Merge branch 'paulliu/add-back-smart-contract-address' into 'master' #1963
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Main CI | |
| on: | |
| # Todo: re-enable once github runner resources have been set | |
| # push: | |
| merge_group: | |
| # Allows you to run this workflow manually from the Actions tab | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| pull_request: | |
| # runs for the same workflow are cancelled on PRs but not on master | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| permissions: read-all | |
| env: | |
| CI_COMMIT_SHA: ${{ github.sha }} | |
| CI_COMMIT_REF_PROTECTED: ${{ github.ref_protected }} | |
| CI_JOB_NAME: ${{ github.job }} | |
| CI_JOB_ID: ${{ github.job }} # github does not expose this variable https://github.com/orgs/community/discussions/8945 | |
| CI_JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| CI_PIPELINE_SOURCE: ${{ github.event_name }} | |
| CI_PROJECT_DIR: ${{ github.workspace }} | |
| CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.event.pull_request.base.ref }} | |
| ROOT_PIPELINE_ID: ${{ github.run_id }} | |
| BAZEL_STARTUP_ARGS: "--output_base=/var/tmp/bazel-output/" | |
| RUSTFLAGS: "--remap-path-prefix=${CI_PROJECT_DIR}=/ic" | |
| AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }} | |
| jobs: | |
| bazel-test-all: | |
| name: Bazel-Test-All | |
| runs-on: | |
| labels: bazel-runner-large | |
| container: | |
| image: dfinity/ic-build:abbdc66c19bf32eda2109f97e39fde519ef9b452ab54aee52b234af8638983d8 | |
| timeout-minutes: 90 | |
| if: ${{ vars.RUN_CI == 'true' }} # needed to avoid running on public dfinity org until published | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 # v4 does not work with bazel-runner-large | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| if: ${{ github.event_name != 'pull_request' }} | |
| - name: Run Bazel Test All | |
| id: bazel-test-all | |
| uses: ./.github/actions/bazel-test-all/ | |
| with: | |
| BAZEL_COMMAND: "test" | |
| BAZEL_TARGETS: "//... --deleted_packages=gitlab-ci/src/gitlab_config" | |
| BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel" | |
| # check if PR title contains release and set timeout filters accordingly | |
| BAZEL_EXTRA_ARGS_RULES: ${{ contains(github.event.pull_request.title, 'release') && '--test_timeout_filters=short,moderate' || '' }} | |
| BAZEL_EXTRA_ARGS: "--keep_going --verbose_failures" | |
| # run on diff only if it is a pull request, otherwise run all targets | |
| RUN_ON_DIFF_ONLY: ${{ contains(github.event_name, 'pull_request') && 'true' || 'false'}} | |
| - name: After script | |
| id: after-script | |
| shell: bash | |
| run: | | |
| bazel clean | |
| # rm -rf "${CI_PROJECT_DIR}/" # this doesn't work, TODO: figure out if and where data gets stored | |
| # - name: Upload Bazel artifacts | |
| # uses: actions/upload-artifact@v3 | |
| # if: success() || failure() # don't run if CI job is cancelled | |
| # with: | |
| # name: bazel-artifacts | |
| # retention-days: 2 | |
| # if-no-files-found: ignore | |
| # compression-level: 7 | |
| # path: | | |
| # bazel-build-log*.json* | |
| # bazel-bep.pb | |
| # bazel-testlogs/**/test.xml | |
| bazel-config-check-all-rebuild: | |
| runs-on: | |
| labels: bazel-runner-small | |
| container: | |
| image: dfinity/ic-build:abbdc66c19bf32eda2109f97e39fde519ef9b452ab54aee52b234af8638983d8 | |
| timeout-minutes: 30 | |
| if: ${{ vars.RUN_CI == 'true' }} | |
| name: Bazel-Config-Check-All-Rebuild | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| # Fetch all commits since gitlab-ci/src/bazel-ci/diff.sh needs to run | |
| # git merge-base HEAD origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME | |
| # which not only requires the HEAD commit but also its history | |
| # and the history of origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME. | |
| fetch-depth: 0 | |
| - name: Run bazel build --config=check //rs/... | |
| id: bazel-build-config-check | |
| uses: ./.github/actions/bazel-test-all/ | |
| with: | |
| BAZEL_COMMAND: "build" | |
| BAZEL_TARGETS: "//rs/..." | |
| BAZEL_CI_CONFIG: "--config=check" | |
| # run on diff only if it is a pull request, otherwise run all targets | |
| RUN_ON_DIFF_ONLY: ${{ contains(github.event_name, 'pull_request') && 'true' || 'false'}} | |
| - name: After script | |
| id: after-script | |
| shell: bash | |
| run: | | |
| bazel clean | |
| # rm -rf "${CI_PROJECT_DIR}/" # this doesn't work, TODO: figure out if and where data gets stored | |
| bazel-test-macos: | |
| name: Bazel-Test-MacOS | |
| timeout-minutes: 90 | |
| if: ${{ vars.RUN_CI == 'true' }} | |
| runs-on: | |
| labels: macos | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| filters: | | |
| bazel-test-macos: | |
| - '.github/workflows/main-ci.yml' | |
| - '.bazelrc' | |
| - '.bazelversion' | |
| - '**/*.bazel' | |
| - '**/*.bzl' | |
| - '**/*.lock' | |
| - '**/*.rs' | |
| - '**/*.toml' | |
| - name: Run Bazel Test MacOS | |
| id: bazel-test-macos | |
| if: steps.filter.outputs.bazel-test-macos != 'false' | |
| uses: ./.github/actions/bazel-test-all/ | |
| with: | |
| BAZEL_CI_CONFIG: "--config=ci --config macos_ci" | |
| BAZEL_COMMAND: test | |
| BAZEL_EXTRA_ARGS: "--test_tag_filters=test_macos" | |
| BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output//${ROOT_PIPELINE_ID}" | |
| BAZEL_TARGETS: "//rs/... //publish/binaries/..." | |
| - name: No run | |
| if: steps.filter.outputs.bazel-test-macos == 'false' | |
| run: echo "No changes, skipping run" | |
| - name: After script | |
| id: after-script | |
| shell: bash | |
| run: | | |
| sudo rm -rf /var/tmp/bazel-output//${ROOT_PIPELINE_ID} | |
| bazel-build-fuzzers: | |
| name: Bazel-Build-Fuzzers | |
| runs-on: | |
| labels: bazel-runner-small | |
| container: | |
| image: dfinity/ic-build:abbdc66c19bf32eda2109f97e39fde519ef9b452ab54aee52b234af8638983d8 | |
| timeout-minutes: 30 | |
| if: ${{ vars.RUN_CI == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Bazel Build Fuzzers | |
| id: bazel-build-fuzzers | |
| uses: ./.github/actions/bazel-test-all/ | |
| with: | |
| BAZEL_COMMAND: "build" | |
| BAZEL_TARGETS: "//rs/..." | |
| BAZEL_CI_CONFIG: "--config=ci" | |
| BAZEL_EXTRA_ARGS: "--keep_going --config=fuzzing --build_tag_filters=libfuzzer" | |
| - name: After script | |
| id: after-script | |
| shell: bash | |
| run: | | |
| bazel clean | |
| # rm -rf "${CI_PROJECT_DIR}/" # this doesn't work, TODO: figure out if and where data gets stored | |
| bazel-build-fuzzers-afl: | |
| name: Bazel-Build-Fuzzers-AFL | |
| runs-on: | |
| labels: bazel-runner-small | |
| container: | |
| image: dfinity/ic-build:abbdc66c19bf32eda2109f97e39fde519ef9b452ab54aee52b234af8638983d8 | |
| timeout-minutes: 30 | |
| if: ${{ vars.RUN_CI == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Bazel Build Fuzzers AFL | |
| id: bazel-build-fuzzers-afl | |
| uses: ./.github/actions/bazel-test-all/ | |
| with: | |
| BAZEL_COMMAND: "build" | |
| BAZEL_TARGETS: "//rs/..." | |
| BAZEL_CI_CONFIG: "--config=ci" | |
| BAZEL_EXTRA_ARGS: "--keep_going --config=afl" | |
| - name: After script | |
| id: after-script | |
| shell: bash | |
| run: | | |
| bazel clean | |
| # rm -rf "${CI_PROJECT_DIR}/" # this doesn't work, TODO: figure out if and where data gets stored | |
| python-ci-tests: | |
| name: Python-CI-Tests | |
| container: | |
| image: dfinity/ic-build:abbdc66c19bf32eda2109f97e39fde519ef9b452ab54aee52b234af8638983d8 | |
| timeout-minutes: 30 | |
| if: ${{ vars.RUN_CI == 'true' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Run Python CI Tests | |
| id: python-ci-tests | |
| shell: bash | |
| run: | | |
| set -xeuo pipefail | |
| export PYTHONPATH=$PWD/gitlab-ci/src:$PWD/gitlab-ci/src/dependencies:$PYTHONPATH | |
| pip3 install --ignore-installed -r requirements.txt | |
| cd gitlab-ci/src | |
| pytest --ignore=gitlab_config/ --ignore=git_changes/ -v -o junit_family=xunit1 --junitxml=../../test_report.xml --cov=. --cov-report=term --cov-report=term-missing --cov-report=html --cov-branch | |
| cargo-clippy-linux: | |
| name: Cargo-Clippy-Linux | |
| runs-on: | |
| labels: bazel-runner-small | |
| container: | |
| image: dfinity/ic-build:abbdc66c19bf32eda2109f97e39fde519ef9b452ab54aee52b234af8638983d8 | |
| timeout-minutes: 30 | |
| if: ${{ vars.RUN_CI == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| cargo: | |
| - "**/*.rs" | |
| - "**/*.toml" | |
| - "**/*.lock" | |
| - name: Run Cargo Clippy Linux | |
| id: cargo-clippy-linux | |
| if: steps.filter.outputs.cargo == 'true' | |
| shell: bash | |
| run: | | |
| set -eExuo pipefail | |
| buildevents cmd "$ROOT_PIPELINE_ID" "$CI_JOB_ID" build-command -- \ | |
| "$CI_PROJECT_DIR"/gitlab-ci/src/ci-scripts/rust-lint.sh | |
| - name: No run | |
| if: steps.filter.outputs.cargo == 'false' | |
| run: echo "No cargo changes, skipping run" | |
| cargo-build-release-linux: | |
| name: Cargo-Build-Release-Linux | |
| runs-on: | |
| labels: bazel-runner-small | |
| container: | |
| image: dfinity/ic-build:abbdc66c19bf32eda2109f97e39fde519ef9b452ab54aee52b234af8638983d8 | |
| timeout-minutes: 30 | |
| if: ${{ vars.RUN_CI == 'true' }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: | | |
| cargo: | |
| - "**/*.rs" | |
| - "**/*.toml" | |
| - "**/*.lock" | |
| - name: Run Cargo Build Release Linux | |
| id: cargo-build-release-linux | |
| if: steps.filter.outputs.cargo == 'true' | |
| shell: bash | |
| run: | | |
| set -eExuo pipefail | |
| buildevents cmd "$ROOT_PIPELINE_ID" "$CI_JOB_ID" build-command -- \ | |
| cargo build --release | |
| - name: No run | |
| if: steps.filter.outputs.cargo == 'false' | |
| run: echo "No cargo changes, skipping run" |