SFT-3834: first pass of message signing with microsd option, saved #180
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# SPDX-FileCopyrightText: © 2021 Foundation Devices, Inc. <[email protected]> | |
# SPDX-License-Identifier: GPL-3.0-or-later | |
# | |
# validate_and_build.yaml - GitHub actions for Passport | |
name: Build | |
on: [push] | |
jobs: | |
firmware: | |
name: Firmware | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
build: | |
[ | |
{ screen: 'mono', suffix: '-founders-passport', hash_suffix: '-founders'}, | |
{ screen: 'color', suffix: '-passport', hash_suffix: ''}, | |
] | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: network=host | |
- uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
cache-from: type=gha | |
cache-to: type=gha | |
tags: localhost:5000/foundation-devices/passport2:latest | |
- uses: ./.github/actions/rust-toolchain | |
with: | |
toolchain: 1.70.0 | |
targets: thumbv7em-none-eabihf | |
- run: cargo install [email protected] --locked | |
- run: | | |
echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | |
echo "SCREEN_MODE=$(echo "${{ matrix.build.screen }}" | tr a-z A-Z)" >> $GITHUB_ENV | |
- name: Build | |
run: | | |
echo "$SIGNING_KEY" > ports/stm32/signing_key.pem | |
version=$(cat version.txt) | |
echo "version=$(cat version.txt)" >> $GITHUB_ENV | |
just hash signing_key.pem "${version}" build-Passport/v${version}-beta${{ matrix.build.suffix }}.bin ${{ matrix.build.screen}} | |
env: | |
SIGNING_KEY: ${{ secrets.UserSigningKey }} | |
- name: Upload firmware (unsigned) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: v${{env.version}}-unsigned${{ matrix.build.suffix }}.bin | |
path: ports/stm32/build-Passport/firmware-${{ env.SCREEN_MODE }}.bin | |
- name: Upload firmware (signed) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: v${{env.version}}-beta${{ matrix.build.suffix }}.bin | |
path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.suffix }}.bin | |
- name: Upload MD5 Hash | |
uses: actions/upload-artifact@v4 | |
with: | |
name: v${{env.version}}${{ matrix.build.hash_suffix }}-md5 | |
path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-md5 | |
- name: Upload Build Hash | |
uses: actions/upload-artifact@v4 | |
with: | |
name: v${{env.version}}${{ matrix.build.hash_suffix }}-build-hash | |
path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-build-hash | |
- name: Upload SHA256 Hash | |
uses: actions/upload-artifact@v4 | |
with: | |
name: v${{env.version}}${{ matrix.build.hash_suffix }}-sha256 | |
path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-sha256 | |
- name: Upload Hashes Markdown | |
uses: actions/upload-artifact@v4 | |
with: | |
name: v${{env.version}}${{ matrix.build.hash_suffix }}-hashes.md | |
path: ports/stm32/build-Passport/v${{env.version}}-beta${{ matrix.build.hash_suffix }}-hashes.md | |
bootloader: | |
name: Bootloader | |
runs-on: ubuntu-20.04 | |
needs: [firmware] | |
# TODO: SFT-1077. | |
strategy: | |
matrix: | |
screen: ['color'] | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: network=host | |
- uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
cache-from: type=gha | |
cache-to: type=gha | |
tags: localhost:5000/foundation-devices/passport2:latest | |
- uses: ./.github/actions/rust-toolchain | |
with: | |
toolchain: 1.70.0 | |
targets: thumbv7em-none-eabihf | |
- run: cargo install [email protected] --locked | |
- run: | | |
echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | |
echo "SCREEN_MODE=$(echo ${{ matrix.screen }} | tr a-z A-Z)" >> $GITHUB_ENV | |
- name: Build | |
run: just build-bootloader ${{ matrix.screen }} | |
- name: Upload bootloader | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bootloader-${{ env.SCREEN_MODE }}.bin | |
path: ports/stm32/boards/Passport/bootloader/arm/release/bootloader-${{ env.SCREEN_MODE }}.bin | |
simulator: | |
name: Simulator | |
runs-on: ubuntu-20.04 | |
needs: [firmware] | |
strategy: | |
matrix: | |
screen: ['mono', 'color'] | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: network=host | |
- uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
cache-from: type=gha | |
cache-to: type=gha | |
tags: localhost:5000/foundation-devices/passport2:latest | |
- uses: ./.github/actions/rust-toolchain | |
with: | |
toolchain: 1.70.0 | |
targets: thumbv7em-none-eabihf | |
- run: cargo install [email protected] --locked | |
- run: echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | |
- name: Build | |
run: just build-simulator ${{ matrix.screen }} | |
build-tools: | |
name: Tools | |
runs-on: ubuntu-20.04 | |
services: | |
registry: | |
image: registry:2 | |
ports: | |
- 5000:5000 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: docker/setup-buildx-action@v3 | |
with: | |
driver-opts: network=host | |
- uses: docker/build-push-action@v5 | |
with: | |
push: true | |
context: . | |
cache-from: type=gha | |
cache-to: type=gha | |
tags: localhost:5000/foundation-devices/passport2:latest | |
- uses: ./.github/actions/rust-toolchain | |
with: | |
toolchain: 1.70.0 | |
targets: thumbv7em-none-eabihf | |
- run: cargo install [email protected] --locked | |
- run: echo "DOCKER_IMAGE=localhost:5000/foundation-devices/passport2:latest" >> $GITHUB_ENV | |
- name: Build | |
run: just tools |