ci: build all TI samples instead of just the BLE beacon#201
ci: build all TI samples instead of just the BLE beacon#201HongNguyen635 wants to merge 3 commits into
Conversation
HongNguyen635
changed the title
HongNguyen635
force-pushed
the
workflows/build_ti
branch
3 times, most recently
from
47fbfa2 to
d0f489b
Compare
HongNguyen635
force-pushed
the
workflows/build_ti
branch
3 times, most recently
from
c528118 to
4e8ad59
Compare
|
Example of build summary. The build will stop if a sample fails to build midway. 
|
ceolin
left a comment
ceolin
left a comment
There was a problem hiding this comment.
Minor things, it is looking super good
HongNguyen635
force-pushed
the
workflows/build_ti
branch
from
4e8ad59 to
8ff4dde
Compare
|
I addressed the comments, please take a look again. |
ceolin
left a comment
ceolin
left a comment
There was a problem hiding this comment.
There is a security implication between the script and the gh action.
|
|
||
| prebuild: | ||
| - run: echo -n "AAAAAAAAAAAAAAAAAAAAAA==" > master.key | ||
| - run: python3 tools/embed_key_time.py -b master.key -o samples/freertos/ti/ble-beacon/src/ |
There was a problem hiding this comment.
@HongNguyen635 This can't be allowed. The action runs in the pull request context, this means that the user controls it and we are running whatever is set in here.
The easiest way is to set the fake key and dummy time directly in the code adding some comments that it must be overwrite with proper values.
There was a problem hiding this comment.
that's a good point.
HongNguyen635
force-pushed
the
workflows/build_ti
branch
from
8ff4dde to
14d20cd
Compare
|
@ceolin that's a valid concern, and it's true for the Since the scope is limited to read, they can't read repo secrets, but they can burn CI time for crypto mining for example. How do we want to handle this? Do you want to limit this workflow to trigger manually with write access reviewers? |
| # check if key and time is generated | ||
| generated_files = src/key.c src/time.c | ||
| ifeq ($(words $(wildcard $(generated_files))),2) | ||
| CFLAGS += -DHUBBLE_KEY_TIME_SET |
There was a problem hiding this comment.
I'm not sure if there is an alternative way. I was thinking of using __has_include but this is compiler dependent...
Using dummy key and time if not set, this allows the sample to be built without running the embed_key_time.py script, which could be useful for CI or quick testing. Signed-off-by: Hong Nguyen <hong@hubble.com>
s/sampes/samples Signed-off-by: Hong Nguyen <hong@hubble.com>
Add a script to build all TI samples given if the sample dir contains a `sample.yaml` file. This allows a bit more flexibility instead of manually adding each entry into the workflow file. Signed-off-by: Hong Nguyen <hong@hubble.com>
HongNguyen635
force-pushed
the
workflows/build_ti
branch
from
14d20cd to
8de0659
Compare
2 participants
Introduce a different way to build for TI:
sample.yamlin each sample dir with different configs we want to build.