mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-11-22 23:48:12 +00:00
544 lines
16 KiB
YAML
544 lines
16 KiB
YAML
# All builds are published as artifacts so they can be downloaded and used.
|
|
|
|
image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix
|
|
|
|
# Caching
|
|
.gitlab_caching: &gitlab_caching
|
|
cache:
|
|
key: "$CI_COMMIT_REF_SLUG"
|
|
paths:
|
|
- .venv/
|
|
|
|
variables:
|
|
SDL_VIDEODRIVER: "dummy"
|
|
XDG_RUNTIME_DIR: "/var/tmp"
|
|
|
|
# Core
|
|
|
|
# Build of Core into firmware. Regular version.
|
|
# **Are you looking for Trezor T firmware build? This is most likely it.**
|
|
core fw regular build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_boardloader"
|
|
- nix-shell --run "poetry run make -C core build_bootloader"
|
|
- nix-shell --run "poetry run make -C core build_bootloader_ci"
|
|
- nix-shell --run "poetry run make -C core build_prodtest"
|
|
- nix-shell --run "poetry run make -C core build_firmware"
|
|
- nix-shell --run "poetry run make -C core sizecheck"
|
|
- cp core/build/firmware/firmware.bin trezor-fw-regular-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-regular-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
# Build of Core into firmware with enabled _debug_ mode. In debug mode you can
|
|
# upload mnemonic seed, use debug link etc. which enables device tests. Storage
|
|
# on the device gets wiped on every start in this firmware.
|
|
core fw regular debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
script:
|
|
- nix-shell --run "PYOPT=0 poetry run make -C core build_firmware"
|
|
- cp core/build/firmware/firmware.bin trezor-fw-regular-debug-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-regular-debug-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
core fw regular production build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- schedules # nightly build
|
|
variables:
|
|
PRODUCTION: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_boardloader"
|
|
- nix-shell --run "poetry run make -C core build_bootloader"
|
|
- nix-shell --run "poetry run make -C core build_bootloader_ci"
|
|
- nix-shell --run "poetry run make -C core build_prodtest"
|
|
- nix-shell --run "poetry run make -C core build_firmware"
|
|
- nix-shell --run "poetry run make -C core sizecheck"
|
|
- cp core/build/firmware/firmware.bin trezor-fw-regular-production-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-regular-production-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
# Build of Core into firmware. Bitcoin-only version.
|
|
core fw btconly build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_firmware"
|
|
- mv core/build/firmware/firmware.bin core/build/firmware/firmware-bitcoinonly.bin
|
|
- nix-shell --run "poetry run ./tools/check-bitcoin-only core/build/firmware/firmware-bitcoinonly.bin"
|
|
- cp core/build/firmware/firmware-bitcoinonly.bin trezor-fw-btconly-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
core fw btconly debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
PYOPT: "0"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_firmware"
|
|
- cp core/build/firmware/firmware.bin trezor-fw-btconly-debug-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
only: # currently used only for HW tests and deploys
|
|
- schedules # nightly build
|
|
- /^legacy\//
|
|
- /^release\//
|
|
- /^secfix\//
|
|
- /^hw\//
|
|
- /^core\//
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
core fw btconly production build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- schedules # nightly build
|
|
variables:
|
|
PRODUCTION: "1"
|
|
BITCOIN_ONLY: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_firmware"
|
|
- nix-shell --run "poetry run ./tools/check-bitcoin-only core/build/firmware/firmware.bin"
|
|
- cp core/build/firmware/firmware.bin trezor-fw-btconly-production-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-btconly-production-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
core fw btconly t1 build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
TREZOR_MODEL: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_firmware"
|
|
- cp core/build/firmware/firmware.bin trezor-fw-btconly-t1-$CORE_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-btconly-t1-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
# Non-frozen emulator build. This means you still need Python files
|
|
# present which get interpreted.
|
|
core unix regular build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- core/build/unix # most of it needed by test_rust
|
|
expire_in: 1 week
|
|
|
|
core unix regular asan build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- schedules # nightly build
|
|
variables:
|
|
ADDRESS_SANITIZER: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- core/build/unix # most of it needed by test_rust
|
|
expire_in: 1 week
|
|
|
|
# Build of Core into UNIX emulator. Something you can run on your laptop.
|
|
# Frozen version. That means you do not need any other files to run it,
|
|
# it is just a single binary file that you can execute directly.
|
|
core unix frozen regular build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- core/build/unix/trezor-emu-core
|
|
expire_in: 1 week
|
|
|
|
# Build of Core into UNIX emulator. Something you can run on your laptop.
|
|
# Frozen version. That means you do not need any other files to run it,
|
|
# it is just a single binary file that you can execute directly.
|
|
# See [Emulator](../core/emulator/index.md) for more info.
|
|
# Debug mode enabled, Bitcoin-only version.
|
|
core unix frozen btconly debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
PYOPT: "0"
|
|
BITCOIN_ONLY: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- core/build/unix/trezor-emu-core-bitcoinonly
|
|
expire_in: 1 week
|
|
|
|
core unix frozen btconly debug asan build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- schedules # nightly build
|
|
variables:
|
|
PYOPT: "0"
|
|
BITCOIN_ONLY: "1"
|
|
ADDRESS_SANITIZER: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- core/build/unix/trezor-emu-core-bitcoinonly
|
|
expire_in: 1 week
|
|
|
|
# Build of Core into UNIX emulator. Something you can run on your laptop.
|
|
# Frozen version. That means you do not need any other files to run it,
|
|
# it is just a single binary file that you can execute directly.
|
|
# **Are you looking for a Trezor T emulator? This is most likely it.**
|
|
core unix frozen debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
PYOPT: "0"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
untracked: true
|
|
expire_in: 1 week
|
|
|
|
|
|
core unix frozen ui2 debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
PYOPT: "0"
|
|
UI2: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
untracked: true
|
|
expire_in: 1 week
|
|
|
|
core unix frozen debug asan build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- schedules # nightly build
|
|
variables:
|
|
PYOPT: "0"
|
|
ADDRESS_SANITIZER: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
untracked: true
|
|
expire_in: 1 week
|
|
|
|
core unix frozen debug build arm:
|
|
image: nixos/nix
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- master
|
|
- tags
|
|
- /^release\//
|
|
- /^secfix\//
|
|
variables:
|
|
PYOPT: "0"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-arm
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
untracked: true
|
|
expire_in: 1 week
|
|
tags:
|
|
- docker_darwin_arm
|
|
|
|
core unix frozen btconly debug t1 build:
|
|
stage: build
|
|
needs: []
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
TREZOR_MODEL: "1"
|
|
script:
|
|
- nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-bitcoinonly
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- core/build/unix # most of it needed by test_rust
|
|
expire_in: 1 week
|
|
|
|
core macos frozen regular build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
when: manual
|
|
tags:
|
|
- darwin_arm
|
|
script:
|
|
- nix-shell --option system x86_64-darwin --run "poetry run make -C core build_unix_frozen"
|
|
- export NAME="trezor-emu-core.darwin"
|
|
- cp -v core/build/unix/trezor-emu-core ./$NAME
|
|
- chmod +x $NAME
|
|
- echo '"$(dirname "$BASH_SOURCE")"/trezor-emu-core.darwin' > trezor-emulator.command
|
|
- chmod u+x trezor-emulator.command
|
|
allow_failure: true
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-emu-core.darwin
|
|
- trezor-emulator.command
|
|
expire_in: 1 week
|
|
|
|
# Crypto
|
|
|
|
# Build of our cryptographic library, which is then incorporated into the other builds.
|
|
crypto build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
ADDRESS_SANITIZER: "1"
|
|
only:
|
|
changes:
|
|
- .gitlab-ci.yml
|
|
- ci/**
|
|
- crypto/**
|
|
script:
|
|
- cp -r crypto crypto_noasan
|
|
- nix-shell --run "poetry run make -C crypto"
|
|
- nix-shell --run "export ADDRESS_SANITIZER=0; poetry run make -C crypto_noasan"
|
|
- mv crypto_noasan/tests/test_check crypto/tests/test_check_noasan
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- crypto/tests/aestst
|
|
- crypto/tests/libtrezor-crypto.so
|
|
- crypto/tests/test_check
|
|
- crypto/tests/test_check_noasan
|
|
- crypto/tests/test_openssl
|
|
expire_in: 1 week
|
|
|
|
|
|
# Legacy
|
|
|
|
legacy fw regular build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
script:
|
|
- nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
|
|
- nix-shell --run "poetry run legacy/script/setup"
|
|
- nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
|
|
- nix-shell --run "poetry run make -C legacy/demo"
|
|
- mv legacy/firmware/trezor.bin trezor-fw-regular-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-regular-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
legacy fw regular debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
DEBUG_LINK: "1"
|
|
script:
|
|
- nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
|
|
- nix-shell --run "poetry run legacy/script/setup"
|
|
- nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
|
|
- mv legacy/firmware/trezor.bin trezor-fw-regular-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-regular-debug-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
legacy fw btconly build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
script:
|
|
- nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
|
|
- nix-shell --run "poetry run legacy/script/setup"
|
|
- nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
|
|
- mv legacy/firmware/trezor.bin legacy/firmware/trezor-bitcoinonly.bin
|
|
- nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor-bitcoinonly.bin"
|
|
- mv legacy/firmware/trezor-bitcoinonly.bin trezor-fw-btconly-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
legacy fw btconly debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
DEBUG_LINK: "1"
|
|
script:
|
|
- nix-shell --run "export PRODUCTION=1 && poetry run legacy/script/cibuild"
|
|
- nix-shell --run "poetry run legacy/script/setup"
|
|
- nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild"
|
|
- nix-shell --run "poetry run ./tools/check-bitcoin-only legacy/firmware/trezor.bin"
|
|
- mv legacy/firmware/trezor.bin trezor-fw-btconly-debug-$LEGACY_VERSION-$CI_COMMIT_SHORT_SHA.bin
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- trezor-fw-btconly-*.*.*-$CI_COMMIT_SHORT_SHA.bin
|
|
expire_in: 1 week
|
|
|
|
# Regular version (not only Bitcoin) of above.
|
|
# **Are you looking for a Trezor One emulator? This is most likely it.**
|
|
legacy emu regular debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
DEBUG_LINK: "1"
|
|
EMULATOR: "1"
|
|
script:
|
|
- nix-shell --run "poetry run legacy/script/cibuild"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- legacy/firmware/trezor.elf
|
|
expire_in: 1 week
|
|
|
|
legacy emu regular debug asan build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- schedules # nightly build
|
|
variables:
|
|
DEBUG_LINK: "1"
|
|
EMULATOR: "1"
|
|
ADDRESS_SANITIZER: "1"
|
|
script:
|
|
- nix-shell --run "poetry run legacy/script/cibuild"
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- legacy/firmware/trezor.elf
|
|
expire_in: 1 week
|
|
|
|
legacy emu regular debug build arm:
|
|
image: nixos/nix
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- master
|
|
- tags
|
|
- /^release\//
|
|
- /^secfix\//
|
|
variables:
|
|
DEBUG_LINK: "1"
|
|
EMULATOR: "1"
|
|
script:
|
|
- nix-shell --run "poetry run legacy/script/cibuild"
|
|
- mv legacy/firmware/trezor.elf legacy/firmware/trezor-arm.elf
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- legacy/firmware/trezor-arm.elf
|
|
expire_in: 1 week
|
|
tags:
|
|
- docker_darwin_arm
|
|
|
|
# Build of Legacy into UNIX emulator. Use keyboard arrows to emulate button presses.
|
|
# Bitcoin-only version.
|
|
legacy emu btconly debug build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
DEBUG_LINK: "1"
|
|
EMULATOR: "1"
|
|
script:
|
|
- nix-shell --run "poetry run legacy/script/cibuild"
|
|
- mv legacy/firmware/trezor.elf legacy/firmware/trezor-bitcoinonly.elf
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- legacy/firmware/trezor-bitcoinonly.elf
|
|
expire_in: 1 week
|
|
|
|
legacy emu btconly debug asan build:
|
|
stage: build
|
|
<<: *gitlab_caching
|
|
needs: []
|
|
only:
|
|
- schedules # nightly build
|
|
variables:
|
|
BITCOIN_ONLY: "1"
|
|
DEBUG_LINK: "1"
|
|
EMULATOR: "1"
|
|
ADDRESS_SANITIZER: "1"
|
|
script:
|
|
- nix-shell --run "poetry run legacy/script/cibuild"
|
|
- mv legacy/firmware/trezor.elf legacy/firmware/trezor-bitcoinonly.elf
|
|
artifacts:
|
|
name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA"
|
|
paths:
|
|
- legacy/firmware/trezor-bitcoinonly.elf
|
|
expire_in: 1 week
|