Bring latest changes from Zondax repository

.github/workflows/check_version.yml

@@ -28,7 +28,7 @@ jobs:
       version: ${{ steps.store-version.outputs.version }}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: make version

.github/workflows/codeql.yml

@@ -13,14 +13,14 @@ jobs:
     name: Analyse
     strategy:
       matrix:
-        sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK"]
+        sdk: ["$NANOS_SDK", "$NANOX_SDK", "$NANOSP_SDK", "$STAX_SDK", "$FLEX_SDK"]
     runs-on: ubuntu-latest
     container:
       image: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder-legacy:latest
 
     steps:
       - name: Clone
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: recursive
 

.github/workflows/main.yml

@@ -20,7 +20,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -41,7 +41,7 @@ jobs:
       size: ${{steps.build.outputs.size}}
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Build Standard app
@@ -71,7 +71,7 @@ jobs:
           echo $HOME
           echo $DISPLAY
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - run: sudo apt-get update -y && sudo apt-get install -y libusb-1.0.0 libudev-dev
@@ -100,7 +100,7 @@ jobs:
         BOLOS_SDK: /opt/nanos-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -109,7 +109,7 @@ jobs:
       - name: Build NanoS
         shell: bash -l {0}
         run: |
-          make
+          PRODUCTION_BUILD=0 make
           mv ./app/pkg/installer_s.sh ./app/pkg/installer_nanos.sh
       - name: Set tag
         id: nanos
@@ -136,7 +136,7 @@ jobs:
         BOLOS_SDK: /opt/nanosplus-secure-sdk
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           submodules: true
       - name: Install deps
@@ -145,7 +145,7 @@ jobs:
       - name: Build NanoSP
         shell: bash -l {0}
         run: |
-          make
+          PRODUCTION_BUILD=0 make
           mv ./app/pkg/installer_s2.sh ./app/pkg/installer_nanos_plus.sh
       - name: Set tag
         id: nanosp
@@ -160,3 +160,75 @@ jobs:
           tag_name: ${{ steps.nanosp.outputs.tag_name }}
           draft: false
           prerelease: false
+
+  build_package_stax:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/stax-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Stax
+        shell: bash -l {0}
+        run: |
+          PRODUCTION_BUILD=0 make
+      - name: Set tag
+        id: stax
+        run: echo "tag_name=$(./app/pkg/installer_stax.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: |
+            ./app/pkg/installer_stax.sh
+          tag_name: ${{ steps.stax.outputs.tag_name }}
+          draft: false
+          prerelease: false
+
+  build_package_flex:
+    needs: [configure, build, build_ledger, test_zemu]
+    if: ${{ github.ref == 'refs/heads/main' }}
+    runs-on: ubuntu-latest
+    container:
+      image: zondax/ledger-app-builder:latest
+      options: --user ${{ needs.configure.outputs.uid_gid }}
+      env:
+        BOLOS_SDK: /opt/flex-secure-sdk
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install deps
+        run: pip install ledgerblue
+
+      - name: Build Flex
+        shell: bash -l {0}
+        run: |
+          PRODUCTION_BUILD=0 make
+      - name: Set tag
+        id: flex
+        run: echo "tag_name=$(./app/pkg/installer_flex.sh version)" >> $GITHUB_OUTPUT
+      - name: Update Release
+        id: update_release_2
+        uses: softprops/action-gh-release@v1
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token
+        with:
+          files: |
+            ./app/pkg/installer_flex.sh
+          tag_name: ${{ steps.flex.outputs.tag_name }}
+          draft: false
+          prerelease: false

.github/workflows/publish.yml

@@ -0,0 +1,54 @@
+name: "Publish js packages"
+
+on:
+  release:
+    types:
+      - created
+    tags:
+      - "npm_v[0-9]+(\\.[0-9]+)*"
+
+jobs:
+  publish_npm_package:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+      - name: Install node
+        uses: actions/setup-node@v3
+        with:
+          registry-url: "https://registry.npmjs.org"
+          scope: "@zondax"
+      - name: Install yarn
+        run: npm install -g yarn
+      - name: Build package
+        run: |
+          cd js
+          yarn install
+          yarn build
+      - name: Get latest release version number
+        id: get_version
+        run: |
+          GITHUB_REF=${{ github.ref }}
+          echo "version=${GITHUB_REF##*/}" >> $GITHUB_OUTPUT
+      - name: Show version
+        run: echo ${{ steps.get_version.outputs.version }}
+      - name: Clean latest release version number
+        id: get_version_cleaned
+        uses: bhowell2/github-substring-action@v1
+        with:
+          output_name: version
+          value: ${{ steps.get_version.outputs.version }}
+          index_of_str: "npm_"
+      - name: Update tag
+        run: |
+          cd js
+          echo Publishing as ${{ steps.get_version_cleaned.outputs.version }}
+          npm --allow-same-version --no-git-tag-version version ${{ steps.get_version_cleaned.outputs.version }}
+      - name: Publish package
+        run: |
+          cd js
+          npm publish
+        env:
+          NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN_PUBLISH_AUTO }}

.gitmodules

@@ -1,21 +1,9 @@
-[submodule "deps/nanos-secure-sdk"]
-	path = deps/nanos-secure-sdk
-	url = https://github.com/LedgerHQ/nanos-secure-sdk
-[submodule "deps/nanosplus-secure-sdk"]
-	path = deps/nanosplus-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
-[submodule "deps/nanox-secure-sdk"]
-	path = deps/nanox-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
-[submodule "cmake/cmake-modules"]
-	path = cmake/cmake-modules
-	url = https://github.com/bilke/cmake-modules
 [submodule "deps/picohash"]
 	path = deps/picohash
 	url = https://github.com/kazuho/picohash
 [submodule "deps/ledger-zxlib"]
 	path = deps/ledger-zxlib
 	url = https://github.com/Zondax/ledger-zxlib.git
-[submodule "deps/stax-secure-sdk"]
-	path = deps/stax-secure-sdk
-	url = https://github.com/LedgerHQ/ledger-secure-sdk.git
+[submodule "deps/ledger-secure-sdk"]
+	path = deps/ledger-secure-sdk
+	url = https://github.com/LedgerHQ/ledger-secure-sdk