Skip to content

Bump certifi from 2024.2.2 to 2024.7.4 #1813

Bump certifi from 2024.2.2 to 2024.7.4

Bump certifi from 2024.2.2 to 2024.7.4 #1813

name: Continuous Integration & Deployment
on:
workflow_dispatch:
push:
tags:
- '*'
branches:
- master
pull_request:
branches:
- master
jobs:
coverage:
name: Code coverage
runs-on: ubuntu-latest
container:
image: docker://ghcr.io/ledgerhq/speculos-builder:latest
steps:
- name: Clone
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Build with code coverage instrumentation
env:
CTEST_OUTPUT_ON_FAILURE: 1
RNG_SEED: 0
run: |
cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 -DCODE_COVERAGE=ON
make -C build clean
make -C build
make -C build test
pip install pytest-cov
pip install .
PYTHONPATH=. pytest --cov=speculos --cov-report=xml
- run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v4
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
with:
name: codecov-speculos
build:
name: Clone, build, test
runs-on: ubuntu-latest
strategy:
matrix:
python_version: ['3.8', '3.9', '3.10', '3.11']
# Use https://ghcr.io/ledgerhq/speculos-builder which has all the required
# dependencies
container:
image: docker://ghcr.io/ledgerhq/speculos-builder:latest
steps:
- name: Clone
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup Python version
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python_version }}
- name: Build and install package
run: |
cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1
make -C build
pip install pytest
pip install .
- name: Test
env:
CTEST_OUTPUT_ON_FAILURE: 1
run: |
make -C build/ test
pytest
package_python:
name: Build and deploy Speculos Python Package
runs-on: ubuntu-latest
needs: [build]
container:
image: docker://ghcr.io/ledgerhq/speculos-builder:latest
steps:
- name: Clone
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Use pip to install Speculos in a virtual environment
run: |
python3 -m venv venv-test
./venv-test/bin/pip install .
./venv-test/bin/speculos --help
echo "TAG_VERSION=$(python -c 'from speculos import __version__; print(__version__)')" >> "$GITHUB_ENV"
- name: Build Speculos python package
run: |
git config --global --add safe.directory "$GITHUB_WORKSPACE"
if [ -e dist ] ; then
echo >&2 "Error: dist/ directory already exists and this is unexpected. Refusing to build new packages."
exit 1
fi
python3 -m venv venv-build
./venv-build/bin/pip install --upgrade pip build twine
./venv-build/bin/python -m build
./venv-build/bin/python -m twine check dist/*
- name: Check version against CHANGELOG
if: startsWith(github.ref, 'refs/tags/')
shell: bash
run: |
CHANGELOG_VERSION=$(grep -Po '(?<=## \[)(\d+\.)+[^\]]' CHANGELOG.md | head -n 1)
if [ "${{ env.TAG_VERSION }}" == "${CHANGELOG_VERSION}" ]; \
then \
exit 0; \
else \
echo "Tag '${{ env.TAG_VERSION }}' and CHANGELOG '${CHANGELOG_VERSION}' versions mismatch!"; \
exit 1; \
fi
- name: Publish Python package on pypi.org
if: success() && github.event_name == 'push'
run: ./venv-build/bin/python -m twine upload dist/*
env:
TWINE_USERNAME: __token__
TWINE_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN }}
TWINE_NON_INTERACTIVE: 1
package_and_test_docker:
name: Build and test the Speculos docker
uses: ./.github/workflows/reusable_ragger_tests_latest_speculos.yml
with:
app_repository: LedgerHQ/app-boilerplate
app_branch_name: master
test_dir: tests
speculos_app_branch_name: ${{ github.ref }}
package_and_test_docker_for_nanos:
name: Build and test the Speculos docker for Nano S
uses: ./.github/workflows/reusable_ragger_tests_latest_speculos.yml
with:
app_repository: LedgerHQ/app-boilerplate
app_branch_name: nanos_baseline
test_dir: tests
speculos_app_branch_name: ${{ github.ref }}
deploy_docker:
name: Build and Upload the Speculos docker
runs-on: ubuntu-latest
needs: [build]
steps:
- name: Clone
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Extract metadata
id: meta
uses: docker/metadata-action@v4
with:
images: ghcr.io/ledgerhq/speculos
tags: |
type=raw,value=${{ github.sha }}
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to registry
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and publish to GitHub Packages
uses: docker/build-push-action@v3
with:
push: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/tags/')) }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}