Merge pull request #551 from LedgerHQ/cev/B2CA-1247_guideline-enforcer

B2CA-1247: Fix deprecated warnings

.github/ISSUE_TEMPLATE/bug_report.md

@@ -19,8 +19,8 @@ Describe your issue in as much detail as possible here.
 
 ## Steps to reproduce
 
-* Tell us how to reproduce this issue <br />
-* Where the issue is, if you know <br />
+* Tell us how to reproduce this issue
+* Where the issue is, if you know
 * Which commands triggered the issue, if any
 
 ## Expected behaviour
@@ -37,4 +37,5 @@ Please paste any logs here that demonstrate the issue, if they exist
 
 ## Proposed solution
 
-If you have an idea of how to fix this issue, please write it down here, so we can begin discussing it
+If you have an idea of how to fix this issue, please write it down here,
+so we can begin discussing it

.github/ISSUE_TEMPLATE/feature_request.md

@@ -1,6 +1,6 @@
 ---
 name: Feature report
-about: Suggest an idea for this project 
+about: Suggest an idea for this project
 title: 'Add [Subject of the issue]'
 labels: 'enhancement'
 assignees: ''

.github/ISSUE_TEMPLATE/network_request.md

@@ -1,19 +1,20 @@
 ---
 name: Network request
-about: Request of new chain or network 
+about: Request of new chain or network
 title: 'Add {NameChain} network ({SYMBOL})'
 labels: 'enhancement, chain/network'
 assignees: ''
 
 ---
 
 ## Description
-- [ ] Symbol: 
-- [ ] ChainId: 
-- [ ] Website: 
-- [ ] Block-Explorer: 
-- [ ] [slip-0044](https://github.com/satoshilabs/slips/blob/master/slip-0044.md) type: 
+
+- [ ] Symbol:
+- [ ] ChainId:
+- [ ] Website:
+- [ ] Block-Explorer:
+- [ ] [slip-0044](https://github.com/satoshilabs/slips/blob/master/slip-0044.md) type:
 
 ## Additional comments
 
-Please post additional comments in this section if you have them, otherwise delete it.
+Please post additional comments in this section if you have them, otherwise delete it.

.github/pull_request_template.md

@@ -1,6 +1,6 @@
 ## Description
 
-Please provide a detailed description of what was done in this PR.  
+Please provide a detailed description of what was done in this PR.
 (And mentioned if linked to an issue [docs](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue))
 
 ## Changes include
@@ -18,4 +18,4 @@ Please complete this section if any breaking changes have been made, otherwise d
 
 ## Additional comments
 
-Please post additional comments in this section if you have them, otherwise delete it.
+Please post additional comments in this section if you have them, otherwise delete it.

.github/workflows/build_and_functional_tests.yml

@@ -0,0 +1,33 @@
+name: Build and run functional tests using ragger through reusable workflow
+
+# This workflow will build the app and then run functional tests using the Ragger framework upon Speculos emulation.
+# It calls a reusable workflow developed by Ledger's internal developer team to build the application and upload the
+# resulting binaries.
+# It then calls another reusable workflow to run the Ragger tests on the compiled application binary.
+#
+# While this workflow is optional, having functional testing on your application is mandatory and this workflow and
+# tooling environment is meant to be easy to use and adapt after forking your application
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  build_application:
+    name: Build application using the reusable workflow
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
+    with:
+      upload_app_binaries_artifact: "ragger_elfs"
+      flags: "DEBUG=1 CAL_TEST_KEY=1 DOMAIN_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1"
+
+  ragger_tests:
+    name: Run ragger tests using the reusable workflow
+    needs: build_application
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_ragger_tests.yml@v1
+    with:
+      download_app_binaries_artifact: "ragger_elfs"

.github/workflows/ci-workflow.yml

@@ -1,5 +1,5 @@
 ---
-name: Tests
+name: Tests (Speculos and Zemu)
 
 on:
   workflow_dispatch:
@@ -22,15 +22,15 @@ jobs:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Build testing binaries
         run: |
           git config --global --add safe.directory "$GITHUB_WORKSPACE"
           cd tests/zemu/ && ./build_local_test_elfs.sh
 
       - name: Upload app binaries
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: e2e_zemu_elfs
           path: ./tests/zemu/elfs/
@@ -41,16 +41,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - name: Test
-        run: |
-          id
-          echo $HOME
-          echo $DISPLAY
-
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
-      - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
+      - name: Install additional tools
+        run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
 
       - name: Install NodeJS
         uses: actions/setup-node@v3
@@ -67,12 +62,12 @@ jobs:
         run: mkdir tests/zemu/elfs
 
       - name: Download app binaries
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: tmp/
 
       - name: Gather elfs
-        run: cp `find tmp/e2e_zemu_elfs/ -name "*.elf"` tests/zemu/elfs/
+        run: cp tmp/e2e_zemu_elfs/*.elf tests/zemu/elfs/
 
       - name: Run zemu tests
         run: cd tests/zemu/ && yarn test
@@ -89,7 +84,7 @@ jobs:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-lite:latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Build testing binaries
         run: |
@@ -99,7 +94,7 @@ jobs:
           make clean && make -j DEBUG=1 NFT_STAGING_KEY=1 BOLOS_SDK=$NANOSP_SDK && mv bin/app.elf tests/speculos/elfs/nanosp.elf
 
       - name: Upload app binaries
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: e2e_speculos_elfs
           path: ./tests/speculos/elfs
@@ -117,18 +112,18 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Create tmp folder for artifacts
         run: mkdir tests/speculos/elfs
 
       - name: Download app binaries
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4
         with:
           path: tmp/
 
       - name: Gather elfs
-        run: cp `find tmp/e2e_speculos_elfs/ -name "*.elf"` tests/speculos/elfs/
+        run: cp tmp/e2e_speculos_elfs/*.elf tests/speculos/elfs/
 
       - name: Install dependencies
         run: |
@@ -140,62 +135,3 @@ jobs:
         run: |
           cd tests/speculos
           pytest --model ${{ matrix.model }} --path ./elfs/${{ matrix.model }}.elf --display headless
-
-
-  # =====================================================
-  #            RAGGER TESTS
-  # =====================================================
-
-  build_ragger_elfs:
-    name: Build app for Ragger tests
-    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_build.yml@v1
-    with:
-      upload_app_binaries_artifact: "ragger_elfs"
-      flags: "DEBUG=1 CAL_TEST_KEY=1 DOMAIN_NAME_TEST_KEY=1 SET_PLUGIN_TEST_KEY=1 NFT_TEST_KEY=1"
-
-  jobs-ragger-tests:
-    name: Run Ragger tests
-    needs: build_ragger_elfs
-    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_ragger_tests.yml@v1
-    with:
-      download_app_binaries_artifact: "ragger_elfs"
-
-  # =====================================================
-  #            STATIC ANALYSIS
-  # =====================================================
-
-  # Static analysis on the main ETH chain is covered by the guidelines enforcer
-  scan-build:
-    name: Clang Static Analyzer on altcoin
-    runs-on: ubuntu-latest
-    container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
-    strategy:
-      fail-fast: false
-      matrix:
-        device: ["nanos", "nanos2", "nanox", "stax"]
-
-    steps:
-      - name: Clone
-        uses: actions/checkout@v3
-        with:
-          submodules: recursive
-
-      - name: Build with Clang Static Analyzer
-        run: |
-          eval "BOLOS_SDK=\$$(echo ${{ matrix.device }} | tr [:lower:] [:upper:])_SDK" && \
-          echo "BOLOS_SDK value will be: ${BOLOS_SDK}" && \
-          make -j ENABLE_SDK_WERROR=1 BOLOS_SDK=${BOLOS_SDK} CHAIN=polygon scan-build
-
-      - uses: actions/upload-artifact@v3
-        if: failure()
-        with:
-          name: scan-build
-          path: scan-build
-
-      - name: Upload scan result
-        if: failure()
-        uses: actions/upload-artifact@v3
-        with:
-          name: scan-build
-          path: scan-build

.github/workflows/codeql_checks.yml

@@ -0,0 +1,44 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+    # Excluded path: add the paths you want to ignore instead of deleting the workflow
+    paths-ignore:
+      - '.github/workflows/*.yml'
+      - 'tests/*'
+
+jobs:
+  analyse:
+    name: Analyse
+    strategy:
+      matrix:
+        sdk: [ "$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK" ]
+        #'cpp' covers C and C++
+        language: [ 'cpp' ]
+    runs-on: ubuntu-latest
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v4
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: ${{ matrix.language }}
+          queries: security-and-quality
+
+      # CodeQL will create the database during the compilation
+      - name: Build
+        run: |
+          make BOLOS_SDK=${{ matrix.sdk }}
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3

.github/workflows/guidelines_enforcer.yml

@@ -0,0 +1,23 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - main
+      - develop
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1

.github/workflows/pr_on_all_plugins.yml

@@ -39,7 +39,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout SDK repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: LedgerHQ/ethereum-plugin-sdk
           ref: develop
@@ -96,7 +96,7 @@ jobs:
 
     steps:
       - name: Checkout plugin repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: LedgerHQ/${{ matrix.repo }}
           submodules: recursive
@@ -144,7 +144,7 @@ jobs:
             gh label create 'auto' --color 'b4a8d1' --description 'Automatically created'
           fi
 
-      - name: Create pull request and commment on SDK issue
+      - name: Create pull request and comment on SDK issue
         run: |
           # Github limits the number of possible PR being opened in a given time window.
           # The limits are 20 creation per minute and 150 per hour.