Skip to content

Commit

Permalink
update ci
Browse files Browse the repository at this point in the history
  • Loading branch information
carlosala committed Aug 30, 2023
1 parent c4c4840 commit 2d77c3a
Show file tree
Hide file tree
Showing 5 changed files with 127 additions and 129 deletions.
13 changes: 2 additions & 11 deletions .github/workflows/check_version.yml
Original file line number Diff line number Diff line change
Expand Up @@ -20,25 +20,16 @@ jobs:
needs: configure
runs-on: ubuntu-latest
container:
image: zondax/builder-bolos:latest
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_ENV: /opt/bolos
HOME: /home/zondax_circle
outputs:
version: ${{ steps.store-version.outputs.version }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true

- name: Invoke `version`
shell: bash -l {0}
env:
BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
run: make version

- run: make version
- id: store-version
run: echo "version=$(cat ./app/app.version)" >> $GITHUB_OUTPUT

Expand Down
37 changes: 37 additions & 0 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,37 @@
name: "CodeQL"

on:
workflow_dispatch:
push:
pull_request:
branches:
- main
- develop

jobs:
analyse:
name: Analyse
strategy:
matrix:
sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK"]
runs-on: ubuntu-latest
container:
image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest

steps:
- name: Clone
uses: actions/checkout@v3
with:
submodules: recursive

- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: cpp
queries: security-and-quality

- name: Build
run: |
make -j BOLOS_SDK=${{ matrix.sdk }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
25 changes: 25 additions & 0 deletions .github/workflows/guidelines_enforcer.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
name: Ensure compliance with Ledger guidelines

# This workflow is mandatory in all applications
# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
# application store.
#
# More information on the guidelines can be found in the repository:
# LedgerHQ/ledger-app-workflows/

on:
workflow_dispatch:
push:
branches:
- master
- main
- develop
pull_request:

jobs:
guidelines_enforcer:
name: Call Ledger guidelines_enforcer
uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
with:
relative_app_directory: app
37 changes: 0 additions & 37 deletions .github/workflows/ledger.yml

This file was deleted.

144 changes: 63 additions & 81 deletions .github/workflows/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -27,8 +27,7 @@ jobs:
run: |
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10
make deps
- run: cmake -DCMAKE_BUILD_TYPE=Debug . && make
- run: GTEST_COLOR=1 ASAN_OPTIONS=detect_leaks=0 ctest -VV
- run: make cpp_test

build_only_rust:
runs-on: ubuntu-latest
Expand All @@ -37,9 +36,10 @@ jobs:
uses: actions/checkout@v3
with:
submodules: true
- name: Install deps
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: rustfmt
run: |
cd ./app/rust
Expand All @@ -59,12 +59,10 @@ jobs:
needs: configure
runs-on: ubuntu-latest
container:
image: zondax/builder-bolos:latest
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
BOLOS_ENV: /opt/bolos
HOME: /home/zondax_circle
env:
BOLOS_SDK: /opt/nanos-secure-sdk
outputs:
size: ${{steps.build.outputs.size}}
steps:
Expand All @@ -76,14 +74,12 @@ jobs:
id: build
shell: bash -l {0}
run: |
source $HOME/.cargo/env
SUBSTRATE_PARSER_FULL=1 make
echo "size=$(python3 deps/ledger-zxlib/scripts/getSize.py s)" >> $GITHUB_OUTPUT
- name: Build SR25519 app
shell: bash -l {0}
run: |
source $HOME/.cargo/env
SUPPORT_SR25519=1 make
SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 make
size_nano_s:
needs: build_ledger
Expand All @@ -109,68 +105,27 @@ jobs:
submodules: true
- run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
- name: Install rust
run: |
sudo apt-get update
sudo apt-get install -y cmake binutils-dev libcurl4-openssl-dev libiberty-dev libelf-dev libdw-dev
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y;
- name: Install node
uses: actions/setup-node@v3
- name: Install yarn
run: |
npm install -g yarn
- name: Build Ledger app
run: |
make SUBSTRATE_PARSER_FULL=1
- name: Build/Install build js deps
run: |
export PATH=~/.cargo/bin:$PATH
make zemu_install
- name: Run zemu tests
run: |
export PATH=~/.cargo/bin:$PATH
make zemu_test
test_zemu_sr25519:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions-rs/toolchain@v1
with:
submodules: true
- run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
- name: Install rust
run: |
sudo apt-get update
sudo apt-get install -y cmake binutils-dev libcurl4-openssl-dev libiberty-dev libelf-dev libdw-dev
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y;
toolchain: stable
- name: Install node
uses: actions/setup-node@v3
- name: Install yarn
run: |
npm install -g yarn
- name: Build Ledger app
- name: Build and run zemu tests
run: |
make clean_build && SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 make buildS
- name: Build/Install build js deps
run: |
export PATH=~/.cargo/bin:$PATH
make zemu_install
- name: Run zemu tests for sr25519
run: |
export PATH=~/.cargo/bin:$PATH
cd tests_zemu && yarn testSR25519
make test_all
build_package_0:
needs: [configure, build, build_ledger, test_zemu, test_zemu_sr25519]
build_package_nanos:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
container:
image: zondax/builder-bolos:latest
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
BOLOS_ENV: /opt/bolos
HOME: /home/zondax_circle
env:
BOLOS_SDK: /opt/nanos-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -182,7 +137,6 @@ jobs:
- name: Build NanoS
shell: bash -l {0}
run: |
source $HOME/.cargo/env
make SUBSTRATE_PARSER_FULL=0
mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh
- name: Set tag
Expand All @@ -199,17 +153,15 @@ jobs:
draft: false
prerelease: false

build_package_1:
needs: [configure, build, build_ledger, test_zemu, test_zemu_sr25519]
build_package_nanos_xl:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
container:
image: zondax/builder-bolos:latest
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
BOLOS_ENV: /opt/bolos
HOME: /home/zondax_circle
env:
BOLOS_SDK: /opt/nanos-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -221,8 +173,7 @@ jobs:
- name: Build NanoS XL
shell: bash -l {0}
run: |
source $HOME/.cargo/env
make SUBSTRATE_PARSER_FULL=1 DISABLE_PREVIOUS=1
make SUBSTRATE_PARSER_FULL=1
mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos_xl.sh
- name: Set tag
id: nanos_xl
Expand All @@ -238,17 +189,15 @@ jobs:
draft: false
prerelease: false

build_package_2:
needs: [configure, build, build_ledger, test_zemu, test_zemu_sr25519]
build_package_nanosp:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
container:
image: zondax/builder-bolos:latest
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: ${{ github.workspace }}/deps/nanosplus-secure-sdk
BOLOS_ENV: /opt/bolos
HOME: /home/zondax_circle
env:
BOLOS_SDK: /opt/nanosplus-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v3
Expand All @@ -260,7 +209,6 @@ jobs:
- name: Build NanoSP
shell: bash -l {0}
run: |
source $HOME/.cargo/env
make SUBSTRATE_PARSER_FULL=1
mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh
- name: Set tag
Expand All @@ -276,3 +224,37 @@ jobs:
tag_name: ${{ steps.nanosp.outputs.tag_name }}
draft: false
prerelease: false

build_package_stax:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
container:
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: /opt/stax-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: true
- name: Install deps
run: pip install ledgerblue

- name: Build Stax
shell: bash -l {0}
run: make SUBSTRATE_PARSER_FULL=1
- name: Set tag
id: stax
run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
- name: Update Release
id: update_release_2
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
files: ./app/pkg/installer_stax.sh
tag_name: ${{ steps.stax.outputs.tag_name }}
draft: false
prerelease: false

0 comments on commit 2d77c3a

Please sign in to comment.