Merge pull request #23 from LedgerHQ/xch/app-params-check

Add first version of app-params database and checker
LedgerHQ · Apr 21, 2023 · c8c5855 · c8c5855
2 parents 39ae17c + ee087ef
commit c8c5855
Show file tree

Hide file tree

Showing 3 changed files with 55 additions and 0 deletions.
diff --git a/.github/workflows/_check_app_load_params.yml b/.github/workflows/_check_app_load_params.yml
@@ -0,0 +1,45 @@
+name: Check APP_LOAD_PARAMS
+
+on:
+  workflow_call:
+    inputs:
+      ledger-app-workflows_ref:
+        description: 'The current reference in use for the ledger-app-workflow repository'
+        required: true
+        type: string
+      download_manifest_artifact_name:
+        description: 'The name of the artifact containing the built manifest'
+        required: true
+        type: string
+
+jobs:
+  check_app_load_params:
+    name: Check APP_LOAD_PARAMS
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Clone workflows repository
+        uses: actions/checkout@v3
+        with:
+          repository: LedgerHQ/ledger-app-workflows
+          path: ./ledger-app-workflows
+          ref: ${{ inputs.ledger-app-workflows_ref }}
+
+      - name: Clone ledger-app-database repository
+        uses: actions/checkout@v3
+        with:
+          repository: LedgerHQ/ledger-app-database
+          path: ./ledger-app-database
+          ref: main
+
+      - name: Download manifest
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.download_manifest_artifact_name }}
+          path: ${{ inputs.download_manifest_artifact_name }}
+
+      - name: Run script
+        run: |
+          python3 ./ledger-app-database/scripts/app_load_params_check.py \
+          --database_path ./ledger-app-database/app-load-params-db.json \
+          --app_manifests_path ${{ inputs.download_manifest_artifact_name }}
diff --git a/.github/workflows/reusable_guidelines_enforcer.yml b/.github/workflows/reusable_guidelines_enforcer.yml
@@ -43,6 +43,14 @@ jobs:
       download_manifest_artifact_name: manifests
       ledger-app-workflows_ref: ${{ needs.call_get_workflow_version.outputs.version }}
 
+  call_check_app_load_params:
+    name: Dispatch check
+    needs: [call_get_workflow_version, call_get_app_manifest]
+    uses: ./.github/workflows/_check_app_load_params.yml
+    with:
+      download_manifest_artifact_name: manifests
+      ledger-app-workflows_ref: ${{ needs.call_get_workflow_version.outputs.version }}
+
   call_check_makefile:
     name: Dispatch check
     needs: [call_get_workflow_version, call_get_app_manifest]

diff --git a/README.md b/README.md
@@ -19,6 +19,8 @@ Others are optional and are provided here to help developers create their own ap
 		will ensure that your README is up to date.
 	- `_check_clang_static_analyzer.yml`\
 		will ensure that your application can compile and will perform quality checks.
+	- `_check_app_load_params.yml`\
+		will perform some security and quality checks.
 
 - `build.yml` \
 This workflow will perform a build and upload the artifact containing the compiled application.