Compare commits
7 Commits
c76c1ee61b
...
main
| Author | SHA1 | Date | |
|---|---|---|---|
|
1d0696a72c | ||
|
|
3cc5f06e78 | ||
|
|
796c6ced28 | ||
|
|
ba6a2a13ee | ||
|
|
e96ec06a18 | ||
|
|
54640a733b | ||
|
|
c895f52151 |
@@ -20,6 +20,8 @@ jobs:
|
||||
env:
|
||||
CCACHE_DIR: /ccache
|
||||
IDF_CCACHE_ENABLE: 1
|
||||
IDF_PATH: /opt/esp/idf
|
||||
IDF_PATH_FORCE: 1
|
||||
steps:
|
||||
- name: Checkout
|
||||
run: |
|
||||
@@ -71,7 +73,8 @@ jobs:
|
||||
CFG="get-started/csi_recv_router/sdkconfig"
|
||||
|
||||
echo "=== Checking for hardcoded secrets ==="
|
||||
if strings "$BIN" | grep -iqE '(password|secret|api_key|apikey)=[^$]'; then
|
||||
if strings "$BIN" | grep -iE '(password|secret|api_key|apikey)=' \
|
||||
| grep -ivE '(auth_secret|secret=%s|secret=\$)'; then
|
||||
echo "::error::Potential hardcoded secret found in binary"
|
||||
exit 1
|
||||
fi
|
||||
@@ -90,6 +93,29 @@ jobs:
|
||||
cd get-started/csi_recv_router
|
||||
idf.py size-components 2>/dev/null | head -30
|
||||
|
||||
- name: Push to Harbor
|
||||
run: |
|
||||
CRANE_VERSION="v0.20.3"
|
||||
curl -sL "https://github.com/google/go-containerregistry/releases/download/${CRANE_VERSION}/go-containerregistry_Linux_x86_64.tar.gz" \
|
||||
| tar xz -C /usr/local/bin crane
|
||||
|
||||
BIN="get-started/csi_recv_router/build/csi_recv_router.bin"
|
||||
TAG=$(echo "${{ github.sha }}" | cut -c1-7)
|
||||
IMAGE="harbor.mymx.me/library/firmware"
|
||||
|
||||
crane auth login harbor.mymx.me \
|
||||
-u "${{ secrets.HARBOR_USER }}" \
|
||||
-p "${{ secrets.HARBOR_PASS }}"
|
||||
|
||||
tar cf /tmp/firmware.tar -C "$(dirname "$BIN")" "$(basename "$BIN")"
|
||||
crane append -f /tmp/firmware.tar -t "$IMAGE:$TAG"
|
||||
|
||||
if [ "${{ github.ref_type }}" = "tag" ]; then
|
||||
crane tag "$IMAGE:$TAG" "${{ github.ref_name }}"
|
||||
fi
|
||||
|
||||
echo "Pushed $IMAGE:$TAG"
|
||||
|
||||
- name: Create release
|
||||
if: startsWith(github.ref, 'refs/tags/v')
|
||||
run: |
|
||||
|
||||
@@ -1012,7 +1012,8 @@ static void adaptive_task(void *arg)
|
||||
}
|
||||
/* Atomically gate: zero nsub first, copy, then set nsub */
|
||||
s_baseline_nsub = 0;
|
||||
memcpy(s_baseline_amps, staged, nsub * sizeof(float));
|
||||
if (nsub > 0)
|
||||
memcpy(s_baseline_amps, staged, nsub * sizeof(float));
|
||||
s_baseline_nsub = nsub;
|
||||
config_save_blob("bl_amps", s_baseline_amps, nsub * sizeof(float));
|
||||
config_save_i8("bl_nsub", (int8_t)nsub);
|
||||
@@ -2583,17 +2584,17 @@ static void serial_task(void *arg)
|
||||
else
|
||||
printf("OK AUTH off\n");
|
||||
} else if (strncasecmp(line, "AUTH ", 5) == 0) {
|
||||
const char *arg = line + 5;
|
||||
if (strcasecmp(arg, "OFF") == 0) {
|
||||
const char *val = line + 5;
|
||||
if (strcasecmp(val, "OFF") == 0) {
|
||||
s_auth_secret[0] = '\0';
|
||||
config_erase_key("auth_secret");
|
||||
printf("OK AUTH off (cleared)\n");
|
||||
} else {
|
||||
size_t alen = strlen(arg);
|
||||
size_t alen = strlen(val);
|
||||
if (alen < 8 || alen > 64) {
|
||||
printf("ERR secret length 8-64 chars\n");
|
||||
} else {
|
||||
strncpy(s_auth_secret, arg, sizeof(s_auth_secret) - 1);
|
||||
strncpy(s_auth_secret, val, sizeof(s_auth_secret) - 1);
|
||||
s_auth_secret[sizeof(s_auth_secret) - 1] = '\0';
|
||||
config_save_str("auth_secret", s_auth_secret);
|
||||
printf("OK AUTH on secret=%s\n", s_auth_secret);
|
||||
|
||||
Reference in New Issue
Block a user