chore: migrate to reusable workflows

mbrousset-ledger · mbrousset-ledger · commit 114e5d517abf · 2026-02-10T13:36:23.000+01:00
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -1,40 +1,16 @@
-name: "CodeQL"
+name: CodeQL
 
 on:
   workflow_dispatch:
   push:
-  pull_request:
     branches:
       - main
+      - master
       - develop
-      - master # for safety reasons
-      - dev # for safety reasons
+  pull_request:
 
 jobs:
   analyse:
-    name: Analyse
-    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
-    if: github.event.repository.private == false
-    strategy:
-      matrix:
-        sdk: ["$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"]
-    container:
-      image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
-
-    steps:
-      - name: Clone
-        uses: actions/checkout@v4
-        with:
-          submodules: recursive
-
-      - name: Initialize CodeQL
-        uses: github/codeql-action/init@v3
-        with:
-          languages: cpp
-          queries: security-and-quality
-
-      - name: Build
-        run: |
-          make -j BOLOS_SDK=${{ matrix.sdk }}
-      - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v3
+    name: Call Ledger CodeQL analysis
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_codeql_checks.yml@v1
+    secrets: inherit
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -1,50 +1,16 @@
-name: Lint and format 💅
+name: Lint
 
 on:
   workflow_dispatch:
   push:
-  pull_request:
     branches:
       - main
+      - master
       - develop
-      - master # for safety reasons
-      - dev # for safety reasons
+  pull_request:
 
 jobs:
   lint:
-    runs-on: ${{ github.repository_owner == 'zondax' && 'zondax-runners' || 'ubuntu-latest' }}
-    container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
-    steps:
-      - uses: actions/checkout@v4
-        with:
-          submodules: recursive
-      - name: Add missing deps
-        env:
-          DEBIAN_FRONTEND: noninteractive
-        run: |
-          apt-get update
-          apt-get install -y bear sudo
-      - name: Generate compilation database
-        run: bear -- make -j BOLOS_SDK="$NANOSP_SDK"
-      - name: Setup python
-        uses: actions/setup-python@v5
-        with:
-          python-version: "3.11"
-      - name: Lint and format 💅
-        uses: cpp-linter/cpp-linter-action@v2
-        id: linter
-        env:
-          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-        with:
-          file-annotations: true
-          files-changed-only: false
-          ignore: "app/build|cmake|deps|fuzz|tests"
-          step-summary: true
-          style: file # uses .clang-format
-          thread-comments: true
-          tidy-checks: "" # use only .clang-tidy checks
-      - name: Fail if errors
-        if: steps.linter.outputs.checks-failed > 0
-        run: |
-          echo "Linter or formatter failed!"
-          exit 1
+    name: Lint Checks
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_lint.yml@v1
+    secrets: inherit
diff --git a/.github/workflows/ragger-tests.yml b/.github/workflows/ragger-tests.yml
@@ -0,0 +1,16 @@
+name: Ragger Tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  ragger_tests:
+    name: Ragger Tests
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_ragger_tests.yml@v1
+    secrets: inherit
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -0,0 +1,16 @@
+name: Unit Tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+      - master
+      - develop
+  pull_request:
+
+jobs:
+  unit_tests:
+    name: Unit Tests
+    uses: LedgerHQ/ledger-app-workflows/.github/workflows/reusable_unit_tests.yml@v1
+    secrets: inherit
