Merge branch 'ci/fixes'

Author: lucasssvaz

.github/scripts/tests_run.sh

@@ -78,7 +78,7 @@ function run_test {
 
         printf "\033[95mRunning test: %s -- Config: %s\033[0m\n" "$sketchname" "$fqbn"
         if [ "$erase_flash" -eq 1 ]; then
-            esptool.py -c "$target" erase_flash
+            esptool -c "$target" erase-flash
         fi
 
         if [ "$len" -ne 1 ]; then

.github/workflows/tests_hw_wokwi.yml

@@ -74,6 +74,8 @@ jobs:
           WOKWI_CLI_TOKEN: ${{ secrets.WOKWI_CLI_TOKEN }}
         id: set-ref
         run: |
+          # Get info and sanitize it to avoid security issues
+
           pr_num=$(jq -r '.pull_request.number' artifacts/event_file/event.json | tr -cd "[:digit:]")
           if [ -z "$pr_num" ] || [ "$pr_num" == "null" ]; then
             pr_num=""
@@ -145,6 +147,9 @@ jobs:
           echo "push_time = $push_time"
 
           conclusion="${{ github.event.workflow_run.conclusion }}"
+          run_id="${{ github.event.workflow_run.id }}"
+          event="${{ github.event.workflow_run.event }}"
+          sha="${{ github.event.workflow_run.head_sha || github.sha }}"
 
           # Create a single JSON file with all workflow run information
           cat > artifacts/workflow_info.json <<EOF
@@ -159,19 +164,19 @@ jobs:
             "qemu_targets": $qemu_targets,
             "qemu_types": $qemu_types,
             "ref": "$ref",
-            "event": "${{ github.event.workflow_run.event }}",
-            "sha": "${{ github.event.workflow_run.head_sha || github.sha }}",
+            "event": "$event",
+            "sha": "$sha",
             "action": "$action",
-            "run_id": "${{ github.event.workflow_run.id }}",
+            "run_id": "$run_id",
             "conclusion": "$conclusion"
           }
           EOF
 
           echo "Ref = $ref"
-          echo "Event name = ${{ github.event.workflow_run.event }}"
-          echo "Head SHA = ${{ github.event.workflow_run.head_sha || github.sha }}"
+          echo "Event name = $event"
+          echo "Head SHA = $sha"
           echo "Action = $action"
-          echo "Run ID = ${{ github.event.workflow_run.id }}"
+          echo "Run ID = $run_id"
           echo "Conclusion = $conclusion"
 
           if [ -z "$ref" ] || [ "$ref" == "null" ]; then

.github/workflows/tests_results.yml

@@ -40,6 +40,8 @@ jobs:
       - name: Get original info
         id: get-info
         run: |
+          # Inputs in workflow_info.json are already sanitized and safe to use
+
           original_event=$(jq -r '.event' ./artifacts/parent-artifacts/workflow_info.json)
           original_action=$(jq -r '.action' ./artifacts/parent-artifacts/workflow_info.json)
           original_sha=$(jq -r '.sha' ./artifacts/parent-artifacts/workflow_info.json)
@@ -48,44 +50,24 @@ jobs:
           original_run_id=$(jq -r '.run_id' ./artifacts/parent-artifacts/workflow_info.json)
 
           hw_tests_enabled=$(jq -r '.hw_tests_enabled' ./artifacts/parent-artifacts/workflow_info.json)
-          hw_targets=$(jq -r '.hw_targets' ./artifacts/parent-artifacts/workflow_info.json)
-          hw_types=$(jq -r '.hw_types' ./artifacts/parent-artifacts/workflow_info.json)
+          hw_targets=$(jq -c '.hw_targets' ./artifacts/parent-artifacts/workflow_info.json)
+          hw_types=$(jq -c '.hw_types' ./artifacts/parent-artifacts/workflow_info.json)
           wokwi_tests_enabled=$(jq -r '.wokwi_tests_enabled' ./artifacts/parent-artifacts/workflow_info.json)
-          wokwi_targets=$(jq -r '.wokwi_targets' ./artifacts/parent-artifacts/workflow_info.json)
-          wokwi_types=$(jq -r '.wokwi_types' ./artifacts/parent-artifacts/workflow_info.json)
+          wokwi_targets=$(jq -c '.wokwi_targets' ./artifacts/parent-artifacts/workflow_info.json)
+          wokwi_types=$(jq -c '.wokwi_types' ./artifacts/parent-artifacts/workflow_info.json)
           qemu_tests_enabled=$(jq -r '.qemu_tests_enabled' ./artifacts/parent-artifacts/workflow_info.json)
-          qemu_targets=$(jq -r '.qemu_targets' ./artifacts/parent-artifacts/workflow_info.json)
-          qemu_types=$(jq -r '.qemu_types' ./artifacts/parent-artifacts/workflow_info.json)
+          qemu_targets=$(jq -c '.qemu_targets' ./artifacts/parent-artifacts/workflow_info.json)
+          qemu_types=$(jq -c '.qemu_types' ./artifacts/parent-artifacts/workflow_info.json)
 
           hw_tests_enabled=$(jq -r '.hw_tests_enabled' ./artifacts/parent-artifacts/workflow_info.json)
-          hw_targets=$(jq -r '.hw_targets' ./artifacts/parent-artifacts/workflow_info.json)
-          hw_types=$(jq -r '.hw_types' ./artifacts/parent-artifacts/workflow_info.json)
+          hw_targets=$(jq -c '.hw_targets' ./artifacts/parent-artifacts/workflow_info.json)
+          hw_types=$(jq -c '.hw_types' ./artifacts/parent-artifacts/workflow_info.json)
           wokwi_tests_enabled=$(jq -r '.wokwi_tests_enabled' ./artifacts/parent-artifacts/workflow_info.json)
-          wokwi_targets=$(jq -r '.wokwi_targets' ./artifacts/parent-artifacts/workflow_info.json)
-          wokwi_types=$(jq -r '.wokwi_types' ./artifacts/parent-artifacts/workflow_info.json)
+          wokwi_targets=$(jq -c '.wokwi_targets' ./artifacts/parent-artifacts/workflow_info.json)
+          wokwi_types=$(jq -c '.wokwi_types' ./artifacts/parent-artifacts/workflow_info.json)
           qemu_tests_enabled=$(jq -r '.qemu_tests_enabled' ./artifacts/parent-artifacts/workflow_info.json)
-          qemu_targets=$(jq -r '.qemu_targets' ./artifacts/parent-artifacts/workflow_info.json)
-          qemu_types=$(jq -r '.qemu_types' ./artifacts/parent-artifacts/workflow_info.json)
-
-          # Sanitize the values to avoid security issues
-
-          # Event: Allow alphabetical characters and underscores
-          original_event=$(echo "$original_event" | tr -cd '[:alpha:]_')
-
-          # Action: Allow alphabetical characters and underscores
-          original_action=$(echo "$original_action" | tr -cd '[:alpha:]_')
-
-          # SHA: Allow alphanumeric characters
-          original_sha=$(echo "$original_sha" | tr -cd '[:alnum:]')
-
-          # Ref: Allow alphanumeric characters, slashes, underscores, dots, and dashes
-          original_ref=$(echo "$original_ref" | tr -cd '[:alnum:]/_.-')
-
-          # Conclusion: Allow alphabetical characters and underscores
-          original_conclusion=$(echo "$original_conclusion" | tr -cd '[:alpha:]_')
-
-          # Run ID: Allow numeric characters
-          original_run_id=$(echo "$original_run_id" | tr -cd '[:digit:]')
+          qemu_targets=$(jq -c '.qemu_targets' ./artifacts/parent-artifacts/workflow_info.json)
+          qemu_types=$(jq -c '.qemu_types' ./artifacts/parent-artifacts/workflow_info.json)
 
           echo "hw_tests_enabled=$hw_tests_enabled" >> $GITHUB_OUTPUT
           echo "hw_targets=$hw_targets" >> $GITHUB_OUTPUT

.gitlab/scripts/gen_hw_jobs.py

@@ -249,8 +249,6 @@ def list_project_runners() -> list[dict]:
     key, value = _gitlab_auth_header()
     sys.stderr.write(f"[DEBUG] Attempting to list runners for project {project_id}\n")
     sys.stderr.write(f"[DEBUG] Auth method: {key if key else 'None'}\n")
-    if value:
-        sys.stderr.write(f"[DEBUG] Token prefix: {value[:8]}...\n")
 
     runners: list[dict] = []
     page = 1

.gitlab/scripts/install_dependencies.sh

@@ -0,0 +1,34 @@
+#!/usr/bin/env bash
+
+set -euo pipefail
+
+export DEBIAN_FRONTEND=noninteractive
+
+echo "[deps] Updating apt indexes"
+apt-get update -y
+
+echo "[deps] Installing base packages"
+apt-get install -y jq unzip curl wget
+
+echo "[deps] Installing Python packages (PyYAML)"
+pip3 install --no-cache-dir PyYAML
+
+echo "[deps] Installing yq (mikefarah/yq) for current architecture"
+YQ_VERSION="v4.48.1"
+ARCH="$(uname -m)"
+case "$ARCH" in
+  x86_64) YQ_BINARY=yq_linux_amd64 ;;
+  aarch64|arm64) YQ_BINARY=yq_linux_arm64 ;;
+  armv7l|armv6l|armhf|arm) YQ_BINARY=yq_linux_arm ;;
+  i386|i686) YQ_BINARY=yq_linux_386 ;;
+  *) echo "Unsupported architecture: $ARCH"; exit 1 ;;
+esac
+
+echo "[deps] Downloading mikefarah/yq $YQ_VERSION ($YQ_BINARY)"
+wget -q https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY} -O /usr/bin/yq
+chmod +x /usr/bin/yq
+yq --version
+
+echo "[deps] Dependencies installed successfully"
+
+

.gitlab/workflows/hardware_tests_dynamic.yml

@@ -16,15 +16,7 @@ generate-hw-tests:
     TEST_TYPES: $TEST_TYPES
     TEST_CHIPS: $TEST_CHIPS
   before_script:
-    - pip install PyYAML
-    - apt-get update
-    - apt-get install -y jq unzip curl wget
-    # Install mikefarah/yq (Go version) instead of kislyuk/yq (Python version)
-    - YQ_VERSION=v4.47.2
-    - YQ_BINARY=yq_linux_amd64
-    - wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY} -O /usr/bin/yq
-    - chmod +x /usr/bin/yq
-    - yq --version
+    - bash .gitlab/scripts/install_dependencies.sh
   script:
     - mkdir -p ~/.arduino/tests
     - |

.gitlab/workflows/hw_test_template.yml

@@ -33,14 +33,7 @@ hw-test-template:
     - echo "Running hardware tests for chip:$TEST_CHIP type:$TEST_TYPE"
     - echo "Pipeline ID:$PIPELINE_ID"
     - echo "Running hardware tests for chip:$TEST_CHIP"
-    - apt-get update
-    - apt-get install -y jq unzip curl wget
-    # Install mikefarah/yq (Go version) instead of kislyuk/yq (Python version)
-    - YQ_VERSION=v4.47.2
-    - YQ_BINARY=yq_linux_amd64
-    - wget https://github.com/mikefarah/yq/releases/download/${YQ_VERSION}/${YQ_BINARY} -O /usr/bin/yq
-    - chmod +x /usr/bin/yq
-    - yq --version
+    - bash .gitlab/scripts/install_dependencies.sh
     - rm -rf ~/.arduino/tests
     - mkdir -p ~/.arduino/tests/$TEST_CHIP
     - echo Fetching binaries for $TEST_CHIP $TEST_TYPE

boards.txt

@@ -42213,8 +42213,8 @@ nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideRestartCommands.1=m
 nano_nora.debug_config.nano_nora.cortex-debug.custom.overrideRestartCommands.2=interrupt
 nano_nora.debug.additional_config=debug_config.nano_nora
 
-nano_nora.tools.esptool_py.program.pattern_args=--chip {build.mcu} --port "{serial.port}" --before default_reset --after hard_reset write_flash -z --flash_mode {build.flash_mode} --flash_freq {build.flash_freq} --flash_size {build.flash_size} {build.bootloader_addr} "{build.path}/{build.project_name}.bootloader.bin" 0x8000 "{build.path}/{build.project_name}.partitions.bin" 0xe000 "{runtime.platform.path}/tools/partitions/boot_app0.bin" 0xf70000 "{build.variant.path}/extra/nora_recovery/nora_recovery.ino.bin" 0x10000 "{build.path}/{build.project_name}.bin"
-nano_nora.tools.esptool_py.erase.pattern_args=--chip {build.mcu} --port "{serial.port}" --before default_reset --after hard_reset erase_flash
+nano_nora.tools.esptool_py.program.pattern_args=--chip {build.mcu} --port "{serial.port}" --before default-reset --after hard-reset write-flash -z --flash-mode {build.flash_mode} --flash-freq {build.flash_freq} --flash-size {build.flash_size} {build.bootloader_addr} "{build.path}/{build.project_name}.bootloader.bin" 0x8000 "{build.path}/{build.project_name}.partitions.bin" 0xe000 "{runtime.platform.path}/tools/partitions/boot_app0.bin" 0xf70000 "{build.variant.path}/extra/nora_recovery/nora_recovery.ino.bin" 0x10000 "{build.path}/{build.project_name}.bin"
+nano_nora.tools.esptool_py.erase.pattern_args=--chip {build.mcu} --port "{serial.port}" --before default-reset --after hard-reset erase-flash
 
 nano_nora.debug.executable=
 

platform.txt

@@ -352,6 +352,6 @@ tools.esptool_py_app_only.upload.protocol=serial
 tools.esptool_py_app_only.upload.params.verbose=
 tools.esptool_py_app_only.upload.params.quiet=
 
-tools.esptool_py_app_only.upload.pattern_args=--chip {build.mcu} --port "{serial.port}" --baud {upload.speed} {upload.flags} --before default_reset --after hard_reset write_flash --flash_mode {build.flash_mode} --flash_freq {build.flash_freq} --flash_size {build.flash_size} {build.flash_offset} "{build.path}/{build.project_name}.bin" {upload.extra_flags}
+tools.esptool_py_app_only.upload.pattern_args=--chip {build.mcu} --port "{serial.port}" --baud {upload.speed} {upload.flags} --before default-reset --after hard-reset write-flash --flash-mode {build.flash_mode} --flash-freq {build.flash_freq} --flash-size {build.flash_size} {build.flash_offset} "{build.path}/{build.project_name}.bin" {upload.extra_flags}
 
 tools.esptool_py_app_only.upload.pattern="{path}/{cmd}" {tools.esptool_py_app_only.upload.pattern_args}