Merge pull request #65 from LedgerHQ/develop

Merge on Master
LedgerHQ · Apr 30, 2024 · f80a533 · f80a533
2 parents 21ce629 + ae7aaf4
commit f80a533
Show file tree

Hide file tree

Showing 1,005 changed files with 13,131 additions and 3,014 deletions.
diff --git a/.clang-format b/.clang-format
@@ -0,0 +1,26 @@
+---
+Language: Cpp
+BasedOnStyle: Google
+AlignOperands: true
+BreakStringLiterals: true
+ColumnLimit: 80
+ConstructorInitializerIndentWidth: 4
+ContinuationIndentWidth: 4
+FixNamespaceComments: true
+IndentCaseLabels: true
+IndentWidth:  4
+MaxEmptyLinesToKeep: 1
+PointerAlignment: Left
+ReflowComments: true
+SortIncludes: true
+SpaceBeforeParens: ControlStatements
+SpaceInEmptyParentheses: false
+SpacesBeforeTrailingComments: 1
+SpacesInContainerLiterals: true
+SpacesInCStyleCastParentheses: false
+SpacesInParentheses: false
+SpacesInSquareBrackets: true
+UseTab: Never
+---
+Language: Proto
+BasedOnStyle: LLVM
diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md
@@ -0,0 +1,8 @@
+# Checklist
+<!-- Put an `x` in each box when you have completed the items. -->
+- [ ] App update process has been followed <!-- See comment below -->
+- [ ] Target branch is `develop` <!-- unless you have a very good reason -->
+- [ ] Application version has been bumped <!-- required if your changes are to be deployed -->
+
+<!-- Make sure you followed the process described in https://developers.ledger.com/docs/device-app/deliver/maintenance before opening your Pull Request.
+Don't hesitate to contact us directly on Discord if you have any questions ! https://developers.ledger.com/discord -->
diff --git a/.github/workflows/check_protobuf_files.yml b/.github/workflows/check_protobuf_files.yml
@@ -0,0 +1,34 @@
+name: check_protobuf_files
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  python_protobuf_check:
+    name: Check python protobuf files
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+
+      - name: Save current generation
+        run: |
+          cp -r proto proto_current
+          rm proto/*_pb2.py
+
+      - name: Regenerate
+        run: |
+          PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python make python_pb
+          cp ./vendor/nanopb/generator/proto/nanopb_pb2.py ./proto
+
+      - name: Compare regenerated files with tracked files
+        run: |
+          diff proto proto_current
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,50 +3,22 @@ name: CI
 on:
   # Triggers the workflow on push or pull request events but only for the master branch
   push:
-    branches: [ master ]
+    branches: [ master, develop ]
   pull_request:
-    branches: [ master ]
-
   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:
 
 jobs:
-  build:
-    runs-on: ubuntu-latest
-
-    container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build app
-        run: |
-          make clean
-          make DEBUG=1
-
-      - name: Upload app binary
-        uses: actions/upload-artifact@v2
-        with:
-          name: app-debug
-          path: bin
-
-  scan-build:
-    name: Clang Static Analyzer
-    runs-on: ubuntu-latest
-
-    container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
-
-    steps:
-      - uses: actions/checkout@v2
-
-      - name: Build with Clang Static Analyzer
-        run: |
-          make clean
-          scan-build --use-cc=clang -analyze-headers -enable-checker security -enable-checker unix -enable-checker valist -o scan-build --status-bugs make default
-      - uses: actions/upload-artifact@v2
-        if: failure()
-        with:
-          name: scan-build
-          path: scan-build
+  build_application:
+    name: Build application using the reusable workflow
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
+    with:
+      upload_app_binaries_artifact: compiled_app_binaries
+
+  ragger_tests:
+    name: Run ragger tests using the reusable workflow
+    needs: build_application
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_ragger_tests.yml@v1
+    with:
+      download_app_binaries_artifact: compiled_app_binaries
+      test_dir: tests
diff --git a/.github/workflows/codeql-workflow.yml b/.github/workflows/codeql-workflow.yml
@@ -0,0 +1,43 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  analyse:
+    name: Analyse
+    strategy:
+      matrix:
+        sdk: [ "$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK" ]
+        #'cpp' covers C and C++
+        language: [ 'cpp' ]
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+
+      - name: Add safe directory
+        run: |
+          git config --global --add safe.directory "$GITHUB_WORKSPACE"
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      # CodeQL will create the database during the compilation
+      - name: Build
+        run: |
+          PROTOCOL_BUFFERS_PYTHON_IMPLEMENTATION=python make BOLOS_SDK=${{ matrix.sdk }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/guidelines_enforcer.yml b/.github/workflows/guidelines_enforcer.yml
@@ -0,0 +1,23 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
diff --git a/.gitignore b/.gitignore
@@ -1,16 +1,14 @@
 # Build files
 bin/
-dep/
-obj/
 debug/
-src/glyphs.c
-src/glyphs.h
+build/
 src/pb_*
 
 # Editors
 .idea
 
 # Protos
-proto/*.c
-proto/*.h
 *.pyc
+
+# Tests
+tests/snapshots-tmp/
diff --git a/.vscode/c_cpp_properties.json b/.vscode/c_cpp_properties.json
@@ -5,10 +5,7 @@
             "includePath": [
                 "${workspaceFolder}/src",
                 "${workspaceFolder}/proto",
-                "${workspaceFolder}/vendor/ledger-nanopb",
-                "${workspaceFolder}/vendor/nanos-secure-sdk/include",
-                "${workspaceFolder}/vendor/nanox-secure-sdk/include",
-                "${workspaceFolder}/vendor/nanos-secure-sdk/lib_ux/include"
+                "${workspaceFolder}/vendor/nanopb"
             ],
             "defines": [
                 "OS_IO_SEPROXYHAL",

diff --git a/.vscode/settings.json b/.vscode/settings.json
@@ -3,10 +3,20 @@
     "python.linting.pylamaEnabled": true,
     "python.linting.enabled": true,
     "files.associations": {
-        "*.h": "c",
-        ".clang-tidy": "yaml",
-        "string_view": "c",
-        "regex": "c"
+      "*.h": "c",
+      ".clang-tidy": "yaml",
+      "string_view": "c",
+      "regex": "c",
+      "optional": "c",
+      "istream": "c",
+      "ostream": "c",
+      "system_error": "c",
+      "array": "c",
+      "functional": "c",
+      "tuple": "c",
+      "type_traits": "c",
+      "utility": "c"
     },
     "C_Cpp.dimInactiveRegions": false,
+    "C_Cpp.errorSquiggles": "enabled",
 }