diff --git a/.github/workflows/build-desktop-apps.yml b/.github/workflows/build-desktop-apps.yml deleted file mode 100644 index 2b5d7013bb1c..000000000000 --- a/.github/workflows/build-desktop-apps.yml +++ /dev/null @@ -1,134 +0,0 @@ -name: "[Build] suite-desktop apps" - -on: - push: - branches: - - develop - paths-ignore: - - "suite-native/**" - - "docs/**" - - "docker/**" - - "ci/**" - - ".vscode/**" - - ".maestro/**" - pull_request: - types: [labeled] - workflow_dispatch: - -env: - DESKTOP_APP_NAME: "Trezor-Suite" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - suite-desktop: - if: (github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'build-desktop') || (github.event_name == 'push' && github.ref == 'refs/heads/develop')) && github.repository == 'trezor/trezor-suite' - name: Build suite-desktop-${{ matrix.platform }} - runs-on: ${{ matrix.os }} - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, macos-14] - include: - - os: ubuntu-latest - platform: linux - - os: macos-14 - platform: mac - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: true - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install missing Python deps (to build bcrypto lib in Node) - if: matrix.os == 'macos-14' - run: brew install python-setuptools - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - - name: Build ${{ matrix.platform }} suite-desktop - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/* . - - - name: Upload suite-desktop production artifacts - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 3 - - - name: Upload suite-desktop mac-arm artifact - if: matrix.os == 'macos-14' - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-mac-arm-dmg - path: | - Trezor-Suite-*-mac-arm64.dmg - retention-days: 3 - - suite-desktop-win: - if: (github.event_name == 'workflow_dispatch' || contains(github.event.pull_request.labels.*.name, 'build-desktop') || (github.event_name == 'push' && github.ref == 'refs/heads/develop')) && github.repository == 'trezor/trezor-suite' - name: Build suite-desktop-win - runs-on: ubuntu-latest - timeout-minutes: 20 - env: - platform: win - container: - image: electronuserland/builder:18-wine - options: --user 1001 - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: true - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - - - name: Build libs - run: | - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - - name: Build ${{env.platform}} suite-desktop - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn workspace @trezor/suite-desktop build:${{env.platform}} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/* . - - - name: Upload suite-desktop production artifacts - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-${{env.platform}} - path: | - Trezor-Suite* - latest*.yml - retention-days: 3 diff --git a/.github/workflows/build-storybook.yml b/.github/workflows/build-storybook.yml deleted file mode 100644 index f1400e80d38d..000000000000 --- a/.github/workflows/build-storybook.yml +++ /dev/null @@ -1,58 +0,0 @@ -name: "[Build] components storybook" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -# run only once a day -on: - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - -env: - DEV_SERVER_URL: "https://dev.suite.sldev.cz" - -jobs: - build-storybook: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/components - yarn workspaces focus @trezor/product-components - - - name: Build storybook - env: - ASSET_PREFIX: /components/develop - run: | - yarn workspace @trezor/components storybook-build - - name: Build product-components storybook - env: - ASSET_PREFIX: /product-components/develop - run: | - yarn workspace @trezor/product-components storybook-build - - - name: Upload suite storybook to dev.suite.sldev.cz - env: - COMPONENTS_DEPLOY_PATH: s3://dev.suite.sldev.cz/components/develop - PRODUCT_COMPONENTS_DEPLOY_PATH: s3://dev.suite.sldev.cz/product-components/develop - run: | - aws s3 sync --delete ./packages/components/.build-storybook ${COMPONENTS_DEPLOY_PATH} - aws s3 sync --delete ./packages/product-components/.build-storybook ${PRODUCT_COMPONENTS_DEPLOY_PATH} diff --git a/.github/workflows/build-suite-web.yml b/.github/workflows/build-suite-web.yml deleted file mode 100644 index d3f89a796791..000000000000 --- a/.github/workflows/build-suite-web.yml +++ /dev/null @@ -1,76 +0,0 @@ -name: "[Build] suite-web" -# this action is for building and deploying the web app to dev.suite.sldev.cz/suite-web/develop/web after code is pushed to develop. - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -# run only if there are changes in suite or related libs paths -on: - push: - branches: - - develop - paths-ignore: - - "suite-native/**" - - "packages/connect*/**" - - "packages/react-native-usb/**" - # ignore unrelated github workflows config files - - ".github/workflows/connect*" - - ".github/workflows/suite-native*" - - ".github/workflows/build-desktop*" - - ".github/workflows/release*" - - ".github/workflows/template*" - -env: - DEV_SERVER_URL: "https://dev.suite.sldev.cz" - -jobs: - build-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - lfs: true - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web @trezor/connect-iframe @trezor/connect-web @trezor/suite-data @trezor/suite-build - - - name: Build suite-web - env: - ASSET_PREFIX: /suite-web/${{ steps.extract_branch.outputs.branch }}/web - DESKTOP_APP_NAME: "Trezor-Suite" - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/connect-iframe build:lib - yarn workspace @trezor/connect-web build - yarn workspace @trezor/suite-web build - # this step should upload build result to s3 bucket dev.suite.sldev.cz using awscli - - name: Upload suite-web to dev.suite.sldev.cz - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/suite-web/${{ steps.extract_branch.outputs.branch }} - run: | - aws s3 sync --delete ./packages/suite-web/build ${DEPLOY_PATH}/web diff --git a/.github/workflows/check-code-validation.yml b/.github/workflows/check-code-validation.yml deleted file mode 100644 index 7d0d06f37aa8..000000000000 --- a/.github/workflows/check-code-validation.yml +++ /dev/null @@ -1,160 +0,0 @@ -name: "[Check] Validation" - -on: [pull_request] - -env: - NX_CLOUD_ACCESS_TOKEN: ${{ secrets.NX_CLOUD_GHACTIONS_TOKEN }} - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - setup-and-cache: - name: Setup and Cache Dependencies - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - name: Get yarn cache directory path - id: yarn-cache-dir-path - run: echo "dir=$(yarn config get cacheFolder)" >> $GITHUB_OUTPUT - - name: Yarn Cache - uses: actions/cache@v4 - with: - path: ${{ steps.yarn-cache-dir-path.outputs.dir }} - key: yarn-cache-folder-${{ hashFiles('**/yarn.lock', '.yarnrc.yml') }} - restore-keys: | - yarn-cache-folder- - # We can skip the build for all dependencies, even for those whitelisted, because this process is used only to validate the yarn.lock file and populate the cache. - - name: Install deps - run: | - yarn --immutable --mode=skip-build - - type-check: - name: Type Checking - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: true - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Type Check - run: yarn nx:type-check --output-style=stream - - lint: - name: Linting and formatting - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - - name: ESlint Cache - uses: actions/cache@v4 - with: - path: | - **/.eslintcache - !**/node_modules - key: ${{ runner.os }}-node-${{ hashFiles('**/.eslintrc.js') }} - - name: Lint JS - run: yarn lint:js --cache-strategy content - - name: Lint Styles - run: yarn nx:lint:styles --output-style=stream - - unit-tests: - name: Unit Tests - needs: setup-and-cache - runs-on: ubuntu-latest - timeout-minutes: 15 - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: true - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Unit Tests - run: yarn nx:test-unit --output-style=stream - - build-libs-for-publishing: - name: "Build libs for publishing" - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: true - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Build Libs - run: yarn nx:build:libs --output-style=stream - - other-checks: - name: Other Checks - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - name: Check Files for Correct Formatting - run: yarn nx format:check - - name: Verify TS Project References - run: yarn verify-project-references - - name: Detect unused dependencies - run: yarn depcheck - - name: Yarn Dedupe check - run: yarn dedupe --check - - name: Check dependency domain lists - run: ./scripts/ci/list-missing-dependencies.sh - - name: Verify Workspace Resolutions - run: yarn check-workspace-resolutions - - name: Msg-system Config Validation - run: yarn workspace @suite-common/message-system validate-config - - name: Translation Duplicates - run: yarn workspace @trezor/suite translations:list-duplicates - - releases-revision-checks: - name: Releases revision Checks - needs: setup-and-cache - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: "Checkout branches for Nx" - uses: ./.github/actions/nx-checkout - - name: "Minimal yarn install" - uses: ./.github/actions/minimal-yarn-install - - - name: Check releases.json files changes - uses: dorny/paths-filter@v3 - id: changes - with: - filters: | - releases-json: - - 'packages/connect-common/files/firmware/t1b1/releases.json' - - 'packages/connect-common/files/firmware/t2t1/releases.json' - if: steps.changes.outputs.releases-json == 'true' - - name: Check releases.json revisions - run: yarn workspace @trezor/connect-common validate-releases.json diff --git a/.github/workflows/check-codeql-analysis.yml b/.github/workflows/check-codeql-analysis.yml deleted file mode 100644 index 06cf9bdeb2a1..000000000000 --- a/.github/workflows/check-codeql-analysis.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: "[Check] CodeQL check" - -on: - push: - branches: [develop, release/*] - pull_request: - branches: [develop] - schedule: - - cron: "34 02 * * 2" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - code-ql-analyze: - if: github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private' - name: Analyze with CodeQL - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: ["javascript"] - - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/check-commit-message.yml b/.github/workflows/check-commit-message.yml deleted file mode 100644 index 84858c13eb81..000000000000 --- a/.github/workflows/check-commit-message.yml +++ /dev/null @@ -1,24 +0,0 @@ -name: "[Check]: Commit messages" - -on: [pull_request] - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - commit-message-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: Fetch base and current branch - run: | - git fetch --no-tags origin ${{ github.base_ref }} --depth=150 - git fetch --no-tags ${{github.event.pull_request.head.repo.clone_url}} ${{ github.head_ref }}:${{ github.head_ref }} --depth=150 - git switch ${{ github.head_ref }} - - - name: Check commit messages - run: ./scripts/check-commit-messages.sh - env: - BASE_BRANCH_NAME: ${{ github.base_ref }} diff --git a/.github/workflows/check-shell-validation.yml b/.github/workflows/check-shell-validation.yml deleted file mode 100644 index ea647da18c07..000000000000 --- a/.github/workflows/check-shell-validation.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: "[Check]: Shell validation" - -on: - pull_request: - paths: - - "**.sh" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - shellcheck: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - - name: shellcheck - run: ./scripts/shellcheck.sh diff --git a/.github/workflows/release-connect-bump-versions.yml b/.github/workflows/release-connect-bump-versions.yml deleted file mode 100644 index acc88ab3a7b2..000000000000 --- a/.github/workflows/release-connect-bump-versions.yml +++ /dev/null @@ -1,56 +0,0 @@ -name: "[Release] connect bump versions" - -on: - workflow_dispatch: - inputs: - semver: - type: choice - description: semver - options: - - patch - - prepatch - - minor - - preminor - - prerelease - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - bump-versions: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - token: ${{ secrets.TREZOR_BOT_TOKEN }} - # Fetch all commit history because Script connect-bump-versions.ts needs them to produce CHANGELOG for packages. - fetch-depth: 0 - # `ref` makes sure that we checkout the branch we are running workflow on. - ref: ${{ github.head_ref }} - # `submodules` are required to run `yarn build:libs`. - submodules: true - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn install - - # The script connect-bump-versions.ts needs to build packages so dependencies are required. - - name: Build dependencies - run: yarn build:libs - - - name: Setup Git config - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - - - name: Check dependencies to update - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - run: | - yarn tsx ./scripts/ci/connect-bump-versions.ts ${{ github.event.inputs.semver }} diff --git a/.github/workflows/release-connect-init.yml b/.github/workflows/release-connect-init.yml deleted file mode 100644 index 0dc2b26db7d7..000000000000 --- a/.github/workflows/release-connect-init.yml +++ /dev/null @@ -1,66 +0,0 @@ -name: "[Release] connect create release branch" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - commit_sha: - description: "The commit SHA to checkout" - required: true - type: string - -jobs: - # Version should have been bumped by now thanks to ./scripts/ci/connect-release-init-npm.js - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - # Checkout the specified commit - ref: ${{ github.event.inputs.commit_sha }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - create-push-release-branch: - needs: [extract-version] - name: "Create release branch for version ${{ needs.extract-version.outputs.version }}" - runs-on: ubuntu-latest - outputs: - branch_name: ${{ steps.push-branch.outputs.branch_name }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - with: - # Ensure the full commit history is available is required to get specific `ref`. - fetch-depth: 0 - # Checkout the specified commit - ref: ${{ github.event.inputs.commit_sha }} - token: ${{ secrets.TREZOR_BOT_TOKEN }} - - - name: Setup Git config - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - - - name: Create and push new branch - env: - BRANCH_NAME: "release/connect/${{ needs.extract-version.outputs.version }}" - run: | - echo ${{ env.BRANCH_NAME }} - git checkout -b ${{ env.BRANCH_NAME }} - git push origin ${{ env.BRANCH_NAME }} diff --git a/.github/workflows/release-connect-npm.yml b/.github/workflows/release-connect-npm.yml deleted file mode 100644 index f2fe86036ba2..000000000000 --- a/.github/workflows/release-connect-npm.yml +++ /dev/null @@ -1,145 +0,0 @@ -name: "[Release] Connect NPM" -on: - workflow_dispatch: - -jobs: - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - sanity-check-version-match: - runs-on: ubuntu-latest - needs: [extract-version] - steps: - - uses: actions/checkout@v4 - - - name: Check connect version match - uses: ./.github/actions/check-connect-version-match - with: - branch_ref: "${{ github.ref }}" - extracted_version: "${{ needs.extract-version.outputs.version }}" - - identify-release-packages: - runs-on: ubuntu-latest - needs: [extract-version, sanity-check-version-match] - outputs: - packagesNeedRelease: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease }} - deploymentType: ${{ steps.determine-deployment-type.outputs.deploymentType }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn install - - - name: Get packages that need release - id: set-packages-need-release - # We want this job to be successfully complete when "no-packages-to-release" since it means that - # there are no dependencies to release so we can continue with "deploy-npm-connect" - run: | - packages=$(yarn tsx ./scripts/ci/get-connect-dependencies-to-release.ts) - if [ "$packages" == "[]" ]; then - echo "packagesNeedRelease=[\"no-packages-to-release\"]" >> $GITHUB_OUTPUT - else - echo "packagesNeedRelease=$packages" >> $GITHUB_OUTPUT - fi - - - name: Determine Deployment Type from version in branch - id: determine-deployment-type - run: echo "deploymentType=$(yarn tsx ./scripts/ci/determine-deployment-type.ts ${{ needs.extract-version.outputs.version }})" >> $GITHUB_OUTPUT - - - name: Sanity Check - All Packages Same Deployment Type - # We do not run this sanity check when no-packages-to-release. - if: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease != '["no-packages-to-release"]' }} - env: - PACKAGES: ${{ steps.set-packages-need-release.outputs.packagesNeedRelease }} - DEPLOYMENT_TYPE: ${{ steps.determine-deployment-type.outputs.deploymentType }} - run: | - yarn tsx ./scripts/ci/check-packages-same-deployment-type.ts '${{ env.PACKAGES }}' "${{ env.DEPLOYMENT_TYPE }}" - - deploy-npm-connect-dependencies: - name: Deploy NPM ${{ needs.identify-release-packages.outputs.deploymentType }} ${{ matrix.package }} - needs: [extract-version, sanity-check-version-match, identify-release-packages] - environment: production-connect - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - package: ${{ fromJson(needs.identify-release-packages.outputs.packagesNeedRelease) }} - steps: - - uses: actions/checkout@v4 - if: matrix.package != 'no-packages-to-release' - with: - ref: develop - - - name: Set deployment type - if: matrix.package != 'no-packages-to-release' - id: set_deployment_type - run: | - if [ "${{ needs.identify-release-packages.outputs.deploymentType }}" == "canary" ]; then - echo "DEPLOYMENT_TYPE=beta" >> $GITHUB_ENV - else - echo "DEPLOYMENT_TYPE=latest" >> $GITHUB_ENV - fi - - - name: Deploy to NPM ${{ matrix.package }} - if: matrix.package != 'no-packages-to-release' - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - uses: ./.github/actions/release-connect-npm - with: - deploymentType: ${{ env.DEPLOYMENT_TYPE }} - packageName: ${{ matrix.package }} - - deploy-npm-connect: - name: Deploy NPM ${{ needs.identify-release-packages.outputs.deploymentType }} ${{ matrix.package }} - # We only deploy connect NPM once dependencies have been deployed successfully. - needs: [identify-release-packages, deploy-npm-connect-dependencies] - environment: production-connect - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - package: ["connect", "connect-web", "connect-webextension"] - steps: - - uses: actions/checkout@v4 - with: - ref: develop - - - name: Set deployment type - id: set_deployment_type - run: | - if [ "${{ needs.identify-release-packages.outputs.deploymentType }}" == "canary" ]; then - echo "DEPLOYMENT_TYPE=beta" >> $GITHUB_ENV - else - echo "DEPLOYMENT_TYPE=latest" >> $GITHUB_ENV - fi - - - name: Deploy to NPM ${{ matrix.package }} - env: - NPM_TOKEN: ${{ secrets.NPM_TOKEN }} - uses: ./.github/actions/release-connect-npm - with: - deploymentType: ${{ env.DEPLOYMENT_TYPE }} - packageName: ${{ matrix.package }} diff --git a/.github/workflows/release-connect-v9-production.yml b/.github/workflows/release-connect-v9-production.yml deleted file mode 100644 index cfe4d62ccb31..000000000000 --- a/.github/workflows/release-connect-v9-production.yml +++ /dev/null @@ -1,111 +0,0 @@ -name: "[Release] connect v9 production" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - deploymentType: - description: "Select the deployment type. (example: canary, stable)" - required: true - type: choice - options: - - canary - - stable - -jobs: - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - check-version-match: - runs-on: ubuntu-latest - needs: [extract-version] - steps: - - uses: actions/checkout@v4 - - - name: Check connect version match - uses: ./.github/actions/check-connect-version-match - with: - branch_ref: "${{ github.ref }}" - extracted_version: "${{ needs.extract-version.outputs.version }}" - - # set the rollback - sync-rollback-connect-v9: - needs: [extract-version, check-version-match] - if: startsWith(github.ref, 'refs/heads/release/connect/') - environment: production-connect - name: "Backing up current production version ${{ needs.extract-version.outputs.version }} to rollback bucket" - runs-on: ubuntu-latest - env: - LATEST_VERSION: 9 - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching rollback bucket with current production - run: | - aws s3 sync "s3://connect.trezor.io/${{ env.LATEST_VERSION }}/" "s3://rollback-connect.trezor.io/${{ env.LATEST_VERSION }}/" - - deploy-production-semantic-version: - needs: [extract-version, check-version-match] - if: startsWith(github.ref, 'refs/heads/release/connect/') - environment: production-connect - name: "Deploying to connect.trezor.io/9.x.x" - runs-on: ubuntu-latest - env: - CURRENT_VERSION: ${{ needs.extract-version.outputs.version }} - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching production bucket with current staging - run: | - aws s3 sync --delete --cache-control 'public, max-age=3600' "s3://staging-connect.trezor.io/${{ env.CURRENT_VERSION }}/" "s3://connect.trezor.io/${{ env.CURRENT_VERSION }}/" - aws cloudfront create-invalidation --distribution-id E3LVNAOGT94E37 --paths '/*' - - # From staging move it to production - deploy-production-v9: - # We deploy to production only if rollback sync was successful. - needs: [extract-version, check-version-match, sync-rollback-connect-v9] - if: startsWith(github.ref, 'refs/heads/release/connect/') && github.event.inputs.deploymentType == 'stable' - environment: production-connect - name: "Deploying to connect.trezor.io/9/" - runs-on: ubuntu-latest - env: - LATEST_VERSION: 9 - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching production bucket with current staging - run: | - aws s3 sync --delete --cache-control 'public, max-age=3600' "s3://staging-connect.trezor.io/${{ env.LATEST_VERSION }}/" "s3://connect.trezor.io/${{ env.LATEST_VERSION }}/" - aws cloudfront create-invalidation --distribution-id E3LVNAOGT94E37 --paths '/*' diff --git a/.github/workflows/release-connect-v9-rollback.yml b/.github/workflows/release-connect-v9-rollback.yml deleted file mode 100644 index 6a82d7d1d2bd..000000000000 --- a/.github/workflows/release-connect-v9-rollback.yml +++ /dev/null @@ -1,27 +0,0 @@ -name: "[Release] connect v9 rollback" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - -jobs: - rollback-connect-production: - if: startsWith(github.ref, 'refs/heads/release/connect/') - environment: production-connect - name: "Create rollback copy of connect.trezor.io" - runs-on: ubuntu-latest - env: - LATEST_VERSION: 9 - steps: - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_connect_prod_deploy - aws-region: eu-central-1 - - - name: Synching production bucket with rollback - run: | - aws s3 sync --delete s3://rollback-connect.trezor.io/9${{ env.LATEST_VERSION }}/ s3://connect.trezor.io/${{ env.LATEST_VERSION }}/ diff --git a/.github/workflows/release-connect-v9-staging.yml b/.github/workflows/release-connect-v9-staging.yml deleted file mode 100644 index b2d82b543ad9..000000000000 --- a/.github/workflows/release-connect-v9-staging.yml +++ /dev/null @@ -1,101 +0,0 @@ -name: "[Release] connect v9 staging" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - -jobs: - # Version should have been bumped by now thanks to ./scripts/ci/connect-release-init-npm.js - extract-version: - runs-on: ubuntu-latest - outputs: - version: ${{ steps.set-version.outputs.version }} - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - # Number of commits to fetch. 0 indicates all history for all branches and tags. - fetch-depth: 0 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract connect version - id: set-version - run: echo "version=$(node ./scripts/ci/get-connect-version.js)" >> $GITHUB_OUTPUT - - check-version-match: - runs-on: ubuntu-latest - needs: [extract-version] - steps: - - uses: actions/checkout@v4 - - - name: Check connect version match - uses: ./.github/actions/check-connect-version-match - with: - branch_ref: "${{ github.ref }}" - extracted_version: "${{ needs.extract-version.outputs.version }}" - - # This job deploys to staging-connect.trezor.io/9.x.x - deploy-staging-semantic-version: - needs: [extract-version, check-version-match] - environment: staging-connect - name: "Deploying to staging-connect.trezor.io/${{ needs.extract-version.outputs.version }}" - runs-on: ubuntu-latest - # Branch should have been created by workflow .github/workflows/release-connect-v9-init.yml - if: startsWith(github.ref, 'refs/heads/release/connect/') - steps: - - uses: actions/checkout@v4 - with: - ref: release/connect/${{ needs.extract-version.outputs.version }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Build and deploy to staging-connect.trezor.io/9.x.x - uses: ./.github/actions/release-connect - with: - awsRoleToAssume: "arn:aws:iam::538326561891:role/gh_actions_connect_staging_deploy" - awsRegion: "eu-central-1" - serverHostname: "staging-connect.trezor.io" - serverPath: ${{ needs.extract-version.outputs.version }} - buildArtifacts: "true" - uploadArtifacts: "true" - nodeEnv: "production" - - # This job deploys to staging-connect.trezor.io/9 - deploy-staging-v9: - needs: [extract-version, check-version-match] - environment: staging-connect - name: "Deploying to staging-connect.trezor.io/9" - runs-on: ubuntu-latest - # Branch should have been created by workflow .github/workflows/release-connect-v9-init.yml - if: startsWith(github.ref, 'refs/heads/release/connect/') - steps: - - uses: actions/checkout@v4 - with: - ref: release/connect/${{ needs.extract-version.outputs.version }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Build and deploy to staging-connect.trezor.io/9 - uses: ./.github/actions/release-connect - with: - awsRoleToAssume: "arn:aws:iam::538326561891:role/gh_actions_connect_staging_deploy" - awsRegion: "eu-central-1" - serverHostname: "staging-connect.trezor.io" - serverPath: "9" - nodeEnv: "production" - # don't upload artifacts in both jobs, this causes a conflict - buildArtifacts: "false" - uploadArtifacts: "false" diff --git a/.github/workflows/release-suite-coin-icons.yml b/.github/workflows/release-suite-coin-icons.yml deleted file mode 100644 index 26f6ca48b0bb..000000000000 --- a/.github/workflows/release-suite-coin-icons.yml +++ /dev/null @@ -1,44 +0,0 @@ -name: "[Release] suite coin icons" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - release-coin-icons: - environment: production-icons - runs-on: ubuntu-latest - env: - AWS_REGION: "eu-central-1" - AWS_CLOUDFRONT_ID: E1ERY5K2OTKKI1 - COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Download crypto icons - run: | - yarn install - cd suite-common/icons-deprecated - yarn download-crypto-icons - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production_icons - aws-region: ${{ env.AWS_REGION }} - - - name: Upload crypto icons - run: | - aws s3 sync suite-common/icons-deprecated/files/cryptoIcons s3://data.trezor.io/suite/icons/coins - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/suite/icons/coins/*' diff --git a/.github/workflows/release-suite-definitions.yml b/.github/workflows/release-suite-definitions.yml deleted file mode 100644 index af1d7d8b3f9f..000000000000 --- a/.github/workflows/release-suite-definitions.yml +++ /dev/null @@ -1,89 +0,0 @@ -name: "[Release] suite definitions" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - environment: - description: "Release definitions environment" - type: choice - options: - - develop-definitions - - production-definitions - required: true - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - release-suite-definitions: - environment: ${{ github.event.inputs.environment }} - runs-on: ubuntu-latest - env: - AWS_REGION: "eu-central-1" - AWS_CLOUDFRONT_ID: E1ERY5K2OTKKI1 - COINGECKO_API_KEY: ${{ secrets.COINGECKO_API_KEY }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ github.event.inputs.environment == 'develop-definitions' && 'arn:aws:iam::538326561891:role/gh_actions_suite_develop_definitions' || 'arn:aws:iam::538326561891:role/gh_actions_suite_production_definitions' }} - aws-region: ${{ env.AWS_REGION }} - - - name: Build and sign ${{ github.event.inputs.environment }} token-definitions - if: ${{ github.event.inputs.environment == 'develop-definitions' && github.ref == 'refs/heads/develop' }} - run: | - yarn install - cd suite-common/token-definitions - yarn nfts simple ethereum jws - yarn nfts simple polygon-pos jws - yarn nfts simple binance-smart-chain jws - yarn nfts simple optimistic-ethereum jws - yarn coins simple ethereum jws - yarn coins simple ethereum-classic jws - yarn coins simple polygon-pos jws - yarn coins simple binance-smart-chain jws - yarn coins simple optimistic-ethereum jws - yarn coins simple cardano jws - yarn coins simple solana jws - yarn coins advanced solana json - - - name: Build and sign ${{ github.event.inputs.environment }} token-definitions files - if: ${{ github.event.inputs.environment == 'production-definitions' && github.ref == 'refs/heads/develop' }} - env: - IS_CODESIGN_BUILD: "true" - JWS_PRIVATE_KEY_ENV: ${{ secrets.JWS_PRIVATE_KEY_ENV }} - run: | - yarn install - cd suite-common/token-definitions - yarn nfts simple ethereum jws - yarn nfts simple polygon-pos jws - yarn nfts simple binance-smart-chain jws - yarn nfts simple optimistic-ethereum jws - yarn coins simple ethereum jws - yarn coins simple ethereum-classic jws - yarn coins simple polygon-pos jws - yarn coins simple binance-smart-chain jws - yarn coins simple optimistic-ethereum jws - yarn coins simple cardano jws - yarn coins simple solana jws - yarn coins advanced solana json - - - name: Upload ${{ github.event.inputs.environment }} token-definitions files - if: ${{ github.ref == 'refs/heads/develop' }} - run: | - if [ '${{ github.event.inputs.environment }}' == 'production-definitions' ] - then - aws s3 sync --delete suite-common/token-definitions/files/ s3://data.trezor.io/suite/definitions/stable/ --cache-control no-cache - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/suite/definitions/stable/*' - else - aws s3 sync --delete suite-common/token-definitions/files/ s3://data.trezor.io/suite/definitions/develop/ --cache-control no-cache - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/suite/definitions/develop/*' - fi diff --git a/.github/workflows/release-suite-desktop-web-production.yml b/.github/workflows/release-suite-desktop-web-production.yml deleted file mode 100644 index 4f966cd2748a..000000000000 --- a/.github/workflows/release-suite-desktop-web-production.yml +++ /dev/null @@ -1,118 +0,0 @@ -name: "[Release] publish suite-desktop and suite-web production" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - inputs: - publishWebProduction: - description: "Publish Suite web production." - required: false - type: boolean - default: false - publishDesktopProduction: - description: "Publish Suite desktop production" - required: false - type: boolean - default: false - desktopReleaseChannel: - description: "Release channel for Suite desktop auto-update" - required: false - type: choice - options: - - canary - - latest - updateStagingPercentage: - description: "Suite desktop auto-update percentage" - required: false - type: boolean - default: false - setStagingPercentage: - description: "Number between 0 and 100." - required: false - type: string - -jobs: - sync-canary-suite-desktop: - if: ${{ github.event.inputs.publishDesktopProduction == 'true' && github.event.inputs.desktopReleaseChannel == 'canary' && github.repository == 'trezor/trezor-suite-release' }} - name: "Syncing suite-desktop canary" - environment: suite-production - runs-on: ubuntu-latest - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Sync suite-desktop canary - run: | - aws s3 sync --delete s3://staging-data.trezor.io/suite/releases/desktop/canary/ s3://data.trezor.io/suite/releases/desktop/canary/ - aws cloudfront create-invalidation --distribution-id E1ERY5K2OTKKI1 --paths "/suite/releases/desktop/canary/*" - - sync-latest-suite-desktop: - if: ${{ github.event.inputs.publishDesktopProduction == 'true' && github.event.inputs.desktopReleaseChannel == 'latest' && github.repository == 'trezor/trezor-suite-release' }} - name: "Syncing suite-desktop latest" - environment: suite-production - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Sync suite-desktop latest - run: | - aws s3 sync --delete s3://staging-data.trezor.io/suite/releases/desktop/latest/ s3://data.trezor.io/suite/releases/desktop/latest/ - aws cloudfront create-invalidation --distribution-id E1ERY5K2OTKKI1 --paths "/suite/releases/desktop/latest/*" - - sync-staging-website: - if: ${{ github.event.inputs.publishWebProduction == 'true' && github.repository == 'trezor/trezor-suite-release' }} - name: "Syncing suite-web staging to production" - environment: suite-production - runs-on: ubuntu-latest - steps: - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Sync suite-web staging to production - run: | - aws s3 sync s3://staging-suite.trezor.io s3://suite.trezor.io - aws cloudfront create-invalidation --distribution-id E4TDVEWU4P4CY --paths "/*" - - update-prod-staging-percentage: - if: ${{ github.event.inputs.updateStagingPercentage == 'true' && github.repository == 'trezor/trezor-suite-release' }} - name: "Update staging percentage" - environment: suite-production - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - - name: Update staging percentage - run: | - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest.yml . - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest-mac.yml . - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest-linux.yml . - aws s3 cp s3://data.trezor.io/suite/releases/desktop/latest/latest-linux-arm64.yml . - ./scripts/ci/set-staging-percentage.sh ${{ github.event.inputs.setStagingPercentage }} - aws s3 cp latest.yml s3://data.trezor.io/suite/releases/desktop/latest/latest.yml - aws s3 cp latest-mac.yml s3://data.trezor.io/suite/releases/desktop/latest/latest-mac.yml - aws s3 cp latest-linux.yml s3://data.trezor.io/suite/releases/desktop/latest/latest-linux.yml - aws s3 cp latest-linux-arm64.yml s3://data.trezor.io/suite/releases/desktop/latest/latest-linux-arm64.yml - - name: Invalidate CloudFront cache - run: | - aws cloudfront create-invalidation --distribution-id E1ERY5K2OTKKI1 --paths "/suite/releases/desktop/latest/*" diff --git a/.github/workflows/release-suite-desktop-web-staging.yml b/.github/workflows/release-suite-desktop-web-staging.yml deleted file mode 100644 index b57ece22fd05..000000000000 --- a/.github/workflows/release-suite-desktop-web-staging.yml +++ /dev/null @@ -1,301 +0,0 @@ -name: "[Release] suite-desktop and suite-web staging" - -on: - workflow_dispatch: - inputs: - createTestRelease: - description: "Create a test auto-update release" - required: false - type: boolean - default: false - -env: - IS_CODESIGN_BUILD: "true" - DESKTOP_APP_NAME: "Trezor-Suite" - APPLEID: ${{ secrets.APPLEID }} - APPLEIDPASS: ${{ secrets.APPLEIDPASS }} - APPLETEAMID: ${{ secrets.APPLETEAMID }} - CSC_KEY_PASSWORD: ${{ secrets.CSC_KEY_PASSWORD }} - CSC_LINK: ${{ secrets.CSC_LINK }} - GPG_CSC_KEY_PASSWORD: ${{ secrets.GPG_CSC_KEY_PASSWORD }} - GPG_CSC_LINK: ${{ secrets.GPG_CSC_LINK }} - GPG_CSC_USERID: ${{ secrets.GPG_CSC_USERID }} - JWS_PRIVATE_KEY_ENV: ${{ secrets.JWS_PRIVATE_KEY_ENV }} - WIN_CSC_KEY_PASSWORD: ${{ secrets.WIN_CSC_KEY_PASSWORD }} - WIN_CSC_LINK: ${{ secrets.WIN_CSC_LINK }} - WINDOWS_SIGN_TOKEN_PASSWORD: ${{ secrets.WINDOWS_SIGN_TOKEN_PASSWORD }} - WINDOWS_SIGN_CERTIFICATE_NAME: ${{ secrets.WINDOWS_SIGN_CERTIFICATE_NAME }} - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -concurrency: - group: ${{ github.workflow }}-$${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - suite-desktop: - environment: suite-production - if: github.repository == 'trezor/trezor-suite-release' - name: Build suite-desktop-${{ matrix.platform }} - runs-on: ${{ matrix.os }} - timeout-minutes: 40 - strategy: - fail-fast: false - matrix: - include: - - os: macos-sign - platform: linux - - os: macos-sign - platform: mac - - os: macos-sign-win-token - platform: win - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: recursive - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - name: Build ${{ matrix.platform }} suite-desktop - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/* . - - name: Upload suite-desktop production artifacts - uses: actions/upload-artifact@v4 - with: - name: suite-desktop-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 7 - - suite-desktop-github-release: - if: github.repository == 'trezor/trezor-suite-release' - name: Create GitHub draft release - environment: suite-production - runs-on: ubuntu-latest - needs: suite-desktop - steps: - - name: Checkout code - uses: actions/checkout@v4 - # checkout is only needed for the version number for draft release - - name: Download suite-desktop apps - uses: actions/download-artifact@v4 - with: - pattern: suite-desktop-* - merge-multiple: true - path: ./ - - - name: Create GitHub draft release - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - run: | - gh config set prompt disabled - VERSION=$(jq -r .suiteVersion packages/suite/package.json) - gh release create --repo trezor/trezor-suite --draft v${VERSION} --title "v${VERSION}" ./Trezor-Suite* latest* - - suite-desktop-autoupdate-release: - if: github.repository == 'trezor/trezor-suite-release' - name: Release suite-desktop auto-update to staging data.trezor.io - environment: suite-production - runs-on: ubuntu-latest - needs: suite-desktop - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - name: Download suite-desktop apps - uses: actions/download-artifact@v4 - with: - pattern: suite-desktop-* - merge-multiple: true - path: ./trezor-suite-files - - - name: Upload suite-desktop to staging-data.trezor.io canary - # uploads the files to the staging bucket canary folder (canary does not have staging percentage set) - run: | - aws s3 sync --delete ./trezor-suite-files s3://staging-data.trezor.io/suite/releases/desktop/canary - - - name: Set staging percentage - working-directory: - run: cd ./trezor-suite-files && ../scripts/ci/set-staging-percentage.sh 20 - - - name: Upload suite-desktop to staging-data.trezor.io latest - run: | - VERSION=$(jq -r .suiteVersion packages/suite/package.json) - aws s3 sync --delete ./trezor-suite-files s3://staging-data.trezor.io/suite/releases/desktop/latest - aws s3 sync --delete s3://staging-data.trezor.io/suite/releases/desktop/latest/ s3://staging-data.trezor.io/suite/releases/desktop/v${VERSION}/ - - build-web: - if: github.repository == 'trezor/trezor-suite-release' - name: Build suite-web and deploy to staging-suite.trezor.io - environment: suite-production - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - lfs: true - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web @trezor/connect-iframe @trezor/connect-web @trezor/suite-data @trezor/suite-build - - - name: Build suite-web - env: - ASSET_PREFIX: /web - STAGING_SUITE_SERVER_URL: https://staging-suite.trezor.io - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/connect-iframe build:lib - yarn workspace @trezor/connect-web build - yarn workspace @trezor/suite-web build - - # this step should upload build result to s3 bucket staging-suite.trezor.io using awscli - - name: Upload suite-web to staging-suite.trezor.io - run: | - cd packages/suite-web - ./scripts/s3sync.sh staging-suite - - create-test-releases: - if: github.repository == 'trezor/trezor-suite-release' && github.event.inputs.createTestRelease == 'true' - name: Create test versions for autoupdate sudite-desktop - environment: suite-production - needs: - - suite-desktop - - suite-desktop-github-release - - suite-desktop-autoupdate-release - - build-web - runs-on: ${{ matrix.os }} - timeout-minutes: 20 - strategy: - fail-fast: false - matrix: - include: - - os: macos-sign - platform: linux - - os: macos-sign - platform: mac - - os: macos-sign-win-token - platform: win - steps: - - name: Checkout code - uses: actions/checkout@v4 - with: - lfs: true - submodules: recursive - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - - name: Prepare versions for autoupdate - id: prepare-versions - run: | - sed -E 's/"suiteVersion": "([0-9]+)\.([0-9]+)\.([0-9]+)"/"suiteVersion": "0.\1.\2"/' packages/suite/package.json > version0.json - sed -E 's/"suiteVersion": "2([0-9]+)\.([0-9]+)\.([0-9]+)"/"suiteVersion": "3\1.\2.\3"/' packages/suite/package.json > version3.json - echo "VERSION0=$(jq -r .suiteVersion version0.json)" >> $GITHUB_OUTPUT - echo "VERSION3=$(jq -r .suiteVersion version3.json)" >> $GITHUB_OUTPUT - - - name: Build ${{ matrix.platform }} suite-desktop autoupdate version 0.xx.x - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - mv version0.json packages/suite/package.json - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/Trezor-Suite* . - mv packages/suite-desktop/build-electron/latest*.yml . - - - name: Upload suite-desktop autoupdate version 0.xx.x artifacts - uses: actions/upload-artifact@v4 - with: - name: AUTOUPDATE-TEST-suite-desktop-${{steps.prepare-versions.outputs.VERSION0}}-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 3 - - - name: Remove suite-desktop autoupdate version 0.xx.x before building version 3x.x.x - run: | - rm -rf Trezor-Suite* - rm -rf latest*.yml - - - name: Build ${{ matrix.platform }} suite-desktop autoupdate version 3x.x.x - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - run: | - mv version3.json packages/suite/package.json - yarn workspace @trezor/suite-desktop build:${{ matrix.platform }} - bash packages/suite-desktop-core/scripts/gnupg-sign.sh - mv packages/suite-desktop/build-electron/Trezor-Suite* . - mv packages/suite-desktop/build-electron/latest*.yml . - - - name: Upload suite-desktop autoupdate version 3x.x.x artifacts - uses: actions/upload-artifact@v4 - with: - name: AUTOUPDATE-TEST-suite-desktop-${{steps.prepare-versions.outputs.VERSION3}}-${{ matrix.platform }} - path: | - Trezor-Suite* - latest*.yml - retention-days: 1 - - suite-desktop-autoupdate-test-upload: - if: github.repository == 'trezor/trezor-suite-release' && github.event.inputs.createTestRelease == 'true' - name: Upload suite-desktop autoupdate test versions - environment: suite-production - runs-on: runner-deploy1 - needs: create-test-releases - steps: - - name: Checkout code - uses: actions/checkout@v4 - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_suite_production - aws-region: eu-central-1 - - name: Download suite-desktop apps - uses: actions/download-artifact@v4 - with: - pattern: AUTOUPDATE-TEST-suite-desktop-34* - merge-multiple: true - path: /home/github-runner/files/trezor-suite-release/autoupdate-test/ diff --git a/.github/workflows/release-suite-message-system-config.yml b/.github/workflows/release-suite-message-system-config.yml deleted file mode 100644 index 03163e472c16..000000000000 --- a/.github/workflows/release-suite-message-system-config.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: "[Release] suite message system config" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - release-config: - if: ${{ github.repository == 'trezor/trezor-suite' && (github.ref == 'refs/heads/release-message-system-production' || github.ref == 'refs/heads/release-message-system-develop') }} - environment: ${{ github.ref == 'refs/heads/release-message-system-production' && 'production-message' || 'develop-message' }} - runs-on: ubuntu-latest - env: - RELEASE_ENV: ${{ github.ref == 'refs/heads/release-message-system-production' && 'production' || 'develop' }} - AWS_REGION: "eu-central-1" - AWS_CLOUDFRONT_ID: E1ERY5K2OTKKI1 - ROLE_TO_ASSUME: ${{ github.ref == 'refs/heads/release-message-system-production' && 'arn:aws:iam::538326561891:role/gh_actions_suite_production_message' || 'arn:aws:iam::538326561891:role/gh_actions_suite_develop_message' }} - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ env.ROLE_TO_ASSUME }} - aws-region: ${{ env.AWS_REGION }} - - - name: Build and sign ${{ env.RELEASE_ENV }} message-system config file - env: - IS_CODESIGN_BUILD: ${{ env.RELEASE_ENV == 'production' && 'true' || 'false' }} - JWS_PRIVATE_KEY_ENV: ${{ secrets.JWS_PRIVATE_KEY_ENV }} - run: | - yarn install - yarn message-system-sign-config - - - name: Upload ${{ env.RELEASE_ENV }} message-system config file - run: | - aws s3 cp suite-common/message-system/files/config.v1.jws s3://data.trezor.io/config/${{ env.RELEASE_ENV == 'production' && 'stable' || 'develop'}}/config.v1.jws --cache-control no-cache - aws cloudfront create-invalidation --distribution-id ${AWS_CLOUDFRONT_ID} --paths '/config/${{ env.RELEASE_ENV == 'production' && 'stable' || 'develop'}}/*' diff --git a/.github/workflows/release-suite-native-develop.yml b/.github/workflows/release-suite-native-develop.yml deleted file mode 100644 index abc5daa98a05..000000000000 --- a/.github/workflows/release-suite-native-develop.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: "[Release] suite-native develop" - -on: - push: - branches: - - develop - paths: - - "suite-native/**" - - "suite-common/**" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - build: - if: github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private' - name: Install and build - environment: develop-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: latest - token: ${{ secrets.EXPO_TOKEN }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - name: Build on EAS Android - run: eas build - --platform android - --profile develop - --non-interactive - --no-wait - --message ${{ github.sha }} - working-directory: suite-native/app - - name: Build on EAS iOS - run: eas build - --platform ios - --profile develop - --non-interactive - --auto-submit - --no-wait - --message ${{ github.sha }} - working-directory: suite-native/app diff --git a/.github/workflows/release-suite-native-production.yml b/.github/workflows/release-suite-native-production.yml deleted file mode 100644 index 91f682b2f4c0..000000000000 --- a/.github/workflows/release-suite-native-production.yml +++ /dev/null @@ -1,103 +0,0 @@ -name: "[Release] suite-native production" - -on: - workflow_dispatch: - inputs: - PLATFORM: - type: choice - options: - - All - - iOS - - Android - - Android APK - description: Select platform to run build - required: true - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - ios: - if: ${{ (github.event.inputs.PLATFORM == 'iOS' || github.event.inputs.PLATFORM == 'All') && (github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private') }} - name: Build and release iOS - environment: production-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: latest - token: ${{ secrets.EXPO_TOKEN }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - name: Build on EAS iOS - run: eas build - --platform ios - --profile production - --non-interactive - --auto-submit - --message ${{ github.sha }} - working-directory: suite-native/app - android: - if: ${{ github.event.inputs.PLATFORM == 'Android' || github.event.inputs.PLATFORM == 'All' && (github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private') }} - name: Build and release Android - environment: production-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: latest - token: ${{ secrets.EXPO_TOKEN }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - name: Build on EAS Android - run: eas build - --platform android - --profile production - --non-interactive - --auto-submit - --message ${{ github.sha }} - working-directory: suite-native/app - androidAPK: - if: ${{ github.event.inputs.PLATFORM == 'Android APK' || github.event.inputs.PLATFORM == 'All' && (github.repository == 'trezor/trezor-suite' || github.repository == 'trezor/trezor-suite-private') }} - name: Build Android APK to GH releases - environment: production-suite-native - runs-on: ubuntu-latest - env: - SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - name: Setup EAS - uses: expo/expo-github-action@v8 - with: - eas-version: latest - token: ${{ secrets.EXPO_TOKEN }} - - name: Install libs - run: yarn workspaces focus @suite-native/app - - name: Build on EAS Android - run: eas build - --platform android - --profile productionAPK - --non-interactive - --message ${{ github.sha }} - working-directory: suite-native/app diff --git a/.github/workflows/template-connect-popup-test-params.yml b/.github/workflows/template-connect-popup-test-params.yml deleted file mode 100644 index a1e3ad315c1a..000000000000 --- a/.github/workflows/template-connect-popup-test-params.yml +++ /dev/null @@ -1,214 +0,0 @@ -name: "[Template] connect-popup test params" - -on: - workflow_call: - inputs: - testName: - description: "Test name to be run (e.g. `analytics` or `popup-close`)" - type: "string" - required: true - serverHostname: - description: "URL used by popup connect tests (e.g. dev.suite.sldev.cz)" - type: "string" - required: true - runWebextension: - description: "Flag to indicate whether to run the webextension job" - type: "boolean" - required: false - default: false - runWeb: - description: "Flag to indicate whether to run the web job" - type: "boolean" - required: false - default: true - runCoreInPopup: - description: "Flag to indicate whether to run the core-in-popup job" - type: "boolean" - required: false - default: false - buildOverview: - description: "Flag to indicate whether to build connect-popup-overview.html" - type: "boolean" - required: false - default: false - -jobs: - web: - name: web - runs-on: ubuntu-latest - if: ${{ inputs.runWeb }} - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - - name: Extract branch name - run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - id: extract_branch - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-popup - - - name: Run connect popup test - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - # skip settings page, this url is set at build time anyway - #TREZOR_CONNECT_SRC: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_JOB_NAME: ${{ inputs.testName }}-${{ github.run_attempt }} - run: | - ./docker/docker-connect-popup-ci.sh ${{ inputs.testName }} - - - name: Prepare static overview - if: ${{ inputs.buildOverview }} - run: | - echo "Preparing static overview" - mkdir -p tmp_overview_directory - cp -R ./packages/connect-popup/e2e/screenshots/* tmp_overview_directory/ - cp packages/connect-popup/connect-popup-overview.html tmp_overview_directory/connect-popup-overview.html - - - name: Upload static overview artifact - uses: actions/upload-artifact@v4 - if: ${{ inputs.buildOverview }} - with: - name: core-in-popup-static-overview-${{ inputs.testName }}-${{ github.run_attempt }} - path: | - tmp_overview_directory/ - - - name: Upload artifacts - if: failure() - uses: actions/upload-artifact@v4 - with: - name: web-test-artifacts-${{ inputs.testName }}-${{ github.run_attempt }}-${{ github.run_id }} - path: | - packages/connect-popup/test-results - - - name: Check Test Success - run: | - # If there is `test-results` it means it has failed. - if [ -f "packages/connect-popup/test-results" ]; then - echo "Tests failed" - exit 1 - fi - - webextension: - name: webextension - runs-on: ubuntu-latest - if: ${{ inputs.runWebextension }} - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - - name: Extract branch name - run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - id: extract_branch - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-popup - - - name: Download artifact from build - uses: actions/download-artifact@v4 - with: - name: connect-explorer-webextension-${{ inputs.serverHostname }} - path: | - packages/connect-explorer/build-webextension - - - name: Build example webextension - if: ${{ inputs.testName == 'webextension-example.test' }} - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - run: | - yarn workspace @trezor/connect-web build:webextension - yarn workspace @trezor/connect-web build:inline - node packages/connect-examples/update-webextensions.js --trezor-connect-src "${URL}" --npm-src "${URL}trezor-connect.js" - - - name: Run connect popup test - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - #TREZOR_CONNECT_SRC: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - IS_WEBEXTENSION: true - run: | - ./docker/docker-connect-popup-ci.sh ${{ inputs.testName }} - - - name: Upload artifacts - # We upload test artifacts only if it fails and we use it to `Check Test Success` in next step. - if: failure() - uses: actions/upload-artifact@v4 - with: - name: webextension-test-artifacts-${{ inputs.testName }}-${{ github.run_attempt }}-${{ github.run_id }} - path: | - packages/connect-popup/test-results - - - name: Check Test Success - run: | - # If there is `test-results` it means it has failed. - if [ -f "packages/connect-popup/test-results" ]; then - echo "Tests failed" - exit 1 - fi - - core_in_popup: - name: core_in_popup - runs-on: ubuntu-latest - if: ${{ inputs.runCoreInPopup }} - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - - name: Extract branch name - run: echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - id: extract_branch - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-popup - - - name: Run connect popup test - env: - URL: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/?core-mode=popup - CORE_IN_POPUP: true - # skip settings page, this url is set at build time anyway - #TREZOR_CONNECT_SRC: https://${{ inputs.serverHostname }}/connect/${{ steps.extract_branch.outputs.branch }}/ - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_JOB_NAME: ${{ inputs.testName }}-${{ github.run_attempt }} - run: | - ./docker/docker-connect-popup-ci.sh ${{ inputs.testName }} - - - name: Prepare static overview - if: ${{ inputs.buildOverview }} - run: | - echo "Preparing static overview" - mkdir -p tmp_overview_directory - cp -R ./packages/connect-popup/e2e/screenshots/* tmp_overview_directory/ - cp packages/connect-popup/connect-popup-overview.html tmp_overview_directory/connect-popup-overview.html - - - name: Upload static overview artifact - uses: actions/upload-artifact@v4 - if: ${{ inputs.buildOverview }} - with: - name: static-overview-${{ inputs.testName }}-${{ github.run_attempt }} - path: | - tmp_overview_directory/ - - - name: Upload artifacts - if: failure() - uses: actions/upload-artifact@v4 - with: - name: core-in-popup-test-artifacts-${{ inputs.testName }}-${{ github.run_attempt }}-${{ github.run_id }} - path: | - packages/connect-popup/test-results - - - name: Check Test Success - run: | - # If there is `test-results` it means it has failed. - if [ -f "packages/connect-popup/test-results" ]; then - echo "Tests failed" - exit 1 - fi diff --git a/.github/workflows/template-connect-test-params.yml b/.github/workflows/template-connect-test-params.yml deleted file mode 100644 index c95e9eec5ae4..000000000000 --- a/.github/workflows/template-connect-test-params.yml +++ /dev/null @@ -1,107 +0,0 @@ -name: "[Template] connect unit" -on: - workflow_call: - inputs: - methods: - description: "List of methods to include in tests (example: applySettings,applyFlags,getFeatures)" - type: "string" - required: false - testPattern: - description: "Test pattern to use (example: `init` or `methods`)" - type: "string" - required: true - testsFirmware: - description: "Firmware version for the tests (example: 2-latest, 2.2.0, 2-main)" - type: "string" - required: false - default: "2-latest" - testFirmwareModel: - description: "Firmware model for the tests (example: T3T1)" - type: "string" - required: false - nodeEnvironment: - description: "Should the test run on nodejs environment, it runs by default." - type: "boolean" - required: false - default: true - webEnvironment: - description: "Should the test run on web environment, it runs by default." - type: "boolean" - required: false - default: true - testDescription: - description: "A description to make test title more descriptive (example: T3T1-latest)" - type: "string" - required: false - default: "" - testRandomizedOrder: - description: "Tests will be run in randomized order" - type: "boolean" - required: false - default: false - -jobs: - node: - name: "node-${{ inputs.testDescription }}" - runs-on: ubuntu-latest - if: ${{ inputs.nodeEnvironment }} - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - # todo: ideally do not install everything. possibly only devDependencies could be enough for testing (if there was not for building libs)? - - run: sed -i "/\"node\"/d" package.json - - run: yarn install - # nightly test - run without cached txs - - if: ${{ github.event_name == 'schedule' }} - run: echo "ADDITIONAL_ARGS=-c" >> "$GITHUB_ENV" - - if: ${{ inputs.testFirmwareModel }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -m ${{ inputs.testFirmwareModel }}" >> "$GITHUB_ENV" - - if: ${{ inputs.methods }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -i ${{ inputs.methods }}" >> "$GITHUB_ENV" - - if: ${{ inputs.testRandomizedOrder }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -r" >> "$GITHUB_ENV" - - run: './docker/docker-connect-test.sh node -p "${{ inputs.testPattern }}" -f "${{ inputs.testsFirmware }}" $ADDITIONAL_ARGS' - - web: - name: "web-${{ inputs.testDescription }}" - runs-on: ubuntu-latest - if: ${{ inputs.webEnvironment }} - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - # Install dependencies only for @trezor/connect package - - run: yarn workspaces focus @trezor/connect - - name: Retrieve build connect-web - uses: actions/download-artifact@v4 - with: - name: build-artifact-connect-web - path: packages/connect-web/build - - name: Retrieve build connect-iframe - uses: actions/download-artifact@v4 - with: - name: build-artifact-connect-iframe - path: packages/connect-iframe/build - - run: cd packages/connect-iframe && tree . - - name: "Echo download path" - run: echo ${{steps.download.outputs.download-path}} - - if: ${{ github.event_name == 'schedule' }} - run: echo "ADDITIONAL_ARGS=-c" >> "$GITHUB_ENV" - - if: ${{ inputs.testFirmwareModel }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -m ${{ inputs.testFirmwareModel }}" >> "$GITHUB_ENV" - - if: ${{ inputs.methods }} - run: echo "ADDITIONAL_ARGS=$ADDITIONAL_ARGS -i ${{ inputs.methods }}" >> "$GITHUB_ENV" - - run: './docker/docker-connect-test.sh web -p "${{ inputs.testPattern }}" -f "${{ inputs.testsFirmware }}" $ADDITIONAL_ARGS' diff --git a/.github/workflows/test-blockchain-link.yml b/.github/workflows/test-blockchain-link.yml deleted file mode 100644 index 097c2f98656b..000000000000 --- a/.github/workflows/test-blockchain-link.yml +++ /dev/null @@ -1,45 +0,0 @@ -name: "[Test] blockchain-link e2e" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - pull_request: - paths: - - "packages/blockchain-link" - # dependencies of packages/blockchain-link - - "packages/utxo-lib" - - "packages/utils" - - "docker/docker-blockchain-link-test.sh" - - ".github/workflows/blockchain-link-test.yml" - - "yarn.lock" - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - test: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn --immutable - - - name: Build dependencies - run: yarn build:libs - - - name: Build @trezor/blockchain-link workers - run: | - yarn workspace @trezor/blockchain-link build:workers - - - name: Run E2E tests - run: ./docker/docker-blockchain-link-test.sh diff --git a/.github/workflows/test-connect-popup.yml b/.github/workflows/test-connect-popup.yml deleted file mode 100644 index c118c716fa91..000000000000 --- a/.github/workflows/test-connect-popup.yml +++ /dev/null @@ -1,140 +0,0 @@ -name: "[Build/Test] connect-popup e2e" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/connect/**" - - "packages/connect-common/**" - - "packages/connect-iframe/**" - - "packages/connect-explorer/**" - - "packages/connect-webextension/**" - - "packages/connect-web/**" - - "packages/connect-popup/**" - - "packages/connect-examples/webextension-mv2/**" - - "packages/connect-examples/webextension-mv3/**" - - "packages/connect-explorer-theme/**" - - "submodules/trezor-common/**" - - "yarn.lock" - - ".github/workflows/connect-dev-release-test.yml" - - ".github/workflows/template-connect-popup-test-params.yml" - - ".github/actions/release-connect/**" - - "docker/docker-connect-popup-ci.sh" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - extract-branch: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - outputs: - branch: ${{ steps.extract_branch.outputs.branch }} - steps: - - name: Extract branch name - id: extract_branch - run: | - BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" - echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT - - build-deploy: - needs: [extract-branch] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ needs.extract-branch.outputs.branch }} - - - name: Release connect to dev environment - uses: ./.github/actions/release-connect - with: - awsRoleToAssume: "arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy" - awsRegion: "eu-central-1" - serverHostname: "dev.suite.sldev.cz" - serverPath: "connect/${{ needs.extract-branch.outputs.branch }}" - uploadArtifacts: "true" - buildArtifacts: "true" - nodeEnv: "development" - - methods: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: methods.test - serverHostname: dev.suite.sldev.cz - runWebextension: ${{ github.event_name == 'schedule' }} - runCoreInPopup: true - buildOverview: true - - popup-close: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: popup-close.test - serverHostname: dev.suite.sldev.cz - runWebextension: true - runCoreInPopup: true - - passphrase: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: passphrase.test - serverHostname: dev.suite.sldev.cz - runWebextension: true - runCoreInPopup: true - - popup-pages: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: popup-pages.test - serverHostname: dev.suite.sldev.cz - - browser-support: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: browser-support.test - serverHostname: dev.suite.sldev.cz - - permissions: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: permissions.test - serverHostname: dev.suite.sldev.cz - - transport: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: transport.test - serverHostname: dev.suite.sldev.cz - - unchained: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: unchained.test - serverHostname: dev.suite.sldev.cz - runWeb: ${{ github.event_name == 'schedule' }} - - webextension-examples: - needs: [build-deploy] - uses: ./.github/workflows/template-connect-popup-test-params.yml - with: - testName: webextension-example.test - serverHostname: dev.suite.sldev.cz - runWebextension: true - runWeb: false diff --git a/.github/workflows/test-connect-web.yml b/.github/workflows/test-connect-web.yml deleted file mode 100644 index 5bba0cfcf762..000000000000 --- a/.github/workflows/test-connect-web.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: "[Test] connect-web e2e" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/connect/**" - - "packages/connect-common/**" - - "packages/utils/**" - - ".github/workflows/connect-web-e2e-test.yml" - - "yarn.lock" - workflow_dispatch: - -jobs: - connect-web-e2e: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: true - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/connect-web - - - name: Run E2E tests - run: yarn workspace @trezor/connect-web test:e2e diff --git a/.github/workflows/test-connect.yml b/.github/workflows/test-connect.yml deleted file mode 100644 index 30462d810ad8..000000000000 --- a/.github/workflows/test-connect.yml +++ /dev/null @@ -1,167 +0,0 @@ -name: "[Test] connect core e2e" - -# run only if there are changes in connect or related libs paths -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/blockchain-link/**" - - "packages/connect-common/**" - - "packages/connect-iframe/**" - - "packages/connect-web/**" - - "packages/connect/**" - - "packages/protobuf/**" - - "packages/schema-utils/**" - - "packages/transport/**" - - "packages/utils/**" - - "packages/utxo-lib/**" - - "docker/**" - - "submodules/trezor-common/**" - - "yarn.lock" - - ".github/workflows/test-connect.yml" - - ".github/workflows/template-connect-test-params.yml" - - "docker/docker-connect-test.sh" - - "docker/docker-compose.connect-test.yml" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} - cancel-in-progress: true - -jobs: - # todo: meaning of 'build' job is questionable. only 'web' tests use part of this jobs output - build: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - submodules: true - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - cache-dependency-path: "**/yarn.lock" - - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - - run: yarn workspaces focus @trezor/connect-iframe @trezor/connect-web - - run: yarn workspace @trezor/connect-iframe build - - run: yarn workspace @trezor/connect-web build - # upload + download takes longer than doing yarn build:libs - - name: Upload build connect-web - uses: actions/upload-artifact@v4 - with: - name: build-artifact-connect-web - path: packages/connect-web/build - - name: Upload build connect-iframe - uses: actions/upload-artifact@v4 - with: - name: build-artifact-connect-iframe - path: packages/connect-iframe/build - - set-matrix: - runs-on: ubuntu-latest - outputs: - dailyMatrix: ${{ steps.set-matrix-daily.outputs.dailyMatrix }} - otherDevicesMatrix: ${{ steps.set-matrix-other-devices.outputs.otherDevicesMatrix }} - legacyFirmwareMatrix: ${{ steps.set-matrix-legacy-firmware.outputs.legacyFirmwareMatrix }} - canaryFirmwareMatrix: ${{ steps.set-matrix-canary-firmware.outputs.canaryFirmwareMatrix }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Set daily matrix - id: set-matrix-daily - run: echo "dailyMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js daily)" >> $GITHUB_OUTPUT - - - name: Set legacy devices matrix - id: set-matrix-legacy-firmware - run: echo "legacyFirmwareMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js legacyFirmware)" >> $GITHUB_OUTPUT - - - name: Set canary devices matrix - id: set-matrix-canary-firmware - run: echo "canaryFirmwareMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js canaryFirmware)" >> $GITHUB_OUTPUT - - - name: Set other devices matrix - id: set-matrix-other-devices - run: echo "otherDevicesMatrix=$(node ./scripts/ci/connect-test-matrix-generator.js otherDevices)" >> $GITHUB_OUTPUT - - connect-PR: - needs: [build, set-matrix] - name: PR-${{ matrix.name }} - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.pattern }} - methods: ${{ matrix.methods }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.name }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.dailyMatrix) }} - - connect-randomized-order: - needs: [build, set-matrix] - if: github.event_name == 'schedule' && github.repository == 'trezor/trezor-suite' - name: randomized-${{ matrix.name }} - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.pattern }} - methods: ${{ matrix.methods }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.name }}-${{ matrix.firmware }} - testRandomizedOrder: true - webEnvironment: false - nodeEnvironment: true - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.dailyMatrix) }} - - connect-legacy-firmware: - needs: [build, set-matrix] - if: github.event_name == 'schedule' && github.repository == 'trezor/trezor-suite' - name: legacy-${{ matrix.name }} - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.pattern }} - methods: ${{ matrix.methods }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.name }}-${{ matrix.firmware }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.legacyFirmwareMatrix) }} - - connect-canary-firmware: - needs: [build, set-matrix] - if: github.event_name == 'schedule' && github.repository == 'trezor/trezor-suite' - name: canary-${{ matrix.name }} - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.pattern }} - methods: ${{ matrix.methods }} - testsFirmware: ${{ matrix.firmware }} - testDescription: ${{ matrix.name }}-${{ matrix.firmware }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.canaryFirmwareMatrix) }} - - connect-other-devices: - needs: [build, set-matrix] - if: github.event_name == 'schedule' && github.repository == 'trezor/trezor-suite' - name: other-devices-${{ matrix.name }}-${{ matrix.model }} - uses: ./.github/workflows/template-connect-test-params.yml - with: - testPattern: ${{ matrix.pattern }} - methods: ${{ matrix.methods }} - testsFirmware: ${{ matrix.firmware }} - testFirmwareModel: ${{ matrix.model }} - nodeEnvironment: true - webEnvironment: false - testDescription: ${{ matrix.name }}-${{ matrix.firmware }}-${{ matrix.model }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.set-matrix.outputs.otherDevicesMatrix) }} diff --git a/.github/workflows/test-misc.yml b/.github/workflows/test-misc.yml deleted file mode 100644 index 7af90823e5bc..000000000000 --- a/.github/workflows/test-misc.yml +++ /dev/null @@ -1,100 +0,0 @@ -name: "[Test] misc" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - pull_request: - paths: - - ".github/workflows/test-misc.yml" - workflow_dispatch: - -jobs: - urls-health: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn workspace @trezor/urls test:e2e - - translations-unused: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn workspace @trezor/suite translations:list-unused - - media-duplicates: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - strategy: - fail-fast: false - matrix: - extension: [".png", ".jpg", ".mp4", ".webm", ".svg"] - steps: - - name: Checkout - uses: actions/checkout@v4 - - - run: ./scripts/ci/find_duplicates.sh ./packages/suite-data/files ${{ matrix.extension }} - - install-connect: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: true - - - run: ./packages/connect/e2e/test-npm-install.sh beta - - run: ./packages/connect/e2e/test-npm-install.sh latest - - run: ./packages/connect/e2e/test-yarn-install.sh beta - - run: ./packages/connect/e2e/test-yarn-install.sh latest - - test-unit: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn message-system-sign-config - - run: yarn test:unit - - test-protobuf: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - run: yarn install --immutable - - run: yarn workspace @trezor/protobuf update:protobuf - - run: yarn workspace @trezor/protobuf update:schema diff --git a/.github/workflows/test-suite-desktop-e2e.yml b/.github/workflows/test-suite-desktop-e2e.yml deleted file mode 100644 index 8ab21b36eae8..000000000000 --- a/.github/workflows/test-suite-desktop-e2e.yml +++ /dev/null @@ -1,104 +0,0 @@ -name: "[Test] suite-desktop e2e" -# this workflow builds a desktop version of Suite and runs basic test suite for it - -on: - pull_request: - branches: - - develop - paths-ignore: - - "suite-native/**" - - "packages/connect*/**" - - "packages/react-native-usb/**" - # ignore unrelated github workflows config files - - ".github/workflows/connect*" - - ".github/workflows/suite-native*" - - ".github/workflows/build-desktop*" - - ".github/workflows/release*" - - ".github/workflows/template*" - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - -jobs: - run-desktop-tests: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - TEST_FILE: "spawn-bridge spawn-bridge-daemon suite-guide wallet-discovery" - CONTAINERS: "trezor-user-env-unix" - - TEST_FILE: "electrum" - CONTAINERS: "trezor-user-env-unix electrum-regtest" - - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - - - name: Run and store git values for Currents - run: | - echo "COMMIT_MESSAGE=$(git show -s --pretty=%s)" >> $GITHUB_ENV - echo "COMMIT_EMAIL=$(git show -s --pretty=%ae)" >> $GITHUB_ENV - echo "COMMIT_AUTHOR=$(git show -s --pretty=%an)" >> $GITHUB_ENV - echo "COMMIT_SHA=$(git show -s --pretty=%H)" >> $GITHUB_ENV - echo "COMMIT_TIMESTAMP=$(git show -s --pretty=%ct)" >> $GITHUB_ENV - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Install deps and build libs - run: | - yarn install --immutable - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/transport-bridge build:lib - - - name: Build app.js for tests - run: | - yarn workspace @trezor/suite-desktop build:app - yarn workspace @trezor/suite-desktop build:ui - - - name: Run e2e desktop tests - env: - GITHUB_WORKFLOW: ${{github.workflow}} - GITHUB_ACTION: true - GITHUB_EVENT_NAME: ${{github.event_name}} - GITHUB_RUN_ID: ${{github.run_id}} - GITHUB_RUN_ATTEMPT: ${{github.run_attempt}} - GITHUB_REPOSITORY: ${{github.repository}} - COMMIT_INFO_BRANCH: ${{github.head_ref}} - COMMIT_INFO_MESSAGE: ${{env.COMMIT_MESSAGE}} - COMMIT_INFO_EMAIL: ${{env.COMMIT_EMAIL}} - COMMIT_INFO_AUTHOR: ${{env.COMMIT_AUTHOR}} - COMMIT_INFO_SHA: ${{env.COMMIT_SHA}} - COMMIT_INFO_TIMESTAMP: ${{env.COMMIT_TIMESTAMP}} - COMMIT_INFO_REMOTE: ${{github.repository}} - CURRENTS_PROJECT_ID: 4ytF0E - CURRENTS_RECORD_KEY: ${{ secrets.CURRENTS_RECORD_KEY }} - CURRENTS_CI_BUILD_ID: pr-run-${{github.run_id}} - COMPOSE_FILE: ./docker/docker-compose.suite-desktop-ci.yml - TEST_FILE: ${{ matrix.TEST_FILE }} - run: | - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - yarn workspace @trezor/suite-desktop-core test:e2e ${{ env.TEST_FILE }} - - - name: cleanup - env: - COMPOSE_FILE: ./docker/docker-compose.suite-desktop-ci.yml - run: docker compose down - - # TODO: currently only uploads trace.zip, figure out why screens are not uploaded - - name: Upload artifacts - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-${{ matrix.TEST_FILE }} - path: | - ./packages/suite-desktop-core/e2e/test-results diff --git a/.github/workflows/test-suite-native-e2e-android.yml b/.github/workflows/test-suite-native-e2e-android.yml deleted file mode 100644 index 3f55ace16ac8..000000000000 --- a/.github/workflows/test-suite-native-e2e-android.yml +++ /dev/null @@ -1,168 +0,0 @@ -name: "[Test] suite-native Android E2E" -on: - schedule: - - cron: "0 0 * * *" - pull_request: - paths: - - "suite-native/**" - - "suite-common/**" - - "packages/connect/**" - - ".github/workflows/test-suite-native-e2e-android.yml" - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -env: - NODE_ENV: "test" - -jobs: - build_android_test_app: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout project - uses: actions/checkout@v4 - with: - submodules: "true" - - - name: Free Disk Space - uses: jlumbroso/free-disk-space@main - with: - # The free GH runner has limited disk space, so we need to uninstall some preinstalled tools. - dotnet: true - haskell: true - tool-cache: false - android: false - swap-storage: false - large-packages: false - - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Setup node_modules cache - uses: actions/cache@v4 - with: - path: node_modules - key: node_modules/${{ github.ref }}/${{github.run_id}} - - - name: Install Yarn dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn install - - - name: Setup Java - uses: actions/setup-java@v4 - with: - distribution: temurin - java-version: 17 - - - name: Sign message system config - working-directory: ./suite-common/message-system - run: yarn sign-config - - - name: Prebuild native expo project - working-directory: ./suite-native/app - run: yarn prebuild --platform android --clean - - - name: Build Detox test .apk - run: ../../node_modules/.bin/detox build -PreactNativeArchitectures=x86_64 --configuration android.emu.release - working-directory: ./suite-native/app - - - name: Save build to cache - uses: actions/cache/save@v4 - with: - path: | - suite-native/app/android/app/build/ - key: android_test_build/${{ github.ref }}/${{github.run_id}} - - run_android_e2e_tests: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - needs: build_android_test_app - steps: - - name: Checkout project - uses: actions/checkout@v4 - with: - submodules: "true" - - - name: Free Disk Space - uses: jlumbroso/free-disk-space@main - with: - # Combination of android emulator and trezor-user-env is using a too much disk space - # of a free tier GH action runner, some preinstalled packages have to be removed. - dotnet: true - haskell: true - tool-cache: false - android: false - swap-storage: false - large-packages: false - - - name: Install node and yarn - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Load node modules cache - uses: actions/cache@v4 - with: - path: node_modules - key: node_modules/${{ github.ref }}/${{github.run_id}} - - - name: Install Yarn dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn install - - - name: Get device name from detox config file - id: device - run: node -e "console.log('AVD_NAME=' + require('./suite-native/app/.detoxrc').devices.emulator.device.avdName)" >> $GITHUB_OUTPUT - - - name: Run trezor-user-env - env: - COMPOSE_FILE: ./docker/docker-compose.suite-native-ci.yml - run: | - docker compose pull trezor-user-env-unix trezor-user-env-regtest - docker compose up --detach trezor-user-env-unix trezor-user-env-regtest - - - name: Read test .apk from cache - uses: actions/cache/restore@v4 - with: - path: | - suite-native/app/android/app/build/ - key: android_test_build/${{ github.ref }}/${{github.run_id}} - - - name: Enable Android emulator KVM optimalization - run: | - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm - - - name: Run Detox E2E Android tests - uses: reactivecircus/android-emulator-runner@v2 - env: - RUNNER_TEMP: /tmp - with: - api-level: 31 - profile: pixel_3a - arch: x86_64 - working-directory: suite-native/app - ram-size: 4096M - force-avd-creation: true - avd-name: ${{ steps.device.outputs.AVD_NAME }} - emulator-options: -no-window -gpu swiftshader_indirect -no-snapshot -noaudio -no-boot-anim -grpc 8554 - script: yarn test:e2e android.emu.release --headless --take-screenshots failing --record-videos failing --retries 2 - - - name: "Store failed test screenshot artifacts" - if: ${{failure()}} - uses: actions/upload-artifact@v4 - with: - name: failed-android-tests-screenshots - path: suite-native/app/artifacts diff --git a/.github/workflows/test-suite-web-e2e.yml b/.github/workflows/test-suite-web-e2e.yml deleted file mode 100644 index 1bbc508ce08d..000000000000 --- a/.github/workflows/test-suite-web-e2e.yml +++ /dev/null @@ -1,188 +0,0 @@ -name: "[Test] suite-web e2e" -# this action runs basic test suite for suite-web and and builds/deploys the web app to dev.suite.sldev.cz/suite-web//web - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -# run only if there are changes in suite or related libs paths -on: - pull_request: - branches: - - develop - paths-ignore: - - "suite-native/**" - - "packages/connect*/**" - - "packages/suite-desktop*/**" - - "packages/react-native-usb/**" - # ignore unrelated github workflows config files - - ".github/workflows/connect*" - - ".github/workflows/suite-native*" - - ".github/workflows/build-desktop*" - - ".github/workflows/release*" - - ".github/workflows/template*" - - ".github/actions/release*/**" - -env: - DEV_SERVER_URL: "https://dev.suite.sldev.cz" - STAGING_SUITE_SERVER_URL: "https://staging-suite.trezor.io" - -jobs: - build-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web @trezor/connect-iframe @trezor/connect-web @trezor/suite-data @trezor/suite-build - - - name: Build suite-web - env: - ASSET_PREFIX: /suite-web/${{ steps.extract_branch.outputs.branch }}/web - DESKTOP_APP_NAME: "Trezor-Suite" - run: | - yarn message-system-sign-config - yarn workspace @trezor/suite-data build:lib - yarn workspace @trezor/connect-iframe build:lib - yarn workspace @trezor/connect-web build - yarn workspace @trezor/suite-web build - # this step should upload build result to s3 bucket dev.suite.sldev.cz using awscli - - name: Upload suite-web to dev.suite.sldev.cz - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/suite-web/${{ steps.extract_branch.outputs.branch }} - run: | - aws s3 sync --delete ./packages/suite-web/build ${DEPLOY_PATH}/web - - e2e-test-suite-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - needs: - - build-web - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group_suite" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_device-management" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_settings" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_metadata" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_passphrase" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_other" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_wallet" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - ref: ${{github.event.after}} - fetch-depth: 2 - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - cache: yarn - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: --depth=1 - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - echo -e "\nenableHardenedMode: false" >> .yarnrc.yml - yarn workspaces focus @trezor/suite-web - - - name: Run e2e tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: ${{ steps.extract_branch.outputs.branch }} - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: ${{ matrix.CYPRESS_USE_TREZOR_USER_ENV_BRIDGE }} - CYPRESS_updateSnapshots: false - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{ steps.extract_commit_message.outputs.message }} - run: | - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt diff --git a/.github/workflows/test-suite-web-nightly.yml b/.github/workflows/test-suite-web-nightly.yml deleted file mode 100644 index ca6235488d24..000000000000 --- a/.github/workflows/test-suite-web-nightly.yml +++ /dev/null @@ -1,297 +0,0 @@ -name: "[Test] nightly suite-web, migrations and canary" - -# run all suite-web related tests every day at midnight -on: - workflow_dispatch: - schedule: - - cron: "0 0 * * *" - -jobs: - e2e-test-suite-web: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - strategy: - fail-fast: false - # todo: this setup is duplicated with test-suite-web-e2e.yml - matrix: - include: - - TEST_GROUP: "@group_suite" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_device-management" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_settings" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_metadata" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_passphrase" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_other" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_wallet" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Run e2e tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: develop - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: ${{ matrix.CYPRESS_USE_TREZOR_USER_ENV_BRIDGE }} - CYPRESS_updateSnapshots: false - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{steps.extract_commit_message.outputs.message }} - run: | - yarn install --immutable - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-nightly-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt - - e2e-test-migration-tests: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group_migrations" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Run e2e migration tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: release/22.5 develop - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: 1 - CYPRESS_updateSnapshots: false - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{steps.extract_commit_message.outputs.message }} - run: | - yarn install --immutable - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: - Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-migration-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt - - e2e-test-canary-fws: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - include: - - TEST_GROUP: "@group_suite" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_device-management" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_metadata" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_passphrase" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_other" - CONTAINERS: "trezor-user-env-unix" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - - TEST_GROUP: "@group_wallet" - CONTAINERS: "trezor-user-env-unix bitcoin-regtest" - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: "1" - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Extract branch name - id: extract_branch - run: | - echo "branch=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_OUTPUT - - - name: Extract commit message - id: extract_commit_message - run: | - if [ "${{ github.event_name }}" == "pull_request" ]; then - git fetch origin +refs/pull/${{ github.event.pull_request.number }}/merge: - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - else - echo "message=$(git log --no-merges -1 --pretty=format:"%s")" >> $GITHUB_OUTPUT - fi - - - name: Run e2e canary fw tests - env: - COMPOSE_FILE: ./docker/docker-compose.suite-ci.yml - ## Tells Cypress where is the index of application - CYPRESS_ASSET_PREFIX: /web - CYPRESS_baseUrl: https://dev.suite.sldev.cz/suite-web/ - ## should tests do snapshot testing - # cypress open todo. temporarily turned off (messaging system) - CYPRESS_SNAPSHOT: false - ## reporter url - TRACK_SUITE_URL: https://track-suite-ff9ad9f5b4f6.herokuapp.com - ## when debugging or developing tests it does not make sense to have retries, - ## in other cases retries are useful to avoid occasional failures due to flaky tests - ALLOW_RETRY: true - TEST_GROUP: ${{ matrix.TEST_GROUP }} - CYPRESS_TEST_URLS: develop - CYPRESS_USE_TREZOR_USER_ENV_BRIDGE: 1 - CYPRESS_updateSnapshots: false - FIRMWARE: 2-main - CI_JOB_ID: ${{ github.run_id }} - CI_COMMIT_SHA: ${{ github.sha }} - CI_JOB_URL: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} - CI_COMMIT_BRANCH: ${{ steps.extract_branch.outputs.branch }} - CI_COMMIT_MESSAGE: ${{steps.extract_commit_message.outputs.message }} - run: | - yarn install --immutable - docker compose pull - docker compose up -d ${{ matrix.CONTAINERS }} - docker compose run test-run - - - name: Upload logs - run: | - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/debugging.log trezor-user-env-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/logs/emulator_bridge.log tenv-emulator-bridge-debugging.log || true - docker cp docker_trezor-user-env-unix_1:/trezor-user-env/docker/version.txt trezor-user-env-version.txt || true - - - name: Upload artifacts - # this will run the upload artifacts even if the previous steps failed (e.g. tests failed). It wont run if the workflow was cancelled. - if: ${{ ! cancelled() }} - uses: actions/upload-artifact@v4 - with: - name: test-artifacts-canary-${{ matrix.TEST_GROUP }} - path: | - ./packages/suite-web/e2e/snapshots - ./packages/suite-web/e2e/screenshots - ./packages/suite-web/e2e/videos - download-snapshots.sh - trezor-user-env-debugging.log - tenv-emulator-bridge-debugging.log - trezor-user-env-version.txt diff --git a/.github/workflows/test-transport.yml b/.github/workflows/test-transport.yml deleted file mode 100644 index 1e474574819c..000000000000 --- a/.github/workflows/test-transport.yml +++ /dev/null @@ -1,106 +0,0 @@ -name: "[Test] transport e2e" - -permissions: - id-token: write # for fetching the OIDC token - contents: read # for actions/checkout - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - push: - branches: [release/connect/**] - pull_request: - paths: - - "packages/transport/**" - - "packages/transport-bridge/**" - - "packages/transport-test/**" - - "packages/protobuf/**" - - "packages/protocol/**" - - "packages/trezor-user-env-link/**" - - "packages/utils/**" - - "docker/docker-compose.transport-test-ci.yml" - - "yarn.lock" - workflow_dispatch: - -jobs: - transport-e2e-test: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: true - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/transport-test - - - name: Setup containers - run: | - docker compose -f ./docker/docker-compose.transport-test-ci.yml pull - docker compose -f ./docker/docker-compose.transport-test-ci.yml up -d - - - name: Run E2E tests (old-bridge:emu) - run: yarn workspace @trezor/transport-test test:e2e:old-bridge:emu - - - name: Run E2E tests (new-bridge:emu) - run: yarn workspace @trezor/transport-test test:e2e:new-bridge:emu - - extract-branch: - if: github.repository == 'trezor/trezor-suite' - runs-on: ubuntu-latest - outputs: - branch: ${{ steps.extract_branch.outputs.branch }} - steps: - - name: Extract branch name - id: extract_branch - run: | - BRANCH_NAME="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" - echo "branch=$BRANCH_NAME" >> $GITHUB_OUTPUT - - build-deploy: - needs: [extract-branch] - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ needs.extract-branch.outputs.branch }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - shell: bash - run: | - echo -e "\nenableScripts: false" >> .yarnrc.yml - yarn workspaces focus @trezor/transport -A - - - name: Build transport tester - run: | - yarn workspace @trezor/transport-test build:e2e:api:browser - - - name: Configure aws credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: arn:aws:iam::538326561891:role/gh_actions_trezor_suite_dev_deploy - aws-region: eu-central-1 - - - name: Upload transport tester - shell: bash - env: - DEPLOY_PATH: s3://dev.suite.sldev.cz/transport-test/${{ needs.extract-branch.outputs.branch }} - run: | - echo "DEPLOY_PATH is set to ${DEPLOY_PATH}" - mkdir -p tmp_build_directory - cp -R ./packages/transport-test/e2e/dist/* tmp_build_directory/ - aws s3 sync --delete tmp_build_directory/ "${DEPLOY_PATH}" diff --git a/.github/workflows/update-connect-config.yml b/.github/workflows/update-connect-config.yml deleted file mode 100644 index cc09e52e7342..000000000000 --- a/.github/workflows/update-connect-config.yml +++ /dev/null @@ -1,35 +0,0 @@ -name: "[Check] Update Config and Create PR" - -on: - schedule: - # Runs at midnight UTC every day at 01:00 AM CET - - cron: "0 0 * * *" - workflow_dispatch: - -jobs: - update-config: - runs-on: ubuntu-latest - if: github.repository == 'trezor/trezor-suite' - steps: - - name: Checkout - uses: actions/checkout@v4 - with: - token: ${{ secrets.TREZOR_BOT_TOKEN }} - - - name: Setup node - uses: actions/setup-node@v4 - with: - node-version-file: ".nvmrc" - - - name: Install dependencies - run: yarn install --immutable - - - name: Setup Git config - run: | - git config --global user.name "trezor-ci" - git config --global user.email "${{ secrets.TREZOR_BOT_EMAIL }}" - - - name: Check for changes and create PR - env: - GITHUB_TOKEN: ${{ secrets.TREZOR_BOT_TOKEN }} - run: yarn tsx ./scripts/ci/check-connect-data.ts