C++ Static Analysis (push) Successful in 17s
Lint & Build / Build Firmware (push) Successful in 50s
2026-02-05 12:16:20 +01:00
user
9e7fab9e09
ci: Add ESP-IDF firmware build job
Lint & Build / Secret Scanning (push) Successful in 3s
Lint & Build / Shell Script Analysis (push) Successful in 4s
Lint & Build / Security Flaw Analysis (push) Successful in 11s
Lint & Build / C/C++ Static Analysis (push) Successful in 18s
Lint & Build / Build Firmware (push) Failing after 1m44s
2026-02-05 12:13:56 +01:00
user
cae599f49f
ci: Use containers for all lint jobs (podman)
Lint & Security / Secret Scanning (push) Successful in 2s
Lint & Security / Shell Script Analysis (push) Successful in 5s
Lint & Security / C/C++ Static Analysis (push) Successful in 17s
Lint & Security / Security Flaw Analysis (push) Successful in 16s
2026-02-05 12:10:16 +01:00
user
7b9f0b9242
ci: Download gitleaks binary, use python3 -m pip for flawfinder
Lint & Security / C/C++ Static Analysis (push) Failing after 1s
Lint & Security / Security Flaw Analysis (push) Failing after 2s
Lint & Security / Secret Scanning (push) Successful in 1s
Lint & Security / Shell Script Analysis (push) Successful in 1s
2026-02-05 12:08:17 +01:00
user
9430832dfc
ci: Remove sudo - assume tools pre-installed on runner
Lint & Security / C/C++ Static Analysis (push) Failing after 1s
Lint & Security / Security Flaw Analysis (push) Failing after 1s
Lint & Security / Secret Scanning (push) Failing after 1s
Lint & Security / Shell Script Analysis (push) Successful in 1s
2026-02-05 12:07:16 +01:00
user
5d8fbd4bf6
ci: Use github.token for authenticated checkout
Lint & Security / C/C++ Static Analysis (push) Failing after 1s
Lint & Security / Security Flaw Analysis (push) Failing after 1s
Lint & Security / Secret Scanning (push) Failing after 1s
Lint & Security / Shell Script Analysis (push) Failing after 1s
2026-02-05 12:06:31 +01:00
user
033aaccd46
ci: Use git clone instead of actions/checkout (runner lacks node)
Lint & Security / Security Flaw Analysis (push) Has been cancelled
Lint & Security / Shell Script Analysis (push) Has been cancelled
Lint & Security / C/C++ Static Analysis (push) Has been cancelled
Lint & Security / Secret Scanning (push) Has been cancelled
2026-02-05 12:02:15 +01:00
user
8265f96f3b
ci: Add Gitea workflow for lint and security checks
...
Lint & Security / C/C++ Static Analysis (push) Has been cancelled
Lint & Security / Security Flaw Analysis (push) Has been cancelled
Lint & Security / Secret Scanning (push) Has been cancelled
Lint & Security / Shell Script Analysis (push) Has been cancelled
- cppcheck: C/C++ static analysis (warnings, style, performance, portability)
- flawfinder: Security-focused C/C++ analysis
- gitleaks: Secret scanning across repo history
- shellcheck: Shell script analysis
All jobs run on 'anvil' labeled runner.
2026-02-05 11:33:44 +01:00
