Skip to content

Fetch seed / RNG / attestation / user keys / appname / appversion from env at startup then stick with it #1457

Fetch seed / RNG / attestation / user keys / appname / appversion from env at startup then stick with it

Fetch seed / RNG / attestation / user keys / appname / appversion from env at startup then stick with it #1457

name: Continuous Integration & Deployment
on:
workflow_dispatch:
push:
tags:
- '*'
branches:
- master
pull_request:
branches:
- master
jobs:
linter:
name: Linter on C code
runs-on: ubuntu-latest
steps:
- name: Clone
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Lint C code
uses: DoozyX/clang-format-lint-action@v0.16.1
with:
source: 'src tests'
extensions: 'c,h'
clangFormatVersion: 11
misspell:
name: Check misspellings
runs-on: ubuntu-latest
steps:
- name: Clone
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Check misspellings
uses: codespell-project/actions-codespell@v1
with:
builtin: clear,rare
check_filenames: true
ignore_words_file: .codespell-ignore
skip: ./speculos/api/static/swagger/swagger-ui.css,./speculos/api/static/swagger/swagger-ui-bundle.js,./speculos/api/static/swagger/swagger-ui-standalone-preset.js,./speculos/fonts
coverage:
name: Code coverage
runs-on: ubuntu-latest
container:
image: docker://ghcr.io/ledgerhq/speculos-builder:latest
steps:
- name: Clone
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Rebuild with code coverage instrumentation
env:
CTEST_OUTPUT_ON_FAILURE: 1
RNG_SEED: 0
run: |
cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 -DCODE_COVERAGE=ON
make -C build clean
make -C build
make -C build test
python3 -m pip install pytest-cov
python3 -m pytest --cov=speculos --cov-report=xml
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v1
with:
name: codecov-speculos
build:
name: Clone, build, test
runs-on: ubuntu-latest
permissions:
packages: write
# Use https://ghcr.io/ledgerhq/speculos-builder which has all the required
# dependencies
container:
image: docker://ghcr.io/ledgerhq/speculos-builder:latest
steps:
- name: Clone
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Build
run: |
cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1
make -C build
- name: Test
env:
CTEST_OUTPUT_ON_FAILURE: 1
run: |
make -C build/ test
python3 -m pytest
package_python:
name: Build and deploy Speculos Python Package
runs-on: ubuntu-latest
needs: [build]
container:
image: docker://ghcr.io/ledgerhq/speculos-builder:latest
steps:
- name: Clone
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Use pip to install Speculos in a virtual environment
run: |
python3 -m venv venv-test
./venv-test/bin/pip install .
./venv-test/bin/speculos --help
echo "TAG_VERSION=$(python -c 'from speculos import __version__; print(__version__)')" >> "$GITHUB_ENV"
- name: Build Speculos python package
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
if [ -e dist ] ; then
echo >&2 "Error: dist/ directory already exists and this is unexpected. Refusing to build new packages."
exit 1
fi
python3 -m venv venv-build
./venv-build/bin/pip install --upgrade pip build twine
./venv-build/bin/python -m build
./venv-build/bin/python -m twine check dist/*
- name: Display current status
shell: bash
run: |
echo "Current status is:"
if [[ ${{ github.ref }} == "refs/tags/"* ]]; \
then \
echo "- Triggered from tag, will be deployed on pypi.org"; \
else \
echo "- Not triggered from tag, will be deployed on test.pypi.org"; \
fi
echo "- Tag version: ${{ env.TAG_VERSION }}"
- name: Check version against CHANGELOG
if: startsWith(github.ref, 'refs/tags/')
shell: bash
run: |
CHANGELOG_VERSION=$(grep -Po '(?<=## \[)(\d+\.)+[^\]]' CHANGELOG.md | head -n 1)
if [ "${{ env.TAG_VERSION }}" == "${CHANGELOG_VERSION}" ]; \
then \
exit 0; \
else \
echo "Tag '${{ env.TAG_VERSION }}' and CHANGELOG '${CHANGELOG_VERSION}' versions mismatch!"; \
exit 1; \
fi
- name: Publish Python package on pypi.org
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
run: ./venv-build/bin/python -m twine upload dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
TWINE_NON_INTERACTIVE: 1
- name: Publish Python package on test.pypi.org
if: success() && github.event_name == 'push'
run: ./venv-build/bin/python -m twine upload --repository testpypi dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.TEST_PYPI_PUBLIC_API_TOKEN }}
TWINE_NON_INTERACTIVE: 1
package_and_test_docker:
name: Build and test the Speculos docker
uses: ./.github/workflows/reusable_ragger_tests_latest_speculos.yml
with:
app_repository: LedgerHQ/app-boilerplate
app_branch_name: master
test_dir: tests
speculos_app_branch_name: ${{ github.ref }}
deploy_docker:
name: Build and Upload the Speculos docker
runs-on: ubuntu-latest
if: |
github.event_name == 'push' &&
(github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/'))
needs: [build]
steps:
- name: Clone
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Build and publish to GitHub Packages
uses: docker/build-push-action@v1
with:
repository: ledgerhq/speculos
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
tag_with_sha: true
tags: latest