Zondax
diff --git a/‎.clang-format‎
Lines changed: 5 additions & 0 deletions b/‎.clang-format‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎.clang-tidy‎
Lines changed: 21 additions & 0 deletions b/‎.clang-tidy‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎.editorconfig‎
Lines changed: 0 additions & 16 deletions b/‎.editorconfig‎
Lines changed: 0 additions & 16 deletions
diff --git a/‎.github/workflows/check_version.yml‎
Lines changed: 56 additions & 0 deletions b/‎.github/workflows/check_version.yml‎
Lines changed: 56 additions & 0 deletions
diff --git a/‎.github/workflows/codeql.yml‎
Lines changed: 40 additions & 0 deletions b/‎.github/workflows/codeql.yml‎
Lines changed: 40 additions & 0 deletions
diff --git a/‎.github/workflows/guidelines_enforcer.yml‎
Lines changed: 4 additions & 2 deletions b/‎.github/workflows/guidelines_enforcer.yml‎
Lines changed: 4 additions & 2 deletions
diff --git a/‎.github/workflows/lint.yml‎
Lines changed: 50 additions & 0 deletions b/‎.github/workflows/lint.yml‎
Lines changed: 50 additions & 0 deletions
@@ -0,0 +1,5 @@
+BasedOnStyle: Google
+IndentWidth: 4
+ColumnLimit: 120
+DerivePointerAlignment: false
+PointerAlignment: Right
@@ -0,0 +1,21 @@
+Checks: "-*,
+  clang-analyzer-*,
+  clang-diagnostic-*,
+  cppcoreguidelines-init-variables,
+  google-readability-avoid-underscore-in-googletest-name,
+  google-runtime-int,
+  misc-*,
+  performance-*,
+  portability-*,
+  readability-*,
+  -misc-no-recursion,
+  -readability-function-cognitive-complexity
+  -readability-magic-numbers"
+WarningsAsErrors: "*"
+CheckOptions:
+  - key: readability-identifier-length.MinimumVariableNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumParameterNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumLoopCounterNameLength
+    value: 1
@@ -0,0 +1,56 @@
+name: Verify PRs to main
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master
+      - dev
+
+jobs:
+  configure:
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    outputs:
+      uid_gid: ${{ steps.get-user.outputs.uid_gid }}
+    steps:
+      - id: get-user
+        run: echo "uid_gid=$(id -u):$(id -g)" >> $GITHUB_OUTPUT
+
+  get_version:
+    needs: configure
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+    env:
+      SDK_VARNAME: NANOSP_SDK
+      BOLOS_SDK: /opt/nanosplus-secure-sdk
+    outputs:
+      version: ${{ steps.store-version.outputs.version }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - run: make version
+      - id: store-version
+        run: echo "version=$(cat ./app/app.version)" >> $GITHUB_OUTPUT
+
+  check_app_version:
+    needs: get_version
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    steps:
+      - id: checkTag
+        uses: mukunku/[email protected]
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag: ${{ needs.get_version.outputs.version }}
+
+      - run: echo ${{ steps.checkTag.outputs.exists }}
+
+      - name: Tag exists
+        if: ${{ steps.checkTag.outputs.exists == 'true' }}
+        run: exit 1
@@ -0,0 +1,40 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev # for safety reasons
+
+jobs:
+  analyse:
+    name: Analyse
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    if: github.event.repository.private == false
+    strategy:
+      matrix:
+        sdk: ["$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"]
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3
+        with:
+          languages: cpp
+          queries: security-and-quality
+
+      - name: Build
+        run: |
+          make -j BOLOS_SDK=${{ matrix.sdk }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3
@@ -12,12 +12,14 @@ on:
   workflow_dispatch:
   push:
     branches:
-      - master
       - main
       - develop
+      - master # for safety reasons
+      - dev # for safety reasons
   pull_request:
 
 jobs:
   guidelines_enforcer:
-    name: Call Ledger guidelines_enforcer
+    if: github.event.repository.private == false
+    name: Call Ledger guidelines enforcer
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1
@@ -0,0 +1,50 @@
+name: Lint and format 💅
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev # for safety reasons
+
+jobs:
+  lint:
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Add missing deps
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt-get update
+          apt-get install -y bear sudo
+      - name: Generate compilation database
+        run: bear -- make -j BOLOS_SDK="$NANOSP_SDK"
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Lint and format 💅
+        uses: cpp-linter/cpp-linter-action@v2
+        id: linter
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          file-annotations: true
+          files-changed-only: false
+          ignore: "app/build|cmake|deps|fuzz|tests"
+          step-summary: true
+          style: file # uses .clang-format
+          thread-comments: true
+          tidy-checks: "" # use only .clang-tidy checks
+      - name: Fail if errors
+        if: steps.linter.outputs.checks-failed > 0
+        run: |
+          echo "Linter or formatter failed!"
+          exit 1