daily #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: daily | |
| on: | |
| schedule: | |
| - cron: "14 14 * * *" | |
| # Uncomment below to test. | |
| #push: | |
| # branches: [gha-test-*, canary, auto] | |
| jobs: | |
| audit: | |
| runs-on: ubuntu-latest | |
| container: | |
| image: diem/build_environment:latest | |
| volumes: | |
| - "${{github.workspace}}:/opt/git/diem" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| #this is a painful solution since it doesn't pick up new branches, other option is lotsa shell in one job.... | |
| #to test in canary add in canary here..... | |
| target-branch: [latest, release-1.3, release-1.4] | |
| env: | |
| AUDIT_SUMMARY_FILE: /tmp/summary | |
| steps: | |
| - uses: actions/[email protected] | |
| with: | |
| ref: ${{ matrix.target-branch }} | |
| - uses: ./.github/actions/build-setup | |
| - name: install cargo-audit | |
| run: cargo install --force cargo-audit | |
| - name: audit crates | |
| # List of ignored RUSTSEC | |
| # 1. RUSTSEC-2021-0073 - Not impacted. | |
| # 2. RUSTSEC-2021-0072 - Not impacted. | |
| # 3. RUSTSEC-2020-0071 - Not impacted. | |
| run: | | |
| cargo audit --color never --ignore RUSTSEC-2021-0073 --ignore RUSTSEC-2021-0072 --ignore RUSTSEC-2020-0071 > $AUDIT_SUMMARY_FILE | |
| - name: set issue body content | |
| if: ${{ failure() }} | |
| env: | |
| JOB_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| run: | | |
| echo "ISSUE_BODY<<EOF" >> $GITHUB_ENV | |
| echo "Found RUSTSEC in dependencies in job ${JOB_URL}" >> $GITHUB_ENV | |
| echo "\`\`\`" >> $GITHUB_ENV | |
| head -100 $AUDIT_SUMMARY_FILE >> $GITHUB_ENV | |
| echo "\`\`\`" >> $GITHUB_ENV | |
| echo "EOF" >> $GITHUB_ENV | |
| - uses: diem/actions/create-issue@faadd16607b77dfa2231a8f366883e01717b3225 | |
| if: ${{ failure() }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| title: "RUSTSEC in dependencies in branch ${{ matrix.target-branch }}" | |
| body: ${{ env.ISSUE_BODY }} | |
| labels: "dependecies" | |
| - uses: ./.github/actions/build-teardown | |
| coverage: | |
| runs-on: testnet-runner-ubuntu | |
| container: | |
| image: diem/build_environment:latest | |
| volumes: | |
| - "${{github.workspace}}:/opt/git/diem" | |
| environment: | |
| name: Sccache | |
| env: | |
| CODECOV_OUTPUT: codecov | |
| MESSAGE_PAYLOAD_FILE: /tmp/message | |
| steps: | |
| - uses: actions/[email protected] | |
| - uses: ./.github/actions/build-setup | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.ENV_DIEM_S3_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.ENV_DIEM_S3_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.ENV_DIEM_S3_AWS_REGION }} | |
| - name: produce coverage | |
| run: cargo xtest --html-cov-dir=$CODECOV_OUTPUT/grcovhtml/ --html-lcov-dir=$CODECOV_OUTPUT/lcovhtml/ --no-fail-fast -j 16 || true | |
| - name: Push Coverage Reports to S3 | |
| run: | | |
| set -x | |
| SUFFIX="$(date +"%Y-%m-%d")-$(git rev-parse --short=8 HEAD)" | |
| PREFIX="ci-artifacts.diem.com/coverage"; | |
| #Push grcov | |
| aws s3 cp --recursive ${CODECOV_OUTPUT}/grcovhtml "s3://${PREFIX}/unit-coverage/${SUFFIX}/"; | |
| aws s3 cp --recursive ${CODECOV_OUTPUT}/grcovhtml "s3://${PREFIX}/unit-coverage/latest/"; | |
| echo "Grcov available in s3 https://${PREFIX}/unit-coverage/${SUFFIX}/index.html" >> ${MESSAGE_PAYLOAD_FILE} | |
| #Push lcov | |
| aws s3 cp --recursive ${CODECOV_OUTPUT}/lcovhtml "s3://${PREFIX}/lcov-unit-coverage/${SUFFIX}/"; | |
| aws s3 cp --recursive ${CODECOV_OUTPUT}/lcovhtml "s3://${PREFIX}/lcov-unit-coverage/latest/"; | |
| echo "lcov available in s3 https://${PREFIX}/lcov-unit-coverage/${SUFFIX}/index.html" >> ${MESSAGE_PAYLOAD_FILE} | |
| - name: "Send Message" | |
| uses: ./.github/actions/slack-file | |
| with: | |
| payload-file: ${{ env.MESSAGE_PAYLOAD_FILE }} | |
| webhook: ${{ secrets.WEBHOOK_COVERAGE }} | |
| # Disabling for now as this is not critical for job success. TODO: fix it up. | |
| #- name: publish to codecov.io | |
| # run: bash <(curl -s https://codecov.io/bash) -f $CODECOV_OUTPUT/lcovhtml/lcov.info -F unittest; | |
| #- uses: ./.github/actions/build-teardown | |
| json-rpc-backward-compat-test: | |
| # Test old client from release (prod) and pre-release (rc) branches | |
| # against new server in the latest branch through cluster-test's | |
| # json-rpc interface. | |
| runs-on: testnet-runner-ubuntu | |
| container: | |
| image: diem/build_environment:latest | |
| volumes: | |
| - "${{github.workspace}}:/opt/git/diem" | |
| env: | |
| DEVNET_MINT_TEST_KEY: ${{ secrets.DEVNET_MINT_TEST_KEY }} | |
| DEVNET_ENDPOINT: dev.testnet.diem.com | |
| MESSAGE_PAYLOAD_FILE: /tmp/message | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| release-branch: [release-1.3, release-1.4] | |
| steps: | |
| - uses: actions/[email protected] | |
| with: | |
| ref: ${{ matrix.release-branch }} | |
| - uses: ./.github/actions/build-setup | |
| - name: Run cluster test diag on devnet | |
| run: | | |
| echo ${DEVNET_MINT_TEST_KEY} | base64 -d > /tmp/mint_test.key | |
| RUST_BACKTRACE=full cargo run -p cluster-test -- --diag --swarm --mint-file=/tmp/mint_test.key --peers=dev.testnet.diem.com:80:80 --chain-id=TESTNET > ${MESSAGE_PAYLOAD_FILE} | |
| - name: Run cluster test to submit random txn to devnet | |
| run: | | |
| RUST_BACKTRACE=full cargo run -p cluster-test -- --emit-tx --swarm --mint-file=/tmp/mint_test.key --peers=dev.testnet.diem.com:80:80 --chain-id=DEVNET --accounts-per-client=2 --workers-per-ac=2 --duration=30 >> ${MESSAGE_PAYLOAD_FILE} | |
| - uses: ./.github/actions/slack-file | |
| with: | |
| webhook: ${{ secrets.WEBHOOK_BREAKING_CHANGE }} | |
| payload-file: ${{ env.MESSAGE_PAYLOAD_FILE }} | |
| if: ${{ failure() }} | |
| - uses: ./.github/actions/build-teardown | |
| prover-inconsistency-test: | |
| runs-on: testnet-runner-ubuntu | |
| container: | |
| image: diem/build_environment:${{ matrix.target-branch }} | |
| volumes: | |
| - "${{github.workspace}}:/opt/git/diem" | |
| env: | |
| MESSAGE_PAYLOAD_FILE: /tmp/message | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target-branch: [latest] | |
| steps: | |
| - uses: actions/[email protected] | |
| with: | |
| ref: ${{ matrix.target-branch }} | |
| - uses: ./.github/actions/build-setup | |
| - uses: actions/[email protected] | |
| with: | |
| path: "/opt/cargo/git\n/opt/cargo/registry\n/opt/cargo/.package-cache" | |
| key: crates-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} | |
| restore-keys: "crates-${{ runner.os }}" | |
| - name: Run the prover tests with the inconsistency check and other nightly checks | |
| shell: bash | |
| run: | | |
| cd /opt/git/diem/ | |
| set -o pipefail | |
| MVP_TEST_INCONSISTENCY=1 cargo test -p move-prover --release 2>&1 | tee -a $MESSAGE_PAYLOAD_FILE | |
| MVP_TEST_FEATURE=cvc4 cargo test -p move-prover --release 2>&1 | tee -a $MESSAGE_PAYLOAD_FILE | |
| - uses: ./.github/actions/slack-file | |
| with: | |
| webhook: ${{ secrets.WEBHOOK_MOVE_PROVER }} | |
| payload-file: ${{ env.MESSAGE_PAYLOAD_FILE }} | |
| if: ${{ failure() }} | |
| - uses: ./.github/actions/build-teardown | |
| prune-docker-images: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: Docker | |
| url: https://hub.docker.com/u/diem | |
| steps: | |
| - uses: actions/[email protected] | |
| - name: sign in to DockerHub; install image signing cert | |
| uses: ./.github/actions/dockerhub_login | |
| with: | |
| username: ${{ secrets.ENV_DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.ENV_DOCKERHUB_PASSWORD }} | |
| key_material: ${{ secrets.ENV_DOCKERHUB_KEY_MATERIAL }} | |
| key_name: ${{ secrets.ENV_DOCKERHUB_KEY_NAME }} | |
| key_password: ${{ secrets.ENV_DOCKERHUB_KEY_PASSWORD }} | |
| - name: prune Docker image | |
| if: ${{ github.ref != 'refs/heads/auto' }} | |
| run: | | |
| scripts/dockerhub_prune.sh -u "${{ secrets.ENV_DOCKERHUB_USERNAME }}" -p "${{ secrets.ENV_DOCKERHUB_PASSWORD }}" -x |