Merge pull request #441 from LedgerHQ/xch/fix-nanos-aes-cbc #1463
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration & Deployment | |
on: | |
workflow_dispatch: | |
push: | |
tags: | |
- '*' | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
jobs: | |
linter: | |
name: Linter on C code | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Lint C code | |
uses: DoozyX/[email protected] | |
with: | |
source: 'src tests' | |
extensions: 'c,h' | |
clangFormatVersion: 11 | |
misspell: | |
name: Check misspellings | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Check misspellings | |
uses: codespell-project/actions-codespell@v1 | |
with: | |
builtin: clear,rare | |
check_filenames: true | |
ignore_words_file: .codespell-ignore | |
skip: ./speculos/api/static/swagger/swagger-ui.css,./speculos/api/static/swagger/swagger-ui-bundle.js,./speculos/api/static/swagger/swagger-ui-standalone-preset.js,./speculos/fonts | |
coverage: | |
name: Code coverage | |
runs-on: ubuntu-latest | |
container: | |
image: docker://ghcr.io/ledgerhq/speculos-builder:latest | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Rebuild with code coverage instrumentation | |
env: | |
CTEST_OUTPUT_ON_FAILURE: 1 | |
RNG_SEED: 0 | |
run: | | |
cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 -DCODE_COVERAGE=ON | |
make -C build clean | |
make -C build | |
make -C build test | |
python3 -m pip install pytest-cov | |
python3 -m pytest --cov=speculos --cov-report=xml | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@v1 | |
with: | |
name: codecov-speculos | |
build: | |
name: Clone, build, test | |
runs-on: ubuntu-latest | |
permissions: | |
packages: write | |
# Use https://ghcr.io/ledgerhq/speculos-builder which has all the required | |
# dependencies | |
container: | |
image: docker://ghcr.io/ledgerhq/speculos-builder:latest | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Build | |
run: | | |
cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 | |
make -C build | |
- name: Test | |
env: | |
CTEST_OUTPUT_ON_FAILURE: 1 | |
run: | | |
make -C build/ test | |
python3 -m pytest | |
package_python: | |
name: Build and deploy Speculos Python Package | |
runs-on: ubuntu-latest | |
needs: [build] | |
container: | |
image: docker://ghcr.io/ledgerhq/speculos-builder:latest | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Use pip to install Speculos in a virtual environment | |
run: | | |
python3 -m venv venv-test | |
./venv-test/bin/pip install . | |
./venv-test/bin/speculos --help | |
echo "TAG_VERSION=$(python -c 'from speculos import __version__; print(__version__)')" >> "$GITHUB_ENV" | |
- name: Build Speculos python package | |
run: | | |
git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
if [ -e dist ] ; then | |
echo >&2 "Error: dist/ directory already exists and this is unexpected. Refusing to build new packages." | |
exit 1 | |
fi | |
python3 -m venv venv-build | |
./venv-build/bin/pip install --upgrade pip build twine | |
./venv-build/bin/python -m build | |
./venv-build/bin/python -m twine check dist/* | |
- name: Display current status | |
shell: bash | |
run: | | |
echo "Current status is:" | |
if [[ ${{ github.ref }} == "refs/tags/"* ]]; \ | |
then \ | |
echo "- Triggered from tag, will be deployed on pypi.org"; \ | |
else \ | |
echo "- Not triggered from tag, will be deployed on test.pypi.org"; \ | |
fi | |
echo "- Tag version: ${{ env.TAG_VERSION }}" | |
- name: Check version against CHANGELOG | |
if: startsWith(github.ref, 'refs/tags/') | |
shell: bash | |
run: | | |
CHANGELOG_VERSION=$(grep -Po '(?<=## \[)(\d+\.)+[^\]]' CHANGELOG.md | head -n 1) | |
if [ "${{ env.TAG_VERSION }}" == "${CHANGELOG_VERSION}" ]; \ | |
then \ | |
exit 0; \ | |
else \ | |
echo "Tag '${{ env.TAG_VERSION }}' and CHANGELOG '${CHANGELOG_VERSION}' versions mismatch!"; \ | |
exit 1; \ | |
fi | |
- name: Publish Python package on pypi.org | |
if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') | |
run: ./venv-build/bin/python -m twine upload dist/* | |
env: | |
TWINE_USERNAME: __token__ | |
TWINE_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN }} | |
TWINE_NON_INTERACTIVE: 1 | |
- name: Publish Python package on test.pypi.org | |
if: success() && github.event_name == 'push' | |
run: ./venv-build/bin/python -m twine upload --repository testpypi dist/* | |
env: | |
TWINE_USERNAME: __token__ | |
TWINE_PASSWORD: ${{ secrets.TEST_PYPI_PUBLIC_API_TOKEN }} | |
TWINE_NON_INTERACTIVE: 1 | |
package_and_test_docker: | |
name: Build and test the Speculos docker | |
uses: ./.github/workflows/reusable_ragger_tests_latest_speculos.yml | |
with: | |
app_repository: LedgerHQ/app-boilerplate | |
app_branch_name: master | |
test_dir: tests | |
speculos_app_branch_name: ${{ github.ref }} | |
deploy_docker: | |
name: Build and Upload the Speculos docker | |
runs-on: ubuntu-latest | |
if: | | |
github.event_name == 'push' && | |
(github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) | |
needs: [build] | |
steps: | |
- name: Clone | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: Build and publish to GitHub Packages | |
uses: docker/build-push-action@v1 | |
with: | |
repository: ledgerhq/speculos | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
tag_with_sha: true | |
tags: latest |