End-to-end hardware release pipeline for KiCad projects.
Verified, signed, manufacturer-ready release packages for KiCad projects. Generate artifacts, validate release readiness, package evidence, and produce a clear release decision.
Repository Maturity · OpenSSF Evidence · Governance · Roadmap · Support
BoardReadyOps turns a KiCad project into a verified, signed, manufacturer-ready release package. It generates manufacturing artifacts, validates release readiness, packages evidence, and produces a clear release decision — running locally as a CLI and in CI as a GitHub Action, with JSON, SARIF, Markdown, HTML, JUnit, and workflow annotation output.
Generate → Validate → Decide → Package → Attest → Review → Handoff
npm i -g boardreadyopsThe current public npm package is boardreadyops@1.7.2. It is verified on
Node.js 22.14+ and 24, includes the current CLI bundle, schemas, docs, Action
metadata, and matches the public v1.7.2 tag archive.
Binary release assets should be verified against v1.7.2, which publishes the
current Linux, macOS, and Windows binary matrix, SHA256SUMS, and SBOM release
assets. See release channel verification
for the tested artifact list and remaining channel follow-ups.
BoardReadyOps supports Node.js 22.14+ and 24. Node.js 24 is the recommended Active
LTS runtime; Node.js 22.14+ remains supported for Maintenance LTS users. Node.js 26
Current is tracked but not supported in engines.node or CI until it reaches
LTS and dependency validation is added.
KiCad CLI compatibility is CI-tested on KiCad 10.0, with 10.0.4 as the latest verified patch. KiCad 9.0 remains the minimum supported line but is upstream EOL and no longer CI-tested. The machine-readable policy and generated support table live in docs/support-matrix.md.
Linux and macOS release binaries are installed with the checksum-verifying shell
installer when the selected GitHub Release includes the matching binary asset
and SHA256SUMS:
curl -fsSL https://raw.githubusercontent.com/oaslananka/boardreadyops/main/install.sh | shWindows x64 release binaries use the same release asset and checksum flow:
irm https://raw.githubusercontent.com/oaslananka/boardreadyops/main/install.ps1 | iexThe installers download the release asset plus SHA256SUMS before placing
boardreadyops on the local command path. Binary asset availability depends on
the release; check the latest release
for the current asset matrix. A Homebrew
formula template for the same binary assets lives at Formula/boardreadyops.rb;
it is populated with published macOS and Linux checksums from SHA256SUMS.
The installers have been verified against the latest release which includes
the full binary matrix, SHA256SUMS, and SBOM. Tap publication remains a
maintainer follow-up.
BoardReadyOps provides two usage modes:
End-to-end pipeline — use boardreadyops generate to produce Gerbers, drill files, BOMs, CPL/position files, and PDFs via kicad-cli, then boardreadyops release prepare to validate, package evidence, and emit a signed release decision.
Validation-only gate — use KiBot or another generator to produce fabrication outputs, then use BoardReadyOps to validate those outputs exist, match the KiCad project, satisfy vendor/profile expectations, and can support a repeatable release decision.
See Release readiness and KiBot integration for the pipeline split approach, and the roadmap for v2 features.
# Validate existing manufacturing outputs
boardreadyops check .
boardreadyops plan . --format json > build/agent-plan.json
# Generate artifacts and prepare a full release
boardreadyops generate . --profile jlcpcb
boardreadyops release prepare . --profile jlcpcb --output build/release
# Verify a release bundle and create a vendor handoff package
boardreadyops release verify build/release
boardreadyops handoff create build/release --profile jlcpcbnpx boardreadyops --help also works when npm can resolve the package.
name: BoardReadyOps
on:
pull_request:
push:
branches: [main]
jobs:
boardreadyops:
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
security-events: write
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- uses: oaslananka/boardreadyops@005afb83bd04f50a8da33bbffc441818910951f6 # v1.7.2
with:
config: boardreadyops.yml
mode: enforce
fail-on: highSARIF upload requires security-events: write. Pull request comments require pull-requests: write.
Use the full container action when a workflow should carry KiCad CLI inside the BoardReadyOps runtime instead of installing KiCad separately:
- uses: oaslananka/boardreadyops/apps/container@005afb83bd04f50a8da33bbffc441818910951f6 # v1.7.2
with:
config: boardreadyops.yml
require-kicad: "true"
mode: enforceThe same image can run as a CLI:
docker run --rm ghcr.io/oaslananka/boardreadyops-full:v1 --helpThe v1 and latest container tags resolve to the most recent release
image. Check the release channel verification
for the current digest and manifest list.
boardreadyops run --json build/findings.json --sarif build/findings.sarif.json .
boardreadyops check .
boardreadyops check manufacturing.jobset-outputs .
boardreadyops plan . --format json
boardreadyops doctor
boardreadyops schema configboardreadyops plan is the machine-readable workflow for coding and hardware agents. It emits JSON actions with finding evidence, fix steps, safe-auto-fix flags, and verification commands so agents can repair KiCad, BOM, pinmap, manufacturing-output, or release metadata issues without scraping human reports. See Agent Planning Output.
The npm package exposes the boardreadyops binary from the committed CLI bundle in dist/cli/index.cjs.
Create boardreadyops.yml:
version: 1
mode: warn
projects:
- path: .
pinmap: firmware/pins.yml
bom: bom/board.csv
variants:
- name: production
bom: bom/prod.csv
rules:
bom.missing-mpn:
enabled: true
severity: high
ignore-refs: ["TP*", "FID*"]
bom.variant-consistency:
enabled: true
manufacturing.jobset-outputs:
enabled: true
manufacturing.outputs-present:
enabled: true
required: [gerber, drill, position, pdf]
fail-on: high
report:
sarif: build/boardreadyops.sarif.json
json: build/boardreadyops.findings.json
markdown: build/boardreadyops.report.md
html: build/boardreadyops.report.htmlThe config schema is committed at schemas/config.schema.json.
- KiCad DRC and ERC report normalization.
- BOM completeness, lifecycle, DNP consistency, variant consistency, and footprint mismatch checks.
- Pinmap format, collision, unmapped pin, and net label checks.
- Manufacturing output, drill coverage, fab note, panel sanity, layer stackup, and jobset checks.
- Design outline and copper balance checks.
- Release revision, version format, tag, and changelog checks.
corepack pnpm install --frozen-lockfile
corepack pnpm run lint
corepack pnpm run typecheck
corepack pnpm run test
corepack pnpm run build
corepack pnpm run verify:dist
corepack pnpm run docsThe repository intentionally versions dist/action/index.cjs and dist/cli/index.cjs so the GitHub Action and npm package can run without a consumer build step.
BoardReadyOps is evolving from a validation gate into a full hardware release OS. See docs/ROADMAP.md for the milestone plan and issue #260 for the tracking issue.
- Repository: https://github.com/oaslananka/boardreadyops
- Issues: https://github.com/oaslananka/boardreadyops/issues
- Roadmap: https://github.com/oaslananka/boardreadyops/issues/260
- Security advisories: https://github.com/oaslananka/boardreadyops/security/advisories/new
MIT. Third-party notices are generated in NOTICE. The full container image
redistributes KiCad under GPL terms and preserves the KiCad license text inside
the image.