diff --git a/.github/workflows/cflite_cron.yml b/.github/workflows/cflite_cron.yml index 44ac10c25..17c1e65a2 100644 --- a/.github/workflows/cflite_cron.yml +++ b/.github/workflows/cflite_cron.yml @@ -23,19 +23,18 @@ jobs: - mode: coverage sanitizer: coverage steps: - - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) - id: build - uses: google/clusterfuzzlite/actions/build_fuzzers@v1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - language: c # Change this to the language you are fuzzing. - sanitizer: ${{ matrix.sanitizer }} - - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) - id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - fuzz-seconds: 300 # 5 minutes - mode: ${{ matrix.mode }} - sanitizer: ${{ matrix.sanitizer }} - \ No newline at end of file + - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + language: c # Change this to the language you are fuzzing. + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 300 # 5 minutes + mode: ${{ matrix.mode }} + sanitizer: ${{ matrix.sanitizer }} diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml index f70175e17..09f91dafe 100644 --- a/.github/workflows/cflite_pr.yml +++ b/.github/workflows/cflite_pr.yml @@ -13,31 +13,31 @@ jobs: strategy: fail-fast: false matrix: - sanitizer: [address, undefined, memory] # Override this with the sanitizers you want. + sanitizer: [address, undefined, memory] # Override this with the sanitizers you want. steps: - - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build - uses: google/clusterfuzzlite/actions/build_fuzzers@v1 - with: - language: c # Change this to the language you are fuzzing. - github-token: ${{ secrets.GITHUB_TOKEN }} - sanitizer: ${{ matrix.sanitizer }} - # Optional but recommended: used to only run fuzzers that are affected - # by the PR. - # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git - # storage-repo-branch: main # Optional. Defaults to "main" - # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". - - name: Run Fuzzers (${{ matrix.sanitizer }}) - id: run - uses: google/clusterfuzzlite/actions/run_fuzzers@v1 - with: - github-token: ${{ secrets.GITHUB_TOKEN }} - fuzz-seconds: 300 # 5 minutes - mode: 'code-change' - sanitizer: ${{ matrix.sanitizer }} - output-sarif: true - # Optional but recommended: used to download the corpus produced by - # batch fuzzing. - # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git - # storage-repo-branch: main # Optional. Defaults to "main" - # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". \ No newline at end of file + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/clusterfuzzlite/actions/build_fuzzers@v1 + with: + language: c # Change this to the language you are fuzzing. + github-token: ${{ secrets.GITHUB_TOKEN }} + sanitizer: ${{ matrix.sanitizer }} + # Optional but recommended: used to only run fuzzers that are affected + # by the PR. + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". + - name: Run Fuzzers (${{ matrix.sanitizer }}) + id: run + uses: google/clusterfuzzlite/actions/run_fuzzers@v1 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + fuzz-seconds: 300 # 5 minutes + mode: 'code-change' + sanitizer: ${{ matrix.sanitizer }} + output-sarif: true + # Optional but recommended: used to download the corpus produced by + # batch fuzzing. + # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git + # storage-repo-branch: main # Optional. Defaults to "main" + # storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages". diff --git a/.github/workflows/codeql_checks.yml b/.github/workflows/codeql_checks.yml index 73c3f438b..cc2aae4eb 100644 --- a/.github/workflows/codeql_checks.yml +++ b/.github/workflows/codeql_checks.yml @@ -17,20 +17,21 @@ jobs: analyse: name: Analyse strategy: + fail-fast: false matrix: sdk: ["$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"] - #'cpp' covers C and C++ - language: [ 'cpp' ] + # 'cpp' covers C and C++ + language: ['cpp'] runs-on: ubuntu-latest container: image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest steps: - name: Clone - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@v3 with: languages: ${{ matrix.language }} queries: security-and-quality @@ -41,4 +42,4 @@ jobs: make BOLOS_SDK=${{ matrix.sdk }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@v3 diff --git a/.github/workflows/documentation_generation.yml b/.github/workflows/documentation_generation.yml index 1d00c2e94..31b1efb2f 100644 --- a/.github/workflows/documentation_generation.yml +++ b/.github/workflows/documentation_generation.yml @@ -18,12 +18,12 @@ jobs: steps: - name: Clone - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: HTML documentation run: doxygen .doxygen/Doxyfile - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: documentation path: doc/html diff --git a/.github/workflows/misspellings_checks.yml b/.github/workflows/misspellings_checks.yml index 0333481f9..f38799e6c 100644 --- a/.github/workflows/misspellings_checks.yml +++ b/.github/workflows/misspellings_checks.yml @@ -18,11 +18,11 @@ jobs: name: Check misspellings runs-on: ubuntu-latest steps: - - name: Clone - uses: actions/checkout@v3 + - name: Clone + uses: actions/checkout@v4 - - name: Check misspellings - uses: codespell-project/actions-codespell@v1 - with: - builtin: clear,rare - check_filenames: true + - name: Check misspellings + uses: codespell-project/actions-codespell@v2 + with: + builtin: clear,rare + check_filenames: true diff --git a/.github/workflows/python_client_checks.yml b/.github/workflows/python_client_checks.yml index 3d8ed52f0..9f7bf4882 100644 --- a/.github/workflows/python_client_checks.yml +++ b/.github/workflows/python_client_checks.yml @@ -14,31 +14,22 @@ on: pull_request: jobs: - lint: name: Boilerplate client linting runs-on: ubuntu-latest steps: - - name: Clone - uses: actions/checkout@v3 - - name: Installing PIP dependencies - run: | - pip install pylint - pip install -r tests/requirements.txt - - name: Lint Python code - run: | - pylint --rc tests/setup.cfg tests/application_client/ + - name: Clone + uses: actions/checkout@v4 + - run: pip install pylint + - name: Lint Python code + run: pylint --rc tests/setup.cfg tests/application_client/ mypy: name: Type checking runs-on: ubuntu-latest steps: - - name: Clone - uses: actions/checkout@v3 - - name: Installing PIP dependencies - run: | - pip install mypy - pip install -r tests/requirements.txt - - name: Mypy type checking - run: | - mypy tests/application_client/ + - name: Clone + uses: actions/checkout@v4 + - run: pip install mypy + - name: Mypy type checking + run: mypy tests/application_client/ diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 3c3677047..a895458e6 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -18,10 +18,10 @@ jobs: steps: - name: Clone - uses: actions/checkout@v3 + uses: actions/checkout@v4 - name: Clone SDK - uses: actions/checkout@v3 + uses: actions/checkout@v4 with: repository: ledgerHQ/ledger-secure-sdk path: sdk @@ -41,7 +41,7 @@ jobs: lcov --directory . -b "$(realpath build/)" --remove coverage.info '*/unit-tests/*' -o coverage.info && \ genhtml coverage.info -o coverage - - uses: actions/upload-artifact@v3 + - uses: actions/upload-artifact@v4 with: name: code-coverage path: unit-tests/coverage diff --git a/README.md b/README.md index 3ea826c1a..a615d1311 100644 --- a/README.md +++ b/README.md @@ -14,16 +14,16 @@ It will allow you, whether you are developing on macOS, Windows or Linux to quic * Install and run [Docker](https://www.docker.com/products/docker-desktop/). * Make sure you have an X11 server running : - * On Ubuntu Linux, it should be running by default. - * On macOS, install and launch [XQuartz](https://www.xquartz.org/) (make sure to go to XQuartz > Preferences > Security and check "Allow client connections"). - * On Windows, install and launch [VcXsrv](https://sourceforge.net/projects/vcxsrv/) (make sure to configure it to disable access control). + * On Ubuntu Linux, it should be running by default. + * On macOS, install and launch [XQuartz](https://www.xquartz.org/) (make sure to go to XQuartz > Preferences > Security and check "Allow client connections"). + * On Windows, install and launch [VcXsrv](https://sourceforge.net/projects/vcxsrv/) (make sure to configure it to disable access control). * Install [VScode](https://code.visualstudio.com/download) and add [Ledger's extension](https://marketplace.visualstudio.com/items?itemName=LedgerHQ.ledger-dev-tools). * Open a terminal and clone `app-boilerplate` with `git clone git@github.com:LedgerHQ/app-boilerplate.git`. * Open the `app-boilerplate` folder with VSCode. * Use Ledger extension's sidebar menu or open the tasks menu with `ctrl + shift + b` (`command + shift + b` on a Mac) to conveniently execute actions : - * Build the app for the device model of your choice with `Build`. - * Test your binary on [Speculos](https://github.com/LedgerHQ/speculos) with `Run with Speculos`. - * You can also run functional tests, load the app on a physical device, and more. + * Build the app for the device model of your choice with `Build`. + * Test your binary on [Speculos](https://github.com/LedgerHQ/speculos) with `Run with Speculos`. + * You can also run functional tests, load the app on a physical device, and more. :information_source: The terminal tab of VSCode will show you what commands the extension runs behind the scene. @@ -193,18 +193,19 @@ the process outputs HTML and LaTeX documentations in `doc/html` and `doc/latex` The flow processed in [GitHub Actions](https://github.com/features/actions) is the following: -- Ledger guidelines enforcer which verifies that an app is compliant with Ledger guidelines. The successful completion of this reusable workflow is a mandatory step for an app to be available on the Ledger application store. More information on the guidelines can be found in the repository [ledger-app-workflow](https://github.com/LedgerHQ/ledger-app-workflows) -- Code formatting with [clang-format](http://clang.llvm.org/docs/ClangFormat.html) -- Compilation of the application for all Ledger hardware in [ledger-app-builder](https://github.com/LedgerHQ/ledger-app-builder) -- Unit tests of C functions with [cmocka](https://cmocka.org/) (see [unit-tests/](unit-tests/)) -- End-to-end tests with [Speculos](https://github.com/LedgerHQ/speculos) emulator and [ragger](https://github.com/LedgerHQ/ragger) (see [tests/](tests/)) -- Code coverage with [gcov](https://gcc.gnu.org/onlinedocs/gcc/Gcov.html)/[lcov](http://ltp.sourceforge.net/coverage/lcov.php) and upload to [codecov.io](https://about.codecov.io) -- Documentation generation with [doxygen](https://www.doxygen.nl) +* Ledger guidelines enforcer which verifies that an app is compliant with Ledger guidelines. The successful completion of this reusable workflow is a mandatory step for an app to be available on the Ledger application store. More information on the guidelines can be found in the repository [ledger-app-workflow](https://github.com/LedgerHQ/ledger-app-workflows) +* Code formatting with [clang-format](http://clang.llvm.org/docs/ClangFormat.html) +* Compilation of the application for all Ledger hardware in [ledger-app-builder](https://github.com/LedgerHQ/ledger-app-builder) +* Unit tests of C functions with [cmocka](https://cmocka.org/) (see [unit-tests/](unit-tests/)) +* End-to-end tests with [Speculos](https://github.com/LedgerHQ/speculos) emulator and [ragger](https://github.com/LedgerHQ/ragger) (see [tests/](tests/)) +* Code coverage with [gcov](https://gcc.gnu.org/onlinedocs/gcc/Gcov.html)/[lcov](http://ltp.sourceforge.net/coverage/lcov.php) and upload to [codecov.io](https://about.codecov.io) +* Documentation generation with [doxygen](https://www.doxygen.nl) It outputs 3 artifacts: -- `compiled_app_binaries` within binary files of the build process for each device -- `code-coverage` within HTML details of code coverage -- `documentation` within HTML auto-generated documentation + +* `compiled_app_binaries` within binary files of the build process for each device +* `code-coverage` within HTML details of code coverage +* `documentation` within HTML auto-generated documentation ## Are you developing an application for Ledger devices? @@ -212,5 +213,5 @@ If so, This boilerplate will help you get started. For a smooth and quick integration: -- See the developers’ documentation on the [Developer Portal](https://developers.ledger.com/), and -- [Go on Discord](https://developers.ledger.com/discord-pro/) to chat with developer support and the developer community. +* See the developers’ documentation on the [Developer Portal](https://developers.ledger.com/), and +* [Go on Discord](https://developers.ledger.com/discord-pro/) to chat with developer support and the developer community. diff --git a/unit-tests/README.md b/unit-tests/README.md index f41d4dd25..04e186fe0 100644 --- a/unit-tests/README.md +++ b/unit-tests/README.md @@ -15,13 +15,13 @@ and for code coverage generation: In `unit-tests` folder, compile with -``` +```shell cmake -Bbuild -H. && make -C build ``` and run tests with -``` +```shell CTEST_OUTPUT_ON_FAILURE=1 make -C build test ``` @@ -29,7 +29,7 @@ CTEST_OUTPUT_ON_FAILURE=1 make -C build test Just execute in `unit-tests` folder -``` +```shell ./gen_coverage.sh ```