diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml index 3c740ba2..15beeda0 100644 --- a/.github/workflows/continuous-integration-workflow.yml +++ b/.github/workflows/continuous-integration-workflow.yml @@ -13,63 +13,6 @@ on: jobs: - linter: - name: Linter on C code - runs-on: ubuntu-latest - steps: - - name: Clone - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Lint C code - uses: DoozyX/clang-format-lint-action@v0.16.1 - with: - source: 'src tests' - extensions: 'c,h' - clangFormatVersion: 11 - - misspell: - name: Check misspellings - runs-on: ubuntu-latest - steps: - - name: Clone - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Check misspellings - uses: codespell-project/actions-codespell@v1 - with: - builtin: clear,rare - check_filenames: true - ignore_words_file: .codespell-ignore - skip: ./speculos/api/static/swagger/swagger-ui.css,./speculos/api/static/swagger/swagger-ui-bundle.js,./speculos/api/static/swagger/swagger-ui-standalone-preset.js,./speculos/fonts - - coverage: - name: Code coverage - runs-on: ubuntu-latest - container: - image: docker://ghcr.io/ledgerhq/speculos-builder:latest - steps: - - name: Clone - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Rebuild with code coverage instrumentation - env: - CTEST_OUTPUT_ON_FAILURE: 1 - RNG_SEED: 0 - run: | - cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 -DCODE_COVERAGE=ON - make -C build clean - make -C build - make -C build test - python3 -m pip install pytest-cov - python3 -m pytest --cov=speculos --cov-report=xml - - name: Upload coverage to Codecov - uses: codecov/codecov-action@v1 - with: - name: codecov-speculos - build: name: Clone, build, test runs-on: ubuntu-latest @@ -131,18 +74,6 @@ jobs: ./venv-build/bin/python -m build ./venv-build/bin/python -m twine check dist/* - - name: Display current status - shell: bash - run: | - echo "Current status is:" - if [[ ${{ github.ref }} == "refs/tags/"* ]]; \ - then \ - echo "- Triggered from tag, will be deployed on pypi.org"; \ - else \ - echo "- Not triggered from tag, will be deployed on test.pypi.org"; \ - fi - echo "- Tag version: ${{ env.TAG_VERSION }}" - - name: Check version against CHANGELOG if: startsWith(github.ref, 'refs/tags/') shell: bash @@ -157,21 +88,13 @@ jobs: fi - name: Publish Python package on pypi.org - if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/') + if: success() && github.event_name == 'push' run: ./venv-build/bin/python -m twine upload dist/* env: TWINE_USERNAME: __token__ TWINE_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN }} TWINE_NON_INTERACTIVE: 1 - - name: Publish Python package on test.pypi.org - if: success() && github.event_name == 'push' - run: ./venv-build/bin/python -m twine upload --repository testpypi dist/* - env: - TWINE_USERNAME: __token__ - TWINE_PASSWORD: ${{ secrets.TEST_PYPI_PUBLIC_API_TOKEN }} - TWINE_NON_INTERACTIVE: 1 - package_and_test_docker: name: Build and test the Speculos docker uses: ./.github/workflows/reusable_ragger_tests_latest_speculos.yml diff --git a/.github/workflows/fast-checks.yml b/.github/workflows/fast-checks.yml new file mode 100644 index 00000000..107d6911 --- /dev/null +++ b/.github/workflows/fast-checks.yml @@ -0,0 +1,100 @@ +name: Fast checks + +on: + workflow_dispatch: + push: + branches: + - master + - develop + pull_request: + +jobs: + linter-python: + name: Linter on Python code + runs-on: ubuntu-latest + steps: + - name: Clone + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Python dependency + run: pip install flake8 + - name: Lint Python code + run: find speculos/ -type f -name '*.py' -exec flake8 --max-line-length=120 '{}' '+' + + linter-c: + name: Linter on C code + runs-on: ubuntu-latest + steps: + - name: Clone + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Lint C code + uses: DoozyX/clang-format-lint-action@v0.16.1 + with: + source: 'src tests' + extensions: 'c,h' + clangFormatVersion: 11 + + mypy: + name: Type checking + runs-on: ubuntu-latest + steps: + - name: Clone + uses: actions/checkout@v3 + - run: pip install mypy types-requests types-setuptools PyQt5-stubs + - name: Mypy type checking + run: mypy speculos + + bandit: + name: Security checking + runs-on: ubuntu-latest + steps: + - name: Clone + uses: actions/checkout@v3 + - run: pip install bandit + - name: Bandit security checking + run: bandit -r speculos -ll || echo 0 + + misspell: + name: Check misspellings + runs-on: ubuntu-latest + steps: + - name: Clone + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Check misspellings + uses: codespell-project/actions-codespell@v1 + with: + builtin: clear,rare + check_filenames: true + ignore_words_file: .codespell-ignore + skip: ./speculos/api/static/swagger/swagger-ui.css,./speculos/api/static/swagger/swagger-ui-bundle.js,./speculos/api/static/swagger/swagger-ui-standalone-preset.js,./speculos/fonts + + coverage: + name: Code coverage + runs-on: ubuntu-latest + container: + image: docker://ghcr.io/ledgerhq/speculos-builder:latest + steps: + - name: Clone + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Rebuild with code coverage instrumentation + env: + CTEST_OUTPUT_ON_FAILURE: 1 + RNG_SEED: 0 + run: | + cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 -DCODE_COVERAGE=ON + make -C build clean + make -C build + make -C build test + python3 -m pip install pytest-cov + python3 -m pytest --cov=speculos --cov-report=xml + - name: Upload coverage to Codecov + uses: codecov/codecov-action@v1 + with: + name: codecov-speculos diff --git a/.github/workflows/python_checks.yml b/.github/workflows/python_checks.yml deleted file mode 100644 index ac070f53..00000000 --- a/.github/workflows/python_checks.yml +++ /dev/null @@ -1,43 +0,0 @@ -name: Python checks - -on: - workflow_dispatch: - push: - branches: - - master - - develop - pull_request: - -jobs: - linter: - name: Linter on Python code - runs-on: ubuntu-latest - steps: - - name: Clone - uses: actions/checkout@v3 - with: - fetch-depth: 0 - - name: Python dependency - run: pip install flake8 - - name: Lint Python code - run: find speculos/ -type f -name '*.py' -exec flake8 --max-line-length=120 '{}' '+' - - mypy: - name: Type checking - runs-on: ubuntu-latest - steps: - - name: Clone - uses: actions/checkout@v3 - - run: pip install mypy types-requests types-setuptools PyQt5-stubs - - name: Mypy type checking - run: mypy speculos - - bandit: - name: Security checking - runs-on: ubuntu-latest - steps: - - name: Clone - uses: actions/checkout@v3 - - run: pip install bandit - - name: Bandit security checking - run: bandit -r speculos -ll || echo 0 diff --git a/CHANGELOG.md b/CHANGELOG.md index aa0800e4..0f977e11 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,12 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). -## [0.5.0] - 2024-??-?? +## [0.5.0] - 2024-01-11 ### Added - Attestation key or user private keys can now be configured with the new `--attestation-key` and `--user-private-key` arguments (or `ATTESTATION_PRIVATE_KEY` and `USER_PRIVATE_KEY` through - environment variables). User certificates are correctly calculated signed from the user private + environment variables). User certificates are correctly calculated, signed from the user private keys and the attestation key. ### Changed