Merge pull request #20 from LedgerHQ/develop

Align master with P1

.github/PULL_REQUEST_TEMPLATE.md

@@ -0,0 +1,8 @@
+# Checklist
+<!-- Put an `x` in each box when you have completed the items. -->
+- [ ] App update process has been followed <!-- See comment below -->
+- [ ] Target branch is `develop` <!-- unless you have a very good reason -->
+- [ ] Application version has been bumped <!-- required if your changes are to be deployed -->
+
+<!-- Make sure you followed the process described in https://developers.ledger.com/docs/embedded-app/maintenance/ before opening your Pull Request.
+Don't hesitate to contact us directly on Discord if you have any questions ! https://developers.ledger.com/discord -->

.github/workflows/check_version.yml

@@ -6,6 +6,8 @@ on:
     branches:
       - main
       - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
 
 jobs:
   configure:
@@ -26,7 +28,7 @@ jobs:
       version: ${{ steps.store-version.outputs.version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: make version

.github/workflows/codeql.yml

@@ -7,6 +7,8 @@ on:
     branches:
       - main
       - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
 
 jobs:
   analyse:

.github/workflows/guidelines_enforcer.yml

@@ -12,14 +12,13 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - master
       - main
       - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
   pull_request:
 
 jobs:
   guidelines_enforcer:
     name: Call Ledger guidelines_enforcer
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
-    with:
-      relative_app_directory: app

.github/workflows/main.yml

@@ -6,6 +6,8 @@ on:
     branches:
       - main
       - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
 
 jobs:
   configure:
@@ -20,7 +22,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -33,7 +35,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install rust
@@ -67,7 +69,7 @@ jobs:
       size: ${{steps.build.outputs.size}}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Build Standard app
@@ -100,7 +102,7 @@ jobs:
           echo $HOME
           echo $DISPLAY
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
@@ -109,13 +111,19 @@ jobs:
         with:
           toolchain: stable
       - name: Install node
-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4
       - name: Install yarn
         run: |
           npm install -g yarn
       - name: Build and run zemu tests
         run: |
           make test_all
+      - name: Upload Snapshots (only failure)
+        if: ${{ failure() }}
+        uses: actions/upload-artifact@v3
+        with:
+          name: snapshots-tmp
+          path: tests_zemu/snapshots-tmp/
 
   build_package_nanos:
     needs: [configure, build, build_ledger, test_zemu]
@@ -128,7 +136,7 @@ jobs:
         BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -137,7 +145,7 @@ jobs:
       - name: Build NanoS
         shell: bash -l {0}
         run: |
-          make SUBSTRATE_PARSER_FULL=0
+          make SUBSTRATE_PARSER_FULL=0 PRODUCTION_BUILD=0
           mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh
       - name: Set tag
         id: nanos_light
@@ -164,7 +172,7 @@ jobs:
         BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -173,7 +181,7 @@ jobs:
       - name: Build NanoS XL
         shell: bash -l {0}
         run: |
-          make SUBSTRATE_PARSER_FULL=1
+          make SUBSTRATE_PARSER_FULL=1 PRODUCTION_BUILD=0
           mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos_xl.sh
       - name: Set tag
         id: nanos_xl
@@ -200,7 +208,7 @@ jobs:
         BOLOS_SDK: /opt/nanosplus-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -209,7 +217,7 @@ jobs:
       - name: Build NanoSP
         shell: bash -l {0}
         run: |
-          make SUBSTRATE_PARSER_FULL=1
+          make SUBSTRATE_PARSER_FULL=1 PRODUCTION_BUILD=0
           mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh
       - name: Set tag
         id: nanosp
@@ -236,15 +244,15 @@ jobs:
         BOLOS_SDK: /opt/stax-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
         run: pip install ledgerblue
 
       - name: Build Stax
         shell: bash -l {0}
-        run: make SUBSTRATE_PARSER_FULL=1
+        run: make SUBSTRATE_PARSER_FULL=1 PRODUCTION_BUILD=0
       - name: Set tag
         id: stax
         run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
@@ -258,3 +266,37 @@ jobs:
           tag_name: ${{ steps.stax.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  build_package_flex:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/flex-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Flex
+        shell: bash -l {0}
+        run: make SUBSTRATE_PARSER_FULL=1 PRODUCTION_BUILD=0
+      - name: Set tag
+        id: flex
+        run: echo "tag_name=$(./app/pkg/installer_flex.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: ./app/pkg/installer_flex.sh
+          tag_name: ${{ steps.flex.outputs.tag_name }}
+          draft: false
+          prerelease: false

.gitmodules

@@ -1,21 +1,18 @@
-[submodule "deps/nanos-secure-sdk"]
-	path = deps/nanos-secure-sdk
-	url = https://github.com/LedgerHQ/nanos-secure-sdk.git
 [submodule "deps/BLAKE2"]
 	path = deps/BLAKE2
 	url = https://github.com/BLAKE2/BLAKE2
-[submodule "cmake/cmake-modules"]
-	path = cmake/cmake-modules
-	url = https://github.com/bilke/cmake-modules.git
-[submodule "deps/nanox-secure-sdk"]
-	path = deps/nanox-secure-sdk
+[submodule "deps/ledger-zxlib"]
+	path = deps/ledger-zxlib
+	url = https://github.com/zondax/ledger-zxlib
+[submodule "deps/nanos-secure-sdk"]
+	path = deps/nanos-secure-sdk
 	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
 [submodule "deps/nanosplus-secure-sdk"]
 	path = deps/nanosplus-secure-sdk
 	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
-[submodule "deps/ledger-zxlib"]
-	path = deps/ledger-zxlib
-	url = https://github.com/zondax/ledger-zxlib
+[submodule "deps/nanox-secure-sdk"]
+	path = deps/nanox-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
 [submodule "deps/stax-secure-sdk"]
 	path = deps/stax-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git

CMakeLists.txt

@@ -13,12 +13,31 @@
 #*  See the License for the specific language governing permissions and
 #*  limitations under the License.
 #********************************************************************************
-cmake_minimum_required(VERSION 3.0)
+cmake_minimum_required(VERSION 3.28)
+include("cmake/HunterGate.cmake")
+HunterGate(
+    URL "https://github.com/cpp-pm/hunter/archive/v0.25.5.tar.gz"
+    SHA1 "a20151e4c0740ee7d0f9994476856d813cdead29"
+    LOCAL
+)
+
+if(CMAKE_GENERATOR MATCHES "Ninja")
+        message(FATAL_ERROR "This project does not support the Ninja generator. "
+                            "Please use Unix Makefiles or another supported generator. "
+                            "This error is typical in CLion. In this case, switch to generator Unix Makefiles.")
+endif()
+
+########################################################
 project(ledger-polymesh VERSION 0.0.0)
-enable_testing()
 
+set(CMAKE_CXX_STANDARD 17)
 cmake_policy(SET CMP0025 NEW)
-set(CMAKE_CXX_STANDARD 11)
+cmake_policy(SET CMP0144 NEW)
+
+set(HUNTER_STATUS_DEBUG ON)
+set(HUNTER_TLS_VERIFY ON)
+
+enable_testing()
 
 option(ENABLE_FUZZING "Build with fuzzing instrumentation and build fuzz targets" OFF)
 option(ENABLE_COVERAGE "Build with source code coverage instrumentation" OFF)
@@ -28,14 +47,27 @@ string(APPEND CMAKE_C_FLAGS " -fno-omit-frame-pointer -g")
 string(APPEND CMAKE_CXX_FLAGS " -fno-omit-frame-pointer -g")
 string(APPEND CMAKE_LINKER_FLAGS " -fno-omit-frame-pointer -g")
 
-add_definitions(-DAPP_STANDARD)
+hunter_add_package(fmt)
+find_package(fmt CONFIG REQUIRED)
+
+hunter_add_package(jsoncpp)
+find_package(jsoncpp CONFIG REQUIRED)
+
+hunter_add_package(GTest)
+find_package(GTest CONFIG REQUIRED)
+
 add_definitions(-DSUBSTRATE_PARSER_FULL)
 
 if(ENABLE_FUZZING)
     add_definitions(-DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION=1)
     SET(ENABLE_SANITIZERS ON CACHE BOOL "Sanitizer automatically enabled" FORCE)
     SET(CMAKE_BUILD_TYPE Debug)
 
+    add_definitions(-DENABLE_COVERAGE=1)
+    string(APPEND CMAKE_C_FLAGS " -fprofile-arcs -ftest-coverage")
+    string(APPEND CMAKE_CXX_FLAGS " -fprofile-arcs -ftest-coverage")
+    string(APPEND CMAKE_LINKER_FLAGS " -fprofile-arcs -ftest-coverage")
+
     if (DEFINED ENV{FUZZ_LOGGING})
         add_definitions(-DFUZZING_LOGGING)
         message(FATAL_ERROR "Fuzz logging enabled")
@@ -72,9 +104,6 @@ if(ENABLE_SANITIZERS)
     string(APPEND CMAKE_LINKER_FLAGS " -fsanitize=address,undefined -fsanitize-recover=address,undefined")
 endif()
 
-include(cmake/conan/CMakeLists.txt)
-add_subdirectory(cmake/gtest)
-
 set (RETRIEVE_MAJOR_CMD
         "cat ${CMAKE_CURRENT_SOURCE_DIR}/app/Makefile.version | grep APPVERSION_M | cut -b 14- | tr -d '\n'"
 )
@@ -148,13 +177,13 @@ target_include_directories(unittests PRIVATE
         )
 
 target_link_libraries(unittests PRIVATE
-        gtest_main
         app_lib
-        CONAN_PKG::fmt
-        CONAN_PKG::jsoncpp)
+        GTest::gtest_main
+        fmt::fmt
+        JsonCpp::JsonCpp)
 
 add_compile_definitions(TESTVECTORS_DIR="${CMAKE_CURRENT_SOURCE_DIR}/tests/")
-add_test(unittests ${CMAKE_RUNTIME_OUTPUT_DIRECTORY}/unittests)
+add_test(NAME unittests COMMAND unittests)
 set_tests_properties(unittests PROPERTIES WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/tests)
 
 ##############################################################

Makefile

@@ -27,6 +27,7 @@ ifeq ($(BOLOS_SDK),)
 
 ZXLIB_COMPILE_STAX ?= 1
 SUBSTRATE_PARSER_FULL ?= 1
+PRODUCTION_BUILD ?= 1
 include $(CURDIR)/deps/ledger-zxlib/dockerized_build.mk
 
 else
@@ -48,5 +49,6 @@ zemu_install: tests_tools_build
 test_all:
 	make zemu_install
 	SUBSTRATE_PARSER_FULL=1 make
+	make clean_build
 	SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 make buildS
 	make zemu_test