Openlane CI/CD

There are two primary flows: the pull request flow and the deployment flow.

The deployment flow occurs on a daily basis. The PR flow happens whenever someone creates a new Pull Request. PRs can be created by contributors or by an automated tool updater that runs on a schedule.

A Diagram Of The Flow

  • A maintainer cannot review their own code, but they can merge it after a review by another maintainer.

Required Secrets

Repository secrets are used to protect certain credentials, but also as repository-dependent parameters for the CI.

Common

SecretDescription
MAIN_BRANCHThe main branch for OpenLane. Format: main

CI

SecretDescription
DOCKER_IMAGEThe name of the resulting Docker image (minus the tag). In our case, we use efabless/openlane.
TOOL_DOCKER_IMAGEThe name of the resulting Docker images for tools (minus the tag). In our case, we use efabless/openlane-tools.
DOCKERHUB_USERA username for a user that has push access to the organization that owns DOCKER_IMAGE on Docker Hub. In our case, that's an Efabless Employee with push access.
DOCKERHUB_PASSWORDThe password/token for the given username that has push access to the organization that owns DOCKER_IMAGE on Docker Hub.
LOG_UPLOAD_INFOCurrently unused: Information on a cloud platform to upload buckets to, in the format platform:bucket:encoded_credentials, where platform can be gcp/aws/etc, bucket is the bucket name, and encoded_credentials are simply the relevant credentials encoded in base64. It's a bit convoluted, but it makes it so different CI users can switch the platform out by changing a single secret. Currently, only the Google Cloud Platform is supported. Support for other platforms can be added to upload_log_tarballs.py. If this secret is not specified, the logs will not be uploaded.

Tool Updater

SecretDescription
FORK_NAMEA fork to push branches for tool updates to. Format bot-account/OpenLane
MY_TOKENA token for the bot account that owns the fork.