arno/trezor-firmware
1
0
Fork 0
mirror of https://github.com/trezor/trezor-firmware.git synced 2025-04-09 11:55:58 +00:00
Code Issues Releases Wiki Activity

Merge 85e9a72643 into 52f5593f28

Browse Source
This commit is contained in:
matejcik 2025-03-20 15:39:44 +01:00 committed by GitHub
commit fd9b54880c
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
22 changed files with 34 additions and 3543 deletions

50
.gitlab-ci.yml
View File

@ -1,50 +0,0 @@
variables:
# See https://docs.gitlab.com/ce/user/project/pipelines/settings.html#git-strategy
GIT_STRATEGY: "clone"
# Init submodules
# See https://docs.gitlab.com/ee/ci/yaml/#git-submodule-strategy
GIT_SUBMODULE_STRATEGY: "recursive"
# Use shallow cloning to speed up git clone. This can fail, if retrying an older build on CI
# and the old commit is not in the shallow history any more.
# See https://docs.gitlab.com/ee/ci/yaml/#shallow-cloning
GIT_DEPTH: "50"
# Run `make` in parallel
MAKEFLAGS: "-j10"
# Apply timeout to pytest-based tests
PYTEST_TIMEOUT: "400"
# No need for TLS because everything runs on the same machine
DOCKER_TLS_CERTDIR: ""
NIX_SHELL: "nix-shell"
stages:
- environment
- prebuild
- build
- test
- posttest
- deploy
default:
# Cancel jobs when a newer pipeline appears
interruptible: true
before_script:
- . /nix/var/nix/profiles/default/etc/profile.d/nix-daemon.sh || true
- $NIX_SHELL --run "poetry install --sync"
- export LEGACY_VERSION=$($NIX_SHELL --run "./tools/version.sh legacy/firmware/version.h")
- export CORE_VERSION=$($NIX_SHELL --run "./tools/version.sh core/embed/projects/firmware/version.h")
include:
- ci/environment.yml
- ci/prebuild.yml
- ci/build.yml
- ci/test.yml
- ci/test-nonenglish.yml
- ci/posttest.yml
- ci/deploy.yml

10
Makefile
View File

@ -128,12 +128,6 @@ protobuf_check: ## check that generated protobuf headers are up to date
./tools/build_protobuf --check
./rust/trezor-client/scripts/build_protos --check
ci_docs: ## generate CI documentation
./tools/generate_ci_docs.py
ci_docs_check: ## check that generated CI documentation is up to date
./tools/generate_ci_docs.py --check
docs_summary_check: ## check if there are unlinked documentation files
@echo [DOCS-SUMMARY-MARKDOWN-CHECK]
python3 tools/check_docs_summary.py
@ -156,6 +150,6 @@ lsgen: ## generate linker scripts hashes
lsgen_check: ## check generated linker scripts
lsgen --check
gen: templates mocks icons protobuf ci_docs vendorheader solana_templates bootloader_hashes lsgen ## regenerate auto-generated files from sources
gen: templates mocks icons protobuf vendorheader solana_templates bootloader_hashes lsgen ## regenerate auto-generated files from sources
gen_check: templates_check mocks_check icons_check protobuf_check ci_docs_check vendorheader_check solana_templates_check bootloader_hashes_check lsgen_check ## check validity of auto-generated files
gen_check: templates_check mocks_check icons_check protobuf_check vendorheader_check solana_templates_check bootloader_hashes_check lsgen_check ## check validity of auto-generated files

2
README.md
View File

@ -4,7 +4,7 @@
## Repository Structure
* **[`ci`](ci/)**: [Gitlab CI](https://gitlab.com/satoshilabs/trezor/trezor-firmware) configuration files
* **[`ci`](ci/)**: Ancillary files, data, and scripts for the CI pipeline
* **[`common/defs`](common/defs/)**: JSON coin definitions and support tables
* **[`common/protob`](common/protob/)**: Common protobuf definitions for the Trezor protocol
* **[`common/tools`](common/tools/)**: Tools for managing coin definitions and related data

1
ci/README.md
View File

@ -1 +0,0 @@
../docs/ci/index.md

10
ci/README.md Normal file
View File

@ -0,0 +1,10 @@
# CI
This directory contains some ancillary files for the CI pipeline:
* Dockerfile for the main CI environment,
* nix-shell configuration for the reproducible Nix environment,
* nix module for our specific version of Pyright,
* scripts to synchronize `trezor-common` repository,
* scripts to generate UI artifacts,
* some more complex checker scripts.

652
ci/build.yml
View File

@ -1,652 +0,0 @@
# All builds are published as artifacts so they can be downloaded and used.
image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix
# Caching
.gitlab_caching: &gitlab_caching
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- .venv/
variables:
SDL_VIDEODRIVER: "dummy"
XDG_RUNTIME_DIR: "/var/tmp"
# Core
# Build of Core into firmware. Regular version.
# **Are you looking for Trezor T firmware build? This is most likely it.**
core fw regular build:
stage: build
<<: *gitlab_caching
needs: []
script:
- $NIX_SHELL --run "poetry run make -C core build_boardloader"
- $NIX_SHELL --run "poetry run make -C core build_bootloader"
- $NIX_SHELL --run "poetry run make -C core build_bootloader_ci"
- $NIX_SHELL --run "poetry run make -C core build_prodtest"
- $NIX_SHELL --run "poetry run make -C core build_firmware"
- $NIX_SHELL --run "poetry run make -C core sizecheck"
- cp core/build/firmware/firmware.bin firmware-T2T1-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
- cp core/build/firmware/firmware.elf firmware.elf
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware.elf
- firmware-T2T1-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
# Build of Core into firmware with enabled _debug_ mode. In debug mode you can
# upload mnemonic seed, use debug link etc. which enables device tests. Storage
# on the device gets wiped on every start in this firmware.
core fw regular debug build:
stage: build
<<: *gitlab_caching
needs: []
script:
- $NIX_SHELL --run "PYOPT=0 poetry run make -C core build_firmware"
- cp core/build/firmware/firmware.bin firmware-T2T1-debug-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
- cp core/build/firmware/firmware.elf firmware.elf
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware.elf
- firmware-T2T1-debug-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
core fw regular production build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PRODUCTION: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_boardloader"
- $NIX_SHELL --run "poetry run make -C core build_bootloader"
- $NIX_SHELL --run "poetry run make -C core build_bootloader_ci"
- $NIX_SHELL --run "poetry run make -C core build_prodtest"
- $NIX_SHELL --run "poetry run make -C core build_firmware"
- $NIX_SHELL --run "poetry run make -C core sizecheck"
- cp core/build/firmware/firmware.bin firmware-T2T1-production-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T2T1-production-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
# Build of Core into firmware. Bitcoin-only version.
core fw btconly build:
stage: build
<<: *gitlab_caching
needs: []
variables:
BITCOIN_ONLY: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_firmware"
- mv core/build/firmware/firmware.bin core/build/firmware/firmware-bitcoinonly.bin
- $NIX_SHELL --run "poetry run ./tools/check-bitcoin-only core/build/firmware/firmware-bitcoinonly.bin"
- cp core/build/firmware/firmware-bitcoinonly.bin firmware-T2T1-btconly-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T2T1-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
core fw btconly debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
BITCOIN_ONLY: "1"
PYOPT: "0"
script:
- $NIX_SHELL --run "poetry run make -C core build_firmware"
- cp core/build/firmware/firmware.bin firmware-T2T1-btconly-debug-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
only: # currently used only for HW tests and deploys
- schedules # nightly build
- /^legacy\//
- /^release\//
- /^secfix\//
- /^hw\//
- /^core\//
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T2T1-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
core fw btconly production build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PRODUCTION: "1"
BITCOIN_ONLY: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_firmware"
- $NIX_SHELL --run "poetry run ./tools/check-bitcoin-only core/build/firmware/firmware.bin"
- cp core/build/firmware/firmware.bin firmware-T2T1-btconly-production-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T2T1-btconly-production-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
core fw DISC1 build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
TREZOR_MODEL: "DISC1"
script:
- nix-shell --run "poetry run make -C core build_boardloader"
- nix-shell --run "poetry run make -C core build_bootloader"
- nix-shell --run "poetry run make -C core build_firmware"
- cp core/build/firmware/firmware.bin firmware-D001-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-D001-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
core fw R debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
TREZOR_MODEL: "R"
PYOPT: "0"
script:
- nix-shell --run "poetry run make -C core build_firmware"
- cp core/build/firmware/firmware.bin trezor-fw-debug-tr-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
- cp core/build/firmware/firmware.elf firmware.elf
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware.elf
- trezor-fw-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
core fw R build:
stage: build
<<: *gitlab_caching
needs: []
variables:
TREZOR_MODEL: "R"
script:
- nix-shell --run "poetry run make -C core build_firmware"
- cp core/build/firmware/firmware.bin trezor-fw-tr-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
- cp core/build/firmware/firmware.elf firmware.elf
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware.elf
- trezor-fw-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
# Non-frozen emulator build. This means you still need Python files
# present which get interpreted.
core unix regular build:
stage: build
<<: *gitlab_caching
needs: []
variables:
THP: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/unix # most of it needed by test_rust
expire_in: 1 week
# Non-frozen emulator build for model R.
core unix regular R build:
stage: build
<<: *gitlab_caching
needs: []
variables:
TREZOR_MODEL: "R"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/unix # most of it needed by test_rust
expire_in: 1 week
core unix regular asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
ADDRESS_SANITIZER: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_bootloader_emu"
- $NIX_SHELL --run "poetry run make -C core build_unix"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/bootloader_emu/bootloader.elf
- core/build/unix # most of it needed by test_rust
expire_in: 1 week
# Build of Core into UNIX emulator. Something you can run on your laptop.
# Frozen version. That means you do not need any other files to run it,
# it is just a single binary file that you can execute directly.
core unix frozen regular build:
stage: build
<<: *gitlab_caching
needs: []
script:
- $NIX_SHELL --run "poetry run make -C core build_bootloader_emu"
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/bootloader_emu/bootloader.elf
- core/build/unix/trezor-emu-core
expire_in: 1 week
# Build of Core into UNIX emulator. Something you can run on your laptop.
# Frozen version. That means you do not need any other files to run it,
# it is just a single binary file that you can execute directly.
# See [Emulator](../core/emulator/index.md) for more info.
# Debug mode enabled, Bitcoin-only version.
core unix frozen btconly debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
PYOPT: "0"
BITCOIN_ONLY: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/unix/trezor-emu-core-bitcoinonly
expire_in: 1 week
core unix frozen btconly debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PYOPT: "0"
BITCOIN_ONLY: "1"
ADDRESS_SANITIZER: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- core/build/unix/trezor-emu-core-bitcoinonly
expire_in: 1 week
# Build of Core into UNIX emulator. Something you can run on your laptop.
# Frozen version. That means you do not need any other files to run it,
# it is just a single binary file that you can execute directly.
# **Are you looking for a Trezor T emulator? This is most likely it.**
core unix frozen debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
PYOPT: "0"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 1 week
core unix frozen R debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
PYOPT: "0"
TREZOR_MODEL: "R"
script:
- $NIX_SHELL --run "poetry run make -C core build_bootloader_emu"
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 10 weeks
core unix frozen T3T1 debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
PYOPT: "0"
TREZOR_MODEL: "T3T1"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 10 weeks
core unix frozen R debug build arm:
image: nixos/nix
stage: build
<<: *gitlab_caching
needs: []
only:
- main
- tags
- /^release\//
- /^secfix\//
variables:
PYOPT: "0"
TREZOR_MODEL: "R"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-arm
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 10 weeks
tags:
- docker_darwin_arm
core unix frozen T3T1 debug build arm:
image: nixos/nix
stage: build
<<: *gitlab_caching
needs: []
only:
- main
- tags
- /^release\//
- /^secfix\//
variables:
PYOPT: "0"
TREZOR_MODEL: "T3T1"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-arm
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 10 weeks
tags:
- docker_darwin_arm
core unix frozen debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
PYOPT: "0"
ADDRESS_SANITIZER: "1"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 1 week
core unix frozen debug build arm:
image: nixos/nix
stage: build
<<: *gitlab_caching
needs: []
only:
- main
- tags
- /^release\//
- /^secfix\//
variables:
PYOPT: "0"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen"
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-arm
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
untracked: true
expire_in: 1 week
tags:
- docker_darwin_arm
core macos frozen regular build:
stage: build
<<: *gitlab_caching
needs: []
when: manual
tags:
- darwin_arm
script:
- $NIX_SHELL --option system x86_64-darwin --run "poetry run make -C core build_unix_frozen"
- export NAME="trezor-emu-core.darwin"
- cp -v core/build/unix/trezor-emu-core ./$NAME
- chmod +x $NAME
- echo '"$(dirname "$BASH_SOURCE")"/trezor-emu-core.darwin' > trezor-emulator.command
- chmod u+x trezor-emulator.command
allow_failure: true
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- trezor-emu-core.darwin
- trezor-emulator.command
expire_in: 1 week
# Crypto
# Build of our cryptographic library, which is then incorporated into the other builds.
crypto build:
stage: build
<<: *gitlab_caching
needs: []
variables:
ADDRESS_SANITIZER: "1"
CC: gcc
only:
changes:
- .gitlab-ci.yml
- ci/**
- crypto/**
script:
- cp -r crypto crypto_noasan
- $NIX_SHELL --run "poetry run make -C crypto"
- $NIX_SHELL --run "export ADDRESS_SANITIZER=0; poetry run make -C crypto_noasan"
- mv crypto_noasan/tests/test_check crypto/tests/test_check_noasan
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- crypto/tests/aestst
- crypto/tests/libtrezor-crypto.so
- crypto/tests/test_check
- crypto/tests/test_check_noasan
- crypto/tests/test_openssl
expire_in: 1 week
# Legacy
legacy fw regular build:
stage: build
<<: *gitlab_caching
needs: []
script:
- $NIX_SHELL --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
- $NIX_SHELL --run "poetry run legacy/script/setup"
- $NIX_SHELL --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
- $NIX_SHELL --run "poetry run make -C legacy/demo"
- mv legacy/firmware/trezor.bin firmware-T1B1-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T1B1-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
legacy fw regular debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
DEBUG_LINK: "1"
script:
- $NIX_SHELL --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
- $NIX_SHELL --run "poetry run legacy/script/setup"
- $NIX_SHELL --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
- mv legacy/firmware/trezor.bin firmware-T1B1-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T1B1-debug-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
legacy fw btconly build:
stage: build
<<: *gitlab_caching
needs: []
variables:
BITCOIN_ONLY: "1"
script:
- $NIX_SHELL --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
- $NIX_SHELL --run "poetry run legacy/script/setup"
- $NIX_SHELL --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
- mv legacy/firmware/trezor.bin legacy/firmware/trezor-bitcoinonly.bin
- $NIX_SHELL --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor-bitcoinonly.bin"
- mv legacy/firmware/trezor-bitcoinonly.bin firmware-T1B1-btconly-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T1B1-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
legacy fw btconly debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
BITCOIN_ONLY: "1"
DEBUG_LINK: "1"
script:
- $NIX_SHELL --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
- $NIX_SHELL --run "poetry run legacy/script/setup"
- $NIX_SHELL --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
- $NIX_SHELL --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor.bin"
- mv legacy/firmware/trezor.bin firmware-T1B1-btconly-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- firmware-T1B1-btconly-debug-*.*.*-$CI_COMMIT_SHORT_SHA.bin
expire_in: 1 week
# Regular version (not only Bitcoin) of above.
# **Are you looking for a Trezor One emulator? This is most likely it.**
legacy emu regular debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
DEBUG_LINK: "1"
EMULATOR: "1"
script:
- $NIX_SHELL --run "poetry run legacy/script/cibuild"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor.elf
expire_in: 1 week
legacy emu regular debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
DEBUG_LINK: "1"
EMULATOR: "1"
ADDRESS_SANITIZER: "1"
script:
- $NIX_SHELL --run "poetry run legacy/script/cibuild"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor.elf
expire_in: 1 week
legacy emu regular debug build arm:
image: nixos/nix
stage: build
<<: *gitlab_caching
needs: []
only:
- main
- tags
- /^release\//
- /^secfix\//
variables:
DEBUG_LINK: "1"
EMULATOR: "1"
script:
- $NIX_SHELL --run "poetry run legacy/script/cibuild"
- mv legacy/firmware/trezor.elf legacy/firmware/trezor-arm.elf
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor-arm.elf
expire_in: 1 week
tags:
- docker_darwin_arm
# Build of Legacy into UNIX emulator. Use keyboard arrows to emulate button presses.
# Bitcoin-only version.
legacy emu btconly debug build:
stage: build
<<: *gitlab_caching
needs: []
variables:
BITCOIN_ONLY: "1"
DEBUG_LINK: "1"
EMULATOR: "1"
script:
- $NIX_SHELL --run "poetry run legacy/script/cibuild"
- mv legacy/firmware/trezor.elf legacy/firmware/trezor-bitcoinonly.elf
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor-bitcoinonly.elf
expire_in: 1 week
legacy emu btconly debug asan build:
stage: build
<<: *gitlab_caching
needs: []
only:
- schedules # nightly build
variables:
BITCOIN_ONLY: "1"
DEBUG_LINK: "1"
EMULATOR: "1"
ADDRESS_SANITIZER: "1"
script:
- $NIX_SHELL --run "poetry run legacy/script/cibuild"
- mv legacy/firmware/trezor.elf legacy/firmware/trezor-bitcoinonly.elf
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- legacy/firmware/trezor-bitcoinonly.elf
expire_in: 1 week

5
ci/check_changelog.sh
View File

@ -61,11 +61,8 @@ check_release_branch () {
fi
}
# gitlab
if echo "$CI_COMMIT_BRANCH" | grep -Eq "^(release|secfix)/"; then
check_release_branch
# github, TODO this only makes sense running on branches but not pull requests
elif $(git branch --show-current) | grep -Eq "^(release|secfix)/"; then
if $(git branch --show-current) | grep -Eq "^(release|secfix)/"; then
check_release_branch
else
check_feature_branch

326
ci/deploy.yml
View File

@ -1,326 +0,0 @@
image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix
# Releases
release core fw regular deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/tt"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- core fw regular build
script:
- export VERSION=$(./tools/version.sh core/embed/projects/firmware/version.h)
- export NAME="firmware-T2T1-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^core\//
except:
- branches # run for tags only
tags:
- deploy
release core fw btconly deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/tt"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- core fw btconly build
script:
- export VERSION=$(./tools/version.sh core/embed/projects/firmware/version.h)
- export NAME="firmware-T2T1-btconly-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^core\//
except:
- branches # run for tags only
tags:
- deploy
release core fw regular debug deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/tt"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- core fw regular debug build
script:
- export VERSION=$(./tools/version.sh core/embed/projects/firmware/version.h)
- export NAME="firmware-T2T1-debug-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^core\//
except:
- branches # run for tags only
tags:
- deploy
release core fw btconly debug deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/tt"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- core fw btconly debug build
script:
- export VERSION=$(./tools/version.sh core/embed/projects/firmware/version.h)
- export NAME="firmware-T2T1-btconly-debug-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^core\//
except:
- branches # run for tags only
tags:
- deploy
# Legacy
release legacy fw regular deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/t1"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- legacy fw regular build
script:
- export VERSION=$(./tools/version.sh legacy/firmware/version.h)
- export NAME="firmware-T1B1-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^legacy\//
except:
- branches # run for tags only
tags:
- deploy
release legacy fw btconly deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/t1"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- legacy fw btconly build
script:
- export VERSION=$(./tools/version.sh legacy/firmware/version.h)
- export NAME="firmware-T1B1-btconly-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^legacy\//
except:
- branches # run for tags only
tags:
- deploy
release legacy fw regular debug deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/t1"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- legacy fw regular debug build
script:
- export VERSION=$(./tools/version.sh legacy/firmware/version.h)
- export NAME="firmware-T1B1-debug-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^legacy\//
except:
- branches # run for tags only
tags:
- deploy
release legacy fw btconly debug deploy:
stage: deploy
variables:
DEPLOY_DIRECTORY: "releases/firmwares/t1"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- legacy fw btconly debug build
script:
- export VERSION=$(./tools/version.sh legacy/firmware/version.h)
- export NAME="firmware-T1B1-btconly-debug-$VERSION-$CI_COMMIT_SHORT_SHA.bin"
- echo "Deploying to ${DEPLOY_DIRECTORY}/$NAME"
- mkdir -p "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}"
- rsync --delete -va $NAME "${DEPLOY_BASE_DIR}/${DEPLOY_DIRECTORY}/$NAME"
only:
- /^legacy\//
except:
- branches # run for tags only
tags:
- deploy
# Emulators, used also for upgrade tests
release core unix debug deploy:
stage: deploy
variables:
DEPLOY_PATH: "${DEPLOY_BASE_DIR}/releases/emulators"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- core unix frozen debug build
- core unix frozen debug build arm
script:
- export VERSION=$(./tools/version.sh core/embed/projects/firmware/version.h)
- DEST="$DEPLOY_PATH/trezor-emu-core-v$VERSION"
- DEST_ARM="$DEPLOY_PATH/arm/trezor-emu-core-v$VERSION-arm"
- echo "Deploying to $DEST and $DEST_ARM"
- $NIX_SHELL -p patchelf --run "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 core/build/unix/trezor-emu-core"
- $NIX_SHELL -p patchelf --run "patchelf --set-interpreter /lib/ld-linux-aarch64.so.1 core/build/unix/trezor-emu-core-arm"
- rsync --delete -va core/build/unix/trezor-emu-core "$DEST"
- rsync --delete -va core/build/unix/trezor-emu-core-arm "$DEST_ARM"
only:
- /^core\//
except:
- branches # run for tags only
tags:
- deploy
release legacy unix debug deploy:
stage: deploy
variables:
DEPLOY_PATH: "${DEPLOY_BASE_DIR}/releases/emulators"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- legacy emu regular debug build
- legacy emu regular debug build arm
script:
- export VERSION=$(./tools/version.sh legacy/firmware/version.h)
- DEST="$DEPLOY_PATH/trezor-emu-legacy-v$VERSION"
- DEST_ARM="$DEPLOY_PATH/arm/trezor-emu-legacy-v$VERSION-arm"
- echo "Deploying to $DEST and $DEST_ARM"
- $NIX_SHELL -p patchelf --run "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 legacy/firmware/trezor.elf"
- $NIX_SHELL -p patchelf --run "patchelf --set-interpreter /lib/ld-linux-aarch64.so.1 legacy/firmware/trezor-arm.elf"
- rsync --delete -va legacy/firmware/trezor.elf "$DEST"
- rsync --delete -va legacy/firmware/trezor-arm.elf "$DEST_ARM"
only:
- /^legacy\//
except:
- branches # run for tags only
tags:
- deploy
# UI tests
ui tests fixtures deploy:
stage: deploy
variables:
DEPLOY_PATH: "${DEPLOY_BASE_DIR}/ui_tests/"
BUCKET: "data.trezor.io"
GIT_SUBMODULE_STRATEGY: "none"
before_script: [] # no poetry
interruptible: false
needs:
- core click test
- core device test
- core persistence test
- legacy device test
- core device R test
- core click R test
script:
- echo "Deploying to $DEPLOY_PATH"
- rsync --delete -va ci/ui_test_records/* "$DEPLOY_PATH"
- source ${AWS_DEPLOY_DATA}
- aws s3 sync $DEPLOY_PATH s3://$BUCKET/dev/firmware/ui_tests
# This "hack" is needed because aws does not have an easy option to generate autoindex. We fetch the one autogenerated by nginx on local server.
- wget https://firmware.corp.sldev.cz/ui_tests/ -O index.html && aws s3 cp index.html s3://$BUCKET/dev/firmware/ui_tests/
tags:
- deploy
ui tests fixtures deploy nonenglish:
stage: deploy
variables:
DEPLOY_PATH: "${DEPLOY_BASE_DIR}/ui_tests/"
BUCKET: "data.trezor.io"
GIT_SUBMODULE_STRATEGY: "none"
only:
- schedules # nightly build
- /translations/ # translations branches
before_script: [] # no poetry
interruptible: false
needs:
- core click test czech
- core device test czech
- core device R test czech
- core click R test czech
- core click test german
- core device test german
- core device R test german
- core click R test german
- core click test french
- core device test french
- core device R test french
- core click R test french
- core click test spanish
- core device test spanish
- core device R test spanish
- core click R test spanish
script:
- echo "Deploying to $DEPLOY_PATH"
- rsync --delete -va ci/ui_test_records/* "$DEPLOY_PATH"
- source ${AWS_DEPLOY_DATA}
- aws s3 sync $DEPLOY_PATH s3://$BUCKET/dev/firmware/ui_tests
# This "hack" is needed because aws does not have an easy option to generate autoindex. We fetch the one autogenerated by nginx on local server.
- wget https://firmware.corp.sldev.cz/ui_tests/ -O index.html && aws s3 cp index.html s3://$BUCKET/dev/firmware/ui_tests/
tags:
- deploy
# sync to aws
sync emulators to aws:
stage: deploy
variables:
DEPLOY_PATH: "${DEPLOY_BASE_DIR}/releases/emulators/"
BUCKET: "data.trezor.io"
GIT_SUBMODULE_STRATEGY: "none"
interruptible: false
before_script: [] # no poetry
script:
- source ${AWS_DEPLOY_DATA}
- aws s3 sync $DEPLOY_PATH s3://$BUCKET/dev/firmware/releases/emulators/
# This "hack" is needed because aws does not have an easy option to generate autoindex. We fetch the one autogenerated by nginx on local server.
- wget https://firmware.corp.sldev.cz/releases/emulators/ -O index.html && aws s3 cp index.html s3://$BUCKET/dev/firmware/releases/emulators/
- wget https://firmware.corp.sldev.cz/releases/emulators/arm/ -O index.html && aws s3 cp index.html s3://$BUCKET/dev/firmware/releases/emulators/arm/
# invalidate cloudfront cache for dev/ directory.
- aws cloudfront create-invalidation --distribution-id E1ERY5K2OTKKI1 --paths '/dev/*'
only:
- /^legacy\//
- /^core\//
except:
- branches # run for tags only
tags:
- deploy

39
ci/environment.yml
View File

@ -1,39 +0,0 @@
# Connected with creating the testing image for CI.
# Environment job builds the `ci/Dockerfile` and pushes the built docker image
# into our GitLab registry. Since modifications of this Dockerfile are very rare
# this is a _manual_ job which needs to be triggered on GitLab.
# Almost all CI jobs run inside this docker image.
.environment:
stage: environment
image: docker
variables:
GIT_SUBMODULE_STRATEGY: none # no need to fetch submodules
CONTAINER_NAME: "$CI_REGISTRY/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix"
ALPINE_RELEASE: "3.15"
ALPINE_ARCH: "x86_64"
ALPINE_VERSION: "3.15.0"
ALPINE_CHECKSUM: "ec7ec80a96500f13c189a6125f2dbe8600ef593b87fc4670fe959dc02db727a2"
NIX_VERSION: "2.4"
services:
- docker:dind
before_script:
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
script:
- wget -nc -P ci/ https://dl-cdn.alpinelinux.org/alpine/v$ALPINE_RELEASE/releases/$ALPINE_ARCH/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz
- echo "${ALPINE_CHECKSUM} ci/alpine-minirootfs-$ALPINE_VERSION-$ALPINE_ARCH.tar.gz" | sha256sum -c
- docker build --tag $CONTAINER_NAME:$CI_COMMIT_SHA --tag $CONTAINER_NAME:latest --build-arg ALPINE_VERSION="$ALPINE_VERSION" --build-arg ALPINE_ARCH="$ALPINE_ARCH" --build-arg NIX_VERSION="$NIX_VERSION" --build-arg FULLDEPS_TESTING=1 ci/
- docker push $CONTAINER_NAME:$CI_COMMIT_SHA
- docker push $CONTAINER_NAME:latest
tags:
- runner0_dind
environment manual:
extends: .environment
when: manual
environment scheduled:
extends: .environment
only:
variables:
- $SCHEDULED_ENVIRONMENR_BUILD == "true"

166
ci/make_nonenglish_tests.py
View File

@ -1,166 +0,0 @@
from __future__ import annotations
import re
from dataclasses import dataclass
from pathlib import Path
from typing import Callable
HERE = Path(__file__).resolve().parent
TEST_FILE = HERE / "test-nonenglish.yml"
LANGS = {
"cs": "czech",
"fr": "french",
"de": "german",
"es": "spanish",
}
MODELS = ["T", "R"]
@dataclass
class Replacement:
start: str
end: str
replacement: str
def replace_content_between_markers(
file_path: Path | str, replacements: list[Replacement]
) -> None:
with open(file_path, "r") as file:
content = file.read()
for replace in replacements:
pattern = rf"({replace.start}.*?{replace.end})"
content = re.sub(
pattern,
f"{replace.start}\n{replace.replacement}\n{replace.end}",
content,
flags=re.DOTALL,
)
with open(file_path, "w") as file:
file.write(content)
def get_device_test(lang: str, model: str) -> str:
lang_long = LANGS[lang]
model_or_empty = f" {model}" if model != "T" else ""
model_needs_or_empty = f" {model}" if model != "T" else ""
return f"""\
core device{model_or_empty} test {lang_long}:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen{model_needs_or_empty} debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "{model}"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "{lang}" # {lang_long}
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
"""
def get_click_test(lang: str, model: str) -> str:
lang_long = LANGS[lang]
model_or_empty = f" {model}" if model != "T" else ""
model_needs_or_empty = f" {model}" if model != "T" else ""
return f"""\
core click{model_or_empty} test {lang_long}:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen{model_needs_or_empty} debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "{model}"
TEST_LANG: "{lang}" # {lang_long}
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
"""
def get_all_tests_text(func: Callable[[str, str], str]) -> str:
text = ""
for model in MODELS:
for lang in LANGS:
content = func(lang, model)
text += content + "\n"
return text
def fill_device_tests() -> None:
replacement = Replacement(
start=r"## START_DEVICE_TESTS",
end=r"## END_DEVICE_TESTS",
replacement=get_all_tests_text(get_device_test),
)
replace_content_between_markers(TEST_FILE, [replacement])
def fill_click_tests() -> None:
replacement = Replacement(
start=r"## START_CLICK_TESTS",
end=r"## END_CLICK_TESTS",
replacement=get_all_tests_text(get_click_test),
)
replace_content_between_markers(TEST_FILE, [replacement])
if __name__ == "__main__":
fill_device_tests()
fill_click_tests()

52
ci/posttest.yml
View File

@ -1,52 +0,0 @@
image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix
# Caching
.gitlab_caching: &gitlab_caching
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- .venv/
core unix coverage posttest:
stage: posttest
variables:
COVERAGE_THRESHOLD: "78"
<<: *gitlab_caching
needs:
- core click test
- core persistence test
- core device test
- core monero test
- core u2f test
- core fido2 test
script:
- $NIX_SHELL --run "poetry run make -C core coverage"
coverage: '/COVERAGE: \d+%/'
artifacts:
name: core-unix-coverage-posttest
paths:
- core/.coverage.*
- core/htmlcov
when: always
expire_in: 1 week
unix ui changes:
stage: posttest
except:
- main
<<: *gitlab_caching
needs:
- core click test
- core click R test
- core persistence test
- core device test
- core device R test
- legacy device test
script:
- $NIX_SHELL --run "poetry run python -m tests.ui_tests.reporting master-diff"
- mv tests/ui_tests/reports/master_diff .
artifacts:
name: core-unix-ui-changes
paths:
- master_diff
expire_in: 1 week

72
ci/prebuild.yml
View File

@ -1,72 +0,0 @@
# Static checks on the code.
image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix
# Caching
.gitlab_caching: &gitlab_caching
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- .venv/
# Check the code for style correctness and perform some static code analysis.
# Biggest part is the python one - using `flake8`, `isort`, `black`, `pylint` and `pyright`,
# also checking Rust files by `rustfmt` and C files by `clang-format`.
# Changelogs formats are checked.
style prebuild:
stage: prebuild
variables:
GIT_SUBMODULE_STRATEGY: "none"
<<: *gitlab_caching
script:
- $NIX_SHELL --run "poetry run make -j1 style_check"
# Check validity of coin definitions and protobuf files.
common prebuild:
stage: prebuild
<<: *gitlab_caching
script:
- $NIX_SHELL --run "poetry run make defs_check"
# Check validity of auto-generated files.
gen prebuild:
stage: prebuild
<<: *gitlab_caching
script:
- $NIX_SHELL --run "poetry run make -j1 gen_check"
# Checking format of .editorconfig files.
editor prebuild:
stage: prebuild
<<: *gitlab_caching
script:
- $NIX_SHELL --run "make editor_check"
# Checking the format of release commit messages.
release commit messages prebuild:
stage: prebuild
before_script: [] # nothing needed
variables:
# We need to clone the repo properly so we can work with origin/main.
GIT_STRATEGY: clone
only:
refs:
- /^release\//
variables:
# We want this to run on gitlab.com/satoshilabs/trezor/trezor-firmware only.
- $CI_PROJECT_PATH_SLUG == 'satoshilabs-trezor-trezor-firmware'
script:
- $NIX_SHELL --run "ci/check_release_commit_messages.sh"
# Verifying that all commits changing some functionality have a changelog entry
# or contain `[no changelog]` in the commit message.
changelog prebuild:
stage: prebuild
except:
- main
before_script: [] # nothing needed
variables:
GIT_SUBMODULE_STRATEGY: "none"
GIT_STRATEGY: clone
script:
- $NIX_SHELL --run "ci/check_changelog.sh"

587
ci/test-nonenglish.yml
View File

@ -1,587 +0,0 @@
# Tests for non-english languages, that run only nightly
# - apart from that, they run also for every branch containing "translations" in its name
image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix
# Caching
.gitlab_caching: &gitlab_caching
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- .venv/
## START_DEVICE_TESTS
core device test czech:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "cs" # czech
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device test french:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "fr" # french
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device test german:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "de" # german
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device test spanish:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "es" # spanish
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device R test czech:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "cs" # czech
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device R test french:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "fr" # french
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device R test german:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "de" # german
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device R test spanish:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
MULTICORE: "4" # more could interfere with other jobs
TEST_LANG: "es" # spanish
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
## END_DEVICE_TESTS
## START_CLICK_TESTS
core click test czech:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
TEST_LANG: "cs" # czech
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click test french:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
TEST_LANG: "fr" # french
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click test german:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
TEST_LANG: "de" # german
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click test spanish:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "T"
TEST_LANG: "es" # spanish
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click R test czech:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
TEST_LANG: "cs" # czech
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click R test french:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
TEST_LANG: "fr" # french
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click R test german:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
TEST_LANG: "de" # german
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click R test spanish:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1" # so that we get coverage data
TREZOR_MODEL: "R"
TEST_LANG: "es" # spanish
only:
- schedules # nightly build
- /translations/ # translations branches
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
## END_CLICK_TESTS

807
ci/test.yml
View File

@ -1,807 +0,0 @@
# All the tests run test cases on the freshly built emulators from the previous `BUILD` stage.
image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix
# Caching
.gitlab_caching: &gitlab_caching
cache:
key: "$CI_COMMIT_REF_SLUG"
paths:
- .venv/
# Core
# Python unit tests, checking core functionality.
core unit python test:
stage: test
<<: *gitlab_caching
needs:
- core unix regular build
script:
- $NIX_SHELL --run "poetry run make -C core test | ts -s"
# Python unit tests, checking core functionality. For model R.
core unit python R test:
stage: test
<<: *gitlab_caching
needs:
- core unix regular R build
script:
- $NIX_SHELL --run "poetry run make -C core test | ts -s"
# Rust unit tests.
core unit rust test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
script:
- $NIX_SHELL --run "poetry run make -C core clippy | ts -s"
- $NIX_SHELL --run "poetry run make -C core test_rust | ts -s"
core unit asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix regular asan build
only:
- schedules # nightly build
variables:
RUSTC_BOOTSTRAP: "1"
RUSTFLAGS: "-Z sanitizer=address"
ADDRESS_SANITIZER: "1"
LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt"
script:
- $NIX_SHELL --run "poetry run make -C core test | ts -s"
- $NIX_SHELL --run "poetry run make -C core clean build_unix | ts -s"
- $NIX_SHELL --run "poetry run make -C core test_rust | ts -s"
# Device tests for Core. Running device tests and also comparing screens
# with the expected UI result.
# See artifacts for a comprehensive report of UI.
# See [docs/tests/ui-tests](../tests/ui-tests.md) for more info.
core device test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: 1 # so that we get coverage data
MULTICORE: 4 # more could interfere with other jobs
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device R test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: "1"
TREZOR_MODEL: "R"
MULTICORE: 4 # more could interfere with other jobs
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_ui_multicore | ts -s"
after_script:
- mv core/src/.coverage.* core # there will be more coverage files (one per core)
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
- core/.coverage.*
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
core device asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
variables:
PYTEST_TIMEOUT: "600"
script:
- $NIX_SHELL --run "poetry run make -C core test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
# Device tests excluding altcoins, only for BTC.
core btconly device test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen btconly debug build
variables:
MICROPYTHON: "build/unix/trezor-emu-core-bitcoinonly"
TREZOR_PYTEST_SKIP_ALTCOINS: 1
script:
- $NIX_SHELL --run "poetry run make -C core test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
- tests/junit.xml
expire_in: 1 week
when: always
reports:
junit: tests/junit.xml
core btconly device asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen btconly debug asan build
only:
- schedules # nightly build
variables:
MICROPYTHON: "build/unix/trezor-emu-core-bitcoinonly"
TREZOR_PYTEST_SKIP_ALTCOINS: 1
PYTEST_TIMEOUT: "600"
script:
- $NIX_SHELL --run "poetry run make -C core test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
# Monero tests.
core monero test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: 1
script:
# see `python test` job for _PYTHON_SYSCONFIGDATA_NAME explanation
- $NIX_SHELL --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && poetry run make -C core test_emu_monero | ts -s"
- mv core/src/.coverage core/.coverage.test_emu_monero
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
- core/tests/trezor_monero_tests.log
- core/.coverage.*
expire_in: 1 week
when: always
core monero asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
variables:
TREZOR_PROFILING: 1
script:
# see `python test` job for _PYTHON_SYSCONFIGDATA_NAME explanation
- $NIX_SHELL --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && poetry run make -C core test_emu_monero | ts -s"
- mv core/src/.coverage core/.coverage.test_emu_monero
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
- core/tests/trezor_monero_tests.log
- core/.coverage.*
expire_in: 1 week
when: always
# Tests for U2F and HID.
core u2f test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: 1
script:
- $NIX_SHELL --run "poetry run make -C tests/fido_tests/u2f-tests-hid | ts -s"
- $NIX_SHELL --run "poetry run make -C core test_emu_u2f | ts -s"
- mv core/src/.coverage core/.coverage.test_emu_u2f
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
- core/.coverage.*
expire_in: 1 week
when: always
core u2f asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- $NIX_SHELL --run "poetry run make -C tests/fido_tests/u2f-tests-hid | ts -s"
- $NIX_SHELL --run "poetry run make -C core test_emu_u2f | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
# FIDO2 device tests.
core fido2 test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: 1
script:
- pgrep trezor-emu-core || true
- $NIX_SHELL --run "poetry run make -C core test_emu_fido2 | ts -s"
- pgrep trezor-emu-core || true
- mv core/src/.coverage core/.coverage.test_emu_fido2
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
expire_in: 1 week
reports:
junit: tests/junit.xml
when: always
core fido2 asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- pgrep trezor-emu-core || true
- $NIX_SHELL --run "poetry run make -C core test_emu_fido2 | ts -s"
- pgrep trezor-emu-core || true
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
expire_in: 1 week
when: always
# Click tests - UI.
# See [docs/tests/click-tests](../tests/click-tests.md) for more info.
core click test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: 1
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
# Click tests.
# See [docs/tests/click-tests](../tests/click-tests.md) for more info.
core click R test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen R debug build
variables:
TREZOR_PROFILING: 1
script:
- nix-shell --run "poetry run make -C core test_emu_click_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_click
- mv tests/ui_tests/reports/test/ test_ui_report
- nix-shell --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core click asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_click | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
# Upgrade tests.
# See [docs/tests/upgrade-tests](../tests/upgrade-tests.md) for more info.
core upgrade test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_UPGRADE_TEST: "core"
script:
- $NIX_SHELL --run "tests/download_emulators.sh"
- $NIX_SHELL --run "poetry run pytest --junitxml=tests/junit.xml tests/upgrade_tests | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core upgrade asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
variables:
TREZOR_UPGRADE_TEST: "core"
script:
- $NIX_SHELL --run "tests/download_emulators.sh"
- $NIX_SHELL --run "poetry run pytest --junitxml=tests/junit.xml tests/upgrade_tests | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
# Persistence tests - UI.
core persistence test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
variables:
TREZOR_PROFILING: 1
script:
- $NIX_SHELL --run "poetry run make -C core test_emu_persistence_ui | ts -s"
after_script:
- mv core/src/.coverage core/.coverage.test_persistence
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/trezor.log
- tests/junit.xml
- core/.coverage.*
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core persistence asan test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug asan build
only:
- schedules # nightly build
script:
- $NIX_SHELL --run "poetry run pytest --junitxml=tests/junit.xml tests/persistence_tests | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
core hwi test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
allow_failure: true
script:
- $NIX_SHELL --run "git clone https://github.com/bitcoin-core/HWI.git"
# see "python test" for explanation of _PYTHON_SYSCONFIGDATA_NAME
- $NIX_SHELL --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && cd HWI && poetry install && poetry run ./test/test_trezor.py --model_t ../core/build/unix/trezor-emu-core bitcoind"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- HWI/trezor-t-emulator.stdout
expire_in: 1 week
when: always
# Crypto
crypto test:
stage: test
only:
changes:
- .gitlab-ci.yml
- ci/**
- crypto/**
<<: *gitlab_caching
needs:
- crypto build
variables:
ASAN_OPTIONS: "verify_asan_link_order=0"
CK_TIMEOUT_MULTIPLIER: 5
script:
- ./crypto/tests/aestst
- ./crypto/tests/test_check
- ./crypto/tests/test_openssl 1000
- $NIX_SHELL --run "cd crypto && ITERS=10 poetry run pytest --junitxml=tests/junit.xml tests | ts -s"
- $NIX_SHELL --run "CK_TIMEOUT_MULTIPLIER=20 valgrind -q --error-exitcode=1 ./crypto/tests/test_check_noasan | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- crypto/tests/junit.xml
reports:
junit: crypto/tests/junit.xml
expire_in: 1 week
when: always
# Legacy
# Legacy device test - UI.
legacy device test:
stage: test
<<: *gitlab_caching
needs:
- legacy emu regular debug build
variables:
EMULATOR: "1"
script:
- $NIX_SHELL --run "poetry run make -C legacy test_emu_ui | ts -s"
after_script:
- mv tests/ui_tests/reports/test/ test_ui_report
- $NIX_SHELL --run "poetry run python ci/prepare_ui_artifacts.py | ts -s"
- diff -u tests/ui_tests/fixtures.json tests/ui_tests/fixtures.suggestion.json
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- ci/ui_test_records/
- test_ui_report
- tests/ui_tests/screens/
- tests/ui_tests/fixtures.suggestion.json
- tests/ui_tests/fixtures.results.json
- tests/junit.xml
- tests/trezor.log
when: always
expire_in: 1 week
reports:
junit: tests/junit.xml
legacy asan test:
stage: test
<<: *gitlab_caching
needs:
- legacy emu regular debug asan build
only:
- schedules # nightly build
variables:
EMULATOR: "1"
script:
- $NIX_SHELL --run "poetry run make -C legacy test_emu | ts -s"
legacy btconly test:
stage: test
<<: *gitlab_caching
needs:
- legacy emu btconly debug build
variables:
EMULATOR: "1"
EMULATOR_BINARY: "firmware/trezor-bitcoinonly.elf"
TREZOR_PYTEST_SKIP_ALTCOINS: 1
script:
- $NIX_SHELL --run "poetry run make -C legacy test_emu | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
legacy btconly asan test:
stage: test
<<: *gitlab_caching
needs:
- legacy emu btconly debug asan build
only:
- schedules # nightly build
variables:
EMULATOR: "1"
EMULATOR_BINARY: "firmware/trezor-bitcoinonly.elf"
TREZOR_PYTEST_SKIP_ALTCOINS: 1
script:
- $NIX_SHELL --run "poetry run make -C legacy test_emu | ts -s"
legacy upgrade test:
stage: test
<<: *gitlab_caching
needs:
- legacy emu regular debug build
variables:
TREZOR_UPGRADE_TEST: "legacy"
script:
- $NIX_SHELL --run "tests/download_emulators.sh"
- $NIX_SHELL --run "poetry run pytest --junitxml=tests/junit.xml tests/upgrade_tests | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
legacy upgrade asan test:
stage: test
<<: *gitlab_caching
needs:
- legacy emu regular debug asan build
only:
- schedules # nightly build
variables:
TREZOR_UPGRADE_TEST: "legacy"
script:
- $NIX_SHELL --run "tests/download_emulators.sh"
- $NIX_SHELL --run "poetry run pytest --junitxml=tests/junit.xml tests/upgrade_tests | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
legacy hwi test:
stage: test
<<: *gitlab_caching
needs:
- legacy emu regular debug build
variables:
EMULATOR: "1"
allow_failure: true
script:
- $NIX_SHELL --run "git clone https://github.com/bitcoin-core/HWI.git"
# see "python test" for explanation of _PYTHON_SYSCONFIGDATA_NAME
- $NIX_SHELL --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && cd HWI && poetry install && poetry run ./test/test_trezor.py --model_1 ../legacy/firmware/trezor.elf bitcoind"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- HWI/trezor-1-emulator.stdout
expire_in: 1 week
when: always
# Python
python test:
stage: test
<<: *gitlab_caching
needs: []
variables:
LC_ALL: "C.UTF-8"
LANG: "C.UTF-8"
script:
# Workaround for nixpkgs+tox integration failure which results in:
# ModuleNotFoundError: No module named '_sysconfigdata__linux_x86_64-linux-gnu'
# The value of _PYTHON_SYSCONFIGDATA_NAME has changed between python 3.7 and 3.8 and with
# multiple versions in your environment the older pythons don't seem to work under tox.
# When the variable is unset the interpreter seems to do the right thing. Can be removed in
# july 2023 when python 3.7 is EOLed.
# See also:
# https://github.com/NixOS/nixpkgs/blob/b00c7c2d1d905eb63c81a0917f1a94b763a7843b/pkgs/development/interpreters/python/cpython/default.nix#L103
# https://github.com/NixOS/nixpkgs/pull/98915
- $NIX_SHELL --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && cd python && poetry run tox | ts -s"
python support test:
stage: test
<<: *gitlab_caching
needs: []
script:
- $NIX_SHELL --run "poetry run make python_support_check | ts -s"
# Rust
rust test:
stage: test
<<: *gitlab_caching
needs:
- core unix frozen debug build
script:
- $NIX_SHELL --run "poetry run core/emu.py --headless -q --temporary-profile --slip0014 --command cargo test --manifest-path rust/trezor-client/Cargo.toml | ts -s"
# Storage
storage test:
stage: test
only:
changes:
- .gitlab-ci.yml
- ci/**
- storage/**
<<: *gitlab_caching
needs: []
script:
- unset PYTEST_TIMEOUT
- $NIX_SHELL --run "poetry run make -C storage/tests build | ts -s"
- $NIX_SHELL --run "poetry run make -C storage/tests tests_all | ts -s"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/junit.xml
reports:
junit: tests/junit.xml
expire_in: 1 week
when: always
# Memory profiling
core unix memory profiler:
stage: test
when: manual
<<: *gitlab_caching
needs: []
variables:
PYOPT: "0"
TREZOR_MEMPERF: "1"
PYTEST_TIMEOUT: "900"
script:
- $NIX_SHELL --run "poetry run make -C core build_unix_frozen | ts -s"
- $NIX_SHELL --run "poetry run make -C core test_emu | ts -s"
- $NIX_SHELL --run "mkdir core/prof/memperf-html"
- $NIX_SHELL --run "poetry run core/tools/alloc.py --alloc-data=core/src/alloc_data.txt html core/prof/memperf-html"
artifacts:
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
paths:
- tests/trezor.log
- core/prof/memperf-html
expire_in: 1 week
when: always
# Flash size profiling
# Finds out how much flash space we have left in the firmware build
# Fails if the free space is less than certain threshold
core firmware flash size checker:
stage: test
<<: *gitlab_caching
needs:
- core fw regular debug build
script:
- nix-shell --run "poetry run core/tools/size/checker.py /builds/satoshilabs/trezor/trezor-firmware/firmware.elf"
# Compares the current flash space with the situation in the current master
# Fails if the new binary is significantly larger than the master one
# (the threshold is defined in the script, currently 5kb).
# Allowing fir failure, not to prevent the merge.
# Also generates a report with the current situation
core firmware flash size compare master:
stage: test
<<: *gitlab_caching
allow_failure: true
needs:
- core fw regular build
script:
- nix-shell --run "poetry run core/tools/size/compare_master.py /builds/satoshilabs/trezor/trezor-firmware/firmware.elf -r firmware_elf_size_report.txt"
artifacts:
paths:
- firmware_elf_size_report.txt
expire_in: 1 week
# Connect
connect test core:
image: ghcr.io/trezor/trezor-user-env
stage: test
when: manual
tags:
- runner-internal
needs:
- core unix frozen debug build
variables:
SDL_VIDEODRIVER: "dummy"
before_script:
- cp /builds/satoshilabs/trezor/trezor-firmware/core/build/unix/trezor-emu-core /trezor-user-env/src/binaries/firmware/bin/trezor-emu-core-v2.99.99
- chmod +x /trezor-user-env/src/binaries/firmware/bin/trezor-emu-core-v2.99.99
- $NIX_SHELL --run "autoPatchelf /trezor-user-env/src/binaries/firmware/bin/trezor-emu-core-v2.99.99"
script:
- /trezor-user-env/run-nix.sh &
- $NIX_SHELL --run "tests/connect_tests/connect_tests.sh 2.99.99"
after_script:
- cp /trezor-user-env/logs/debugging.log trezor-user-env-debugging.log
- cp /trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log
artifacts:
paths:
- trezor-user-env-debugging.log
- tenv-emulator-bridge-debugging.log
expire_in: 1 week
when: always

2
docs/SUMMARY.md
View File

@ -43,8 +43,6 @@
- [Upgrade Tests](tests/upgrade-tests.md)
- [UI Tests](tests/ui-tests.md)
- [Click Tests](tests/click-tests.md)
- [CI](ci/index.md)
- [GitLab CI Jobs](ci/jobs.md)
- [Miscellaneous](misc/index.md)
- [Affected third-parties](misc/third-parties.md)
- [Changelog](misc/changelog.md)

7
docs/ci/index.md
View File

@ -1,7 +0,0 @@
# CI
The complete test suite is running on a public [GitLab CI](https://gitlab.com/satoshilabs/trezor/trezor-firmware). We currently do not have a CI for external contributors. If needed we will repush your PR to enable the CI.
See this [list](/docs/ci/jobs.md) of CI jobs descriptions for more info.
The CI folder contains all the .yml GitLab files that are included in the main `.gitlab.yml` to provide some basic structure. All GitLab CI Jobs run inside a docker image, which is built using the present `Dockerfile`. This image is stored in the GitLab registry.

339
docs/ci/jobs.md
View File

@ -1,339 +0,0 @@
# CI pipeline
(Generated automatically by `tools/generate_ci_docs.py`. Do not edit by hand.)
It consists of multiple stages below, each having one or more jobs
Latest CI pipeline of master branch can be seen at [https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/pipelines/master/latest](https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/pipelines/master/latest)
## ENVIRONMENT stage - [environment.yml](https://github.com/trezor/trezor-firmware/blob/master/ci/environment.yml)
Connected with creating the testing image for CI.
Consists of **3 jobs** below:
### [.environment](https://github.com/trezor/trezor-firmware/blob/master/ci/environment.yml#L7)
Environment job builds the `ci/Dockerfile` and pushes the built docker image
into our GitLab registry. Since modifications of this Dockerfile are very rare
this is a _manual_ job which needs to be triggered on GitLab.
Almost all CI jobs run inside this docker image.
### [environment manual](https://github.com/trezor/trezor-firmware/blob/master/ci/environment.yml#L31)
### [environment scheduled](https://github.com/trezor/trezor-firmware/blob/master/ci/environment.yml#L35)
---
## PREBUILD stage - [prebuild.yml](https://github.com/trezor/trezor-firmware/blob/master/ci/prebuild.yml)
Static checks on the code.
Consists of **6 jobs** below:
### [style prebuild](https://github.com/trezor/trezor-firmware/blob/master/ci/prebuild.yml#L16)
Check the code for style correctness and perform some static code analysis.
Biggest part is the python one - using `flake8`, `isort`, `black`, `pylint` and `pyright`,
also checking Rust files by `rustfmt` and C files by `clang-format`.
Changelogs formats are checked.
### [common prebuild](https://github.com/trezor/trezor-firmware/blob/master/ci/prebuild.yml#L25)
Check validity of coin definitions and protobuf files.
### [gen prebuild](https://github.com/trezor/trezor-firmware/blob/master/ci/prebuild.yml#L32)
Check validity of auto-generated files.
### [editor prebuild](https://github.com/trezor/trezor-firmware/blob/master/ci/prebuild.yml#L39)
Checking format of .editorconfig files.
### [release commit messages prebuild](https://github.com/trezor/trezor-firmware/blob/master/ci/prebuild.yml#L46)
Checking the format of release commit messages.
### [changelog prebuild](https://github.com/trezor/trezor-firmware/blob/master/ci/prebuild.yml#L63)
Verifying that all commits changing some functionality have a changelog entry
or contain `[no changelog]` in the commit message.
---
## BUILD stage - [build.yml](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml)
All builds are published as artifacts so they can be downloaded and used.
Consists of **33 jobs** below:
### [core fw regular build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L20)
Build of Core into firmware. Regular version.
**Are you looking for Trezor T firmware build? This is most likely it.**
### [core fw regular debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L43)
Build of Core into firmware with enabled _debug_ mode. In debug mode you can
upload mnemonic seed, use debug link etc. which enables device tests. Storage
on the device gets wiped on every start in this firmware.
### [core fw regular production build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L58)
### [core fw btconly build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L81)
Build of Core into firmware. Bitcoin-only version.
### [core fw btconly debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L98)
### [core fw btconly production build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L121)
### [core fw DISC1 build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L140)
### [core fw R debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L159)
### [core fw R build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L177)
### [core unix regular build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L196)
Non-frozen emulator build. This means you still need Python files
present which get interpreted.
### [core unix regular R build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L211)
Non-frozen emulator build for model R.
### [core unix regular asan build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L225)
### [core unix frozen regular build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L246)
Build of Core into UNIX emulator. Something you can run on your laptop.
Frozen version. That means you do not need any other files to run it,
it is just a single binary file that you can execute directly.
### [core unix frozen btconly debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L265)
Build of Core into UNIX emulator. Something you can run on your laptop.
Frozen version. That means you do not need any other files to run it,
it is just a single binary file that you can execute directly.
See [Emulator](../core/emulator/index.md) for more info.
Debug mode enabled, Bitcoin-only version.
### [core unix frozen btconly debug asan build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L281)
### [core unix frozen debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L304)
Build of Core into UNIX emulator. Something you can run on your laptop.
Frozen version. That means you do not need any other files to run it,
it is just a single binary file that you can execute directly.
**Are you looking for a Trezor T emulator? This is most likely it.**
### [core unix frozen R debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L317)
### [core unix frozen T3T1 debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L332)
### [core unix frozen R debug build arm](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L346)
### [core unix frozen T3T1 debug build arm](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L369)
### [core unix frozen debug asan build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L392)
### [core unix frozen debug build arm](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L408)
### [core macos frozen regular build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L430)
### [crypto build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L455)
Build of our cryptographic library, which is then incorporated into the other builds.
### [legacy fw regular build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L485)
### [legacy fw regular debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L501)
### [legacy fw btconly build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L518)
### [legacy fw btconly debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L537)
### [legacy emu regular debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L558)
Regular version (not only Bitcoin) of above.
**Are you looking for a Trezor One emulator? This is most likely it.**
### [legacy emu regular debug asan build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L573)
### [legacy emu regular debug build arm](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L591)
### [legacy emu btconly debug build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L617)
Build of Legacy into UNIX emulator. Use keyboard arrows to emulate button presses.
Bitcoin-only version.
### [legacy emu btconly debug asan build](https://github.com/trezor/trezor-firmware/blob/master/ci/build.yml#L634)
---
## TEST stage - [test.yml](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml)
All the tests run test cases on the freshly built emulators from the previous `BUILD` stage.
Consists of **39 jobs** below:
### [core unit python test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L15)
Python unit tests, checking core functionality.
### [core unit python R test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L24)
Python unit tests, checking core functionality. For model R.
### [core unit rust test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L33)
Rust unit tests.
### [core unit asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L42)
### [core device test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L63)
Device tests for Core. Running device tests and also comparing screens
with the expected UI result.
See artifacts for a comprehensive report of UI.
See [docs/tests/ui-tests](../tests/ui-tests.md) for more info.
### [core device R test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L94)
### [core device asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L126)
### [core btconly device test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L145)
Device tests excluding altcoins, only for BTC.
### [core btconly device asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L165)
### [core monero test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L186)
Monero tests.
### [core monero asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L206)
### [core u2f test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L229)
Tests for U2F and HID.
### [core u2f asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L248)
### [core fido2 test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L266)
FIDO2 device tests.
### [core fido2 asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L289)
### [core click test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L309)
Click tests - UI.
See [docs/tests/click-tests](../tests/click-tests.md) for more info.
### [core click R test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L341)
Click tests.
See [docs/tests/click-tests](../tests/click-tests.md) for more info.
### [core click asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L370)
### [core upgrade test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L391)
Upgrade tests.
See [docs/tests/upgrade-tests](../tests/upgrade-tests.md) for more info.
### [core upgrade asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L410)
### [core persistence test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L432)
Persistence tests - UI.
### [core persistence asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L462)
### [core hwi test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L480)
### [crypto test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L499)
### [legacy device test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L531)
Legacy device test - UI.
### [legacy asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L559)
### [legacy btconly test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L571)
### [legacy btconly asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L591)
### [legacy upgrade test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L606)
### [legacy upgrade asan test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L625)
### [legacy hwi test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L646)
### [python test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L666)
### [python support test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L685)
### [rust test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L694)
### [storage test](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L704)
### [core unix memory profiler](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L728)
### [core firmware flash size checker](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L754)
Finds out how much flash space we have left in the firmware build
Fails if the free space is less than certain threshold
### [core firmware flash size compare master](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L767)
Compares the current flash space with the situation in the current master
Fails if the new binary is significantly larger than the master one
(the threshold is defined in the script, currently 5kb).
Allowing fir failure, not to prevent the merge.
Also generates a report with the current situation
### [connect test core](https://github.com/trezor/trezor-firmware/blob/master/ci/test.yml#L782)
---
## TEST-NONENGLISH stage - [test-nonenglish.yml](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml)
Tests for non-english languages, that run only nightly
- apart from that, they run also for every branch containing "translations" in its name
Consists of **16 jobs** below:
### [core device test czech](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L14)
START_DEVICE_TESTS
### [core device test french](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L50)
### [core device test german](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L86)
### [core device test spanish](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L122)
### [core device R test czech](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L158)
### [core device R test french](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L194)
### [core device R test german](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L230)
### [core device R test spanish](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L266)
### [core click test czech](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L306)
START_CLICK_TESTS
### [core click test french](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L341)
### [core click test german](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L376)
### [core click test spanish](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L411)
### [core click R test czech](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L446)
### [core click R test french](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L481)
### [core click R test german](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L516)
### [core click R test spanish](https://github.com/trezor/trezor-firmware/blob/master/ci/test-nonenglish.yml#L551)
---
## POSTTEST stage - [posttest.yml](https://github.com/trezor/trezor-firmware/blob/master/ci/posttest.yml)
Consists of **2 jobs** below:
### [core unix coverage posttest](https://github.com/trezor/trezor-firmware/blob/master/ci/posttest.yml#L10)
### [unix ui changes](https://github.com/trezor/trezor-firmware/blob/master/ci/posttest.yml#L33)
---
## DEPLOY stage - [deploy.yml](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml)
Consists of **13 jobs** below:
### [release core fw regular deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L5)
### [release core fw btconly deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L27)
### [release core fw regular debug deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L49)
### [release core fw btconly debug deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L71)
### [release legacy fw regular deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L95)
### [release legacy fw btconly deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L117)
### [release legacy fw regular debug deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L139)
### [release legacy fw btconly debug deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L161)
### [release core unix debug deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L185)
### [release legacy unix debug deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L211)
### [ui tests fixtures deploy](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L239)
### [ui tests fixtures deploy nonenglish](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L264)
### [sync emulators to aws](https://github.com/trezor/trezor-firmware/blob/master/ci/deploy.yml#L304)
---

28
docs/index.md
View File

@ -6,24 +6,24 @@ Welcome to the Trezor Firmware repository. This repository is so called _monorep
## Repository Structure
* **[`ci`](https://github.com/trezor/trezor-firmware/tree/master/ci/)**: [Gitlab CI](https://gitlab.com/satoshilabs/trezor/trezor-firmware) configuration files
* **[`common/defs`](https://github.com/trezor/trezor-firmware/tree/master/common/defs/)**: JSON coin definitions and support tables
* **[`common/protob`](https://github.com/trezor/trezor-firmware/tree/master/common/protob/)**: Common protobuf definitions for the Trezor protocol
* **[`common/tools`](https://github.com/trezor/trezor-firmware/tree/master/common/tools/)**: Tools for managing coin definitions and related data
* **[`core`](https://github.com/trezor/trezor-firmware/tree/master/core/)**: Trezor Core, firmware implementation for Trezor T
* **[`crypto`](https://github.com/trezor/trezor-firmware/tree/master/crypto/)**: Stand-alone cryptography library used by both Trezor Core and the Trezor One firmware
* **[`docs`](https://github.com/trezor/trezor-firmware/tree/master/docs/)**: Assorted documentation
* **[`legacy`](https://github.com/trezor/trezor-firmware/tree/master/legacy/)**: Trezor One firmware implementation
* **[`python`](https://github.com/trezor/trezor-firmware/tree/master/python/)**: Python [client library](https://pypi.org/project/trezor) and the `trezorctl` command
* **[`storage`](https://github.com/trezor/trezor-firmware/tree/master/storage/)**: NORCOW storage implementation used by both Trezor Core and the Trezor One firmware
* **[`tests`](https://github.com/trezor/trezor-firmware/tree/master/tests/)**: Firmware unit test suite
* **[`tools`](https://github.com/trezor/trezor-firmware/tree/master/tools/)**: Miscellaneous build and helper scripts
* **[`vendor`](https://github.com/trezor/trezor-firmware/tree/master/vendor/)**: Submodules for external dependencies
* **[`ci`](https://github.com/trezor/trezor-firmware/tree/main/ci/)**: Helper files, data, and scripts for the CI pipeline
* **[`common/defs`](https://github.com/trezor/trezor-firmware/tree/main/common/defs/)**: JSON coin definitions and support tables
* **[`common/protob`](https://github.com/trezor/trezor-firmware/tree/main/common/protob/)**: Common protobuf definitions for the Trezor protocol
* **[`common/tools`](https://github.com/trezor/trezor-firmware/tree/main/common/tools/)**: Tools for managing coin definitions and related data
* **[`core`](https://github.com/trezor/trezor-firmware/tree/main/core/)**: Trezor Core, firmware implementation for Trezor T
* **[`crypto`](https://github.com/trezor/trezor-firmware/tree/main/crypto/)**: Stand-alone cryptography library used by both Trezor Core and the Trezor One firmware
* **[`docs`](https://github.com/trezor/trezor-firmware/tree/main/docs/)**: Assorted documentation
* **[`legacy`](https://github.com/trezor/trezor-firmware/tree/main/legacy/)**: Trezor One firmware implementation
* **[`python`](https://github.com/trezor/trezor-firmware/tree/main/python/)**: Python [client library](https://pypi.org/project/trezor) and the `trezorctl` command
* **[`storage`](https://github.com/trezor/trezor-firmware/tree/main/storage/)**: NORCOW storage implementation used by both Trezor Core and the Trezor One firmware
* **[`tests`](https://github.com/trezor/trezor-firmware/tree/main/tests/)**: Firmware unit test suite
* **[`tools`](https://github.com/trezor/trezor-firmware/tree/main/tools/)**: Miscellaneous build and helper scripts
* **[`vendor`](https://github.com/trezor/trezor-firmware/tree/main/vendor/)**: Submodules for external dependencies
## Contribute
See [CONTRIBUTING.md](https://github.com/trezor/trezor-firmware/tree/master/CONTRIBUTING.md).
See [CONTRIBUTING.md](https://github.com/trezor/trezor-firmware/tree/main/CONTRIBUTING.md).
Also please have a look at the docs, either in the `docs` folder or at [docs.trezor.io](https://docs.trezor.io) before contributing. The [misc](misc/index.md) chapter should be read in particular because it contains some useful assorted knowledge.

2
docs/tests/ui-tests.md
View File

@ -78,7 +78,7 @@ The script `tests/show_results.py` starts a local HTTP server that serves this p
this is necessary for access to browser local storage, which enables a simple reviewer
UI.
On CI this report is published as an artifact. You can see the latest `main` branch report [here](https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/jobs/artifacts/main/file/test_ui_report/index.html?job=core%20device%20test). The reviewer features work directly here.
On CI this report is published as an artifact.
If needed, you can use `python3 -m tests.ui_tests` to regenerate the report from local
recorded screens.

2
pyproject.toml
View File

@ -104,5 +104,5 @@ extra_standard_library = [
"trezorconfig",
"trezorcrypto",
]
known_first_party = ["trezorlib", "apps", "coin_info", "marketcap", "ui_tests", "gitlab"]
known_first_party = ["trezorlib", "apps", "coin_info", "marketcap", "ui_tests"]
known_third_party = ["trezor", "storage"]

191
tests/gitlab.py
View File

@ -1,191 +0,0 @@
"""
Helper functions for communication with Gitlab.
Allowing for interaction with the test results, e.g. with UI tests.
"""
from __future__ import annotations
import json
import re
from dataclasses import dataclass
from pathlib import Path
from typing import Any, Iterable, Iterator
import requests
AnyDict = dict[Any, Any]
HERE = Path(__file__).parent
BRANCHES_API_TEMPLATE = "https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/pipelines.json?scope=branches&page={}"
GRAPHQL_API = "https://gitlab.com/api/graphql"
RAW_REPORT_URL_TEMPLATE = (
"https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/jobs/{}/raw"
)
UI_JOBS_ENGLISH = [
"core click R test",
"core device R test",
"core click test",
"core device test",
"core persistence test",
"legacy device test",
]
def get_foreign_tests(langs: list[str]) -> list[str]:
result: list[str] = []
for lang in langs:
result += [
f"core click R test {lang}",
f"core device R test {lang}",
f"core click test {lang}",
f"core device test {lang}",
]
return result
FOREIGN_LANGS = ["french", "czech", "german", "spanish"]
UI_JOB_NAMES = UI_JOBS_ENGLISH + get_foreign_tests(FOREIGN_LANGS)
SAVE_GRAPHQL_RESULTS = False
@dataclass
class TestResult:
failed: int = 0
passed: int = 0
error: int = 0
@classmethod
def from_line(cls, line: str) -> TestResult:
self = TestResult()
for key in self.__annotations__:
match = re.search(rf"(\d+) {key}", line)
if match:
setattr(self, key, int(match.group(1)))
return self
@classmethod
def from_job_id(cls, job_id: str) -> TestResult:
report_link = RAW_REPORT_URL_TEMPLATE.format(job_id)
raw_content = requests.get(report_link).text
result_pattern = r"= .* passed.*s \(\d.*\) ="
result_line_match = re.search(result_pattern, raw_content)
if not result_line_match:
print("No results yet.")
return TestResult()
return cls.from_line(result_line_match.group(0))
def _get_gitlab_branches(page: int) -> list[AnyDict]:
return requests.get(BRANCHES_API_TEMPLATE.format(page)).json()["pipelines"]
def _get_branch_obj(branch_name: str) -> AnyDict:
# Trying first 10 pages of branches
for page in range(1, 11):
branches = _get_gitlab_branches(page)
for branch_obj in branches:
if branch_obj["ref"]["name"] == branch_name:
return branch_obj
raise ValueError(f"Branch {branch_name} not found")
def _get_pipeline_jobs_info(pipeline_iid: int) -> AnyDict:
# Getting just the stuff we need - the job names and IDs
graphql_query = """
query getJobsFromPipeline($projectPath: ID!, $iid: ID!) {
project(fullPath: $projectPath) {
pipeline(iid: $iid) {
stages {
nodes {
groups {
nodes {
jobs {
nodes {
id
name
}
}
}
}
}
}
}
}
}
"""
query = {
"query": graphql_query,
"variables": {
"projectPath": "satoshilabs/trezor/trezor-firmware",
"iid": pipeline_iid,
},
}
return requests.post(GRAPHQL_API, json=query).json()
def _yield_pipeline_jobs(pipeline_iid: int) -> Iterator[AnyDict]:
jobs_info = _get_pipeline_jobs_info(pipeline_iid)
if SAVE_GRAPHQL_RESULTS: # for development purposes
with open("jobs_info.json", "w") as f:
json.dump(jobs_info, f, indent=2)
stages = jobs_info["data"]["project"]["pipeline"]["stages"]["nodes"]
for stage in stages:
nodes = stage["groups"]["nodes"]
for node in nodes:
jobs = node["jobs"]["nodes"]
for job in jobs:
yield job
def _get_job_ui_fixtures_results(job: AnyDict) -> AnyDict:
print(f"Checking job {job['name']}")
job_id = job["id"].split("/")[-1]
job_results = TestResult.from_job_id(job_id)
if job_results.failed:
print(f"ERROR: Job {job['name']} failed - {job_results}")
return {}
url = f"https://satoshilabs.gitlab.io/-/trezor/trezor-firmware/-/jobs/{job_id}/artifacts/tests/ui_tests/fixtures.results.json"
response = requests.get(url)
if response.status_code != 200:
print("No UI results found")
return {}
return response.json()
def get_jobs_of_interest(
only_jobs: Iterable[str] | None, exclude_jobs: Iterable[str] | None
) -> Iterable[str]:
if only_jobs and exclude_jobs:
raise ValueError("Cannot specify both only_jobs and exclude_jobs")
if only_jobs:
return [job for job in UI_JOB_NAMES if job in only_jobs]
if exclude_jobs:
return [job for job in UI_JOB_NAMES if job not in exclude_jobs]
return UI_JOB_NAMES
def get_branch_ui_fixtures_results(
branch_name: str, jobs_of_interest: Iterable[str] | None = None
) -> dict[str, AnyDict]:
print(f"Checking branch {branch_name}")
if jobs_of_interest is None:
jobs_of_interest = UI_JOB_NAMES
branch_obj = _get_branch_obj(branch_name)
pipeline_iid = branch_obj["iid"]
def yield_key_value() -> Iterator[tuple[str, AnyDict]]:
for job in _yield_pipeline_jobs(pipeline_iid):
for ui_job_name in jobs_of_interest:
if job["name"] == ui_job_name:
yield job["name"], _get_job_ui_fixtures_results(job)
return dict(yield_key_value())

22
tests/update_fixtures.py
View File

@ -43,12 +43,6 @@ def _get_current_git_branch() -> str:
hidden=True,
expose_value=False,
)
@click.option(
"-l",
"--gitlab",
is_flag=True,
help="Fetch from Gitlab CI instead of GitHub Actions",
)
@click.option("-b", "--branch", help="Branch name")
@click.option("-r", "--run-id", help="GitHub Actions run id", type=int)
@click.option(
@ -65,7 +59,6 @@ def _get_current_git_branch() -> str:
)
@click.option("-r", "--remove-missing", is_flag=True, help="Remove missing tests")
def ci(
gitlab: bool,
branch: str | None,
run_id: int | None,
only_jobs: Iterable[str] | None,
@ -87,18 +80,11 @@ def ci(
if exclude_jobs:
print(f"Exclude jobs: {exclude_jobs}")
if not gitlab:
from github import get_branch_ui_fixtures_results
ui_results = get_branch_ui_fixtures_results(
branch, only_jobs, exclude_jobs, run_id
)
else:
from gitlab import get_branch_ui_fixtures_results, get_jobs_of_interest
jobs_of_interest = get_jobs_of_interest(only_jobs, exclude_jobs)
ui_results = get_branch_ui_fixtures_results(branch, jobs_of_interest)
from github import get_branch_ui_fixtures_results
ui_results = get_branch_ui_fixtures_results(
branch, only_jobs, exclude_jobs, run_id
)
current_fixtures = get_current_fixtures()
is_error = False

205
tools/generate_ci_docs.py
View File

@ -1,205 +0,0 @@
#!/usr/bin/env python3
"""
Automatic generator of documentation about CI jobs.
Analyzes all .yml files connected with CI, takes the most important information
and writes it into a README file.
Features:
- reads a job description from a comment above job definition
- includes a link to each file and also to job definition
Usage:
- put comments (starting with "#") directly above the job definition in .yml file
Running the script:
- `python generate_ci_docs.py` to generate the documentation
- `python generate_ci_docs.py --check` to check if documentation is up-to-date
"""
from __future__ import annotations
import argparse
import filecmp
import os
import re
import sys
from collections import OrderedDict
from pathlib import Path
from tempfile import NamedTemporaryFile
from typing import Any
import yaml
from mako.template import Template
parser = argparse.ArgumentParser()
parser.add_argument(
"--check",
action="store_true",
help="Check if there are no new changes in all CI .yml files",
)
args = parser.parse_args()
class DocsGenerator:
def __init__(self) -> None:
# Going to the root directory, so the relative
# locations of CI files are valid
os.chdir(Path(__file__).resolve().parent.parent)
self.GITLAB_CI_FILE = ".gitlab-ci.yml"
self.DOC_FILE = "docs/ci/jobs.md"
# Some keywords that are not job definitions and we should not care about them
self.NOT_JOBS = [
"variables:",
"image:",
".gitlab_caching:",
]
self.ALL_JOBS: dict[Path, dict[str, Any]] = OrderedDict()
self.FILES = self.get_all_ci_files()
def generate_docs(self) -> None:
"""Whole pipeline of getting and saving the CI information."""
for file in self.FILES:
self.ALL_JOBS[file] = {
"jobs": self.get_jobs_from_file(file),
"overall_description": self.get_overall_description_from_file(file),
}
self.save_docs_into_file()
def verify_docs(self) -> None:
"""Checking if the docs are up-to-date with current CI .yml files.
Creating a new doc file and comparing it against already existing one.
Exit with non-zero exit code when these files do not match.
"""
already_filled_doc_file = self.DOC_FILE
with NamedTemporaryFile() as temp_file:
self.DOC_FILE = temp_file.name
self.generate_docs()
if filecmp.cmp(already_filled_doc_file, self.DOC_FILE):
print("SUCCESS: Documentation is up-to-date!")
sys.exit(0)
else:
print("FAIL: Documentation is not up-to-date with CI .yml files!")
print(" Please run this script or `make gen`")
sys.exit(1)
def get_all_ci_files(self) -> list[Path]:
"""Loading all the CI files which are used in Gitlab."""
if not os.path.exists(self.GITLAB_CI_FILE):
raise RuntimeError(
f"Main Gitlab CI file under {self.GITLAB_CI_FILE} does not exist!"
)
with open(self.GITLAB_CI_FILE, "r") as f:
gitlab_file_content = yaml.safe_load(f)
all_ci_files = [Path(file) for file in gitlab_file_content["include"]]
for file in all_ci_files:
if not file.exists():
raise RuntimeError(f"File {file} does not exist!")
return all_ci_files
@staticmethod
def get_overall_description_from_file(file: Path) -> list[str]:
"""Looking for comments at the very beginning of the file."""
description_lines: list[str] = []
with open(file, "r") as f:
for line in f:
if line.startswith("#"):
# Taking just the text - no hashes, no whitespace
description_lines.append(line.strip("# \n"))
else:
break
return description_lines
def get_jobs_from_file(self, file: Path) -> dict[str, dict[str, Any]]:
"""Extract all jobs and their details from a certain file."""
all_jobs: dict[str, dict[str, Any]] = OrderedDict()
# Taking all the comments above a non-indented non-comment, which is
# always a job definition, unless defined in NOT_JOBS
with open(file, "r") as f:
comment_buffer: list[str] = []
for index, line in enumerate(f):
if line.startswith("#"):
# Taking just the text - no hashes, no whitespace
comment_buffer.append(line.strip("# \n"))
else:
# regex: first character of a line is a word-character or a dot
if re.search(r"\A[\w\.]", line) and not any(
[line.startswith(not_job) for not_job in self.NOT_JOBS]
):
job_name = line.rstrip(":\n")
all_jobs[job_name] = {
"description": comment_buffer,
"line_no": index + 1,
}
comment_buffer = []
return all_jobs
def save_docs_into_file(self) -> None:
"""Dump all the information into a documentation file."""
template_text = """
# CI pipeline
(Generated automatically by `tools/generate_ci_docs.py`. Do not edit by hand.)
It consists of multiple stages below, each having one or more jobs
Latest CI pipeline of master branch can be seen at [${latest_master}](${latest_master})
<%
## Needed because "##" is a comment in Mako templates
header_2 = "##"
header_3 = "###"
%>
% for file, file_info in all_jobs_items:
${header_2} ${file.stem.upper()} stage - [${file.name}](https://github.com/trezor/trezor-firmware/blob/master/${file})
% if file_info["overall_description"]:
% for stage_overall_description_line in file_info["overall_description"]:
${stage_overall_description_line}
% endfor
% endif
<%
job_amount = f"{len(file_info['jobs'])} job{'s' if len(file_info['jobs']) > 1 else ''}"
%>
Consists of **${job_amount}** below:
% for job_name, job_info in file_info["jobs"].items():
<%
github_job_link = f"https://github.com/trezor/trezor-firmware/blob/master/{file}#L{job_info['line_no']}"
%>
${header_3} [${job_name}](${github_job_link})
% if job_info["description"]:
% for job_description_line in job_info["description"]:
${job_description_line}
%endfor
% endif
% endfor
---
% endfor
""".strip()
with open(self.DOC_FILE, "w") as doc_file:
doc_text: str = Template(template_text).render(
latest_master="https://gitlab.com/satoshilabs/trezor/trezor-firmware/-/pipelines/master/latest",
all_jobs_items=self.ALL_JOBS.items(),
)
# Remove trailing whitespace coming from the template and include final newline
doc_file.writelines(line.rstrip() + "\n" for line in doc_text.splitlines())
if __name__ == "__main__":
if args.check:
DocsGenerator().verify_docs()
else:
DocsGenerator().generate_docs()