Copy kernel-related artifacts from Docker build

[romanz]

Note: kernel.bin will not be fingerprinted since it is not supported by firmware-fingerprint.py.

[coderabbitai]

Walkthrough

This pull request includes two modifications to build and deployment configuration. The GitHub Actions workflow adds conditional "if: always()" directives to artifact upload steps, ensuring uploads proceed regardless of prior step outcomes. The build-docker.sh script extends the artifact build loop to include a kernel item, introduces error handling for the fingerprint step to prevent build failures, and adds a directory existence check before copying artifacts.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	❓ Inconclusive	The description is minimal but provides relevant technical context about kernel.bin fingerprinting; however, it lacks structured sections and development metadata required by the template.	Add required template sections including assignment, project setup (Firmware project, Priority, Team, Sprint), and development status to meet repository standards.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title directly matches the main objective of copying kernel-related artifacts from the Docker build, clearly summarizing the primary change.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch romanz/cp-kernel-docker

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[github-actions]

en main(all)

model	device_test	click_test	persistence_test
T2T1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3B1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3T1	test(all) main(all)	test(all) main(all)	test(all) main(all)
T3W1	test(all) main(all)	test(all) main(all)	test(all) main(all)

Latest CI run: 22615906147

[romanz]

Tested by:

• https://github.com/trezor/trezor-firmware/actions/runs/22614393597 (copy kernel)
• https://github.com/trezor/trezor-firmware/actions/runs/22615146057 (upload artifacts)

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@build-docker.sh`:
- Around line 280-287: The loop that runs firmware-fingerprint.py currently
swallows all failures via "|| echo ..." for every item (bootloader, secmon,
kernel, firmware, prodtest); change it so only the unsupported item "kernel"
tolerates a missing/failed fingerprint: in the loop body invoke the fingerprint
command normally for bootloader, secmon, firmware and prodtest (so errors
propagate and fail the script), and only for item == "kernel" append the
fallback "|| echo ..." to avoid failing CI for that one case; locate the loop
over items and the invocation of python/tools/firmware-fingerprint.py to make
this change.

---

ℹ️ Review info

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between cdee99d and fcef2dc.

📒 Files selected for processing (2)

• .github/workflows/common.yml
• build-docker.sh