From 2172644626b11bde570b4902f943f17e186f0157 Mon Sep 17 00:00:00 2001 From: Martin Milata Date: Tue, 31 Oct 2023 20:28:51 +0100 Subject: [PATCH] ci: convert build and test jobs to github actions [no changelog] --- .github/actions/environment/action.yml | 20 + .github/actions/ui-report/action.yml | 33 ++ .github/workflows/common.yml | 113 +++++ .github/workflows/core.yml | 557 +++++++++++++++++++++++++ .github/workflows/fixup_check.yml | 11 - .github/workflows/legacy.yml | 126 ++++++ .github/workflows/prebuild.yml | 73 ++-- 7 files changed, 895 insertions(+), 38 deletions(-) create mode 100644 .github/actions/environment/action.yml create mode 100644 .github/actions/ui-report/action.yml create mode 100644 .github/workflows/common.yml create mode 100644 .github/workflows/core.yml delete mode 100644 .github/workflows/fixup_check.yml create mode 100644 .github/workflows/legacy.yml diff --git a/.github/actions/environment/action.yml b/.github/actions/environment/action.yml new file mode 100644 index 00000000000..c26cc49c3af --- /dev/null +++ b/.github/actions/environment/action.yml @@ -0,0 +1,20 @@ +name: 'Download dependencies' +description: 'Nixpkgs and poetry' +inputs: + full-deps: + description: 'Pass --arg fullDeps true to nix-shell?' + required: false + default: false +runs: + using: "composite" + steps: + - name: Install nix + uses: cachix/install-nix-action@v23 + with: + nix_path: nixpkgs=channel:nixos-unstable + - name: Dependencies nixpkgs + run: nix-shell --arg fullDeps "${{ inputs.full-deps }}" --run "true" + shell: sh + - name: Dependencies poetry + run: nix-shell --arg fullDeps "${{ inputs.full-deps }}" --run "poetry install" + shell: sh diff --git a/.github/actions/ui-report/action.yml b/.github/actions/ui-report/action.yml new file mode 100644 index 00000000000..272001e6525 --- /dev/null +++ b/.github/actions/ui-report/action.yml @@ -0,0 +1,33 @@ +name: 'UI report' +description: 'Prepare and upload HTML report of UI test results' +inputs: + artifact-name: + description: 'Name of the uploaded artifact' + required: true + default: ui-report +runs: + using: composite + steps: + - run: mv tests/ui_tests/reports/test/ test_ui_report || true + shell: sh + - run: nix-shell --run "poetry run python ci/prepare_ui_artifacts.py || true" + shell: sh + - run: diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json || true + shell: sh + - run: tar -cf test_ui_report.tar test_ui_report/ || true + shell: sh + - run: tar -cf tests/ui_tests/screens.tar tests/ui_tests/screens/ || true + shell: sh + - uses: actions/upload-artifact@v3 + with: + name: ${{ inputs.artifact-name }} + path: | + ci/ui_test_records/ + # test_ui_report/ # can't have :: on ntfs + # tests/ui_tests/screens/ # can't have :: on ntfs + test_ui_report.tar + tests/ui_tests/screens.tar + tests/ui_tests/fixtures.suggestion.json + tests/ui_tests/fixtures.results.json + tests/trezor.log + retention-days: 7 diff --git a/.github/workflows/common.yml b/.github/workflows/common.yml new file mode 100644 index 00000000000..31a54589006 --- /dev/null +++ b/.github/workflows/common.yml @@ -0,0 +1,113 @@ +name: Common + +on: [pull_request] + +jobs: + crypto_build: + name: Crypto library + runs-on: ubuntu-latest + env: + CC: gcc + ADDRESS_SANITIZER: 1 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: cachix/install-nix-action@v23 + with: + nix_path: nixpkgs=channel:nixos-unstable + - run: nix-shell --run "poetry install" + - run: cp -r crypto crypto_noasan + - run: nix-shell --run "poetry run make -C crypto" + - run: nix-shell --run "export ADDRESS_SANITIZER=0; poetry run make -C crypto_noasan" + - run: mv crypto_noasan/tests/test_check crypto/tests/test_check_noasan + - uses: actions/upload-artifact@v3 + with: + name: crypto-build + path: | + crypto/tests/aestst + crypto/tests/libtrezor-crypto.so + crypto/tests/test_check + crypto/tests/test_check_noasan + crypto/tests/test_openssl + retention-days: 7 + + crypto_test: + name: Crypto test + needs: [crypto_build] + runs-on: ubuntu-latest + env: + ASAN_OPTIONS: "verify_asan_link_order=0" + CK_TIMEOUT_MULTIPLIER: 5 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: cachix/install-nix-action@v23 + with: + nix_path: nixpkgs=channel:nixos-unstable + - run: nix-shell --run "poetry install" + - uses: actions/download-artifact@v3 + with: + name: crypto-build + path: crypto/tests + - run: chmod +x crypto/tests/* + - run: ./crypto/tests/aestst + - run: ./crypto/tests/test_check + - run: ./crypto/tests/test_openssl 1000 + - run: nix-shell --run "cd crypto && ITERS=10 poetry run pytest tests" + - run: nix-shell --run "CK_TIMEOUT_MULTIPLIER=20 valgrind -q --error-exitcode=1 ./crypto/tests/test_check_noasan" + + python_test: + name: Python test + runs-on: ubuntu-latest + env: + LC_ALL: C.UTF-8 + LANG: C.UTF-8 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: cachix/install-nix-action@v23 + with: + nix_path: nixpkgs=channel:nixos-unstable + - run: nix-shell --run "poetry install" + # Workaround for nixpkgs+tox integration failure which results in: + # ModuleNotFoundError: No module named '_sysconfigdata__linux_x86_64-linux-gnu' + # The value of _PYTHON_SYSCONFIGDATA_NAME has changed between python 3.7 and 3.8 and with + # multiple versions in your environment the older pythons don't seem to work under tox. + # When the variable is unset the interpreter seems to do the right thing. Can be removed in + # july 2023 when python 3.7 is EOLed. + # See also: + # https://github.com/NixOS/nixpkgs/blob/b00c7c2d1d905eb63c81a0917f1a94b763a7843b/pkgs/development/interpreters/python/cpython/default.nix#L103 + # https://github.com/NixOS/nixpkgs/pull/98915 + - run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && cd python && poetry run tox" + + python_support_test: + name: Python support test + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: cachix/install-nix-action@v23 + with: + nix_path: nixpkgs=channel:nixos-unstable + - run: nix-shell --run "poetry install" + - run: nix-shell --run "poetry run make python_support_check" + + storage_test: + name: Storage test + # TODO: only for changes in storage/ + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: cachix/install-nix-action@v23 + with: + nix_path: nixpkgs=channel:nixos-unstable + - run: nix-shell --run "poetry install" + - run: unset PYTEST_TIMEOUT + - run: nix-shell --run "poetry run make -C storage/tests build" + - run: nix-shell --run "poetry run make -C storage/tests tests_all" diff --git a/.github/workflows/core.yml b/.github/workflows/core.yml new file mode 100644 index 00000000000..03e09876814 --- /dev/null +++ b/.github/workflows/core.yml @@ -0,0 +1,557 @@ +name: Core + +on: [pull_request] + +jobs: + core_firmware: + name: Build firmware + runs-on: ubuntu-latest + strategy: + matrix: + model: [T2T1, T2B1] + coins: [universal, btconly] + type: ${{ fromJSON(github.event_name == 'schedule' && '["normal", "debuglink", "production"]' || '["normal", "debuglink"]') }} + include: + - model: D001 + coins: universal + type: normal + env: + TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || 'R' }} + BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }} + PYOPT: ${{ matrix.type == 'debuglink' && '0' || '1' }} + PRODUCTION: ${{ matrix.type == 'production' && '1' || '0' }} + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core build_boardloader" + if: matrix.coins == 'universal' && matrix.type != 'debuglink' + - run: nix-shell --run "poetry run make -C core build_bootloader" + if: matrix.coins == 'universal' && matrix.type != 'debuglink' + - run: nix-shell --run "poetry run make -C core build_bootloader_ci" + if: matrix.coins == 'universal' && matrix.type != 'debuglink' && matrix.model == 'T2T1' + - run: nix-shell --run "poetry run make -C core build_prodtest" + if: matrix.coins == 'universal' && matrix.type != 'debuglink' + - run: nix-shell --run "poetry run make -C core build_firmware" + - run: nix-shell --run "poetry run make -C core sizecheck" + if: matrix.coins == 'universal' && matrix.type != 'debuglink' + - uses: actions/upload-artifact@v3 + with: + name: core-firmware-${{ matrix.model }}-${{ matrix.coins }}-${{ matrix.type }} + path: | + core/build/boardloader/*.bin + core/build/bootloader/*.bin + core/build/bootloader_ci/*.bin + core/build/prodtest/*.bin + core/build/firmware/firmware.elf + core/build/firmware/firmware-*.bin + retention-days: 7 + + core_emu: + name: Build emu + runs-on: ubuntu-latest + strategy: + matrix: + model: [T2T1, T2B1] + coins: [universal, btconly] + # type: [normal, debuglink] + type: [debuglink] + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + exclude: + - type: normal + asan: asan + env: + TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || 'R' }} + BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }} + PYOPT: ${{ matrix.type == 'debuglink' && '0' || '1' }} + ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }} + RUSTC_BOOTSTRAP: ${{ matrix.asan == 'asan' && '1' || '0' }} + RUSTFLAGS: ${{ matrix.asan == 'asan' && '-Z sanitizer=address' || '' }} + LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt" + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core build_bootloader_emu" + if: matrix.coins == 'universal' + - run: nix-shell --run "poetry run make -C core build_unix_frozen" + - uses: actions/upload-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-${{ matrix.coins }}-${{ matrix.type }}-${{ matrix.asan }} + path: | + core/build/unix/trezor-emu-core + core/build/bootloader_emu/bootloader.elf + retention-days: 7 + + core_unit_python_test: + name: Python unit tests + runs-on: ubuntu-latest + strategy: + matrix: + model: [T2T1] # FIXME T2B1 https://github.com/trezor/trezor-firmware/issues/2724 + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || 'R' }} + ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }} + LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt" + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core build_unix" + - run: nix-shell --run "poetry run make -C core test" + + core_unit_rust_test: + name: Rust unit tests + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1] # FIXME: T2B1 https://github.com/trezor/trezor-firmware/issues/2724 + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || 'R' }} + ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }} + RUSTC_BOOTSTRAP: ${{ matrix.asan == 'asan' && '1' || '0' }} + RUSTFLAGS: ${{ matrix.asan == 'asan' && '-Z sanitizer=address' || '' }} + LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt" + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core build_unix_frozen" + - run: nix-shell --run "poetry run make -C core clippy" + - run: nix-shell --run "poetry run make -C core test_rust" + + core_rust_client_test: + name: Rust trezor-client tests + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1] # FIXME: T2B1 https://github.com/trezor/trezor-firmware/issues/2724 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-noasan + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run core/emu.py --headless -q --temporary-profile --slip0014 --command cargo test --manifest-path rust/trezor-client/Cargo.toml" + + # Device tests for Core. Running device tests and also comparing screens + # with the expected UI result. + # See artifacts for a comprehensive report of UI. + # See [docs/tests/ui-tests](../tests/ui-tests.md) for more info. + core_device_test: + name: Device tests + runs-on: ubuntu-latest + needs: core_emu + strategy: + fail-fast: false + matrix: + model: [T2T1, T2B1] + coins: [universal, btconly] + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + # T2B1 fails due to https://github.com/trezor/trezor-firmware/issues/3280 + # remove after single global layout is implemented (or bug above fixed): + exclude: + - model: T2B1 + env: + TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }} + # MULTICORE: 4 # more could interfere with other jobs + TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || 'R' }} + TREZOR_PYTEST_SKIP_ALTCOINS: ${{ matrix.coins == 'btconly' && '1' || '0' }} + ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }} + PYTEST_TIMEOUT: ${{ matrix.asan == 'asan' && 600 || 400 }} + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-${{ matrix.coins }}-debuglink-${{ matrix.asan }} + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core test_emu_ui_multicore" # TODO: can-fail or whatisit + if: ${{ matrix.asan == 'noasan' && matrix.coins == 'universal' }} + - run: nix-shell --run "poetry run make -C core test_emu" + if: ${{ matrix.asan != 'noasan' || matrix.coins != 'universal' }} + - run: tail -n20 tests/trezor.log || true + if: ${{ failure() }} + - uses: ./.github/actions/ui-report + with: + artifact-name: core-test-device-${{ matrix.model }}-${{ matrix.coins }}-${{ matrix.asan }} + if: ${{ always() }} + - run: mv core/src/.coverage.* core || true # there will be more coverage files (one per core) + - uses: actions/upload-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core/.coverage.* + retention-days: 7 + + # Click tests - UI. + # See [docs/tests/click-tests](../tests/click-tests.md) for more info. + core_click_test: + name: Click tests + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1, T2B1] + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }} + # MULTICORE: 4 # more could interfere with other jobs + PYTEST_TIMEOUT: 400 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }} + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core test_emu_click_ui" + if: ${{ matrix.asan == 'noasan' }} + - run: nix-shell --run "poetry run make -C core test_emu_click" + if: ${{ matrix.asan == 'asan' }} + - uses: ./.github/actions/ui-report + with: + artifact-name: core-test-click-${{ matrix.model }}-${{ matrix.asan }} + - run: mv core/src/.coverage core/.coverage.test_click || true + - uses: actions/upload-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core/.coverage.* + retention-days: 7 + + # Upgrade tests. + # See [docs/tests/upgrade-tests](../tests/upgrade-tests.md) for more info. + core_upgrade_test: + name: Upgrade tests + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1] # FIXME: T2B1 https://github.com/trezor/trezor-firmware/issues/2724 + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_UPGRADE_TEST: core + PYTEST_TIMEOUT: 400 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }} + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment + - run: nix-shell --run "tests/download_emulators.sh" + - run: nix-shell --run "poetry run pytest tests/upgrade_tests" + + + # Persistence tests - UI. + core_persitence_test: + name: Persistence tests + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1] # TODO T2B1 https://github.com/trezor/trezor-firmware/issues/2724 + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }} + PYTEST_TIMEOUT: 400 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }} + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core test_emu_persistence_ui" + if: ${{ matrix.asan == 'noasan' }} + - run: nix-shell --run "poetry run make -C core test_emu_persistence" + if: ${{ matrix.asan == 'asan' }} + - uses: ./.github/actions/ui-report + with: + artifact-name: core-test-persistence-${{ matrix.model }}-${{ matrix.asan }} + - run: mv core/src/.coverage core/.coverage.test_persistence || true + - uses: actions/upload-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core/.coverage.* + retention-days: 7 + + core_hwi_test: + name: HWI tests + if: false # XXX currently failing + continue-on-error: true + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1] # TODO T2B1 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-noasan + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment # XXX poetry maybe not needed + - run: nix-shell --run "git clone --depth=1 https://github.com/bitcoin-core/HWI.git" + # see python_test for explanation of _PYTHON_SYSCONFIGDATA_NAME + - run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && cd HWI && poetry install && poetry run ./test/test_trezor.py --model_t ../core/build/unix/trezor-emu-core bitcoind" + - uses: actions/upload-artifact@v3 + with: + name: core-test-hwi-${{ matrix.model }} + path: HWI/trezor-t-emulator.stdout + retention-days: 7 + + core_memory_profile: + name: Memory allocation report + if: false # NOTE manual job, comment out to run + runs-on: ubuntu-latest + env: + TREZOR_MODEL: T + TREZOR_MEMPERF: 1 + PYOPT: 0 + PYTEST_TIMEOUT: 900 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core build_unix_frozen" + - run: nix-shell --run "poetry run make -C core test_emu" + - run: nix-shell --run "mkdir core/prof/memperf-html" + - run: nix-shell --run "poetry run core/tools/alloc.py --alloc-data=core/src/alloc_data.txt html core/prof/memperf-html" + - uses: actions/upload-artifact@v3 + with: + name: core-memperf-${{ matrix.model }} + path: | + tests/trezor.log + core/prof/memperf-html + retention-days: 7 + + # Flash size profiling + + # Finds out how much flash space we have left in the firmware build + # Fails if the free space is less than certain threshold + core_flash_size_check: + name: Flash size check + runs-on: ubuntu-latest + needs: core_firmware + strategy: + matrix: + model: [T2T1, T2B1] + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-firmware-${{ matrix.model }}-universal-normal # FIXME: s/normal/debuglink/ + path: core/build + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run core/tools/size/checker.py core/build/firmware/firmware.elf" + + # Compares the current flash space with the situation in the current master + # Fails if the new binary is significantly larger than the master one + # (the threshold is defined in the script, currently 5kb). + # Also generates a report with the current situation + core_flash_size_compare: + name: Flash size comparison + runs-on: ubuntu-latest + needs: core_firmware + strategy: + matrix: + model: [T2T1, T2B1] + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + fetch-depth: 0 + - uses: actions/download-artifact@v3 + with: + name: core-firmware-${{ matrix.model }}-universal-normal + path: core/build + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run core/tools/size/compare_master.py core/build/firmware/firmware.elf -r firmware_elf_size_report.txt" + - uses: actions/upload-artifact@v3 + with: + name: core-test-flash-size-${{ matrix.model }} + path: firmware_elf_size_report.txt + retention-days: 7 + + # Monero tests. + core_monero_test: + name: Monero test + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1, T2B1] + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }} + PYTEST_TIMEOUT: 400 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }} + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: cachix/install-nix-action@v23 + with: + nix_path: nixpkgs=channel:nixos-unstable + # see python_test job for _PYTHON_SYSCONFIGDATA_NAME explanation + - run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && poetry install" + - run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && poetry run make -C core test_emu_monero" + - uses: actions/upload-artifact@v3 + with: + name: core-test-monero-${{ matrix.model }}-${{ matrix.asan }} + path: | + tests/trezor.log + core/tests/trezor_monero_tests.log + retention-days: 7 + - run: mv core/src/.coverage core/.coverage.test_emu_monero || true + - uses: actions/upload-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core/.coverage.* + retention-days: 7 + + # Tests for U2F and HID. + core_u2f_test: + name: U2F test + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1, T2B1] + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }} + PYTEST_TIMEOUT: 400 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }} + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C tests/fido_tests/u2f-tests-hid" + - run: nix-shell --run "poetry run make -C core test_emu_u2f" + - uses: actions/upload-artifact@v3 + with: + name: core-test-u2f-${{ matrix.model }}-${{ matrix.asan }} + path: tests/trezor.log + retention-days: 7 + - run: mv core/src/.coverage core/.coverage.test_emu_u2f || true + - uses: actions/upload-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core/.coverage.* + retention-days: 7 + + # FIDO2 device tests. + core_fido2_test: + name: FIDO2 test + runs-on: ubuntu-latest + needs: core_emu + strategy: + matrix: + model: [T2T1] # XXX T2B1 https://github.com/trezor/trezor-firmware/issues/2724 + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }} + PYTEST_TIMEOUT: 400 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }} + path: core/build + - run: chmod +x core/build/unix/trezor-emu-core* + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core test_emu_fido2" + - uses: actions/upload-artifact@v3 + with: + name: core-test-fido2-${{ matrix.model }}-${{ matrix.asan }} + path: | + tests/trezor.log + retention-days: 7 + - run: mv core/src/.coverage core/.coverage.test_emu_fido2 || true + - uses: actions/upload-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core/.coverage.* + retention-days: 7 + + core_coverage_report: + name: Coverage report + runs-on: ubuntu-latest + needs: + - core_click_test + - core_persitence_test + - core_device_test + - core_monero_test + - core_u2f_test + - core_fido2_test + strategy: + matrix: + model: [T2T1, T2B1] + # T2B1 fails due to https://github.com/trezor/trezor-firmware/issues/3280 + # remove after single global layout is implemented (or bug above fixed): + exclude: + - model: T2B1 + env: + COVERAGE_THRESHOLD: ${{ matrix.model == 'T2T1' && 78 || 77 }} + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C core coverage" + # TODO fail if too little + - uses: actions/upload-artifact@v3 + with: + name: core-coverage-${{ matrix.model }} + path: core/htmlcov + retention-days: 7 + + + # Connect + # TODO: core_connect_test diff --git a/.github/workflows/fixup_check.yml b/.github/workflows/fixup_check.yml deleted file mode 100644 index ccc3e2b4054..00000000000 --- a/.github/workflows/fixup_check.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Git Checks - -on: [pull_request] - -jobs: - block-fixup: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Block Fixup Commit Merge - uses: 13rac1/block-fixup-merge-action@v2.0.0 diff --git a/.github/workflows/legacy.yml b/.github/workflows/legacy.yml new file mode 100644 index 00000000000..8e8ba0371be --- /dev/null +++ b/.github/workflows/legacy.yml @@ -0,0 +1,126 @@ +name: Legacy + +on: [pull_request] + +jobs: + legacy_firmware: + name: Firmware + runs-on: ubuntu-latest + strategy: + matrix: + coins: [universal, btconly] + # type: [normal, debuglink] + type: [debuglink] + env: + BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }} + DEBUG_LINK: ${{ matrix.type == 'debuglink' && '1' || '0' }} + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild" + - run: nix-shell --run "poetry run legacy/script/setup" + - run: nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild" + - run: nix-shell --run "poetry run make -C legacy/demo" + if: matrix.coins == 'universal' && matrix.type == 'normal' + - uses: actions/upload-artifact@v3 + with: + name: legacy-firmware-${{ matrix.coins }}-${{ matrix.type }} + path: legacy/firmware/firmware-*.bin + retention-days: 7 + + legacy_emu: + name: Emulator + runs-on: ubuntu-latest + strategy: + matrix: + coins: [universal, btconly] + # type: [normal, debuglink] + type: [debuglink] + arch: [x86_64] + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + EMULATOR: 1 + BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }} + DEBUG_LINK: ${{ matrix.type == 'debuglink' && '1' || '0' }} + ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }} + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run legacy/script/cibuild" + - uses: actions/upload-artifact@v3 + with: + name: legacy-emu-${{ matrix.coins }}-${{ matrix.type }}-${{ matrix.asan }} + path: legacy/firmware/*.elf + retention-days: 7 + + legacy_device_test: + name: Device test + runs-on: ubuntu-latest + needs: legacy_emu + strategy: + matrix: + coins: [universal, btconly] + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + EMULATOR: 1 + TREZOR_PYTEST_SKIP_ALTCOINS: ${{ matrix.coins == 'universal' && '0' || '1' }} + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: legacy-emu-${{ matrix.coins }}-debuglink-${{ matrix.asan }} + path: legacy/firmware + - run: chmod +x legacy/firmware/*.elf + - uses: ./.github/actions/environment + - run: nix-shell --run "poetry run make -C legacy test_emu" + # if: matrix.coins == 'universal' && matrix.type == 'normal' + + legacy_upgrade_test: + name: Upgrade test + runs-on: ubuntu-latest + needs: legacy_emu + strategy: + matrix: + asan: ${{ fromJSON(github.event_name == 'schedule' && '["noasan", "asan"]' || '["noasan"]') }} + env: + TREZOR_UPGRADE_TEST: legacy + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: legacy-emu-universal-debuglink-${{ matrix.asan }} + path: legacy/firmware + - run: chmod +x legacy/firmware/*.elf + - uses: ./.github/actions/environment + - run: nix-shell --run "tests/download_emulators.sh" + - run: nix-shell --run "poetry run pytest tests/upgrade_tests" + + legacy_hwi_test: + name: HWI test + if: false # XXX currently failing + continue-on-error: true + runs-on: ubuntu-latest + needs: legacy_emu + env: + EMULATOR: 1 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: actions/download-artifact@v3 + with: + name: legacy-emu-universal-debuglink-noasan + path: legacy/firmware + - run: chmod +x legacy/firmware/*.elf + - uses: ./.github/actions/environment + - run: nix-shell --run "git clone --depth=1 https://github.com/bitcoin-core/HWI.git" + # see python_test for explanation of _PYTHON_SYSCONFIGDATA_NAME + - run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && cd HWI && poetry install && poetry run ./test/test_trezor.py --model_1 ../legacy/firmware/trezor.elf bitcoind" diff --git a/.github/workflows/prebuild.yml b/.github/workflows/prebuild.yml index 6257406f3c4..dd92266ce0c 100644 --- a/.github/workflows/prebuild.yml +++ b/.github/workflows/prebuild.yml @@ -3,54 +3,73 @@ name: "Prebuild checks" on: [pull_request] jobs: + block-fixup: + name: Block fixup + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Block Fixup Commit Merge + uses: 13rac1/block-fixup-merge-action@v2.0.0 + + # Check the code for style correctness and perform some static code analysis. + # Biggest part is the python one - using `flake8`, `isort`, `black`, `pylint` and `pyright`, + # also checking Rust files by `rustfmt` and C files by `clang-format`. + # Changelogs formats are checked. style_check: name: Style check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 - - uses: cachix/install-nix-action@v13 - with: - nix_path: nixpkgs=channel:nixos-unstable - name: "Run style check" - - run: nix-shell --run "poetry install" - - run: nix-shell --run "poetry run make style_check" + - uses: actions/checkout@v4 + - uses: ./.github/actions/environment + - name: "Run style check" + run: nix-shell --run "poetry run make style_check" + - name: "Run .editorconfig check" + run: nix-shell --run "poetry run make editor_check" + # Check validity of coin definitions and protobuf files. defs_check: name: Defs check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: "recursive" - fetch-depth: 0 - - uses: cachix/install-nix-action@v13 - with: - nix_path: nixpkgs=channel:nixos-unstable - name: "Run defs check" - - run: nix-shell --run "poetry install" - - run: nix-shell --run "poetry run make defs_check" + - uses: ./.github/actions/environment + - name: "Run defs check" + run: nix-shell --run "poetry run make defs_check" + # Check validity of auto-generated files. gen_check: name: Gen check runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: "recursive" - fetch-depth: 0 - - uses: cachix/install-nix-action@v13 - with: - nix_path: nixpkgs=channel:nixos-unstable - name: "Run gen check" - - run: nix-shell --run "poetry install" - - run: nix-shell --run "poetry run make gen_check" + - uses: ./.github/actions/environment + - name: "Run gen check" + run: nix-shell --run "poetry run make gen_check" + # Verifying that all commits changing some functionality have a changelog entry + # or contain `[no changelog]` in the commit message. changelog_check: name: Changelog check + if: ${{ github.ref != 'main' }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: - fetch-depth: 0 - name: "Run check changelog" - - run: ./ci/check_changelog.sh + submodules: "recursive" + - name: "Run changelog check" + run: ./ci/check_changelog.sh + + # Checking the format of release commit messages. + release_commit_msg_check: + name: Release commit message check + if: ${{ startsWith(github.ref, 'refs/tags/release/') && github.repository == 'trezor/trezor-firmware' }} + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/environment + - name: "Check release commit message format" + run: ./ci/check_release_commit_messages.sh