Skip to content
CI (nix)

Merge pull request #3932 from dpc/23-12-12-preallocation-size #28

Sign in to view logs

Merge pull request #3932 from dpc/23-12-12-preallocation-size

Merge pull request #3932 from dpc/23-12-12-preallocation-size #28

Workflow file for this run

.github/workflows/ci-nix.yml at 193ab96
# This is a basic workflow to help you get started with Actions
name: "CI (nix)"
# Controls when the workflow will run
on:
# Triggers the workflow on push or pull request events but only for the "main" branch and release tags
push:
branches: [ "main", "master", "devel", "releases/v*" ]
tags:
- 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
pull_request:
branches: [ "main", "master", "devel", "releases/v*" ]
merge_group:
branches: [ "main", "master", "devel", "releases/v*" ]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
self-care:
name: Flake self-check
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Check Nix flake inputs
uses: DeterminateSystems/flake-checker-action@v5
with:
fail-mode: true
nixpkgs-keys: nixpkgs
lint:
name: "Lint"
runs-on: ubuntu-22.04
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
with:
nix_path: nixpkgs=channel:nixos-22.05
- uses: cachix/cachix-action@v13
with:
name: fedimint
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
continue-on-error: true
# caching ~/.cargo to avoid downloading all (especially git) deps in pre-commit's `cargo update --lock` check
- name: Cache ~/.cargo
uses: actions/cache@v3
with:
path: ~/.cargo
key: ${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
# run the same check that git `pre-commit` hook would, just in case
- name: Commit check
run: nix develop --ignore-environment .#lint --command ./misc/git-hooks/pre-commit
- name: Check udeps
run: nix build -L .#nightly.test.workspaceCargoUdeps
build:
if: github.repository == 'fedimint/fedimint'
strategy:
matrix:
host:
- linux
- macos
include:
- host: linux
runs-on: buildjet-8vcpu-ubuntu-2004
build-in-pr: true
timeout: 60
run-tests: true
- host: macos
runs-on: macos-12
build-in-pr: false
# TODO: Too slow; see https://github.com/actions/runner-images/issues/1336
timeout: 60
run-tests: false
name: "Build on ${{ matrix.host }}"
runs-on: ${{ matrix.runs-on }}
timeout-minutes: ${{ matrix.timeout }}
steps:
- uses: actions/checkout@v4
if: github.event_name != 'pull_request' || matrix.build-in-pr
- uses: cachix/install-nix-action@v24
if: github.event_name != 'pull_request' || matrix.build-in-pr
with:
nix_path: nixpkgs=channel:nixos-22.05
- uses: cachix/cachix-action@v13
if: github.event_name != 'pull_request' || matrix.build-in-pr
with:
name: fedimint
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
continue-on-error: true
- name: Build workspace
if: github.event_name != 'pull_request' || matrix.build-in-pr
run: nix build -L .#ci.workspaceBuild
- name: Clippy workspace
if: github.event_name != 'pull_request' || matrix.build-in-pr
run: nix build -L .#ci.workspaceClippy
- name: Run cargo doc
if: (github.event_name != 'pull_request' || matrix.build-in-pr) && (matrix.host != 'macos')
run: nix build -L .#ci.workspaceDoc
- name: Test docs
if: (github.event_name != 'pull_request' || matrix.build-in-pr) && (matrix.host != 'macos')
run: nix build -L .#ci.workspaceTestDoc
- name: Tests
if: (github.event_name != 'pull_request' || matrix.build-in-pr) && matrix.run-tests
run: |
nix build -L .#ci.ciTestAll --keep-failed
- name: Wasm Tests
if: (github.event_name != 'pull_request' || matrix.build-in-pr) && matrix.run-tests && (matrix.host != 'macos')
run: nix build -L .#wasm32-unknown.ci.wasmTest --keep-failed
- name: Prepare failed test build dirs
if: always()
run: |
set -x
# delete source and target artifacts as it is huge and rather useless now
sudo rm -Rf /tmp/nix-build-*/source || true
# chown so actions/upload-artifact can access it
sudo chown -R $USER /tmp/nix-build-* || true
# delete unix sockets, as actions/upload-artifact can't handle them
find /tmp/nix-build-* -type s -print0 | xargs -0 rm || true
- name: Upload failed test build dirs
if: always()
uses: actions/upload-artifact@v3
with:
name: "fedimint-failed-test-logs-${{ github.run_number }}-${{ matrix.host}}"
path: |
/tmp/nix-build-*/
!/tmp/nix-build-*/source/
audit:
if: github.repository == 'fedimint/fedimint'
name: "Audit"
runs-on: buildjet-2vcpu-ubuntu-2004
timeout-minutes: 10
# sometimes we can't fix these immediately, yet
# we don't want to stop the world because of it
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
with:
nix_path: nixpkgs=channel:nixos-22.05
- uses: cachix/cachix-action@v13
with:
name: fedimint
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
- name: Run cargo audit
run: |
nix flake update advisory-db
nix build -L .#ci.cargoAudit
- name: Run cargo deny
run: |
nix build -L .#ci.cargoDeny
# Code Coverage will build using a completely different profile (neither debug/release)
# Which means we can not reuse much from `build` job. Might as well run it as another
# build in parallel
ccov:
if: github.repository == 'fedimint/fedimint'
name: "Code coverage"
runs-on: buildjet-8vcpu-ubuntu-2004
timeout-minutes: 45
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
with:
nix_path: nixpkgs=channel:nixos-22.05
- uses: cachix/cachix-action@v13
with:
name: fedimint
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
continue-on-error: true
- name: Validate codecov.yaml configuration
run: nix run nixpkgs#curl -- --fail-with-body -X POST --data-binary @.codecov.yml https://codecov.io/validate
- name: Build and run tests with Code Coverage
run: nix build -L .#ci.workspaceCov
- name: Ensure lcov.info exists
run: test -f result/lcov.info
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: result/lcov.info
cross:
name: "Cross-compile on ${{ matrix.host }} to ${{ matrix.toolchain }}"
strategy:
matrix:
host:
- linux
- macos
toolchain:
- aarch64-android
- armv7-android
- x86_64-android
- wasm32-unknown
include:
- host: linux
runs-on: ubuntu-22.04
build-in-pr: true
timeout: 20
- host: macos
runs-on: macos-12
build-in-pr: false
# TODO: Too slow; see https://github.com/actions/runner-images/issues/1336
timeout: 60
exclude:
# there's not enough macos runners available for our CI, so test only the more important cross-compilation toolchains
# if they work, rest probably works as well
- host: macos
toolchain: armv7-linux-androideabi
- host: macos
toolchain: x86_64-linux-android
runs-on: ${{ matrix.runs-on }}
timeout-minutes: ${{ matrix.timeout }}
steps:
- uses: actions/checkout@v4
if: github.event_name != 'pull_request' || matrix.build-in-pr
- uses: cachix/install-nix-action@v24
if: github.event_name != 'pull_request' || matrix.build-in-pr
with:
nix_path: nixpkgs=channel:nixos-22.05
- uses: cachix/cachix-action@v13
if: github.event_name != 'pull_request' || matrix.build-in-pr
with:
name: fedimint
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
continue-on-error: true
- name: Build client packages for ${{ matrix.toolchain }}
if: github.event_name != 'pull_request' || matrix.build-in-pr
run: nix build -L .#${{ matrix.toolchain }}.ci.client-pkgs
containers:
if: github.repository == 'fedimint/fedimint'
name: "Containers"
runs-on: buildjet-8vcpu-ubuntu-2004
timeout-minutes: 30
steps:
- name: Checkout Code
uses: actions/checkout@v4
- name: Prepare
uses: ./.github/actions/prepare
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
with:
nix_path: nixpkgs=channel:nixos-22.05
- uses: cachix/cachix-action@v13
with:
name: fedimint
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
continue-on-error: true
- name: Build fedimintd container
run: |
nix build -L .#container.fedimintd
echo "fedimintd_container_tag=$(docker load < result | awk '{ print $3 }')" >> $GITHUB_ENV
- name: Build fedimint-cli container
run: |
nix build -L .#container.fedimint-cli
echo "fedimint_cli_container_tag=$(docker load < result | awk '{ print $3 }')" >> $GITHUB_ENV
- name: Build gatewayd container
run: |
nix build -L .#container.gatewayd
echo "gatewayd_container_tag=$(docker load < result | awk '{ print $3 }')" >> $GITHUB_ENV
- name: Build gateway-cli container
run: |
nix build -L .#container.gateway-cli
echo "gateway-cli_container_tag=$(docker load < result | awk '{ print $3 }')" >> $GITHUB_ENV
- name: Build devtools container
run: |
nix build -L .#container.devtools
echo "devtools_container_tag=$(docker load < result | awk '{ print $3 }')" >> $GITHUB_ENV
- name: Login to Docker Hub
if: github.ref == 'refs/heads/master' || github.ref_type == 'tag'
uses: docker/login-action@v3
with:
username: fedimint
password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
- name: Publish
if: github.ref == 'refs/heads/master'
run: |
nix_tag=${{ env.fedimintd_container_tag }} && hub_tag="fedimint/fedimintd:${LAST_COMMIT_SHA}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.fedimint_cli_container_tag }} && hub_tag="fedimint/fedimint-cli:${LAST_COMMIT_SHA}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.gatewayd_container_tag }} && hub_tag="fedimint/gatewayd:${LAST_COMMIT_SHA}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.gateway-cli_container_tag }} && hub_tag="fedimint/gateway-cli:${LAST_COMMIT_SHA}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.devtools_container_tag }} && hub_tag="fedimint/devtools:${LAST_COMMIT_SHA}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
- name: Publish master tag
if: github.ref == 'refs/heads/master'
run: |
nix_tag=${{ env.fedimintd_container_tag }} && hub_tag="fedimint/fedimintd:master" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.fedimint_cli_container_tag }} && hub_tag="fedimint/fedimint-cli:master" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.gatewayd_container_tag }} && hub_tag="fedimint/gatewayd:master" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.gateway-cli_container_tag }} && hub_tag="fedimint/gateway-cli:master" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.devtools_container_tag }} && hub_tag="fedimint/devtools:master" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
- name: Publish tagged release
if: github.ref_type == 'tag'
run: |
nix_tag=${{ env.fedimintd_container_tag }} && hub_tag="fedimint/fedimintd:${GITHUB_REF_NAME}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.fedimint_cli_container_tag }} && hub_tag="fedimint/fedimint-cli:${GITHUB_REF_NAME}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.gatewayd_container_tag }} && hub_tag="fedimint/gatewayd:${GITHUB_REF_NAME}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.gateway-cli_container_tag }} && hub_tag="fedimint/gateway-cli:${GITHUB_REF_NAME}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
nix_tag=${{ env.devtools_container_tag }} && hub_tag="fedimint/devtools:${GITHUB_REF_NAME}" && docker tag "$nix_tag" "$hub_tag" && docker push "$hub_tag"
pkgs:
if: github.repository == 'fedimint/fedimint' && (github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/releases') || github.ref_type == 'tag')
name: "Release packages: ${{ matrix.build.flake-output }}"
strategy:
matrix:
build:
- flake-output: fedimint-pkgs
bins: fedimintd,fedimint-cli
deb: fedimint
- flake-output: gateway-pkgs
bins: gateway-cli,gatewayd
deb: fedimint-gateway
runs-on: buildjet-4vcpu-ubuntu-2004
timeout-minutes: 30
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v24
with:
nix_path: nixpkgs=channel:nixos-22.05
- uses: cachix/cachix-action@v13
with:
name: fedimint
authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}'
continue-on-error: true
- name: Build ${{ matrix.build.flake-output }}
run: |
nix build -L .#${{ matrix.build.flake-output }}
mkdir -p bins
bins="${{ matrix.build.bins }}"
for bin in ${bins//,/ } ; do
nix bundle .#$bin -o bins/$bin
done
- name: Check version ${{ matrix.build.bins }}
run: |
bins="${{ matrix.build.bins }}"
for bin in ${bins//,/ } ; do
nix run .#$bin version-hash && echo "$GITHUB_SHA" && test "$(nix run .#$bin version-hash)" = "${GITHUB_SHA}"
done
- name: Check sha256sum ${{ matrix.build.bins }}
run: |
bins="${{ matrix.build.bins }}"
for bin in ${bins//,/ } ; do
nix build .#$bin && sha256sum "./result/bin/$bin"
done
- name: Upload Binaries
uses: actions/upload-artifact@v3
with:
name: "${{ matrix.build.flake-output}}-linux-x86_64"
path: "bins/**"
- name: Build DEB package
run: |
bins="${{ matrix.build.bins }}"
for bin in ${bins//,/ } ; do
nix bundle -L --bundler github:NixOS/bundlers#toDEB --accept-flake-config -o debs/$bin .#$bin
# workaround: https://github.com/actions/upload-artifact/issues/92
cp -a debs/$bin/*.deb debs/
done
- name: Build RPM package
run: |
bins="${{ matrix.build.bins }}"
for bin in ${bins//,/ } ; do
nix bundle -L --bundler github:NixOS/bundlers#toRPM --accept-flake-config -o rpms/$bin .#$bin
# workaround: https://github.com/actions/upload-artifact/issues/92
cp -a rpms/$bin/*.rpm rpms/
done
- name: Upload DEB packages
uses: actions/upload-artifact@v3
with:
name: "deb-bundle"
path: "debs/**.deb"
- name: Upload RPM packages
uses: actions/upload-artifact@v3
with:
name: "rpm-bundle"
path: "rpms/**.rpm"
notifications:
if: always() && github.repository == 'fedimint/fedimint'
name: "Notifications"
timeout-minutes: 1
runs-on: ubuntu-22.04
# note: we don't depend on `audit` because it will
# be often broken, and we can't fix it immediately
needs: [ build, cross, ccov, containers, pkgs ]
steps:
- name: Discord notifications on failure
# https://stackoverflow.com/a/74562058/134409
if: ${{ always() && contains(needs.*.result, 'failure') }}
# https://github.com/marketplace/actions/actions-status-discord
uses: sarisia/actions-status-discord@v1
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
# current job is a success, but that's not what we're interested in
status: failure