LedgerHQ · lpascal-ledger · Jan 11, 2024 · Jan 11, 2024 · Jan 11, 2024
diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml
@@ -13,63 +13,6 @@ on:
 
 jobs:
 
-  linter:
-    name: Linter on C code
-    runs-on: ubuntu-latest
-    steps:
-    - name: Clone
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-    - name: Lint C code
-      uses: DoozyX/[email protected]
-      with:
-        source: 'src tests'
-        extensions: 'c,h'
-        clangFormatVersion: 11
-
-  misspell:
-    name: Check misspellings
-    runs-on: ubuntu-latest
-    steps:
-    - name: Clone
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-    - name: Check misspellings
-      uses: codespell-project/actions-codespell@v1
-      with:
-        builtin: clear,rare
-        check_filenames: true
-        ignore_words_file: .codespell-ignore
-        skip: ./speculos/api/static/swagger/swagger-ui.css,./speculos/api/static/swagger/swagger-ui-bundle.js,./speculos/api/static/swagger/swagger-ui-standalone-preset.js,./speculos/fonts
-
-  coverage:
-    name: Code coverage
-    runs-on: ubuntu-latest
-    container:
-      image: docker://ghcr.io/ledgerhq/speculos-builder:latest
-    steps:
-    - name: Clone
-      uses: actions/checkout@v3
-      with:
-        fetch-depth: 0
-    - name: Rebuild with code coverage instrumentation
-      env:
-        CTEST_OUTPUT_ON_FAILURE: 1
-        RNG_SEED: 0
-      run: |
-        cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 -DCODE_COVERAGE=ON
-        make -C build clean
-        make -C build
-        make -C build test
-        python3 -m pip install pytest-cov
-        python3 -m pytest --cov=speculos --cov-report=xml
-    - name: Upload coverage to Codecov
-      uses: codecov/codecov-action@v1
-      with:
-        name: codecov-speculos
-
   build:
     name: Clone, build, test
     runs-on: ubuntu-latest
@@ -131,18 +74,6 @@ jobs:
         ./venv-build/bin/python -m build
         ./venv-build/bin/python -m twine check dist/*
 
-    - name: Display current status
-      shell: bash
-      run: |
-        echo "Current status is:"
-        if [[ ${{ github.ref }} == "refs/tags/"* ]]; \
-        then \
-            echo "- Triggered from tag, will be deployed on pypi.org"; \
-        else \
-            echo "- Not triggered from tag, will be deployed on test.pypi.org"; \
-        fi
-        echo "- Tag version: ${{ env.TAG_VERSION }}"
-
     - name: Check version against CHANGELOG
       if: startsWith(github.ref, 'refs/tags/')
       shell: bash
@@ -157,21 +88,13 @@ jobs:
         fi
 
     - name: Publish Python package on pypi.org
-      if: success() && github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')
+      if: success() && github.event_name == 'push'
       run: ./venv-build/bin/python -m twine upload dist/*
       env:
         TWINE_USERNAME: __token__
         TWINE_PASSWORD: ${{ secrets.PYPI_PUBLIC_API_TOKEN  }}
         TWINE_NON_INTERACTIVE: 1
 
-    - name: Publish Python package on test.pypi.org
-      if: success() && github.event_name == 'push'
-      run: ./venv-build/bin/python -m twine upload --repository testpypi dist/*
-      env:
-        TWINE_USERNAME: __token__
-        TWINE_PASSWORD: ${{ secrets.TEST_PYPI_PUBLIC_API_TOKEN }}
-        TWINE_NON_INTERACTIVE: 1
-
   package_and_test_docker:
     name: Build and test the Speculos docker
     uses: ./.github/workflows/reusable_ragger_tests_latest_speculos.yml

diff --git a/.github/workflows/fast-checks.yml b/.github/workflows/fast-checks.yml
@@ -0,0 +1,100 @@
+name: Fast checks
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  linter-python:
+    name: Linter on Python code
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - name: Python dependency
+      run: pip install flake8
+    - name: Lint Python code
+      run: find speculos/ -type f -name '*.py' -exec flake8 --max-line-length=120 '{}' '+'
+
+  linter-c:
+    name: Linter on C code
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - name: Lint C code
+      uses: DoozyX/[email protected]
+      with:
+        source: 'src tests'
+        extensions: 'c,h'
+        clangFormatVersion: 11
+
+  mypy:
+    name: Type checking
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+    - run: pip install mypy types-requests types-setuptools PyQt5-stubs
+    - name: Mypy type checking
+      run: mypy speculos
+
+  bandit:
+    name: Security checking
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+    - run: pip install bandit
+    - name: Bandit security checking
+      run: bandit -r speculos -ll || echo 0
+
+  misspell:
+    name: Check misspellings
+    runs-on: ubuntu-latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - name: Check misspellings
+      uses: codespell-project/actions-codespell@v1
+      with:
+        builtin: clear,rare
+        check_filenames: true
+        ignore_words_file: .codespell-ignore
+        skip: ./speculos/api/static/swagger/swagger-ui.css,./speculos/api/static/swagger/swagger-ui-bundle.js,./speculos/api/static/swagger/swagger-ui-standalone-preset.js,./speculos/fonts
+
+  coverage:
+    name: Code coverage
+    runs-on: ubuntu-latest
+    container:
+      image: docker://ghcr.io/ledgerhq/speculos-builder:latest
+    steps:
+    - name: Clone
+      uses: actions/checkout@v3
+      with:
+        fetch-depth: 0
+    - name: Rebuild with code coverage instrumentation
+      env:
+        CTEST_OUTPUT_ON_FAILURE: 1
+        RNG_SEED: 0
+      run: |
+        cmake -Bbuild -H. -DPRECOMPILED_DEPENDENCIES_DIR=/install -DWITH_VNC=1 -DCODE_COVERAGE=ON
+        make -C build clean
+        make -C build
+        make -C build test
+        python3 -m pip install pytest-cov
+        python3 -m pytest --cov=speculos --cov-report=xml
+    - name: Upload coverage to Codecov
+      uses: codecov/codecov-action@v1
+      with:
+        name: codecov-speculos
diff --git a/.github/workflows/python_checks.yml b/.github/workflows/python_checks.yml
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -5,12 +5,12 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
-## [0.5.0] - 2024-??-??
+## [0.5.0] - 2024-01-11
 
 ### Added
 - Attestation key or user private keys can now be configured with the new `--attestation-key`
   and `--user-private-key` arguments (or `ATTESTATION_PRIVATE_KEY` and `USER_PRIVATE_KEY` through
-  environment variables). User certificates are correctly calculated signed from the user private
+  environment variables). User certificates are correctly calculated, signed from the user private
   keys and the attestation key.
 
 ### Changed