From 6f08e0dcb9f5db6451f859bdc1c0bea085090fe8 Mon Sep 17 00:00:00 2001 From: Marvin Drees Date: Fri, 30 Aug 2024 16:26:54 +0200 Subject: [PATCH] feat: add CI workflows Signed-off-by: Marvin Drees --- .github/workflows/build.yml | 64 ++++++++++++++++++++++++++++++ .github/workflows/lint.yml | 73 +++++++++++++++++++++++++++++++++++ .github/workflows/release.yml | 46 ++++++++++++++++++++++ 3 files changed, 183 insertions(+) create mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/lint.yml create mode 100644 .github/workflows/release.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..d3d90c5 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,64 @@ +name: Build + +on: + push: + branches: + - main + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + branches: + - main + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} + cancel-in-progress: true + +env: + CARGO_TERM_COLOR: always + RUSTFLAGS: --deny warnings + +jobs: + generate-matrix: + runs-on: ubuntu-latest + outputs: + commits: ${{ steps.commits.outputs.hashes }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + - name: Get all commit hashes + id: commits + run: | + echo "hashes=[$(git log -z --pretty=format:"'%H'," ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | sed 's/.$//')]" >> "$GITHUB_OUTPUT" + build: + name: Build + needs: generate-matrix + strategy: + matrix: + commit: ${{ fromJson(needs.generate-matrix.outputs.commits) }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ matrix.commit }} + - name: Install toolchain and tools + run: | + rustup toolchain install nightly --profile minimal + rustup default nightly + sudo apt update && sudo apt install -y libudev-dev + cargo install flip-link elf2uf2-rs + - name: Build + run: cargo run --verbose --release + - uses: actions/upload-artifact@v4 + with: + name: Picoprog-Image-${{ matrix.commit }} + path: target/thumbv6m-none-eabi/release/picoprog.uf2 diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml new file mode 100644 index 0000000..39f5658 --- /dev/null +++ b/.github/workflows/lint.yml @@ -0,0 +1,73 @@ +name: Lint + +on: + push: + branches: + - main + pull_request: + types: + - opened + - reopened + - synchronize + - ready_for_review + branches: + - main + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} + cancel-in-progress: true + +env: + CARGO_TERM_COLOR: always + RUSTFLAGS: --deny warnings + +jobs: + generate-matrix: + runs-on: ubuntu-latest + outputs: + commits: ${{ steps.commits.outputs.hashes }} + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + - name: Get all commit hashes + id: commits + run: | + echo "hashes=[$(git log -z --pretty=format:"'%H'," ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | sed 's/.$//')]" >> "$GITHUB_OUTPUT" + commit-lint: + name: Conventional Commits + needs: generate-matrix + strategy: + matrix: + commit: ${{ fromJson(needs.generate-matrix.outputs.commits) }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ matrix.commit }} + - uses: bugbundle/commits@v1.1.0 + cargo: + name: Rustfmt and Clippy + needs: generate-matrix + strategy: + matrix: + commit: ${{ fromJson(needs.generate-matrix.outputs.commits) }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + ref: ${{ matrix.commit }} + - name: Install toolchain and tools + run: | + rustup toolchain install nightly --profile minimal + rustup default nightly + rustup component add clippy rustfmt + - name: Check Code Formatting + run: cargo fmt -- --check + - name: Lint with Clippy + run: cargo clippy -- -D warnings diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..8ee7f2b --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,46 @@ +name: SLSA generic generator + +on: + workflow_dispatch: + release: + types: + - created + +jobs: + build: + runs-on: ubuntu-latest + outputs: + digests: ${{ steps.hash.outputs.digests }} + steps: + - uses: actions/checkout@v4 + - name: Install toolchain and tools + run: | + rustup toolchain install nightly --profile minimal + rustup default nightly + - name: Install toolchain and tools + run: | + rustup toolchain install nightly --profile minimal + rustup default nightly + sudo apt update && sudo apt install -y libudev-dev + cargo install flip-link elf2uf2-rs + - name: Build + run: cargo run --release + - name: Generate subject for provenance + id: hash + run: | + set -euo pipefail + echo "hashes=$(sha256sum target/thumbv6m-none-eabi/release/picoprog.uf2 | base64 -w0)" >> "${GITHUB_OUTPUT}" + - uses: actions/upload-artifact@v4 + with: + name: Picoprog-Image + path: target/thumbv6m-none-eabi/release/picoprog.uf2 + provenance: + needs: build + permissions: + actions: read # To read the workflow path. + id-token: write # To sign the provenance. + contents: write # To add assets to a release. + uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v1.4.0 + with: + base64-subjects: "${{ needs.build.outputs.digests }}" + upload-assets: true