Skip to content

Remove ignore RUSTSEC-2024-0336 #10378

Remove ignore RUSTSEC-2024-0336

Remove ignore RUSTSEC-2024-0336 #10378

Workflow file for this run

name: CI
on:
workflow_dispatch:
push:
branches:
- master
pull_request:
types: [ opened, synchronize, reopened, labeled, unlabeled ]
release:
types: [ published ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
GIT_BRANCH: ${{ github.head_ref || github.ref_name }}
GIT_REPO_OWNER: ${{ github.repository_owner }}
GIT_REPO: ${{ github.repository }}
GIT_REPO_NAME: ${{ github.event.repository.name }}
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core
AWS_ECR_ORG: fuellabs
CARGO_TERM_COLOR: always
RUST_VERSION: 1.79.0
RUST_VERSION_FMT: nightly-2023-10-29
RUST_VERSION_COV: nightly-2024-06-05
RUSTFLAGS: -D warnings
REGISTRY: ghcr.io
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
jobs:
check-changelog:
name: Check Changelog
runs-on: ubuntu-latest
steps:
- uses: tarides/changelog-check-action@v2
with:
changelog: CHANGELOG.md
rustfmt:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- uses: actions/checkout@v4
- name: Install latest nightly
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION_FMT }}
components: rustfmt
- name: Rustfmt check
run: cargo +${{ env.RUST_VERSION_FMT }} fmt --all -- --check
lint-toml-files:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- name: setup binstall
uses: taiki-e/install-action@cargo-binstall
- name: Install Cargo.toml linter
run: cargo binstall --no-confirm cargo-sort
- name: Run Cargo.toml sort check
run: cargo sort -w --check
- name: Install Prettier and TOML Plugin
run: |
# prettier has issues with global installation and plugin discovery. The temporary `package.json` created by `npm init -y` is a workaround.
npm init -y > /dev/null 2>&1
npm install prettier prettier-plugin-toml
- name: Check format of Cargo.toml files
run: |
if ! npx prettier --check "**/Cargo.toml"; then
npx prettier --write "**/Cargo.toml" > /dev/null 2>&1
echo "Changes required:"
git --no-pager diff
exit 1
fi
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && github.ref == 'refs/heads/master'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
prevent-openssl:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- uses: actions/checkout@v4
# ensure openssl hasn't crept into the dep tree
- name: Check if openssl is included
run: ./.github/workflows/scripts/verify_openssl.sh
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && github.ref == 'refs/heads/master'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
cargo-verifications:
needs:
- lint-toml-files
- prevent-openssl
- rustfmt
- check-changelog
runs-on: buildjet-4vcpu-ubuntu-2204
env:
RUSTFLAGS: -D warnings
strategy:
matrix:
include:
- command: clippy
args: -p fuel-core-wasm-executor --target wasm32-unknown-unknown --no-default-features
- command: clippy
args: --all-targets --all-features
- command: check
args: --all-targets
- command: doc
args: --all-features --workspace --no-deps
- command: make
args: check --locked
- command: test
args: --workspace
- command: test
args: --all-features --workspace
- command: test
args: -p fuel-core --no-default-features
- command: test
args: -p fuel-core --lib executor --features wasm-executor
env:
FUEL_ALWAYS_USE_WASM=true
- command: test
args: -p fuel-core-client --no-default-features
- command: test
args: -p fuel-core-chain-config --no-default-features
# Don't split this command; this is a workaround.
# We need to run `cargo check` first to fetch the locked dependencies
# for `fuel-core 0.26.0`(because of the bug with `--offline`
# and `--locked` when we build `fuel-core-wasm-executor 0.26.0`).
- command: check
args: --manifest-path version-compatibility/Cargo.toml --workspace && cargo test --manifest-path version-compatibility/Cargo.toml --workspace
- command: build
args: -p fuel-core-bin --no-default-features --features production
# WASM compatibility checks
- command: check
args: -p fuel-core-types --target wasm32-unknown-unknown --no-default-features --features alloc
- command: check
args: -p fuel-core-storage --target wasm32-unknown-unknown --no-default-features --features alloc
- command: check
args: -p fuel-core-client --target wasm32-unknown-unknown --no-default-features
- command: check
args: -p fuel-core-chain-config --target wasm32-unknown-unknown --no-default-features
- command: check
args: -p fuel-core-executor --target wasm32-unknown-unknown --no-default-features --features alloc
# disallow any job that takes longer than 45 minutes
timeout-minutes: 45
continue-on-error: ${{ matrix.skip-error || false }}
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
targets: "wasm32-unknown-unknown"
components: "clippy"
- name: Install Cargo Make
uses: davidB/rust-cargo-make@v1
with:
version: "0.36.4"
- uses: rui314/setup-mold@v1
- uses: buildjet/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ matrix.command }}-${{ matrix.args }}-${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: ${{ matrix.command }} ${{ matrix.args }}
run: ${{ matrix.env }} cargo ${{ matrix.command }} ${{ matrix.args }}
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && github.ref == 'refs/heads/master'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
publish-crates-check:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
targets: "wasm32-unknown-unknown"
- name: Publish crate check
uses: FuelLabs/publish-crates@v1
with:
dry-run: true
check-repo: false
ignore-unpublished-changes: true
cargo-test-kms:
if: github.event.repository.fork == false
needs:
- rustfmt
- check-changelog
runs-on: buildjet-4vcpu-ubuntu-2204
env:
RUSTFLAGS: -D warnings
FUEL_CORE_TEST_AWS_KMS_ARN: "arn:aws:kms:us-east-1:249945542445:key/mrk-e13c7118ce544f7da66294f6e87c8790"
timeout-minutes: 45
permissions:
contents: read
id-token: write
steps:
- name: Configure AWS credentials for integration testing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::249945542445:role/github_oidc_FuelLabs_fuel-core
aws-region: us-east-1
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- uses: rui314/setup-mold@v1
- uses: buildjet/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: cargo-test-kms-${{ hashFiles('**/Cargo.lock') }}
- name: Run integration tests for kms only
run: cargo test -p fuel-core-tests --features aws-kms -- kms
publish-codecov:
name: Publish code coverage report on GitHub pages branch
runs-on: buildjet-4vcpu-ubuntu-2204
needs:
- cargo-verifications
permissions: # Write access to push changes to pages
contents: write
steps:
- uses: actions/checkout@v4
- name: Install latest Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION_COV }}
targets: wasm32-unknown-unknown
- name: Install cargo-llvm-codecov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Code coverage report
run: cargo +${{ env.RUST_VERSION_COV }} llvm-cov --all-features --html --branch
- name: Checkout the repo again for pushing pages revision
uses: actions/checkout@v4
with:
ref: 'codecov-pages'
path: 'pages-branch'
- name: Push codecov report to pages branch
working-directory: ./pages-branch
run: |
export BRANCH_B64=$(echo -n "${{ env.GIT_BRANCH }}" | basenc --base64url)
git config user.email "2204863+Dentosal@users.noreply.github.com"
git config user.name "Dentosal"
cp -r ../target/llvm-cov/html "$BRANCH_B64"
python3 ../.github/workflows/scripts/generate_pages_index.py > index.html
git add .
git commit -m "Update codecov for ${{ env.GIT_BRANCH }}"
git push
export PAGES_URL="https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/$BRANCH_B64/index.html"
echo "$PAGES_URL"
echo "Codecov report $PAGES_URL" >> $GITHUB_STEP_SUMMARY
verifications-complete:
needs:
- cargo-verifications
- publish-crates-check
- cargo-test-kms
runs-on: ubuntu-latest
steps:
- run: echo "pass"
verify-tag-version:
# Only do this job if publishing a release
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Verify tag version
run: |
# TODO: Automate running `verify_tag` only for "publish = true" crates
curl -sSLf "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -L -o dasel && chmod +x dasel
mv ./dasel /usr/local/bin/dasel
./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml
publish-crates:
# Only do this job if publishing a release
needs:
- verify-tag-version
- verifications-complete
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
targets: "wasm32-unknown-unknown"
- name: Publish crate
uses: FuelLabs/publish-crates@v1
with:
publish-delay: 60000
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }}
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always()
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
build-docker-images:
needs:
- publish-crates-check
strategy:
matrix:
arch: [
# build on native runners instead of using emulation
{ platform: linux/amd64, runner: buildjet-8vcpu-ubuntu-2204 },
{ platform: linux/arm64, runner: buildjet-16vcpu-ubuntu-2204-arm }
]
runs-on: ${{ matrix.arch.runner }}
permissions:
contents: read
packages: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
platform=${{ matrix.arch.platform }}
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the ghcr.io registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v3
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY_URL }}
- name: Setup Rust build cache
id: cache
uses: buildjet/cache@v3
with:
path: |
home-cargo-bin
home-cargo-registry-index
home-cargo-registry-cache
home-cargo-git-db
target
key: ${{ env.PLATFORM_PAIR }}-${{ hashFiles('**/Cargo.lock') }}
- name: Inject cache into docker
uses: reproducible-containers/buildkit-cache-dance@v3.1.2
with:
cache-map: |
{
"home-cargo-bin": "/usr/local/cargo/bin",
"home-cargo-registry-index": "/usr/local/cargo/registry/index",
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache",
"home-cargo-git-db": "/usr/local/cargo/git/db",
"target": "/build/target"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
- name: Build Docker image
id: build
uses: docker/build-push-action@v6
with:
context: .
platforms: ${{ matrix.arch.platform }}
file: deployment/Dockerfile
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }}
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }},mode=max,image-manifest=true,oci-mediatypes=true
outputs: |
type=image,name=${{ env.REGISTRY_URL }},push-by-digest=true,name-canonical=true,push=true
- name: Export digest
run: |
mkdir -p /tmp/digests
digest="${{ steps.build.outputs.digest }}"
touch "/tmp/digests/${digest#sha256:}"
- name: Upload digest
uses: actions/upload-artifact@v4
with:
name: digests-${{ env.PLATFORM_PAIR }}
path: /tmp/digests/*
if-no-files-found: error
retention-days: 1
publish-docker-image:
needs:
- build-docker-images
- verifications-complete
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
- name: Download digests
uses: actions/download-artifact@v4
with:
path: /tmp/digests
pattern: digests-*
merge-multiple: true
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1 # ecr public is only in us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Log in to the ghcr.io registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v3
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY_URL }}
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}
tags: |
type=sha
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{raw}}
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
type=raw,value=latest,enable={{is_default_branch}}
- name: Create manifest list and push to all registries
working-directory: /tmp/digests
run: |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \
$(printf '${{ env.REGISTRY_URL }}@sha256:%s ' *)
- name: Inspect image
run: |
docker buildx imagetools inspect ${{ env.REGISTRY_URL }}:${{ steps.meta.outputs.version }}
# duplicate of publish-docker-image, but with profiling features enabled
# this is split into a separate action since it takes longer to build
publish-docker-image-profiling:
needs:
- verifications-complete
runs-on: buildjet-16vcpu-ubuntu-2204
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1 # ecr public is only in us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Log in to the ghcr.io registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v2
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY_URL }}-debug
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-debug
tags: |
type=sha
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{raw}}
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
type=raw,value=latest,enable={{is_default_branch}}
- name: Setup Rust build cache
id: cache
uses: buildjet/cache@v3
with:
path: |
home-cargo-bin
home-cargo-registry-index
home-cargo-registry-cache
home-cargo-git-db
target
key: publish-docker-image-profiling-${{ hashFiles('**/Cargo.lock') }}
- name: Inject cache into docker
uses: reproducible-containers/buildkit-cache-dance@v3.1.2
with:
cache-map: |
{
"home-cargo-bin": "/usr/local/cargo/bin",
"home-cargo-registry-index": "/usr/local/cargo/registry/index",
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache",
"home-cargo-git-db": "/usr/local/cargo/git/db",
"target": "/build/target"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
- name: Build & push Docker image
id: build
uses: docker/build-push-action@v6
with:
context: .
file: deployment/Dockerfile
build-args: "DEBUG_SYMBOLS=true"
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest,mode=max,image-manifest=true,oci-mediatypes=true
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag')
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
publish-e2e-client-docker-image:
needs:
- verifications-complete
runs-on: buildjet-4vcpu-ubuntu-2204
permissions:
contents: read
packages: write
id-token: write
steps:
- name: Setup environment
run: |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV}
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Configure AWS credentials for ECR publishing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.AWS_ROLE_ARN }}
aws-region: us-east-1 # ecr public is only in us-east-1
- name: Login to Amazon ECR Public
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Log in to the ghcr.io registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
uses: docker/login-action@v2
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Docker meta
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ env.REGISTRY_URL }}-e2e-client
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-e2e-client
tags: |
type=sha
type=ref,event=branch
type=ref,event=tag
type=semver,pattern={{raw}}
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}}
type=raw,value=latest,enable={{is_default_branch}}
- name: Setup Rust build cache
id: cache
uses: buildjet/cache@v3
with:
path: |
home-cargo-bin
home-cargo-registry-index
home-cargo-registry-cache
home-cargo-git-db
target
key: publish-e2e-client-docker-image-${{ hashFiles('**/Cargo.lock') }}
- name: Inject cache into docker
uses: reproducible-containers/buildkit-cache-dance@v3.1.2
with:
cache-map: |
{
"home-cargo-bin": "/usr/local/cargo/bin",
"home-cargo-registry-index": "/usr/local/cargo/registry/index",
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache",
"home-cargo-git-db": "/usr/local/cargo/git/db",
"target": "/build/target"
}
skip-extraction: ${{ steps.cache.outputs.cache-hit }}
- name: Build & push Docker image
id: build
uses: docker/build-push-action@v6
with:
context: .
file: deployment/e2e-client.Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest,mode=max,image-manifest=true,oci-mediatypes=true
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag')
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
publish-fuel-core-binary:
name: Release fuel-core binaries
runs-on: ${{ matrix.job.os }}
# Only do this job if publishing a release
needs:
- verify-tag-version
- verifications-complete
if: github.event_name == 'release' && github.event.action == 'published'
continue-on-error: true
strategy:
fail-fast: false
matrix:
job:
- os: buildjet-4vcpu-ubuntu-2204
platform: linux
target: x86_64-unknown-linux-gnu
cross_image: x86_64-linux-gnu
- os: buildjet-4vcpu-ubuntu-2204
platform: linux-arm
target: aarch64-unknown-linux-gnu
cross_image: aarch64-linux-gnu
- os: macos-latest
platform: darwin
target: x86_64-apple-darwin
- os: macos-latest
platform: darwin-arm
target: aarch64-apple-darwin
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
if: matrix.job.cross_image
uses: docker/setup-buildx-action@v1
- name: Log in to the ghcr.io registry
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204'
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204'
uses: docker/login-action@v2
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Setup custom cross env ${{ matrix.job.cross_image }}
if: matrix.job.cross_image
uses: docker/build-push-action@v2
with:
context: ci
file: ci/Dockerfile.${{ matrix.job.target }}-clang
tags: ${{ matrix.job.cross_image }}:latest
load: true
cache-from: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest
cache-to: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest,mode=max
- name: Install packages (macOS)
if: matrix.job.os == 'macos-latest'
run: |
ci/macos-install-packages.sh
- name: Install toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
target: ${{ matrix.job.target }},"wasm32-unknown-unknown"
- name: Install cross
uses: baptiste0928/cargo-install@v1
with:
crate: cross
cache-key: '${{ matrix.job.target }}'
- name: Build fuel-core and fuel-core-keygen
run: |
cross build --profile=release --target ${{ matrix.job.target }} --no-default-features --features "production" -p fuel-core-bin
cross build --profile=release --target ${{ matrix.job.target }} -p fuel-core-keygen-bin
- name: Strip release binary linux x86_64
if: matrix.job.platform == 'linux'
run: |
strip "target/${{ matrix.job.target }}/release/fuel-core"
strip "target/${{ matrix.job.target }}/release/fuel-core-keygen"
- name: Strip release binary aarch64-linux-gnu
if: matrix.job.target == 'aarch64-unknown-linux-gnu'
run: |
docker run --rm -v \
"$PWD/target:/target:Z" \
aarch64-linux-gnu:latest \
aarch64-linux-gnu-strip \
/target/aarch64-unknown-linux-gnu/release/fuel-core
docker run --rm -v \
"$PWD/target:/target:Z" \
aarch64-linux-gnu:latest \
aarch64-linux-gnu-strip \
/target/aarch64-unknown-linux-gnu/release/fuel-core-keygen
- name: Strip release binary mac
if: matrix.job.os == 'macos-latest'
run: |
strip -x "target/${{ matrix.job.target }}/release/fuel-core"
strip -x "target/${{ matrix.job.target }}/release/fuel-core-keygen"
- name: Prepare Binary Artifact
env:
PLATFORM_NAME: ${{ matrix.job.platform }}
TARGET: ${{ matrix.job.target }}
run: |
# trim refs/tags/ prefix
FUEL_CORE_VERSION="${GITHUB_REF#refs/tags/}"
# optionally trim v from tag prefix
FUEL_CORE_VERSION="${FUEL_CORE_VERSION#v}"
echo "version is: $FUEL_CORE_VERSION"
# setup artifact filename
ARTIFACT="fuel-core-$FUEL_CORE_VERSION-${{ env.TARGET }}"
ZIP_FILE_NAME="$ARTIFACT.tar.gz"
echo "ZIP_FILE_NAME=$ZIP_FILE_NAME" >> $GITHUB_ENV
# create zip file
mkdir -pv "$ARTIFACT"
cp "target/${{ matrix.job.target }}/release/fuel-core" "$ARTIFACT"
cp "target/${{ matrix.job.target }}/release/fuel-core-keygen" "$ARTIFACT"
cp "target/${{ matrix.job.target }}/release/fuel-core-upgradable-executor-cache/wasm32-unknown-unknown/release/fuel-core-wasm-executor.wasm" "$ARTIFACT"
tar -czvf "$ZIP_FILE_NAME" "$ARTIFACT"
- name: Upload Binary Artifact
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./${{ env.ZIP_FILE_NAME }}
asset_name: ${{ env.ZIP_FILE_NAME }}
asset_content_type: application/gzip
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') && matrix.job.os != 'macos-latest'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
# Deploy Fuel Core Ephemeral Developer Environment
deploy-eph-env:
if: startsWith(github.head_ref, 'preview/')
needs:
- publish-docker-image
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- name: Set Environment Variables
run: |
tag=(`echo $GITHUB_SHA | cut -c1-7`)
echo "IMAGE_TAG=`echo sha-$tag`" >> $GITHUB_ENV
echo "DEPLOYMENT_VERSION=$(echo $GITHUB_SHA)" >> $GITHUB_ENV
echo "NAMESPACE=$(echo ${GITHUB_HEAD_REF} | cut -c 9-)" >> $GITHUB_ENV
- name: Deploy Fuel Core Ephemeral Developer Environment
uses: benc-uk/workflow-dispatch@v1
with:
workflow: Deploy Fuel-Core on k8s
repo: FuelLabs/fuel-deployment
ref: refs/heads/master
token: ${{ secrets.REPO_TOKEN }}
inputs: '{ "k8s-type": "${{ env.K8S }}", "config-directory": "${{ env.CONFIG }}", "config-env": "${{ env.ENV }}", "deployment-version": "${{ env.DEPLOYMENT_VERSION }}", "image-tag": "${{ env.IMAGE_TAG }}", "namespace": "${{ env.NAMESPACE }}", "delete-infra": "${{ env.DELETE_INFRA }}" }'
env:
K8S: 'eks'
CONFIG: 'fuel-dev1'
ENV: 'fueldevsway.env'
DELETE_INFRA: true
cargo-audit:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}