Skip to content

Add SSS support

Add SSS support #472

Workflow file for this run

name: Tests
on:
push:
branches: [ 'main' ]
pull_request:
workflow_dispatch:
jobs:
check-signoff:
if: "github.event_name == 'pull_request'"
uses: "matrix-org/backend-meta/.github/workflows/sign-off.yml@v2"
js-latest-main:
name: Tests (JS only, latest)
uses: ./.github/workflows/single_sdk_tests.yml
with:
use_js_sdk: 'MATCHING_BRANCH'
use_complement_crypto: '.'
rust-latest-main:
name: Tests (Rust only, latest)
uses: ./.github/workflows/single_sdk_tests.yml
with:
use_rust_sdk: 'MATCHING_BRANCH'
use_complement_crypto: '.'
complement:
name: Tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3 # Checkout crypto tests
# Install Node, Go and Rust, along with libolm and gotestfmt
- name: Setup | Node.js LTS
uses: actions/setup-node@v3
with:
node-version: "lts/*"
cache: 'yarn'
cache-dependency-path: "internal/api/js/js-sdk/yarn.lock"
- name: Setup | Go
uses: actions/setup-go@v4
with:
go-version: '1.21'
- name: Setup | Rust
uses: dtolnay/rust-toolchain@stable
with:
toolchain: stable
- name: Checkout matrix-rust-sdk
run: |
BRANCH=$(./.github/workflows/resolve_branch.sh matrix-org/matrix-rust-sdk)
mkdir rust-sdk
wget -O archive.tar.gz "https://github.com/matrix-org/matrix-rust-sdk/archive/$BRANCH.tar.gz"
zcat < archive.tar.gz | git get-tar-commit-id # useful for debugging
tar -xz --strip-components=1 -C rust-sdk < archive.tar.gz
- uses: Swatinem/rust-cache@v2
with:
workspaces: "rust-sdk"
- name: "Install Complement Dependencies"
run: |
sudo apt-get update && sudo apt-get install -y libolm3 libolm-dev
go install -v github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
# Install whatever version of the JS SDK is in package.json
- name: Build JS SDK
run: |
BRANCH=$(./.github/workflows/resolve_branch.sh matrix-org/matrix-js-sdk)
./rebuild_js_sdk.sh "matrix-js-sdk@https://github.com/matrix-org/matrix-js-sdk#$BRANCH"
- name: Build Rust FFI bindings
run: |
./install_uniffi_bindgen_go.sh && ./rebuild_rust_sdk.sh ./rust-sdk
# Temporary: as it takes 3m to build the complement synapse image >:(
- name: Pull synapse service v1.114.0 and mitmproxy
shell: bash
run: |
docker pull ghcr.io/matrix-org/synapse-service:v1.114.0
docker pull mitmproxy/mitmproxy:10.1.5
docker tag ghcr.io/matrix-org/synapse-service:v1.114.0 homeserver:latest
# Build homeserver image, honouring branch names
#- name: "Checkout corresponding Synapse branch"
#shell: bash
#run: |
#mkdir -p homeserver
#
## Attempt to use the version of the homeserver which best matches the
## current build.
##
## 1. If we are not on complement's default branch, check if there's a
## similarly named branch (GITHUB_HEAD_REF for pull requests,
## otherwise GITHUB_REF).
## 2. otherwise, use the default homeserver branch ("HEAD")
#
#for BRANCH_NAME in "$GITHUB_HEAD_REF" "${GITHUB_REF#refs/heads/}" "HEAD"; do
## Skip empty branch names, merge commits, and our default branch.
## (If we are on complement's default branch, we want to fall through to the HS's default branch
## rather than using the HS's 'master'/'main').
#case "$BRANCH_NAME" in
#"" | refs/pull/* | main | master)
#continue
#;;
#esac
#(wget -O - "https://github.com/matrix-org/synapse/archive/$BRANCH_NAME.tar.gz" | tar -xz --strip-components=1 -C homeserver) && break
#done
## Build the base Synapse dockerfile and then build a Complement-specific image from that base.
#- run: |
#docker build -t matrixdotorg/synapse:latest -f docker/Dockerfile .
#docker build -t matrixdotorg/synapse-workers:latest -f docker/Dockerfile-workers .
#docker build -t homeserver -f docker/complement/Dockerfile docker/complement
#working-directory: homeserver
#env:
#DOCKER_BUILDKIT: 1
- name: "Run Complement-Crypto unit tests"
env:
COMPLEMENT_BASE_IMAGE: homeserver
run: |
export LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
export LD_LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
go test $(go list ./internal/... | grep -v 'internal/tests') -timeout 60s
- name: "Building RPC client"
run: |
export LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
export LD_LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
go build -tags=jssdk,rust ./cmd/rpc
- name: "Ensuring client implementations work..."
run: |
export LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
export LD_LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
export COMPLEMENT_CRYPTO_RPC_BINARY="$(pwd)/rpc"
set -o pipefail &&
go test -v -json -count=1 -timeout 15m ./internal/tests | gotestfmt
shell: bash # required for pipefail to be A Thing. pipefail is required to stop gotestfmt swallowing non-zero exit codes
env:
COMPLEMENT_BASE_IMAGE: homeserver
COMPLEMENT_ENABLE_DIRTY_RUNS: 1
COMPLEMENT_CRYPTO_WRITE_CONTAINER_LOGS: 1
COMPLEMENT_SHARE_ENV_PREFIX: PASS_
PASS_SYNAPSE_COMPLEMENT_DATABASE: sqlite
DOCKER_BUILDKIT: 1
- run: |
export LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
export LD_LIBRARY_PATH="$(pwd)/rust-sdk/target/debug"
export COMPLEMENT_CRYPTO_RPC_BINARY="$(pwd)/rpc"
set -o pipefail &&
go test -v -json -tags='jssdk,rust' -count=1 -timeout 15m ./tests | gotestfmt
shell: bash # required for pipefail to be A Thing. pipefail is required to stop gotestfmt swallowing non-zero exit codes
name: Run Complement Crypto Tests
env:
COMPLEMENT_BASE_IMAGE: homeserver
COMPLEMENT_ENABLE_DIRTY_RUNS: 1
COMPLEMENT_CRYPTO_MITMDUMP: mitm.dump
COMPLEMENT_SHARE_ENV_PREFIX: PASS_
PASS_SYNAPSE_COMPLEMENT_DATABASE: sqlite
DOCKER_BUILDKIT: 1
- name: Upload logs
uses: actions/upload-artifact@v4
if: ${{ always() }} # do this even if the tests fail
with:
name: Logs - ${{ job.status }}
path: |
./tests/logs/*
./complement-crypto/tests/mitm.dump