feat: Add tropic emulator build support to release workflow

- Add optional 'checkout_tag' input to build specific versions - Add 'tropic_enabled' boolean input to build with DISABLE_TROPIC=0 - Add 'tropic_models' input to specify which models support tropic - Conditionally upload to {MODEL}_tropic_on/ subdirectory for tropic builds - Update both x86_64 and ARM64 build jobs with new functionality - Maintain backward compatibility - all new inputs are optional with sensible defaults
2026-02-20 00:33:30 +01:00 · 2026-02-16 15:22:00 +01:00
parent 4e19779310
commit 9bb70256fd
1 changed files with 43 additions and 4 deletions
--- a/.github/workflows/release-emu.yml
+++ b/.github/workflows/release-emu.yml
@@ -23,6 +23,19 @@ on:
        type: string
        required: true
        default: "[\"T2B1\",\"T2T1\",\"T3B1\",\"T3T1\"]"
+      checkout_tag:
+        description: "Optional: Git tag/branch to build from (e.g., core/v2.9.6). If empty, uses current branch"
+        type: string
+        required: false
+      tropic_enabled:
+        description: "Build with Tropic enabled (DISABLE_TROPIC=0)"
+        type: boolean
+        default: false
+      tropic_models:
+        description: "Models that support tropic (JSON list)"
+        type: string
+        required: false
+        default: "[\"T3W1\"]"

 permissions:
  id-token: write       # for fetching the OIDC token
@@ -56,7 +69,7 @@ jobs:

  core_emu:
    if: startsWith(github.ref, 'refs/tags/core/v') || inputs.project == 'core'
-    name: Build emu
+    name: Build emu ${{ inputs.tropic_enabled && '(Tropic)' || '' }}
    needs: get_models
    runs-on: ubuntu-latest
    strategy:
@@ -75,10 +88,17 @@ jobs:
      PYOPT: ${{ matrix.type == 'debuglink' && '0' || '1' }}
      ADDRESS_SANITIZER: "0"
      LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt"
+      DISABLE_TROPIC: ${{ inputs.tropic_enabled && '0' || '1' }}
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive
+      - name: Checkout specific version if provided
+        if: inputs.checkout_tag
+        run: |
+          git fetch origin tag "${{ inputs.checkout_tag }}" --depth=1 2>/dev/null || git fetch origin "${{ inputs.checkout_tag }}" --depth=1
+          git checkout "${{ inputs.checkout_tag }}"
+          git submodule update --init --recursive
      - uses: ./.github/actions/environment
      - run: nix-shell --run "uv run make -C core build_bootloader_emu"
        if: matrix.coins == 'universal'
@@ -93,8 +113,14 @@ jobs:
        continue-on-error: true

      - name: Upload emulator binaries
+        env:
+          TROPIC_MODELS: ${{ inputs.tropic_models || '[\"T3W1\"]' }}
        run: |
-            aws s3 mv core/build/unix/trezor-emu-core-${{ matrix.model }}-v${{ needs.get_models.outputs.version }} s3://data.trezor.io/dev/firmware/releases/emulators-new/${{ matrix.model}}/
+          UPLOAD_PATH="s3://data.trezor.io/dev/firmware/releases/emulators-new/${{ matrix.model }}/"
+          if [[ "${{ inputs.tropic_enabled }}" == "true" ]] && echo "$TROPIC_MODELS" | grep -q "${{ matrix.model }}"; then
+            UPLOAD_PATH="${UPLOAD_PATH}${{ matrix.model }}_tropic_on/"
+          fi
+          aws s3 mv "core/build/unix/trezor-emu-core-${{ matrix.model }}-v${{ needs.get_models.outputs.version }}" "$UPLOAD_PATH"

      - uses: actions/upload-artifact@v4
        with:
@@ -106,7 +132,7 @@ jobs:

  core_emu_arm:
    if: startsWith(github.ref, 'refs/tags/core/v') || inputs.project == 'core'
-    name: Build core emu arm
+    name: Build core emu arm ${{ inputs.tropic_enabled && '(Tropic)' || '' }}
    needs: get_models
    runs-on: ubuntu-latest-arm64
    strategy:
@@ -125,10 +151,17 @@ jobs:
      PYOPT: ${{ matrix.type == 'debuglink' && '0' || '1' }}
      ADDRESS_SANITIZER: ${{ matrix.asan == 'asan' && '1' || '0' }}
      LSAN_OPTIONS: "suppressions=../../asan_suppressions.txt"
+      DISABLE_TROPIC: ${{ inputs.tropic_enabled && '0' || '1' }}
    steps:
      - uses: actions/checkout@v4
        with:
          submodules: recursive
+      - name: Checkout specific version if provided
+        if: inputs.checkout_tag
+        run: |
+          git fetch origin tag "${{ inputs.checkout_tag }}" --depth=1 2>/dev/null || git fetch origin "${{ inputs.checkout_tag }}" --depth=1
+          git checkout "${{ inputs.checkout_tag }}"
+          git submodule update --init --recursive
      - uses: ./.github/actions/environment
      - run: nix-shell --run "uv run make -C core build_bootloader_emu"
        if: matrix.coins == 'universal'
@@ -143,8 +176,14 @@ jobs:
        continue-on-error: true

      - name: Upload emulator binaries
+        env:
+          TROPIC_MODELS: ${{ inputs.tropic_models || '[\"T3W1\"]' }}
        run: |
-            aws s3 cp core/build/unix/trezor-emu-core-${{ matrix.model }}-v${{ needs.get_models.outputs.version }}-arm s3://data.trezor.io/dev/firmware/releases/emulators-new/${{ matrix.model}}/
+          UPLOAD_PATH="s3://data.trezor.io/dev/firmware/releases/emulators-new/${{ matrix.model }}/"
+          if [[ "${{ inputs.tropic_enabled }}" == "true" ]] && echo "$TROPIC_MODELS" | grep -q "${{ matrix.model }}"; then
+            UPLOAD_PATH="${UPLOAD_PATH}${{ matrix.model }}_tropic_on/"
+          fi
+          aws s3 cp "core/build/unix/trezor-emu-core-${{ matrix.model }}-v${{ needs.get_models.outputs.version }}-arm" "$UPLOAD_PATH"

      - uses: actions/upload-artifact@v4
        with: