437 Commits

Author	SHA1	Message	Date
Ramon Roche	3ae123f2b5	fix(ci): set GH_REPO so labeler works without checkout ... The auto-label step in pull_request_target runs without a repo checkout, so gh pr view/edit fail with 'not a git repository'. Setting GH_REPO points gh at the right repo without needing a checkout step. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-28 15:39:02 -06:00
Onur Özkan	298746c385	add kind labels automatically ... Signed-off-by: Onur Özkan <work@onurozkan.dev>	2026-04-28 10:29:49 -06:00
Ramon Roche	7e6ccb3eb6	ci(sbom): check out submodules recursively in PR license check ... The PR-time SBOM license check was using `submodules: false`, so when generate_sbom.py ran the new submodule directory was empty. The script treats uninitialized submodules as `(not checked out) -> NOASSERTION (skipped)` rather than a failure, which let PR #27184 (adding PX4-OpticalFlow as a submodule) pass without ever inspecting the actual repo for a LICENSE file. The monthly audit then caught it (#27217) because it uses `submodules: recursive`. Switch the PR-time job to `submodules: recursive` so license issues are caught at PR time rather than on the next monthly audit. The job only runs when .gitmodules, license-overrides.yaml, or generate_sbom.py change, so the extra clone cost is bounded. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-27 11:37:46 -06:00
Onur Özkan	2122546081	fix(labels): rename documentation label (#27187) ... * rename documentation label Signed-off-by: Onur Özkan <work@onurozkan.dev> * Update .github/ISSUE_TEMPLATE/docs_bug_report.yml Co-authored-by: Jacob Dahl <37091262+dakejahl@users.noreply.github.com> --------- Signed-off-by: Onur Özkan <work@onurozkan.dev> Co-authored-by: Jacob Dahl <37091262+dakejahl@users.noreply.github.com>	2026-04-24 09:17:05 -08:00
Onur Özkan	4760327fa8	chore(issues): Add auto status:needs-triage labeling workflow (#27138) ... Adds a gha workflow that applies the `status:needs-triage` label to every newly opened issue. This gives maintainers a clear queue of unreviewed issues and lets them remove the label once the issue has been triaged and more specific labels have been assigned. Signed-off-by: Onur Özkan <work@onurozkan.dev>	2026-04-23 10:49:38 -08:00
Ramon Roche	947a456036	ci(dev_container): drop branch push trigger on release branches ... Pushes to stable/beta/release/** only move when a release is cut, and that release was already built by the matching v* tag push moments earlier. The subsequent branch push reruns the arm64+amd64 matrix (~8 min) to produce the identical image digest. Registry push is already gated on refs/tags/, so the second run is pure waste. Drop those branches from on.push; keep main (regular development pushes) and the v* tag trigger (the authoritative release trigger). workflow_dispatch remains available for manual rebuilds. Fixes #27170 Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-22 10:01:33 -07:00
Ramon Roche	1df16f39a8	ci(compile_ubuntu): only run on push to main ... compile_ubuntu.yml is a PR-focused Ubuntu container smoke check. On stable, beta, and release/** branches it duplicates build_all_targets.yml, which already covers those branches with the full board matrix and the S3 uploads. Drop stable, beta, and release/** from the push branch list so it matches the trigger pattern used by compile_macos.yml, checks.yml, and clang-tidy.yml. Fixes #27171 Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-22 10:01:07 -07:00
Kristiyan Dimitrov	b5e632ccf4	build(macos): add Python venv support to setup script (#26702) ... Signed-off-by: Ramon Roche <mrpollo@gmail.com> Co-authored-by: Ramon Roche <mrpollo@gmail.com>	2026-04-20 09:45:54 -07:00
Hamish Willee	b3fbf37fae	ci(docsorchestrator): Update to latest markdown link checker and link fixes (#27098)	2026-04-16 13:39:28 +10:00
Ramon Roche	1cf7d75525	fix(ci): lint test files on PRs without breaking push-to-main ... The pr-review-poster was flagging `gtest/gtest.h file not found` on any PR that added or modified a test file, because clang-tidy-diff-18.py ran against files that weren't in the compilation database. PR #27004 and PR #26233 both hit this. The root cause is that test TUs only enter compile_commands.json when BUILD_TESTING is ON, which the historical clang-tidy build does not enable. This PR fixes both halves of the problem: 1. Add a second make target `px4_sitl_default-clang-test` that configures a separate build dir with -DCMAKE_TESTING=ON. Test TUs land in its compile_commands.json with resolved gtest/fuzztest include paths. 2. Add an umbrella `clang-ci` target that depends on both `px4_sitl_default-clang` and `px4_sitl_default-clang-test` so the PR job prepares both build dirs with one make invocation. 3. On PR events the workflow uses `make clang-ci`, installs libclang-rt-18-dev (needed so fuzztest's FUZZTEST_FUZZING_MODE flags do not fail the abseil try_compile with a misleading "pthreads not found" error), and routes the clang-tidy-diff producer at the test-enabled build dir. 4. Push-to-main is left entirely alone: same single build dir, same `make px4_sitl_default-clang`, same `make clang-tidy`. Test files are not in that DB so run-clang-tidy.py keeps ignoring them exactly as before. This preserves green main while ~189 pre-existing clang-tidy issues in test files remain untouched; fixing those is out of scope for this change. 5. Replace the fragile `:!*/test/*` pathspec filter (which missed flat `*Test.cpp` files in module roots) with `Tools/ci/clang-tidy-diff-filter.py`, which reads the compilation database and drops any changed source file that is not a TU. Headers always pass through. Production code that happens to use test-like names (src/systemcmds/actuator_test, src/drivers/test_ppm, etc.) stays analyzed because those are real px4_add_module targets. Verified in the ghcr.io/px4/px4-dev:v1.17.0-rc2 container and on the real CI runner: - cmake configure with CMAKE_TESTING=ON succeeds after installing libclang-rt-18-dev (Found Threads: TRUE) - compile_commands.json grows from 1333 to 1521 TUs - Modifying HysteresisTest.cpp with a new `const char *p = NULL` correctly flags hicpp-use-nullptr and clang-diagnostic-unused-variable on the new line, while pre-existing issues on other lines of the same file stay suppressed by clang-tidy-diff-18.py's line filter ("Suppressed ... 1 due to line filter") - No gtest/gtest.h false positives - Push-to-main path unchanged, still green Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-11 10:03:51 -06:00
Ramon Roche	9dd434f441	ci(compile-ubuntu): replace quick_check with targeted SITL and NuttX builds ... Replace make quick_check with two explicit build targets: px4_sitl_default (validates native SITL toolchain) and px4_fmu-v5_default (validates NuttX cross-compile toolchain). quick_check built four targets: px4_sitl_test, px4_fmu-v5_default, tests, and check_format. The tests and check_format targets are redundant with checks.yml which already runs them on 8cpu RunsOn with ccache. The purpose of this workflow is to validate that PX4 builds from a fresh ubuntu.sh install on both Ubuntu 22.04 and 24.04, not to run tests or check formatting. Two targeted builds are sufficient. px4_fmu-v5_default is kept as the hardware target (same as quick_check) since it builds with the arm-none-eabi-gcc version that ubuntu.sh installs on both 22.04 and 24.04. Expected duration drop from 16-17 min to 6-8 min per matrix entry. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-11 09:57:02 -06:00
Ramon Roche	958688f36d	fix(fuzzing): revert to old container image ... The v1.17.0-rc2 container's clang 18 + cmake 3.28 combination fails abseil's cmake try_compile tests for C++17 and pthreads. This breaks the fuzztest build which depends on abseil. Verified locally: - px4io/px4-dev:v1.16.0-rc2 + apt install clang: cmake configure passes - ghcr.io/px4/px4-dev:v1.17.0-rc2 (clang 18 pre-installed): cmake configure fails with "ABSL_INTERNAL_AT_LEAST_CXX17 - Failed" and "Could NOT find Threads" - apt install clang on v1.17.0-rc2 is a no-op (already installed) Revert to the old container image which has a working clang+cmake combination. The apt install clang step (already in the workflow) installs clang on the old container which doesn't ship it by default. Remove the explicit fetch-depth: 0 added in the previous fix attempt since the original workflow used the default depth (1) and it worked. Fixes #27060 Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-11 09:45:14 -06:00
Ramon Roche	c515f81298	fix(ci): stop pr-review-poster from spamming REQUEST_CHANGES on every push ... Branch protection rules block the GITHUB_TOKEN from dismissing reviews (HTTP 403), so every push added another undismissable REQUEST_CHANGES review. PR #27004 accumulated 12 identical blocking reviews. Switch to COMMENT-only reviews. Findings still show inline on the diff but don't create blocking reviews that require manual maintainer dismissal. The CI check status (pass/fail) gates merging, not the review state. Also enable CMAKE_TESTING=ON in the clang-tidy build so test files get proper include paths in compile_commands.json. Without this, clang-tidy-diff runs on test files from the PR diff but can't resolve gtest headers, producing false positives. Fixes #27004 Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-10 20:33:34 -06:00
Ramon Roche	c0a45cef70	ci(build-all): MCU-based groups, cache seeders, build infra overhaul (#27050) ... Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-10 18:49:53 -07:00
Ramon Roche	0e31dd560d	ci(fuzzing): migrate to RunsOn with ccache and bump container ... Migrate the fuzzing workflow from GitHub-hosted ubuntu-latest to RunsOn 4cpu with s3-cache. Bump the container from the stale px4io/px4-dev:v1.16.0-rc2 to ghcr.io/px4/px4-dev:v1.17.0-rc2. Wire setup-ccache / save-ccache with cache-key-prefix ccache-sitl and max-size 300M, sharing the SITL build cache with checks:tests. Both build px4_sitl_test/px4_sitl_default so the ccache contents overlap significantly. Drop the manual apt install clang step since the v1.17.0-rc2 container already ships clang. Replace the git config --global safe.directory workaround with --system to match the repo convention. Add runs-on/action@v2 for the S3 cache proxy. Add fetch-depth: 1 since the fuzzer doesn't need git history. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-10 09:52:01 -06:00
Ramon Roche	ae47d69f50	ci(checks): merge EKF change indicators into tests job ... Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-10 08:42:40 -06:00
Ramon Roche	a0e42f2032	ci(workflows): bump all action versions to latest majors ... Bump every GitHub Action in the repository to its latest major version, addressing the upcoming Node.js 20 deprecation. Several of the old versions (checkout v4, cache v4, setup-node v4, labeler v5) use the Node 20 runtime which GitHub is deprecating. The new versions use Node 22. - actions/checkout v4/v5 to v6 - actions/upload-artifact v4 to v7 - actions/download-artifact v4 to v8 - actions/cache, cache/restore, cache/save v4 to v5 - actions/setup-node v4 to v6 - actions/setup-python v5 to v6 - actions/github-script v7/v8 to v9 - actions/labeler v5 to v6 - peter-evans/find-comment v3 to v4 - dorny/paths-filter v3 to v4 - codecov/codecov-action v4 to v6 - docker/setup-buildx-action v3 to v4 - docker/build-push-action v6 to v7 - tj-actions/changed-files v46 to v47 Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-10 07:30:50 -06:00
Ramon Roche	0f15eea283	ci(mavros): merge mission+offboard into one workflow, migrate to noetic and Python 3 ... Consolidate mavros_mission_tests.yml and mavros_offboard_tests.yml into a single mavros_tests.yml with a matrix strategy. Switch from docker-in-docker with px4-dev-ros-melodic to a native container using px4-dev-ros-noetic, enabling ccache and composite actions (setup-ccache, build-gazebo-sitl, save-ccache). Migrate all five MAVROS Python test files from Python 2 to Python 3 (remove six/xrange, from __future__ imports, replace px4tools with pyulog for estimator analysis). Bump git-auto-commit-action from v4 to v7 in ekf_update_change_indicator.yml. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-10 00:47:17 -06:00
Ramon Roche	5d5d9e399b	ci(workflows): wire ccache and caches across ci (#27036) ... Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-09 21:51:25 -07:00
Ramon Roche	a3ad956394	ci(stale): bump operations-per-run and add manual trigger ... The stale workflow was hitting its 250 operations-per-run cap every daily run, causing the "No more operations left! Exiting..." warning and leaving a growing backlog of stale-labeled items that were never being closed. GitHub API headroom is plentiful (250 ops uses ~1.6% of the 15k/hour bucket), so raising to 1500 drains the backlog without any rate-limit risk. Also adds workflow_dispatch so maintainers can trigger the workflow from the Actions tab or via gh workflow run stale.yml. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-09 20:40:07 -06:00
Ramon Roche	a49cffb09f	ci(checks): trim matrix, ccache tests, modernize python_checks ... Port the checks.yml and python_checks.yml improvements from the CI orchestrator branch (mrpollo/ci_orchestration, PR #26257) without doing the full T1/T2 split. checks.yml: - Drop 5 matrix entries the orchestrator removed: tests_coverage, px4_fmu-v2_default stack_check, NO_NINJA_BUILD=1 px4_fmu-v5_default, NO_NINJA_BUILD=1 px4_sitl_default, px4_sitl_allyes. - Remove the codecov/codecov-action@v1 step (deprecated, only ran for the dropped tests_coverage entry). - Wire the setup-ccache / save-ccache composite actions around make tests (cache-key-prefix ccache-sitl, max-size 300M) so repeat runs reuse the SITL build tree. Matches the orchestrator basic-tests job 1:1. python_checks.yml: - Replace the apt-get install python3 + pip install --break-system-packages + hardcoded $HOME/.local/bin paths with actions/setup-python@v5 pinned to 3.10 and plain pip install. - Linters now run from PATH instead of $HOME/.local/bin. Stacks on top of mrpollo/ci-checkout-hygiene (#27032) which shipped fail-fast: true, fetch-depth: 1, and the safe.directory step extraction. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-09 16:46:31 -06:00
Ramon Roche	8552465408	ci(workflows): shallow checkout and fail-fast in checks ... Port checkout hygiene from the CI orchestrator branch (mrpollo/ci_orchestration) to current workflows without merging the orchestrator itself. - checks.yml: enable fail-fast (99% success rate observed, cancel on first failure saves runner time), switch to fetch-depth 1, extract safe.directory to its own step - itcm_check.yml: fetch-depth 1, drop submodules: recursive (the Makefile bootstraps submodules as a prerequisite of board targets) - sitl_tests.yml, ros_integration_tests.yml, mavros_mission_tests.yml, mavros_offboard_tests.yml, python_checks.yml: fetch-depth 1 Each change matches the corresponding job in ci-orchestrator.yml on mrpollo/ci_orchestration 1:1. Workflows that legitimately need history (clang-tidy, flash_analysis, failsafe_sim, ros_translation_node, ekf_*_change_indicator, build_all_targets) are left alone. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-09 15:57:34 -06:00
Ramon Roche	100d9c97fb	ci(workflows): remove nuttx_env_config ... Delete the nuttx_env_config workflow. It validated the PX4_EXTRA_NUTTX_CONFIG env var handling in platforms/nuttx/NuttX/CMakeLists.txt by building px4_fmu-v5_default with CONFIG_NSH_LOGIN_PASSWORD injected at configure time. The CI orchestrator rewrite (mrpollo/ci_orchestration, PR #26257) drops this workflow entirely. The cmake feature itself remains; only the CI gate is removed. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-09 15:57:12 -06:00
Ramon Roche	5db3060c2a	ci(workflows): upgrade SITL and ROS integration runners to 8cpu ... Upgrade the RunsOn runner for sitl_tests and ros_integration_tests from 4cpu-linux-x64 / ubuntu22-full-x64 to 8cpu-linux-x64 / ubuntu24-full-x64 with extras=s3-cache. Matches the runner_medium spec used by the sitl-tests and ros-integration-tests jobs in the CI orchestrator branch (mrpollo/ci_orchestration). Both jobs are compile-heavy and benefit from the 2x core count. The ubuntu24 image and s3-cache extras align with the house style already used by clang-tidy, dev_container, docs_deploy, docs-orchestrator, and build_deb_package. No other changes (speed factor unchanged, container images unchanged). Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-09 15:57:00 -06:00
Ramon Roche	9e93fd753e	ci(pr-review-poster): add line-anchored review poster and migrate clang-tidy (#27028) ... * ci(pr-review-poster): add line-anchored review poster and migrate clang-tidy Adds a generic PR review-comment poster as a sibling of the issue-comment poster from #27021. Replaces platisd/clang-tidy-pr-comments@v1 in the Static Analysis workflow with an in-tree, fork-friendly producer + poster pair so fork PRs get inline clang-tidy annotations on the Files changed tab without trusting a third-party action with a write token. Architecture mirrors pr-comment-poster: a producer (clang-tidy.yml) runs inside the px4-dev container and writes a `pr-review` artifact containing manifest.json and a baked comments.json. A separate workflow_run-triggered poster runs on ubuntu-latest with the base-repo write token, validates the artifact, dismisses any stale matching review, and posts a fresh review on the target PR. The poster never checks out PR code and only ever reads two opaque JSON files from the artifact. Stale-review dismissal is restricted to reviews authored by github-actions[bot] AND whose body contains the producer's marker. A fork cannot impersonate the bot login or inject the marker into a human reviewer's body, so the poster can never dismiss a human review. APPROVE events are explicitly forbidden so a bot cannot approve a pull request. To avoid duplicating ~120 lines of HTTP plumbing between the two posters, the GitHub REST helpers (single-request, pagination, error handling) are extracted into Tools/ci/_github_helpers.py with a small GitHubClient class. The existing pr-comment-poster.py is refactored to use it; net change is roughly -80 lines on that script. The shared module is sparse-checked-out alongside each poster script and is stdlib only. The clang-tidy producer reuses MIT-licensed translation logic from platisd/clang-tidy-pr-comments (generate_review_comments, reorder_diagnostics, get_diff_line_ranges_per_file and helpers) under a preserved attribution header. The HTTP layer is rewritten on top of _github_helpers so the producer does not pull in `requests`. Conversation resolution (the GraphQL path) is intentionally dropped for v1. clang-tidy.yml now produces the pr-review artifact in the same job as the build, so the cross-runner compile_commands.json hand-off and workspace-path rewriting are no longer needed and the post_clang_tidy_comments job is removed. Signed-off-by: Ramon Roche <mrpollo@gmail.com> * ci(workflows): bump action versions to clear Node 20 deprecation GitHub has deprecated the Node 20 runtime for Actions as of September 16, 2026. Bump the pinned action versions in the three poster workflows to the latest majors, all of which run on Node 24: actions/checkout v4 -> v6 actions/github-script v7 -> v8 actions/upload-artifact v4 -> v7 No behavior changes on our side: upload-artifact v5/v6/v7 only added an optional direct-file-upload mode we do not use, and checkout v5/v6 are runtime-only bumps. The security-invariant comment headers in both poster workflows are updated to reference the new version so they stay accurate. Signed-off-by: Ramon Roche <mrpollo@gmail.com> * ci(pr-posters): skip job when producer was not a pull_request event Both poster workflows previously ran on every workflow_run completion of their listed producers and then silently no-oped inside the script when the triggering producer run was a push-to-main (or any other non-PR event). That made the UI ambiguous: the job was always green, never showed the reason it did nothing, and looked like a failure whenever someone clicked in looking for the comment that was never there. Gate the job at the workflow level on github.event.workflow_run.event == 'pull_request'. Non-PR producer runs now surface as a clean "Skipped" entry in the run list, which is self-explanatory and needs no in-script summary plumbing. Signed-off-by: Ramon Roche <mrpollo@gmail.com> --------- Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-09 10:54:29 -07:00
Ramon Roche	9adda29da2	docs(sim): add Try PX4 quick-start and pre-built packages reference (#26957) ... Adds documentation for the SITL containers and .deb packages introduced in #26495. The containers are now live on Docker Hub: [`px4io/px4-sitl:latest`](https://hub.docker.com/r/px4io/px4-sitl) and [`px4io/px4-sitl-gazebo:latest`](https://hub.docker.com/r/px4io/px4-sitl-gazebo). The main addition is a [Try PX4 Simulation](https://docs.px4.io/main/en/dev_setup/try_px4) page that leads with a single `docker run` command and gets someone flying in under a minute. It lives in Getting Started, right after Recommended Hardware/Setup, so it's one of the first things new users see. The existing `.deb` package reference has been moved from `packaging/px4_sitl_deb.md` to `simulation/px4_sitl.md` and expanded to cover both containers and `.deb` packages on one page. Sections are ordered by how people use them: what's available, install, configure, connect QGC/MAVSDK, connect ROS 2. Other changes: - README now has a "Try PX4" section with the docker one-liner above "Build from Source" - Landing page (`index.md`) reworked to lead with "Try PX4" before "For Developers" - Toolchain page (`dev_env.md`) gets a tip redirecting simulation-only users to pre-built packages - `getting_started.md` and `SUMMARY.md` updated with links to the new pages - Simulation index tip updated to mention containers alongside `.deb` packages The SIH container image is published as `px4io/px4-sitl` (renamed from `px4io/px4-sitl-sih`) so the default lightweight option carries the simplest name. The Gazebo image remains `px4io/px4-sitl-gazebo`. Also upgrades all GitHub Actions in the SITL workflow to Node.js 24 compatible versions (`actions/checkout@v6`, `actions/cache@v5`, `actions/upload-artifact@v7`, `actions/download-artifact@v8`, `docker/setup-buildx-action@v4`, `docker/build-push-action@v7`) to fix the Node.js 20 deprecation warning ahead of the June 2026 deadline. --------- Signed-off-by: Ramon Roche <mrpollo@gmail.com> Co-authored-by: Hamish Willee <hamishwillee@gmail.com>	2026-04-09 08:51:22 -07:00
Ramon Roche	8c4b703103	ci(pr-comment-poster): add generic PR comment poster and migrate producers ... Adds a stand-alone workflow that posts or updates sticky PR comments on behalf of any analysis workflow, including those triggered by fork PRs. The poster runs on `workflow_run` in the base repo context, which is the standard GitHub-sanctioned way to get a write token on events that originate from untrusted forks without ever checking out fork code. All validation, GitHub API interaction, and upsert logic lives in Tools/ci/pr-comment-poster.py (Python 3 stdlib only, two subcommands: `validate` and `post`). The workflow file itself is a thin orchestrator: sparse-checkout the script, download the pr-comment artifact via github-script, unzip, then invoke the script twice. No inline jq, no inline bash validation, no shell-interpolated marker strings. The sparse-checkout ensures only Tools/ci/pr-comment-poster.py lands in the workspace, never the rest of the repo. Artifact contract: a producer uploads an artifact named exactly `pr-comment` containing `manifest.json` (with `pr_number`, `marker`, and optional `mode`) and `body.md`. The script validates the manifest (positive integer pr_number, printable-ASCII marker bounded 1..200 chars, UTF-8 body under 60000 bytes, mode in an allowlist), finds any existing comment containing the marker via the comments REST API, and either edits it in place or creates a new one. The workflow file header documents six security invariants that any future change MUST preserve, most importantly: NEVER check out PR code, NEVER execute anything from the artifact, and treat all artifact contents as opaque data. Why a generic poster and not `pull_request_target`: `pull_request_target` is the tool people reach for first and the one that most often turns into a supply-chain vulnerability, because it hands a write token to a workflow that is then tempted to check out the PR head. `workflow_run` gives the same write token without any check-out temptation, because the only input is a pre-produced artifact treated as opaque data. Producer migrations =================== flash_analysis.yml: - Drop the fork gate on the `post_pr_comment` job. - Drop the obsolete TODO pointing at issue #24408 (the fork-comment workflow does not error anymore; it just no-ops). - Keep the existing "comment only if threshold crossed or previous comment exists" behaviour verbatim. peter-evans/find-comment@v3 stays as a read-only probe (forks can read issue comments just fine); its body-includes is updated to search for the new marker `<!-- pr-comment-poster:flash-analysis -->` instead of the old "FLASH Analysis" heading substring. - Replace the peter-evans/create-or-update-comment@v4 step with two new steps that write pr-comment/manifest.json and pr-comment/body.md and then upload them as artifact pr-comment. The body markdown is byte-for-byte identical to the previous heredoc, with the marker prepended as the first line so subsequent runs can find it. - The threshold-or-existing-comment gate is preserved on both new steps. When the gate does not fire no artifact is uploaded and the poster no-ops. docs-orchestrator.yml (link-check job): - Drop the fork gate on the sticky-comment step. - Replace marocchino/sticky-pull-request-comment@v2 with two new steps that copy logs/filtered-link-check-results.md into pr-comment/body.md, write a pr-comment/manifest.json with the marker `<!-- pr-comment-poster:docs-link-check -->`, and upload the directory as artifact pr-comment. - The prepare step checks `test -s` on the results file and emits a prepared step output; the upload step is gated on that output. In practice the existing link-check step always writes a placeholder ("No broken links found in changed files.") into the file when empty, so the guard is defensive but not load-bearing today. - Tighten the link-check job's permissions from `pull-requests: write` down to `contents: read`; writing PR comments now happens in the poster workflow. The poster's workflows allowlist is seeded with the two active producers: "FLASH usage analysis" and "Docs - Orchestrator". clang-tidy (workflow name "Static Analysis") is not in the list because platisd/clang-tidy-pr-comments posts line-level review comments, a different REST API from issue comments that the poster script does not handle. Extending the poster to cover review comments is a follow-up. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-08 23:49:56 -06:00
Ramon Roche	4c8c9a1e0f	ci(clang-tidy): run incrementally on PRs and post inline annotations ... Switch the Static Analysis workflow to two modes: - Push to main: run the full "make clang-tidy" target as before. - Pull request: build the clang compile database with "make px4_sitl_default-clang", then call Tools/ci/run-clang-tidy-pr.py (already in-tree) to compute the translation units actually affected by the PR diff and run clang-tidy only on that subset. PRs that touch no C++ files exit silently; the large majority of PRs will skip the slow full analysis entirely. Replace the inline ccache restore/config/save steps with the composite actions from .github/actions/setup-ccache and .github/actions/save-ccache, which use content-hash cache keys (prefix-ref-sha with ref and base_ref fallbacks), compression, and compiler_check=content. Same 120M cap. Add a second job, post_clang_tidy_comments, that runs on a GitHub-hosted runner when the analysis job reports has_findings=true. It downloads the compile_commands.json artifact produced by the analysis job, rewrites the AWS RunsOn workspace prefix (/__w/PX4-Autopilot/PX4-Autopilot) to the GitHub-hosted runner workspace so clang-tidy can chdir into the build directory, runs clang-tidy-diff-18 to export fixes, and posts inline review annotations via platisd/clang-tidy-pr-comments@v1. Annotations are set to request changes (request_changes: true), so a PR with new clang-tidy findings will be blocked until they are addressed or waived. suggestions_per_comment is capped at 10. Annotations are gated to same-repo PRs only; forks skip the annotation job because GITHUB_TOKEN has no write access there. The post_clang_tidy_comments job uses if: always() && ... so it runs whether the analysis job succeeded or failed (findings still need to be surfaced when the analysis exits non-zero). Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-08 22:45:03 -06:00
Ramon Roche	48b04b1c81	ci(container): bump px4-dev to ghcr.io/px4/px4-dev:v1.17.0-rc2 ... Standardize on the GitHub Container Registry copy of px4-dev:v1.17.0-rc2 across workflows still pulling the old dockerhub v1.16.0-rc1 image, and move the workflows that were already on v1.17.0-beta1 from docker.io to ghcr.io so the whole repo pulls from one registry at the same version. Also modernize the "git ownership workaround" in the touched workflows that still used `git config --global --add safe.directory "$GITHUB_WORKSPACE"` to the `--system --add safe.directory '*'` form already in use by clang-tidy, flash_analysis, failsafe_sim, itcm_check, and docs-orchestrator. Updated workflows: - checks.yml - clang-tidy.yml (was on v1.17.0-beta1, now on rc2) - docs-orchestrator.yml (was on v1.17.0-beta1, two jobs) - ekf_functional_change_indicator.yml - ekf_update_change_indicator.yml - failsafe_sim.yml - flash_analysis.yml - itcm_check.yml - nuttx_env_config.yml Deliberately out of scope for this PR and deferred to focused follow-ups: - fetch-depth: 0 to 1 (firmware builds and flash_analysis base-ref checkout need git history) - PX4_SBOM_DISABLE removal in checks.yml (behavioral change) - fail-fast: false to true (behavioral change) - codecov-action upgrade No other workflows touched. compile_ubuntu.yml, ros_integration_tests.yml, sitl_tests.yml, mavros_*_tests.yml, fuzzing.yml, build_deb_package.yml, dev_container.yml all use different image families or serve different purposes and are not part of this sweep. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-08 21:46:07 -06:00
Ramon Roche	395236dc7f	ci(ros): clone px4-ros2-interface-lib using PR base branch ... The previous logic used GITHUB_HEAD_REF, which on a pull request is the source (PR author's) branch name. For backport PRs (e.g. mrpollo/backport-26781-1.17), no matching branch exists in px4-ros2-interface-lib, so the script fell back to main and the build broke from uORB message divergence. Switch to GITHUB_BASE_REF, which on a PR is the branch the code is being merged into (main or release/X.Y), and fall back to GITHUB_REF_NAME for direct pushes. This always resolves to a real branch in px4-ros2-interface-lib. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-08 01:17:15 -06:00
Ramon Roche	9f9171575e	ci(apt): gate apt mirror swap on runs-on at the workflow level ... Add 'if: startsWith(runner.name, "runs-on--")' to the mirror swap step in both workflows so fork users can see at a glance that the step only fires on runs-on runners and is a no-op on standard GitHub-hosted runners. The script keeps its internal RUNS_ON_AWS_REGION check as defense in depth for callers outside these workflows. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 20:01:55 -06:00
Ramon Roche	60db79f35e	ci(apt): extract AWS apt mirror swap into shared script ... The mirror swap was duplicated across two workflows. Move it into Tools/ci/use_aws_apt_mirror.sh and call the script from each workflow after checkout but before any heavy apt work like Tools/setup/ubuntu.sh. The script no-ops outside runs-on (RUNS_ON_AWS_REGION unset), so it is safe to call from forks, self-hosted runners, or local container runs without changing behavior there. The region is read from the runs-on environment instead of being hardcoded, so future region changes only need updating where the runner is provisioned. The bootstrap 'apt install git' step keeps the default mirror because git is one package and is unlikely to hit the dep11 desync issue that broke ubuntu.sh. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 20:01:55 -06:00
Ramon Roche	2798910293	ci(ubuntu): use AWS regional mirror for apt in compile workflow ... The compile_ubuntu workflow's apt operations talk directly to archive.ubuntu.com, which round-robins across community mirrors that occasionally serve out-of-sync index files mid-sync and break apt update for everyone until the upstream catches up. Apply the same mirror swap as build_deb_package.yml: rewrite the container's apt sources to point at us-west-2.ec2.archive.ubuntu.com before any apt operation runs, so both the inline 'apt update' and the later Tools/setup/ubuntu.sh call benefit from the regional mirror. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 20:01:55 -06:00
Ramon Roche	f77a1a44a0	ci(deb): publish SIH image as px4io/px4-sitl ... The SIH image is the canonical PX4 SITL container, so drop the redundant -sih suffix and publish it as px4io/px4-sitl. Gazebo continues to publish as px4io/px4-sitl-gazebo. Decouples the published image name from the matrix.image identifier by introducing a matrix.repo field, so renames like this don't require touching the matrix logic. This is a breaking change for anyone pulling px4io/px4-sitl-sih directly; the old tags remain available but no new ones will be published under that name. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 20:01:55 -06:00
Ramon Roche	1ba562f400	ci(deb): use AWS regional mirror for apt in deb build container ... The default archive.ubuntu.com round-robin can serve out-of-sync index files mid-sync, which makes apt-get update fail with 'File has unexpected size' errors and breaks the deb build job for everyone until the upstream mirror catches up. Rewrite the container's apt sources to point at us-west-2.ec2.archive. ubuntu.com instead. The EC2 archive mirrors are Canonical-operated, region-local to the runs-on instances, and sync aggressively, eliminating the round-robin lottery as a CI failure mode. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 20:01:55 -06:00
Ramon Roche	e4d46f20f4	ci(container): add build_ref input to allow dispatch against arbitrary refs ... The current workflow_dispatch path builds whatever HEAD of the dispatch ref is, labels the resulting image with px4_version, and publishes. That's fine for rebuilding current state but it cannot rebuild the exact commit a release tag points to, because the dispatch loads the workflow file from one ref and implicitly checks out the same ref for the build. This matters for release recovery. When the v1.17.0-rc2 tag push failed to publish containers back on 2026-03-13 (the v1 GHA cache protocol removal in RunsOn v2.12.0), the tag was not re-pushed, so the only way to publish rc2 containers now is via workflow_dispatch. Without this change, a dispatch against release/1.17 builds release/1.17 HEAD and labels it v1.17.0-rc2, which produces a container whose contents do not match the rc2 tag's actual code. That is not a faithful recovery. Add a build_ref input that controls only the checkout ref, defaulting to empty which falls back to github.ref (preserving current behavior for both push events and dispatches that omit the input). With this, a release recovery looks like: gh workflow run dev_container.yml --repo PX4/PX4-Autopilot \ --ref release/1.17 \ -f px4_version=v1.17.0-rc2 \ -f build_ref=v1.17.0-rc2 \ -f deploy_to_registry=true The workflow loads from release/1.17 HEAD (which has the cache fix from 39b0568 and the hardening from d74db56a), but the build uses Tools/setup/Dockerfile from the rc2 tag. The published image has rc2 contents under the rc2 label, as if the original tag push had worked. All three actions/checkout steps (setup, build, deploy) take the same ref expression so every job sees a consistent workspace. Non-dispatch events (push, PR) evaluate github.event.inputs.build_ref to empty and fall back to github.ref exactly as before. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 17:26:47 -06:00
Ramon Roche	86f0dc2cb1	ci(ros): stop uploading test logs to logs.px4.io ... Drops --upload from the ROS integration test runner so CI runs no longer publish ULogs to the public logs.px4.io server on every run. Failure debugging is unaffected: the existing Upload failed logs step already captures logs as GitHub Actions artifacts on failure. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 16:41:19 -06:00
Ramon Roche	d74db56a06	ci(container): harden dev_container workflow against cache-export flakes ... Three related fixes to prevent a repeat of the v1.17.0-rc2 incident, where a post-push GHA cache-export 404 failed the arm64 build after both registry pushes had already succeeded, fail-fast cancelled amd64, and the deploy job was skipped, leaving the registries with only a partial arm64 publish and no multi-arch manifest. - Mark cache export as non-fatal via ignore-error=true on cache-to. A successful registry push should never be undone by a cache-layer flake. This alone would have let rc2 publish correctly. - Decouple the deploy job from the build job's exit code. Change its if: gate to !cancelled() + setup success only, and promote the existing "Verify Images Exist Before Creating Manifest" step from a warning into a hard precondition. Deploy now runs whenever both per-arch tags actually exist in the registries, which is its real precondition, and fails loudly if a tag is missing. - Bump every action to the current major (runs-on/action v2, actions/checkout v5, docker/login-action v4, docker/setup-buildx-action v4, docker/build-push-action v7, docker/metadata-action v6). This gets the workflow off Node 20 before GitHub's June 2 2026 forced runtime switch and keeps runs-on/action on the same major as the runs-on platform. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-07 14:32:48 -06:00
Ramon Roche	dd03e18fee	ci(packaging): publish container images with :latest tag ... Add :latest tag alongside version tags for per-arch images and multi-arch manifests on both Docker Hub and GHCR. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-02 15:03:04 -06:00
Ramon Roche	1079c57fd0	build(packaging): add PX4 SITL .deb packages ... Add cmake/cpack infrastructure for building .deb packages from px4_sitl_sih and px4_sitl_default targets. Includes install rules, package scripts, Gazebo wrapper, and CI workflow. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-02 15:03:04 -06:00
Ramon Roche	685f9248e4	fix(sbom): fix false positives in monthly license audit ... Three issues caused the monthly audit to report already-resolved submodules: 1. The audit workflow grepped for "NOASSERTION" anywhere in the output, matching the Detected column even when the Final column had a valid override (e.g. libtomcrypt detected as NOASSERTION but overridden to Unlicense). Changed to grep for "<-- UNRESOLVED" marker instead. 2. Submodules with an explicit NOASSERTION override in license-overrides.yaml (like libfc-sensor-api, which is proprietary) were still counted as failures. Now treated as "acknowledged" since someone intentionally added the override entry. 3. Added missing BSD-3-Clause override for sitl_gazebo-classic (PX4 org project with no LICENSE file in repo). Fixes #26932 Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-04-02 11:15:30 -06:00
Ramon Roche	b243398231	feat(build): add SPDX 2.3 SBOM generation for builds (#26731)	2026-03-31 17:06:51 -06:00
Beniamino Pozzan	7584f7567f	ci(px4_msgs): publishing stable tag triggers tag creation in px4_msgs (#26858) ... Signed-off-by: Beniamino Pozzan <beniamino.pozzan@gmail.com>	2026-03-28 17:30:20 +00:00
Ramon Roche	adb2df5ca7	feat(boards/modalai/voxl2): add Debian packaging framework ... Add a scalable .deb packaging framework for VOXL2, built on the existing cmake/package.cmake CPack infrastructure. The framework handles multi-processor boards by having the POSIX (_default) build own the .deb and pull in the companion SLPI build's artifacts. Board-specific files: - cmake/package.cmake: CPack variable overrides (name, deps, version) - cmake/install.cmake: install() rules for all .deb contents - debian/postinst: px4-* symlinks, DSP signature, directory setup - debian/prerm: service stop, symlink cleanup - debian/voxl-px4.service: systemd unit (after sscrpcd) Infrastructure changes: - cmake/package.cmake: hook for board-specific CPack overrides - platforms/posix/CMakeLists.txt: hook for board install.cmake - Makefile: %_deb pattern rule (build _default, then cpack -G DEB) - CI: auto-discover _deb targets, collect .deb artifacts, upload to GitHub Releases Future boards: add cmake/package.cmake + cmake/install.cmake and CI discovers it automatically. No new file formats or tools needed. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-03-18 08:51:27 -07:00
Ramon Roche	2a4d473ba4	ci(ros): use matching branch for px4-ros2-interface-lib (#26781) ... * ci(ros): use matching branch for px4-ros2-interface-lib When running on release branches, the ROS integration tests now check if a matching branch exists in px4-ros2-interface-lib and clone it instead of always using main. This prevents build failures caused by uORB message divergence between main and release branches. Fixes https://github.com/Auterion/px4-ros2-interface-lib/issues/184 Signed-off-by: Ramon Roche <mrpollo@gmail.com> * ci(ros): dispatch release branch creation to px4-ros2-interface-lib Add a standalone workflow triggered by the create event that fires a repository_dispatch to Auterion/px4-ros2-interface-lib when a release/X.Y branch is created. Also supports manual workflow_dispatch. Signed-off-by: Ramon Roche <mrpollo@gmail.com> * ci(ros): add empty permissions block to dispatch workflow Fixes code scanning alert about missing GITHUB_TOKEN permissions. This workflow only uses a PAT secret, not GITHUB_TOKEN, so no permissions are needed. Signed-off-by: Ramon Roche <mrpollo@gmail.com> --------- Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-03-18 07:49:36 -07:00
Ramon Roche	f11e2106af	fix(ci): remove deprecated v1 cache API from container build ... RunsOn v2.12.0 (March 6, 2026) removed v1 cache toolkit support, causing the buildx GHA cache proxy to return 404 for v1 endpoints. This has broken container builds on main since March 12. Removing the explicit version=1 parameter lets buildkit auto-detect the v2 protocol, which is the only version now supported by both GitHub (since April 2025) and RunsOn. First build after this change will have a cold cache. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-03-13 13:59:54 -07:00
Hamish Willee	359b43e575	build(actions): Crowdin download to a conventional commit (#26705)	2026-03-11 16:46:56 +11:00
Ramon Roche	4da97eb4fd	ci(workflows): add commit message and PR title quality checks ... Add CI enforcement of conventional commit format for PR titles and commit messages. Includes three Python scripts under Tools/ci/: - conventional_commits.py: shared parsing/validation library - check_pr_title.py: validates PR title format, suggests fixes - check_commit_messages.py: checks commits for blocking errors (fixup/squash/WIP leftovers) and advisory warnings (review-response, formatter-only commits) The workflow (.github/workflows/commit_checks.yml) posts concise GitHub PR comments with actionable suggestions and auto-removes them once issues are resolved. Also updates CONTRIBUTING.md and docs with the conventional commits convention. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-03-06 17:51:54 -08:00
Ramon Roche	864df9fc7b	CI: disable VTOL and tailsitter SITL tests ... Persistent flaky failures (timeouts, erratic transitions) make these tests unreliable in CI. Commented out from the workflow matrix so they can be re-enabled once the test infrastructure is stabilized. The test definitions in sitl.json are preserved for local use. Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-02-17 09:30:18 -08:00
Ramon Roche	32c94bd3b1	ci: fix S3 upload so tags don't overwrite stable firmware ... Remove the step that uploaded every version tag to the stable/ S3 directory, which caused QGC users selecting "stable" to receive pre-release firmware (#26340). The stable/ and beta/ directories are now controlled exclusively by their respective branch pushes, while version tags only upload to their versioned archive directory (e.g., v1.16.1/). Pre-release tags are also correctly marked on GitHub Releases. Co-authored-by: Julian Oes <julian@oes.ch> Fixes #26340 Signed-off-by: Ramon Roche <mrpollo@gmail.com>	2026-02-13 06:29:13 -08:00