diff --git a/.github/workflows/core-hw.yml b/.github/workflows/core-hw.yml new file mode 100644 index 00000000000..7f292377523 --- /dev/null +++ b/.github/workflows/core-hw.yml @@ -0,0 +1,137 @@ +name: Hardware tests + +on: + schedule: + - cron: '15 23 * * *' # every day @ 23:15 + workflow_dispatch: + pull_request: # TODO remove + +# [Device tests](../tests/device-tests.md) that run against an actual physical Trezors. +# The device needs to have special bootloader, found in `core/embed/bootloader_ci`, that +# makes it possible to flash firmware without confirmation on the touchscreen. +# +# All hardware tests are run nightly on the `main` branch, +# and also can be started manually. +# +# Currently it's not possible to run all regular TT tests without getting into +# a state where the micropython heap is too fragmented and allocations fail +# (often manifesting as a stuck test case). For that reason some tests are +# skipped. +# See also: https://github.com/trezor/trezor-firmware/issues/1371 +jobs: + core_device_test: + name: Device tests + runs-on: + - self-hosted + - ${{ matrix.model == 'T2B1' && 'hw-t2b1' || 'hw-t2t1' }} + strategy: + fail-fast: false + matrix: + model: [T2T1, T2B1] + coins: [universal, btconly] + env: + TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || 'R' }} + TREZOR_PYTEST_SKIP_ALTCOINS: ${{ matrix.coins == 'btconly' && '1' || '0' }} + PYTEST_TIMEOUT: 1200 + PYOPT: 0 + DISABLE_OPTIGA: 1 + BOOTLOADER_DEVEL: ${{ matrix.model == 'T2B1' && '1' || '0' }} + TESTOPTS: "-k 'not authenticate and not recovery and not lots'" + TT_UHUB_PORT: 1 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --arg hardwareTest true --run uhubctl + - run: nix-shell --run "poetry run make -C core build_firmware" + - run: nix-shell --arg hardwareTest true --run "poetry run python ci/hardware_tests/bootstrap.py ${{ matrix.model }} core/build/firmware/firmware.bin" + - run: nix-shell --run "poetry run trezorctl list" + - run: nix-shell --run "poetry run trezorctl get-features" + - run: | + nix-shell --arg hardwareTest true --run "ls -l /dev/tty*" + # log serial console to file; sleep is used because tio needs stdin that is not /dev/null + nix-shell --arg hardwareTest true --run "sleep 8h | tio --no-autoconnect /dev/ttyTREZOR &> trezor.log" & + nix-shell --run "poetry run pytest -v tests/device_tests" + - run: tail -n50 trezor.log || true + if: failure() + - uses: actions/upload-artifact@v3 + with: + name: core-hardware-${{ matrix.model }} + path: trezor.log + retention-days: 7 + if: always() + + core_monero_test: + name: Monero tests + runs-on: + - self-hosted + - ${{ matrix.model == 'T2B1' && 'hw-t2b1' || 'hw-t2t1' }} + strategy: + fail-fast: false + matrix: + model: [T2T1, T2B1] + env: + TREZOR_MODEL: ${{ matrix.model == 'T2T1' && 'T' || 'R' }} + PYTEST_TIMEOUT: 1200 + PYOPT: 0 + DISABLE_OPTIGA: 1 + BOOTLOADER_DEVEL: ${{ matrix.model == 'T2B1' && '1' || '0' }} + TT_UHUB_PORT: 1 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --arg hardwareTest true --run uhubctl + - run: nix-shell --run "poetry run make -C core build_firmware" + - run: nix-shell --arg hardwareTest true --run "poetry run python ci/hardware_tests/bootstrap.py ${{ matrix.model }} core/build/firmware/firmware.bin" + - run: nix-shell --run "poetry run trezorctl list" + - run: nix-shell --run "poetry run trezorctl get-features" + - run: | + nix-shell --arg hardwareTest true --run "ls -l /dev/tty*" + # log serial console to file; sleep is used because tio needs stdin that is not /dev/null + nix-shell --arg hardwareTest true --run "sleep 8h | tio --no-autoconnect /dev/ttyTREZOR &> trezor.log" & + nix-shell --arg fullDeps true --run "cd ../../core/tests && ./run_tests_device_emu_monero.sh $TESTOPTS" + - run: tail -n50 trezor.log || true + if: failure() + - uses: actions/upload-artifact@v3 + with: + name: core-hardware-${{ matrix.model }} + path: trezor.log + retention-days: 7 + if: always() + + legacy_device_test: + name: Device tests T1B1 + runs-on: + - self-hosted + - hw-t1b1 + strategy: + fail-fast: false + matrix: + coins: [universal, btconly] + env: + TREZOR_PYTEST_SKIP_ALTCOINS: ${{ matrix.coins == 'btconly' && '1' || '0' }} + PYTEST_TIMEOUT: 1200 + T1_UHUB_LOCATION: 3-1 + T1_UHUB_PORT: 2 + T1_CAMERA: /dev/video0 # camera device + T1_ARDUINO_SERIAL: /dev/ttyTPMB # arduino that pushes T1 buttons + BITCOIN_ONLY: ${{ matrix.coins == 'universal' && '0' || '1' }} + DEBUG_LINK: 1 + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + - uses: ./.github/actions/environment + - run: nix-shell --arg hardwareTest true --run uhubctl + - run: nix-shell --run "poetry run legacy/script/setup" + - run: nix-shell --run "export PRODUCTION=0 && poetry run legacy/script/cibuild" + - run: nix-shell --arg hardwareTest true --run "ci/hardware_tests/t1_hw_test.sh" + - uses: actions/upload-artifact@v4.3.1 + with: + name: legacy-hardware-${{ matrix.model }} + path: ci/hardware_tests/*.mp4 + retention-days: 7 + if: always() diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 725034e38c3..806ef03f89e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -45,7 +45,6 @@ include: - ci/prebuild.yml - ci/build.yml - ci/test.yml - - ci/test-hw.yml - ci/test-nonenglish.yml - ci/posttest.yml - ci/deploy.yml diff --git a/ci/hardware_tests/bootstrap.py b/ci/hardware_tests/bootstrap.py index 6baa2d5648f..6412680ef1e 100755 --- a/ci/hardware_tests/bootstrap.py +++ b/ci/hardware_tests/bootstrap.py @@ -1,24 +1,30 @@ import os import sys -from device.t1 import TrezorOne -from device.tt import TrezorT +from device.legacy import TrezorOne +from device.core import TrezorCore + +# https://www.uugear.com/product/mega4-4-port-usb-3-ppps-hub-for-raspberry-pi-4b/ +# as long as every runner has this hub we don't have to configure a per-runner hub location +HUB_VENDOR = "2109:2817" def main(model: str, file: str = None): t1 = TrezorOne( - os.environ["T1_UHUB_LOCATION"], - os.environ["T1_ARDUINO_SERIAL"], - os.environ["T1_UHUB_PORT"], + os.getenv("T1_UHUB_LOCATION"), + os.getenv("T1_ARDUINO_SERIAL"), + os.getenv("T1_UHUB_PORT"), ) - tt = TrezorT(os.environ["TT_UHUB_LOCATION"], os.environ["TT_UHUB_PORT"]) + tt = TrezorCore(hub_vendor=HUB_VENDOR, device_port=os.getenv("TT_UHUB_PORT")) - if model == "t1": - tt.power_off() + if model == "T1B1": + # tt.power_off() path = t1.update_firmware(file) - elif model == "tt": - t1.power_off() - path = tt.update_firmware(file) + elif model == "T2T1": + # t1.power_off() + path = tt.update_firmware(file, "Trezor T") + elif model == "T2B1": + path = tt.update_firmware(file, "Safe 3") else: raise ValueError("Unknown Trezor model.") diff --git a/ci/hardware_tests/device/tt.py b/ci/hardware_tests/device/core.py similarity index 77% rename from ci/hardware_tests/device/tt.py rename to ci/hardware_tests/device/core.py index 3cf66618ab5..e7ce55150c5 100644 --- a/ci/hardware_tests/device/tt.py +++ b/ci/hardware_tests/device/core.py @@ -1,8 +1,8 @@ from .device import Device -class TrezorT(Device): - def update_firmware(self, file=None): +class TrezorCore(Device): + def update_firmware(self, file=None, model_name="Trezor T"): if not file: raise ValueError( "Uploading production firmware will replace the bootloader, it is not allowed!" @@ -10,10 +10,11 @@ def update_firmware(self, file=None): # reset to enter bootloader again self.power_off() + self.wait(5) self.power_on() - self.wait(5) - self.check_model("Trezor T bootloader") + self.wait(10) + self.check_model("bootloader") self.run_trezorctl("device wipe --bootloader || true") self.wait(5) @@ -26,4 +27,4 @@ def update_firmware(self, file=None): # after firmware-update finishes wait for reboot self.wait(15) - return self.check_model("Trezor T") + return self.check_model(model_name) diff --git a/ci/hardware_tests/device/device.py b/ci/hardware_tests/device/device.py index 67c5bf7567c..dc86a5eb839 100644 --- a/ci/hardware_tests/device/device.py +++ b/ci/hardware_tests/device/device.py @@ -5,8 +5,9 @@ class Device: - def __init__(self, uhub_location, device_port): + def __init__(self, *, uhub_location=None, hub_vendor=None, device_port=None): self.uhub_location = uhub_location + self.hub_vendor = hub_vendor self.device_port = device_port @staticmethod @@ -35,11 +36,17 @@ def reboot(self): self.power_off() self.power_on() + def _hub(self): + if self.hub_vendor: + return f"--vendor {self.hub_vendor}" + else: + return f"-l {self.uhub_location}" + def power_on(self): self.now() self.log("[hardware/usb] Turning power on...") run( - f"uhubctl -l {self.uhub_location} -p {self.device_port} -a on", + f"uhubctl {self._hub()} -p {self.device_port} -a on", shell=True, check=True, ) @@ -49,7 +56,7 @@ def power_off(self): self.now() self.log("[hardware/usb] Turning power off...") run( - f"uhubctl -l {self.uhub_location} -p {self.device_port} -r 100 -a off", + f"uhubctl {self._hub()} -p {self.device_port} -r 5 -a off", shell=True, check=True, ) diff --git a/ci/hardware_tests/device/t1.py b/ci/hardware_tests/device/legacy.py similarity index 93% rename from ci/hardware_tests/device/t1.py rename to ci/hardware_tests/device/legacy.py index 16c91e0f319..b90bb49d529 100644 --- a/ci/hardware_tests/device/t1.py +++ b/ci/hardware_tests/device/legacy.py @@ -5,7 +5,7 @@ class TrezorOne(Device): def __init__(self, uhub_location, arduino_serial, device_port): - super().__init__(uhub_location, device_port) + super().__init__(uhub_location=uhub_location, device_port=device_port) self.serial = serial.Serial(arduino_serial, 9600) def touch(self, location, action): @@ -41,7 +41,7 @@ def update_firmware(self, file=None): self.touch("right", "click") self.wait(5) self.touch("right", "click") - self.wait(10) + self.wait(15) return self.check_model("Trezor 1") def _enter_bootloader(self): diff --git a/ci/hardware_tests/hardware.cfg b/ci/hardware_tests/hardware.cfg deleted file mode 100644 index 0eb8d529b77..00000000000 --- a/ci/hardware_tests/hardware.cfg +++ /dev/null @@ -1,16 +0,0 @@ -# location of the uhub, can be found out by running `uhubctl` -T1_UHUB_LOCATION="3-2" -# to which port of the uhub the device is connected -T1_UHUB_PORT="2" - -# camera device -T1_CAMERA="/dev/video0" - -# arduino that pushes T1 buttons -T1_ARDUINO_SERIAL="/dev/serial/by-id/usb-Arduino__www.arduino.cc__0043_8573332373935181A0C0-if00" - -# location of the uhub, can be found out by running `uhubctl` -TT_UHUB_LOCATION="3-2" -# to which port of the uhub the device is connected -TT_UHUB_PORT="3" - diff --git a/ci/hardware_tests/record_video.sh b/ci/hardware_tests/record_video.sh index 7c2cfd48905..db848ecb40c 100755 --- a/ci/hardware_tests/record_video.sh +++ b/ci/hardware_tests/record_video.sh @@ -11,7 +11,7 @@ OUTPUTFILE=video_${COMMIT}_$(date +%s).mp4 if [ "$ACTION" == "start" ]; then echo "[software/video] Starting record to $OUTPUTFILE" - ffmpeg -loglevel warning -f oss -f video4linux2 -i $INPUTDEVICE \ + ffmpeg -loglevel warning -f oss -f v4l2 -i $INPUTDEVICE \ -flush_packets 1 \ -vf "drawtext=font=Dejavu Sans: \ text='$COMMIT | %{localtime} | %{pts}': x=(w-tw)/2: y=h-(2*lh): fontcolor=white: box=1: boxcolor=0x00000000@1: fontsize=15" $OUTPUTFILE & diff --git a/ci/hardware_tests/t1_hw_test.sh b/ci/hardware_tests/t1_hw_test.sh index 66eeafe8bed..d9efd35f19b 100755 --- a/ci/hardware_tests/t1_hw_test.sh +++ b/ci/hardware_tests/t1_hw_test.sh @@ -1,21 +1,19 @@ #!/usr/bin/env bash +HERE=`dirname "$0"` +SHA=${GITHUB_SHA:-unknown} +cd $HERE + function finish { - ./record_video.sh ${T1_CAMERA} ${CI_COMMIT_SHORT_SHA} stop - ls -l *.mp4 + ./record_video.sh ${T1_CAMERA} ${SHA} stop } trap finish EXIT set -e # exit on nonzero exitcode set -x # trace commands -# export variables defined in the file -set -a -source hardware.cfg -set +a - -./record_video.sh ${T1_CAMERA} ${CI_COMMIT_SHORT_SHA} start +./record_video.sh ${T1_CAMERA} ${SHA} start (cd ../.. && poetry install) -poetry run python bootstrap.py t1 -poetry run python bootstrap.py t1 ../../firmware-T1*.bin +#poetry run python bootstrap.py T1B1 # install official firmware first +poetry run python bootstrap.py T1B1 ../../firmware-T1*.bin poetry run pytest ../../tests/device_tests diff --git a/ci/shell.nix b/ci/shell.nix index 434aad5eda1..ba4770fa9ad 100644 --- a/ci/shell.nix +++ b/ci/shell.nix @@ -137,7 +137,8 @@ stdenvNoCC.mkDerivation ({ libiconv ] ++ lib.optionals hardwareTest [ uhubctl - ffmpeg + tio + ffmpeg_5-full dejavu_fonts ] ++ lib.optionals devTools [ shellcheck diff --git a/ci/test-hw.yml b/ci/test-hw.yml deleted file mode 100644 index cebb27f16e7..00000000000 --- a/ci/test-hw.yml +++ /dev/null @@ -1,159 +0,0 @@ -image: registry.gitlab.com/satoshilabs/trezor/trezor-firmware/trezor-firmware-env.nix - -# Caching -.gitlab_caching: &gitlab_caching - cache: - key: "$CI_COMMIT_REF_SLUG" - paths: - - .venv/ - -# Hardware - -# [Device tests](../tests/device-tests.md) that run against an actual physical Trezor T. -# The device needs to have special bootloader, found in `core/embed/bootloader_ci`, that -# makes it possible to flash firmware without confirmation on the touchscreen. -# -# All hardware tests are run nightly on the `master` branch, as well as on push to branches -# with whitelisted prefix. If you want hardware tests ran on your branch, make sure its -# name starts with `hw/`. -# -# Currently it's not possible to run all regular TT tests without getting into -# a state where the micropython heap is too fragmented and allocations fail -# (often manifesting as a stuck test case). For that reason some tests are -# skipped. -# See also: https://github.com/trezor/trezor-firmware/issues/1371 -hardware core regular device test: - stage: test - only: - - schedules # nightly build - - /^legacy\// - - /^release\// - - /^secfix\// - - /^hw\// - tags: - - tpmb - needs: - - core fw regular debug build - variables: - PYTEST_TIMEOUT: "1200" - script: - - cd ci/hardware_tests - - set -a - - source hardware.cfg - - set +a - - $NIX_SHELL --run "cd ../.. && poetry install" - - $NIX_SHELL --run "poetry run python bootstrap.py tt ../../firmware-T2*.bin | ts -s" - - $NIX_SHELL --run "poetry run pytest ../../tests/device_tests | ts -s" - timeout: 6h - artifacts: - name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA" - expire_in: 2 days - when: always - -# Also device tests on physical Trezor T but with Bitcoin-only firmware. -hardware core btconly device test: - stage: test - only: - - schedules # nightly build - - /^legacy\// - - /^release\// - - /^secfix\// - - /^hw\// - tags: - - tpmb - needs: - - core fw btconly debug build - variables: - TREZOR_PYTEST_SKIP_ALTCOINS: 1 - PYTEST_TIMEOUT: "1200" - script: - - cd ci/hardware_tests - - set -a - - source hardware.cfg - - set +a - - $NIX_SHELL --run "cd ../.. && poetry install" - - $NIX_SHELL --run "poetry run python bootstrap.py tt ../../firmware-T2*.bin | ts -s" - - $NIX_SHELL --run "poetry run pytest ../../tests/device_tests | ts -s" - timeout: 4h - artifacts: - name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA" - expire_in: 2 days - when: always - -hardware core monero test: - stage: test - only: - - schedules # nightly build - - /^release\// - - /^secfix\// - - /^hw\// - tags: - - tpmb - needs: - - core fw regular debug build - variables: - TESTOPTS: --trezor-path webusb - script: - - cd ci/hardware_tests - - set -a - - source hardware.cfg - - set +a - - $NIX_SHELL --run "cd ../.. && poetry install" - - $NIX_SHELL --run "poetry run python bootstrap.py tt ../../firmware-T2*.bin | ts -s" - - $NIX_SHELL --arg fullDeps true --run "cd ../../core/tests && ./run_tests_device_emu_monero.sh $TESTOPTS | ts -s" - timeout: 1h - artifacts: - name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA" - expire_in: 2 days - when: always - -# [Device tests](../tests/device-tests.md) executed on physical Trezor 1. -# This works thanks to [tpmb](https://github.com/mmahut/tpmb), which is a small arduino -# device capable of pushing an actual buttons on the device. -hardware legacy regular device test: - stage: test - only: - - schedules # nightly build - - /^legacy\// - - /^release\// - - /^secfix\// - - /^hw\// - tags: - - tpmb - needs: - - legacy fw regular debug build - script: - - cd ci/hardware_tests - - $NIX_SHELL --run "./t1_hw_test.sh | ts -s" - timeout: 1h20m - artifacts: - name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA" - paths: - - ci/hardware_tests/*.mp4 - expire_in: 2 days - when: always - -# Also device tests on physical Trezor 1 but with Bitcoin-only firmware. -hardware legacy btconly device test: - stage: test - variables: - TREZOR_PYTEST_SKIP_ALTCOINS: 1 - only: - - schedules # nightly build - - /^legacy\// - - /^release\// - - /^secfix\// - - /^hw\// - tags: - - tpmb - needs: - - legacy fw btconly debug build - script: - - cd ci/hardware_tests - - $NIX_SHELL --run "./t1_hw_test.sh | ts -s" - artifacts: - name: "$CI_JOB_NAME-$CI_COMMIT_SHORT_SHA" - paths: - - ci/hardware_tests/*.mp4 - expire_in: 2 days - when: always