add stax device

.github/workflows/codeql.yml

@@ -0,0 +1,37 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+jobs:
+  analyse:
+    name: Analyse
+    strategy:
+      matrix:
+        sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK"]
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v3
+        with:
+          submodules: recursive
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+          queries: security-and-quality
+
+      - name: Build
+        run: |
+          make -j BOLOS_SDK=${{ matrix.sdk }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/guidelines_enforcer.yml

@@ -0,0 +1,25 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
+    with:
+      relative_app_directory: app

.github/workflows/main.yml

@@ -27,19 +27,16 @@ jobs:
         run: |
           sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10
           make deps
-      - run: cmake -DCMAKE_BUILD_TYPE=Debug . && make
-      - run: GTEST_COLOR=1 ASAN_OPTIONS=detect_leaks=0 ctest -VV
+      - run: make cpp_test
 
   build_ledger_nano_S:
     needs: configure
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
     env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      BOLOS_SDK: /opt/nanos-secure-sdk
     outputs:
       size: ${{steps.build.outputs.size}}
     steps:
@@ -51,7 +48,6 @@ jobs:
         id: build
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
           make
           echo "size=$(python3 deps/ledger-zxlib/scripts/getSize.py s)" >> $GITHUB_OUTPUT
 
@@ -69,43 +65,35 @@ jobs:
     needs: configure
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
     env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanox-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      BOLOS_SDK: /opt/nanox-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: true
       - name: Build Standard app
         shell: bash -l {0}
-        run: |
-          source $HOME/.cargo/env
-          make
+        run: make
 
   build_ledger_nano_SP:
     needs: configure
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
     env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanosplus-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      BOLOS_SDK: /opt/nanosplus-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: true
       - name: Build Standard app
         shell: bash -l {0}
-        run: |
-          source $HOME/.cargo/env
-          make
+        run: make
 
   test_zemu:
     runs-on: ubuntu-latest
@@ -115,27 +103,12 @@ jobs:
         with:
           submodules: true
       - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
-      - name: Install rust
-        run: |
-          sudo apt-get update
-          sudo apt-get install -y cmake binutils-dev libcurl4-openssl-dev libiberty-dev libelf-dev libdw-dev
-          curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- --no-modify-path --default-toolchain none -y;
       - name: Install node
         uses: actions/setup-node@v3
       - name: Install yarn
-        run: |
-          npm install -g yarn
-      - name: Build Ledger app
-        run: |
-          make
-      - name: Build/Install build js deps
-        run: |
-          export PATH=~/.cargo/bin:$PATH
-          make zemu_install
-      - name: Run zemu tests
-        run: |
-          export PATH=~/.cargo/bin:$PATH
-          make zemu_test
+        run: npm install -g yarn
+      - name: Build Ledger app and run tests
+        run: make test_all
 
   build_package_nanos:
     needs:
@@ -150,12 +123,10 @@ jobs:
     if: ${{ github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
-    env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanos-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      env:
+        BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -167,18 +138,13 @@ jobs:
       - name: Build NanoS
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
           make
           mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh
-
       - name: Set tag
         id: nanos
-        run: |
-          pip install ledgerblue
-          echo "tag_name=$(./app/pkg/installer_nanos.sh version)" >> $GITHUB_OUTPUT
-
-      - name: Create Release
-        id: create_release
+        run: echo "tag_name=$(./app/pkg/installer_nanos.sh version)" >> $GITHUB_OUTPUT
+      - name: Create or Update Release (1)
+        id: create_release_0
         uses: softprops/action-gh-release@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
@@ -201,12 +167,10 @@ jobs:
     if: ${{ github.ref == 'refs/heads/main' }}
     runs-on: ubuntu-latest
     container:
-      image: zondax/builder-bolos:latest
+      image: zondax/ledger-app-builder:latest
       options: --user ${{ needs.configure.outputs.uid_gid }}
-    env:
-      BOLOS_SDK: ${{ github.workspace }}/deps/nanosplus-secure-sdk
-      BOLOS_ENV: /opt/bolos
-      HOME: /home/zondax_circle
+      env:
+        BOLOS_SDK: /opt/nanosplus-secure-sdk
     steps:
       - name: Checkout
         uses: actions/checkout@v3
@@ -218,18 +182,13 @@ jobs:
       - name: Build NanoSP
         shell: bash -l {0}
         run: |
-          source $HOME/.cargo/env
           make
           mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh
-
       - name: Set tag
         id: nanosp
-        run: |
-          pip install ledgerblue
-          echo "tag_name=$(./app/pkg/installer_nanos_plus.sh version)" >> $GITHUB_OUTPUT
-
+        run: echo "tag_name=$(./app/pkg/installer_nanos_plus.sh version)" >> $GITHUB_OUTPUT
       - name: Update Release
-        id: update_release
+        id: update_release_2
         uses: softprops/action-gh-release@v1
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token

.github/workflows/publish.yaml

@@ -12,13 +12,12 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           submodules: true
       - name: Install node
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
-          node-version: '14.17.0'
           registry-url: "https://registry.npmjs.org"
           scope: "@zondax"
       - name: Install yarn
@@ -30,7 +29,9 @@ jobs:
           yarn build
       - name: Get latest release version number
         id: get_version
-        uses: battila7/get-version-action@v2
+        run: |
+          GITHUB_REF=${{ github.ref }}
+          echo "version=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
       - name: Show version
         run: echo ${{ steps.get_version.outputs.version }}
       - name: Clean latest release version number
@@ -50,4 +51,4 @@ jobs:
           cd js
           npm publish
         env:
-          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN_PUBLISH_AUTO }}
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN_PUBLISH_AUTO }}

.github/workflows/sonarcloud.yml

@@ -14,24 +14,26 @@ jobs:
     name: SonarQube analyze
     runs-on: ubuntu-latest
     container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder@sha256:877adc3ff619222aaf03a490d546ea9001f02faa0c6ac7c06c876c99584f9cdb
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
     env:
       SONAR_SCANNER_VERSION: 4.7.0.2747
       SONAR_SERVER_URL: "https://sonarcloud.io"
       BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
         with:
           submodules: true
-          fetch-depth: 0  # Shallow clones should be disabled for a better relevancy of analysis
+          fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
       - name: Set up JDK 11
-        uses: actions/setup-java@v1
+        uses: actions/setup-java@v3
         with:
           java-version: 11
+          distribution: zulu
       - name: Download and set up sonar-scanner
         env:
           SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
         run: |
+          export DEBIAN_FRONTEND=noninteractive
           apt-get update -y
           apt-get upgrade -y
           curl -sL https://deb.nodesource.com/setup_16.x | bash -

.gitignore

@@ -56,7 +56,6 @@ dkms.conf
 \cmake-build-debug
 \.idea/
 /tmp/
-/deps/nano2-sdk/
 
 # Created by cmake
 googletest-download/
@@ -77,8 +76,8 @@ cmake-build-fuzz/
 /app/debug/
 /app/obj/
 /build
+app/build
 
-\deps/*
 !\deps/nanos-secure-sdk
 !\deps/nanox-secure-sdk
 !\deps/ledger-zxlib

.gitmodules

@@ -9,10 +9,13 @@
 	url = https://github.com/nanopb/nanopb
 [submodule "deps/nanox-secure-sdk"]
 	path = deps/nanox-secure-sdk
-	url = https://github.com/LedgerHQ/nanox-secure-sdk.git
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
 [submodule "deps/nanosplus-secure-sdk"]
 	path = deps/nanosplus-secure-sdk
-	url = https://github.com/LedgerHQ/nanosplus-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
 [submodule "deps/ledger-zxlib"]
 	path = deps/ledger-zxlib
 	url = https://github.com/Zondax/ledger-zxlib
+[submodule "deps/stax-secure-sdk"]
+	path = deps/stax-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk.git