Adds a stand-alone workflow that posts or updates sticky PR comments on
behalf of any analysis workflow, including those triggered by fork PRs.
The poster runs on `workflow_run` in the base repo context, which is the
standard GitHub-sanctioned way to get a write token on events that
originate from untrusted forks without ever checking out fork code.
All validation, GitHub API interaction, and upsert logic lives in
Tools/ci/pr-comment-poster.py (Python 3 stdlib only, two subcommands:
`validate` and `post`). The workflow file itself is a thin orchestrator:
sparse-checkout the script, download the pr-comment artifact via
github-script, unzip, then invoke the script twice. No inline jq, no
inline bash validation, no shell-interpolated marker strings. The
sparse-checkout ensures only Tools/ci/pr-comment-poster.py lands in the
workspace, never the rest of the repo.
Artifact contract: a producer uploads an artifact named exactly
`pr-comment` containing `manifest.json` (with `pr_number`, `marker`, and
optional `mode`) and `body.md`. The script validates the manifest
(positive integer pr_number, printable-ASCII marker bounded 1..200
chars, UTF-8 body under 60000 bytes, mode in an allowlist), finds any
existing comment containing the marker via the comments REST API, and
either edits it in place or creates a new one.
The workflow file header documents six security invariants that any
future change MUST preserve, most importantly: NEVER check out PR code,
NEVER execute anything from the artifact, and treat all artifact
contents as opaque data.
Why a generic poster and not `pull_request_target`: `pull_request_target`
is the tool people reach for first and the one that most often turns
into a supply-chain vulnerability, because it hands a write token to a
workflow that is then tempted to check out the PR head. `workflow_run`
gives the same write token without any check-out temptation, because
the only input is a pre-produced artifact treated as opaque data.
Producer migrations
===================
flash_analysis.yml:
- Drop the fork gate on the `post_pr_comment` job.
- Drop the obsolete TODO pointing at issue #24408 (the fork-comment
workflow does not error anymore; it just no-ops).
- Keep the existing "comment only if threshold crossed or previous
comment exists" behaviour verbatim. peter-evans/find-comment@v3
stays as a read-only probe (forks can read issue comments just fine);
its body-includes is updated to search for the new marker
`<!-- pr-comment-poster:flash-analysis -->` instead of the old
"FLASH Analysis" heading substring.
- Replace the peter-evans/create-or-update-comment@v4 step with two
new steps that write pr-comment/manifest.json and pr-comment/body.md
and then upload them as artifact pr-comment. The body markdown is
byte-for-byte identical to the previous heredoc, with the marker
prepended as the first line so subsequent runs can find it.
- The threshold-or-existing-comment gate is preserved on both new
steps. When the gate does not fire no artifact is uploaded and the
poster no-ops.
docs-orchestrator.yml (link-check job):
- Drop the fork gate on the sticky-comment step.
- Replace marocchino/sticky-pull-request-comment@v2 with two new steps
that copy logs/filtered-link-check-results.md into pr-comment/body.md,
write a pr-comment/manifest.json with the marker
`<!-- pr-comment-poster:docs-link-check -->`, and upload the directory
as artifact pr-comment.
- The prepare step checks `test -s` on the results file and emits a
prepared step output; the upload step is gated on that output. In
practice the existing link-check step always writes a placeholder
("No broken links found in changed files.") into the file when empty,
so the guard is defensive but not load-bearing today.
- Tighten the link-check job's permissions from `pull-requests: write`
down to `contents: read`; writing PR comments now happens in the
poster workflow.
The poster's workflows allowlist is seeded with the two active
producers: "FLASH usage analysis" and "Docs - Orchestrator".
clang-tidy (workflow name "Static Analysis") is not in the list because
platisd/clang-tidy-pr-comments posts line-level review comments, a
different REST API from issue comments that the poster script does not
handle. Extending the poster to cover review comments is a follow-up.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Add four reusable building blocks that upcoming CI optimization PRs will
consume. No existing workflow is modified; these files are dormant until
referenced.
- .github/actions/setup-ccache: restore ~/.ccache with content-hash keys,
write ccache.conf with compression and content-based compiler check
- .github/actions/save-ccache: print stats and save the cache under the
primary key produced by setup-ccache
- .github/actions/build-gazebo-sitl: build px4_sitl_default plus the
Gazebo Classic plugins with ccache stats between stages
- Tools/ci/run-clang-tidy-pr.py: compute the translation units affected
by a PR diff and invoke Tools/run-clang-tidy.py on that subset only,
exiting silently when no C++ files changed
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
The mirror swap was duplicated across two workflows. Move it into
Tools/ci/use_aws_apt_mirror.sh and call the script from each workflow
after checkout but before any heavy apt work like Tools/setup/ubuntu.sh.
The script no-ops outside runs-on (RUNS_ON_AWS_REGION unset), so it is
safe to call from forks, self-hosted runners, or local container runs
without changing behavior there. The region is read from the runs-on
environment instead of being hardcoded, so future region changes only
need updating where the runner is provisioned.
The bootstrap 'apt install git' step keeps the default mirror because
git is one package and is unlikely to hit the dep11 desync issue that
broke ubuntu.sh.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
The packaging script only placed all_events.json.xz in an events/
subdirectory, but the firmware advertises the metadata URI at the
board directory top level. New build targets added after the
Jenkins-to-GHA migration had no legacy top-level copy, causing
QGC to get a 404 when fetching component metadata.
Fixes#26963
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Three issues caused the monthly audit to report already-resolved submodules:
1. The audit workflow grepped for "NOASSERTION" anywhere in the output,
matching the Detected column even when the Final column had a valid
override (e.g. libtomcrypt detected as NOASSERTION but overridden to
Unlicense). Changed to grep for "<-- UNRESOLVED" marker instead.
2. Submodules with an explicit NOASSERTION override in license-overrides.yaml
(like libfc-sensor-api, which is proprietary) were still counted as
failures. Now treated as "acknowledged" since someone intentionally
added the override entry.
3. Added missing BSD-3-Clause override for sitl_gazebo-classic (PX4 org
project with no LICENSE file in repo).
Fixes#26932
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Several helper scripts assumes bash is available at /bin/bash. That breaks on systems
such as NixOS, where bash is resolved from PATH instead of a fixed /bin location and
causes failures like `bad interpreter` during `make format`, e.g., on my host machine:
```sh
$ make format
/PX4-Autopilot/Tools/astyle/check_code_style.sh: /PX4-Autopilot/Tools/astyle/fix_code_style.sh: /bin/bash: bad interpreter: No such file or directory
```
This change switches these entrypoints to `#!/usr/bin/env bash` so they locate bash properly.
No functional changes intended.
Signed-off-by: Onur Özkan <work@onurozkan.dev>
Add a scalable .deb packaging framework for VOXL2, built on the
existing cmake/package.cmake CPack infrastructure. The framework
handles multi-processor boards by having the POSIX (_default) build
own the .deb and pull in the companion SLPI build's artifacts.
Board-specific files:
- cmake/package.cmake: CPack variable overrides (name, deps, version)
- cmake/install.cmake: install() rules for all .deb contents
- debian/postinst: px4-* symlinks, DSP signature, directory setup
- debian/prerm: service stop, symlink cleanup
- debian/voxl-px4.service: systemd unit (after sscrpcd)
Infrastructure changes:
- cmake/package.cmake: hook for board-specific CPack overrides
- platforms/posix/CMakeLists.txt: hook for board install.cmake
- Makefile: %_deb pattern rule (build _default, then cpack -G DEB)
- CI: auto-discover _deb targets, collect .deb artifacts, upload
to GitHub Releases
Future boards: add cmake/package.cmake + cmake/install.cmake and
CI discovers it automatically. No new file formats or tools needed.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Read companion_targets files from board directories and exclude those
targets from CI grouped builds. The parent target builds them via
Make prerequisite, avoiding redundant CI jobs.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
airframes.xml and all_events.json.xz on the px4-travis S3 bucket have
been stale since October 2025 because package_build_artifacts.sh had
wrong paths for both files after the migration from metadata.yml to
build_all_targets.yml.
- airframes.xml: SITL builds produce it under docs/, not at the build
root (only NuttX does that). Use explicit file checks to try both.
- all_events.json.xz: was copied flat into artifacts/$build_dir/ but
the _general section expected it under events/. Preserve the
subdirectory so the copy to _general/ actually finds the file.
- Remove duplicate cp lines that were misleadingly commented as
"ROS 2 msgs".
- Fail with an error when critical _general metadata files are missing
rather than silently producing incomplete artifacts.
Also uploaded fresh metadata to S3 manually to unblock Flight Review.
Fixes#26713
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Add CI enforcement of conventional commit format for PR titles and
commit messages. Includes three Python scripts under Tools/ci/:
- conventional_commits.py: shared parsing/validation library
- check_pr_title.py: validates PR title format, suggests fixes
- check_commit_messages.py: checks commits for blocking errors
(fixup/squash/WIP leftovers) and advisory warnings (review-response,
formatter-only commits)
The workflow (.github/workflows/commit_checks.yml) posts concise
GitHub PR comments with actionable suggestions and auto-removes them
once issues are resolved.
Also updates CONTRIBUTING.md and docs with the conventional commits
convention.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
os.scandir() returns entries in non-deterministic order, which caused
voxl2-slpi to sometimes build before voxl2_default (which it depends
on). Sort all os.scandir() calls lexicographically by name so the
shorter prefix voxl2 always precedes voxl2-slpi.
Fix generate_msg_docs.py IndexError when a .msg file declares a single
topic that does not match the camel_to_snake default (e.g.
AuxGlobalPosition.msg). The error message referenced self.topics[1]
(out of bounds) instead of self.topics[0].
Fix camel_to_snake() regex to correctly convert names like
"AuxGlobalPosition" to "aux_global_position". The previous regex
produced "aux_globalposition" because it failed to insert an underscore
between a lowercase letter and an uppercase letter mid-word.
Also remove stderr redirection (2>&1) from all make targets in
metadata_sync.sh so that errors are visible in CI logs even in
non-verbose mode, making failures easier to diagnose.
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Remove modalai_voxl2 and qurt from CI exclusion lists and add
container overrides to use the private ghcr.io/px4/px4-dev-voxl2
image which contains the Qualcomm Hexagon SDK.
- Add voxl2 build group with x64 runner for cross-compilation
- Add GHCR credentials to workflow for private container pull
- Add packages:read permission to workflow
- Auto-build libfc_sensor.so stub during cmake configure
- Handle missing .px4/.elf gracefully in artifact packaging
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
- Add safe.directory + fetch-depth: 0 for container jobs
- Support workflow_dispatch in metadata-regen and deploy-aws
- Guard PR comments against fork PRs
- Add ccache save to pr-metadata-regen
- Use metadata_sync.sh --generate --sync instead of manual steps
- Fix msg_docs source path in metadata_sync.sh
- Guard set-version against non-release branches
- Clean up build-site needs list
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
Add conditional metadata generation for PRs that modify both docs and
source files. This fixes broken link checker reports when a PR adds a
new module and documents it simultaneously - previously the link checker
would fail because metadata files are only generated on push to main.
Changes:
- Add docs-orchestrator.yml workflow with:
- detect-changes job to check if PR touches source paths
- pr-metadata-regen job that generates metadata and uploads as artifact
- link-check job that downloads metadata artifact when available
- build-site job for VitePress site generation
- deploy-aws and crowdin-upload jobs for push events
- Prettier formatting step before auto-commit on push
- Add Prettier for markdown formatting:
- Add prettier ^3.2.0 as devDependency in docs/package.json
- Add docs/.prettierrc with prose-preserving config
- Remove normalize_whitespace from metadata_sync.sh (Prettier handles
whitespace normalization now)
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
metadata_modules.sh — generate and sync PX4 module reference documentation
Usage:
Tools/ci/metadata_modules.sh [--test-only] [--debug]
Options:
--test-only Run make target and comparison; exit 1 if diffs found, without copying files
--debug Show full make output and debug info for file comparisons
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
metadata_airframe.sh — generate and sync PX4 airframe reference documentation
Usage:
Tools/ci/metadata_airframe.sh [--test-only] [--debug]
Options:
--test-only Run make target and comparison; exit 1 if diffs found, without copying file
--debug Show full make output and debug info for comparison
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
metadata_parameters.sh — generate and sync PX4 parameter reference documentation
Usage:
Tools/ci/metadata_parameters.sh [--test-only] [--debug]
Options:
--test-only Run make target and comparison; exit 1 if diffs found, without copying file
--debug Show full make output and debug info for comparison
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
metadata_msg_docs.sh — generate and sync uORB message reference documentation
Usage:
Tools/ci/metadata_msg_docs.sh [--test-only] [--debug]
Options:
--test-only Run make target and comparison; exit 1 if diffs found, without copying files
--debug Show full make output and debug info for file comparisons
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
context: our docs need this metadata, this script generates the metadata then
moves the files to the required destination.
docs:
update_uorb_graphs.sh — generate, compare, and sync uORB graph JSONs
Usage:
./scripts/update_uorb_graphs.sh [--test-only] [--debug]
Options:
--test-only Run generation and comparison only; exit 1 if diffs found, without copying files
--debug Echo debug info for missing or differing files
Examples:
# CI mode: fail if docs need updates
./scripts/update_uorb_graphs.sh --test-only
# Developer mode: regenerate and sync JSONs
./scripts/update_uorb_graphs.sh
Signed-off-by: Ramon Roche <mrpollo@gmail.com>
nsh console running on USB
param module running
working with i2c and common drivers
provided implementation for drv_pwm_output.h
i2cdetect working as expected with no device
mavlink started succesfully
mounts sd card and logger runs
logger to file succesfully
pwm_servo implemented without using Nuttx lib
pwm_out outputs expected waveforms
- however currently if the frequency is higher than what the pwm_out
driver runs, there will be aliasing, based on how the registers gets
resets
wifi softap working
- Seeing wifi hotspot
- cant connect due to wrong password
- problems with adjusting ssid and password
wifi ssid and password being set accordinglu
connected to wifi hotspot with dhpcd
- made some changes to nuttx to only build for SoftAP mode, however this
was effectivelyy removing the ifdef for STATION mode. Should investigate
the coexist option again
added ifdef to not use timer 0 when wifi enabled
- reverted esp32 rt_timer to make use of timer 0 by default
fix setting incorrect bit in hrt timer register
- hrt running as expected, but on startup the pwm_out driver starts up
at about 200Hz and then rises over a minute or so 250Hz. Not sure if
this was present previously, and could be due to Wifi running at time
priority on timer 0
pull xtensa compilers in setup.ubuntu.sh
revert logger stacksize and cmake argument
esp32 chip revision and PX4 UUID implemented
spi board reset implemented, formatting checked
devkit acts on startup as a wifi bridge for comms
- the most usefull setting for the general developer when buying a esp32 devkit
- testing Mavlink shell using ./Tools/mavlink_shell.py
- todo: Test mavlink messages being forward
improve wifi telemetry by increasing prio
- Remove power save mode on wifi
- increased daemon thread schedule priority to 50
compiles without Nuttx changes
- updated compiler settings to match those of nuttx on px4 side
add espressif_esp32 to excluded boards
ci: allow docker to find xtensa compilers
