Remove ignore RUSTSEC-2024-0336 #10378
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: [ opened, synchronize, reopened, labeled, unlabeled ] | |
release: | |
types: [ published ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
GIT_BRANCH: ${{ github.head_ref || github.ref_name }} | |
GIT_REPO_OWNER: ${{ github.repository_owner }} | |
GIT_REPO: ${{ github.repository }} | |
GIT_REPO_NAME: ${{ github.event.repository.name }} | |
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core | |
AWS_ECR_ORG: fuellabs | |
CARGO_TERM_COLOR: always | |
RUST_VERSION: 1.79.0 | |
RUST_VERSION_FMT: nightly-2023-10-29 | |
RUST_VERSION_COV: nightly-2024-06-05 | |
RUSTFLAGS: -D warnings | |
REGISTRY: ghcr.io | |
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2 | |
jobs: | |
check-changelog: | |
name: Check Changelog | |
runs-on: ubuntu-latest | |
steps: | |
- uses: tarides/changelog-check-action@v2 | |
with: | |
changelog: CHANGELOG.md | |
rustfmt: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install latest nightly | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION_FMT }} | |
components: rustfmt | |
- name: Rustfmt check | |
run: cargo +${{ env.RUST_VERSION_FMT }} fmt --all -- --check | |
lint-toml-files: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: setup binstall | |
uses: taiki-e/install-action@cargo-binstall | |
- name: Install Cargo.toml linter | |
run: cargo binstall --no-confirm cargo-sort | |
- name: Run Cargo.toml sort check | |
run: cargo sort -w --check | |
- name: Install Prettier and TOML Plugin | |
run: | | |
# prettier has issues with global installation and plugin discovery. The temporary `package.json` created by `npm init -y` is a workaround. | |
npm init -y > /dev/null 2>&1 | |
npm install prettier prettier-plugin-toml | |
- name: Check format of Cargo.toml files | |
run: | | |
if ! npx prettier --check "**/Cargo.toml"; then | |
npx prettier --write "**/Cargo.toml" > /dev/null 2>&1 | |
echo "Changes required:" | |
git --no-pager diff | |
exit 1 | |
fi | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
prevent-openssl: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v4 | |
# ensure openssl hasn't crept into the dep tree | |
- name: Check if openssl is included | |
run: ./.github/workflows/scripts/verify_openssl.sh | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
cargo-verifications: | |
needs: | |
- lint-toml-files | |
- prevent-openssl | |
- rustfmt | |
- check-changelog | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
env: | |
RUSTFLAGS: -D warnings | |
strategy: | |
matrix: | |
include: | |
- command: clippy | |
args: -p fuel-core-wasm-executor --target wasm32-unknown-unknown --no-default-features | |
- command: clippy | |
args: --all-targets --all-features | |
- command: check | |
args: --all-targets | |
- command: doc | |
args: --all-features --workspace --no-deps | |
- command: make | |
args: check --locked | |
- command: test | |
args: --workspace | |
- command: test | |
args: --all-features --workspace | |
- command: test | |
args: -p fuel-core --no-default-features | |
- command: test | |
args: -p fuel-core --lib executor --features wasm-executor | |
env: | |
FUEL_ALWAYS_USE_WASM=true | |
- command: test | |
args: -p fuel-core-client --no-default-features | |
- command: test | |
args: -p fuel-core-chain-config --no-default-features | |
# Don't split this command; this is a workaround. | |
# We need to run `cargo check` first to fetch the locked dependencies | |
# for `fuel-core 0.26.0`(because of the bug with `--offline` | |
# and `--locked` when we build `fuel-core-wasm-executor 0.26.0`). | |
- command: check | |
args: --manifest-path version-compatibility/Cargo.toml --workspace && cargo test --manifest-path version-compatibility/Cargo.toml --workspace | |
- command: build | |
args: -p fuel-core-bin --no-default-features --features production | |
# WASM compatibility checks | |
- command: check | |
args: -p fuel-core-types --target wasm32-unknown-unknown --no-default-features --features alloc | |
- command: check | |
args: -p fuel-core-storage --target wasm32-unknown-unknown --no-default-features --features alloc | |
- command: check | |
args: -p fuel-core-client --target wasm32-unknown-unknown --no-default-features | |
- command: check | |
args: -p fuel-core-chain-config --target wasm32-unknown-unknown --no-default-features | |
- command: check | |
args: -p fuel-core-executor --target wasm32-unknown-unknown --no-default-features --features alloc | |
# disallow any job that takes longer than 45 minutes | |
timeout-minutes: 45 | |
continue-on-error: ${{ matrix.skip-error || false }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: "wasm32-unknown-unknown" | |
components: "clippy" | |
- name: Install Cargo Make | |
uses: davidB/rust-cargo-make@v1 | |
with: | |
version: "0.36.4" | |
- uses: rui314/setup-mold@v1 | |
- uses: buildjet/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ matrix.command }}-${{ matrix.args }}-${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- name: ${{ matrix.command }} ${{ matrix.args }} | |
run: ${{ matrix.env }} cargo ${{ matrix.command }} ${{ matrix.args }} | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-crates-check: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: "wasm32-unknown-unknown" | |
- name: Publish crate check | |
uses: FuelLabs/publish-crates@v1 | |
with: | |
dry-run: true | |
check-repo: false | |
ignore-unpublished-changes: true | |
cargo-test-kms: | |
if: github.event.repository.fork == false | |
needs: | |
- rustfmt | |
- check-changelog | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
env: | |
RUSTFLAGS: -D warnings | |
FUEL_CORE_TEST_AWS_KMS_ARN: "arn:aws:kms:us-east-1:249945542445:key/mrk-e13c7118ce544f7da66294f6e87c8790" | |
timeout-minutes: 45 | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Configure AWS credentials for integration testing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::249945542445:role/github_oidc_FuelLabs_fuel-core | |
aws-region: us-east-1 | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- uses: rui314/setup-mold@v1 | |
- uses: buildjet/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: cargo-test-kms-${{ hashFiles('**/Cargo.lock') }} | |
- name: Run integration tests for kms only | |
run: cargo test -p fuel-core-tests --features aws-kms -- kms | |
publish-codecov: | |
name: Publish code coverage report on GitHub pages branch | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
needs: | |
- cargo-verifications | |
permissions: # Write access to push changes to pages | |
contents: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install latest Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION_COV }} | |
targets: wasm32-unknown-unknown | |
- name: Install cargo-llvm-codecov | |
uses: taiki-e/install-action@cargo-llvm-cov | |
- name: Code coverage report | |
run: cargo +${{ env.RUST_VERSION_COV }} llvm-cov --all-features --html --branch | |
- name: Checkout the repo again for pushing pages revision | |
uses: actions/checkout@v4 | |
with: | |
ref: 'codecov-pages' | |
path: 'pages-branch' | |
- name: Push codecov report to pages branch | |
working-directory: ./pages-branch | |
run: | | |
export BRANCH_B64=$(echo -n "${{ env.GIT_BRANCH }}" | basenc --base64url) | |
git config user.email "2204863+Dentosal@users.noreply.github.com" | |
git config user.name "Dentosal" | |
cp -r ../target/llvm-cov/html "$BRANCH_B64" | |
python3 ../.github/workflows/scripts/generate_pages_index.py > index.html | |
git add . | |
git commit -m "Update codecov for ${{ env.GIT_BRANCH }}" | |
git push | |
export PAGES_URL="https://${{ github.repository_owner }}.github.io/${{ github.event.repository.name }}/$BRANCH_B64/index.html" | |
echo "$PAGES_URL" | |
echo "Codecov report $PAGES_URL" >> $GITHUB_STEP_SUMMARY | |
verifications-complete: | |
needs: | |
- cargo-verifications | |
- publish-crates-check | |
- cargo-test-kms | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "pass" | |
verify-tag-version: | |
# Only do this job if publishing a release | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Verify tag version | |
run: | | |
# TODO: Automate running `verify_tag` only for "publish = true" crates | |
curl -sSLf "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -L -o dasel && chmod +x dasel | |
mv ./dasel /usr/local/bin/dasel | |
./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml | |
publish-crates: | |
# Only do this job if publishing a release | |
needs: | |
- verify-tag-version | |
- verifications-complete | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Install toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: "wasm32-unknown-unknown" | |
- name: Publish crate | |
uses: FuelLabs/publish-crates@v1 | |
with: | |
publish-delay: 60000 | |
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
build-docker-images: | |
needs: | |
- publish-crates-check | |
strategy: | |
matrix: | |
arch: [ | |
# build on native runners instead of using emulation | |
{ platform: linux/amd64, runner: buildjet-8vcpu-ubuntu-2204 }, | |
{ platform: linux/arm64, runner: buildjet-16vcpu-ubuntu-2204-arm } | |
] | |
runs-on: ${{ matrix.arch.runner }} | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
platform=${{ matrix.arch.platform }} | |
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v3 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_URL }} | |
- name: Setup Rust build cache | |
id: cache | |
uses: buildjet/cache@v3 | |
with: | |
path: | | |
home-cargo-bin | |
home-cargo-registry-index | |
home-cargo-registry-cache | |
home-cargo-git-db | |
target | |
key: ${{ env.PLATFORM_PAIR }}-${{ hashFiles('**/Cargo.lock') }} | |
- name: Inject cache into docker | |
uses: reproducible-containers/buildkit-cache-dance@v3.1.2 | |
with: | |
cache-map: | | |
{ | |
"home-cargo-bin": "/usr/local/cargo/bin", | |
"home-cargo-registry-index": "/usr/local/cargo/registry/index", | |
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache", | |
"home-cargo-git-db": "/usr/local/cargo/git/db", | |
"target": "/build/target" | |
} | |
skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
- name: Build Docker image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
platforms: ${{ matrix.arch.platform }} | |
file: deployment/Dockerfile | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }} | |
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }},mode=max,image-manifest=true,oci-mediatypes=true | |
outputs: | | |
type=image,name=${{ env.REGISTRY_URL }},push-by-digest=true,name-canonical=true,push=true | |
- name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4 | |
with: | |
name: digests-${{ env.PLATFORM_PAIR }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
publish-docker-image: | |
needs: | |
- build-docker-images | |
- verifications-complete | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
- name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials for ECR publishing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: us-east-1 # ecr public is only in us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v3 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY_URL }} | |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }} | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Create manifest list and push to all registries | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_URL }}@sha256:%s ' *) | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY_URL }}:${{ steps.meta.outputs.version }} | |
# duplicate of publish-docker-image, but with profiling features enabled | |
# this is split into a separate action since it takes longer to build | |
publish-docker-image-profiling: | |
needs: | |
- verifications-complete | |
runs-on: buildjet-16vcpu-ubuntu-2204 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials for ECR publishing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: us-east-1 # ecr public is only in us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY_URL }}-debug | |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-debug | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Setup Rust build cache | |
id: cache | |
uses: buildjet/cache@v3 | |
with: | |
path: | | |
home-cargo-bin | |
home-cargo-registry-index | |
home-cargo-registry-cache | |
home-cargo-git-db | |
target | |
key: publish-docker-image-profiling-${{ hashFiles('**/Cargo.lock') }} | |
- name: Inject cache into docker | |
uses: reproducible-containers/buildkit-cache-dance@v3.1.2 | |
with: | |
cache-map: | | |
{ | |
"home-cargo-bin": "/usr/local/cargo/bin", | |
"home-cargo-registry-index": "/usr/local/cargo/registry/index", | |
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache", | |
"home-cargo-git-db": "/usr/local/cargo/git/db", | |
"target": "/build/target" | |
} | |
skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
- name: Build & push Docker image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: deployment/Dockerfile | |
build-args: "DEBUG_SYMBOLS=true" | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest | |
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-debug:latest,mode=max,image-manifest=true,oci-mediatypes=true | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-e2e-client-docker-image: | |
needs: | |
- verifications-complete | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${GIT_REPO@L}" >>${GITHUB_ENV} | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials for ECR publishing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: us-east-1 # ecr public is only in us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY_URL }}-e2e-client | |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.GIT_REPO_NAME }}-e2e-client | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Setup Rust build cache | |
id: cache | |
uses: buildjet/cache@v3 | |
with: | |
path: | | |
home-cargo-bin | |
home-cargo-registry-index | |
home-cargo-registry-cache | |
home-cargo-git-db | |
target | |
key: publish-e2e-client-docker-image-${{ hashFiles('**/Cargo.lock') }} | |
- name: Inject cache into docker | |
uses: reproducible-containers/buildkit-cache-dance@v3.1.2 | |
with: | |
cache-map: | | |
{ | |
"home-cargo-bin": "/usr/local/cargo/bin", | |
"home-cargo-registry-index": "/usr/local/cargo/registry/index", | |
"home-cargo-registry-cache": "/usr/local/cargo/registry/cache", | |
"home-cargo-git-db": "/usr/local/cargo/git/db", | |
"target": "/build/target" | |
} | |
skip-extraction: ${{ steps.cache.outputs.cache-hit }} | |
- name: Build & push Docker image | |
id: build | |
uses: docker/build-push-action@v6 | |
with: | |
context: . | |
file: deployment/e2e-client.Dockerfile | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest | |
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache-e2e:latest,mode=max,image-manifest=true,oci-mediatypes=true | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-fuel-core-binary: | |
name: Release fuel-core binaries | |
runs-on: ${{ matrix.job.os }} | |
# Only do this job if publishing a release | |
needs: | |
- verify-tag-version | |
- verifications-complete | |
if: github.event_name == 'release' && github.event.action == 'published' | |
continue-on-error: true | |
strategy: | |
fail-fast: false | |
matrix: | |
job: | |
- os: buildjet-4vcpu-ubuntu-2204 | |
platform: linux | |
target: x86_64-unknown-linux-gnu | |
cross_image: x86_64-linux-gnu | |
- os: buildjet-4vcpu-ubuntu-2204 | |
platform: linux-arm | |
target: aarch64-unknown-linux-gnu | |
cross_image: aarch64-linux-gnu | |
- os: macos-latest | |
platform: darwin | |
target: x86_64-apple-darwin | |
- os: macos-latest | |
platform: darwin-arm | |
target: aarch64-apple-darwin | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
if: matrix.job.cross_image | |
uses: docker/setup-buildx-action@v1 | |
- name: Log in to the ghcr.io registry | |
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Setup custom cross env ${{ matrix.job.cross_image }} | |
if: matrix.job.cross_image | |
uses: docker/build-push-action@v2 | |
with: | |
context: ci | |
file: ci/Dockerfile.${{ matrix.job.target }}-clang | |
tags: ${{ matrix.job.cross_image }}:latest | |
load: true | |
cache-from: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest | |
cache-to: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest,mode=max | |
- name: Install packages (macOS) | |
if: matrix.job.os == 'macos-latest' | |
run: | | |
ci/macos-install-packages.sh | |
- name: Install toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
target: ${{ matrix.job.target }},"wasm32-unknown-unknown" | |
- name: Install cross | |
uses: baptiste0928/cargo-install@v1 | |
with: | |
crate: cross | |
cache-key: '${{ matrix.job.target }}' | |
- name: Build fuel-core and fuel-core-keygen | |
run: | | |
cross build --profile=release --target ${{ matrix.job.target }} --no-default-features --features "production" -p fuel-core-bin | |
cross build --profile=release --target ${{ matrix.job.target }} -p fuel-core-keygen-bin | |
- name: Strip release binary linux x86_64 | |
if: matrix.job.platform == 'linux' | |
run: | | |
strip "target/${{ matrix.job.target }}/release/fuel-core" | |
strip "target/${{ matrix.job.target }}/release/fuel-core-keygen" | |
- name: Strip release binary aarch64-linux-gnu | |
if: matrix.job.target == 'aarch64-unknown-linux-gnu' | |
run: | | |
docker run --rm -v \ | |
"$PWD/target:/target:Z" \ | |
aarch64-linux-gnu:latest \ | |
aarch64-linux-gnu-strip \ | |
/target/aarch64-unknown-linux-gnu/release/fuel-core | |
docker run --rm -v \ | |
"$PWD/target:/target:Z" \ | |
aarch64-linux-gnu:latest \ | |
aarch64-linux-gnu-strip \ | |
/target/aarch64-unknown-linux-gnu/release/fuel-core-keygen | |
- name: Strip release binary mac | |
if: matrix.job.os == 'macos-latest' | |
run: | | |
strip -x "target/${{ matrix.job.target }}/release/fuel-core" | |
strip -x "target/${{ matrix.job.target }}/release/fuel-core-keygen" | |
- name: Prepare Binary Artifact | |
env: | |
PLATFORM_NAME: ${{ matrix.job.platform }} | |
TARGET: ${{ matrix.job.target }} | |
run: | | |
# trim refs/tags/ prefix | |
FUEL_CORE_VERSION="${GITHUB_REF#refs/tags/}" | |
# optionally trim v from tag prefix | |
FUEL_CORE_VERSION="${FUEL_CORE_VERSION#v}" | |
echo "version is: $FUEL_CORE_VERSION" | |
# setup artifact filename | |
ARTIFACT="fuel-core-$FUEL_CORE_VERSION-${{ env.TARGET }}" | |
ZIP_FILE_NAME="$ARTIFACT.tar.gz" | |
echo "ZIP_FILE_NAME=$ZIP_FILE_NAME" >> $GITHUB_ENV | |
# create zip file | |
mkdir -pv "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core" "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core-keygen" "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core-upgradable-executor-cache/wasm32-unknown-unknown/release/fuel-core-wasm-executor.wasm" "$ARTIFACT" | |
tar -czvf "$ZIP_FILE_NAME" "$ARTIFACT" | |
- name: Upload Binary Artifact | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./${{ env.ZIP_FILE_NAME }} | |
asset_name: ${{ env.ZIP_FILE_NAME }} | |
asset_content_type: application/gzip | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') && matrix.job.os != 'macos-latest' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
# Deploy Fuel Core Ephemeral Developer Environment | |
deploy-eph-env: | |
if: startsWith(github.head_ref, 'preview/') | |
needs: | |
- publish-docker-image | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Set Environment Variables | |
run: | | |
tag=(`echo $GITHUB_SHA | cut -c1-7`) | |
echo "IMAGE_TAG=`echo sha-$tag`" >> $GITHUB_ENV | |
echo "DEPLOYMENT_VERSION=$(echo $GITHUB_SHA)" >> $GITHUB_ENV | |
echo "NAMESPACE=$(echo ${GITHUB_HEAD_REF} | cut -c 9-)" >> $GITHUB_ENV | |
- name: Deploy Fuel Core Ephemeral Developer Environment | |
uses: benc-uk/workflow-dispatch@v1 | |
with: | |
workflow: Deploy Fuel-Core on k8s | |
repo: FuelLabs/fuel-deployment | |
ref: refs/heads/master | |
token: ${{ secrets.REPO_TOKEN }} | |
inputs: '{ "k8s-type": "${{ env.K8S }}", "config-directory": "${{ env.CONFIG }}", "config-env": "${{ env.ENV }}", "deployment-version": "${{ env.DEPLOYMENT_VERSION }}", "image-tag": "${{ env.IMAGE_TAG }}", "namespace": "${{ env.NAMESPACE }}", "delete-infra": "${{ env.DELETE_INFRA }}" }' | |
env: | |
K8S: 'eks' | |
CONFIG: 'fuel-dev1' | |
ENV: 'fueldevsway.env' | |
DELETE_INFRA: true | |
cargo-audit: | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions-rs/audit-check@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} |