Initial version of the action

[peterdragun]

Description

The first commit includes setup for pre-commit hooks that are used in this repository. There is a simple Python script for resolving additional data for PyInstaller (e.g., flasher stub files for esptool). I have used pyproject.toml for configuration of these hooks, as this is supported for all of them by default. Please let me know if you find this confusing (as this is not a Python project), and I can change it to some other name and pass the config path to all tools.

The second commit contains the action itself with a documentation explaining how to use it. I tried to make this as customizable as possible while making it as easy as possible to use. Any ideas are welcome!

Notable changes compared to the original action

• Linux aarch64 is now using runners provided by GitHub, which makes this much faster and easier. (armv7 is still using a custom action that uses Docker, which takes up to 15 minutes)
• Some ARMv7 system dependencies were removed and replaced with customizable field (e.g. cryptography dependencies)
• Customizable versions of Python, PyInstaller, etc.
• Actions updated to the latest version

Pyinstaller version

TDLR: 6.11.1 was picked as the best version (esptool is currently using this version as well) - released on Nov 10, 2024

I have tested a couple of Pyinstaller versions for false positives with antivirus software. I have picked 3 arch and os combinations which are IMO the most used ones. Here are the results if you are interested:

• latest (6.14.1): 0-2 reports linux-amd64, windows, macOS-arm64
• 6.13.0: 0-3 reports linux-amd64, windows, macOS-arm64
• 6.11.1: 0-1 reports linux-amd64, windows, macOS-arm64

The results are quite close, and it seems like this is not that big issue as it used to be. Even though the latest version was released 3 weeks ago, it performs quite well.

Related

• Internal tracker: IDF-12597

Testing

• Esptool test in my fork: https://github.com/peterdragun/esptool/actions/runs/16442772877
• IDF Monitor test: https://github.com/peterdragun/esp-idf-monitor/actions/runs/16415248906

---

[peterdragun]

@dobairoland Can you please enable this project in https://pre-commit.ci , seems like I am missing permissions to do that.

[dobairoland]

@peterdragun It should be enabled now.

[dobairoland]

@peterdragun Nice work, thank you!

[dobairoland]

Why just "arm-packages"? Could this be additional-packages?

[peterdragun]

The reasoning here is that you have control over setup in any other environment, so you can do the installation of required system packages before you call this action. This is not the case for ARMv7, as this runs in a Docker container, which is created and destroyed in this action. I wanted to explain this in the README, but it looks like I forgot - I will make this clearer, thanks.

[dobairoland]

Maybe use packager version instead? Switching to another packager will mean a breaking change.

Also what about making the previous one additional--packager-args?

[peterdragun]

I would prefer keeping this as is. I would say that changing to a different packager (like nuitka) would mean breaking change either way, as versions are not the same (e.g. nuitka's latest version is 2.7.0). The only case where this would not break anything would be "latest" (or default) version. I also like that the name is more descriptive.

[radimkarnis]

Left only minor suggestions, otherwise, very nice work! Thanks.
For future expansion I can think of:

1. A step to sign binaries on Windows and possibly macOS
2. A step to automatically check the binaries with Virustotal (they apparently have some kind of an API)

[peterdragun]

I have also included the signing of binaries from esptool. As this was quite easy to add. I agree that it would be nice to also include signing for macOS and antivirus checks in the future.

Thank you for the reviews!

[Copilot]

Pull Request Overview

Adds the initial implementation of a GitHub Action to build Python applications into standalone executables, along with pre-commit hooks, utilities, and documentation.

• Introduced static analysis and formatting via pyproject.toml and updated pre-commit hooks.
• Added process_include_dirs.py for generating --add-data flags from JSON input.
• Defined the composite action (action.yml), signing script (Sign-File.ps1), usage docs (README.md), and CI workflows.

Reviewed Changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
pyproject.toml	Configures mypy, ruff, and yamlfix for code quality
process_include_dirs.py	Implements JSON parsing and wildcard support to generate PyInstaller data-dir flags
action.yml	Composite GitHub Action for multi-architecture builds, including ARMv7 and non-ARMv7 flows
Sign-File.ps1	PowerShell script to locate signtool.exe and sign Windows executables
README.md	Usage documentation and examples for the new action
.pre-commit-config.yaml	Updated and extended pre-commit hook definitions
.github/workflows/new_prs.yml	Adjusted cron schedule syntax for PR-to-Jira synchronization
.github/workflows/dangerjs.yml	Added DangerJS job for pull request linting

Comments suppressed due to low confidence (3)

action.yml:173

• [nitpick] The include-data-dirs processing logic is duplicated in both ARMv7 and non-ARMv7 build steps; consider extracting it into a reusable script or composite step to reduce duplication.

            echo "Processing include-data-dirs for $file..."

process_include_dirs.py:20

• [nitpick] There are no unit tests for process_include_dirs; adding tests for list, dict, wildcard, and error cases would ensure flags are generated correctly.

def process_include_dirs(include_dirs_json: str, data_separator: str, target_script: str) -> str:

process_include_dirs.py:3

• [nitpick] The module docstring could include a brief usage example mirroring the main epilog to help maintainers understand expected JSON formats.

Process include-data-dirs JSON and generate PyInstaller arguments

[peterdragun]

@dobairoland @hfudev @tomassebestik PTAL

[peterdragun]

In regard to espressif/esptool#1100 I have changed the build process for all Linux runners to use Ubuntu 20.04 as a base image, and now we are building these targets in a Docker image. This change was required because GitHub does not offer the 20.04 image anymore. Build takes slightly longer, but there is just a small difference. Armv7 builds still take even longer as we are emulating them. I have considered using manylinux image as well, but I don't think this will bring much benefit, as images for manylinux are much bigger. It is using an older version of GLIBC, but we didn't have any issues with the version from 20.04 either.

I have also made some other improvements, so we don't repeat the code as much for different platforms. I have tried to keep all of these changes in a separate commit.

As this was quite a big change compared to my previous approach, PTAL once again @radimkarnis @dobairoland

[dobairoland]

LGTM in general. I left only a couple of suggestions. Thank you!

[tomassebestik]

CI part looks great, didn't check the Python much (but can see that others already did) ...

(I suggest not hesitating too much to merge this PR — PreCommit-CI is creating auto-PRs with content that is already done here :) )

[dobairoland]

@peterdragun Please review all the files automatically generated for this repo. For example, JIRA_COMPONENT needs to be updated. Because of the default value, the PR opened in this repo ended up assigned to Tomas. You can create a separate PR in order to be able to merge it quickly. Also, if pre-commit opens another PR then we could merge it. It won't cause trouble for your PR (merge conflict in the worst case).

[peterdragun]

Thank you for the reviews. I have updated the code according to your comments. I have also fixed the component in the Jira workflows, so now we are using the tools label, so tasks should be assigned to our team.

PTAL @dobairoland

[dobairoland]

@peterdragun Thank you for the improvements. LGTM

[peterdragun]

@dobairoland thank you for the review. I have addressed your comments, and I believe this is now ready to merge. Thank you!