This repository has been archived by the owner on Jan 11, 2024. It is now read-only.
BUILD: Point at pre-audit versions of dependencies #1452
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - '**' | |
| # To add ready_for_review as a trigger we need to list all the defaults. | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - ready_for_review | |
| env: | |
| CARGO_INCREMENTAL: '0' | |
| SCCACHE_CACHE_SIZE: 10G | |
| CC: "sccache clang" | |
| CXX: "sccache clang++" | |
| PROFILE: "ci" | |
| BUILDX_FLAGS: "--cache-from=type=gha --cache-to=type=gha,mode=max" | |
| jobs: | |
| # Check code formatting; anything that doesn't require compilation. | |
| pre-compile-checks: | |
| name: Pre-compile checks | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out the project | |
| uses: actions/checkout@v3 | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: nightly | |
| components: rustfmt | |
| - name: Check code formatting | |
| run: make check-fmt | |
| # This is so `make license` doesn't say "bad revision origin/main" | |
| - name: Fetch origin for diff | |
| run: git fetch origin | |
| - name: Check license headers | |
| run: make license | |
| # Test matrix, running tasks from the Makefile. | |
| tests: | |
| # Skip tests on draft PRs, they take a long time, and drafts are for visibility. | |
| if: ${{ !github.event.pull_request.draft }} | |
| needs: [pre-compile-checks] | |
| name: ${{ matrix.make.name }} (${{ matrix.os }}, ${{ matrix.rust }}) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest] | |
| rust: [stable] | |
| make: | |
| - name: Clippy | |
| task: check-clippy | |
| - name: Test | |
| task: test | |
| - name: End-to-End | |
| task: e2e | |
| exclude: | |
| # Not running Clippy on nightly because sometimes it seems to give false positives. | |
| - rust: nightly | |
| make: | |
| name: Clippy | |
| - rust: nightly | |
| make: | |
| name: End-to-end | |
| env: | |
| RUST_BACKTRACE: full | |
| RUSTFLAGS: -Dwarnings | |
| steps: | |
| - name: Check out the project | |
| uses: actions/checkout@v3 | |
| - name: Install Tools | |
| uses: ./.github/actions/install-tools | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| rust: ${{ matrix.rust }} | |
| - name: Setup Cache | |
| uses: ./.github/actions/setup-cache | |
| timeout-minutes: 5 | |
| continue-on-error: true | |
| with: | |
| # Caching everything separately, in case they don't ask for the same things to be compiled. | |
| cache-prefix: ${{ matrix.make.name }}-${{ matrix.os }}-${{ matrix.rust }}-${{ hashFiles('rust-toolchain', 'rust-toolchain.toml') }} | |
| cache-suffix: ${{ hashFiles('**/Cargo.lock') }} | |
| - name: ${{ matrix.make.name }} | |
| run: make ${{ matrix.make.task }} | |
| # Publish Docker image on the main branch | |
| publish: | |
| name: Publish artifacts | |
| needs: [tests] | |
| if: github.ref == 'refs/heads/main' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| packages: write | |
| contents: read | |
| steps: | |
| - name: Check out the project | |
| uses: actions/checkout@v3 | |
| - name: Install Tools | |
| uses: ./.github/actions/install-tools | |
| with: | |
| repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| rust: stable | |
| - name: Setup Cache | |
| uses: ./.github/actions/setup-cache | |
| timeout-minutes: 5 | |
| continue-on-error: true | |
| with: | |
| # The Cargo.lock file is very likely to change between PRs, which would mean a cache miss. | |
| # Ideally we want to download the previous cache and do an upload if something changed. | |
| # That's why the Cargo.lock hash is used as a suffix, so we match on a stable one and upload if changed. | |
| cache-prefix: publish-${{ hashFiles('rust-toolchain', 'rust-toolchain.toml') }} | |
| cache-suffix: ${{ hashFiles('**/Cargo.lock') }} | |
| # - name: Docker Build | |
| # run: make docker-build | |
| # We used this for a single architecture build, but with `buildx` the push happens at the same time as the build. | |
| # - name: Docker Push | |
| # uses: ./.github/actions/docker-push | |
| # with: | |
| # repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| # repo-owner: ${{ github.repository_owner }} | |
| # image-name: ${{ github.event.repository.name }} | |
| - name: Docker Login | |
| shell: bash | |
| run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin | |
| - name: Docker Prep | |
| id: prep | |
| run: | | |
| IMAGE_ID=ghcr.io/${{ github.repository_owner }}/${{ github.event.repository.name }} | |
| # This changes all uppercase characters to lowercase. | |
| IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]') | |
| # This strips the git ref prefix from the version. | |
| VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,') | |
| # This strips the "v" prefix from the tag name. | |
| [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//') | |
| # This uses the Docker `latest` tag convention. | |
| [ "$VERSION" == "main" ] && VERSION=latest | |
| echo "IMAGE_TAG=$IMAGE_ID:$VERSION" >> $GITHUB_OUTPUT | |
| - name: Docker Deps | |
| run: | | |
| make docker-deps | |
| # https://github.com/marketplace/actions/free-disk-space-ubuntu | |
| - name: Free Disk Space (Ubuntu) | |
| uses: jlumbroso/free-disk-space@main | |
| with: | |
| tool-cache: false | |
| android: true | |
| dotnet: true | |
| haskell: true | |
| large-packages: true | |
| docker-images: true | |
| swap-storage: true | |
| - name: Build and Push Multiarch Docker Image | |
| run: | | |
| export BUILDX_TAG=${{ steps.prep.outputs.IMAGE_TAG }} | |
| export BUILDX_STORE="--push" | |
| export BUILDX_FLAGS="--platform linux/amd64,linux/arm64 ${BUILDX_FLAGS}" | |
| make docker-build | |
| # https://github.com/Chizkiyahu/delete-untagged-ghcr-action | |
| - name: Delete all containers from package without tags | |
| uses: Chizkiyahu/delete-untagged-ghcr-action@v3 | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| owner_type: org | |
| package_name: fendermint | |
| untagged_only: true | |
| except_untagged_multiplatform: true |