feat: private keys support for testing #559
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
release: | |
types: [published] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
DASEL_VERSION: https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64 | |
RUST_VERSION: 1.79 | |
FUEL_CORE_VERSION: 0.40.0 | |
IMAGE_NAME: ${{ github.repository }} | |
REPO_NAME: ${{ github.event.repository.name }} | |
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-block-committer | |
AWS_ECR_ORG: fuellabs | |
REGISTRY: ghcr.io | |
jobs: | |
verify-rust-version: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Ensure CI is using the same minimum toolchain specified in fuels Cargo.toml | |
- run: | | |
curl -sSLf "$DASEL_VERSION" -L -o dasel && chmod +x dasel | |
mv ./dasel /usr/local/bin/dasel | |
MIN_VERSION=$(cat Cargo.toml | dasel -r toml 'workspace.package.rust-version') | |
RUST_VERSION="${{ env.RUST_VERSION }}" | |
echo "Comparing minimum supported toolchain ($MIN_VERSION) with ci toolchain (RUST_VERSION)" | |
test "$MIN_VERSION" == "$RUST_VERSION" | |
verify-helm-chart: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: alexellis/setup-arkade@v1 | |
- uses: alexellis/arkade-get@master | |
with: | |
helm: latest | |
- name: Lint helm chart | |
run: helm lint helm/fuel-block-committer | |
- name: Verify helm chart version matches crate | |
run: | | |
./.github/scripts/verify_chart_version.sh | |
cargo-verifications: | |
needs: | |
- verify-rust-version | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Check for typos | |
uses: crate-ci/[email protected] | |
- name: Setup Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
components: clippy,rustfmt | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
# The last version of Foundry that didn't experience this issue: https://github.com/alloy-rs/alloy/issues/1371 | |
version: nightly-cb9dfae298fe0b5a5cdef2536955f50b8c7f0bf5 | |
- name: Build cache | |
uses: buildjet/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- name: Run cargo check with all features | |
run: cargo check --all-features | |
- name: Run cargo fmt --check | |
run: cargo fmt --all --verbose -- --check | |
- name: Run cargo clippy | |
run: cargo clippy --all-targets | |
- name: Install Fuel Core | |
run: | | |
curl -sSLf https://github.com/FuelLabs/fuel-core/releases/download/v${{ env.FUEL_CORE_VERSION }}/fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz -L -o fuel-core.tar.gz | |
tar -xvf fuel-core.tar.gz | |
chmod +x fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core | |
mv fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core /usr/local/bin/fuel-core | |
- name: Unit/integration tests | |
run: cargo test --workspace --exclude e2e | |
additional-check-for-published-crates: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Setup Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Setup cargo hack | |
uses: taiki-e/install-action@cargo-hack | |
- name: Run cargo hack to check for invalid feature flag combinations | |
working-directory: packages/encoding | |
run: cargo hack --feature-powerset --no-dev-deps check | |
e2e-release-build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Setup Rust | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Build release binary | |
run: cargo build --release --bin fuel-block-committer | |
- name: Upload release binary | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fuel-block-committer-binary | |
path: target/release/fuel-block-committer | |
e2e-tests: | |
needs: e2e-release-build | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Install Foundry | |
uses: foundry-rs/foundry-toolchain@v1 | |
with: | |
# The last version of Foundry that didn't experience this issue: https://github.com/alloy-rs/alloy/issues/1371 | |
version: nightly-cb9dfae298fe0b5a5cdef2536955f50b8c7f0bf5 | |
- name: Download release binary | |
uses: actions/download-artifact@v4 | |
with: | |
name: fuel-block-committer-binary | |
path: ./target/release | |
- name: Ensure Binary is Executable | |
run: chmod +x ./target/release/fuel-block-committer | |
- name: Install Fuel Core | |
run: | | |
curl -sSLf https://github.com/FuelLabs/fuel-core/releases/download/v${{ env.FUEL_CORE_VERSION }}/fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu.tar.gz -L -o fuel-core.tar.gz | |
tar -xvf fuel-core.tar.gz | |
chmod +x fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core | |
mv fuel-core-${{ env.FUEL_CORE_VERSION }}-x86_64-unknown-linux-gnu/fuel-core /usr/local/bin/fuel-core | |
- name: Run E2E tests | |
run: | | |
./target/release/fuel-block-committer --version | |
PATH="$(pwd)/target/release:$PATH" cargo test --package e2e --jobs 1 | |
publish-crates-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Publish crate check | |
uses: katyo/publish-crates@v2 | |
with: | |
dry-run: true | |
check-repo: false | |
ignore-unpublished-changes: true | |
build-docker-images: | |
strategy: | |
matrix: | |
arch: [ | |
# build on native runners instead of using emulation | |
{platform: linux/amd64, runner: buildjet-8vcpu-ubuntu-2204}, | |
{platform: linux/arm64, runner: buildjet-8vcpu-ubuntu-2204-arm} | |
] | |
runs-on: ${{ matrix.arch.runner }} | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${IMAGE_NAME@L}" >>${GITHUB_ENV} | |
platform=${{ matrix.arch.platform }} | |
echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v3 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: ${{ env.REGISTRY_URL }} | |
- name: Build Docker image | |
uses: docker/build-push-action@v6 | |
id: build | |
with: | |
context: . | |
platforms: ${{ matrix.arch.platform }} | |
file: Dockerfile | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }} | |
cache-to: type=registry,ref=${{ env.REGISTRY_URL }}-build-cache:latest-${{ matrix.arch.runner }},mode=max,image-manifest=true,oci-mediatypes=true | |
outputs: | | |
type=image,name=${{ env.REGISTRY_URL }},push-by-digest=true,name-canonical=true,push=true | |
- name: Export digest | |
run: | | |
mkdir -p /tmp/digests | |
digest="${{ steps.build.outputs.digest }}" | |
touch "/tmp/digests/${digest#sha256:}" | |
- name: Upload digest | |
uses: actions/upload-artifact@v4 | |
with: | |
name: digests-${{ env.PLATFORM_PAIR }} | |
path: /tmp/digests/* | |
if-no-files-found: error | |
retention-days: 1 | |
publish-docker-images: | |
needs: | |
- build-docker-images | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
id-token: write | |
steps: | |
- name: Setup environment | |
run: | | |
echo "REGISTRY_URL=${REGISTRY@L}/${IMAGE_NAME@L}" >>${GITHUB_ENV} | |
- name: Download digests | |
uses: actions/download-artifact@v4 | |
with: | |
path: /tmp/digests | |
pattern: digests-* | |
merge-multiple: true | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Configure AWS credentials for ECR publishing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: ${{ env.AWS_ROLE_ARN }} | |
aws-region: us-east-1 # ecr public is only in us-east-1 | |
- name: Login to Amazon ECR Public | |
id: login-ecr-public | |
uses: aws-actions/amazon-ecr-login@v2 | |
with: | |
registry-type: public | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v3 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Docker metadata | |
id: meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
${{ env.REGISTRY_URL }} | |
${{ steps.login-ecr-public.outputs.registry }}/${{ env.AWS_ECR_ORG }}/${{ env.REPO_NAME }} | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} | |
type=raw,value=latest,enable={{is_default_branch}} | |
- name: Create manifest list and push to all registries | |
working-directory: /tmp/digests | |
run: | | |
docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ | |
$(printf '${{ env.REGISTRY_URL }}@sha256:%s ' *) | |
- name: Inspect image | |
run: | | |
docker buildx imagetools inspect ${{ env.REGISTRY_URL }}:${{ steps.meta.outputs.version }} | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish: | |
needs: | |
- cargo-verifications | |
- additional-check-for-published-crates | |
- publish-crates-check | |
- e2e-tests | |
# Only do this job if publishing a release | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Verify tag version | |
run: | | |
curl -sSLf "$DASEL_VERSION" -L -o dasel && chmod +x dasel | |
mv ./dasel /usr/local/bin/dasel | |
./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml | |
- name: Publish crate | |
uses: FuelLabs/publish-crates@v1 | |
with: | |
publish-delay: 30000 | |
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} |