Fix HDPath validation in recovery app #106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| workflow_dispatch: | |
| push: | |
| pull_request: | |
| branches: | |
| - main | |
| - develop | |
| - master # for safety reasons | |
| - dev # for safety reasons | |
| jobs: | |
| configure: | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| outputs: | |
| uid_gid: ${{ steps.get-user.outputs.uid_gid }} | |
| steps: | |
| - id: get-user | |
| run: echo "uid_gid=$(id -u):$(id -g)" >> $GITHUB_OUTPUT | |
| build: | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y curl protobuf-compiler build-essential git wget unzip python3 python3-pip \ | |
| libssl-dev libffi-dev libreadline-dev zlib1g-dev libbz2-dev libsqlite3-dev libncurses5-dev \ | |
| libgdbm-dev libnss3-dev liblzma-dev libxml2-dev libxmlsec1-dev libffi-dev libyaml-dev | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install CMake 3.28 | |
| run: | | |
| wget https://github.com/Kitware/CMake/releases/download/v3.28.0/cmake-3.28.0-linux-x86_64.sh | |
| sudo mkdir /opt/cmake | |
| sudo sh cmake-3.28.0-linux-x86_64.sh --skip-license --prefix=/opt/cmake | |
| sudo ln -sf /opt/cmake/bin/cmake /usr/local/bin/cmake | |
| sudo ln -sf /opt/cmake/bin/ctest /usr/local/bin/ctest | |
| - name: Verify CMake version | |
| run: cmake --version | |
| - name: Install deps | |
| run: | | |
| sudo update-alternatives --install /usr/bin/python python /usr/bin/python3 10 | |
| make deps | |
| - name: Run CMake | |
| run: mkdir -p build && cd build && cmake -DCMAKE_BUILD_TYPE=Debug .. && make | |
| - run: make cpp_test | |
| build_only_rust: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install rust | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| - name: rustfmt | |
| run: | | |
| cd ./app/rust | |
| cargo fmt --version | |
| cargo fmt -- --check | |
| - name: clippy | |
| run: | | |
| cd ./app/rust | |
| cargo clippy --version | |
| cargo clippy --all-features --all-targets || true | |
| - name: run tests | |
| run: | | |
| cd ./app/rust | |
| cargo test | |
| build_ledger: | |
| needs: configure | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/nanos-secure-sdk | |
| outputs: | |
| size: ${{steps.build.outputs.size}} | |
| size_recovery: ${{steps.build_recovery.outputs.size_recovery}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Build Standard app | |
| id: build | |
| shell: bash -l {0} | |
| run: | | |
| SUBSTRATE_PARSER_FULL=1 make | |
| echo "size=$(python3 deps/ledger-zxlib/scripts/getSize.py s)" >> $GITHUB_OUTPUT | |
| - name: Build SR25519 app | |
| shell: bash -l {0} | |
| run: | | |
| SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 make | |
| - name: Build Recovery app | |
| id: build_recovery | |
| shell: bash -l {0} | |
| run: | | |
| SUBSTRATE_PARSER_FULL=1 COIN=AVAIL_RECOVERY make | |
| echo "size_recovery=$(python3 deps/ledger-zxlib/scripts/getSize.py s)" >> $GITHUB_OUTPUT | |
| - name: Build SR25519 Recovery app | |
| shell: bash -l {0} | |
| run: | | |
| SUBSTRATE_PARSER_FULL=1 SUPPORT_SR25519=1 COIN=AVAIL_RECOVERY make | |
| size_nano_s: | |
| needs: build_ledger | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| env: | |
| NANOS_LIMIT_SIZE: 136 | |
| steps: | |
| - run: | | |
| echo "LNS app size: ${{needs.build_ledger.outputs.size}} KiB" | |
| [ ${{needs.build_ledger.outputs.size}} -le $NANOS_LIMIT_SIZE ] | |
| - run: | | |
| echo "LNS Recovery app size: ${{needs.build_ledger.outputs.size_recovery}} KiB" | |
| [ ${{needs.build_ledger.outputs.size_recovery}} -le $NANOS_LIMIT_SIZE ] | |
| test_zemu: | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| steps: | |
| - name: Test | |
| run: | | |
| id | |
| echo $HOME | |
| echo $DISPLAY | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y curl protobuf-compiler build-essential git wget unzip python3 python3-pip \ | |
| libssl-dev libffi-dev libreadline-dev zlib1g-dev libbz2-dev libsqlite3-dev libncurses5-dev \ | |
| libgdbm-dev libnss3-dev liblzma-dev libxml2-dev libxmlsec1-dev libffi-dev libyaml-dev | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev | |
| - name: Install rust | |
| uses: actions-rs/toolchain@v1 | |
| with: | |
| toolchain: stable | |
| - name: Install node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 22 | |
| - name: Install yarn | |
| run: | | |
| npm install -g yarn | |
| - name: Build and run zemu tests | |
| run: | | |
| make test_all | |
| build_package_nanos: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/nanos-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build NanoS | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=0 make | |
| mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh | |
| - name: Set tag | |
| id: nanos_light | |
| run: echo "tag_name=$(./app/pkg/installer_nanos.sh version)" >> $GITHUB_OUTPUT | |
| - name: Create or Update Release (1) | |
| id: create_release_0 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_nanos.sh | |
| tag_name: ${{ steps.nanos_light.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_nanos_xl: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/nanos-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build NanoS XL | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 make | |
| mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos_xl.sh | |
| - name: Set tag | |
| id: nanos_xl | |
| run: echo "tag_name=$(./app/pkg/installer_nanos_xl.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_1 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_nanos_xl.sh | |
| tag_name: ${{ steps.nanos_xl.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_nanosp: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/nanosplus-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build NanoSP | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 make | |
| mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh | |
| - name: Set tag | |
| id: nanosp | |
| run: echo "tag_name=$(./app/pkg/installer_nanos_plus.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_2 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_nanos_plus.sh | |
| tag_name: ${{ steps.nanosp.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_stax: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/stax-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build Stax | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 make | |
| - name: Set tag | |
| id: stax | |
| run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_2 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_stax.sh | |
| tag_name: ${{ steps.stax.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_flex: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/flex-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build Flex | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 make | |
| - name: Set tag | |
| id: flex | |
| run: echo "tag_name=$(./app/pkg/installer_flex.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_2 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_flex.sh | |
| tag_name: ${{ steps.flex.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_recovery_nanos: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/nanos-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build NanoS | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=0 COIN=AVAIL_RECOVERY make | |
| mv ./app/pkg/installer_s.sh ./app/pkg/installer_recovery_nanos.sh | |
| - name: Set tag | |
| id: nanos_light | |
| run: echo "tag_name=$(./app/pkg/installer_recovery_nanos.sh version)" >> $GITHUB_OUTPUT | |
| - name: Create or Update Release (1) | |
| id: create_release_0 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_recovery_nanos.sh | |
| tag_name: ${{ steps.nanos_light.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_recovery_nanos_xl: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ubuntu-latest | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/nanos-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build NanoS XL | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 COIN=AVAIL_RECOVERY make | |
| mv ./app/pkg/installer_s.sh ./app/pkg/installer_recovery_nanos_xl.sh | |
| - name: Set tag | |
| id: nanos_xl | |
| run: echo "tag_name=$(./app/pkg/installer_recovery_nanos_xl.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_1 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_recovery_nanos_xl.sh | |
| tag_name: ${{ steps.nanos_xl.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_recovery_nanosp: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/nanosplus-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build NanoSP | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 COIN=AVAIL_RECOVERY make | |
| mv ./app/pkg/installer_s2.sh ./app/pkg/installer_recovery_nanos_plus.sh | |
| - name: Set tag | |
| id: nanosp | |
| run: echo "tag_name=$(./app/pkg/installer_recovery_nanos_plus.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_2 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_recovery_nanos_plus.sh | |
| tag_name: ${{ steps.nanosp.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_recovery_stax: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/stax-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build Stax | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 COIN=AVAIL_RECOVERY make | |
| mv ./app/pkg/installer_stax.sh ./app/pkg/installer_recovery_stax.sh | |
| - name: Set tag | |
| id: stax | |
| run: echo "tag_name=$(./app/pkg/installer_recovery_stax.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_2 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_recovery_stax.sh | |
| tag_name: ${{ steps.stax.outputs.tag_name }} | |
| draft: false | |
| prerelease: false | |
| build_package_recovery_flex: | |
| needs: [configure, build, build_ledger, test_zemu] | |
| if: ${{ github.ref == 'refs/heads/main' }} | |
| runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }} | |
| container: | |
| image: zondax/ledger-app-builder:latest | |
| options: --user ${{ needs.configure.outputs.uid_gid }} | |
| env: | |
| BOLOS_SDK: /opt/flex-secure-sdk | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - name: Install deps | |
| run: pip install ledgerblue | |
| - name: Build Flex | |
| shell: bash -l {0} | |
| run: | | |
| PRODUCTION_BUILD=0 SUBSTRATE_PARSER_FULL=1 COIN=AVAIL_RECOVERY make | |
| mv ./app/pkg/installer_flex.sh ./app/pkg/installer_recovery_flex.sh | |
| - name: Set tag | |
| id: flex | |
| run: echo "tag_name=$(./app/pkg/installer_recovery_flex.sh version)" >> $GITHUB_OUTPUT | |
| - name: Update Release | |
| id: update_release_2 | |
| uses: softprops/action-gh-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token | |
| with: | |
| files: ./app/pkg/installer_recovery_flex.sh | |
| tag_name: ${{ steps.flex.outputs.tag_name }} | |
| draft: false | |
| prerelease: false |