diff --git a/.github/ISSUE_TEMPLATE/Bug Report.yml b/.github/ISSUE_TEMPLATE/Bug Report.yml
index f2d2f6507..f638b9018 100644
--- a/.github/ISSUE_TEMPLATE/Bug Report.yml
+++ b/.github/ISSUE_TEMPLATE/Bug Report.yml
@@ -1,7 +1,7 @@
name: Bug Report
description: File a bug report
title: "[Bug]: "
-labels: ["bug", "triage"]
+labels: [bug, triage]
body:
- type: markdown
attributes:
diff --git a/.github/ISSUE_TEMPLATE/New Board.yml b/.github/ISSUE_TEMPLATE/New Board.yml
index c71ed4ba2..90b2a9bf9 100644
--- a/.github/ISSUE_TEMPLATE/New Board.yml
+++ b/.github/ISSUE_TEMPLATE/New Board.yml
@@ -1,7 +1,7 @@
name: New Board
description: Request us to support new hardware
title: "[Board]: "
-labels: ["enhancement", "triage"]
+labels: [enhancement, triage]
body:
- type: markdown
attributes:
diff --git a/.github/ISSUE_TEMPLATE/feature.yml b/.github/ISSUE_TEMPLATE/feature.yml
index b50ccac26..311f097c4 100644
--- a/.github/ISSUE_TEMPLATE/feature.yml
+++ b/.github/ISSUE_TEMPLATE/feature.yml
@@ -1,7 +1,7 @@
name: Feature Request
description: Request a new feature
title: "[Feature Request]: "
-labels: ["enhancement"]
+labels: [enhancement]
body:
- type: markdown
attributes:
diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml
new file mode 100644
index 000000000..f7bf95f83
--- /dev/null
+++ b/.github/actionlint.yaml
@@ -0,0 +1,5 @@
+# Configuration related to self-hosted runner.
+self-hosted-runner:
+ # Labels of self-hosted runner in array of strings.
+ labels:
+ - test-runner
diff --git a/.github/actions/build-variant/action.yml b/.github/actions/build-variant/action.yml
index b24a5fc12..2f0883fad 100644
--- a/.github/actions/build-variant/action.yml
+++ b/.github/actions/build-variant/action.yml
@@ -34,7 +34,7 @@ inputs:
arch:
description: Processor arch name
required: true
- default: "esp32"
+ default: esp32
runs:
using: composite
diff --git a/.github/actions/setup-base/action.yml b/.github/actions/setup-base/action.yml
index 7364c4ddb..7cd0dfcac 100644
--- a/.github/actions/setup-base/action.yml
+++ b/.github/actions/setup-base/action.yml
@@ -1,13 +1,13 @@
-name: "Setup Build Base Composite Action"
-description: "Base build actions for Meshtastic Platform IO steps"
+name: Setup Build Base Composite Action
+description: Base build actions for Meshtastic Platform IO steps
runs:
- using: "composite"
+ using: composite
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
- submodules: "recursive"
+ submodules: recursive
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 616c16ce2..cf840b1ff 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,26 +1,27 @@
+#trunk-ignore-all(yamllint/quoted-strings): required by dependabot syntax check
version: 2
updates:
- package-ecosystem: docker
directory: devcontainer
schedule:
interval: daily
- time: "05:00" # trunk-ignore(yamllint/quoted-strings): required by dependabot syntax check
+ time: "05:00"
timezone: US/Pacific
- package-ecosystem: docker
directory: /
schedule:
interval: daily
- time: "05:00" # trunk-ignore(yamllint/quoted-strings): required by dependabot syntax check
+ time: "05:00"
timezone: US/Pacific
- package-ecosystem: gitsubmodule
directory: /
schedule:
interval: daily
- time: "05:00" # trunk-ignore(yamllint/quoted-strings): required by dependabot syntax check
+ time: "05:00"
timezone: US/Pacific
- package-ecosystem: github-actions
directory: /.github/workflows
schedule:
interval: daily
- time: "05:00" # trunk-ignore(yamllint/quoted-strings): required by dependabot syntax check
+ time: "05:00"
timezone: US/Pacific
diff --git a/.github/workflows/build_nrf52.yml b/.github/workflows/build_nrf52.yml
index ce26838f2..786508f86 100644
--- a/.github/workflows/build_nrf52.yml
+++ b/.github/workflows/build_nrf52.yml
@@ -7,6 +7,8 @@ on:
required: true
type: string
+permissions: read-all
+
jobs:
build-nrf52:
runs-on: ubuntu-latest
diff --git a/.github/workflows/build_rpi2040.yml b/.github/workflows/build_rpi2040.yml
index 492a1f010..53fee34d2 100644
--- a/.github/workflows/build_rpi2040.yml
+++ b/.github/workflows/build_rpi2040.yml
@@ -7,6 +7,8 @@ on:
required: true
type: string
+permissions: read-all
+
jobs:
build-rpi2040:
runs-on: ubuntu-latest
diff --git a/.github/workflows/build_stm32.yml b/.github/workflows/build_stm32.yml
index b463bab71..dc469d994 100644
--- a/.github/workflows/build_stm32.yml
+++ b/.github/workflows/build_stm32.yml
@@ -7,6 +7,8 @@ on:
required: true
type: string
+permissions: read-all
+
jobs:
build-stm32:
runs-on: ubuntu-latest
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
index c9489db1a..0f0ee0af4 100644
--- a/.github/workflows/tests.yml
+++ b/.github/workflows/tests.yml
@@ -2,9 +2,11 @@ name: End to end tests
on:
schedule:
- - cron: "0 0 * * *" # Run every day at midnight
+ - cron: 0 0 * * * # Run every day at midnight
workflow_dispatch: {}
+permissions: read-all
+
jobs:
native-tests:
uses: ./.github/workflows/test_native.yml
diff --git a/.trunk/configs/.markdownlint.yaml b/.trunk/configs/.markdownlint.yaml
index fb940393d..6486f050e 100644
--- a/.trunk/configs/.markdownlint.yaml
+++ b/.trunk/configs/.markdownlint.yaml
@@ -8,3 +8,4 @@ line_length: false
spaces: false
url: false
whitespace: false
+headings: false
diff --git a/Dockerfile b/Dockerfile
index f9a3b9962..4796df301 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,8 +1,9 @@
# trunk-ignore-all(terrascan/AC_DOCKER_0002): Known terrascan issue
-# trunk-ignore-all(hadolint/DL3008): Use latest version of apt packages for buildchain
# trunk-ignore-all(trivy/DS002): We must run as root for this container
# trunk-ignore-all(checkov/CKV_DOCKER_8): We must run as root for this container
# trunk-ignore-all(hadolint/DL3002): We must run as root for this container
+# trunk-ignore-all(hadolint/DL3008): Do not pin apt package versions
+# trunk-ignore-all(hadolint/DL3013): Do not pin pip package versions
FROM python:3.12-bookworm AS builder
ENV DEBIAN_FRONTEND=noninteractive
@@ -10,12 +11,13 @@ ENV TZ=Etc/UTC
# Install Dependencies
ENV PIP_ROOT_USER_ACTION=ignore
-RUN apt-get update && apt-get install --no-install-recommends -y wget g++ zip git ca-certificates \
+RUN apt-get update && apt-get install --no-install-recommends -y \
+ wget g++ zip git ca-certificates \
libgpiod-dev libyaml-cpp-dev libbluetooth-dev libi2c-dev \
- libusb-1.0-0-dev libulfius-dev liborcania-dev libssl-dev pkg-config && \
- apt-get clean && rm -rf /var/lib/apt/lists/* && \
- pip install --no-cache-dir -U platformio==6.1.16 && \
- mkdir /tmp/firmware
+ libusb-1.0-0-dev libulfius-dev liborcania-dev libssl-dev pkg-config \
+ && apt-get clean && rm -rf /var/lib/apt/lists/* \
+ && pip install --no-cache-dir -U platformio \
+ && mkdir /tmp/firmware
# Copy source code
WORKDIR /tmp/firmware
@@ -35,8 +37,9 @@ ENV TZ=Etc/UTC
# nosemgrep: dockerfile.security.last-user-is-root.last-user-is-root
USER root
-RUN apt-get update && apt-get --no-install-recommends -y install libc-bin libc6 libgpiod2 libyaml-cpp0.7 libi2c0 libulfius2.7 libusb-1.0-0-dev liborcania2.3 libssl3 && \
- apt-get clean && rm -rf /var/lib/apt/lists/* \
+RUN apt-get update && apt-get --no-install-recommends -y install \
+ libc-bin libc6 libgpiod2 libyaml-cpp0.7 libi2c0 libulfius2.7 libusb-1.0-0-dev liborcania2.3 libssl3 \
+ && apt-get clean && rm -rf /var/lib/apt/lists/* \
&& mkdir -p /var/lib/meshtasticd \
&& mkdir -p /etc/meshtasticd/config.d \
&& mkdir -p /etc/meshtasticd/ssl
diff --git a/alpine.Dockerfile b/alpine.Dockerfile
index 8b48eeca3..caa86187f 100644
--- a/alpine.Dockerfile
+++ b/alpine.Dockerfile
@@ -1,14 +1,18 @@
# trunk-ignore-all(trivy/DS002): We must run as root for this container
# trunk-ignore-all(checkov/CKV_DOCKER_8): We must run as root for this container
# trunk-ignore-all(hadolint/DL3002): We must run as root for this container
+# trunk-ignore-all(hadolint/DL3018): Do not pin apk package versions
+# trunk-ignore-all(hadolint/DL3013): Do not pin pip package versions
FROM python:3.12-alpine3.21 AS builder
ENV PIP_ROOT_USER_ACTION=ignore
-RUN apk add bash g++ libstdc++-dev linux-headers zip git ca-certificates libgpiod-dev yaml-cpp-dev bluez-dev \
- libusb-dev i2c-tools-dev openssl-dev pkgconf argp-standalone && \
- pip install --no-cache-dir -U platformio==6.1.16 && \
- mkdir /tmp/firmware
+RUN apk --no-cache add \
+ bash g++ libstdc++-dev linux-headers zip git ca-certificates libgpiod-dev yaml-cpp-dev bluez-dev \
+ libusb-dev i2c-tools-dev openssl-dev pkgconf argp-standalone \
+ && rm -rf /var/cache/apk/* \
+ && pip install --no-cache-dir -U platformio \
+ && mkdir /tmp/firmware
WORKDIR /tmp/firmware
COPY . /tmp/firmware
@@ -27,7 +31,9 @@ FROM alpine:3.21
# nosemgrep: dockerfile.security.last-user-is-root.last-user-is-root
USER root
-RUN apk add libstdc++ libgpiod yaml-cpp libusb i2c-tools \
+RUN apk --no-cache add \
+ libstdc++ libgpiod yaml-cpp libusb i2c-tools \
+ && rm -rf /var/cache/apk/* \
&& mkdir -p /var/lib/meshtasticd \
&& mkdir -p /etc/meshtasticd/config.d \
&& mkdir -p /etc/meshtasticd/ssl
diff --git a/src/modules/WaypointModule.cpp b/src/modules/WaypointModule.cpp
index 08b48b682..479a973c2 100644
--- a/src/modules/WaypointModule.cpp
+++ b/src/modules/WaypointModule.cpp
@@ -144,9 +144,9 @@ void WaypointModule::drawFrame(OLEDDisplay *display, OLEDDisplayUiState *state,
bearingToOther -= myHeading;
screen->drawNodeHeading(display, compassX, compassY, compassDiam, bearingToOther);
- float bearingToOtherDegrees = (bearingToOther < 0) ? bearingToOther + 2*PI : bearingToOther;
- bearingToOtherDegrees = bearingToOtherDegrees * 180 / PI;
-
+ float bearingToOtherDegrees = (bearingToOther < 0) ? bearingToOther + 2 * PI : bearingToOther;
+ bearingToOtherDegrees = bearingToOtherDegrees * 180 / PI;
+
// Distance to Waypoint
float d = GeoCoord::latLongToMeter(DegD(wp.latitude_i), DegD(wp.longitude_i), DegD(op.latitude_i), DegD(op.longitude_i));
if (config.display.units == meshtastic_Config_DisplayConfig_DisplayUnits_IMPERIAL) {
@@ -161,7 +161,6 @@ void WaypointModule::drawFrame(OLEDDisplay *display, OLEDDisplayUiState *state,
snprintf(distStr, sizeof(distStr), "%.1fkm %.0f°", d / 1000, bearingToOtherDegrees);
}
-
}
// If our node doesn't have position
diff --git a/test/test_crypto/test_main.cpp b/test/test_crypto/test_main.cpp
index fd7706e6e..ac507116c 100644
--- a/test/test_crypto/test_main.cpp
+++ b/test/test_crypto/test_main.cpp
@@ -1,3 +1,4 @@
+// trunk-ignore-all(gitleaks): These are dummy values. Not real secrets.
#include "CryptoEngine.h"
#include "TestUtil.h"
diff --git a/variants/xiao_ble/README.md b/variants/xiao_ble/README.md
index 6fff9cd22..2a08138ba 100644
--- a/variants/xiao_ble/README.md
+++ b/variants/xiao_ble/README.md
@@ -116,24 +116,26 @@ The default pin mapping in `variant.h` uses 'automatic Tx/Rx switching' mode. If
MCU -> E22 connections
-| Xiao BLE pin | variant.h definition | E22 pin | Notes |
-| :------------ | :---------------------------- | :-----------------| :------------------------------------------------------------------------------------------------------------------- |
-| D0 | SX126X_CS | 19 (NSS) | |
-| D1 | SX126X_DIO1 | 13 (DIO1) | |
-| D2 | SX126X_BUSY | 14 (BUSY) | |
-| D3 | SX126X_RESET | 15 (NRST) | |
-| D7 | SX126X_RXEN | 6 (RXEN) | These pins must still be connected, and `SX126X_RXEN` defined in `variant.h`, otherwise Rx sensitivity will be poor. |
-| D8 | PIN_SPI_SCK | 18 (SCK) | |
-| D9 | PIN_SPI_MISO | 16 (MISO) | |
-| D10 | PIN_SPI_MOSI | 17 (MOSI) | |
+
+| Xiao BLE pin | variant.h definition | E22 pin | Notes |
+| :----------- | :------------------- | :-------- | :------------------------------------------------------------------------------------------------------------------- |
+| D0 | SX126X_CS | 19 (NSS) | |
+| D1 | SX126X_DIO1 | 13 (DIO1) | |
+| D2 | SX126X_BUSY | 14 (BUSY) | |
+| D3 | SX126X_RESET | 15 (NRST) | |
+| D7 | SX126X_RXEN | 6 (RXEN) | These pins must still be connected, and `SX126X_RXEN` defined in `variant.h`, otherwise Rx sensitivity will be poor. |
+| D8 | PIN_SPI_SCK | 18 (SCK) | |
+| D9 | PIN_SPI_MISO | 16 (MISO) | |
+| D10 | PIN_SPI_MOSI | 17 (MOSI) | |
E22 -> E22 connections:
-| E22 pin | E22 pin | Notes |
-| :------------ | :---------------------------- | :------------------------------------------------------------------------ |
-| TXEN | DIO2 | These must be physically connected for automatic Tx/Rx switching to work. |
+
+| E22 pin | E22 pin | Notes |
+| :------ | :------ | :------------------------------------------------------------------------ |
+| TXEN | DIO2 | These must be physically connected for automatic Tx/Rx switching to work. |
Note
@@ -148,17 +150,18 @@ The schematic (`xiao-ble-e22-schematic.png`) in the `eagle-project` directory us
Example wiring for "Manual Tx/Rx switching" mode:
MCU -> E22 connections
-| Xiao BLE pin | variant.h definition | E22 pin | Notes |
-| :------------ | :---------------------------- | :-----------------| :--------------------------- |
-| D0 | SX126X_CS | 19 (NSS) | |
-| D1 | SX126X_DIO1 | 13 (DIO1) | |
-| D2 | SX126X_BUSY | 14 (BUSY) | |
-| D3 | SX126X_RESET | 15 (NRST) | |
-| D6 | SX126X_TXEN | 7 (TXEN) | |
-| D7 | SX126X_RXEN | 6 (RXEN) | |
-| D8 | PIN_SPI_SCK | 18 (SCK) | |
-| D9 | PIN_SPI_MISO | 16 (MISO) | |
-| D10 | PIN_SPI_MOSI | 17 (MOSI) | |
+
+| Xiao BLE pin | variant.h definition | E22 pin | Notes |
+| :----------- | :------------------- | :-------- | :---- |
+| D0 | SX126X_CS | 19 (NSS) | |
+| D1 | SX126X_DIO1 | 13 (DIO1) | |
+| D2 | SX126X_BUSY | 14 (BUSY) | |
+| D3 | SX126X_RESET | 15 (NRST) | |
+| D6 | SX126X_TXEN | 7 (TXEN) | |
+| D7 | SX126X_RXEN | 6 (RXEN) | |
+| D8 | PIN_SPI_SCK | 18 (SCK) | |
+| D9 | PIN_SPI_MISO | 16 (MISO) | |
+| D10 | PIN_SPI_MOSI | 17 (MOSI) | |
E22 -> E22 connections: (none)