Port and adapt workflows from boilerplate template

- No Stax support for now
- Handle submdules
- Update codespell version, and exclude few files
- Check if unit-tests directory exists before execution

.github/workflows/build_and_functional_tests.yml

@@ -0,0 +1,35 @@
+name: Build and run functional tests using ragger through reusable workflow
+
+# This workflow will build the app and then run functional tests using the Ragger framework upon Speculos emulation.
+# It calls a reusable workflow developed by Ledger's internal developer team to build the application and upload the
+# resulting binaries.
+# It then calls another reusable workflow to run the Ragger tests on the compiled application binary.
+#
+# While this workflow is optional, having functional testing on your application is mandatory and this workflow and
+# tooling environment is meant to be easy to use and adapt after forking your application
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  build_application:
+    name: Build application using the reusable workflow
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
+    with:
+      upload_app_binaries_artifact: "compiled_app_binaries"
+      run_for_devices: '["nanos", "nanox", "nanosp"]'
+
+  ragger_tests:
+    name: Run ragger tests using the reusable workflow
+    needs: build_application
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_ragger_tests.yml@v1
+    with:
+      download_app_binaries_artifact: "compiled_app_binaries"
+      test_dir: tests
+      run_for_devices: '["nanos", "nanox", "nanosp"]'

.github/workflows/codeql_checks.yml

@@ -0,0 +1,46 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+    # Excluded path: add the paths you want to ignore instead of deleting the workflow
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - 'tests/*'
+
+jobs:
+  analyse:
+    name: Analyse
+    strategy:
+      matrix:
+        sdk: [ "$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK" ]
+        #'cpp' covers C and C++
+        language: [ 'cpp' ]
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      # CodeQL will create the database during the compilation
+      - name: Build
+        run: |
+          make BOLOS_SDK=${{ matrix.sdk }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/coding_style_checks.yml

@@ -0,0 +1,25 @@
+name: Run coding style check through reusable workflow
+
+# This workflow will run linting checks to ensure a level of uniformization among all Ledger applications.
+#
+# The presence of this workflow is mandatory as a minimal level of linting is required.
+# You are however free to modify the content of the .clang-format file and thus the coding style of your application.
+# We simply ask you to not diverge too much from the linting of the Boilerplate application.
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  check_linting:
+    name: Check linting using the reusable workflow
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_lint.yml@v1
+    with:
+      source: './src'
+      extensions: 'h,c'
+      version: 11

.github/workflows/documentation_generation.yml

@@ -0,0 +1,31 @@
+name: Generate project documentation
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  job_generate_doc:
+    name: Generate project documentation
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: HTML documentation
+        run: doxygen .doxygen/Doxyfile
+
+      - uses: actions/upload-artifact@v3
+        with:
+          name: documentation
+          path: doc/html

.github/workflows/guidelines_enforcer.yml

@@ -0,0 +1,25 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
+    with:
+      run_for_devices: '["nanos", "nanox", "nanosp"]'

.github/workflows/misspellings_checks.yml

@@ -0,0 +1,29 @@
+name: Misspellings checks
+
+# This workflow performs some misspelling checks on the repository
+# It is there to help us maintain a level of quality in our codebase and does not have to be kept on forked
+# applications.
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  misspell:
+    name: Check misspellings
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+
+    - name: Check misspellings
+      uses: codespell-project/actions-codespell@v2
+      with:
+        builtin: clear,rare
+        check_filenames: true
+        skip: ./js/yarn.lock,./js/package-lock.json,./tests/testvectors/*,./tests/generate-transaction-tests/*,./deps/jsmn/test/tests.c,./deps/PicoSHA2/test/test.cpp

.github/workflows/python_client_checks.yml

@@ -0,0 +1,44 @@
+name: Checks on the Python client
+
+# This workflow performs some checks on the Python client used by the tests
+# It is there to help us maintain a level of quality in our codebase and does not have to be kept on forked
+# applications.
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+
+  lint:
+    name: Client linting
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+    - name: Installing PIP dependencies
+      run: |
+        pip install pylint
+        pip install --extra-index-url https://test.pypi.org/simple/ -r tests/requirements.txt
+    - name: Lint Python code
+      run: |
+        pylint --rc tests/setup.cfg tests/application_client/
+
+  mypy:
+    name: Type checking
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+    - name: Installing PIP dependencies
+      run: |
+        pip install mypy
+        pip install --extra-index-url https://test.pypi.org/simple/ -r tests/requirements.txt
+    - name: Mypy type checking
+      run: |
+        mypy tests/application_client/

.github/workflows/unit_tests.yml

@@ -0,0 +1,71 @@
+name: Unit testing with Codecov coverage checking
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  job_unit_test:
+    name: Unit test
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+
+      - name: Check directory
+        run: |
+          if [ -d unit-tests ]; then
+              echo "DIR_OK=true" >> "$GITHUB_ENV"
+          else
+              echo "DIR_OK=false" >> "$GITHUB_ENV"
+              echo "::error::Missing unit-tests directory!"
+          fi
+
+      - name: Clone SDK
+        if: ${{ env.DIR_OK == 'true' }}
+        uses: actions/checkout@v3
+        with:
+          repository: ledgerHQ/ledger-secure-sdk
+          path: sdk
+
+      - name: Build unit tests
+        if: ${{ env.DIR_OK == 'true' }}
+        run: |
+          cd unit-tests/
+          export BOLOS_SDK=../sdk
+          cmake -Bbuild -H. && make -C build && make -C build test
+
+      - name: Generate code coverage
+        if: ${{ env.DIR_OK == 'true' }}
+        run: |
+          cd unit-tests/
+          lcov --directory . -b "$(realpath build/)" --capture --initial -o coverage.base && \
+          lcov --rc lcov_branch_coverage=1 --directory . -b "$(realpath build/)" --capture -o coverage.capture && \
+          lcov --directory . -b "$(realpath build/)" --add-tracefile coverage.base --add-tracefile coverage.capture -o coverage.info && \
+          lcov --directory . -b "$(realpath build/)" --remove coverage.info '*/unit-tests/*' -o coverage.info && \
+          genhtml coverage.info -o coverage
+
+      - uses: actions/upload-artifact@v3
+        if: ${{ env.DIR_OK == 'true' }}
+        with:
+          name: code-coverage
+          path: unit-tests/coverage
+
+      - name: Upload to codecov.io
+        if: ${{ env.DIR_OK == 'true' }}
+        uses: codecov/codecov-action@v3
+        with:
+          token: ${{ secrets.CODECOV_TOKEN }}
+          files: ./unit-tests/coverage.info
+          flags: unittests
+          name: codecov-app-flow
+          fail_ci_if_error: true
+          verbose: true