CakeWallet/.github/workflows/pr_test_build_linux.yml

name: Cake Wallet Linux

on: [pull_request]

defaults:
  run:
    shell: bash
jobs:
  PR_test_build:
    runs-on: linux-amd64
    container:
      image: ghcr.io/cake-tech/cake_wallet:3.27.4-linux
      env:
        STORE_PASS: test@cake_wallet
        KEY_PASS: test@cake_wallet
        MONEROC_CACHE_DIR_ROOT: /opt/generic_cache
        BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
        DESKTOP_FORCE_MOBILE: Y
      volumes:
        - /opt/cw_cache_linux/root/.cache:/root/.cache
        - /opt/cw_cache_linux/root/.ccache:/root/.ccache
        - /opt/cw_cache_linux/root/.pub-cache/:/root/.pub-cache
        - /opt/cw_cache_linux/root/go/pkg:/root/go/pkg
        - /opt/cw_cache_linux/opt/generic_cache:/opt/generic_cache
    strategy:
      matrix:
        api-level: [29]

    steps:
      - name: Fix github actions messing up $HOME...
        run: 'echo HOME=/root | sudo tee -a $GITHUB_ENV'
      - uses: actions/checkout@v4
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          repository: ${{ github.event.pull_request.head.repo.full_name }}
      - name: configure git
        run: |
          git config --global --add safe.directory '*'
          git config --global user.email "ci@cakewallet.com"
          git config --global user.name "CakeWallet CI"
      - name: Get the full commit message
        run: |
          FULL_MESSAGE="$(git log -1 --pretty=%B)"
          echo "message<<EOF" >> $GITHUB_ENV
          echo "$FULL_MESSAGE" >> $GITHUB_ENV
          echo "EOF" >> $GITHUB_ENV
      - name: Add secrets
        run: |
          touch lib/.secrets.g.dart
          touch cw_evm/lib/.secrets.g.dart
          touch cw_solana/lib/.secrets.g.dart
          touch cw_core/lib/.secrets.g.dart
          touch cw_nano/lib/.secrets.g.dart
          touch cw_tron/lib/.secrets.g.dart
          if [[ "x${{ secrets.SALT }}" == "x" ]];
          then
            echo "const salt = '954f787f12622067f7e548d9450c3832';" > lib/.secrets.g.dart
          else
            echo "const salt = '${{ secrets.SALT }}';" > lib/.secrets.g.dart
          fi
          if [[ "x${{ secrets.KEY_CHAIN_SALT }}" == "x" ]];
          then
            echo "const keychainSalt = '2d2beba777dbf7dff7013b7a';" >> lib/.secrets.g.dart
          else
            echo "const keychainSalt = '${{ secrets.KEY_CHAIN_SALT }}';" >> lib/.secrets.g.dart
          fi
          if [[ "x${{ secrets.KEY }}" == "x" ]];
          then
            echo "const key = '638e98820ec10a2945e968435c9397a3';" >> lib/.secrets.g.dart
          else
            echo "const key = '${{ secrets.KEY }}';" >> lib/.secrets.g.dart
          fi
          if [[ "x${{ secrets.WALLET_SALT }}" == "x" ]];
          then
            echo "const walletSalt = '8f7f1b70';" >> lib/.secrets.g.dart
          else
            echo "const walletSalt = '${{ secrets.WALLET_SALT }}';" >> lib/.secrets.g.dart
          fi
          if [[ "x${{ secrets.SHORT_KEY }}" == "x" ]];
          then
            echo "const shortKey = '653f270c2c152bc7ec864afe';" >> lib/.secrets.g.dart
          else
            echo "const shortKey = '${{ secrets.SHORT_KEY }}';" >> lib/.secrets.g.dart
          fi
          if [[ "x${{ secrets.BACKUP_SALT }}" == "x" ]];
          then
            echo "const backupSalt = 'bf630d24ff0b6f60';" >> lib/.secrets.g.dart
          else
            echo "const backupSalt = '${{ secrets.BACKUP_SALT }}';" >> lib/.secrets.g.dart
          fi
          if [[ "x${{ secrets.BACKUP_KEY_CHAIN_SALT }}" == "x" ]];
          then
            echo "const backupKeychainSalt = 'bf630d24ff0b6f60';" >> lib/.secrets.g.dart
          else
            echo "const backupKeychainSalt = '${{ secrets.BACKUP_KEY_CHAIN_SALT }}';" >> lib/.secrets.g.dart
          fi
          echo "const changeNowApiKey = '${{ secrets.CHANGE_NOW_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const changeNowApiKeyDesktop = '${{ secrets.CHANGE_NOW_API_KEY_DESKTOP }}';" >> lib/.secrets.g.dart
          echo "const wyreSecretKey = '${{ secrets.WYRE_SECRET_KEY }}';" >> lib/.secrets.g.dart
          echo "const wyreApiKey = '${{ secrets.WYRE_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const wyreAccountId = '${{ secrets.WYRE_ACCOUNT_ID }}';" >> lib/.secrets.g.dart
          echo "const moonPayApiKey = '${{ secrets.MOON_PAY_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const moonPaySecretKey = '${{ secrets.MOON_PAY_SECRET_KEY }}';" >> lib/.secrets.g.dart
          echo "const sideShiftAffiliateId = '${{ secrets.SIDE_SHIFT_AFFILIATE_ID }}';" >> lib/.secrets.g.dart
          echo "const simpleSwapApiKey = '${{ secrets.SIMPLE_SWAP_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const simpleSwapApiKeyDesktop = '${{ secrets.SIMPLE_SWAP_API_KEY_DESKTOP }}';" >> lib/.secrets.g.dart
          echo "const onramperApiKey = '${{ secrets.ONRAMPER_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const anypayToken = '${{ secrets.ANY_PAY_TOKEN }}';" >> lib/.secrets.g.dart
          echo "const ioniaClientId = '${{ secrets.IONIA_CLIENT_ID }}';" >> lib/.secrets.g.dart
          echo "const twitterBearerToken = '${{ secrets.TWITTER_BEARER_TOKEN }}';" >> lib/.secrets.g.dart
          echo "const trocadorApiKey = '${{ secrets.TROCADOR_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const trocadorExchangeMarkup = '${{ secrets.TROCADOR_EXCHANGE_MARKUP }}';" >> lib/.secrets.g.dart
          echo "const anonPayReferralCode = '${{ secrets.ANON_PAY_REFERRAL_CODE }}';" >> lib/.secrets.g.dart
          echo "const fiatApiKey = '${{ secrets.FIAT_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const ankrApiKey = '${{ secrets.ANKR_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const chainStackApiKey = '${{ secrets.CHAIN_STACK_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const etherScanApiKey = '${{ secrets.ETHER_SCAN_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const polygonScanApiKey = '${{ secrets.POLYGON_SCAN_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const etherScanApiKey = '${{ secrets.ETHER_SCAN_API_KEY }}';" >> cw_evm/lib/.secrets.g.dart
          echo "const moralisApiKey = '${{ secrets.MORALIS_API_KEY }}';" >> cw_evm/lib/.secrets.g.dart
          echo "const nowNodesApiKey = '${{ secrets.EVM_NOWNODES_API_KEY }}';" >> cw_evm/lib/.secrets.g.dart
          echo "const chatwootWebsiteToken = '${{ secrets.CHATWOOT_WEBSITE_TOKEN }}';" >> lib/.secrets.g.dart
          echo "const exolixApiKey = '${{ secrets.EXOLIX_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const robinhoodApplicationId = '${{ secrets.ROBINHOOD_APPLICATION_ID }}';" >> lib/.secrets.g.dart
          echo "const exchangeHelperApiKey = '${{ secrets.ROBINHOOD_CID_CLIENT_SECRET }}';" >> lib/.secrets.g.dart
          echo "const walletConnectProjectId = '${{ secrets.WALLET_CONNECT_PROJECT_ID }}';" >> lib/.secrets.g.dart
          echo "const moralisApiKey = '${{ secrets.MORALIS_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const polygonScanApiKey = '${{ secrets.POLYGON_SCAN_API_KEY }}';" >> cw_evm/lib/.secrets.g.dart
          echo "const ankrApiKey = '${{ secrets.ANKR_API_KEY }}';" >> cw_solana/lib/.secrets.g.dart
          echo "const chainStackApiKey = '${{ secrets.CHAIN_STACK_API_KEY }}';" >> cw_solana/lib/.secrets.g.dart
          echo "const testCakePayApiKey = '${{ secrets.TEST_CAKE_PAY_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const cakePayApiKey = '${{ secrets.CAKE_PAY_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const authorization = '${{ secrets.CAKE_PAY_AUTHORIZATION }}';" >> lib/.secrets.g.dart
          echo "const CSRFToken = '${{ secrets.CSRF_TOKEN }}';" >> lib/.secrets.g.dart
          echo "const swapTradeExchangeMarkup = '${{ secrets.SWAPTRADE_EXCHANGE_MARKUP }}';" >> lib/.secrets.g.dart
          echo "const nano2ApiKey = '${{ secrets.NANO2_API_KEY }}';" >> cw_nano/lib/.secrets.g.dart
          echo "const nanoNowNodesApiKey = '${{ secrets.NANO_NOW_NODES_API_KEY }}';" >> cw_nano/lib/.secrets.g.dart
          echo "const tronGridApiKey = '${{ secrets.TRON_GRID_API_KEY }}';" >> cw_tron/lib/.secrets.g.dart
          echo "const tronNowNodesApiKey = '${{ secrets.TRON_NOW_NODES_API_KEY }}';" >> cw_tron/lib/.secrets.g.dart
          echo "const meldTestApiKey = '${{ secrets.MELD_TEST_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const meldTestPublicKey = '${{ secrets.MELD_TEST_PUBLIC_KEY}}';" >> lib/.secrets.g.dart
          echo "const letsExchangeBearerToken = '${{ secrets.LETS_EXCHANGE_TOKEN }}';" >> lib/.secrets.g.dart
          echo "const letsExchangeAffiliateId = '${{ secrets.LETS_EXCHANGE_AFFILIATE_ID }}';" >> lib/.secrets.g.dart
          echo "const stealthExBearerToken = '${{ secrets.STEALTH_EX_BEARER_TOKEN }}';" >> lib/.secrets.g.dart
          echo "const stealthExAdditionalFeePercent = '${{ secrets.STEALTH_EX_ADDITIONAL_FEE_PERCENT }}';" >> lib/.secrets.g.dart
          # tests
          echo "const moneroTestWalletSeeds ='${{ secrets.MONERO_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const moneroLegacyTestWalletSeeds = '${{ secrets.MONERO_LEGACY_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const bitcoinTestWalletSeeds = '${{ secrets.BITCOIN_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const ethereumTestWalletSeeds = '${{ secrets.ETHEREUM_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const litecoinTestWalletSeeds =  '${{ secrets.LITECOIN_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const bitcoinCashTestWalletSeeds =  '${{ secrets.BITCOIN_CASH_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const polygonTestWalletSeeds = '${{ secrets.POLYGON_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const solanaTestWalletSeeds = '${{ secrets.SOLANA_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const tronTestWalletSeeds = '${{ secrets.TRON_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const nanoTestWalletSeeds =  '${{ secrets.NANO_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const wowneroTestWalletSeeds = '${{ secrets.WOWNERO_TEST_WALLET_SEEDS }}';" >> lib/.secrets.g.dart
          echo "const moneroTestWalletReceiveAddress = '${{ secrets.MONERO_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const bitcoinTestWalletReceiveAddress =  '${{ secrets.BITCOIN_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const ethereumTestWalletReceiveAddress =  '${{ secrets.ETHEREUM_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const litecoinTestWalletReceiveAddress =  '${{ secrets.LITECOIN_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const bitcoinCashTestWalletReceiveAddress = '${{ secrets.BITCOIN_CASH_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const polygonTestWalletReceiveAddress =  '${{ secrets.POLYGON_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const solanaTestWalletReceiveAddress =  '${{ secrets.SOLANA_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const tronTestWalletReceiveAddress =  '${{ secrets.TRON_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const nanoTestWalletReceiveAddress = '${{ secrets.NANO_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const wowneroTestWalletReceiveAddress = '${{ secrets.WOWNERO_TEST_WALLET_RECEIVE_ADDRESS }}';" >> lib/.secrets.g.dart
          echo "const moneroTestWalletBlockHeight =  '${{ secrets.MONERO_TEST_WALLET_BLOCK_HEIGHT }}';" >> lib/.secrets.g.dart
          # end of test secrets
          echo "const chainflipApiKey = '${{ secrets.CHAINFLIP_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const chainflipAffiliateFee = '${{ secrets.CHAINFLIP_AFFILIATE_FEE }}';" >> lib/.secrets.g.dart
          echo "const kryptonimApiKey = '${{ secrets.KRYPTONIM_API_KEY }}';" >> lib/.secrets.g.dart
          echo "const walletGroupSalt = '${{ secrets.WALLET_GROUP_SALT }}';" >> lib/.secrets.g.dart

      - name: prepare monero_c and cache
        run: |
          export MONEROC_HASH=$(cat scripts/prepare_moneroc.sh | grep 'git checkout' | xargs | awk '{ print $3 }')
          echo MONEROC_HASH=$MONEROC_HASH >> /etc/environment
          mkdir -p "$MONEROC_CACHE_DIR_ROOT/moneroc-$MONEROC_HASH/monero_c"
          pushd scripts
            ln -s "$MONEROC_CACHE_DIR_ROOT/moneroc-$MONEROC_HASH/monero_c"
            ./prepare_moneroc.sh
          popd
          pushd scripts/monero_c
            mkdir -p "$MONEROC_CACHE_DIR_ROOT/_cache/contrib/depends/built" || true
            mkdir -p "$MONEROC_CACHE_DIR_ROOT/_cache/monero/contrib/depends/built" || true
            mkdir -p "$MONEROC_CACHE_DIR_ROOT/_cache/wownero/contrib/depends/built" || true
            mkdir -p "$MONEROC_CACHE_DIR_ROOT/_cache/contrib/depends/sources" || true
            mkdir -p "$MONEROC_CACHE_DIR_ROOT/_cache/monero/contrib/depends/sources" || true
            mkdir -p "$MONEROC_CACHE_DIR_ROOT/_cache/wownero/contrib/depends/sources" || true

            rm -rf "$PWD/contrib/depends/built" "$PWD/monero/contrib/depends/built" "$PWD/wownero/contrib/depends/built"
            rm -rf "$PWD/contrib/depends/sources" "$PWD/monero/contrib/depends/sources" "$PWD/wownero/contrib/depends/sources"
            mkdir -p contrib/depends || true
            ln -sf "$MONEROC_CACHE_DIR_ROOT/_cache/contrib/depends/built" "$PWD/contrib/depends/built"
            ln -sf "$MONEROC_CACHE_DIR_ROOT/_cache/monero/contrib/depends/built" "$PWD/monero/contrib/depends/built"
            ln -sf "$MONEROC_CACHE_DIR_ROOT/_cache/wownero/contrib/depends/built" "$PWD/wownero/contrib/depends/built"
            ln -sf "$MONEROC_CACHE_DIR_ROOT/_cache/contrib/depends/sources" "$PWD/contrib/depends/sources"
            ln -sf "$MONEROC_CACHE_DIR_ROOT/_cache/monero/contrib/depends/sources" "$PWD/monero/contrib/depends/sources"
            ln -sf "$MONEROC_CACHE_DIR_ROOT/_cache/wownero/contrib/depends/sources" "$PWD/wownero/contrib/depends/sources"
          popd

      - name: Execute Build and Setup Commands
        run: |
          pushd scripts/linux
            source ./app_env.sh cakewallet
            ./app_config.sh
          popd

      - name: Build monero_c
        run: |
          pushd scripts/linux/
            source ./app_env.sh cakewallet
            ./build_monero_all.sh
          popd

      - name: Install Flutter dependencies
        run: |
          flutter pub get

      - name: Build generated code
        run: |
          ./model_generator.sh async

      - name: Generate localization
        run: |
          dart run tool/generate_localization.dart

      - name: Build linux
        run: |
          flutter build linux --release

      - name: Compress release
        run: |
          pushd build/linux/x64/release
          zip -r cakewallet_linux.zip bundle
          popd

      - name: Upload Artifact to github
        uses: actions/upload-artifact@v4
        with:
          path: ${{ github.workspace }}/build/linux/x64/release/cakewallet_linux.zip
          name: cakewallet_linux

      - name: Prepare virtual desktop
        if: ${{ contains(env.message, 'run tests') }}
        run: |
            nohup Xvfb :99 -screen 0 720x1280x16 &
            echo DISPLAY=:99 | sudo tee -a $GITHUB_ENV
            dbus-daemon --system --fork
            nohup NetworkManager &
            nohup ffmpeg -framerate 60 -video_size 720x1280 -f x11grab -i :99 -c:v libx264 -c:a aac /opt/screen_grab.mkv &

      # Note for people adding tests:
      # - Tests are ran on Linux, with some things being mocked out.
      # - Screen recording is being provided for the entire length of the test, you can download it in github articats.
      # - Screen recordeding is encrypted, look at step "Stop screen recording, encrypt and upload", and add your key if you want
      #   Reason for encryption is the fact that we restore the wallet from seed, and we don't want to leak that, while there
      #   isn't much in those wallets anyway, we still wouldn't like to leak it to anyone who is able to access github.

      - name: Test [confirm_seeds_flow_test]
        if: ${{ contains(env.message, 'run tests') }}
        timeout-minutes: 20
        run: |
          xmessage -timeout 30 "confirm_seeds_flow_test" &
          rm -rf ~/.local/share/com.example.cake_wallet/ ~/Documents/cake_wallet/ ~/cake_wallet
          exec timeout --signal=SIGKILL 900 flutter drive --driver=test_driver/integration_test.dart --target=integration_test/test_suites/confirm_seeds_flow_test.dart
      - name: Test [create_wallet_flow_test]
        if: ${{ contains(env.message, 'run tests') }}
        timeout-minutes: 20
        run: |
          xmessage -timeout 30 "create_wallet_flow_test" &
          rm -rf ~/.local/share/com.example.cake_wallet/ ~/Documents/cake_wallet/ ~/cake_wallet
          exec timeout --signal=SIGKILL 900 flutter drive --driver=test_driver/integration_test.dart --target=integration_test/test_suites/create_wallet_flow_test.dart
      - name: Test [exchange_flow_test]
        if: ${{ contains(env.message, 'run tests') }}
        timeout-minutes: 20
        run: |
          xmessage -timeout 30 "exchange_flow_test" &
          rm -rf ~/.local/share/com.example.cake_wallet/ ~/Documents/cake_wallet/ ~/cake_wallet
          exec timeout --signal=SIGKILL 900 flutter drive --driver=test_driver/integration_test.dart --target=integration_test/test_suites/exchange_flow_test.dart
      - name: Test [restore_wallet_through_seeds_flow_test]
        if: ${{ contains(env.message, 'run tests') }}
        timeout-minutes: 20
        run: |
          xmessage -timeout 30 "restore_wallet_through_seeds_flow_test" &
          rm -rf ~/.local/share/com.example.cake_wallet/ ~/Documents/cake_wallet/ ~/cake_wallet
          exec timeout --signal=SIGKILL 900 flutter drive --driver=test_driver/integration_test.dart --target=integration_test/test_suites/restore_wallet_through_seeds_flow_test.dart
      - name: Stop screen recording, encrypt and upload
        if: always()
        run: |
          if [[ ! -f "/opt/screen_grab.mkv" ]];
          then
            exit 0;
          fi
          killall ffmpeg
          sleep 5
          killall -9 ffmpeg || true
          sleep 5
          # Feel free to add your own public key if you wish
          gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 6B3199AD9B3D23B8 # konstantin@cakewallet.com
          gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 35C8DBAFB8D9ACAC # cyjan@mrcyjanek.net
          gpg --trust-model always --encrypt --output /opt/screen_grab.mkv.gpg \
            --recipient 6B3199AD9B3D23B8 \
            --recipient 35C8DBAFB8D9ACAC \
            /opt/screen_grab.mkv
          rm /opt/screen_grab.mkv
          mv /opt/screen_grab.mkv.gpg ./screen_grab.mkv.gpg
      - name: Upload Artifact to github
        if: always()
        continue-on-error: true
        uses: actions/upload-artifact@v4
        with:
          path: ${{ github.workspace }}/screen_grab.mkv.gpg
          name: tests_screen_grab