Skip to content

Fix blind signing and multiple transaction sending for legacy (#12) #1

Fix blind signing and multiple transaction sending for legacy (#12)

Fix blind signing and multiple transaction sending for legacy (#12) #1

Workflow file for this run

name: Build
on:
workflow_dispatch:
push:
pull_request:
branches:
- main
- develop
- master # for safety reasons
- dev # for safety reasons
jobs:
configure:
runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
outputs:
uid_gid: ${{ steps.get-user.outputs.uid_gid }}
steps:
- id: get-user
run: echo "uid_gid=$(id -u):$(id -g)" >> $GITHUB_OUTPUT
build:
runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y curl protobuf-compiler build-essential git wget unzip python3 python3-pip \
libssl-dev libffi-dev libreadline-dev zlib1g-dev libbz2-dev libsqlite3-dev libncurses5-dev \
libgdbm-dev libnss3-dev liblzma-dev libxml2-dev libxmlsec1-dev libffi-dev libyaml-dev
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Install CMake 3.28
run: |
wget https://github.com/Kitware/CMake/releases/download/v3.28.0/cmake-3.28.0-linux-x86_64.sh
sudo mkdir /opt/cmake
sudo sh cmake-3.28.0-linux-x86_64.sh --skip-license --prefix=/opt/cmake
sudo ln -sf /opt/cmake/bin/cmake /usr/local/bin/cmake
sudo ln -sf /opt/cmake/bin/ctest /usr/local/bin/ctest
- name: Verify CMake version
run: cmake --version
- name: Install deps
run: |
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10
make deps
- name: Run CMake
run: mkdir -p build && cd build && cmake -DCMAKE_BUILD_TYPE=Debug .. && make
- run: make cpp_test
build_ledger:
needs: configure
runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
container:
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: /opt/nanos-secure-sdk
outputs:
size: ${{steps.build.outputs.size}}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Build Standard app
id: build
shell: bash -l {0}
run: |
make
echo "size=$(python3 deps/ledger-zxlib/scripts/getSize.py s)" >> $GITHUB_OUTPUT
size_nano_s:
needs: build_ledger
runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
env:
NANOS_LIMIT_SIZE: 136
steps:
- run: |
echo "LNS app size: ${{needs.build_ledger.outputs.size}} KiB"
[ ${{needs.build_ledger.outputs.size}} -le $NANOS_LIMIT_SIZE ]
test_zemu:
runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
steps:
- name: Test
run: |
id
echo $HOME
echo $DISPLAY
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y curl protobuf-compiler build-essential git wget unzip python3 python3-pip \
libssl-dev libffi-dev libreadline-dev zlib1g-dev libbz2-dev libsqlite3-dev libncurses5-dev \
libgdbm-dev libnss3-dev liblzma-dev libxml2-dev libxmlsec1-dev libffi-dev libyaml-dev
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
- name: Install rust
uses: actions-rs/toolchain@v1
with:
toolchain: stable
- name: Install node
uses: actions/setup-node@v4
with:
node-version: 18
- name: Install yarn
run: |
npm install -g yarn
- name: Build and run zemu tests
run: |
for i in {1..3}; do
make zemu_install && break || sleep 10
done
make
make zemu_test
- name: Upload Snapshots (only failure)
if: ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: snapshots-tmp
path: tests_zemu/snapshots-tmp/
build_package_nanos:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
container:
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: /opt/nanos-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Install deps
run: pip install ledgerblue
- name: Build NanoS
shell: bash -l {0}
run: |
PRODUCTION_BUILD=0 make
mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh
- name: Set tag
id: nanos
run: echo "tag_name=$(./app/pkg/installer_nanos.sh version)" >> $GITHUB_OUTPUT
- name: Create or Update Release (1)
id: create_release_0
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
files: ./app/pkg/installer_nanos.sh
tag_name: ${{ steps.nanos.outputs.tag_name }}
draft: false
prerelease: false
build_package_nanosp:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
container:
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: /opt/nanosplus-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Install deps
run: pip install ledgerblue
- name: Build NanoSP
shell: bash -l {0}
run: |
PRODUCTION_BUILD=0 make
mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh
- name: Set tag
id: nanosp
run: echo "tag_name=$(./app/pkg/installer_nanos_plus.sh version)" >> $GITHUB_OUTPUT
- name: Update Release
id: update_release_2
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
files: ./app/pkg/installer_nanos_plus.sh
tag_name: ${{ steps.nanosp.outputs.tag_name }}
draft: false
prerelease: false
build_package_stax:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: zondax-runners
container:
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: /opt/stax-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Install deps
run: pip install ledgerblue
- name: Build Stax
shell: bash -l {0}
run: |
PRODUCTION_BUILD=0 make
- name: Set tag
id: stax
run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
- name: Update Release
id: update_release_2
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
files: |
./app/pkg/installer_stax.sh
tag_name: ${{ steps.stax.outputs.tag_name }}
draft: false
prerelease: false
build_package_flex:
needs: [configure, build, build_ledger, test_zemu]
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
container:
image: zondax/ledger-app-builder:latest
options: --user ${{ needs.configure.outputs.uid_gid }}
env:
BOLOS_SDK: /opt/flex-secure-sdk
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Install deps
run: pip install ledgerblue
- name: Build Flex
shell: bash -l {0}
run: PRODUCTION_BUILD=0 make
- name: Set tag
id: flex
run: echo "tag_name=$(./app/pkg/installer_flex.sh version)" >> $GITHUB_OUTPUT
- name: Update Release
id: update_release_2
uses: softprops/action-gh-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
with:
files: ./app/pkg/installer_flex.sh
tag_name: ${{ steps.flex.outputs.tag_name }}
draft: false
prerelease: false