image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix

variables:
  SDL_VIDEODRIVER: "dummy"
  XDG_RUNTIME_DIR: "/var/tmp"

# Core

core fw regular build:
  stage: build
  needs: []
  script:
    - nix-shell --run "poetry run make -C core build_boardloader"
    - nix-shell --run "poetry run make -C core build_bootloader"
    - nix-shell --run "poetry run make -C core build_bootloader_ci"
    - nix-shell --run "poetry run make -C core build_prodtest"
    - nix-shell --run "poetry run make -C core build_firmware"
    - nix-shell --run "poetry run make -C core sizecheck"
    - cp core/build/firmware/firmware.bin trezor-fw-regular-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-regular-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

core fw regular debug build:
  stage: build
  needs: []
  script:
    - nix-shell --run "PYOPT=0 poetry run make -C core build_firmware"
    - cp core/build/firmware/firmware.bin trezor-fw-regular-debug-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-regular-debug-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

core fw btconly build:
  stage: build
  needs: []
  variables:
    BITCOIN_ONLY: "1"
  script:
    - nix-shell --run "poetry run make -C core build_firmware"
    - mv core/build/firmware/firmware.bin core/build/firmware/firmware-bitcoinonly.bin
    - nix-shell --run "poetry run ./tools/check-bitcoin-only core/build/firmware/firmware-bitcoinonly.bin"
    - cp core/build/firmware/firmware-bitcoinonly.bin trezor-fw-btconly-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

core fw btconly debug build:
  stage: build
  needs: []
  variables:
    BITCOIN_ONLY: "1"
    PYOPT: "0"
  script:
    - nix-shell --run "poetry run make -C core build_firmware"
    - cp core/build/firmware/firmware.bin trezor-fw-btconly-debug-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
  only:  # currently used only for HW tests and deploys
    - schedules  # nightly build
    - /^legacy\//
    - /^release\//
    - /^secfix\//
    - /^hw\//
    - /^core\//
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

core fw btconly t1 build:
  stage: build
  needs: []
  variables:
    BITCOIN_ONLY: "1"
    TREZOR_MODEL: "1"
  script:
    - nix-shell --run "poetry run make -C core build_firmware"
    - cp core/build/firmware/firmware.bin trezor-fw-btconly-t1-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-btconly-t1-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

core unix regular build:
  stage: build
  needs: []
  script:
    - nix-shell --run "poetry run make -C core build_unix"
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - core/build/unix/trezor-emu-core
    expire_in: 1 week

core unix frozen regular build:
  stage: build
  needs: []
  script:
    - nix-shell --run "poetry run make -C core build_unix_frozen"
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - core/build/unix/trezor-emu-core
    expire_in: 1 week

core unix frozen btconly debug build:
  stage: build
  needs: []
  variables:
    PYOPT: "0"
    BITCOIN_ONLY: "1"
  script:
    - nix-shell --run "poetry run make -C core build_unix_frozen"
    - mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - core/build/unix/trezor-emu-core-bitcoinonly
    expire_in: 1 week

core unix frozen debug build:
  stage: build
  needs: []
  variables:
    PYOPT: "0"
  script:
    - nix-shell --run "poetry run make -C core build_unix_frozen"
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    untracked: true
    expire_in: 1 week

core macos frozen regular build:
  stage: build
  needs: []
  when: manual
  tags:
    - darwin
  script:
    - nix-shell --run "poetry run make -C core build_unix_frozen"
    - export NAME="trezor-emu-core.darwin"
    - cp -v core/build/unix/trezor-emu-core ./$NAME
    - chmod +x $NAME
    - echo '"$(dirname "$BASH_SOURCE")"/trezor-emu-core.darwin' > trezor-emulator.command
    - chmod u+x trezor-emulator.command
  allow_failure: true
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-emu-core.darwin
      - trezor-emulator.command
    expire_in: 1 week

# Crypto

crypto build:
  stage: build
  needs: []
  only:
    changes:
      - .gitlab-ci.yml
      - ci/**/*
      - crypto/**/*
  script:
    - nix-shell --run "poetry run make -C crypto"
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - crypto/tests/aestst
      - crypto/tests/libtrezor-crypto.so
      - crypto/tests/test_check
      - crypto/tests/test_openssl
    expire_in: 1 week


# Legacy

legacy fw regular build:
  stage: build
  needs: []
  variables:
    MEMORY_PROTECT: "0"
  script:
    - nix-shell --run "poetry run legacy/script/cibuild"
    - nix-shell --run "poetry run make -C legacy/demo"
    - mv legacy/firmware/trezor.bin trezor-fw-regular-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-regular-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

legacy fw regular debug build:
  stage: build
  needs: []
  variables:
    DEBUG_LINK: "1"
    MEMORY_PROTECT: "0"
  script:
    - nix-shell --run "poetry run legacy/script/cibuild"
    - mv legacy/firmware/trezor.bin trezor-fw-regular-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-regular-debug-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

legacy fw btconly build:
  stage: build
  needs: []
  variables:
    BITCOIN_ONLY: "1"
    MEMORY_PROTECT: "0"
  script:
    - nix-shell --run "poetry run legacy/script/cibuild"
    - mv legacy/firmware/trezor.bin legacy/firmware/trezor-bitcoinonly.bin
    - nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor-bitcoinonly.bin"
    - mv legacy/firmware/trezor-bitcoinonly.bin trezor-fw-btconly-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

legacy fw btconly debug build:
  stage: build
  needs: []
  variables:
    BITCOIN_ONLY: "1"
    MEMORY_PROTECT: "0"
    DEBUG_LINK: "1"
  script:
    - nix-shell --run "poetry run legacy/script/cibuild"
    - nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor.bin"
    - mv legacy/firmware/trezor.bin trezor-fw-btconly-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
    expire_in: 1 week

legacy emu regular debug build:
  stage: build
  needs: []
  variables:
    DEBUG_LINK: "1"
    EMULATOR: "1"
  script:
    - nix-shell --run "poetry run legacy/script/cibuild"
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - legacy/firmware/trezor.elf
    expire_in: 1 week

legacy emu btconly debug build:
  stage: build
  needs: []
  variables:
    BITCOIN_ONLY: "1"
    DEBUG_LINK: "1"
    EMULATOR: "1"
  script:
    - nix-shell --run "poetry run legacy/script/cibuild"
    - mv legacy/firmware/trezor.elf legacy/firmware/trezor-bitcoinonly.elf
  artifacts:
    name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
    paths:
      - legacy/firmware/trezor-bitcoinonly.elf
    expire_in: 1 week