diff --git a/.github/workflows/bot-crowdin-sync.yml b/.github/workflows/bot-crowdin-sync.yml deleted file mode 100644 index 15d8c6d3e88..00000000000 --- a/.github/workflows/bot-crowdin-sync.yml +++ /dev/null @@ -1,54 +0,0 @@ -name: "[Bot] Crowdin translations update" - -on: - workflow_dispatch: - inputs: - remove_unused_translations: - description: "Confirm removal of unused translations. Check them first in misc tests pipeline." - required: true - default: false - type: boolean - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - crowdin-sync: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Set current timestamp as env variable - run: echo "NOW=$(date +'%s')" >> $GITHUB_ENV - - - name: Install dependencies - run: yarn install - - - name: Run crowdin sync - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - git checkout -B ${{ env.BRANCH_NAME }} - yarn workspace @trezor/suite translations:download --token=${{ secrets.CROWDIN_PERSONAL_TOKEN }} - yarn workspace @trezor/suite translations:backport-en - if [ "${{ github.event.inputs.remove_unused_translations }}" = "true" ]; then - yarn workspace @trezor/suite translations:list-unused --cleanup - fi - yarn workspace @trezor/suite translations:format - yarn workspace @trezor/suite translations:extract - cat packages/suite-data/files/translations/master.json - yarn workspace @trezor/suite translations:upload --token=${{ secrets.CROWDIN_PERSONAL_TOKEN }} - git add . && git commit -m "chore: crowdin translation update" && git push origin ${{ env.BRANCH_NAME }} -f - gh config set prompt disabled - gh pr create --repo trezor/trezor-suite --title "Crowdin translations update" --body "Automatically generated PR for updating crowdin translations." --base develop --label translations - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - BRANCH_NAME: trezor-ci/crowdin-sync-${{ env.NOW }} diff --git a/.github/workflows/bot-rebase.yml b/.github/workflows/bot-rebase.yml deleted file mode 100644 index a2d8646b1f0..00000000000 --- a/.github/workflows/bot-rebase.yml +++ /dev/null @@ -1,48 +0,0 @@ -name: "[Bot] rebase pull request" - -on: - issue_comment: - types: [created] - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - rebase-pr: - name: Rebase pull request - runs-on: ubuntu-latest - if: github.event.issue.pull_request != '' && contains(github.event.comment.body, '/rebase') && github.repository == 'trezor/trezor-suite' - steps: - - name: Respond in pull request - uses: actions/github-script@v6 - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: "Start rebasing: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" - }) - - name: Checkout code - uses: actions/checkout@v4 - with: - fetch-depth: 0 - token: ${{ secrets.TREZOR_BOT_TOKEN }} - - name: Auto rebase pull request - uses: cirrus-actions/rebase@1.8 - with: - autosquash: true - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - - name: Report failure - if: ${{ failure() }} - uses: actions/github-script@v6 - with: - script: | - github.rest.issues.createComment({ - issue_number: context.issue.number, - owner: context.repo.owner, - repo: context.repo.repo, - body: "Rebasing failed, please rebase manually." - }) diff --git a/.github/workflows/build-desktop-apps.yml b/.github/workflows/build-desktop-apps.yml deleted file mode 100644 index 2660e959946..00000000000 --- a/.github/workflows/build-desktop-apps.yml +++ /dev/null @@ -1,130 +0,0 @@ -name: "[Build] suite-desktop apps" - -on: - push: - branches: - - develop - paths-ignore: - - "suite-native/**" - - "docs/**" - - "docker/**" - - "ci/**" - - ".vscode/**" - - ".maestro/**" - pull_request: - types: [labeled] - workflow_dispatch: - -env: - DESKTOP_APP_NAME: "Trezor-Suite" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - suite-desktop: - if: (github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'build-desktop') || (github.event_name == 'push' && github.ref == 'refs/heads/develop')) && github.repository == 'trezor/trezor-suite' - name: Build suite-desktop-${{ matrix.platform }} - runs-on: ${{ matrix.os }} - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, macos-14] - include: - - os: ubuntu-latest - platform: linux - - os: macos-14 - platform: mac - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: true - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - - name: Build ${{ matrix.platform }} suite-desktop - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/* . - - - name: Upload suite-desktop production artifacts - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 3 - - - name: Upload suite-desktop mac-arm artifact - if: matrix.os == 'macos-14' - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-mac-arm-dmg - path: | - Trezor-Suite-*-mac-arm64.dmg - retention-days: 3 - - suite-desktop-win: - if: (github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'build-desktop') || (github.event_name == 'push' && github.ref == 'refs/heads/develop')) && github.repository == 'trezor/trezor-suite' - name: Build suite-desktop-win - runs-on: ubuntu-latest - timeout-minutes: 20 - env: - platform: win - container: - image: electronuserland/builder:18-wine - options: --user 1001 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: true - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - - - name: Build libs - run: | - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - - name: Build ${{env.platform}} suite-desktop - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn workspace @trezor/suite-desktop build:${{env.platform}} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/* . - - - name: Upload suite-desktop production artifacts - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-${{env.platform}} - path: | - Trezor-Suite* - latest*.yml - retention-days: 3 diff --git a/.github/workflows/build-node-bridge.yml b/.github/workflows/build-node-bridge.yml deleted file mode 100644 index b176f81645e..00000000000 --- a/.github/workflows/build-node-bridge.yml +++ /dev/null @@ -1,69 +0,0 @@ -name: "[Build] suite-node-bridge-bin-js" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - push: - branches: - - develop - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - node-bridge-bin-js: - if: github.repository == 'trezor/trezor-suite' - name: Build node-bridge bin.js file - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: true - - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - - - name: Build bin.js file - run: | - yarn workspace @trezor/transport-bridge build:js - - - name: Upload node-bridge artifact - uses: actions/upload-artifact@v4 - with: - name: node_bridge_bin_js - path: | - packages/transport-bridge/dist/bin.js - retention-days: 3 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Upload dist to dev server - shell: bash - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/transport-bridge/${{ steps.extract_branch.outputs.branch }}/dist - run: | - echo "DEPLOY_PATH is set to ${DEPLOY_PATH}" - mkdir -p tmp_build_directory - cp -R ./packages/transport-bridge/dist/* tmp_build_directory/ - aws s3 sync --delete tmp_build_directory/ "${DEPLOY_PATH}" diff --git a/.github/workflows/build-storybook.yml b/.github/workflows/build-storybook.yml deleted file mode 100644 index f1400e80d38..00000000000 --- a/.github/workflows/build-storybook.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: "[Build] components storybook" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -# run only once a day -on: - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - -env: - DEV_SERVER_URL: "https://dev.suite.sldev.cz" - -jobs: - build-storybook: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/components - yarn workspaces focus @trezor/product-components - - - name: Build storybook - env: - ASSET_PREFIX: /components/develop - run: | - yarn workspace @trezor/components storybook-build - - name: Build product-components storybook - env: - ASSET_PREFIX: /product-components/develop - run: | - yarn workspace @trezor/product-components storybook-build - - - name: Upload suite storybook to dev.suite.sldev.cz - env: - COMPONENTS_DEPLOY_PATH: s3://dev.suite.sldev.cz/components/develop - PRODUCT_COMPONENTS_DEPLOY_PATH: s3://dev.suite.sldev.cz/product-components/develop - run: | - aws s3 sync --delete ./packages/components/.build-storybook ${COMPONENTS_DEPLOY_PATH} - aws s3 sync --delete ./packages/product-components/.build-storybook ${PRODUCT_COMPONENTS_DEPLOY_PATH} diff --git a/.github/workflows/build-suite-native-preview.yml b/.github/workflows/build-suite-native-preview.yml deleted file mode 100644 index 88fceb70c71..00000000000 --- a/.github/workflows/build-suite-native-preview.yml +++ /dev/null @@ -1,85 +0,0 @@ -name: "[Build] suite-native preview" - -on: - push: - # push develop(default) branch is necessary for this action to update its fingerprint database - branches: [develop] - pull_request: - types: [opened, synchronize, labeled] - paths: - - "suite-native/**" - - "suite-common/**" - - "packages/react-native-usb/**" - - "packages/transport-native-usb/**" - - "yarn.lock" - - ".github/workflows/build-suite-native-preview.yml" - # list of paths is not complete, but it's always possible to dispatch manually using 'build-mobile' label - workflow_dispatch: - # manual dispatch will not add any comment to PR, use label 'build-mobile' if PR exists - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - update: - if: ( github.event.action != 'labeled' || contains(github.event.pull_request.labels.*.name, 'build-mobile')) && (github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private') - name: EAS Update - runs-on: ubuntu-latest - concurrency: fingerprint-${{ github.workflow }}-${{ github.head_ref || github.run_id }} - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - EXPO_PUBLIC_ENVIRONMENT: preview - BRANCH_NAME: ${{ github.head_ref || github.ref_name }} - COMMIT_HASH: ${{ github.sha }} - permissions: - contents: read - pull-requests: write - actions: write - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: 14.7.1 - token: ${{ secrets.EXPO_TOKEN_DEVELOP }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - - name: Check runtimeVersion builds - run: | - cd suite-native/app - # Read runtimeVersion from dynamic app.json - RUNTIME_VERSION=$(npx expo config --json | jq -r '.runtimeVersion') - echo "Current runtimeVersion is $RUNTIME_VERSION" - # Check if there is a build with the same runtimeVersion on EAS already - EXISTING_BUILD=$(eas build:list --status=finished --build-profile=preview --channel=preview --limit=1 --non-interactive --json --runtime-version=$RUNTIME_VERSION) - if [ "$EXISTING_BUILD" = "[]" ]; then - echo "No build with runtimeVersion $RUNTIME_VERSION found" - echo "RUNTIME_BUILD_EXISTS=false" >> $GITHUB_ENV - else - echo "Found build with runtimeVersion $RUNTIME_VERSION" - echo "$EXISTING_BUILD" - echo "RUNTIME_BUILD_EXISTS=true" >> $GITHUB_ENV - fi - - - name: Create preview builds if fingerprint changed - # Only create preview builds if there is no build with the same runtimeVersion on EAS already - if: env.RUNTIME_BUILD_EXISTS == 'false' - uses: expo/expo-github-action/preview-build@main - with: - command: eas build --profile preview --platform all - working-directory: suite-native/app - - - name: Build message system config - run: yarn message-system-sign-config - - - name: Create preview update - uses: expo/expo-github-action/preview@v8 - with: - command: eas update --auto --branch ${{ env.BRANCH_NAME }} - working-directory: suite-native/app diff --git a/.github/workflows/build-suite-web.yml b/.github/workflows/build-suite-web.yml deleted file mode 100644 index 5c83a1941a6..00000000000 --- a/.github/workflows/build-suite-web.yml +++ /dev/null @@ -1,79 +0,0 @@ -name: "[Build] suite-web" -# this action is for building and deploying the web app to dev.suite.sldev.cz/suite-web/develop/web after code is pushed to develop. - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -# run only if there are changes in suite or related libs paths -on: - push: - branches: - - develop - paths-ignore: - - "suite-native/**" - - "packages/connect*/**" - - "packages/react-native-usb/**" - # ignore unrelated github workflows config files - - ".github/workflows/connect*" - - ".github/workflows/suite-native*" - - ".github/workflows/build-desktop*" - - ".github/workflows/release*" - - ".github/workflows/template*" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -env: - DEV_SERVER_URL: "https://dev.suite.sldev.cz" - -jobs: - build-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - lfs: true - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web @trezor/connect-iframe @trezor/connect-web @trezor/suite-data @trezor/suite-build - - - name: Build suite-web - env: - ASSET_PREFIX: /suite-web/${{ steps.extract_branch.outputs.branch }}/web - DESKTOP_APP_NAME: "Trezor-Suite" - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/suite-web build - # this step should upload build result to s3 bucket dev.suite.sldev.cz using awscli - - name: Upload suite-web to dev.suite.sldev.cz - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/suite-web/${{ steps.extract_branch.outputs.branch }} - run: | - aws s3 sync --delete ./packages/suite-web/build ${DEPLOY_PATH}/web diff --git a/.github/workflows/check-code-validation.yml b/.github/workflows/check-code-validation.yml deleted file mode 100644 index 7d0d06f37aa..00000000000 --- a/.github/workflows/check-code-validation.yml +++ /dev/null @@ -1,160 +0,0 @@ -name: "[Check] Validation" - -on: [pull_request] - -env: - NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_GHACTIONS_TOKEN }} - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - setup-and-cache: - name: Setup and Cache Dependencies - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - name: Get yarn cache directory path - id: yarn-cache-dir-path - run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT - - name: Yarn Cache - uses: actions/cache@v4 - with: - path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: yarn-cache-folder-${{ hashFiles('**/yarn.lock', '.yarnrc.yml') }} - restore-keys: | - yarn-cache-folder- - # We can skip the build for all dependencies, even for those whitelisted, because this process is used only to validate the yarn.lock file and populate the cache. - - name: Install deps - run: | - yarn --immutable --mode=skip-build - - type-check: - name: Type Checking - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: true - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Type Check - run: yarn nx:type-check --output-style=stream - - lint: - name: Linting and formatting - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - - name: ESlint Cache - uses: actions/cache@v4 - with: - path: | - **/.eslintcache - !**/node_modules - key: ${{ runner.os }}-node-${{ hashFiles('**/.eslintrc.js') }} - - name: Lint JS - run: yarn lint:js --cache-strategy content - - name: Lint Styles - run: yarn nx:lint:styles --output-style=stream - - unit-tests: - name: Unit Tests - needs: setup-and-cache - runs-on: ubuntu-latest - timeout-minutes: 15 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: true - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Unit Tests - run: yarn nx:test-unit --output-style=stream - - build-libs-for-publishing: - name: "Build libs for publishing" - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: true - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Build Libs - run: yarn nx:build:libs --output-style=stream - - other-checks: - name: Other Checks - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Check Files for Correct Formatting - run: yarn nx format:check - - name: Verify TS Project References - run: yarn verify-project-references - - name: Detect unused dependencies - run: yarn depcheck - - name: Yarn Dedupe check - run: yarn dedupe --check - - name: Check dependency domain lists - run: ./scripts/ci/list-missing-dependencies.sh - - name: Verify Workspace Resolutions - run: yarn check-workspace-resolutions - - name: Msg-system Config Validation - run: yarn workspace @suite-common/message-system validate-config - - name: Translation Duplicates - run: yarn workspace @trezor/suite translations:list-duplicates - - releases-revision-checks: - name: Releases revision Checks - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - - name: Check releases.json files changes - uses: dorny/paths-filter@v3 - id: changes - with: - filters: | - releases-json: - - 'packages/connect-common/files/firmware/t1b1/releases.json' - - 'packages/connect-common/files/firmware/t2t1/releases.json' - if: steps.changes.outputs.releases-json == 'true' - - name: Check releases.json revisions - run: yarn workspace @trezor/connect-common validate-releases.json diff --git a/.github/workflows/check-codeql-analysis.yml b/.github/workflows/check-codeql-analysis.yml deleted file mode 100644 index 06cf9bdeb2a..00000000000 --- a/.github/workflows/check-codeql-analysis.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "[Check] CodeQL check" - -on: - push: - branches: [develop, release/*] - pull_request: - branches: [develop] - schedule: - - cron: "34 02 * * 2" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - code-ql-analyze: - if: github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private' - name: Analyze with CodeQL - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["javascript"] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/check-commit-message.yml b/.github/workflows/check-commit-message.yml deleted file mode 100644 index 84858c13eb8..00000000000 --- a/.github/workflows/check-commit-message.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: "[Check]: Commit messages" - -on: [pull_request] - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - commit-message-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Fetch base and current branch - run: | - git fetch --no-tags origin ${{ github.base_ref }} --depth=150 - git fetch --no-tags ${{github.event.pull_request.head.repo.clone_url}} ${{ github.head_ref }}:${{ github.head_ref }} --depth=150 - git switch ${{ github.head_ref }} - - - name: Check commit messages - run: ./scripts/check-commit-messages.sh - env: - BASE_BRANCH_NAME: ${{ github.base_ref }} diff --git a/.github/workflows/check-project-assignment.yml b/.github/workflows/check-project-assignment.yml deleted file mode 100644 index 6dd1a80d6c0..00000000000 --- a/.github/workflows/check-project-assignment.yml +++ /dev/null @@ -1,65 +0,0 @@ -name: "[Check] Project/Issue Assignment" - -on: - pull_request: - types: - - opened - - ready_for_review - - labeled - - synchronize - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - check-project-or-issue: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Check if PR is assigned to a project or an issue - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - run: | - # Fetch PR labels - PR_LABELS=$(gh pr view ${{ github.event.pull_request.number }} --json labels --jq '.labels[].name') - - # Check for "no-project" label - if echo "$PR_LABELS" | grep -q "^no-project$"; then - echo "Pass: The PR has the 'no-project' label." - exit 0 - fi - - # Check for linked issues using GraphQL - LINKED_ISSUES=$(gh api graphql -f query=' - query($owner: String!, $repo: String!, $number: Int!) { - repository(owner: $owner, name: $repo) { - pullRequest(number: $number) { - closingIssuesReferences(first: 10) { - nodes { - id - } - } - } - } - }' -F owner=${{ github.repository_owner }} -F repo=${{ github.event.repository.name }} -F number=${{ github.event.pull_request.number }} --jq '.data.repository.pullRequest.closingIssuesReferences.nodes | length') - - if [ "$LINKED_ISSUES" -gt 0 ]; then - echo "Pass: The PR is linked to $LINKED_ISSUES issue(s)." - exit 0 - fi - - # Check for associated projects - PROJECT_COUNT=$(gh pr view ${{ github.event.pull_request.number }} --json projectItems --jq '.projectItems | length') - - if [ "$PROJECT_COUNT" -gt 0 ]; then - echo "Pass: This PR is assigned to a project." - exit 0 - fi - - # If no condition passes - echo "Error: This PR is not assigned to any project, not linked to a valid issue, and does not have the 'no-project' label." - echo "Please assign the PR to a project or link it to an issue. Alternatively, add the 'no-project' label if not applicable." - exit 1 diff --git a/.github/workflows/check-shell-validation.yml b/.github/workflows/check-shell-validation.yml deleted file mode 100644 index ea647da18c0..00000000000 --- a/.github/workflows/check-shell-validation.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "[Check]: Shell validation" - -on: - pull_request: - paths: - - "**.sh" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - shellcheck: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: shellcheck - run: ./scripts/shellcheck.sh diff --git a/.github/workflows/dummy.yml b/.github/workflows/dummy.yml new file mode 100644 index 00000000000..94bf4b48d65 --- /dev/null +++ b/.github/workflows/dummy.yml @@ -0,0 +1,33 @@ +name: Dummy Workflow + +on: + pull_request: + types: + - opened + - ready_for_review + issue_comment: + types: + - created + +jobs: + dummy-job: + if: > + github.event_name != 'issue_comment' || + contains(github.event.comment.body, '/run-tests') + runs-on: ubuntu-latest + + concurrency: + group: > + ${{ + github.event_name == 'pull_request' && format('pr-{0}-commit-{1}', github.event.pull_request.number, github.sha) || + github.event_name == 'issue_comment' && format('pr-{0}-comment', github.event.issue.number) || + github.ref + }} + cancel-in-progress: false + + steps: + - name: Print event details + run: echo "Triggered ${{ github.event_name }}" + + - name: Simulate long test run + run: sleep 60 \ No newline at end of file diff --git a/.github/workflows/release-connect-bump-versions.yml b/.github/workflows/release-connect-bump-versions.yml deleted file mode 100644 index acc88ab3a7b..00000000000 --- a/.github/workflows/release-connect-bump-versions.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: "[Release] connect bump versions" - -on: - workflow_dispatch: - inputs: - semver: - type: choice - description: semver - options: - - patch - - prepatch - - minor - - preminor - - prerelease - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - bump-versions: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - token: ${{ secrets.TREZOR_BOT_TOKEN }} - # Fetch all commit history because Script connect-bump-versions.ts needs them to produce CHANGELOG for packages. - fetch-depth: 0 - # `ref` makes sure that we checkout the branch we are running workflow on. - ref: ${{ github.head_ref }} - # `submodules` are required to run `yarn build:libs`. - submodules: true - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn install - - # The script connect-bump-versions.ts needs to build packages so dependencies are required. - - name: Build dependencies - run: yarn build:libs - - - name: Setup Git config - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - - - name: Check dependencies to update - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - run: | - yarn tsx ./scripts/ci/connect-bump-versions.ts ${{ github.event.inputs.semver }} diff --git a/.github/workflows/release-connect-init.yml b/.github/workflows/release-connect-init.yml deleted file mode 100644 index 0dc2b26db7d..00000000000 --- a/.github/workflows/release-connect-init.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: "[Release] connect create release branch" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - commit_sha: - description: "The commit SHA to checkout" - required: true - type: string - -jobs: - # Version should have been bumped by now thanks to ./scripts/ci/connect-release-init-npm.js - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - # Checkout the specified commit - ref: ${{ github.event.inputs.commit_sha }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - create-push-release-branch: - needs: [extract-version] - name: "Create release branch for version ${{ needs.extract-version.outputs.version }}" - runs-on: ubuntu-latest - outputs: - branch_name: ${{ steps.push-branch.outputs.branch_name }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - # Ensure the full commit history is available is required to get specific `ref`. - fetch-depth: 0 - # Checkout the specified commit - ref: ${{ github.event.inputs.commit_sha }} - token: ${{ secrets.TREZOR_BOT_TOKEN }} - - - name: Setup Git config - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - - - name: Create and push new branch - env: - BRANCH_NAME: "release/connect/${{ needs.extract-version.outputs.version }}" - run: | - echo ${{ env.BRANCH_NAME }} - git checkout -b ${{ env.BRANCH_NAME }} - git push origin ${{ env.BRANCH_NAME }} diff --git a/.github/workflows/release-connect-intermediary.yml b/.github/workflows/release-connect-intermediary.yml deleted file mode 100644 index 67fb0781325..00000000000 --- a/.github/workflows/release-connect-intermediary.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: "[Release] connect create intermediary release branch" - -on: - workflow_dispatch: - inputs: - cherry_pick_commit_sha_from: - description: "The first commit SHA to cherry-pick from develop" - required: true - type: string - cherry_pick_commit_sha_to: - description: "The last commit SHA to cherry-pick from develop" - required: true - type: string - -jobs: - create-intermediary-branch: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Setup Git config - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - - - name: Get current branch name - id: get-current-branch - run: | - # Extract the branch name from github.ref - echo "branch_name=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_OUTPUT - - - name: Create intermediary branch - env: - BRANCH_NAME: "intermediary-release-branch-of-release/${{ steps.get-current-branch.outputs.branch_name }}" - run: | - echo ${{ env.BRANCH_NAME }} - git checkout -b ${{ env.BRANCH_NAME }} - - - name: Fetch develop branch - run: git fetch origin develop - - - name: Cherry-pick commits from develop - run: | - # Cherry-pick the specified range of commits from the fetched develop branch - git cherry-pick -x ${{ github.event.inputs.cherry_pick_commit_sha_from }}^..${{ github.event.inputs.cherry_pick_commit_sha_to }} diff --git a/.github/workflows/release-connect-npm.yml b/.github/workflows/release-connect-npm.yml deleted file mode 100644 index f2fe86036ba..00000000000 --- a/.github/workflows/release-connect-npm.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: "[Release] Connect NPM" -on: - workflow_dispatch: - -jobs: - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - sanity-check-version-match: - runs-on: ubuntu-latest - needs: [extract-version] - steps: - - uses: actions/checkout@v4 - - - name: Check connect version match - uses: ./.github/actions/check-connect-version-match - with: - branch_ref: "${{ github.ref }}" - extracted_version: "${{ needs.extract-version.outputs.version }}" - - identify-release-packages: - runs-on: ubuntu-latest - needs: [extract-version, sanity-check-version-match] - outputs: - packagesNeedRelease: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease }} - deploymentType: ${{ steps.determine-deployment-type.outputs.deploymentType }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn install - - - name: Get packages that need release - id: set-packages-need-release - # We want this job to be successfully complete when "no-packages-to-release" since it means that - # there are no dependencies to release so we can continue with "deploy-npm-connect" - run: | - packages=$(yarn tsx ./scripts/ci/get-connect-dependencies-to-release.ts) - if [ "$packages" == "[]" ]; then - echo "packagesNeedRelease=[\"no-packages-to-release\"]" >> $GITHUB_OUTPUT - else - echo "packagesNeedRelease=$packages" >> $GITHUB_OUTPUT - fi - - - name: Determine Deployment Type from version in branch - id: determine-deployment-type - run: echo "deploymentType=$(yarn tsx ./scripts/ci/determine-deployment-type.ts ${{ needs.extract-version.outputs.version }})" >> $GITHUB_OUTPUT - - - name: Sanity Check - All Packages Same Deployment Type - # We do not run this sanity check when no-packages-to-release. - if: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease != '["no-packages-to-release"]' }} - env: - PACKAGES: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease }} - DEPLOYMENT_TYPE: ${{ steps.determine-deployment-type.outputs.deploymentType }} - run: | - yarn tsx ./scripts/ci/check-packages-same-deployment-type.ts '${{ env.PACKAGES }}' "${{ env.DEPLOYMENT_TYPE }}" - - deploy-npm-connect-dependencies: - name: Deploy NPM ${{ needs.identify-release-packages.outputs.deploymentType }} ${{ matrix.package }} - needs: [extract-version, sanity-check-version-match, identify-release-packages] - environment: production-connect - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - package: ${{ fromJson(needs.identify-release-packages.outputs.packagesNeedRelease) }} - steps: - - uses: actions/checkout@v4 - if: matrix.package != 'no-packages-to-release' - with: - ref: develop - - - name: Set deployment type - if: matrix.package != 'no-packages-to-release' - id: set_deployment_type - run: | - if [ "${{ needs.identify-release-packages.outputs.deploymentType }}" == "canary" ]; then - echo "DEPLOYMENT_TYPE=beta" >> $GITHUB_ENV - else - echo "DEPLOYMENT_TYPE=latest" >> $GITHUB_ENV - fi - - - name: Deploy to NPM ${{ matrix.package }} - if: matrix.package != 'no-packages-to-release' - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - uses: ./.github/actions/release-connect-npm - with: - deploymentType: ${{ env.DEPLOYMENT_TYPE }} - packageName: ${{ matrix.package }} - - deploy-npm-connect: - name: Deploy NPM ${{ needs.identify-release-packages.outputs.deploymentType }} ${{ matrix.package }} - # We only deploy connect NPM once dependencies have been deployed successfully. - needs: [identify-release-packages, deploy-npm-connect-dependencies] - environment: production-connect - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - package: ["connect", "connect-web", "connect-webextension"] - steps: - - uses: actions/checkout@v4 - with: - ref: develop - - - name: Set deployment type - id: set_deployment_type - run: | - if [ "${{ needs.identify-release-packages.outputs.deploymentType }}" == "canary" ]; then - echo "DEPLOYMENT_TYPE=beta" >> $GITHUB_ENV - else - echo "DEPLOYMENT_TYPE=latest" >> $GITHUB_ENV - fi - - - name: Deploy to NPM ${{ matrix.package }} - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - uses: ./.github/actions/release-connect-npm - with: - deploymentType: ${{ env.DEPLOYMENT_TYPE }} - packageName: ${{ matrix.package }} diff --git a/.github/workflows/release-connect-v9-production.yml b/.github/workflows/release-connect-v9-production.yml deleted file mode 100644 index cfe4d62ccb3..00000000000 --- a/.github/workflows/release-connect-v9-production.yml +++ /dev/null @@ -1,111 +0,0 @@ -name: "[Release] connect v9 production" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - deploymentType: - description: "Select the deployment type. (example: canary, stable)" - required: true - type: choice - options: - - canary - - stable - -jobs: - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - check-version-match: - runs-on: ubuntu-latest - needs: [extract-version] - steps: - - uses: actions/checkout@v4 - - - name: Check connect version match - uses: ./.github/actions/check-connect-version-match - with: - branch_ref: "${{ github.ref }}" - extracted_version: "${{ needs.extract-version.outputs.version }}" - - # set the rollback - sync-rollback-connect-v9: - needs: [extract-version, check-version-match] - if: startsWith(github.ref, 'refs/heads/release/connect/') - environment: production-connect - name: "Backing up current production version ${{ needs.extract-version.outputs.version }} to rollback bucket" - runs-on: ubuntu-latest - env: - LATEST_VERSION: 9 - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching rollback bucket with current production - run: | - aws s3 sync "s3://connect.trezor.io/${{ env.LATEST_VERSION }}/" "s3://rollback-connect.trezor.io/${{ env.LATEST_VERSION }}/" - - deploy-production-semantic-version: - needs: [extract-version, check-version-match] - if: startsWith(github.ref, 'refs/heads/release/connect/') - environment: production-connect - name: "Deploying to connect.trezor.io/9.x.x" - runs-on: ubuntu-latest - env: - CURRENT_VERSION: ${{ needs.extract-version.outputs.version }} - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching production bucket with current staging - run: | - aws s3 sync --delete --cache-control 'public, max-age=3600' "s3://staging-connect.trezor.io/${{ env.CURRENT_VERSION }}/" "s3://connect.trezor.io/${{ env.CURRENT_VERSION }}/" - aws cloudfront create-invalidation --distribution-id E3LVNAOGT94E37 --paths '/*' - - # From staging move it to production - deploy-production-v9: - # We deploy to production only if rollback sync was successful. - needs: [extract-version, check-version-match, sync-rollback-connect-v9] - if: startsWith(github.ref, 'refs/heads/release/connect/') && github.event.inputs.deploymentType == 'stable' - environment: production-connect - name: "Deploying to connect.trezor.io/9/" - runs-on: ubuntu-latest - env: - LATEST_VERSION: 9 - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching production bucket with current staging - run: | - aws s3 sync --delete --cache-control 'public, max-age=3600' "s3://staging-connect.trezor.io/${{ env.LATEST_VERSION }}/" "s3://connect.trezor.io/${{ env.LATEST_VERSION }}/" - aws cloudfront create-invalidation --distribution-id E3LVNAOGT94E37 --paths '/*' diff --git a/.github/workflows/release-connect-v9-rollback.yml b/.github/workflows/release-connect-v9-rollback.yml deleted file mode 100644 index 6a82d7d1d2b..00000000000 --- a/.github/workflows/release-connect-v9-rollback.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: "[Release] connect v9 rollback" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - -jobs: - rollback-connect-production: - if: startsWith(github.ref, 'refs/heads/release/connect/') - environment: production-connect - name: "Create rollback copy of connect.trezor.io" - runs-on: ubuntu-latest - env: - LATEST_VERSION: 9 - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching production bucket with rollback - run: | - aws s3 sync --delete s3://rollback-connect.trezor.io/9${{ env.LATEST_VERSION }}/ s3://connect.trezor.io/${{ env.LATEST_VERSION }}/ diff --git a/.github/workflows/release-connect-v9-staging.yml b/.github/workflows/release-connect-v9-staging.yml deleted file mode 100644 index b2d82b543ad..00000000000 --- a/.github/workflows/release-connect-v9-staging.yml +++ /dev/null @@ -1,101 +0,0 @@ -name: "[Release] connect v9 staging" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - -jobs: - # Version should have been bumped by now thanks to ./scripts/ci/connect-release-init-npm.js - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - check-version-match: - runs-on: ubuntu-latest - needs: [extract-version] - steps: - - uses: actions/checkout@v4 - - - name: Check connect version match - uses: ./.github/actions/check-connect-version-match - with: - branch_ref: "${{ github.ref }}" - extracted_version: "${{ needs.extract-version.outputs.version }}" - - # This job deploys to staging-connect.trezor.io/9.x.x - deploy-staging-semantic-version: - needs: [extract-version, check-version-match] - environment: staging-connect - name: "Deploying to staging-connect.trezor.io/${{ needs.extract-version.outputs.version }}" - runs-on: ubuntu-latest - # Branch should have been created by workflow .github/workflows/release-connect-v9-init.yml - if: startsWith(github.ref, 'refs/heads/release/connect/') - steps: - - uses: actions/checkout@v4 - with: - ref: release/connect/${{ needs.extract-version.outputs.version }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Build and deploy to staging-connect.trezor.io/9.x.x - uses: ./.github/actions/release-connect - with: - awsRoleToAssume: "arn:aws:iam::538326561891:role/gh_actions_connect_staging_deploy" - awsRegion: "eu-central-1" - serverHostname: "staging-connect.trezor.io" - serverPath: ${{ needs.extract-version.outputs.version }} - buildArtifacts: "true" - uploadArtifacts: "true" - nodeEnv: "production" - - # This job deploys to staging-connect.trezor.io/9 - deploy-staging-v9: - needs: [extract-version, check-version-match] - environment: staging-connect - name: "Deploying to staging-connect.trezor.io/9" - runs-on: ubuntu-latest - # Branch should have been created by workflow .github/workflows/release-connect-v9-init.yml - if: startsWith(github.ref, 'refs/heads/release/connect/') - steps: - - uses: actions/checkout@v4 - with: - ref: release/connect/${{ needs.extract-version.outputs.version }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Build and deploy to staging-connect.trezor.io/9 - uses: ./.github/actions/release-connect - with: - awsRoleToAssume: "arn:aws:iam::538326561891:role/gh_actions_connect_staging_deploy" - awsRegion: "eu-central-1" - serverHostname: "staging-connect.trezor.io" - serverPath: "9" - nodeEnv: "production" - # don't upload artifacts in both jobs, this causes a conflict - buildArtifacts: "false" - uploadArtifacts: "false" diff --git a/.github/workflows/release-suite-coin-icons.yml b/.github/workflows/release-suite-coin-icons.yml deleted file mode 100644 index 9ffd0dd81e0..00000000000 --- a/.github/workflows/release-suite-coin-icons.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: "[Release] suite coin icons" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - release-coin-icons: - if: github.repository == 'trezor/trezor-suite' - environment: production-icons - runs-on: ubuntu-latest - env: - AWS_REGION: "eu-central-1" - AWS_CLOUDFRONT_ID: E1ERY5K2OTKKI1 - COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Download crypto icons - run: | - yarn install - cd suite-common/icons-deprecated - yarn download-crypto-icons - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production_icons - aws-region: ${{ env.AWS_REGION }} - - - name: Upload crypto icons - run: | - aws s3 sync suite-common/icons-deprecated/files/cryptoIcons s3://data.trezor.io/suite/icons/coins - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/suite/icons/coins/*' diff --git a/.github/workflows/release-suite-definitions.yml b/.github/workflows/release-suite-definitions.yml deleted file mode 100644 index 0bb210b6428..00000000000 --- a/.github/workflows/release-suite-definitions.yml +++ /dev/null @@ -1,97 +0,0 @@ -name: "[Release] suite definitions" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - environment: - description: "Release definitions environment" - type: choice - options: - - develop-definitions - - production-definitions - required: true - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - release-suite-definitions: - environment: ${{ github.event.inputs.environment }} - runs-on: ubuntu-latest - env: - AWS_REGION: "eu-central-1" - AWS_CLOUDFRONT_ID: E1ERY5K2OTKKI1 - COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ github.event.inputs.environment == 'develop-definitions' && 'arn:aws:iam::538326561891:role/gh_actions_suite_develop_definitions' || 'arn:aws:iam::538326561891:role/gh_actions_suite_production_definitions' }} - aws-region: ${{ env.AWS_REGION }} - - - name: Build and sign ${{ github.event.inputs.environment }} token-definitions - if: ${{ github.event.inputs.environment == 'develop-definitions' && github.ref == 'refs/heads/develop' }} - run: | - yarn install - cd suite-common/token-definitions - yarn nfts simple ethereum jws - yarn nfts simple polygon-pos jws - yarn nfts simple binance-smart-chain jws - yarn nfts simple optimistic-ethereum jws - yarn nfts simple base jws - yarn nfts simple arbitrum-one jws - yarn coins simple ethereum jws - yarn coins simple ethereum-classic jws - yarn coins simple polygon-pos jws - yarn coins simple binance-smart-chain jws - yarn coins simple optimistic-ethereum jws - yarn coins simple base jws - yarn coins simple arbitrum-one jws - yarn coins simple cardano jws - yarn coins simple solana jws - yarn coins advanced solana json - - - name: Build and sign ${{ github.event.inputs.environment }} token-definitions files - if: ${{ github.event.inputs.environment == 'production-definitions' && github.ref == 'refs/heads/develop' }} - env: - IS_CODESIGN_BUILD: "true" - JWS_PRIVATE_KEY_ENV: ${{ secrets.JWS_PRIVATE_KEY_ENV }} - run: | - yarn install - cd suite-common/token-definitions - yarn nfts simple ethereum jws - yarn nfts simple polygon-pos jws - yarn nfts simple binance-smart-chain jws - yarn nfts simple optimistic-ethereum jws - yarn nfts simple base jws - yarn nfts simple arbitrum-one jws - yarn coins simple ethereum jws - yarn coins simple ethereum-classic jws - yarn coins simple polygon-pos jws - yarn coins simple binance-smart-chain jws - yarn coins simple optimistic-ethereum jws - yarn coins simple base jws - yarn coins simple arbitrum-one jws - yarn coins simple cardano jws - yarn coins simple solana jws - yarn coins advanced solana json - - - name: Upload ${{ github.event.inputs.environment }} token-definitions files - if: ${{ github.ref == 'refs/heads/develop' }} - run: | - if [ '${{ github.event.inputs.environment }}' == 'production-definitions' ] - then - aws s3 sync --delete suite-common/token-definitions/files/ s3://data.trezor.io/suite/definitions/stable/ --cache-control no-cache - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/suite/definitions/stable/*' - else - aws s3 sync --delete suite-common/token-definitions/files/ s3://data.trezor.io/suite/definitions/develop/ --cache-control no-cache - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/suite/definitions/develop/*' - fi diff --git a/.github/workflows/release-suite-desktop-web-production.yml b/.github/workflows/release-suite-desktop-web-production.yml deleted file mode 100644 index f7e431ad541..00000000000 --- a/.github/workflows/release-suite-desktop-web-production.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: "[Release] publish suite-desktop and suite-web production" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - publishWebProduction: - description: "Publish Suite web production." - required: false - type: boolean - default: false - publishDesktopProduction: - description: "Publish Suite desktop production" - required: false - type: boolean - default: false - desktopReleaseChannel: - description: "Release channel for Suite desktop auto-update" - required: false - type: choice - options: - - canary - - latest - updateStagingPercentage: - description: "Suite desktop auto-update percentage" - required: false - type: boolean - default: false - setStagingPercentage: - description: "Number between 0 and 100." - required: false - type: string - -jobs: - sync-canary-suite-desktop: - if: ${{ github.event.inputs.publishDesktopProduction == 'true' && github.event.inputs.desktopReleaseChannel == 'canary' && github.repository == 'trezor/trezor-suite-release' }} - name: "Syncing suite-desktop canary" - environment: suite-production - runs-on: trezor-suite-release-runners - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Sync suite-desktop canary - run: | - aws s3 sync --delete s3://staging-data.trezor.io/suite/releases/desktop/canary/ s3://data.trezor.io/suite/releases/desktop/canary/ - aws cloudfront create-invalidation --distribution-id E1ERY5K2OTKKI1 --paths "/suite/releases/desktop/canary/*" - - sync-latest-suite-desktop: - if: ${{ github.event.inputs.publishDesktopProduction == 'true' && github.event.inputs.desktopReleaseChannel == 'latest' && github.repository == 'trezor/trezor-suite-release' }} - name: "Syncing suite-desktop latest" - environment: suite-production - runs-on: trezor-suite-release-runners - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Sync suite-desktop latest - run: | - aws s3 sync --delete s3://staging-data.trezor.io/suite/releases/desktop/latest/ s3://data.trezor.io/suite/releases/desktop/latest/ - aws cloudfront create-invalidation --distribution-id E1ERY5K2OTKKI1 --paths "/suite/releases/desktop/latest/*" - - sync-staging-website: - if: ${{ github.event.inputs.publishWebProduction == 'true' && github.repository == 'trezor/trezor-suite-release' }} - name: "Syncing suite-web staging to production" - environment: suite-production - runs-on: trezor-suite-release-runners - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Sync suite-web staging to production - run: | - aws s3 sync s3://staging-suite.trezor.io s3://suite.trezor.io - aws cloudfront create-invalidation --distribution-id E4TDVEWU4P4CY --paths "/*" - - update-prod-staging-percentage: - if: ${{ github.event.inputs.updateStagingPercentage == 'true' && github.repository == 'trezor/trezor-suite-release' }} - name: "Update staging percentage" - environment: suite-production - runs-on: trezor-suite-release-runners - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Update staging percentage - run: | - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest.yml . - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest-mac.yml . - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest-linux.yml . - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest-linux-arm64.yml . - ./scripts/ci/set-staging-percentage.sh ${{ github.event.inputs.setStagingPercentage }} - aws s3 cp latest.yml s3://data.trezor.io/suite/releases/desktop/latest/latest.yml - aws s3 cp latest-mac.yml s3://data.trezor.io/suite/releases/desktop/latest/latest-mac.yml - aws s3 cp latest-linux.yml s3://data.trezor.io/suite/releases/desktop/latest/latest-linux.yml - aws s3 cp latest-linux-arm64.yml s3://data.trezor.io/suite/releases/desktop/latest/latest-linux-arm64.yml - - name: Invalidate CloudFront cache - run: | - aws cloudfront create-invalidation --distribution-id E1ERY5K2OTKKI1 --paths "/suite/releases/desktop/latest/*" diff --git a/.github/workflows/release-suite-desktop-web-staging.yml b/.github/workflows/release-suite-desktop-web-staging.yml deleted file mode 100644 index fd003f41ad7..00000000000 --- a/.github/workflows/release-suite-desktop-web-staging.yml +++ /dev/null @@ -1,305 +0,0 @@ -name: "[Release] suite-desktop and suite-web staging" - -on: - workflow_dispatch: - inputs: - createTestRelease: - description: "Create a test auto-update release" - required: false - type: boolean - default: false - -env: - IS_CODESIGN_BUILD: "true" - DESKTOP_APP_NAME: "Trezor-Suite" - APPLEID: ${{ secrets.APPLEID }} - APPLEIDPASS: ${{ secrets.APPLEIDPASS }} - APPLETEAMID: ${{ secrets.APPLETEAMID }} - CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} - CSC_LINK: ${{ secrets.CSC_LINK }} - GPG_CSC_KEY_PASSWORD: ${{ secrets.GPG_CSC_KEY_PASSWORD }} - GPG_CSC_LINK: ${{ secrets.GPG_CSC_LINK }} - GPG_CSC_USERID: ${{ secrets.GPG_CSC_USERID }} - JWS_PRIVATE_KEY_ENV: ${{ secrets.JWS_PRIVATE_KEY_ENV }} - WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }} - WIN_CSC_LINK: ${{ secrets.WIN_CSC_LINK }} - WINDOWS_SIGN_TOKEN_PASSWORD: ${{ secrets.WINDOWS_SIGN_TOKEN_PASSWORD }} - WINDOWS_SIGN_CERTIFICATE_NAME: ${{ secrets.WINDOWS_SIGN_CERTIFICATE_NAME }} - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -concurrency: - group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - suite-desktop: - environment: suite-production - if: github.repository == 'trezor/trezor-suite-release' - name: Build suite-desktop-${{ matrix.platform }} - runs-on: ${{ matrix.os }} - timeout-minutes: 40 - strategy: - fail-fast: false - matrix: - include: - - os: macos-sign - platform: linux - - os: macos-sign - platform: mac - - os: macos-sign-win-token - platform: win - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: recursive - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - name: Build ${{ matrix.platform }} suite-desktop - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/* . - - name: Upload suite-desktop production artifacts - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 7 - - suite-desktop-github-release: - if: github.repository == 'trezor/trezor-suite-release' - name: Create GitHub draft release - environment: suite-production - runs-on: trezor-suite-release-runners - needs: suite-desktop - steps: - - name: Checkout code - uses: actions/checkout@v4 - # checkout is only needed for the version number for draft release - - name: Download suite-desktop apps - uses: actions/download-artifact@v4 - with: - pattern: suite-desktop-* - merge-multiple: true - path: ./ - - - name: Create GitHub draft release - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - run: | - gh config set prompt disabled - VERSION=$(jq -r .suiteVersion packages/suite/package.json) - gh release create --repo trezor/trezor-suite --draft v${VERSION} --title "v${VERSION}" ./Trezor-Suite* latest* - - suite-desktop-autoupdate-release: - if: github.repository == 'trezor/trezor-suite-release' - name: Release suite-desktop auto-update to staging data.trezor.io - environment: suite-production - runs-on: trezor-suite-release-runners - needs: suite-desktop - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - name: Download suite-desktop apps - uses: actions/download-artifact@v4 - with: - pattern: suite-desktop-* - merge-multiple: true - path: ./trezor-suite-files - - - name: Upload suite-desktop to staging-data.trezor.io canary - # uploads the files to the staging bucket canary folder (canary does not have staging percentage set) - run: | - aws s3 sync --delete ./trezor-suite-files s3://staging-data.trezor.io/suite/releases/desktop/canary - - - name: Set staging percentage - working-directory: - run: cd ./trezor-suite-files && ../scripts/ci/set-staging-percentage.sh 20 - - - name: Upload suite-desktop to staging-data.trezor.io latest - run: | - VERSION=$(jq -r .suiteVersion packages/suite/package.json) - aws s3 sync --delete ./trezor-suite-files s3://staging-data.trezor.io/suite/releases/desktop/latest - aws s3 sync --delete s3://staging-data.trezor.io/suite/releases/desktop/latest/ s3://staging-data.trezor.io/suite/releases/desktop/v${VERSION}/ - - build-web: - if: github.repository == 'trezor/trezor-suite-release' - name: Build suite-web and deploy to staging-suite.trezor.io - environment: suite-production - runs-on: trezor-suite-release-runners - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - lfs: true - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web @trezor/connect-iframe @trezor/connect-web @trezor/suite-data @trezor/suite-build - - - name: Build suite-web - env: - ASSET_PREFIX: /web - STAGING_SUITE_SERVER_URL: https://staging-suite.trezor.io - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - NODE_ENV=production yarn workspace @trezor/connect-iframe build:lib - yarn workspace @trezor/connect-web build - yarn workspace @trezor/suite-web build - - # this step should upload build result to s3 bucket staging-suite.trezor.io using awscli - - name: Upload suite-web to staging-suite.trezor.io - run: | - cd packages/suite-web - ./scripts/s3sync.sh staging-suite - - create-test-releases: - if: github.repository == 'trezor/trezor-suite-release' && github.event.inputs.createTestRelease == 'true' - name: Create test versions for autoupdate suite-desktop - environment: suite-production - needs: - - suite-desktop - - suite-desktop-github-release - - suite-desktop-autoupdate-release - - build-web - runs-on: ${{ matrix.os }} - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - include: - - os: macos-sign - platform: linux - - os: macos-sign - platform: mac - - os: macos-sign-win-token - platform: win - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: recursive - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - - name: Prepare versions for autoupdate - id: prepare-versions - run: | - sed -E 's/"suiteVersion": "([0-9]+)\.([0-9]+)\.([0-9]+)"/"suiteVersion": "0.\1.\2"/' packages/suite/package.json > version0.json - sed -E 's/"suiteVersion": "2([0-9]+)\.([0-9]+)\.([0-9]+)"/"suiteVersion": "3\1.\2.\3"/' packages/suite/package.json > version3.json - echo "VERSION0=$(jq -r .suiteVersion version0.json)" >> $GITHUB_OUTPUT - echo "VERSION3=$(jq -r .suiteVersion version3.json)" >> $GITHUB_OUTPUT - - - name: Build ${{ matrix.platform }} suite-desktop autoupdate version 0.xx.x - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - mv version0.json packages/suite/package.json - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/Trezor-Suite* . - mv packages/suite-desktop/build-electron/latest*.yml . - - - name: Upload suite-desktop autoupdate version 0.xx.x artifacts - uses: actions/upload-artifact@v4 - with: - name: AUTOUPDATE-TEST-suite-desktop-${{steps.prepare-versions.outputs.VERSION0}}-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 3 - - - name: Remove suite-desktop autoupdate version 0.xx.x before building version 3x.x.x - run: | - rm -rf Trezor-Suite* - rm -rf latest*.yml - - - name: Build ${{ matrix.platform }} suite-desktop autoupdate version 3x.x.x - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - mv version3.json packages/suite/package.json - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/Trezor-Suite* . - mv packages/suite-desktop/build-electron/latest*.yml . - - - name: Upload suite-desktop autoupdate version 3x.x.x artifacts - uses: actions/upload-artifact@v4 - with: - name: AUTOUPDATE-TEST-suite-desktop-${{steps.prepare-versions.outputs.VERSION3}}-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 1 - - suite-desktop-autoupdate-test-upload: - if: github.repository == 'trezor/trezor-suite-release' && github.event.inputs.createTestRelease == 'true' - name: Upload suite-desktop autoupdate test versions - environment: suite-production - runs-on: runner-deploy1 - needs: create-test-releases - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - name: Download suite-desktop apps - uses: actions/download-artifact@v4 - with: - pattern: AUTOUPDATE-TEST-suite-desktop-35* - merge-multiple: true - path: /home/github-runner/files/trezor-suite-release/autoupdate-test/ - - - name: Fix file permissions - run: | - chmod -R 775 /home/github-runner/files/trezor-suite-release/autoupdate-test/ diff --git a/.github/workflows/release-suite-message-system-config.yml b/.github/workflows/release-suite-message-system-config.yml deleted file mode 100644 index 03163e472c1..00000000000 --- a/.github/workflows/release-suite-message-system-config.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: "[Release] suite message system config" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - release-config: - if: ${{ github.repository == 'trezor/trezor-suite' && (github.ref == 'refs/heads/release-message-system-production' || github.ref == 'refs/heads/release-message-system-develop') }} - environment: ${{ github.ref == 'refs/heads/release-message-system-production' && 'production-message' || 'develop-message' }} - runs-on: ubuntu-latest - env: - RELEASE_ENV: ${{ github.ref == 'refs/heads/release-message-system-production' && 'production' || 'develop' }} - AWS_REGION: "eu-central-1" - AWS_CLOUDFRONT_ID: E1ERY5K2OTKKI1 - ROLE_TO_ASSUME: ${{ github.ref == 'refs/heads/release-message-system-production' && 'arn:aws:iam::538326561891:role/gh_actions_suite_production_message' || 'arn:aws:iam::538326561891:role/gh_actions_suite_develop_message' }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ env.ROLE_TO_ASSUME }} - aws-region: ${{ env.AWS_REGION }} - - - name: Build and sign ${{ env.RELEASE_ENV }} message-system config file - env: - IS_CODESIGN_BUILD: ${{ env.RELEASE_ENV == 'production' && 'true' || 'false' }} - JWS_PRIVATE_KEY_ENV: ${{ secrets.JWS_PRIVATE_KEY_ENV }} - run: | - yarn install - yarn message-system-sign-config - - - name: Upload ${{ env.RELEASE_ENV }} message-system config file - run: | - aws s3 cp suite-common/message-system/files/config.v1.jws s3://data.trezor.io/config/${{ env.RELEASE_ENV == 'production' && 'stable' || 'develop'}}/config.v1.jws --cache-control no-cache - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/config/${{ env.RELEASE_ENV == 'production' && 'stable' || 'develop'}}/*' diff --git a/.github/workflows/release-suite-native-develop.yml b/.github/workflows/release-suite-native-develop.yml deleted file mode 100644 index 28f45133536..00000000000 --- a/.github/workflows/release-suite-native-develop.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: "[Release] suite-native develop" - -on: - push: - branches: - - develop - paths: - - "suite-native/**" - - "suite-common/**" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - build: - if: github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private' - name: Install and build - environment: develop-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: 14.7.1 - token: ${{ secrets.EXPO_TOKEN }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - name: Build on EAS Android - run: eas build - --platform android - --profile develop - --non-interactive - --no-wait - --message ${{ github.sha }} - working-directory: suite-native/app - - name: Build on EAS iOS - run: eas build - --platform ios - --profile develop - --non-interactive - --auto-submit - --no-wait - --message ${{ github.sha }} - working-directory: suite-native/app diff --git a/.github/workflows/release-suite-native-production.yml b/.github/workflows/release-suite-native-production.yml deleted file mode 100644 index a9716c01beb..00000000000 --- a/.github/workflows/release-suite-native-production.yml +++ /dev/null @@ -1,120 +0,0 @@ -name: "[Release] suite-native production" - -on: - workflow_dispatch: - inputs: - PLATFORM: - type: choice - options: - - iOS & Android - - iOS - - Android - - Android APK - description: Select platform to run build - required: true - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - ios: - if: ${{ (github.event.inputs.PLATFORM == 'iOS' || github.event.inputs.PLATFORM == 'iOS & Android') && (github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private') }} - name: Build and submit iOS - environment: production-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: 14.7.1 - token: ${{ secrets.EXPO_TOKEN }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - name: Build on EAS iOS - run: eas build - --platform ios - --profile production - --non-interactive - --auto-submit - --message ${{ github.sha }} - working-directory: suite-native/app - android: - if: ${{ github.event.inputs.PLATFORM == 'Android' || github.event.inputs.PLATFORM == 'iOS & Android' && (github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private') }} - name: Build and submit Android - environment: production-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: 14.7.1 - token: ${{ secrets.EXPO_TOKEN }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - name: Build on EAS Android - run: eas build - --platform android - --profile production - --non-interactive - --auto-submit - --message ${{ github.sha }} - working-directory: suite-native/app - androidAPK: - if: ${{ github.event.inputs.PLATFORM == 'Android APK' && (github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private') }} - name: Build standalone Android APK and release to S3 - environment: production-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: 14.7.1 - token: ${{ secrets.EXPO_TOKEN }} - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_mobile_prod_deploy - aws-region: eu-central-1 - - name: Install libs - run: yarn workspaces focus @suite-native/app - - - name: Get Suite version - id: get_version - run: | - APP_VERSION=$(jq -r '.suiteNativeVersion' suite-native/app/package.json) - echo "app_version=$APP_VERSION" >> $GITHUB_OUTPUT - - - name: Build on EAS Android - working-directory: suite-native/app - id: eas_build - run: | - BUILD_ID=$(eas build --platform android --profile productionAPK --non-interactive --message ${{ github.sha }} --wait --json | jq -r '.[0].id') - BUILD_URL=$(eas build:view "$BUILD_ID" --json | jq -r '.artifacts.buildUrl') - echo "build_url=$BUILD_URL" >> $GITHUB_OUTPUT - - - name: Upload APK to S3 - run: | - wget -O "Trezor-Suite-${{ steps.get_version.outputs.app_version }}.apk" "${{ steps.eas_build.outputs.build_url }}" - aws s3 cp "./Trezor-Suite-${{ steps.get_version.outputs.app_version }}.apk" s3://data.trezor.io/suite/releases/mobile/ diff --git a/.github/workflows/suite-native-monthly-version-bump.yml b/.github/workflows/suite-native-monthly-version-bump.yml deleted file mode 100644 index 7eeee0ae4f9..00000000000 --- a/.github/workflows/suite-native-monthly-version-bump.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "[Bot] suite-native monthly version bump" -permissions: - pull-requests: write -on: - schedule: - # Runs on the first day of every month at 00:00 UTC - - cron: "0 0 1 * *" - -jobs: - bump_native_version: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Setup Node.js - uses: actions/setup-node@v4 - - - name: Set Version Variable - run: | - YEAR=$(date +%y) - MONTH=$(date +%-m) - echo NEW_VERSION="$YEAR.$MONTH.1" >> $GITHUB_ENV - - - name: Update Version of package.json - run: jq --indent 4 --arg version "$NEW_VERSION" '.suiteNativeVersion = $version' suite-native/app/package.json > temp.json && mv temp.json suite-native/app/package.json - - - name: Create Pull Request - uses: peter-evans/create-pull-request@v6 - with: - commit-message: "chore(suite-native): bump version to ${{ env.NEW_VERSION }}" - title: "chore(suite-native): bump version to ${{ env.NEW_VERSION }}" - body: | - Automated version bump to follow YY.MM.MINOR convention - - - Updates version in package.json to ${{ env.NEW_VERSION }} - branch: "chore/native/bump-version-to-${{ env.NEW_VERSION }}" - base: "develop" - delete-branch: true - labels: mobile, ci diff --git a/.github/workflows/template-connect-popup-test-params.yml b/.github/workflows/template-connect-popup-test-params.yml deleted file mode 100644 index aee544a62cb..00000000000 --- a/.github/workflows/template-connect-popup-test-params.yml +++ /dev/null @@ -1,217 +0,0 @@ -name: "[Template] connect-popup test params" - -on: - workflow_call: - inputs: - testName: - description: "Test name to be run (e.g. `analytics` or `popup-close`)" - type: "string" - required: true - serverHostname: - description: "URL used by popup connect tests (e.g. dev.suite.sldev.cz)" - type: "string" - required: true - runWebextension: - description: "Flag to indicate whether to run the webextension job" - type: "boolean" - required: false - default: false - runWeb: - description: "Flag to indicate whether to run the web job" - type: "boolean" - required: false - default: true - runCoreInPopup: - description: "Flag to indicate whether to run the core-in-popup job" - type: "boolean" - required: false - default: false - buildOverview: - description: "Flag to indicate whether to build connect-popup-overview.html" - type: "boolean" - required: false - default: false - -jobs: - web: - name: web - runs-on: ubuntu-latest - if: ${{ inputs.runWeb }} - timeout-minutes: 60 - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - - name: Extract branch name - run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - id: extract_branch - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-popup - - - name: Run connect popup test - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - # skip settings page, this url is set at build time anyway - #TREZOR_CONNECT_SRC: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_JOB_NAME: ${{ inputs.testName }}-${{ github.run_attempt }} - run: | - ./docker/docker-connect-popup-ci.sh ${{ inputs.testName }} - - - name: Prepare static overview - if: ${{ inputs.buildOverview }} - run: | - echo "Preparing static overview" - mkdir -p tmp_overview_directory - cp -R ./packages/connect-popup/e2e/screenshots/* tmp_overview_directory/ - cp packages/connect-popup/connect-popup-overview.html tmp_overview_directory/connect-popup-overview.html - - - name: Upload static overview artifact - uses: actions/upload-artifact@v4 - if: ${{ inputs.buildOverview }} - with: - name: core-in-popup-static-overview-${{ inputs.testName }}-${{ github.run_attempt }} - path: | - tmp_overview_directory/ - - - name: Upload artifacts - if: failure() - uses: actions/upload-artifact@v4 - with: - name: web-test-artifacts-${{ inputs.testName }}-${{ github.run_attempt }}-${{ github.run_id }} - path: | - packages/connect-popup/test-results - - - name: Check Test Success - run: | - # If there is `test-results` it means it has failed. - if [ -f "packages/connect-popup/test-results" ]; then - echo "Tests failed" - exit 1 - fi - - webextension: - name: webextension - runs-on: ubuntu-latest - if: ${{ inputs.runWebextension }} - timeout-minutes: 60 - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - - name: Extract branch name - run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - id: extract_branch - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-popup - - - name: Download artifact from build - uses: actions/download-artifact@v4 - with: - name: connect-explorer-webextension-${{ inputs.serverHostname }} - path: | - packages/connect-explorer/build-webextension - - - name: Build example webextension - if: ${{ inputs.testName == 'webextension-example.test' }} - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - run: | - yarn workspace @trezor/connect-web build:webextension - yarn workspace @trezor/connect-web build:inline - node packages/connect-examples/update-webextensions.js --trezor-connect-src "${URL}" --npm-src "${URL}trezor-connect.js" - - - name: Run connect popup test - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - #TREZOR_CONNECT_SRC: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - IS_WEBEXTENSION: true - run: | - ./docker/docker-connect-popup-ci.sh ${{ inputs.testName }} - - - name: Upload artifacts - # We upload test artifacts only if it fails and we use it to `Check Test Success` in next step. - if: failure() - uses: actions/upload-artifact@v4 - with: - name: webextension-test-artifacts-${{ inputs.testName }}-${{ github.run_attempt }}-${{ github.run_id }} - path: | - packages/connect-popup/test-results - - - name: Check Test Success - run: | - # If there is `test-results` it means it has failed. - if [ -f "packages/connect-popup/test-results" ]; then - echo "Tests failed" - exit 1 - fi - - core_in_popup: - name: core_in_popup - runs-on: ubuntu-latest - if: ${{ inputs.runCoreInPopup }} - timeout-minutes: 60 - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - - name: Extract branch name - run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - id: extract_branch - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-popup - - - name: Run connect popup test - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/?core-mode=popup - CORE_IN_POPUP: true - # skip settings page, this url is set at build time anyway - #TREZOR_CONNECT_SRC: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_JOB_NAME: ${{ inputs.testName }}-${{ github.run_attempt }} - run: | - ./docker/docker-connect-popup-ci.sh ${{ inputs.testName }} - - - name: Prepare static overview - if: ${{ inputs.buildOverview }} - run: | - echo "Preparing static overview" - mkdir -p tmp_overview_directory - cp -R ./packages/connect-popup/e2e/screenshots/* tmp_overview_directory/ - cp packages/connect-popup/connect-popup-overview.html tmp_overview_directory/connect-popup-overview.html - - - name: Upload static overview artifact - uses: actions/upload-artifact@v4 - if: ${{ inputs.buildOverview }} - with: - name: static-overview-${{ inputs.testName }}-${{ github.run_attempt }} - path: | - tmp_overview_directory/ - - - name: Upload artifacts - if: failure() - uses: actions/upload-artifact@v4 - with: - name: core-in-popup-test-artifacts-${{ inputs.testName }}-${{ github.run_attempt }}-${{ github.run_id }} - path: | - packages/connect-popup/test-results - - - name: Check Test Success - run: | - # If there is `test-results` it means it has failed. - if [ -f "packages/connect-popup/test-results" ]; then - echo "Tests failed" - exit 1 - fi diff --git a/.github/workflows/template-connect-test-params.yml b/.github/workflows/template-connect-test-params.yml deleted file mode 100644 index b7b052ac1b3..00000000000 --- a/.github/workflows/template-connect-test-params.yml +++ /dev/null @@ -1,103 +0,0 @@ -name: "[Template] connect unit" -on: - workflow_call: - inputs: - testPattern: - description: "Test pattern to use to match for test files (example: `init` or `methods`)" - type: "string" - required: true - includeFilter: - description: "List of methods to include in tests (example: applySettings,applyFlags,getFeatures)" - type: "string" - required: false - testsFirmware: - description: "Firmware version for the tests (example: 2-latest, 2.2.0, 2-main)" - type: "string" - required: false - default: "2-latest" - testFirmwareModel: - description: "Firmware model for the tests (example: T3T1)" - type: "string" - required: false - testDescription: - description: "A description to make test title more descriptive (example: T3T1-latest)" - type: "string" - required: false - default: "" - testRandomizedOrder: - description: "Tests will be run in randomized order" - type: "boolean" - required: false - default: false - # After migrating from testnet 3 to testnet 4 using `disable_cache_tx=true` should be required for tests where tx are used. - disable_cache_tx: - description: "Disable Cache transactions (when `true` tests don't use cache for transactions)" - type: "string" - required: false - default: false - transport: - description: "Transport to use (example: bridge, node-bridge)" - type: "string" - required: false - default: "Bridge" - testEnv: - description: "Environment to test (example: node, web)" - type: "string" - required: true - -jobs: - test: - name: "${{ inputs.testDescription }}" - runs-on: ubuntu-latest - timeout-minutes: 60 - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - if: ${{ inputs.testEnv == 'web' }} - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - # Install dependencies only for @trezor/connect package - - if: ${{ inputs.testEnv == 'web' }} - run: yarn workspaces focus @trezor/connect - - if: ${{ inputs.testEnv == 'web' }} - name: Retrieve build connect-web - uses: actions/download-artifact@v4 - with: - name: build-artifact-connect-web - path: packages/connect-web/build - - if: ${{ inputs.testEnv == 'web' }} - name: Retrieve build connect-iframe - uses: actions/download-artifact@v4 - with: - name: build-artifact-connect-iframe - path: packages/connect-iframe/build - - if: ${{ inputs.testEnv == 'web' }} - run: cd packages/connect-iframe && tree . - - if: ${{ inputs.testEnv == 'web' }} - name: "Echo download path" - run: echo ${{steps.download.outputs.download-path}} - - # todo: ideally do not install everything. possibly only devDependencies could be enough for testing (if there was not for building libs)? - - if: ${{ inputs.testEnv == 'node' }} - run: sed -i "/\"node\"/d" package.json - - if: ${{ inputs.testEnv == 'node' }} - run: yarn workspaces focus @trezor/connect - - - if: ${{ inputs.disable_cache_tx == 'true' }} - run: echo "ADDITIONAL_ARGS=-c" >> "$GITHUB_ENV" - - if: ${{ inputs.testFirmwareModel }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -m ${{ inputs.testFirmwareModel }}" >> "$GITHUB_ENV" - - if: ${{ inputs.includeFilter }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -i ${{ inputs.includeFilter }}" >> "$GITHUB_ENV" - - if: ${{ inputs.testRandomizedOrder }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -r" >> "$GITHUB_ENV" - - if: ${{ inputs.transport }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -t ${{ inputs.transport }}" >> "$GITHUB_ENV" - - run: './docker/docker-connect-test.sh ${{ inputs.testEnv }} -p "${{ inputs.testPattern }}" -f "${{ inputs.testsFirmware }}" $ADDITIONAL_ARGS' diff --git a/.github/workflows/test-blockchain-link.yml b/.github/workflows/test-blockchain-link.yml deleted file mode 100644 index ede8dfba7af..00000000000 --- a/.github/workflows/test-blockchain-link.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: "[Test] blockchain-link e2e" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - pull_request: - paths: - - "packages/blockchain-link/**" - - "packages/blockchain-link-utils/**" - - "packages/blockchain-link-types/**" - - "packages/e2e-utils/src/fixtures/blockbook.ts" - - "packages/e2e-utils/src/mocks/backendServer.ts" - # dependencies of packages/blockchain-link - - "packages/utxo-lib/**" - - "packages/utils/**" - - "docker/docker-blockchain-link-test.sh" - - ".github/workflows/blockchain-link-test.yml" - - "yarn.lock" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - test: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn --immutable - - - name: Build dependencies - run: yarn build:libs - - - name: Build @trezor/blockchain-link workers - run: | - yarn workspace @trezor/blockchain-link build:workers - - - name: Run E2E tests - run: ./docker/docker-blockchain-link-test.sh diff --git a/.github/workflows/test-connect-misc.yml b/.github/workflows/test-connect-misc.yml deleted file mode 100644 index a5912cc6064..00000000000 --- a/.github/workflows/test-connect-misc.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: "[Test] connect misc" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - ".github/workflows/test-connect-misc.yml" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - install-connect: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - timeout-minutes: 60 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: true - - - run: ./packages/connect/e2e/test-npm-install.sh beta - - run: ./packages/connect/e2e/test-npm-install.sh latest - - run: ./packages/connect/e2e/test-yarn-install.sh beta - - run: ./packages/connect/e2e/test-yarn-install.sh latest - - test-protobuf: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - timeout-minutes: 60 - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn workspace @trezor/protobuf update:protobuf - - run: yarn workspace @trezor/protobuf update:schema diff --git a/.github/workflows/test-connect-popup.yml b/.github/workflows/test-connect-popup.yml deleted file mode 100644 index 59aa9c1c490..00000000000 --- a/.github/workflows/test-connect-popup.yml +++ /dev/null @@ -1,143 +0,0 @@ -name: "[Build/Test] connect-popup e2e" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/connect/**" - - "packages/connect-common/**" - - "packages/connect-iframe/**" - - "packages/connect-explorer/**" - - "packages/connect-webextension/**" - - "packages/connect-web/**" - - "packages/connect-popup/**" - - "packages/connect-examples/webextension-mv2/**" - - "packages/connect-examples/webextension-mv3/**" - - "packages/connect-explorer-theme/**" - - "submodules/trezor-common/**" - - "yarn.lock" - - ".github/workflows/connect-dev-release-test.yml" - - ".github/workflows/template-connect-popup-test-params.yml" - - ".github/actions/release-connect/**" - - "docker/docker-connect-popup-ci.sh" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - extract-branch: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - outputs: - branch: ${{ steps.extract_branch.outputs.branch }} - steps: - - name: Extract branch name - id: extract_branch - run: | - BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" - echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT - - build-deploy: - needs: [extract-branch] - runs-on: ubuntu-latest - timeout-minutes: 60 - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ needs.extract-branch.outputs.branch }} - - - name: Release connect to dev environment - uses: ./.github/actions/release-connect - with: - awsRoleToAssume: "arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy" - awsRegion: "eu-central-1" - serverHostname: "dev.suite.sldev.cz" - serverPath: "connect/${{ needs.extract-branch.outputs.branch }}" - uploadArtifacts: "true" - buildArtifacts: "true" - nodeEnv: "development" - - methods: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: methods.test - serverHostname: dev.suite.sldev.cz - runWebextension: ${{ github.event_name == 'schedule' }} - runCoreInPopup: true - buildOverview: true - - popup-close: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: popup-close.test - serverHostname: dev.suite.sldev.cz - runWebextension: true - runCoreInPopup: true - - passphrase: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: passphrase.test - serverHostname: dev.suite.sldev.cz - runWebextension: true - runCoreInPopup: true - - popup-pages: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: popup-pages.test - serverHostname: dev.suite.sldev.cz - - browser-support: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: browser-support.test - serverHostname: dev.suite.sldev.cz - - permissions: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: permissions.test - serverHostname: dev.suite.sldev.cz - - transport: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: transport.test - serverHostname: dev.suite.sldev.cz - - # Disabling it for now since after adding testnet 4 as default it is failing and - # it runs not in our code so we cannot update it. - # unchained: - # needs: [build-deploy] - # uses: ./.github/workflows/template-connect-popup-test-params.yml - # with: - # testName: unchained.test - # serverHostname: dev.suite.sldev.cz - # runWeb: ${{ github.event_name == 'schedule' }} - - webextension-examples: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: webextension-example.test - serverHostname: dev.suite.sldev.cz - runWebextension: true - runWeb: false diff --git a/.github/workflows/test-connect-web.yml b/.github/workflows/test-connect-web.yml deleted file mode 100644 index 7fe9aff801d..00000000000 --- a/.github/workflows/test-connect-web.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: "[Test] connect-web e2e" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/connect/**" - - "packages/connect-common/**" - - "packages/utils/**" - - ".github/workflows/connect-web-e2e-test.yml" - - "yarn.lock" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - connect-web-e2e: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - timeout-minutes: 60 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: true - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-web - - - name: Run E2E tests - run: yarn workspace @trezor/connect-web test:e2e diff --git a/.github/workflows/test-connect.yml b/.github/workflows/test-connect.yml deleted file mode 100644 index 5a095e49054..00000000000 --- a/.github/workflows/test-connect.yml +++ /dev/null @@ -1,208 +0,0 @@ -name: "[Test] connect core e2e" - -# run only if there are changes in connect or related libs paths -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/blockchain-link/**" - - "packages/connect-common/**" - - "packages/connect-iframe/**" - - "packages/connect-web/**" - - "packages/connect/**" - - "packages/protobuf/**" - - "packages/schema-utils/**" - - "packages/transport/**" - - "packages/utils/**" - - "packages/utxo-lib/**" - - "docker/**" - - "submodules/trezor-common/**" - - "yarn.lock" - - ".github/workflows/test-connect.yml" - - ".github/workflows/template-connect-test-params.yml" - - "docker/docker-connect-test.sh" - - "docker/docker-compose.connect-test.yml" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - # todo: meaning of 'build' job is questionable. only 'web' tests use part of this jobs output - build: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - timeout-minutes: 60 - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - cache-dependency-path: "**/yarn.lock" - - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - - run: yarn workspaces focus @trezor/connect-iframe @trezor/connect-web - - run: yarn workspace @trezor/connect-iframe build - - run: yarn workspace @trezor/connect-web build - # upload + download takes longer than doing yarn build:libs - - name: Upload build connect-web - uses: actions/upload-artifact@v4 - with: - name: build-artifact-connect-web - path: packages/connect-web/build - - name: Upload build connect-iframe - uses: actions/upload-artifact@v4 - with: - name: build-artifact-connect-iframe - path: packages/connect-iframe/build - - set-matrix: - runs-on: ubuntu-latest - timeout-minutes: 60 - outputs: - dailyMatrix: ${{ steps.set-matrix-daily.outputs.dailyMatrix }} - otherDevicesMatrix: ${{ steps.set-matrix-other-devices.outputs.otherDevicesMatrix }} - allFwsMatrix: ${{ steps.set-matrix-all-firmwares.outputs.allFwsMatrix }} - allTransportsMatrix: ${{ steps.set-matrix-all-transports.outputs.allTransportsMatrix }} - modelOneMatrix: ${{ steps.set-matrix-model-one.outputs.modelOneMatrix }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set daily matrix - id: set-matrix-daily - run: echo "dailyMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js --model=T2T1 --firmware=2-latest --env=all --groups=api,api-flaky --disable_cache_tx=true --transport=2.0.33)" >> $GITHUB_OUTPUT - - - name: Set all firmwares matrix - id: set-matrix-all-firmwares - run: echo "allFwsMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js --model=T2T1 --firmware=all --env=all --groups=all --disable_cache_tx=false --transport=2.0.33)" >> $GITHUB_OUTPUT - - - name: Set other devices matrix - id: set-matrix-other-devices - run: echo "otherDevicesMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js --model=all --firmware=2-main --env=node --groups=api --disable_cache_tx=true --transport=2.0.33)" >> $GITHUB_OUTPUT - - - name: Set all transports matrix - id: set-matrix-all-transports - run: echo "allTransportsMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js --model=T2T1 --firmware=2-latest --env=node --groups=api --disable_cache_tx=true --transport=all)" >> $GITHUB_OUTPUT - - - name: Set trezor model one matrix - id: set-matrix-model-one - run: echo "modelOneMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js --model=T1B1 --firmware=1-latest --env=node --groups=api --disable_cache_tx=true --transport=2.0.33)" >> $GITHUB_OUTPUT - - PR-check: - needs: [build, set-matrix] - name: PR-check ${{ matrix.key }} - if: github.repository == 'trezor/trezor-suite' - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.groups.pattern }} - includeFilter: ${{ matrix.groups.includeFilter }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.env }}-${{ matrix.groups.pattern }}-${{ matrix.groups.name }} - disable_cache_tx: ${{ matrix.disable_cache_tx }} - transport: ${{ matrix.transport }} - testEnv: ${{ matrix.env }} - testFirmwareModel: ${{ matrix.model }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.dailyMatrix) }} - - randomized-order: - needs: [build, set-matrix] - name: randomized ${{ matrix.key }} - if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.repository == 'trezor/trezor-suite' - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.groups.pattern }} - includeFilter: ${{ matrix.groups.includeFilter }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.env }}-${{ matrix.groups.pattern }}-${{ matrix.groups.name }} - disable_cache_tx: ${{ matrix.disable_cache_tx }} - transport: ${{ matrix.transport }} - testEnv: ${{ matrix.env }} - testFirmwareModel: ${{ matrix.model }} - testRandomizedOrder: true - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.dailyMatrix) }} - - all-fws: - needs: [build, set-matrix] - name: all-fws ${{ matrix.key }} ${{ matrix.firmware }} - if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.repository == 'trezor/trezor-suite' - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.groups.pattern }} - includeFilter: ${{ matrix.groups.includeFilter }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.firmware }}-${{ matrix.groups.pattern }}-${{ matrix.groups.name }}-${{ matrix.env }} - disable_cache_tx: ${{ matrix.disable_cache_tx }} - transport: ${{ matrix.transport }} - testEnv: ${{ matrix.env }} - testFirmwareModel: ${{ matrix.model }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.allFwsMatrix) }} - - all-models-api: - needs: [build, set-matrix] - name: all-models-api ${{ matrix.key }} - if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.repository == 'trezor/trezor-suite' - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.groups.pattern }} - includeFilter: ${{ matrix.groups.includeFilter }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.model }}-${{ matrix.firmware }} - disable_cache_tx: ${{ matrix.disable_cache_tx }} - transport: ${{ matrix.transport }} - testEnv: ${{ matrix.env }} - testFirmwareModel: ${{ matrix.model }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.otherDevicesMatrix) }} - - all-transports: - needs: [build, set-matrix] - name: all-transports-api ${{ matrix.key }} - if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.repository == 'trezor/trezor-suite' - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.groups.pattern }} - includeFilter: ${{ matrix.groups.includeFilter }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.transport }} - disable_cache_tx: ${{ matrix.disable_cache_tx }} - transport: ${{ matrix.transport }} - testEnv: ${{ matrix.env }} - testFirmwareModel: ${{ matrix.model }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.allTransportsMatrix) }} - - model-one-api: - needs: [build, set-matrix] - name: model-one-api ${{ matrix.key }} - if: (github.event_name == 'schedule' || github.event_name == 'workflow_dispatch') && github.repository == 'trezor/trezor-suite' - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.groups.pattern }} - includeFilter: ${{ matrix.groups.includeFilter }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.model }}-${{ matrix.firmware }} - disable_cache_tx: ${{ matrix.disable_cache_tx }} - transport: ${{ matrix.transport }} - testEnv: ${{ matrix.env }} - testFirmwareModel: ${{ matrix.model }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.modelOneMatrix) }} diff --git a/.github/workflows/test-misc.yml b/.github/workflows/test-misc.yml deleted file mode 100644 index f571d11a4de..00000000000 --- a/.github/workflows/test-misc.yml +++ /dev/null @@ -1,90 +0,0 @@ -name: "[Test] misc" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - pull_request: - paths: - - ".github/workflows/test-misc.yml" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - urls-health: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn workspace @trezor/urls test:e2e - - translations-unused: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn workspace @trezor/suite translations:list-unused - - media-duplicates: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - strategy: - fail-fast: false - matrix: - extension: [".png", ".jpg", ".mp4", ".webm", ".svg"] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - run: ./scripts/ci/find_duplicates.sh ./packages/suite-data/files ${{ matrix.extension }} - - test-unit: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn message-system-sign-config - - run: yarn test:unit - - utility-scripts: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn generate-package @trezor/meow-package - - run: rm -rf packages/meow-package diff --git a/.github/workflows/test-request-manager.yml b/.github/workflows/test-request-manager.yml deleted file mode 100644 index 5e6c39cab77..00000000000 --- a/.github/workflows/test-request-manager.yml +++ /dev/null @@ -1,34 +0,0 @@ -name: "[Test] request-manager" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - pull_request: - paths: - - ".github/workflows/test-request-manager.yml" - - "packages/request-manager/**" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - test-request-manager: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - timeout-minutes: 60 - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - lfs: true - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn workspace @trezor/request-manager test:all diff --git a/.github/workflows/test-suite-desktop-e2e.yml b/.github/workflows/test-suite-desktop-e2e.yml deleted file mode 100644 index 839ffbec170..00000000000 --- a/.github/workflows/test-suite-desktop-e2e.yml +++ /dev/null @@ -1,137 +0,0 @@ -name: "[Test] suite-desktop e2e" -# this workflow builds a desktop version of Suite and runs basic test suite for it - -on: - pull_request: - types: - - opened - - ready_for_review - branches: - - develop - paths-ignore: - - "suite-native/**" - - "packages/connect*/**" - - "packages/react-native-usb/**" - # ignore unrelated github workflows config files - - ".github/workflows/connect*" - - ".github/workflows/suite-native*" - - ".github/workflows/build-desktop*" - - ".github/workflows/release*" - - ".github/workflows/template*" - push: - branches: - - release/2* - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - issue_comment: - types: - - created - -concurrency: - group: > - ${{ - github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || - github.ref - }} - cancel-in-progress: true - -jobs: - run-desktop-tests: - if: > - github.repository == 'trezor/trezor-suite' && - (github.event_name == 'pull_request' || - (github.event_name == 'issue_comment' && github.event.comment.body == '/run-e2e-tests') || - github.event_name == 'workflow_dispatch' || - github.event_name == 'push') - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group=suite" - CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=device-management" - CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=settings" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - # - TEST_GROUP: "@group=metadata" - # CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=passphrase" - CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=other" - CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=wallet" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - - steps: - # Electron requires unprivileged user namespaces to function properly. - # Disabling this security rule allows Electron to create sandboxed processes - # without requiring elevated privileges, which is essential for running the application. - # This is workaround until electron builder solves this issue in future release. - - name: Disable security rule 'Restricted unprivileged user namespaces' - run: sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 - - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Install dependencies, build libs and pull docker images - env: - COMPOSE_FILE: ./docker/docker-compose.suite-desktop-ci.yml - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - docker compose pull ${{ matrix.CONTAINERS }} - - - name: Build electron app.js for tests - run: | - yarn workspace @trezor/suite-desktop build:app - yarn workspace @trezor/suite-desktop build:ui - - - name: Run Playwright e2e desktop tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-desktop-ci.yml - GITHUB_ACTION: true - CURRENTS_PROJECT_ID: 4ytF0E - CURRENTS_RECORD_KEY: ${{ secrets.CURRENTS_RECORD_KEY }} - CURRENTS_CI_BUILD_ID: pr-run-${{github.run_id}} - run: | - docker compose up -d ${{ matrix.CONTAINERS }} - echo "Starting Playwright Desktop test group ${{ matrix.TEST_GROUP }}" - yarn workspace @trezor/suite-desktop-core test:e2e:desktop --forbid-only --grep=${{ matrix.TEST_GROUP }} - - - name: Extract Trezor-user-env and Regtest logs - if: ${{ ! cancelled() }} - run: | - docker cp docker-trezor-user-env-unix-1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker-trezor-user-env-unix-1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker-trezor-user-env-unix-1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - docker logs docker-electrum-regtest-1 > electrum-regtest.txt || true - - - name: Upload Trezor-user-env and Regtest logs - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: emulator-logs-${{ matrix.TEST_GROUP }} - path: | - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt - electrum-regtest.txt - retention-days: 30 - - - name: Docker compose down - env: - COMPOSE_FILE: ./docker/docker-compose.suite-desktop-ci.yml - run: docker compose down - diff --git a/.github/workflows/test-suite-native-e2e-android.yml b/.github/workflows/test-suite-native-e2e-android.yml deleted file mode 100644 index 55c3824b3eb..00000000000 --- a/.github/workflows/test-suite-native-e2e-android.yml +++ /dev/null @@ -1,274 +0,0 @@ -name: "[Test] suite-native Android E2E" - -permissions: - id-token: write # for fetching the OIDC token (needed for aws s3 actions) - -on: - schedule: - - cron: "0 0 * * *" - pull_request: - paths: - - "suite-native/**" - - "suite-common/**" - - "packages/connect/**" - - ".github/workflows/test-suite-native-e2e-android.yml" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -env: - NODE_ENV: "test" - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - RN_SRC_EXT: "e2e.tsx" - -jobs: - prepare_android_test_app: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout project - uses: actions/checkout@v4 - with: - submodules: "true" - - - name: Free Disk Space - uses: jlumbroso/free-disk-space@main - with: - # The free GH runner has limited disk space, so we need to uninstall some preinstalled tools. - dotnet: true - haskell: true - tool-cache: false - android: false - swap-storage: false - large-packages: false - - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Setup node_modules cache - uses: actions/cache@v4 - with: - path: node_modules - key: node_modules/${{ github.ref }}/${{github.run_id}} - - - name: Install Yarn dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn install - - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: temurin - java-version: 17 - - - name: Prebuild native expo project - working-directory: ./suite-native/app - run: yarn prebuild --platform android --clean - - - name: Sign message system config - working-directory: ./suite-common/message-system - run: yarn sign-config - - - name: get Expo app fingerprint - id: expo-fingerprint - working-directory: ./suite-native/app - run: npx @expo/fingerprint ./ > expo-fingerprint.json && node -e "console.log('HASH=' + require('./expo-fingerprint.json').hash)" >> $GITHUB_OUTPUT - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Check if native build exists in AWS bucket - id: s3_build_cache - run: | - if aws s3 ls s3://dev.suite.sldev.cz/suite-mobile/${{ steps.expo-fingerprint.outputs.HASH }} --summarize; - then - echo "hit=true" >> $GITHUB_OUTPUT; - else - echo "hit=false" >> $GITHUB_OUTPUT; - fi - - ################ CACHE HIT - REPLACE JS BUNDLE ONLY ############## - - - name: Setup Android SDK - if: steps.s3_build_cache.outputs.hit == 'true' - uses: android-actions/setup-android@v3 - - - name: Download Apktool - if: steps.s3_build_cache.outputs.hit == 'true' - run: | - wget https://github.com/iBotPeaches/Apktool/releases/download/v2.8.1/apktool_2.8.1.jar -O apktool.jar - wget https://raw.githubusercontent.com/iBotPeaches/Apktool/master/scripts/linux/apktool -O apktool - chmod +x apktool - sudo mv apktool.jar /usr/local/bin/apktool.jar - sudo mv apktool /usr/local/bin/apktool - - - name: Download build from aws bucket - if: steps.s3_build_cache.outputs.hit == 'true' - working-directory: ./suite-native/app - run: aws s3 cp s3://dev.suite.sldev.cz/suite-mobile/${{ steps.expo-fingerprint.outputs.HASH }}/ ./android/app/build/outputs --recursive - - - name: decompile .apk build - if: steps.s3_build_cache.outputs.hit == 'true' - working-directory: ./suite-native/app/android/app/build/outputs/apk/release - run: apktool d app-release.apk -o unpacked - - - name: replace JS bundle - if: steps.s3_build_cache.outputs.hit == 'true' - working-directory: "./suite-native/app" - env: - JS_BUNDLE_PATH: ./android/app/build/outputs/apk/release/unpacked/assets/index.android.bundle - ASSETS_DEST_PATH: ./android/app/build/outputs/apk/release/unpacked/res/ - ENTRY_FILE_PATH: ./suite-native/app/index.js - EXPO_PUBLIC_IS_DETOX_BUILD: true - EXPO_PUBLIC_ENVIRONMENT: debug - run: npx react-native bundle --platform android --dev false --entry-file $ENTRY_FILE_PATH --bundle-output $JS_BUNDLE_PATH --assets-dest $ASSETS_DEST_PATH - - - name: fix native library bundling (extractNativeLibs=true) - if: steps.s3_build_cache.outputs.hit == 'true' - working-directory: "./suite-native/app/android/app/build/outputs/apk/release/unpacked" - run: sed -i 's/android:extractNativeLibs=\"false\"/android:extractNativeLibs=\"true\"/g' AndroidManifest.xml - - - name: compile .apk back - if: steps.s3_build_cache.outputs.hit == 'true' - working-directory: ./suite-native/app/android/app/build/outputs/apk/release - run: apktool b unpacked -o app-release.apk - - - name: sign re-bundled .apk - if: steps.s3_build_cache.outputs.hit == 'true' - working-directory: ./suite-native/app/android/app/build/outputs/apk/release - env: - KEYSTORE_PATH: ../../../../debug.keystore - KEYSTORE_PASSWORD: pass:android - run: $ANDROID_HOME/build-tools/35.0.0/apksigner sign --ks $KEYSTORE_PATH --ks-pass $KEYSTORE_PASSWORD --out app-release.apk app-release.apk - - ############# CACHE MISS - COMPILE A FRESH .APK FILE ############# - - - name: Build a new Detox test .apk - if: steps.s3_build_cache.outputs.hit == 'false' - working-directory: ./suite-native/app - run: ../../node_modules/.bin/detox build -PreactNativeArchitectures=x86_64 --configuration android.emu.release - - - name: save .apk to the aws s3 bucket - if: steps.s3_build_cache.outputs.hit == 'false' - working-directory: ./suite-native/app/android/app/build/outputs - run: aws s3 cp . s3://dev.suite.sldev.cz/suite-mobile/${{ steps.expo-fingerprint.outputs.HASH }}/ --recursive - - - name: Save build to cache - uses: actions/cache/save@v4 - with: - path: | - suite-native/app/android/app/build/ - key: android_test_build/${{ github.ref }}/${{github.run_id}} - - ################################################################### - - run_android_e2e_tests: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - needs: prepare_android_test_app - steps: - - name: Checkout project - uses: actions/checkout@v4 - with: - submodules: "true" - - - name: Free Disk Space - uses: jlumbroso/free-disk-space@main - with: - # Combination of android emulator and trezor-user-env is using a too much disk space - # of a free tier GH action runner, some preinstalled packages have to be removed. - dotnet: true - haskell: true - tool-cache: false - android: false - swap-storage: false - large-packages: false - - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Load node modules cache - uses: actions/cache@v4 - with: - path: node_modules - key: node_modules/${{ github.ref }}/${{github.run_id}} - - - name: Install Yarn dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn install - - - name: Get device name from detox config file - id: device - run: node -e "console.log('AVD_NAME=' + require('./suite-native/app/.detoxrc').devices.emulator.device.avdName)" >> $GITHUB_OUTPUT - - - name: Run trezor-user-env - env: - COMPOSE_FILE: ./docker/docker-compose.suite-native-ci.yml - run: | - docker compose pull trezor-user-env-unix trezor-user-env-regtest - docker compose up --detach trezor-user-env-unix trezor-user-env-regtest - - - name: Read test .apk from cache - uses: actions/cache/restore@v4 - with: - path: | - suite-native/app/android/app/build/ - key: android_test_build/${{ github.ref }}/${{github.run_id}} - - - name: Enable Android emulator KVM optimalization - run: | - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm - - - name: Run Detox E2E Android tests - uses: reactivecircus/android-emulator-runner@v2 - env: - RUNNER_TEMP: /tmp - with: - api-level: 31 - profile: pixel_3a - arch: x86_64 - working-directory: suite-native/app - ram-size: 4096M - force-avd-creation: true - avd-name: ${{ steps.device.outputs.AVD_NAME }} - emulator-options: -no-window -gpu swiftshader_indirect -no-snapshot -noaudio -no-boot-anim -grpc 8554 - script: yarn test:e2e android.emu.release --headless --take-screenshots failing --record-videos failing - - - name: Upload results to Currents.dev - if: ${{ ! cancelled() }} - env: - CURRENTS_PROJECT_ID: iUe1Y4 - CURRENTS_RECORD_KEY: ${{ secrets.CURRENTS_RECORD_KEY }} - working-directory: ./suite-native/app - run: | - npx currents convert \ - --input-format=junit \ - --input-file=./reports/junit-report.xml \ - --output-dir=./currents \ - --framework=postman \ - --framework-version=v11.2.0 - npx currents upload --project-id=${CURRENTS_PROJECT_ID} --key=${CURRENTS_RECORD_KEY} --report-dir ./currents - - - name: "Store failed test screenshot artifacts" - if: ${{failure()}} - uses: actions/upload-artifact@v4 - with: - name: failed-android-tests - path: suite-native/app/artifacts diff --git a/.github/workflows/test-suite-native-e2e-ios.yml b/.github/workflows/test-suite-native-e2e-ios.yml deleted file mode 100644 index 3d46abd9929..00000000000 --- a/.github/workflows/test-suite-native-e2e-ios.yml +++ /dev/null @@ -1,144 +0,0 @@ -name: "[Test] suite-native iOS E2E" - -on: - schedule: - # Runs at midnight (00:00) on every Monday - # So far the iOS do not support Trezor device connection, so it is not necessary to run tests every day. - # Will be probably changed in the future. - - cron: "0 0 * * 1" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -env: - NODE_ENV: "test" - DETOX_BINARY_PATH: ../../node_modules/.bin/detox - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - RN_SRC_EXT: "e2e.tsx" - -jobs: - prepare_ios_test_app: - if: github.repository == 'trezor/trezor-suite' - runs-on: macos-latest - steps: - - name: Checkout project - uses: actions/checkout@v4 - with: - submodules: "true" - - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Setup node_modules cache - uses: actions/cache@v4 - with: - path: node_modules - key: node_modules/${{ github.ref }}/${{github.run_id}} - - - name: Install Yarn dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn install - - - name: Prebuild native expo project - working-directory: ./suite-native/app - run: yarn prebuild --platform ios --clean - - - name: Sign message system config - working-directory: ./suite-common/message-system - run: yarn sign-config - - - name: Use latest stable Xcode - uses: maxim-lobanov/setup-xcode@v1 - with: - xcode-version: 16.1.0 - - - name: Build a Detox test app - working-directory: ./suite-native/app - run: $DETOX_BINARY_PATH build --configuration ios.sim.release - - - name: Store build artifact - uses: actions/upload-artifact@v4 - with: - name: ios-test-build - path: | - suite-native/app/ios/build/Build/Products/Release-iphonesimulator/TrezorSuiteLiteDebug.app - - run_ios_e2e_tests: - runs-on: macos-latest - needs: prepare_ios_test_app - steps: - - name: Checkout project - uses: actions/checkout@v4 - with: - submodules: "true" - - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Load node modules cache - uses: actions/cache@v4 - with: - path: node_modules - key: node_modules/${{ github.ref }}/${{github.run_id}} - - - name: Install Yarn dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn install - - - name: Install macOS dependencies - run: | - brew tap wix/brew - brew install wix/brew/applesimutils - env: - HOMEBREW_NO_AUTO_UPDATE: 1 - HOMEBREW_NO_INSTALL_CLEANUP: 1 - - - name: Download app build artifact - uses: actions/download-artifact@v4 - with: - name: ios-test-build - path: | - suite-native/app/ios/build/Build/Products/Release-iphonesimulator/TrezorSuiteLiteDebug.app - - - name: Prepare iPhone 11 Simulator - run: xcrun simctl create "iPhone 11" com.apple.CoreSimulator.SimDeviceType.iPhone-11 - - - name: Run Detox E2E iOS tests - working-directory: ./suite-native/app - run: | - $DETOX_BINARY_PATH clean-framework-cache && $DETOX_BINARY_PATH build-framework-cache - yarn test:e2e ios.sim.release --headless --take-screenshots failing --record-videos failing - - - name: Upload results to Currents.dev - if: ${{ ! cancelled() }} - env: - CURRENTS_PROJECT_ID: LjEjiV - CURRENTS_RECORD_KEY: ${{ secrets.CURRENTS_RECORD_KEY }} - working-directory: ./suite-native/app - run: | - npx currents convert \ - --input-format=junit \ - --input-file=./reports/junit-report.xml \ - --output-dir=./currents \ - --framework=postman \ - --framework-version=v11.2.0 - npx currents upload --project-id=${CURRENTS_PROJECT_ID} --key=${CURRENTS_RECORD_KEY} --report-dir ./currents - - - name: "Store failed test screenshot artifacts" - if: ${{failure()}} - uses: actions/upload-artifact@v4 - with: - name: failed-ios-tests - path: suite-native/app/artifacts diff --git a/.github/workflows/test-suite-web-e2e-pw.yml b/.github/workflows/test-suite-web-e2e-pw.yml deleted file mode 100644 index ac91e00d297..00000000000 --- a/.github/workflows/test-suite-web-e2e-pw.yml +++ /dev/null @@ -1,203 +0,0 @@ -name: "[Test] suite-web playwright e2e" -# this action runs basic test suite for suite-web and and builds/deploys the web app to dev.suite.sldev.cz/suite-web//web - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -# run only if there are changes in suite or related libs paths -on: - pull_request: - types: - - opened - - ready_for_review - branches: - - develop - paths-ignore: - - "suite-native/**" - - "packages/connect*/**" - # - "packages/suite-desktop*/**" - - "packages/react-native-usb/**" - # ignore unrelated github workflows config files - - ".github/workflows/connect-analytics" - - ".github/workflows/connect-common" - - ".github/workflows/connect-examples" - - ".github/workflows/connect-explorer" - - ".github/workflows/connect-iframe" - - ".github/workflows/connect-mobile" - - ".github/workflows/connect-plugin-*" - - ".github/workflows/connect-popup" - - ".github/workflows/connect-theme" - - ".github/workflows/connect-ui" - - ".github/workflows/connect-webextension" - - ".github/workflows/suite-native*" - - ".github/workflows/build-desktop*" - - ".github/workflows/release*" - - ".github/workflows/template*" - - ".github/actions/release*/**" - push: - branches: - - release/2* - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - issue_comment: - types: - - created - -concurrency: - group: > - ${{ - github.event_name == 'pull_request' && format('pr-{0}', github.event.pull_request.number) || - github.ref - }} - cancel-in-progress: true - -env: - DEV_SERVER_URL: "https://dev.suite.sldev.cz" - STAGING_SUITE_SERVER_URL: "https://staging-suite.trezor.io" - -jobs: - build-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web @trezor/connect-iframe @trezor/connect-web @trezor/suite-data @trezor/suite-build - - - name: Build suite-web - env: - ASSET_PREFIX: /suite-web/${{ steps.extract_branch.outputs.branch }}/web - DESKTOP_APP_NAME: "Trezor-Suite" - run: | - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/suite-web build - # this step should upload build result to s3 bucket dev.suite.sldev.cz using awscli - - name: Upload suite-web to dev.suite.sldev.cz - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/suite-web/${{ steps.extract_branch.outputs.branch }} - run: | - aws s3 sync --delete ./packages/suite-web/build ${DEPLOY_PATH}/web - - e2e-test-suite-web: - if: > - github.repository == 'trezor/trezor-suite' && - (github.event_name == 'pull_request' || - (github.event_name == 'issue_comment' && github.event.comment.body == '/run-e2e-tests') || - github.event_name == 'workflow_dispatch' || - github.event_name == 'push') - runs-on: ubuntu-latest - needs: - - build-web - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group=suite" - CONTAINERS: "trezor-user-env-unix" - # - TEST_GROUP: "@group=device-management" # Disabled because there are no webOnly tests in this group - # CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=settings" - CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=metadata1" - CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=metadata2" - CONTAINERS: "trezor-user-env-unix" - # - TEST_GROUP: "@group=passphrase" - # CONTAINERS: "trezor-user-env-unix" - - TEST_GROUP: "@group=other" - CONTAINERS: "trezor-user-env-unix" - # - TEST_GROUP: "@group=wallet" # Disabled because there are no webOnly tests in this group - # CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{github.event.after}} - fetch-depth: 2 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Install dependencies and pull docker images - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci-pw.yml - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-desktop-core - npx playwright install --with-deps - docker compose pull ${{ matrix.CONTAINERS }} - - - name: Run Playwright e2e web tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci-pw.yml - BASE_URL: https://dev.suite.sldev.cz/suite-web/${{ steps.extract_branch.outputs.branch }}/web/ - GITHUB_ACTION: true - CURRENTS_PROJECT_ID: Og0NOQ - CURRENTS_RECORD_KEY: ${{ secrets.CURRENTS_RECORD_KEY }} - CURRENTS_CI_BUILD_ID: pr-run-${{github.run_id}} - PASSPHRASE: ${{ secrets.E2E_TEST_PASSPHRASE }} - run: | - docker compose up -d ${{ matrix.CONTAINERS }} - echo "Starting Playwright Web test group ${{ matrix.TEST_GROUP }}" - yarn workspace @trezor/suite-desktop-core test:e2e:web --forbid-only --grep="(?=.*${{ matrix.TEST_GROUP }})(?=.*@webOnly)" - - - name: Extract Trezor-user-env and Regtest logs - if: ${{ ! cancelled() }} - run: | - docker cp docker-trezor-user-env-unix-1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker-trezor-user-env-unix-1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker-trezor-user-env-unix-1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - docker logs docker-electrum-regtest-1 > electrum-regtest.txt || true - - - name: Upload Trezor-user-env and Regtest logs - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: emulator-logs-${{ matrix.TEST_GROUP }} - path: | - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt - electrum-regtest.txt - retention-days: 30 - - - name: Docker compose down - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci-pw.yml - run: docker compose down - diff --git a/.github/workflows/test-suite-web-e2e.yml b/.github/workflows/test-suite-web-e2e.yml deleted file mode 100644 index 91b386213ff..00000000000 --- a/.github/workflows/test-suite-web-e2e.yml +++ /dev/null @@ -1,189 +0,0 @@ -name: "[Test] suite-web e2e" -# this action runs basic test suite for suite-web and and builds/deploys the web app to dev.suite.sldev.cz/suite-web//web - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -# run only if there are changes in suite or related libs paths -on: - pull_request: - branches: - - develop - paths-ignore: - - "suite-native/**" - - "packages/connect*/**" - - "packages/suite-desktop*/**" - - "packages/react-native-usb/**" - # ignore unrelated github workflows config files - - ".github/workflows/connect-analytics" - - ".github/workflows/connect-common" - - ".github/workflows/connect-examples" - - ".github/workflows/connect-explorer" - - ".github/workflows/connect-iframe" - - ".github/workflows/connect-mobile" - - ".github/workflows/connect-plugin-*" - - ".github/workflows/connect-popup" - - ".github/workflows/connect-theme" - - ".github/workflows/connect-ui" - - ".github/workflows/connect-webextension" - - ".github/workflows/suite-native*" - - ".github/workflows/build-desktop*" - - ".github/workflows/release*" - - ".github/workflows/template*" - - ".github/actions/release*/**" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -env: - DEV_SERVER_URL: "https://dev.suite.sldev.cz" - STAGING_SUITE_SERVER_URL: "https://staging-suite.trezor.io" - -jobs: - build-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web @trezor/connect-iframe @trezor/connect-web @trezor/suite-data @trezor/suite-build - - - name: Build suite-web - env: - ASSET_PREFIX: /suite-web/${{ steps.extract_branch.outputs.branch }}/web - DESKTOP_APP_NAME: "Trezor-Suite" - run: | - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/suite-web build - # this step should upload build result to s3 bucket dev.suite.sldev.cz using awscli - - name: Upload suite-web to dev.suite.sldev.cz - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/suite-web/${{ steps.extract_branch.outputs.branch }} - run: | - aws s3 sync --delete ./packages/suite-web/build ${DEPLOY_PATH}/web - - e2e-test-suite-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - needs: - - build-web - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group_suite" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_device-management" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_wallet" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{github.event.after}} - fetch-depth: 2 - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: --depth=1 - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web - - - name: Run e2e tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: ${{ steps.extract_branch.outputs.branch }} - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: ${{ matrix.CYPRESS_USE_TREZOR_USER_ENV_BRIDGE }} - CYPRESS_updateSnapshots: false - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{ steps.extract_commit_message.outputs.message }} - run: | - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt diff --git a/.github/workflows/test-suite-web-nightly.yml b/.github/workflows/test-suite-web-nightly.yml deleted file mode 100644 index ef213998eec..00000000000 --- a/.github/workflows/test-suite-web-nightly.yml +++ /dev/null @@ -1,276 +0,0 @@ -name: "[Test] nightly suite-web, migrations and canary" - -# run all suite-web related tests every day at midnight -on: - workflow_dispatch: - schedule: - - cron: "0 0 * * *" - -jobs: - e2e-test-suite-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - strategy: - fail-fast: false - # todo: this setup is duplicated with test-suite-web-e2e.yml - matrix: - include: - - TEST_GROUP: "@group_suite" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_device-management" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_wallet" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Run e2e tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: develop - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: ${{ matrix.CYPRESS_USE_TREZOR_USER_ENV_BRIDGE }} - CYPRESS_updateSnapshots: false - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{steps.extract_commit_message.outputs.message }} - run: | - yarn install --immutable - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-nightly-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt - - e2e-test-migration-tests: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group_migrations" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Run e2e migration tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: release/22.5 develop - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: 1 - CYPRESS_updateSnapshots: false - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{steps.extract_commit_message.outputs.message }} - run: | - yarn install --immutable - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: - Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-migration-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt - - e2e-test-canary-fws: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group_suite" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_device-management" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_wallet" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Run e2e canary fw tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: develop - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: 1 - CYPRESS_updateSnapshots: false - FIRMWARE: 2-main - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{steps.extract_commit_message.outputs.message }} - run: | - yarn install --immutable - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-canary-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt diff --git a/.github/workflows/test-transport.yml b/.github/workflows/test-transport.yml deleted file mode 100644 index 95cd52195df..00000000000 --- a/.github/workflows/test-transport.yml +++ /dev/null @@ -1,110 +0,0 @@ -name: "[Test] transport e2e" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/transport/**" - - "packages/transport-bridge/**" - - "packages/transport-test/**" - - "packages/protobuf/**" - - "packages/protocol/**" - - "packages/trezor-user-env-link/**" - - "packages/utils/**" - - "docker/docker-compose.transport-test-ci.yml" - - "yarn.lock" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - transport-e2e-test: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: true - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/transport-test - - - name: Setup containers - run: | - docker compose -f ./docker/docker-compose.transport-test-ci.yml pull - docker compose -f ./docker/docker-compose.transport-test-ci.yml up -d - - - name: Run E2E tests (old-bridge:emu) - run: yarn workspace @trezor/transport-test test:e2e:old-bridge:emu - - - name: Run E2E tests (new-bridge:emu) - run: yarn workspace @trezor/transport-test test:e2e:new-bridge:emu - - extract-branch: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - outputs: - branch: ${{ steps.extract_branch.outputs.branch }} - steps: - - name: Extract branch name - id: extract_branch - run: | - BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" - echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT - - build-deploy: - needs: [extract-branch] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ needs.extract-branch.outputs.branch }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - shell: bash - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/transport -A - - - name: Build transport tester - run: | - yarn workspace @trezor/transport-test build:e2e:api:browser - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Upload transport tester - shell: bash - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/transport-test/${{ needs.extract-branch.outputs.branch }} - run: | - echo "DEPLOY_PATH is set to ${DEPLOY_PATH}" - mkdir -p tmp_build_directory - cp -R ./packages/transport-test/e2e/dist/* tmp_build_directory/ - aws s3 sync --delete tmp_build_directory/ "${DEPLOY_PATH}" diff --git a/.github/workflows/update-connect-config.yml b/.github/workflows/update-connect-config.yml deleted file mode 100644 index cc09e52e734..00000000000 --- a/.github/workflows/update-connect-config.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: "[Check] Update Config and Create PR" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - workflow_dispatch: - -jobs: - update-config: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - token: ${{ secrets.TREZOR_BOT_TOKEN }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn install --immutable - - - name: Setup Git config - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - - - name: Check for changes and create PR - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - run: yarn tsx ./scripts/ci/check-connect-data.ts