FPGA: Add CPU instruction address SPI access control #431
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: | |
- 'main' | |
pull_request: {} | |
# allow manual runs: | |
workflow_dispatch: {} | |
jobs: | |
check-firmware: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: check indentation in firmware C code | |
working-directory: hw/application_fpga | |
run: | | |
make -C fw/tk1 checkfmt | |
make -C fw/testfw checkfmt | |
- name: run static analysis on firmware C code | |
working-directory: hw/application_fpga | |
run: | | |
make check | |
- name: compile firmware and testfw | |
working-directory: hw/application_fpga | |
run: make firmware.bin testfw.bin | |
check-verilog: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: lint verilog using verilator | |
working-directory: hw/application_fpga | |
run: make lint | |
build-other-firmwares: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: compile ch552 firmware | |
working-directory: hw/usb_interface/ch552_fw | |
run: make | |
- name: compile tp1 firmware | |
working-directory: hw/boards/tp1/firmware | |
run: ./build.sh | |
build-spi-bitstream: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: make application FPGA with SPI master | |
working-directory: hw/application_fpga | |
run: make application_fpga.bin YOSYS_FLAG=-DINCLUDE_SPI_MASTER > build.log 2>&1 | |
- name: Extract max frequency info | |
working-directory: hw/application_fpga | |
if: success() | |
run: | | |
MAX_FREQ=$(grep "Info: Max frequency for clock 'clk':" build.log || echo "Max frequency info not found") | |
echo "MAX_FREQ_INFO=$MAX_FREQ" >> $GITHUB_ENV | |
- name: Print max frequency info | |
working-directory: hw/application_fpga | |
if: success() | |
run: | | |
echo "Max Frequency Info: ${{ env.MAX_FREQ_INFO }}" | |
build-bitstream: | |
outputs: | |
commit_sha: ${{ github.sha }} | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
# fetch-depth: 0 | |
persist-credentials: false | |
- name: fix | |
# https://github.com/actions/runner-images/issues/6775 | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
- name: make production test gateware | |
working-directory: hw/production_test/application_fpga_test_gateware | |
run: make | |
- name: make application FPGA gateware | |
working-directory: hw/application_fpga | |
run: make all | |
- name: Cache binaries | |
uses: actions/cache@v4 | |
with: | |
path: | | |
hw/application_fpga/application_fpga.bin | |
hw/application_fpga/firmware.bin | |
key: build-${{ github.run_number }}-${{ github.sha }}-${{ github.run_attempt }} | |
check-hashes: | |
needs: build-bitstream | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/tillitis/tkey-builder:4 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Retrieve binaries from cache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
hw/application_fpga/application_fpga.bin | |
hw/application_fpga/firmware.bin | |
key: build-${{ github.run_number }}-${{ needs.build-bitstream.outputs.commit_sha }}-${{ github.run_attempt }} | |
- name: check matching hashes for firmware.bin & application_fpga.bin | |
working-directory: hw/application_fpga | |
run: make check-binary-hashes | |
# TODO? first deal with hw/boards/ and hw/production_test/ | |
# - name: check for SPDX tags | |
# run: ./LICENSES/spdx-ensure |