CI/CD workflows for the fbuild project, covering lint, test, documentation, and binary builds.
check-{macos,ubuntu,windows}.yml-- Clippy + tests per platformfmt.yml-- Rustfmt check |docs.yml-- Doc build with-D warningsmsrv.yml-- MSRV 1.94.1 verification |validate-boards.yml-- Board JSON validation
build-esp32{c2,c3,c5,c6,dev,h2,p4,s2,s3}.yml-- ESP32 variantsbuild-esp8266.yml-- ESP8266build-uno.yml,build-leonardo.yml,build-atmega8a.yml-- AVR classic boardsbuild-attiny{85,88,4313}.yml-- ATtiny AVR boardsbuild-ATtiny{1604,1616}.yml,build-nano_every.yml-- MegaAVR boardsbuild-uno_r4_wifi.yml-- Renesas RAbuild-teensy{30,31,32,35,36,40,41,lc}.yml-- Teensy variantsbuild-stm32f{103c8,103cb,103tb,411ce}.yml,build-stm32h747xi.yml,build-nucleo_f{429,439}zi.yml-- STM32build-sam3x8e_due.yml,build-samd{21,21_zero,51j,51p}.yml-- SAM/SAMDbuild-rp{2040,2350}.yml-- RP2040/RP2350build-nrf52840_dk.yml-- Nordic nRF52build-apollo3_{red,thing_explorable}.yml-- Apollo3build-mgm240.yml-- Silicon Labs EFR32build-ch32v003.yml-- CH32V003 RISC-V (48MHz, 2KB RAM, 16KB Flash)build-ch32v103.yml-- CH32V103 RISC-V (72MHz, 20KB RAM, 64KB Flash)build-ch32v203.yml-- CH32V203 RISC-V (144MHz, 20KB RAM, 64KB Flash)build-ch32v208.yml-- CH32V208 RISC-V + BLE 5.3 (144MHz, 64KB RAM, 128KB Flash)build-ch32v303.yml-- CH32V303 RISC-V (144MHz, 64KB RAM, 256KB Flash)build-ch32v307.yml-- CH32V307 RISC-V (144MHz, 64KB RAM, 256KB Flash, ETH+USB HS)build-ch32x035.yml-- CH32X035 RISC-V + USB PD (48MHz, 20KB RAM, 62KB Flash)
build.yml-- Manual dispatch: cross-platform native binary buildsrelease-auto.yml-- Version-gated GitHub/PyPI release workflow with attestationstemplate_build.yml-- Reusable workflow for per-board firmware buildstemplate_native_build.yml-- Reusable workflow for native Rust binary builds
Manual build.yml native artifacts include SHA256SUMS.txt and GitHub Artifact
Attestations for every staged native file:
fbuild/fbuild.exefbuild-daemon/fbuild-daemon.exe_native.abi3.so/_native.pyd
After downloading and extracting a binaries-${target} workflow artifact:
sha256sum -c SHA256SUMS.txt
gh attestation verify fbuild --repo FastLED/fbuild
gh attestation verify fbuild-daemon --repo FastLED/fbuild
gh attestation verify _native.abi3.so --repo FastLED/fbuildFor Windows artifacts, verify fbuild.exe, fbuild-daemon.exe, and
_native.pyd instead.
release-auto.yml follows the attested release pattern used by soldr:
- reads the workspace/package version from
Cargo.tomlandpyproject.toml - skips the run if the tag already exists or PyPI already has that version
- builds native artifacts through
template_native_build.yml - packages GitHub Release archives and creates
SHA256SUMS - attests the release archive checksums with GitHub Artifact Attestations
- builds fbuild wheels from the native artifacts
- publishes wheels to PyPI through Trusted Publishing
If GitHub release creation succeeds but PyPI publishing fails, run
release-auto.yml manually with workflow_dispatch. When the matching tag
already exists but PyPI has fewer than the expected wheel files, the workflow
rebuilds from that tag, skips GitHub release creation, and retries only the PyPI
publish path.
To verify a downloaded GitHub Release artifact:
gh attestation verify <path-to-release-archive> --repo FastLED/fbuildTo inspect the release checksums:
sha256sum -c fbuild-vX.Y.Z-SHA256SUMS.txtPyPI publishing requires a Trusted Publisher configured on PyPI for:
- project:
fbuild - repository:
FastLED/fbuild - workflow:
.github/workflows/release-auto.yml - environment:
pypi
The PyPI publish job declares the pypi GitHub environment so PyPI receives an
OIDC token with environment: pypi. The Trusted Publisher entry on PyPI must
match that environment exactly; otherwise PyPI rejects the exchange with
invalid-publisher.