diff --git a/.github/workflows/check_version.yml b/.github/workflows/check_version.yml index d5430284..79921239 100644 --- a/.github/workflows/check_version.yml +++ b/.github/workflows/check_version.yml @@ -6,10 +6,11 @@ on: branches: - main - develop + - master # for safety reasons jobs: configure: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} outputs: uid_gid: ${{ steps.get-user.outputs.uid_gid }} steps: @@ -18,15 +19,17 @@ jobs: get_version: needs: configure - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} container: image: zondax/ledger-app-builder:latest options: --user ${{ needs.configure.outputs.uid_gid }} + env: + SDK_VARNAME: NANOSP_SDK outputs: version: ${{ steps.store-version.outputs.version }} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: make version @@ -35,7 +38,7 @@ jobs: check_app_version: needs: get_version - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - id: checkTag uses: mukunku/tag-exists-action@v1.0.0 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c9fd3208..982f4cfc 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -7,20 +7,23 @@ on: branches: - main - develop + - master # for safety reasons + - dev # for safety reasons jobs: analyse: name: Analyse + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} + if: github.event.repository.private == false strategy: matrix: - sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK"] - runs-on: ubuntu-latest + sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"] container: image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest steps: - name: Clone - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: recursive diff --git a/.github/workflows/guidelines_enforcer.yml b/.github/workflows/guidelines_enforcer.yml index fdaf9f27..5b6fb339 100644 --- a/.github/workflows/guidelines_enforcer.yml +++ b/.github/workflows/guidelines_enforcer.yml @@ -12,12 +12,14 @@ on: workflow_dispatch: push: branches: - - master - main - develop + - master # for safety reasons + - dev # for safety reasons pull_request: jobs: guidelines_enforcer: + if: github.event.repository.private == false name: Call Ledger guidelines_enforcer uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1 diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 628fb876..11989fa4 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,10 +6,12 @@ on: branches: - main - develop + - master # for safety reasons + - dev # for safety reasons jobs: configure: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} outputs: uid_gid: ${{ steps.get-user.outputs.uid_gid }} steps: @@ -17,20 +19,37 @@ jobs: run: echo "uid_gid=$(id -u):$(id -g)" >> $GITHUB_OUTPUT build: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y curl protobuf-compiler build-essential git wget unzip python3 python3-pip \ + libssl-dev libffi-dev libreadline-dev zlib1g-dev libbz2-dev libsqlite3-dev libncurses5-dev \ + libgdbm-dev libnss3-dev liblzma-dev libxml2-dev libxmlsec1-dev libffi-dev libyaml-dev - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true + - name: Install CMake 3.28 + run: | + wget https://github.com/Kitware/CMake/releases/download/v3.28.0/cmake-3.28.0-linux-x86_64.sh + sudo mkdir /opt/cmake + sudo sh cmake-3.28.0-linux-x86_64.sh --skip-license --prefix=/opt/cmake + sudo ln -sf /opt/cmake/bin/cmake /usr/local/bin/cmake + sudo ln -sf /opt/cmake/bin/ctest /usr/local/bin/ctest + - name: Verify CMake version + run: cmake --version - name: Install deps run: | sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10 make deps + - name: Run CMake + run: mkdir -p build && cd build && cmake -DCMAKE_BUILD_TYPE=Debug .. && make - run: make cpp_test build_only_rust: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Checkout uses: actions/checkout@v2 @@ -49,18 +68,14 @@ jobs: cd ./app/rust cargo clippy --version cargo clippy --all-features --all-targets || true - # - name: audit - # run: | - # cd ./app/rust - # cargo audit --version - # cargo audit - name: run tests run: | cd ./app/rust cargo test + build_ledger: needs: configure - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} container: image: zondax/ledger-app-builder:latest options: --user ${{ needs.configure.outputs.uid_gid }} @@ -70,7 +85,7 @@ jobs: size: ${{steps.build.outputs.size}} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - name: Build Standard app @@ -82,7 +97,7 @@ jobs: size_nano_s: needs: build_ledger - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} env: NANOS_LIMIT_SIZE: 136 steps: @@ -92,7 +107,7 @@ jobs: build_ledger_val: needs: configure - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} container: image: zondax/ledger-app-builder:latest options: --user ${{ needs.configure.outputs.uid_gid }} @@ -102,7 +117,7 @@ jobs: size: ${{steps.build.outputs.size}} steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - name: Build Standard app @@ -110,8 +125,9 @@ jobs: shell: bash -l {0} run: | COIN=oasis_validator make + test_zemu: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Test run: | @@ -119,7 +135,7 @@ jobs: echo $HOME echo $DISPLAY - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev @@ -135,8 +151,15 @@ jobs: - name: Build and run zemu tests run: | make test_all + - name: Upload Snapshots (only failure) + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: snapshots-tmp + path: tests_zemu/snapshots-tmp/ + test_zemu_adr0008-0: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Test run: | @@ -144,7 +167,7 @@ jobs: echo $HOME echo $DISPLAY - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev @@ -161,8 +184,15 @@ jobs: run: | make test_prepare COIN=adr0008-0 make zemu_test + - name: Upload Snapshots (only failure) + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: snapshots-tmp + path: tests_zemu/snapshots-tmp/ + test_zemu_adr0008-0-oasis: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Test run: | @@ -170,7 +200,7 @@ jobs: echo $HOME echo $DISPLAY - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev @@ -187,8 +217,15 @@ jobs: run: | make test_prepare COIN=adr0008-0-oasis make zemu_test + - name: Upload Snapshots (only failure) + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: snapshots-tmp + path: tests_zemu/snapshots-tmp/ + test_zemu_adr0008-5: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Test run: | @@ -196,7 +233,7 @@ jobs: echo $HOME echo $DISPLAY - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev @@ -213,8 +250,15 @@ jobs: run: | make test_prepare COIN=adr0008-5 make zemu_test + - name: Upload Snapshots (only failure) + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: snapshots-tmp + path: tests_zemu/snapshots-tmp/ + test_zemu_adr0014: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Test run: | @@ -222,7 +266,7 @@ jobs: echo $HOME echo $DISPLAY - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev @@ -239,8 +283,15 @@ jobs: run: | make test_prepare COIN=adr0014 make zemu_test + - name: Upload Snapshots (only failure) + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: snapshots-tmp + path: tests_zemu/snapshots-tmp/ + test_zemu_eth: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Test run: | @@ -248,7 +299,7 @@ jobs: echo $HOME echo $DISPLAY - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev @@ -265,8 +316,15 @@ jobs: run: | make test_prepare COIN=eth make zemu_test + - name: Upload Snapshots (only failure) + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: snapshots-tmp + path: tests_zemu/snapshots-tmp/ + test_zemu_val: - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} steps: - name: Test run: | @@ -274,7 +332,7 @@ jobs: echo $HOME echo $DISPLAY - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev @@ -292,11 +350,17 @@ jobs: make build_val make zemu_install COIN=val make zemu_test + - name: Upload Snapshots (only failure) + if: ${{ failure() }} + uses: actions/upload-artifact@v3 + with: + name: snapshots-tmp + path: tests_zemu/snapshots-tmp/ build_package_nanos: needs: [configure, build, build_ledger, test_zemu] if: ${{ github.ref == 'refs/heads/main' }} - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} container: image: zondax/ledger-app-builder:latest options: --user ${{ needs.configure.outputs.uid_gid }} @@ -304,7 +368,7 @@ jobs: BOLOS_SDK: /opt/nanos-secure-sdk steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - name: Install deps @@ -313,7 +377,7 @@ jobs: - name: Build NanoS shell: bash -l {0} run: | - make + PRODUCTION_BUILD=0 make mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh - name: Set tag @@ -334,7 +398,7 @@ jobs: build_package_nanos_plus: needs: [configure, build, build_ledger, test_zemu] if: ${{ github.ref == 'refs/heads/main' }} - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} container: image: zondax/ledger-app-builder:latest options: --user ${{ needs.configure.outputs.uid_gid }} @@ -342,7 +406,7 @@ jobs: BOLOS_SDK: /opt/nanosplus-secure-sdk steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - name: Install deps @@ -351,7 +415,7 @@ jobs: - name: Build NanoSP shell: bash -l {0} run: | - make + PRODUCTION_BUILD=0 make mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh - name: Set tag @@ -369,10 +433,80 @@ jobs: draft: false prerelease: false + build_package_stax: + needs: [configure, build, build_ledger, test_zemu] + if: ${{ github.ref == 'refs/heads/main' }} + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} + container: + image: zondax/ledger-app-builder:latest + options: --user ${{ needs.configure.outputs.uid_gid }} + env: + BOLOS_SDK: /opt/stax-secure-sdk + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: true + - name: Install deps + run: pip install ledgerblue + + - name: Build Stax + shell: bash -l {0} + run: PRODUCTION_BUILD=0 make + - name: Set tag + id: stax + run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT + - name: Update Release + id: update_release_2 + uses: softprops/action-gh-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + files: | + ./app/pkg/installer_stax.sh + tag_name: ${{ steps.stax.outputs.tag_name }} + draft: false + prerelease: false + + + build_package_flex: + needs: [configure, build, build_ledger, test_zemu] + if: ${{ github.ref == 'refs/heads/main' }} + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} + container: + image: zondax/ledger-app-builder:latest + options: --user ${{ needs.configure.outputs.uid_gid }} + env: + BOLOS_SDK: /opt/flex-secure-sdk + steps: + - name: Checkout + uses: actions/checkout@v4 + with: + submodules: true + - name: Install deps + run: pip install ledgerblue + + - name: Build Flex + shell: bash -l {0} + run: PRODUCTION_BUILD=0 make + - name: Set tag + id: flex + run: echo "tag_name=$(./app/pkg/installer_flex.sh version)" >> $GITHUB_OUTPUT + - name: Update Release + id: update_release_2 + uses: softprops/action-gh-release@v1 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token + with: + files: ./app/pkg/installer_flex.sh + tag_name: ${{ steps.flex.outputs.tag_name }} + draft: false + prerelease: false + build_package_validator: needs: [configure, build, build_ledger_val, test_zemu_val] if: ${{ github.ref == 'refs/heads/main' }} - runs-on: ubuntu-latest + runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} container: image: zondax/ledger-app-builder:latest options: --user ${{ needs.configure.outputs.uid_gid }} @@ -380,7 +514,7 @@ jobs: BOLOS_SDK: /opt/nanos-secure-sdk steps: - name: Checkout - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: submodules: true - name: Install deps @@ -389,7 +523,7 @@ jobs: - name: Build NanoS validator shell: bash -l {0} run: | - COIN=oasis_validator make + PRODUCTION_BUILD=0 COIN=oasis_validator make mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos_validator.sh - name: Set tag