Security Audit passed #18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & test apps | |
# This workflow will build the app and then run functional tests using the Ragger framework upon Speculos emulation. | |
# It then calls another reusable workflow to run the Ragger tests on the compiled application binary. | |
# | |
# While this workflow is optional, having functional testing on your application is mandatory and this workflow and | |
# tooling environment is meant to be easy to use and adapt after forking your application | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
pull_request: | |
jobs: | |
build_app: | |
name: Build application | |
strategy: | |
matrix: | |
device: [nanos, nanosp, nanox, stax] | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Build | |
run: | | |
DEVICE_SDK="$(echo ${{ matrix.device }} | tr a-z A-Z)_SDK" | |
bash -c "make -C app BOLOS_SDK=\$${DEVICE_SDK}" | |
tar -C app/bin -czf app_${{ matrix.device }}.tgz . | |
bash -c "make -C app BOLOS_SDK=\$${DEVICE_SDK} DEBUG=1" | |
tar -C app/bin -czf app_${{ matrix.device }}_dbg.tgz . | |
- name: Upload | |
uses: actions/upload-artifact@v3 | |
with: | |
path: app_${{ matrix.device }}.tgz | |
name: app_${{ matrix.device }}.tgz | |
- name: Upload (dbg) | |
uses: actions/upload-artifact@v3 | |
with: | |
path: app_${{ matrix.device }}_dbg.tgz | |
name: app_${{ matrix.device }}_dbg.tgz | |
build_docker_tezos_ocaml: | |
if: github.repository == 'trilitech/ledger-app-tezos-wallet' | |
uses: ./.github/workflows/docker.yml | |
secrets: inherit | |
with: | |
dockerfile: docker/Dockerfile.ocaml | |
image_name: tezos_ocaml | |
integration_tests_basic: | |
needs: [build_app] | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
device: [nanos, nanosp, nanox, stax] | |
container: | |
image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest | |
steps: | |
- name: Set Git Safe Directory | |
run: | | |
git config --global safe.directory "$GITHUB_WORKSPACE" | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Download app | |
uses: actions/download-artifact@v3 | |
with: | |
name: app_${{ matrix.device }}.tgz | |
- name: Download app (dbg) | |
uses: actions/download-artifact@v3 | |
with: | |
name: app_${{ matrix.device }}_dbg.tgz | |
- name: Run test | |
run: | | |
if [ "${{ matrix.device }}" = "stax" ]; then | |
./tests/integration/run_test_local.sh -F -m ${{ matrix.device }} \ | |
./tests/integration/${{ matrix.device }} | |
else | |
apk add gmp-dev curl jq libsodium-dev git xxd procps | |
python3 -m venv tezos_test_env --system-site-package | |
source ./tezos_test_env/bin/activate | |
python3 -m pip install -r ./tests/requirements.txt -q | |
TMP_DIR=$(mktemp -d /tmp/foo-XXXXXX) | |
tar xfz app_${{ matrix.device }}_dbg.tgz -C $TMP_DIR | |
python3 -m pytest -n 32 tests/integration/nano/ --tb=no \ | |
--device ${{ matrix.device }} --app $TMP_DIR/app.elf \ | |
--log-dir integration_tests_log | |
fi | |
- name: Upload Stax results | |
uses: actions/upload-artifact@v3 | |
if: always() && matrix.device == 'stax' | |
with: | |
name: integration_tests_${{ matrix.device }}.json | |
path: ./integration_tests.json | |
- name: Upload Nano results | |
uses: actions/upload-artifact@v3 | |
if: always() && matrix.device != 'stax' | |
with: | |
name: integration_tests_log_${{ matrix.device }} | |
path: ./integration_tests_log | |
generate_samples_unit_tests: | |
needs: [build_docker_tezos_ocaml] | |
runs-on: ubuntu-latest | |
container: | |
image: ${{ needs.build_docker_tezos_ocaml.outputs.image }} | |
credentials: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
options: -u root --entrypoint /bin/bash | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Create dirs | |
run: | | |
mkdir -p tests/samples/micheline/nano | |
mkdir -p tests/samples/operations/nano | |
- name: Generate | |
run: | | |
export PATH=/home/opam/.opam/4.14/bin:$PATH | |
cp ./app/src/parser/[!g]*.[ch] ./tests/unit/parser | |
dune exec ./tests/generate/generate.exe micheline 500 \ | |
nano tests/samples/micheline | |
dune exec ./tests/generate/generate.exe operations 500 \ | |
nano tests/samples/operations | |
- name: Unit tests | |
run: | | |
export PATH=/home/opam/.opam/4.14/bin:$PATH | |
make -C tests/unit | |
- name: Upload results (nano, micheline) | |
uses: actions/upload-artifact@v3 | |
with: | |
name: nano_samples_micheline | |
path: tests/samples/micheline/nano | |
- name: Upload results (nano, operations) | |
uses: actions/upload-artifact@v3 | |
with: | |
name: nano_samples_operations | |
path: tests/samples/operations/nano | |
integration_tests_samples: | |
needs: [build_app, generate_samples_unit_tests] | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
device: [nanos, nanosp, nanox] | |
type: [micheline, operations] | |
container: | |
image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-dev-tools:latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Download app | |
uses: actions/download-artifact@v3 | |
with: | |
name: app_${{ matrix.device }}.tgz | |
- name: Download app (dbg) | |
uses: actions/download-artifact@v3 | |
with: | |
name: app_${{ matrix.device }}_dbg.tgz | |
- name: Download samples | |
uses: actions/download-artifact@v3 | |
with: | |
name: nano_samples_${{ matrix.type }} | |
path: tests | |
- name: Test | |
run: | | |
apk add gmp-dev curl jq libsodium-dev git xxd procps | |
python3 -m venv tezos_test_env --system-site-package | |
source ./tezos_test_env/bin/activate | |
python3 -m pip install -r ./tests/requirements.txt -q | |
./tests/integration/run_test_local.sh -T100 -F -m ${{ matrix.device }} tests | |
- name: Upload results | |
uses: actions/upload-artifact@v3 | |
if: always() | |
with: | |
name: integration_tests_${{ matrix.type}}_${{ matrix.device }}.json | |
path: ./integration_tests.json |