mirror of
https://github.com/trezor/trezor-firmware.git
synced 2024-12-23 06:48:16 +00:00
854 lines
37 KiB
YAML
854 lines
37 KiB
YAML
name: Core
|
|
|
|
on:
|
|
pull_request:
|
|
types:
|
|
- opened
|
|
- reopened
|
|
- synchronize # branch head update
|
|
- labeled
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: '15 23 * * *' # every day @ 23:15
|
|
|
|
# cancel any previous runs on the same PR
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
id-token: write # for fetching the OIDC token
|
|
contents: read # for actions/checkout
|
|
pull-requests: write # For dflook comments on PR
|
|
|
|
env:
|
|
PULL_COMMENT: |
|
|
|core UI changes|device test|click test|persistence test|
|
|
|---------------|-----------|----------|----------------|
|
|
|T2T1 Model T |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_device_test/status.png" width="24" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_device_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_device_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_device_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_device_test/master_diff.html)) |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_click_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_click_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_click_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_click_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_click_test/master_diff.html)) |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_persistence_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_persistence_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_persistence_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_persistence_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T2T1-en-core_persistence_test/master_diff.html))||
|
|
|T3B1 Safe 3 |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_device_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_device_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_device_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_device_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_device_test/master_diff.html)) |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_click_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_click_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_click_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_click_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_click_test/master_diff.html)) |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_persistence_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_persistence_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_persistence_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_persistence_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3B1-en-core_persistence_test/master_diff.html))||
|
|
|T3T1 Safe 5 |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_device_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_device_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_device_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_device_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_device_test/master_diff.html)) |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_click_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_click_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_click_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_click_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_click_test/master_diff.html)) |<img src="https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_persistence_test/status.png" width="20px" height="20px" /> [test](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_persistence_test/index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_persistence_test/differing_screens.html)) [main](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_persistence_test/master_index.html)([screens](https://data.trezor.io/dev/firmware/ui_report/${{ github.run_id }}/T3T1-en-core_persistence_test/master_diff.html))||
|
|
|All |<img src="https://data.trezor.io/dev/firmware/master_diff/${{ github.run_id }}/status.png" width="20px" height="20px" /> [main](https://data.trezor.io/dev/firmware/master_diff/${{ github.run_id }}/index.html)([screens](https://data.trezor.io/dev/firmware/master_diff/${{ github.run_id }}/master_diff.html)) ||
|
|
|
|
jobs:
|
|
param:
|
|
name: Determine pipeline parameters
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
test_lang: ${{ steps.set_vars.outputs.test_lang }}
|
|
asan: ${{ steps.set_vars.outputs.asan }}
|
|
steps:
|
|
- id: set_vars
|
|
name: Set variables
|
|
run: |
|
|
echo test_lang=${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'translations') && '[\"en\", \"cs\", \"fr\", \"de\", \"es\", \"pt\"]' || '[\"en\"]' }} >> $GITHUB_OUTPUT
|
|
echo asan=${{ github.event_name == 'schedule' && '[\"noasan\", \"asan\"]' || '[\"noasan\"]' }} >> $GITHUB_OUTPUT
|
|
cat $GITHUB_OUTPUT
|
|
|
|
core_firmware:
|
|
name: Build firmware (${{ matrix.model }}, ${{ matrix.coins }}, ${{ matrix.type }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1, T3W1]
|
|
coins: [universal, btconly]
|
|
type: ${{ fromJSON(github.event_name == 'schedule' && '["normal", "debuglink", "production"]' || '["normal", "debuglink"]') }}
|
|
protocol: [v1]
|
|
include:
|
|
- model: D001
|
|
coins: universal
|
|
type: normal
|
|
- model: T2T1
|
|
coins: universal
|
|
type: debuglink
|
|
protocol: v2
|
|
- model: T2T1
|
|
coins: btconly
|
|
type: debuglink
|
|
protocol: v2
|
|
- model: T3T1
|
|
coins: universal
|
|
type: debuglink
|
|
protocol: v2
|
|
- model: T3T1
|
|
coins: btconly
|
|
type: debuglink
|
|
protocol: v2
|
|
exclude:
|
|
- model: T3W1
|
|
type: production
|
|
env:
|
|
TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || matrix.model == 'D001' && 'DISC1' || matrix.model }}
|
|
BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }}
|
|
PYOPT: ${{ matrix.type == 'debuglink' && '0' || '1' }}
|
|
PRODUCTION: ${{ matrix.type == 'production' && '1' || '0' }}
|
|
BOOTLOADER_DEVEL: ${{ matrix.model == 'T3W1' && '1' || '0' }}
|
|
THP: ${{ matrix.protocol == 'v2' && '1' || '0'}}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core build_boardloader"
|
|
if: matrix.coins == 'universal' && matrix.type != 'debuglink'
|
|
- run: nix-shell --run "poetry run make -C core build_bootloader"
|
|
if: matrix.coins == 'universal' && matrix.type != 'debuglink'
|
|
- run: nix-shell --run "poetry run make -C core build_bootloader_ci"
|
|
if: matrix.coins == 'universal' && matrix.type != 'debuglink' && matrix.model == 'T2T1'
|
|
- run: nix-shell --run "poetry run make -C core build_prodtest"
|
|
if: matrix.coins == 'universal' && matrix.type != 'debuglink'
|
|
- run: nix-shell --run "poetry run make -C core build_firmware"
|
|
- run: nix-shell --run "poetry run make -C core sizecheck"
|
|
if: matrix.coins == 'universal' && matrix.type != 'debuglink'
|
|
- run: nix-shell --run "poetry run ./tools/check-bitcoin-only core/build/firmware/firmware.bin"
|
|
if: matrix.coins == 'btconly' && matrix.type != 'debuglink'
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-firmware-${{ matrix.model }}-${{ matrix.coins }}-${{ matrix.type }}-protocol_${{ matrix.protocol }}
|
|
path: |
|
|
core/build/boardloader/*.bin
|
|
core/build/bootloader/*.bin
|
|
core/build/bootloader_ci/*.bin
|
|
core/build/prodtest/*.bin
|
|
core/build/firmware/firmware.elf
|
|
core/build/firmware/firmware-*.bin
|
|
retention-days: 7
|
|
|
|
core_emu:
|
|
name: Build emu (${{ matrix.model }}, ${{ matrix.coins }}, ${{ matrix.type }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs: param
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1, T3W1]
|
|
coins: [universal, btconly]
|
|
# type: [normal, debuglink]
|
|
type: [debuglink]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1]
|
|
exclude:
|
|
- type: normal
|
|
asan: asan
|
|
include:
|
|
- model: T2T1
|
|
coins: universal
|
|
type: debuglink
|
|
asan: noasan
|
|
protocol: v2
|
|
- model: T2T1
|
|
coins: btconly
|
|
type: debuglink
|
|
asan: noasan
|
|
protocol: v2
|
|
- model: T3T1
|
|
coins: universal
|
|
type: debuglink
|
|
asan: noasan
|
|
protocol: v2
|
|
- model: T3T1
|
|
coins: btconly
|
|
type: debuglink
|
|
asan: noasan
|
|
protocol: v2
|
|
env:
|
|
TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || matrix.model }}
|
|
BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }}
|
|
PYOPT: ${{ matrix.type == 'debuglink' && '0' || '1' }}
|
|
ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }}
|
|
LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt"
|
|
THP: ${{ matrix.protocol == 'v2' && '1' || '0'}}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core build_bootloader_emu"
|
|
if: matrix.coins == 'universal' && matrix.asan == 'noasan'
|
|
- run: nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- run: cp core/build/unix/trezor-emu-core core/build/unix/trezor-emu-core-${{ matrix.model }}-${{ matrix.coins }}
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-${{ matrix.coins }}-${{ matrix.type }}-${{ matrix.asan }}-protocol_${{ matrix.protocol }}
|
|
path: |
|
|
core/build/unix/trezor-emu-core*
|
|
core/build/bootloader_emu/bootloader.elf
|
|
retention-days: 7
|
|
|
|
core_emu_arm:
|
|
if: github.event_name == 'schedule'
|
|
name: Build emu arm
|
|
runs-on: ubuntu-latest-arm64
|
|
needs: param
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1, T3W1]
|
|
coins: [universal]
|
|
type: [debuglink]
|
|
asan: [noasan]
|
|
exclude:
|
|
- type: normal
|
|
asan: asan
|
|
env:
|
|
TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || matrix.model }}
|
|
BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }}
|
|
PYOPT: ${{ matrix.type == 'debuglink' && '0' || '1' }}
|
|
ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }}
|
|
LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt"
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core build_bootloader_emu"
|
|
if: matrix.coins == 'universal'
|
|
- run: nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- run: mv core/build/unix/trezor-emu-core core/build/unix/trezor-emu-arm-core-${{ matrix.model }}-${{ matrix.coins }}
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-emu-arm-${{ matrix.model }}-${{ matrix.coins }}-${{ matrix.type }}-${{ matrix.asan }}
|
|
path: |
|
|
core/build/unix/trezor-emu-*
|
|
core/build/bootloader_emu/bootloader.elf
|
|
retention-days: 2
|
|
|
|
core_unit_python_test:
|
|
name: Python unit tests (${{ matrix.model }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs: param
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1, T3W1]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1, v2]
|
|
env:
|
|
TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || matrix.model }}
|
|
ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }}
|
|
LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt"
|
|
THP: ${{ matrix.protocol == 'v2' && '1' || '0'}}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core build_unix"
|
|
- run: nix-shell --run "poetry run make -C core test"
|
|
|
|
core_unit_rust_test:
|
|
name: Rust unit tests (${{ matrix.model }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1, T3W1]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1, v2]
|
|
env:
|
|
TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || matrix.model }}
|
|
ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }}
|
|
RUSTC_BOOTSTRAP: ${{ matrix.asan == 'asan' && '1' || '0' }}
|
|
RUSTFLAGS: ${{ matrix.asan == 'asan' && '-Z sanitizer=address' || '' }}
|
|
LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt"
|
|
THP: ${{ matrix.protocol == 'v2' && '1' || '0'}}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- run: nix-shell --run "poetry run make -C core clippy"
|
|
- run: nix-shell --run "poetry run make -C core test_rust"
|
|
|
|
core_rust_client_test:
|
|
name: Rust trezor-client tests
|
|
runs-on: ubuntu-latest
|
|
needs: core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-noasan-protocol_v1
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run core/emu.py --headless -q --temporary-profile --slip0014 --command cargo test --manifest-path rust/trezor-client/Cargo.toml"
|
|
|
|
# Device tests for Core. Running device tests and also comparing screens
|
|
# with the expected UI result.
|
|
# See artifacts for a comprehensive report of UI.
|
|
# See [docs/tests/ui-tests](../tests/ui-tests.md) for more info.
|
|
core_device_test:
|
|
name: Device tests (${{ matrix.model }}, ${{ matrix.coins }}, ${{ matrix.asan }}, ${{ matrix.lang }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1]
|
|
coins: [universal, btconly]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
lang: ${{ fromJSON(needs.param.outputs.test_lang) }}
|
|
protocol: [v1]
|
|
include:
|
|
- model: T2T1
|
|
coins: universal
|
|
asan: noasan
|
|
lang: en
|
|
protocol: v2
|
|
env:
|
|
TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }}
|
|
TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || matrix.model }}
|
|
TREZOR_PYTEST_SKIP_ALTCOINS: ${{ matrix.coins == 'btconly' && '1' || '0' }}
|
|
ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }}
|
|
PYTEST_TIMEOUT: ${{ matrix.asan == 'asan' && 600 || 400 }}
|
|
ACTIONS_DO_UI_TEST: ${{ matrix.coins == 'universal' && matrix.asan == 'noasan' }}
|
|
TEST_LANG: ${{ matrix.lang }}
|
|
THP: ${{ matrix.protocol == 'v2' && '1' || '0'}}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-${{ matrix.coins }}-debuglink-${{ matrix.asan }}-protocol_${{ matrix.protocol }}
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core ${{ env.ACTIONS_DO_UI_TEST == 'true' && 'test_emu_ui_multicore' || 'test_emu' }}"
|
|
- run: tail -n50 tests/trezor.log || true
|
|
if: failure()
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-test-device-${{ matrix.model }}-${{ matrix.coins }}-${{ matrix.lang }}-${{ matrix.asan }}-protocol_${{ matrix.protocol }}
|
|
path: tests/trezor.log
|
|
retention-days: 7
|
|
if: always()
|
|
- uses: ./.github/actions/ui-report
|
|
with:
|
|
model: ${{ matrix.model }}
|
|
lang: ${{ matrix.lang }}
|
|
status: ${{ job.status }}
|
|
if: ${{ always() && env.ACTIONS_DO_UI_TEST == 'true' }}
|
|
continue-on-error: true
|
|
- uses: ./.github/actions/upload-coverage
|
|
|
|
# Click tests - UI.
|
|
# See [docs/tests/click-tests](../tests/click-tests.md) for more info.
|
|
core_click_test:
|
|
name: Click tests (${{ matrix.model }}, ${{ matrix.asan }}, ${{ matrix.lang }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
timeout-minutes: 90
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
lang: ${{ fromJSON(needs.param.outputs.test_lang) }}
|
|
protocol: [v1]
|
|
include:
|
|
- model: T2T1
|
|
asan: noasan
|
|
lang: en
|
|
protocol: v2
|
|
env:
|
|
TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }}
|
|
# MULTICORE: 4 # more could interfere with other jobs
|
|
PYTEST_TIMEOUT: 400
|
|
TEST_LANG: ${{ matrix.lang }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core test_emu_click_ui"
|
|
if: ${{ matrix.asan == 'noasan' }}
|
|
- run: nix-shell --run "poetry run make -C core test_emu_click"
|
|
if: ${{ matrix.asan == 'asan' }}
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-test-click-${{ matrix.model }}-${{ matrix.lang }}-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: tests/trezor.log
|
|
retention-days: 7
|
|
if: always()
|
|
- uses: ./.github/actions/ui-report
|
|
with:
|
|
model: ${{ matrix.model }}
|
|
lang: ${{ matrix.lang }}
|
|
status: ${{ job.status }}
|
|
if: always()
|
|
continue-on-error: true
|
|
- uses: ./.github/actions/upload-coverage
|
|
|
|
|
|
# Upgrade tests.
|
|
# See [docs/tests/upgrade-tests](../tests/upgrade-tests.md) for more info.
|
|
core_upgrade_test:
|
|
name: Upgrade tests (${{ matrix.model }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# FIXME: T3B1 https://github.com/trezor/trezor-firmware/issues/2724
|
|
# FIXME: T3T1 https://github.com/trezor/trezor-firmware/issues/3595
|
|
model: [T2T1]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1,v2]
|
|
env:
|
|
TREZOR_UPGRADE_TEST: core
|
|
PYTEST_TIMEOUT: 400
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "tests/download_emulators.sh"
|
|
- run: nix-shell --run "poetry run pytest tests/upgrade_tests"
|
|
|
|
|
|
# Persistence tests - UI.
|
|
core_persistence_test:
|
|
name: Persistence tests (${{ matrix.model }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
timeout-minutes: 30
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1]
|
|
include:
|
|
- model: T2T1
|
|
asan: noasan
|
|
protocol: v2
|
|
env:
|
|
TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }}
|
|
PYTEST_TIMEOUT: 400
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core test_emu_persistence_ui"
|
|
if: ${{ matrix.asan == 'noasan' }}
|
|
- run: nix-shell --run "poetry run make -C core test_emu_persistence"
|
|
if: ${{ matrix.asan == 'asan' }}
|
|
- uses: ./.github/actions/ui-report
|
|
with:
|
|
model: ${{ matrix.model }}
|
|
lang: en
|
|
status: ${{ job.status }}
|
|
if: always()
|
|
continue-on-error: true
|
|
- uses: ./.github/actions/upload-coverage
|
|
|
|
core_hwi_test:
|
|
name: HWI tests
|
|
if: false # XXX currently failing
|
|
continue-on-error: true
|
|
runs-on: ubuntu-latest
|
|
needs: core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-noasan-protocol_v1
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment # XXX poetry maybe not needed
|
|
- run: nix-shell --run "git clone --depth=1 https://github.com/bitcoin-core/HWI.git"
|
|
# see python_test for explanation of _PYTHON_SYSCONFIGDATA_NAME
|
|
- run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && cd HWI && poetry install && poetry run ./test/test_trezor.py --model_t ../core/build/unix/trezor-emu-core bitcoind"
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-test-hwi-${{ matrix.model }}
|
|
path: HWI/trezor-t-emulator.stdout
|
|
retention-days: 7
|
|
|
|
core_memory_profile:
|
|
name: Memory allocation report
|
|
if: false # NOTE manual job, comment out to run
|
|
runs-on: ubuntu-latest
|
|
env:
|
|
TREZOR_MODEL: T
|
|
TREZOR_MEMPERF: 1
|
|
PYOPT: 0
|
|
PYTEST_TIMEOUT: 900
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core build_unix_frozen"
|
|
- run: nix-shell --run "poetry run make -C core test_emu"
|
|
- run: nix-shell --run "mkdir core/prof/memperf-html"
|
|
- run: nix-shell --run "poetry run core/tools/alloc.py --alloc-data=core/src/alloc_data.txt html core/prof/memperf-html"
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-memperf-${{ matrix.model }}
|
|
path: |
|
|
tests/trezor.log
|
|
core/prof/memperf-html
|
|
retention-days: 7
|
|
if: always()
|
|
|
|
# Flash size profiling
|
|
|
|
# Finds out how much flash space we have left in the firmware build
|
|
# Fails if the free space is less than certain threshold
|
|
core_flash_size_check:
|
|
name: Flash size check
|
|
runs-on: ubuntu-latest
|
|
needs: core_firmware
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1] # FIXME: checker.py lacks awareness of U5 flash layout
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-firmware-${{ matrix.model }}-universal-normal-protocol_v1 # FIXME: s/normal/debuglink/
|
|
path: core/build
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run core/tools/size/checker.py core/build/firmware/firmware.elf"
|
|
|
|
# Compares the current flash space with the situation in the current master
|
|
# Fails if the new binary is significantly larger than the master one
|
|
# (the threshold is defined in the script, currently 5kb).
|
|
# Also generates a report with the current situation
|
|
core_flash_size_compare:
|
|
name: Flash size comparison
|
|
runs-on: ubuntu-latest
|
|
needs: core_firmware
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1] # FIXME: T2T1 url is hardcoded in compare_master.py
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
fetch-depth: 0
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-firmware-${{ matrix.model }}-universal-normal-protocol_v1
|
|
path: core/build
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run core/tools/size/compare_master.py core/build/firmware/firmware.elf -r firmware_elf_size_report.txt"
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-test-flash-size-${{ matrix.model }}
|
|
path: firmware_elf_size_report.txt
|
|
retention-days: 7
|
|
|
|
# Monero tests.
|
|
core_monero_test:
|
|
name: Monero test (${{ matrix.model }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1]
|
|
include:
|
|
- model: T2T1
|
|
asan: noasan
|
|
protocol: v2
|
|
env:
|
|
TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }}
|
|
PYTEST_TIMEOUT: 400
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: cachix/install-nix-action@v23
|
|
with:
|
|
nix_path: nixpkgs=channel:nixos-unstable
|
|
# see python_test job for _PYTHON_SYSCONFIGDATA_NAME explanation
|
|
- run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && poetry install"
|
|
- run: nix-shell --arg fullDeps true --run "unset _PYTHON_SYSCONFIGDATA_NAME && poetry run make -C core test_emu_monero"
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-test-monero-${{ matrix.model }}-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: |
|
|
tests/trezor.log
|
|
core/tests/trezor_monero_tests.log
|
|
retention-days: 7
|
|
if: always()
|
|
- uses: ./.github/actions/upload-coverage
|
|
|
|
|
|
# Tests for U2F and HID.
|
|
core_u2f_test:
|
|
name: U2F test (${{ matrix.model }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1]
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1]
|
|
include:
|
|
- model: T2T1
|
|
asan: noasan
|
|
protocol: v2
|
|
env:
|
|
TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }}
|
|
PYTEST_TIMEOUT: 400
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C tests/fido_tests/u2f-tests-hid"
|
|
- run: nix-shell --run "poetry run make -C core test_emu_u2f"
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-test-u2f-${{ matrix.model }}-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: tests/trezor.log
|
|
retention-days: 7
|
|
if: always()
|
|
- uses: ./.github/actions/upload-coverage
|
|
|
|
# FIDO2 device tests.
|
|
core_fido2_test:
|
|
name: FIDO2 test (${{ matrix.model }}, ${{ matrix.asan }}${{ matrix.protocol=='v2' && ', THP' || ''}})
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- param
|
|
- core_emu
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3T1] # XXX T3B1 https://github.com/trezor/trezor-firmware/issues/2724
|
|
asan: ${{ fromJSON(needs.param.outputs.asan) }}
|
|
protocol: [v1]
|
|
include:
|
|
- model: T2T1
|
|
asan: noasan
|
|
protocol: v2
|
|
env:
|
|
TREZOR_PROFILING: ${{ matrix.asan == 'noasan' && '1' || '0' }}
|
|
PYTEST_TIMEOUT: 400
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
name: core-emu-${{ matrix.model }}-universal-debuglink-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: core/build
|
|
- run: chmod +x core/build/unix/trezor-emu-core*
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core test_emu_fido2"
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-test-fido2-${{ matrix.model }}-${{ matrix.asan }}-protocol_${{matrix.protocol}}
|
|
path: |
|
|
tests/trezor.log
|
|
retention-days: 7
|
|
if: always()
|
|
- uses: ./.github/actions/upload-coverage
|
|
|
|
core_coverage_report:
|
|
name: Coverage report
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- core_click_test
|
|
- core_persistence_test
|
|
- core_device_test
|
|
- core_monero_test
|
|
- core_u2f_test
|
|
- core_fido2_test
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
model: [T2T1, T3B1, T3T1]
|
|
# T3B1 fails due to https://github.com/trezor/trezor-firmware/issues/3280
|
|
# remove after single global layout is implemented (or bug above fixed):
|
|
exclude:
|
|
- model: T3B1
|
|
env:
|
|
COVERAGE_THRESHOLD: ${{ matrix.model == 'T2T1' && 78 || 77 }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
submodules: recursive
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: core-coverage-${{ matrix.model }}-*
|
|
path: core
|
|
merge-multiple: true
|
|
- uses: ./.github/actions/environment
|
|
- run: nix-shell --run "poetry run make -C core coverage"
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
name: core-coverage-report-${{ matrix.model }}
|
|
path: core/htmlcov
|
|
retention-days: 7
|
|
include-hidden-files: true
|
|
|
|
core_ui_main:
|
|
name: UI diff from main branch
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- core_click_test
|
|
- core_persistence_test
|
|
- core_device_test
|
|
continue-on-error: true
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: ui-records-*
|
|
merge-multiple: true
|
|
- uses: ./.github/actions/environment
|
|
- name: Configure aws credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
role-to-assume: arn:aws:iam::538326561891:role/gh_actions_deploy_dev_firmware_data
|
|
aws-region: eu-west-1
|
|
continue-on-error: true
|
|
- run: "for F in screens_*.tar; do tar xvf $F; done || true"
|
|
- run: nix-shell --run "poetry run python -m tests.ui_tests.reporting master-diff TT TR"
|
|
- run: |
|
|
mv tests/ui_tests/reports/master_diff .
|
|
if [ "${{ job.status }}" = "success" ]; then
|
|
cp .github/actions/ui-report/success.png master_diff/status.png
|
|
else
|
|
cp .github/actions/ui-report/failure.png master_diff/status.png
|
|
fi
|
|
- name: Upload diff from main branch
|
|
run: |
|
|
aws s3 sync --only-show-errors master_diff s3://data.trezor.io/dev/firmware/master_diff/${{ github.run_id }}
|
|
continue-on-error: true
|
|
|
|
core_ui_comment:
|
|
name: Post comment with UI diff URLs
|
|
if: github.event_name == 'pull_request'
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- run: sleep 1m # try avoiding github api rate limit
|
|
- uses: ./.github/actions/ui-comment
|
|
|
|
core_upload_emu:
|
|
name: Upload emulator binaries
|
|
if: github.event_name == 'schedule'
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
- core_emu
|
|
- core_emu_arm
|
|
steps:
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: core-emu*debuglink-noasan-protocol_v*
|
|
merge-multiple: true
|
|
- name: Configure aws credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
role-to-assume: arn:aws:iam::538326561891:role/gh_actions_deploy_dev_firmware_data
|
|
aws-region: eu-west-1
|
|
continue-on-error: true
|
|
- run: |
|
|
rm unix/trezor-emu-core
|
|
aws s3 sync --only-show-errors unix s3://data.trezor.io/dev/firmware/emu-nightly
|
|
|
|
core_upload_emu_branch:
|
|
name: Upload emulator binaries for the current branch
|
|
# Not building it for nightly CI
|
|
if: github.event_name != 'schedule'
|
|
runs-on: ubuntu-latest
|
|
needs:
|
|
# Do not include ARM, they are only built on nightly
|
|
- core_emu
|
|
steps:
|
|
- uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: core-emu*debuglink-noasan-protocol_v*
|
|
merge-multiple: true
|
|
- name: Configure aws credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
role-to-assume: arn:aws:iam::538326561891:role/gh_actions_deploy_dev_firmware_data
|
|
aws-region: eu-west-1
|
|
continue-on-error: true
|
|
- name: Determine branch name
|
|
run: |
|
|
if [ "${{ github.event_name }}" == "pull_request" ]; then
|
|
branch_name=${{ github.head_ref }}
|
|
else
|
|
branch_name=${{ github.ref_name }}
|
|
fi
|
|
echo "branch_name=$branch_name" >> $GITHUB_ENV
|
|
- name: Upload artifacts to branch directory
|
|
run: |
|
|
rm unix/trezor-emu-core
|
|
aws s3 sync --only-show-errors unix s3://data.trezor.io/dev/firmware/emu-branches/$branch_name
|
|
|
|
# Connect
|
|
# TODO: core_connect_test
|