ci/cd refactor: on-pr workflow #35
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # On PR workflow | |
| # CBB List: | |
| # - Lint Shell | |
| # - CodeCov | |
| # - Integration tests | |
| name: on-pr | |
| on: | |
| pull_request: {} | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| pull-requests: write | |
| contents: read | |
| env: | |
| ARTIFACT_NAME: placeholder | |
| GH_SHORT_SHA: placeholder | |
| RUST_BIN_PATH: placeholder | |
| CONSENSUS_ENCLAVE_CSS: /var/tmp/consensus-enclave.css | |
| INGEST_ENCLAVE_CSS: /var/tmp/ingest-enclave.css | |
| jobs: | |
| meta: | |
| runs-on: mco-dev-small-x64 | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| steps: | |
| - name: Set Version | |
| id: version | |
| run: | | |
| echo "version=v0-sha-${GITHUB_SHA::7}" >> "${GITHUB_OUTPUT}" | |
| lint-actions: | |
| runs-on: mco-dev-small-x64 | |
| steps: | |
| - name: Lint GitHub Actions | |
| uses: mobilecoinofficial/gh-actions/lint-actions@v0 | |
| # CBB: Need to clean up repo shell scripts to pass shellcheck | |
| # lint-shell: | |
| # runs-on: mco-dev-small-x64 | |
| # steps: | |
| # - name: Lint shell with Shellcheck | |
| # uses: mobilecoinofficial/gh-actions/lint-shell@v0 | |
| lint-helm: | |
| runs-on: mco-dev-small-x64 | |
| steps: | |
| - name: Lint Helm Charts | |
| uses: mobilecoinofficial/gh-actions/lint-helm@v0 | |
| lint-docker: | |
| runs-on: mco-dev-small-x64 | |
| steps: | |
| - name: Lint Dockerfiles with Hadolint | |
| uses: mobilecoinofficial/gh-actions/lint-docker@v0 | |
| lint-rust: | |
| runs-on: mco-dev-large-x64 | |
| container: | |
| image: mobilecoin/rust-sgx-base:v0.0.36 | |
| env: | |
| SGX_MODE: SW | |
| steps: | |
| - name: Checkout | |
| uses: mobilecoinofficial/gh-actions/checkout@v0 | |
| - name: Consensus SigStruct | |
| uses: ./.github/actions/download-sigstruct | |
| with: | |
| sigstruct: consensus | |
| network: test | |
| download_path: ${{ env.CONSENSUS_ENCLAVE_CSS }} | |
| - name: Ingest SigStruct | |
| uses: ./.github/actions/download-sigstruct | |
| with: | |
| sigstruct: ingest | |
| network: test | |
| download_path: ${{ env.INGEST_ENCLAVE_CSS }} | |
| # we don't need to cache the results, we just want an indication of test success | |
| # so we can skip the next step if rust code hasn't changed | |
| - name: Cache Rust Binaries | |
| id: cache | |
| uses: mobilecoinofficial/gh-actions/cache-rust-binaries@v0 | |
| with: | |
| cache_buster: ${{ vars.CACHE_BUSTER }} | |
| additional_keys: -lintrust | |
| path: .dummy | |
| - name: Cargo sort | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: bash | |
| run: | | |
| cargo install cargo-sort --force | |
| cargo sort --workspace --grouped --check | |
| - name: Cargo fmt | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: bash | |
| run: | | |
| cargo fmt -- --unstable-features --check | |
| - name: Cargo Clippy | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: bash | |
| run: | | |
| cargo clippy --all --all-features | |
| - name: Success | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: bash | |
| run: touch .dummy/success | |
| test-rust: | |
| runs-on: mco-dev-large-x64 | |
| container: | |
| image: mobilecoin/rust-sgx-base:v0.0.36 | |
| env: | |
| SGX_MODE: SW | |
| steps: | |
| - name: Checkout | |
| uses: mobilecoinofficial/gh-actions/checkout@v0 | |
| - name: Consensus SigStruct | |
| uses: ./.github/actions/download-sigstruct | |
| with: | |
| sigstruct: consensus | |
| network: test | |
| download_path: ${{ env.CONSENSUS_ENCLAVE_CSS }} | |
| - name: Ingest SigStruct | |
| uses: ./.github/actions/download-sigstruct | |
| with: | |
| sigstruct: ingest | |
| network: test | |
| download_path: ${{ env.INGEST_ENCLAVE_CSS }} | |
| # we don't need to cache the results, we just want an indication of test success | |
| # so we can skip the next step if rust code hasn't changed | |
| - name: Cache Rust Binaries | |
| id: cache | |
| uses: mobilecoinofficial/gh-actions/cache-rust-binaries@v0 | |
| with: | |
| cache_buster: ${{ vars.CACHE_BUSTER }} | |
| additional_keys: -testrust | |
| path: .dummy | |
| - name: Cargo Test | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: bash | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| RUSTFLAGS: "-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests" | |
| RUSTDOCFLAGS: "-Zprofile -Ccodegen-units=1 -Cinline-threshold=0 -Clink-dead-code -Coverflow-checks=off -Cpanic=abort -Zpanic_abort_tests" | |
| run: | | |
| cargo test | |
| - name: Success | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| shell: bash | |
| run: touch .dummy/success | |
| # skip coverage for now, old actions-rs/grcov is deprecated | |
| # need to learn how to generate .xml reports for codecov below | |
| # - name: grcov | |
| # shell: bash | |
| # run: | | |
| # cargo install grcov | |
| # - name: Codecov | |
| # uses: codecov/codecov-action@v3.1.4 | |
| # with: | |
| # files: ${{ steps.coverage.outputs.report }} | |
| # verbose: true | |
| # fail_ci_if_error: true | |
| # env: | |
| # CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| build-rust-linux: | |
| needs: | |
| - meta | |
| strategy: | |
| matrix: | |
| runner: | |
| - mco-dev-large-x64 | |
| network: | |
| - main | |
| - test | |
| runs-on: ${{ matrix.runner }} | |
| container: | |
| image: mobilecoin/rust-sgx-base:v0.0.36 | |
| steps: | |
| - name: Checkout | |
| uses: mobilecoinofficial/gh-actions/checkout@v0 | |
| - name: Build Rust | |
| uses: ./.github/actions/build-rust | |
| with: | |
| network: ${{ matrix.network }} | |
| version: ${{ needs.meta.outputs.version }}.${{ matrix.network }}net | |
| cache_buster: ${{ vars.CACHE_BUSTER }} | |
| build-rust-macos: | |
| needs: | |
| - meta | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: | |
| - aarch64-apple-darwin | |
| - x86_64-apple-darwin | |
| network: | |
| - main | |
| - test | |
| runs-on: macos-latest | |
| steps: | |
| - name: Checkout | |
| uses: mobilecoinofficial/gh-actions/checkout@v0 | |
| - name: Bootstrap MacOS Rust | |
| uses: ./.github/actions/bootstrap-macos | |
| with: | |
| target: ${{ matrix.target }} | |
| - name: Build Rust | |
| uses: ./.github/actions/build-rust | |
| with: | |
| target: ${{ matrix.target }} | |
| network: ${{ matrix.network }} | |
| version: ${{ needs.meta.outputs.version }}.${{ matrix.network }}net | |
| cache_buster: ${{ vars.CACHE_BUSTER }} | |
| build-publish-containers: | |
| needs: | |
| - meta | |
| - build-rust-linux | |
| strategy: | |
| matrix: | |
| runner: | |
| - mco-dev-small-x64 | |
| network: | |
| - main | |
| - test | |
| runs-on: ${{ matrix.runner }} | |
| steps: | |
| - name: Checkout | |
| uses: mobilecoinofficial/gh-actions/checkout@v0 | |
| - name: Build and Publish Docker | |
| uses: ./.github/actions/build-publish-docker | |
| with: | |
| network: ${{ matrix.network }} | |
| version: ${{ needs.meta.outputs.version }}.${{ matrix.network }}net | |
| cache_buster: ${{ vars.CACHE_BUSTER }} | |
| docker_username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| docker_password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| build-publish-charts: | |
| needs: | |
| - meta | |
| - build-publish-containers | |
| strategy: | |
| matrix: | |
| network: | |
| - main | |
| - test | |
| runs-on: mco-dev-small-x64 | |
| steps: | |
| - name: Checkout | |
| uses: mobilecoinofficial/gh-actions/checkout@v0 | |
| - name: Build and Publish Helm Charts | |
| uses: ./.github/actions/build-publish-charts | |
| with: | |
| version: ${{ needs.meta.outputs.version }}.${{ matrix.network }}net | |
| repo_username: ${{ secrets.HARBOR_USERNAME }} | |
| repo_password: ${{ secrets.HARBOR_PASSWORD }} |