sforkowany z mirror/meshtastic-firmware
Trunk, you got a big storm coming, honey
Ben Meadors
rodzic
ed155476ac
commit
2e8832babb
|
|
@ -28,7 +28,7 @@ body:
|
||||||
description: What LoRa IC does the board have?
|
description: What LoRa IC does the board have?
|
||||||
validations:
|
validations:
|
||||||
required: true
|
required: true
|
||||||
|
|
||||||
- type: input
|
- type: input
|
||||||
id: link
|
id: link
|
||||||
attributes:
|
attributes:
|
||||||
|
|
|
||||||
|
|
@ -1,5 +1,5 @@
|
||||||
name: 'Setup Build Base Composite Action'
|
name: "Setup Build Base Composite Action"
|
||||||
description: 'Base build actions for Meshtastic Platform IO steps'
|
description: "Base build actions for Meshtastic Platform IO steps"
|
||||||
|
|
||||||
runs:
|
runs:
|
||||||
using: "composite"
|
using: "composite"
|
||||||
|
|
@ -10,7 +10,7 @@ runs:
|
||||||
submodules: "recursive"
|
submodules: "recursive"
|
||||||
ref: ${{github.event.pull_request.head.ref}}
|
ref: ${{github.event.pull_request.head.ref}}
|
||||||
repository: ${{github.event.pull_request.head.repo.full_name}}
|
repository: ${{github.event.pull_request.head.repo.full_name}}
|
||||||
|
|
||||||
- name: Install cppcheck
|
- name: Install cppcheck
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
|
|
@ -38,4 +38,4 @@ runs:
|
||||||
- name: Upgrade platformio
|
- name: Upgrade platformio
|
||||||
shell: bash
|
shell: bash
|
||||||
run: |
|
run: |
|
||||||
pio upgrade
|
pio upgrade
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ on:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-esp32:
|
build-esp32:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
|
@ -31,7 +31,7 @@ jobs:
|
||||||
|
|
||||||
- name: Remove debug flags for release
|
- name: Remove debug flags for release
|
||||||
if: ${{ github.event_name == 'workflow_dispatch' }}
|
if: ${{ github.event_name == 'workflow_dispatch' }}
|
||||||
run: |
|
run: |
|
||||||
sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32.ini
|
sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32.ini
|
||||||
sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32s2.ini
|
sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32s2.ini
|
||||||
sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32s3.ini
|
sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32s3.ini
|
||||||
|
|
@ -46,7 +46,7 @@ jobs:
|
||||||
file: "firmware.bin"
|
file: "firmware.bin"
|
||||||
target: "release/bleota.bin"
|
target: "release/bleota.bin"
|
||||||
token: ${{ secrets.GITHUB_TOKEN }}
|
token: ${{ secrets.GITHUB_TOKEN }}
|
||||||
|
|
||||||
- name: Get release version string
|
- name: Get release version string
|
||||||
shell: bash
|
shell: bash
|
||||||
run: echo "version=$(./bin/buildinfo.py long)" >> $GITHUB_OUTPUT
|
run: echo "version=$(./bin/buildinfo.py long)" >> $GITHUB_OUTPUT
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ on:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-nrf52:
|
build-nrf52:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
|
@ -30,4 +30,4 @@ jobs:
|
||||||
path: |
|
path: |
|
||||||
release/*.uf2
|
release/*.uf2
|
||||||
release/*.elf
|
release/*.elf
|
||||||
release/*.zip
|
release/*.zip
|
||||||
|
|
|
||||||
|
|
@ -7,7 +7,7 @@ on:
|
||||||
required: true
|
required: true
|
||||||
type: string
|
type: string
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
build-rpi2040:
|
build-rpi2040:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
steps:
|
steps:
|
||||||
|
|
@ -29,4 +29,4 @@ jobs:
|
||||||
name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip
|
name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip
|
||||||
path: |
|
path: |
|
||||||
release/*.uf2
|
release/*.uf2
|
||||||
release/*.elf
|
release/*.elf
|
||||||
|
|
|
||||||
|
|
@ -10,31 +10,31 @@ on:
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
flawfinder:
|
flawfinder:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
name: Flawfinder
|
name: Flawfinder
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
# step 1
|
# step 1
|
||||||
- name: clone application source code
|
- name: clone application source code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# step 2
|
# step 2
|
||||||
- name: flawfinder_scan
|
- name: flawfinder_scan
|
||||||
uses: david-a-wheeler/flawfinder@2.0.19
|
uses: david-a-wheeler/flawfinder@2.0.19
|
||||||
with:
|
with:
|
||||||
arguments: '--sarif ./'
|
arguments: "--sarif ./"
|
||||||
output: 'flawfinder_report.sarif'
|
output: "flawfinder_report.sarif"
|
||||||
|
|
||||||
# step 3
|
# step 3
|
||||||
- name: save report as pipeline artifact
|
- name: save report as pipeline artifact
|
||||||
uses: actions/upload-artifact@v3
|
uses: actions/upload-artifact@v3
|
||||||
with:
|
with:
|
||||||
name: flawfinder_report.sarif
|
name: flawfinder_report.sarif
|
||||||
path: flawfinder_report.sarif
|
path: flawfinder_report.sarif
|
||||||
|
|
||||||
# step 4
|
# step 4
|
||||||
- name: publish code scanning alerts
|
- name: publish code scanning alerts
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
uses: github/codeql-action/upload-sarif@v2
|
||||||
with:
|
with:
|
||||||
sarif_file: flawfinder_report.sarif
|
sarif_file: flawfinder_report.sarif
|
||||||
category: flawfinder
|
category: flawfinder
|
||||||
|
|
|
||||||
|
|
@ -6,39 +6,37 @@ on:
|
||||||
branches:
|
branches:
|
||||||
- master
|
- master
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 1 * * 6'
|
- cron: "0 1 * * 6"
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|
||||||
semgrep-full:
|
semgrep-full:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container:
|
container:
|
||||||
image: returntocorp/semgrep
|
image: returntocorp/semgrep
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
# step 1
|
||||||
|
- name: clone application source code
|
||||||
|
uses: actions/checkout@v3
|
||||||
|
|
||||||
# step 1
|
# step 2
|
||||||
- name: clone application source code
|
- name: full scan
|
||||||
uses: actions/checkout@v3
|
run: |
|
||||||
|
semgrep \
|
||||||
|
--sarif --output report.sarif \
|
||||||
|
--metrics=off \
|
||||||
|
--config="p/default"
|
||||||
|
|
||||||
# step 2
|
# step 3
|
||||||
- name: full scan
|
- name: save report as pipeline artifact
|
||||||
run: |
|
uses: actions/upload-artifact@v3
|
||||||
semgrep \
|
with:
|
||||||
--sarif --output report.sarif \
|
name: report.sarif
|
||||||
--metrics=off \
|
path: report.sarif
|
||||||
--config="p/default"
|
|
||||||
|
|
||||||
# step 3
|
# step 4
|
||||||
- name: save report as pipeline artifact
|
- name: publish code scanning alerts
|
||||||
uses: actions/upload-artifact@v3
|
uses: github/codeql-action/upload-sarif@v2
|
||||||
with:
|
with:
|
||||||
name: report.sarif
|
sarif_file: report.sarif
|
||||||
path: report.sarif
|
category: semgrep
|
||||||
|
|
||||||
# step 4
|
|
||||||
- name: publish code scanning alerts
|
|
||||||
uses: github/codeql-action/upload-sarif@v2
|
|
||||||
with:
|
|
||||||
sarif_file: report.sarif
|
|
||||||
category: semgrep
|
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,14 @@
|
||||||
---
|
---
|
||||||
name: Semgrep Differential Scan
|
name: Semgrep Differential Scan
|
||||||
on:
|
on: pull_request
|
||||||
pull_request
|
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
|
|
||||||
semgrep-diff:
|
semgrep-diff:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container:
|
container:
|
||||||
image: returntocorp/semgrep
|
image: returntocorp/semgrep
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
|
|
||||||
# step 1
|
# step 1
|
||||||
- name: clone application source code
|
- name: clone application source code
|
||||||
uses: actions/checkout@v3
|
uses: actions/checkout@v3
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue