LedgerHQ · lpascal-ledger · Sep 21, 2022 · Aug 21, 2022 · Aug 21, 2022 · Aug 22, 2022
diff --git a/.clang-format b/.clang-format
@@ -12,7 +12,6 @@ SortIncludes: false
 SpaceAfterCStyleCast: true
 AllowShortCaseLabelsOnASingleLine: false
 AllowAllArgumentsOnNextLine: false
-AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: Never
 AllowShortFunctionsOnASingleLine: None
 BinPackArguments: false

diff --git a/.clusterfuzzlite/build.sh b/.clusterfuzzlite/build.sh
@@ -3,7 +3,7 @@
 # build fuzzers
 
 pushd fuzz
-./build.sh
-mv ./cmake-build-fuzz/fuzz_tx $OUT/app-stellar-fuzz-tx
-popd
-
+cmake -DCMAKE_C_COMPILER=clang -Bbuild -H.
+make -C build
+mv ./build/fuzz_tx $OUT/app-stellar-fuzz-tx
+popd
diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile
@@ -0,0 +1,7 @@
+# We provide a pre-built image to save you time, but if you want to build it yourself,
+# you can copy https://github.com/overcat/ledger-devcontainer/blob/main/Dockerfile to the current
+# folder to overwrite this file.
+#
+# More information: https://github.com/overcat/ledger-devcontainer
+
+FROM ghcr.io/overcat/ledger-devcontainer:latest
diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json
@@ -0,0 +1,66 @@
+// For format details, see https://aka.ms/vscode-remote/devcontainer.json or the definition README at
+// https://github.com/microsoft/vscode-dev-containers/tree/master/containers/ubuntu-18.04-git
+{
+  "name": "Ledger Dev",
+  "dockerFile": "Dockerfile",
+  "build": {
+    "args": {}
+  },
+  // https://code.visualstudio.com/remote/advancedcontainers/environment-variables
+  // BOLOS_SDK can be one of NANOS_SDK, NANOX_SDK and NANOSPLUS_SDK
+  "remoteEnv": {
+    "BOLOS_SDK": "${containerEnv:NANOS_SDK}",
+    "MNEMONIC": "other base behind follow wet put glad muscle unlock sell income october", // "${localEnv:MNEMONIC}"
+    "CTEST_OUTPUT_ON_FAILURE": "1",
+    "PIP_INDEX_URL": "https://mirrors.ustc.edu.cn/pypi/web/simple"
+  },
+  // The optional 'runArgs' property can be used to specify additional runtime arguments.
+  "runArgs": [
+    // Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust.
+    "--cap-add=SYS_PTRACE",
+    "--security-opt",
+    "seccomp=unconfined"
+  ],
+  // Use 'settings' to set *default* container specific settings.json values on container create.
+  // You can edit these settings after create using File > Preferences > Settings > Remote.
+  "settings": {
+    "terminal.integrated.profiles.linux": {
+      "bash": {
+        "path": "/bin/bash"
+      },
+      "fish": {
+        "path": "/bin/fish"
+      }
+    },
+    "terminal.integrated.defaultProfile.linux": "fish"
+  },
+  // Use 'forwardPorts' to make a list of ports inside the container available locally.
+  // "forwardPorts": [3000],
+  // Use 'portsAttributes' to set default properties for specific forwarded ports. More info: https://code.visualstudio.com/docs/remote/devcontainerjson-reference.
+  "portsAttributes": {
+    "5000": {
+      "label": "Speculos Restful API",
+      "onAutoForward": "notify"
+    },
+    "9999": {
+      "label": "Speculos APDU Server TCP port",
+      "onAutoForward": "silent"
+    },
+  },
+  // Use 'otherPortsAttributes' to configure any ports that aren't configured using 'portsAttributes'.
+  "otherPortsAttributes": {
+    "onAutoForward": "silent"
+  },
+  // Uncomment the next line to run commands after the container is created.
+  // "postCreateCommand": "",
+  // Add the IDs of extensions you want installed when the container is created in the array below.
+  "extensions": [
+    "ms-vscode.cpptools-extension-pack",
+    "spmeesseman.vscode-taskexplorer",
+    "webfreak.debug"
+  ],
+  // Comment out to connect as root instead. More info: https://aka.ms/vscode-remote/containers/non-root.
+  // On Linux, this will prevent new files getting created as root, but you may need to update the USER_UID
+  // and USER_GID in .devcontainer/Dockerfile to match your user if not 1000.
+  "remoteUser": "ledgerdev"
+}
diff --git a/.github/workflows/cflite_batch.yml b/.github/workflows/cflite_batch.yml
@@ -30,4 +30,3 @@ jobs:
         #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git
         #storage-repo-branch: main   # Optional. Defaults to "main"
         #storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
-
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
@@ -42,4 +42,3 @@ jobs:
         #storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git
         #storage-repo-branch: main   # Optional. Defaults to "main"
         #storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
-
diff --git a/.github/workflows/ci-workflow.yml b/.github/workflows/ci-workflow.yml
@@ -4,84 +4,51 @@ on:
   workflow_dispatch:
   push:
     branches:
-    - master
     - develop
   pull_request:
     branches:
-    - master
     - develop
 
 jobs:
-  nanos_build_debug:
-    name: Build NanoS debug
+  build_debug_app:
+    name: Build debug app
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        device:
+        - path: $NANOS_SDK
+          name: nanos
+        - path: $NANOX_SDK
+          name: nanox
+        - path: $NANOSP_SDK
+          name: nanosp
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
     steps:
       - name: Clone
         uses: actions/checkout@v2
-      - name: Install dependancies
-        run: |
-          apt-get install libbsd-dev
-      - name: Build Stellar
-        run: |
-          make clean
-          make DEBUG=1
-      - name: Upload app binary
-        uses: actions/upload-artifact@v2
-        with:
-          name: stellar-nanos-debug
-          path: bin
 
-  nanox_build_debug:
-    name: Build NanoX debug
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
-    steps:
-      - name: Clone
-        uses: actions/checkout@v2
-      - name: Install dependancies
-        run: |
-          apt-get install libbsd-dev
-      - name: Build Stellar
+      - name: Build for ${{ matrix.device.name }}
         run: |
-          make clean
-          make DEBUG=1 BOLOS_SDK=$NANOX_SDK
-      - name: Upload app binary
-        uses: actions/upload-artifact@v2
-        with:
-          name: stellar-nanox-debug
-          path: bin
+          make BOLOS_SDK=${{ matrix.device.path }} DEBUG=1
 
-  nanosp_build_debug:
-    name: Build NanoS+ debug
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
-    steps:
-      - name: Clone
-        uses: actions/checkout@v2
-      - name: Install dependancies
-        run: |
-          apt-get install libbsd-dev
-      - name: Build Stellar
-        run: |
-          make clean
-          make DEBUG=1 BOLOS_SDK=$NANOSP_SDK
       - name: Upload app binary
         uses: actions/upload-artifact@v2
         with:
-          name: stellar-nanosp-debug
+          name: stellar-app-${{ matrix.device.name }}-debug
           path: bin
 
-  job_scan_build:
+  scan_build:
     name: Clang Static Analyzer
     runs-on: ubuntu-latest
+    needs: build_debug_app
+
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
+
     steps:
       - uses: actions/checkout@v2
+
       - name: Build with Clang Static Analyzer
         run: |
           make clean
@@ -92,79 +59,90 @@ jobs:
           name: scan-build
           path: scan-build
 
-  job_coverity_scan:
-    name: Coverity Scan
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-scanner:latest
-    steps:
-      - uses: actions/checkout@v2
-      - name: Build with cov-build
-        run: |
-          make clean
-          cov-build --dir cov-int make default
-      - name: Submit the result to Coverity Scan
-        run: |
-          tar czvf cov-int.tar.gz cov-int
-          curl \
-            --form token=$TOKEN \
-            --form email=$EMAIL \
-            --form file=@cov-int.tar.gz \
-            --form version=master \
-            --form description="Stellar app" \
-            https://scan.coverity.com/builds?project=LedgerHQ%2Fapp-stellar
-        env:
-          EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
-          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
-
-  job_unit_test:
-    name: Unit tests
+  unit_tests:
+    name: Unit test
     runs-on: ubuntu-latest
+
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
+
     steps:
       - name: Clone
         uses: actions/checkout@v2
-      - name: Install dependancies
-        run: |
-          apt-get update -y
-          apt-get install libssl-dev libbsd-dev -y
+
+      - name: Install node
+        uses: actions/setup-node@v2
+        with:
+          node-version: "16"
+
       - name: Build unit tests
         run: |
-          cmake -Btests/build -Htests/ && make -C tests/build/ && make -C tests/build test
+          make tests-unit
 
-  job_test:
-    name: Functional tests
-    needs: nanos_build_debug
+      - name: Generate code coverage
+        run: |
+          cd tests_unit/
+          lcov --directory . -b "$(realpath build/)" --capture --initial -o coverage.base && \
+          lcov --rc lcov_branch_coverage=1 --directory . -b "$(realpath build/)" --capture -o coverage.capture && \
+          lcov --directory . -b "$(realpath build/)" --add-tracefile coverage.base --add-tracefile coverage.capture -o coverage.info && \
+          lcov --directory . -b "$(realpath build/)" --remove coverage.info '*/tests_unit/*' -o coverage.info && \
+          genhtml coverage.info -o coverage
+
+      - uses: actions/upload-artifact@v2
+        with:
+          name: code-coverage
+          path: tests_unit/coverage
+
+      - name: Upload to codecov.io
+        uses: codecov/codecov-action@v2
+        with:
+          files: ./tests_unit/coverage.info
+          flags: unittests
+          name: codecov-app-stellar
+          fail_ci_if_error: true
+          verbose: true
+
+  e2e_tests:
+    name: e2e tests
+    strategy:
+      matrix:
+        device: ["nanos", "nanox", "nanosp"]
+      fail-fast: false
+    needs: 
+      - build_debug_app
+      - unit_tests
     runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/ledgerhq/speculos:latest
-      ports:
-        - 1234:1234
-        - 9999:9999
-        - 40000:40000
-        - 41000:41000
-        - 42000:42000
-        - 43000:43000
-      options: --entrypoint /bin/bash
     steps:
-      - name: Clone
+      - name: Checkout
         uses: actions/checkout@v2
-      - name: Install dependancies
-        run: |
-          apt-get update && apt-get install build-essential -y libudev-dev libusb-1.0-0-dev libfox-1.6-dev
-      - name: Download app binary
+
+      - name: Install node
+        uses: actions/setup-node@v2
+        with:
+          node-version: "16"
+
+      - name: Build common js
+        run: cd tests_common_js && npm install && npm run build
+
+      - name: Build/Install build js deps
+        run: cd tests_zemu && npm install
+
+      - name: Download app binaries
         uses: actions/download-artifact@v2
         with:
-          name: stellar-nanos-debug
-          path: bin
-      - name: Run test
+          name: stellar-app-${{ matrix.device }}-debug
+          path: stellar-app-${{ matrix.device }}-debug
+
+      - name: Gather elf
         run: |
-          nohup bash -c "python /speculos/speculos.py bin/app.elf --log-level automation:DEBUG --automation file:tests/automation.json --display headless" > speculos.log 2<&1 &
-          sleep 4
-          cd tests && pip install -r requirements.txt && LEDGER_PROXY_ADDRESS=127.0.0.1 LEDGER_PROXY_PORT=9999 pytest -v -s
-      - name: Upload Speculos log
+          cp ./stellar-app-${{ matrix.device }}-debug/app.elf ./tests_zemu/elfs/stellar_${{ matrix.device }}.elf
+
+      - name: Run zemu tests
+        run: cd tests_zemu && npm run test -- -t "\(${{ matrix.device }}\)"
+
+      - name: Upload snapshots
+        if: always()
         uses: actions/upload-artifact@v2
         with:
-          name: speculos-log
-          path: speculos.log
+          name: zemu-snapshots
+          path: tests_zemu/snapshots-tmp/
diff --git a/.github/workflows/lint-workflow.yml b/.github/workflows/lint-workflow.yml
@@ -1,9 +1,16 @@
 name: Code style check
 
-on: [push, pull_request]
+on:
+  workflow_dispatch:
+  push:
+    branches:
+    - develop
+  pull_request:
+    branches:
+    - develop
 
 jobs:
-  job_lint:
+  lint:
     name: Lint
     runs-on: ubuntu-latest
 
@@ -12,8 +19,8 @@ jobs:
         uses: actions/checkout@v2
 
       - name: Lint
-        uses: DoozyX/clang-format-lint-action@v0.11
+        uses: DoozyX/clang-format-lint-action@v0.13
         with:
-          source: "./"
-          extensions: "h,c"
-          clangFormatVersion: 10
+          source: 'src tests_unit'
+          extensions: 'h,c'
+          clangFormatVersion: 12
Original file line number	Diff line number	Diff line change
Expand Up		@@ -30,4 +30,3 @@ jobs:
		#storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git
		#storage-repo-branch: main # Optional. Defaults to "main"
		#storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".
Original file line number	Diff line number	Diff line change
Expand Up		@@ -42,4 +42,3 @@ jobs:
		#storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/LedgerHQ/fuzzers-corpus.git
		#storage-repo-branch: main # Optional. Defaults to "main"
		#storage-repo-branch-coverage: gh-pages # Optional. Defaults to "gh-pages".