Linter

.github/workflows/cflite_cron.yml

@@ -23,19 +23,18 @@ jobs:
           - mode: coverage
             sanitizer: coverage
     steps:
-    - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
-      id: build
-      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        language: c # Change this to the language you are fuzzing.
-        sanitizer: ${{ matrix.sanitizer }}
-    - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
-      id: run
-      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        fuzz-seconds: 300 # 5 minutes
-        mode: ${{ matrix.mode }}
-        sanitizer: ${{ matrix.sanitizer }}
-
+      - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          language: c # Change this to the language you are fuzzing.
+          sanitizer: ${{ matrix.sanitizer }}
+      - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 300 # 5 minutes
+          mode: ${{ matrix.mode }}
+          sanitizer: ${{ matrix.sanitizer }}

.github/workflows/cflite_pr.yml

@@ -13,31 +13,31 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
+        sanitizer: [address, undefined, memory]  # Override this with the sanitizers you want.
     steps:
-    - name: Build Fuzzers (${{ matrix.sanitizer }})
-      id: build
-      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
-      with:
-        language: c # Change this to the language you are fuzzing.
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        sanitizer: ${{ matrix.sanitizer }}
-        # Optional but recommended: used to only run fuzzers that are affected
-        # by the PR.
-        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
-        # storage-repo-branch: main   # Optional. Defaults to "main"
-        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
-    - name: Run Fuzzers (${{ matrix.sanitizer }})
-      id: run
-      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        fuzz-seconds: 300 # 5 minutes
-        mode: 'code-change'
-        sanitizer: ${{ matrix.sanitizer }}
-        output-sarif: true
-        # Optional but recommended: used to download the corpus produced by
-        # batch fuzzing.
-        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
-        # storage-repo-branch: main   # Optional. Defaults to "main"
-        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          language: c  # Change this to the language you are fuzzing.
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          sanitizer: ${{ matrix.sanitizer }}
+          # Optional but recommended: used to only run fuzzers that are affected
+          # by the PR.
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 300  # 5 minutes
+          mode: 'code-change'
+          sanitizer: ${{ matrix.sanitizer }}
+          output-sarif: true
+          # Optional but recommended: used to download the corpus produced by
+          # batch fuzzing.
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".

.github/workflows/codeql_checks.yml

@@ -17,20 +17,21 @@ jobs:
   analyse:
     name: Analyse
     strategy:
+      fail-fast: false
       matrix:
         sdk: ["$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"]
-        #'cpp' covers C and C++
-        language: [ 'cpp' ]
+        # 'cpp' covers C and C++
+        language: ['cpp']
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality
@@ -41,4 +42,4 @@ jobs:
           make BOLOS_SDK=${{ matrix.sdk }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/documentation_generation.yml

@@ -18,12 +18,12 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: HTML documentation
         run: doxygen .doxygen/Doxyfile
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: documentation
           path: doc/html

.github/workflows/misspellings_checks.yml

@@ -18,11 +18,11 @@ jobs:
     name: Check misspellings
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
+      - name: Clone
+        uses: actions/checkout@v4
 
-    - name: Check misspellings
-      uses: codespell-project/actions-codespell@v1
-      with:
-        builtin: clear,rare
-        check_filenames: true
+      - name: Check misspellings
+        uses: codespell-project/actions-codespell@v2
+        with:
+          builtin: clear,rare
+          check_filenames: true

.github/workflows/python_client_checks.yml

@@ -14,31 +14,22 @@ on:
   pull_request:
 
 jobs:
-
   lint:
     name: Boilerplate client linting
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
-    - name: Installing PIP dependencies
-      run: |
-        pip install pylint
-        pip install -r tests/requirements.txt
-    - name: Lint Python code
-      run: |
-        pylint --rc tests/setup.cfg tests/application_client/
+      - name: Clone
+        uses: actions/checkout@v4
+      - run: pip install pylint
+      - name: Lint Python code
+        run: pylint --rc tests/setup.cfg tests/application_client/
 
   mypy:
     name: Type checking
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
-    - name: Installing PIP dependencies
-      run: |
-        pip install mypy
-        pip install -r tests/requirements.txt
-    - name: Mypy type checking
-      run: |
-        mypy tests/application_client/
+      - name: Clone
+        uses: actions/checkout@v4
+      - run: pip install mypy
+      - name: Mypy type checking
+        run: mypy tests/application_client/

.github/workflows/unit_tests.yml

@@ -18,10 +18,10 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Clone SDK
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ledgerHQ/ledger-secure-sdk
           path: sdk
@@ -41,7 +41,7 @@ jobs:
           lcov --directory . -b "$(realpath build/)" --remove coverage.info '*/unit-tests/*' -o coverage.info && \
           genhtml coverage.info -o coverage
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: code-coverage
           path: unit-tests/coverage

README.md

@@ -14,16 +14,16 @@ It will allow you, whether you are developing on macOS, Windows or Linux to quic
 
 * Install and run [Docker](https://www.docker.com/products/docker-desktop/).
 * Make sure you have an X11 server running :
-    * On Ubuntu Linux, it should be running by default.
-    * On macOS, install and launch [XQuartz](https://www.xquartz.org/) (make sure to go to XQuartz > Preferences > Security and check "Allow client connections").
-    * On Windows, install and launch [VcXsrv](https://sourceforge.net/projects/vcxsrv/) (make sure to configure it to disable access control).
+  * On Ubuntu Linux, it should be running by default.
+  * On macOS, install and launch [XQuartz](https://www.xquartz.org/) (make sure to go to XQuartz > Preferences > Security and check "Allow client connections").
+  * On Windows, install and launch [VcXsrv](https://sourceforge.net/projects/vcxsrv/) (make sure to configure it to disable access control).
 * Install [VScode](https://code.visualstudio.com/download) and add [Ledger's extension](https://marketplace.visualstudio.com/items?itemName=LedgerHQ.ledger-dev-tools).
 * Open a terminal and clone `app-boilerplate` with `git clone [email protected]:LedgerHQ/app-boilerplate.git`.
 * Open the `app-boilerplate` folder with VSCode.
 * Use Ledger extension's sidebar menu or open the tasks menu with `ctrl + shift + b` (`command + shift + b` on a Mac) to conveniently execute actions :
-    * Build the app for the device model of your choice with `Build`.
-    * Test your binary on [Speculos](https://github.com/LedgerHQ/speculos) with `Run with Speculos`.
-    * You can also run functional tests, load the app on a physical device, and more.
+  * Build the app for the device model of your choice with `Build`.
+  * Test your binary on [Speculos](https://github.com/LedgerHQ/speculos) with `Run with Speculos`.
+  * You can also run functional tests, load the app on a physical device, and more.
 
 :information_source: The terminal tab of VSCode will show you what commands the extension runs behind the scene.
 
@@ -193,24 +193,25 @@ the process outputs HTML and LaTeX documentations in `doc/html` and `doc/latex`
 
 The flow processed in [GitHub Actions](https://github.com/features/actions) is the following:
 
-- Ledger guidelines enforcer which verifies that an app is compliant with Ledger guidelines. The successful completion of this reusable workflow is a mandatory step for an app to be available on the Ledger application store. More information on the guidelines can be found in the repository [ledger-app-workflow](https://github.com/LedgerHQ/ledger-app-workflows)
-- Code formatting with [clang-format](http://clang.llvm.org/docs/ClangFormat.html)
-- Compilation of the application for all Ledger hardware in [ledger-app-builder](https://github.com/LedgerHQ/ledger-app-builder)
-- Unit tests of C functions with [cmocka](https://cmocka.org/) (see [unit-tests/](unit-tests/))
-- End-to-end tests with [Speculos](https://github.com/LedgerHQ/speculos) emulator and [ragger](https://github.com/LedgerHQ/ragger) (see [tests/](tests/))
-- Code coverage with [gcov](https://gcc.gnu.org/onlinedocs/gcc/Gcov.html)/[lcov](http://ltp.sourceforge.net/coverage/lcov.php) and upload to [codecov.io](https://about.codecov.io)
-- Documentation generation with [doxygen](https://www.doxygen.nl)
+* Ledger guidelines enforcer which verifies that an app is compliant with Ledger guidelines. The successful completion of this reusable workflow is a mandatory step for an app to be available on the Ledger application store. More information on the guidelines can be found in the repository [ledger-app-workflow](https://github.com/LedgerHQ/ledger-app-workflows)
+* Code formatting with [clang-format](http://clang.llvm.org/docs/ClangFormat.html)
+* Compilation of the application for all Ledger hardware in [ledger-app-builder](https://github.com/LedgerHQ/ledger-app-builder)
+* Unit tests of C functions with [cmocka](https://cmocka.org/) (see [unit-tests/](unit-tests/))
+* End-to-end tests with [Speculos](https://github.com/LedgerHQ/speculos) emulator and [ragger](https://github.com/LedgerHQ/ragger) (see [tests/](tests/))
+* Code coverage with [gcov](https://gcc.gnu.org/onlinedocs/gcc/Gcov.html)/[lcov](http://ltp.sourceforge.net/coverage/lcov.php) and upload to [codecov.io](https://about.codecov.io)
+* Documentation generation with [doxygen](https://www.doxygen.nl)
 
 It outputs 3 artifacts:
-- `compiled_app_binaries` within binary files of the build process for each device
-- `code-coverage` within HTML details of code coverage
-- `documentation` within HTML auto-generated documentation
+
+* `compiled_app_binaries` within binary files of the build process for each device
+* `code-coverage` within HTML details of code coverage
+* `documentation` within HTML auto-generated documentation
 
 ## Are you developing an application for Ledger devices?
 
 If so, This boilerplate will help you get started.
 
 For a smooth and quick integration:
 
-- See the developers’ documentation on the [Developer Portal](https://developers.ledger.com/), and
-- [Go on Discord](https://developers.ledger.com/discord-pro/) to chat with developer support and the developer community.
+* See the developers’ documentation on the [Developer Portal](https://developers.ledger.com/), and
+* [Go on Discord](https://developers.ledger.com/discord-pro/) to chat with developer support and the developer community.

unit-tests/README.md

@@ -15,21 +15,21 @@ and for code coverage generation:
 
 In `unit-tests` folder, compile with
 
-```
+```shell
 cmake -Bbuild -H. && make -C build
 ```
 
 and run tests with
 
-```
+```shell
 CTEST_OUTPUT_ON_FAILURE=1 make -C build test
 ```
 
 ## Generate code coverage
 
 Just execute in `unit-tests` folder
 
-```
+```shell
 ./gen_coverage.sh
 ```