firmware icon indicating copy to clipboard operation
firmware copied to clipboard

Published 20 hours ago verified publisher icon Coldcard

Add workflow for repro build on github actions

Open JS1010111 opened this issue 2 years ago • 5 comments

Hi guys,

I made this workflow for the repro build of the Coldcard firmware that is automatically triggered when a commit or pull request is merged into master.

It runs on Github runners with Ubuntu but it's easy to add other OSes if you want or even run on Docker with your dockerfile (though a bit slower and imho it's better to avoid another layer).

Github Actions is free for public repos, so you get a basic CI without any cost. It even gets you a badge if you want to stamp it on your readme like this:

CCFW Reproducible Build

Unfortunately the reproducible build from master is failing because you have commited new code that is not in the latest released firmware v4.1.3, so the diff fails.

It's better to keep your master branch reflecting your production state and use branches for everything else if the reproducible build comes from the master. It's also possible to trigger the CI from tags or release/<version> branches if you will.

Please feel free to modify this PR or ask me for any changes / enhancements. I hope it'll be useful!

JS1010111 avatar Nov 08 '21 23:11 JS1010111

Almost forgot... you can take a look at a run logs on my fork https://github.com/JS1010111/firmware/actions

JS1010111 avatar Nov 08 '21 23:11 JS1010111

Can we make this happen only when a release is tagged? We don't generally expect the tip of master to be reproducible.

doc-hex avatar Dec 14 '21 14:12 doc-hex

I'm sure it's possible but it seems that github doesn't make it trivial. I'll make it work on a test repo and get back to you soon.

JS1010111 avatar Dec 14 '21 16:12 JS1010111

This works:

on:
  push:
    tags:
      - '**'
      - '!**bootstrap*'

So it silently checks these rules everytime you push something. In this case, it's defined to only be triggered when you push tags.

It uses glob patterns so you can include/exclude tag names (order matters, we include everything then excludes what contains bootstrap at any level).

What may be confusing is that Github Actions reads the workflow yaml from the branch you have created the tag.

That is if you tag and push from a branch without the workflow file .github/workflows/ccfw-repro-build.yml it will not be triggered even if you have it on master and can see the workflow on the Actions tab.

If you are only tagging from master there's nothing to worry about after merging the PR.

JS1010111 avatar Dec 14 '21 18:12 JS1010111

I will post some examples that I have been using for other projects.

RandyMcMillan avatar Jul 20 '22 16:07 RandyMcMillan