Initial commit

.clang-format

@@ -0,0 +1,5 @@
+BasedOnStyle: Google
+IndentWidth: 4
+ColumnLimit: 125
+DerivePointerAlignment: false
+PointerAlignment: Right

.clang-tidy

@@ -0,0 +1,22 @@
+Checks: "-*,
+  clang-diagnostic-*,
+  clang-analyzer-*,
+  cppcoreguidelines-init-variables,
+  google-runtime-int,
+  google-readability-avoid-underscore-in-googletest-name,
+  misc-*,
+  performance-*,
+  portability-*,
+  readability-*,
+  -misc-no-recursion,
+  -readability-function-cognitive-complexity"
+WarningsAsErrors: "*"
+CheckOptions:
+  - key: readability-identifier-length.MinimumVariableNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumParameterNameLength
+    value: 2
+  - key: readability-identifier-length.MinimumLoopCounterNameLength
+    value: 1
+  - key: readability-magic-numbers.IgnorePowersOf2IntegerValues
+    value: true

.editorconfig

@@ -0,0 +1,16 @@
+# top-most EditorConfig file
+root = true
+
+[*]
+charset = utf-8
+trim_trailing_whitespace = true
+end_of_line = lf
+insert_final_newline = true
+
+[*.{c,h,cpp,hpp}]
+indent_style = space
+indent_size = 4
+
+[*.{yml,sh}]
+indent_style = space
+indent_size = 2

.github/workflows/check_version.yml

@@ -0,0 +1,55 @@
+name: Verify PRs to main
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
+
+jobs:
+  configure:
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    outputs:
+      uid_gid: ${{ steps.get-user.outputs.uid_gid }}
+    steps:
+      - id: get-user
+        run: echo "uid_gid=$(id -u):$(id -g)" >> $GITHUB_OUTPUT
+
+  get_version:
+    needs: configure
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+    env:
+      SDK_VARNAME: NANOSP_SDK
+    outputs:
+      version: ${{ steps.store-version.outputs.version }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - run: make version
+      - id: store-version
+        run: echo "version=$(cat ./app/app.version)" >> $GITHUB_OUTPUT
+
+  check_app_version:
+    needs: get_version
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    steps:
+      - id: checkTag
+        uses: mukunku/tag-exists-action@v1.0.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          tag: ${{ needs.get_version.outputs.version }}
+
+      - run: echo ${{ steps.checkTag.outputs.exists }}
+
+      - name: Tag exists
+        if: ${{ steps.checkTag.outputs.exists == 'true' }}
+        run: exit 1

.github/workflows/codeql.yml

@@ -0,0 +1,40 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
+
+jobs:
+  analyse:
+    name: Analyse
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    if: github.event.repository.private == false
+    strategy:
+      matrix:
+        sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"]
+    container:
+      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+
+    steps:
+      - name: Clone
+        uses: actions/checkout@v4
+        with:
+          submodules: recursive
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+          queries: security-and-quality
+
+      - name: Build
+        run: |
+          make -j BOLOS_SDK=${{ matrix.sdk }}
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2

.github/workflows/guidelines_enforcer.yml

@@ -0,0 +1,25 @@
+name: Ensure compliance with Ledger guidelines
+
+# This workflow is mandatory in all applications
+# It calls a reusable workflow guidelines_enforcer developed by Ledger's internal developer team.
+# The successful completion of the reusable workflow is a mandatory step for an app to be available on the Ledger
+# application store.
+#
+# More information on the guidelines can be found in the repository:
+# LedgerHQ/ledger-app-workflows/
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
+  pull_request:
+
+jobs:
+  guidelines_enforcer:
+    if: github.event.repository.private == false
+    name: Call Ledger guidelines_enforcer
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_guidelines_enforcer.yml@v1

.github/workflows/lint.yml

@@ -0,0 +1,50 @@
+name: Lint and format 💅
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches:
+      - main
+      - develop
+      - master # for safety reasons
+      - dev  # for safety reasons
+
+jobs:
+  lint:
+    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
+    container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Add missing deps
+        env:
+          DEBIAN_FRONTEND: noninteractive
+        run: |
+          apt-get update
+          apt-get install -y bear sudo
+      - name: Generate compilation database
+        run: bear -- make -j BOLOS_SDK="$NANOSP_SDK"
+      - name: Setup python
+        uses: actions/setup-python@v5
+        with:
+          python-version: "3.11"
+      - name: Lint and format 💅
+        uses: cpp-linter/cpp-linter-action@v2
+        id: linter
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        with:
+          file-annotations: true
+          files-changed-only: false
+          ignore: "app/build|cmake|deps|fuzz|tests"
+          step-summary: true
+          style: file # uses .clang-format
+          thread-comments: true
+          tidy-checks: "" # use only .clang-tidy checks
+      - name: Fail if errors
+        if: steps.linter.outputs.checks-failed > 0
+        run: |
+          echo "Linter or formatter failed!"
+          exit 1