Merge remote-tracking branch 'origin/master' into app_storage_simple

.clang-format

@@ -1,7 +1,6 @@
 ---
 BasedOnStyle: Google
 IndentWidth: 4
----
 Language: Cpp
 ColumnLimit: 100
 PointerAlignment: Right
@@ -12,7 +11,6 @@ SortIncludes: false
 SpaceAfterCStyleCast: true
 AllowShortCaseLabelsOnASingleLine: false
 AllowAllArgumentsOnNextLine: false
-AllowAllParametersOfDeclarationOnNextLine: false
 AllowShortBlocksOnASingleLine: Never
 AllowShortFunctionsOnASingleLine: None
 BinPackArguments: false

.clusterfuzzlite/build.sh

@@ -6,4 +6,4 @@ pushd fuzzing
 cmake -DBOLOS_SDK=../BOLOS_SDK -Bbuild -H.
 make -C build
 mv ./build/fuzz_tx_parser "${OUT}"
-popd
+popd

.clusterfuzzlite/project.yaml

@@ -1 +1 @@
-language: c
+language: c

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,8 +1,11 @@
 # Checklist
+
 <!-- Put an `x` in each box when you have completed the items. -->
+
 - [ ] App update process has been followed <!-- See comment below -->
 - [ ] Target branch is `develop` <!-- unless you have a very good reason -->
 - [ ] Application version has been bumped <!-- required if your changes are to be deployed -->
 
-<!-- Make sure you followed the process described in https://developers.ledger.com/docs/device-app/deliver/maintenance before opening your Pull Request.
+<!-- Make sure you followed the process described in https://developers.ledger.com/docs/device-app/deliver/maintenance
+before opening your Pull Request.
 Don't hesitate to contact us directly on Discord if you have any questions ! https://developers.ledger.com/discord -->

.github/workflows/build_and_functional_tests.yml

@@ -5,11 +5,21 @@ name: Build and run functional tests using ragger through reusable workflow
 # resulting binaries.
 # It then calls another reusable workflow to run the Ragger tests on the compiled application binary.
 #
-# While this workflow is optional, having functional testing on your application is mandatory and this workflow and
+# The build part of this workflow is mandatory, this ensures that the app will be deployable in the Ledger App Store.
+# While the test part of this workflow is optional, having functional testing on your application is mandatory and this workflow and
 # tooling environment is meant to be easy to use and adapt after forking your application
 
 on:
   workflow_dispatch:
+    inputs:
+      golden_run:
+        type: choice
+        required: true
+        default: 'Raise an error (default)'
+        description: CI behavior if the test snapshots are different than expected.
+        options:
+          - 'Raise an error (default)'
+          - 'Open a PR'
   push:
     branches:
       - master
@@ -30,3 +40,4 @@ jobs:
     uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_ragger_tests.yml@v1
     with:
       download_app_binaries_artifact: "compiled_app_binaries"
+      regenerate_snapshots: ${{ inputs.golden_run == 'Open a PR' }}

.github/workflows/cflite_cron.yml

@@ -23,19 +23,18 @@ jobs:
           - mode: coverage
             sanitizer: coverage
     steps:
-    - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
-      id: build
-      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        language: c # Change this to the language you are fuzzing.
-        sanitizer: ${{ matrix.sanitizer }}
-    - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
-      id: run
-      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        fuzz-seconds: 300 # 5 minutes
-        mode: ${{ matrix.mode }}
-        sanitizer: ${{ matrix.sanitizer }}
-
+      - name: Build Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          language: c # Change this to the language you are fuzzing.
+          sanitizer: ${{ matrix.sanitizer }}
+      - name: Run Fuzzers (${{ matrix.mode }} - ${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 300 # 5 minutes
+          mode: ${{ matrix.mode }}
+          sanitizer: ${{ matrix.sanitizer }}

.github/workflows/cflite_pr.yml

@@ -13,31 +13,31 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        sanitizer: [address, undefined, memory] # Override this with the sanitizers you want.
+        sanitizer: [address, undefined, memory]  # Override this with the sanitizers you want.
     steps:
-    - name: Build Fuzzers (${{ matrix.sanitizer }})
-      id: build
-      uses: google/clusterfuzzlite/actions/build_fuzzers@v1
-      with:
-        language: c # Change this to the language you are fuzzing.
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        sanitizer: ${{ matrix.sanitizer }}
-        # Optional but recommended: used to only run fuzzers that are affected
-        # by the PR.
-        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
-        # storage-repo-branch: main   # Optional. Defaults to "main"
-        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
-    - name: Run Fuzzers (${{ matrix.sanitizer }})
-      id: run
-      uses: google/clusterfuzzlite/actions/run_fuzzers@v1
-      with:
-        github-token: ${{ secrets.GITHUB_TOKEN }}
-        fuzz-seconds: 300 # 5 minutes
-        mode: 'code-change'
-        sanitizer: ${{ matrix.sanitizer }}
-        output-sarif: true
-        # Optional but recommended: used to download the corpus produced by
-        # batch fuzzing.
-        # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
-        # storage-repo-branch: main   # Optional. Defaults to "main"
-        # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+      - name: Build Fuzzers (${{ matrix.sanitizer }})
+        id: build
+        uses: google/clusterfuzzlite/actions/build_fuzzers@v1
+        with:
+          language: c  # Change this to the language you are fuzzing.
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          sanitizer: ${{ matrix.sanitizer }}
+          # Optional but recommended: used to only run fuzzers that are affected
+          # by the PR.
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".
+      - name: Run Fuzzers (${{ matrix.sanitizer }})
+        id: run
+        uses: google/clusterfuzzlite/actions/run_fuzzers@v1
+        with:
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          fuzz-seconds: 300  # 5 minutes
+          mode: 'code-change'
+          sanitizer: ${{ matrix.sanitizer }}
+          output-sarif: true
+          # Optional but recommended: used to download the corpus produced by
+          # batch fuzzing.
+          # storage-repo: https://${{ secrets.PERSONAL_ACCESS_TOKEN }}@github.com/OWNER/STORAGE-REPO-NAME.git
+          # storage-repo-branch: main   # Optional. Defaults to "main"
+          # storage-repo-branch-coverage: gh-pages  # Optional. Defaults to "gh-pages".

.github/workflows/codeql_checks.yml

@@ -17,20 +17,21 @@ jobs:
   analyse:
     name: Analyse
     strategy:
+      fail-fast: false
       matrix:
-        sdk: [ "$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK" ]
-        #'cpp' covers C and C++
-        language: [ 'cpp' ]
+        sdk: ["$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"]
+        # 'cpp' covers C and C++
+        language: ['cpp']
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         with:
           languages: ${{ matrix.language }}
           queries: security-and-quality
@@ -41,4 +42,4 @@ jobs:
           make BOLOS_SDK=${{ matrix.sdk }}
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/coding_style_checks.yml

@@ -22,4 +22,4 @@ jobs:
     with:
       source: './src'
       extensions: 'h,c'
-      version: 11
+      version: 12

.github/workflows/documentation_generation.yml

@@ -18,12 +18,12 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: HTML documentation
         run: doxygen .doxygen/Doxyfile
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: documentation
           path: doc/html

.github/workflows/misspellings_checks.yml

@@ -18,11 +18,11 @@ jobs:
     name: Check misspellings
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
+      - name: Clone
+        uses: actions/checkout@v4
 
-    - name: Check misspellings
-      uses: codespell-project/actions-codespell@v1
-      with:
-        builtin: clear,rare
-        check_filenames: true
+      - name: Check misspellings
+        uses: codespell-project/actions-codespell@v2
+        with:
+          builtin: clear,rare
+          check_filenames: true

.github/workflows/python_client_checks.yml

@@ -14,31 +14,28 @@ on:
   pull_request:
 
 jobs:
-
   lint:
     name: Boilerplate client linting
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
-    - name: Installing PIP dependencies
-      run: |
-        pip install pylint
-        pip install -r tests/requirements.txt
-    - name: Lint Python code
-      run: |
-        pylint --rc tests/setup.cfg tests/application_client/
+      - name: Clone
+        uses: actions/checkout@v4
+      - name: Installing PIP dependencies
+        run: |
+          pip install pylint
+          pip install -r tests/requirements.txt
+      - name: Lint Python code
+        run: pylint --rc tests/setup.cfg tests/application_client/
 
   mypy:
     name: Type checking
     runs-on: ubuntu-latest
     steps:
-    - name: Clone
-      uses: actions/checkout@v3
-    - name: Installing PIP dependencies
-      run: |
-        pip install mypy
-        pip install -r tests/requirements.txt
-    - name: Mypy type checking
-      run: |
-        mypy tests/application_client/
+      - name: Clone
+        uses: actions/checkout@v4
+      - name: Installing PIP dependencies
+        run: |
+          pip install mypy
+          pip install -r tests/requirements.txt
+      - name: Mypy type checking
+        run: mypy tests/application_client/

.github/workflows/unit_tests.yml

@@ -18,10 +18,10 @@ jobs:
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Clone SDK
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           repository: ledgerHQ/ledger-secure-sdk
           path: sdk
@@ -41,15 +41,19 @@ jobs:
           lcov --directory . -b "$(realpath build/)" --remove coverage.info '*/unit-tests/*' -o coverage.info && \
           genhtml coverage.info -o coverage
 
-      - uses: actions/upload-artifact@v3
+      - uses: actions/upload-artifact@v4
         with:
           name: code-coverage
           path: unit-tests/coverage
 
+      - name: Install codecov dependencies
+        run: apk update && apk add curl gpg
+
       - name: Upload to codecov.io
-        uses: codecov/codecov-action@v3
+        uses: codecov/codecov-action@v5
+        env:
+          CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
         with:
-          token: ${{ secrets.CODECOV_TOKEN }}
           files: ./unit-tests/coverage.info
           flags: unittests
           name: codecov-app-boilerplate

.mdl.rb

@@ -0,0 +1,11 @@
+# Style file for mdl
+# https://github.com/markdownlint/markdownlint/blob/main/docs/creating_styles.md
+
+# Include all rules
+all
+
+# Disable specific rules
+#exclude_rule 'MD012'
+
+# Update rules configuration
+rule 'MD013', :line_length => 120

.mdlrc

@@ -0,0 +1,14 @@
+# markdownlint config file
+
+# Use custom style file
+style "#{File.dirname(__FILE__)}/.mdl.rb"
+
+# MD002 - First header in file should be a top level header
+# MD005 - Inconsistent indentation for list items at the same level
+# MD007 - Unordered list indentation
+# MD014 - Dollar signs used before commands without showing output
+# MD024 - Multiple headers with the same content
+# MD029 - Ordered list item prefix
+# MD033 - Inline HTML
+# MD041 - First line in file should be a top level header
+rules "~MD002,~MD005,~MD007,~MD014,~MD024,~MD029,~MD033,~MD041"

.pre-commit-config.yaml

@@ -0,0 +1,47 @@
+# To install hooks, run:
+# pre-commit install --hook-type pre-commit
+# pre-commit install --hook-type commit-msg
+
+repos:
+  - repo: https://github.com/pre-commit/pre-commit-hooks
+    rev: v5.0.0
+    hooks:
+      - id: trailing-whitespace
+      - id: end-of-file-fixer
+      - id: mixed-line-ending
+      - id: check-added-large-files
+      - id: check-merge-conflict
+      - id: check-case-conflict
+
+  - repo: https://github.com/codespell-project/codespell
+    rev: v2.3.0
+    hooks:
+      - id: codespell
+
+  - repo: https://github.com/pre-commit/mirrors-clang-format
+    rev: v12.0.1
+    hooks:
+      - id: clang-format
+        types_or: [c]
+
+  - repo: https://github.com/Mateusz-Grzelinski/actionlint-py
+    rev: v1.7.6.22
+    hooks:
+      - id: actionlint
+        types_or: [yaml]
+        args: [-shellcheck='' -pyflakes='']
+
+  - repo: https://github.com/markdownlint/markdownlint
+    rev: v0.12.0
+    hooks:
+      - id: markdownlint
+        types_or: [markdown]
+
+  - repo: https://github.com/PyCQA/pylint
+    rev: v3.3.3
+    hooks:
+      - id: pylint
+        language: system
+        types: [python]
+        args: ['--jobs=0', '--rcfile=tests/setup.cfg']
+        files: '^tests/.*$'