ci: move type check and simbuilds to own file

Co-authored-by: Claude <[email protected]>
Co-authored-by: GPT-5 (Preview) <[email protected]>

Author: 3 people

.github/actions/build-sim/action.yml

@@ -1,5 +1,15 @@
 name: Build sim
 description: Build device simulator(s)
+inputs:
+  name:
+    description: Device name from matrix (e.g. trezor-1, coldcard, jade)
+    required: true
+  archive:
+    description: Archive base name (e.g. trezor-firmware)
+    required: true
+  paths:
+    description: Space-separated paths to include in the archive
+    required: true
 runs:
   using: composite
   steps:
@@ -16,13 +26,17 @@ runs:
     - name: Build simulator
       shell: bash
       run: |
-        git config --global user.email "[email protected]"
-        git config --global user.name "ci"
-        cd test; ./setup_environment.sh --${{ matrix.device.name }}; cd ..
-        tar -czf ${{ matrix.device.archive }}.tar.gz ${{ matrix.device.paths }}
+        set -euxo pipefail
+        git config --global user.email '[email protected]'
+        git config --global user.name 'ci'
+        git config --global --add safe.directory "$GITHUB_WORKSPACE"
+        cd test
+        ./setup_environment.sh --"${{ inputs.name }}"
+        cd ..
+        tar -czf "${{ inputs.archive }}.tar.gz" ${{ inputs.paths }}
 
     - uses: actions/upload-artifact@v4
       with:
-        name: ${{ matrix.device.name }}-sim
-        path: ${{ matrix.device.archive }}.tar.gz
+        name: ${{ inputs.name }}-sim
+        path: ${{ inputs.archive }}.tar.gz
 

.github/sim-build-map.json

@@ -0,0 +1,22 @@
+{
+  "trezor": [
+    { "name": "trezor-1", "archive": "trezor-firmware", "paths": "test/work/trezor-firmware" },
+    { "name": "trezor-t", "archive": "trezor-firmware", "paths": "test/work/trezor-firmware" }
+  ],
+  "coldcard": [
+    { "name": "coldcard", "archive": "coldcard-mpy", "paths": "test/work/firmware/external/micropython/ports/unix/coldcard-mpy test/work/firmware/unix/coldcard-mpy test/work/firmware/unix/l-mpy test/work/firmware/unix/l-port" }
+  ],
+  "bitbox": [
+    { "name": "bitbox01", "archive": "mcu", "paths": "test/work/mcu" },
+    { "name": "bitbox02", "archive": "bitbox02", "paths": "test/work/bitbox02-firmware/build-build-noasan/bin/simulator" }
+  ],
+  "jade": [
+    { "name": "jade", "archive": "jade", "paths": "test/work/jade/simulator" }
+  ],
+  "ledger": [
+    { "name": "ledger", "archive": "speculos", "paths": "test/work/speculos" }
+  ],
+  "keepkey": [
+    { "name": "keepkey", "archive": "keepkey-firmware", "paths": "test/work/keepkey-firmware/bin" }
+  ]
+}

.github/workflows/ci.yml

@@ -19,45 +19,6 @@ env:
   LANGUAGE: 'C.UTF-8'
 
 jobs:
-  type-check:
-    name: Type check
-    runs-on: ubuntu-latest
-    container: python:3.12
-    steps:
-      - uses: actions/checkout@v4
-
-      - run: |
-          pip install poetry
-          poetry install
-
-      - name: Run check
-        run: >
-          poetry run
-          mypy
-          hwi.py
-          hwilib/_base58.py
-          hwilib/_bech32.py
-          hwilib/_cli.py
-          hwilib/commands.py
-          hwilib/common.py
-          hwilib/descriptor.py
-          hwilib/devices/bitbox02.py
-          hwilib/devices/coldcard.py
-          hwilib/devices/digitalbitbox.py
-          hwilib/devices/jade.py
-          hwilib/devices/__init__.py
-          hwilib/devices/keepkey.py
-          hwilib/devices/ledger.py
-          hwilib/devices/trezor.py
-          hwilib/errors.py
-          hwilib/_script.py
-          hwilib/_serialize.py
-          hwilib/tx.py
-          hwilib/hwwclient.py
-          hwilib/__init__.py
-          hwilib/key.py
-          hwilib/udevinstaller.py
-
   non-device-tests:
     name: Non-device tests
     runs-on: ubuntu-latest
@@ -142,126 +103,80 @@ jobs:
           name: dist
           path: dist/
 
+  prepare-sim-matrices:
+    name: Prepare sim matrices
+    uses: ./.github/workflows/prepare-sim-matrices.yml
+
   sim-builder-trezor:
     name: Trezor sim builder
-    # Ubuntu 22.04 ships with glibc 2.35, which is needed to keep Trezor 1
-    # binaries compatible with Debian Bookworm (glibc 2.36) Python containers.
-    # Trezor T binaries don't need this.
-    runs-on: ubuntu-22.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        device:
-          - { name: 'trezor-1', archive: 'trezor-firmware',  paths: 'test/work/trezor-firmware' }
-          - { name: 'trezor-t', archive: 'trezor-firmware',  paths: 'test/work/trezor-firmware' }
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/build-sim
+    needs: prepare-sim-matrices
+    uses: ./.github/workflows/sim-builder.yml
+    with:
+      sim: trezor
+      include: ${{ needs.prepare-sim-matrices.outputs.trezor }}
+      # Ubuntu 22.04 ships with glibc 2.35, which is needed to keep Trezor 1
+      # binaries compatible with Debian Bookworm (glibc 2.36) Python containers.
+      # Trezor T binaries don't need this.
+      runs-on: ubuntu-22.04
 
   sim-builder-coldcard:
     name: Coldcard sim builder
-    runs-on: ubuntu-22.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        device:
-          - { name: 'coldcard', archive: 'coldcard-mpy',     paths: 'test/work/firmware/external/micropython/ports/unix/coldcard-mpy test/work/firmware/unix/coldcard-mpy test/work/firmware/unix/l-mpy test/work/firmware/unix/l-port' }
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/build-sim
+    needs: prepare-sim-matrices
+    uses: ./.github/workflows/sim-builder.yml
+    with:
+      sim: coldcard
+      include: ${{ needs.prepare-sim-matrices.outputs.coldcard }}
+      runs-on: ubuntu-22.04
 
   sim-builder-bitbox:
     name: Bitbox sim builder
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        device:
-          - { name: 'bitbox01', archive: 'mcu',              paths: 'test/work/mcu' }
-          - { name: 'bitbox02', archive: 'bitbox02',         paths: 'test/work/bitbox02-firmware/build-build-noasan/bin/simulator' }
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/build-sim
+    needs: prepare-sim-matrices
+    uses: ./.github/workflows/sim-builder.yml
+    with:
+      sim: bitbox
+      include: ${{ needs.prepare-sim-matrices.outputs.bitbox }}
+      runs-on: ubuntu-latest
 
   sim-builder-jade:
     name: Jade sim builder
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        device:
-          - { name: 'jade',     archive: 'jade',             paths: 'test/work/jade/simulator' }
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/build-sim
+    needs: prepare-sim-matrices
+    uses: ./.github/workflows/sim-builder.yml
+    with:
+      sim: jade
+      include: ${{ needs.prepare-sim-matrices.outputs.jade }}
+      runs-on: ubuntu-latest
 
   sim-builder-ledger:
     name: Ledger sim builder
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        device:
-          - { name: 'ledger',   archive: 'speculos',         paths: 'test/work/speculos' }
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/build-sim
+    needs: prepare-sim-matrices
+    uses: ./.github/workflows/sim-builder.yml
+    with:
+      sim: ledger
+      include: ${{ needs.prepare-sim-matrices.outputs.ledger }}
+      runs-on: ubuntu-latest
 
   sim-builder-keepkey:
     name: Keepkey sim builder
-    runs-on: ubuntu-22.04
-
-    strategy:
-      fail-fast: false
-      matrix:
-        device:
-          - { name: 'keepkey',  archive: 'keepkey-firmware', paths: 'test/work/keepkey-firmware/bin' }
-
-    steps:
-      - uses: actions/checkout@v4
-      - uses: ./.github/actions/build-sim
-
+    needs: prepare-sim-matrices
+    uses: ./.github/workflows/sim-builder.yml
+    with:
+      sim: keepkey
+      include: ${{ needs.prepare-sim-matrices.outputs.keepkey }}
+      runs-on: ubuntu-22.04
 
   ledger-s-app-builder:
     name: Ledger Nano S Bitcoin App builder
-    runs-on: ubuntu-latest
-    container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
-    steps:
-      - run: |
-          git clone https://github.com/LedgerHQ/app-bitcoin-new.git
-          cd app-bitcoin-new
-          make DEBUG=1
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ledger_app_nano_s
-          path: app-bitcoin-new/bin/app.elf
-
+    uses: ./.github/workflows/ledger-app-builder.yml
+    with:
+      app: nano_s
+      runs-on: ubuntu-latest
 
   ledger-x-app-builder:
     name: Ledger Nano X Bitcoin App builder
-    runs-on: ubuntu-latest
-    container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
-    steps:
-      - run: |
-          git clone https://github.com/LedgerHQ/app-bitcoin-new.git
-          cd app-bitcoin-new
-          make DEBUG=1 BOLOS_SDK=$NANOX_SDK
-
-      - uses: actions/upload-artifact@v4
-        with:
-          name: ledger_app_nano_x
-          path: app-bitcoin-new/bin/app.elf
+    uses: ./.github/workflows/ledger-app-builder.yml
+    with:
+      app: nano_x
+      runs-on: ubuntu-latest
 
   bitcoind-builder:
     name: bitcoind builder
@@ -272,11 +187,18 @@ jobs:
       - uses: actions/checkout@v4
       - uses: ./.github/actions/build-bitcoind
 
-  test-trezor:
+  test-trezor-1:
+    uses: ./.github/workflows/device-test.yml
+    needs: [sim-builder-trezor, bitcoind-builder, dist-builder]
+    with:
+      device: trezor-1
+      runs-on: ubuntu-latest
+
+  test-trezor-t:
     uses: ./.github/workflows/device-test.yml
     needs: [sim-builder-trezor, bitcoind-builder, dist-builder]
     with:
-      device: trezor
+      device: trezor-t
       runs-on: ubuntu-latest
 
   test-ledger-s:

.github/workflows/device-test.yml

@@ -23,7 +23,8 @@ jobs:
       fail-fast: false
       matrix:
         python-version: ['3.9', '3.10', '3.11', '3.12']
-        device: ${{ inputs.device }}
+        device:
+          - ${{ inputs.device }}
         test:
           - {interface: 'library'}
           - {interface: 'cli'}

.github/workflows/ledger-app-builder.yml

@@ -0,0 +1,26 @@
+name: Ledger App Builder
+on:
+  workflow_call:
+    inputs:
+      app:
+        required: true        # 'nano_s' or 'nano_x'
+        type: string
+      runs-on:
+        required: false
+        type: string
+        default: ubuntu-latest
+
+jobs:
+  build:
+    name: Build ${{ inputs.app }}
+    runs-on: ${{ inputs.runs-on }}
+    container: ghcr.io/ledgerhq/ledger-app-builder/ledger-app-builder:latest
+    steps:
+      - run: |
+          git clone https://github.com/LedgerHQ/app-bitcoin-new.git
+          cd app-bitcoin-new
+          make DEBUG=1 ${{ inputs.app == 'nano_x' && 'BOLOS_SDK=$NANOX_SDK' || '' }}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.app == 'nano_x' && 'ledger_app_nano_x' || 'ledger_app_nano_s' }}
+          path: app-bitcoin-new/bin/app.elf

.github/workflows/prepare-sim-matrices.yml

@@ -0,0 +1,50 @@
+name: Prepare Sim Matrices
+on:
+  workflow_call:
+    outputs:
+      trezor:
+        description: JSON include array for trezor
+        value: ${{ jobs.prepare.outputs.trezor }}
+      coldcard:
+        description: JSON include array for coldcard
+        value: ${{ jobs.prepare.outputs.coldcard }}
+      bitbox:
+        description: JSON include array for bitbox
+        value: ${{ jobs.prepare.outputs.bitbox }}
+      jade:
+        description: JSON include array for jade
+        value: ${{ jobs.prepare.outputs.jade }}
+      ledger:
+        description: JSON include array for ledger
+        value: ${{ jobs.prepare.outputs.ledger }}
+      keepkey:
+        description: JSON include array for keepkey
+        value: ${{ jobs.prepare.outputs.keepkey }}
+
+jobs:
+  prepare:
+    name: Prepare sim matrices
+    runs-on: ubuntu-latest
+    outputs:
+      trezor: ${{ steps.gen.outputs.trezor }}
+      coldcard: ${{ steps.gen.outputs.coldcard }}
+      bitbox: ${{ steps.gen.outputs.bitbox }}
+      jade: ${{ steps.gen.outputs.jade }}
+      ledger: ${{ steps.gen.outputs.ledger }}
+      keepkey: ${{ steps.gen.outputs.keepkey }}
+    steps:
+      - uses: actions/checkout@v4
+      - id: gen
+        shell: bash
+        run: |
+          set -euo pipefail
+          sudo apt-get install -y jq
+          map_file=".github/sim-build-map.json"
+          for sim in trezor coldcard bitbox jade ledger keepkey; do
+            include=$(jq -c --arg s "$sim" '.[$s]' "$map_file")
+            if [[ -z "$include" || "$include" == "null" ]]; then
+              echo "Missing entry for $sim in $map_file" >&2
+              exit 1
+            fi
+            echo "$sim=$include" >> "$GITHUB_OUTPUT"
+          done