Merge pull request #373 from hirosystems/fix-note #741
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | ||
on: | ||
pull_request: | ||
push: | ||
branches: | ||
- main | ||
- develop | ||
- rc/next | ||
workflow_dispatch: | ||
jobs: | ||
pre_run: | ||
name: Cancel previous runs | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Cancel Previous Runs | ||
uses: styfle/cancel-workflow-action@ad6cb1b847ffb509a69b745b6ee2f1d14dfe14b8 | ||
with: | ||
access_token: ${{ github.token }} | ||
persist-credentials: false | ||
get_release_info: | ||
name: Get Release Info | ||
runs-on: ubuntu-latest | ||
needs: pre_run | ||
outputs: | ||
tag: ${{ steps.new_release_tag.outputs.TAG }} | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
- name: Get latest release | ||
if: startsWith(github.ref, 'refs/heads/main') | ||
id: release | ||
uses: pozetroninc/github-action-get-latest-release@master | ||
with: | ||
repository: ${{ github.repository }} | ||
excludes: prerelease, draft | ||
- name: Determine if release build | ||
if: startsWith(github.ref, 'refs/heads/main') | ||
id: new_release_tag | ||
env: | ||
LATEST_RELEASE: ${{ steps.release.outputs.release }} | ||
run: | | ||
CARGO_VERSION=v$(grep "version" components/chainhook-cli/Cargo.toml | head -n 1 | cut -d\" -f2) | ||
if [[ "${CARGO_VERSION}" != "${LATEST_RELEASE}" ]]; then | ||
echo "::set-output name=TAG::${CARGO_VERSION}" | ||
echo "::warning::Will create release for version: ${CARGO_VERSION}" | ||
else | ||
echo "::warning::Will not create a release" | ||
fi | ||
audit: | ||
name: Audit and format | ||
runs-on: ubuntu-latest | ||
needs: pre_run | ||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
- name: Install Rust toolchain | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
toolchain: stable | ||
profile: minimal | ||
components: rustfmt | ||
override: true | ||
- name: Set Cargo file permissions | ||
run: sudo chown -R $(whoami):$(id -ng) ~/.cargo/ | ||
- name: Cache cargo | ||
uses: actions/cache@v2 | ||
with: | ||
path: ~/.cargo/ | ||
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
- name: Install dependencies | ||
run: cargo install cargo-audit | ||
- name: Run audit | ||
run: cargo audit --ignore RUSTSEC-2021-0076 --ignore RUSTSEC-2021-0119 --ignore RUSTSEC-2022-0028 --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2021-0124 --ignore RUSTSEC-2022-0040 --ignore RUSTSEC-2023-0018 | ||
- name: Run rustfmt | ||
run: cargo fmt --all -- --check | ||
# test_coverage_cargo: | ||
# name: Generate test coverage | ||
# runs-on: ubuntu-latest | ||
# needs: pre_run | ||
# strategy: | ||
# fail-fast: false | ||
# matrix: | ||
# include: | ||
# - name: clarinet | ||
# working-directory: components/clarinet-cli | ||
# - name: clarity-repl | ||
# working-directory: components/clarity-repl | ||
# - name: chainhook-cli | ||
# working-directory: components/chainhook-event-observer | ||
# steps: | ||
# - name: Checkout repository | ||
# uses: actions/checkout@v3 | ||
# with: | ||
# submodules: recursive | ||
# - name: Install Rust toolchain stable | ||
# uses: actions-rs/toolchain@v1 | ||
# with: | ||
# toolchain: stable | ||
# profile: minimal | ||
# override: true | ||
# - name: Cache cargo | ||
# uses: actions/cache@v2 | ||
# id: cache-cargo | ||
# with: | ||
# path: | | ||
# ~/.cargo/bin/ | ||
# ~/.cargo/registry/index/ | ||
# ~/.cargo/registry/cache/ | ||
# ~/.cargo/git/db/ | ||
# target/ | ||
# key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
# - name: Install dependencies | ||
# if: steps.cache-cargo.outputs.cache-hit != 'true' | ||
# run: RUSTC_BOOTSTRAP=1 cargo install grcov | ||
# - name: Install Rust toolchain | ||
# uses: actions-rs/toolchain@v1 | ||
# with: | ||
# toolchain: stable | ||
# profile: minimal | ||
# components: llvm-tools-preview | ||
# override: true | ||
# - name: Unit Tests | ||
# env: | ||
# RUSTFLAGS: "-C instrument-coverage" | ||
# LLVM_PROFILE_FILE: "${{ matrix.name }}-%p-%m.profraw" | ||
# run: cargo build --package=clarinet-cli --locked && cargo test --package=clarinet-cli | ||
# - name: Generate coverage | ||
# run: grcov . --binary-path ./target/debug/ -s . -t lcov --branch --ignore-not-existing --ignore "/*" -o lcov.info | ||
# # Run functional tests here in addition to the other jobs so we can fail fast | ||
# # Since these tests are reached much earlier in the pipeline | ||
# - name: Functional Tests | ||
# if: matrix.name == 'clarinet' | ||
# run: | | ||
# for testdir in $(ls components/clarinet-cli/examples); do | ||
# ./target/debug/clarinet test --manifest-path components/clarinet-cli/examples/${testdir}/Clarinet.toml | ||
# done | ||
# - name: Upload coverage report | ||
# uses: codecov/codecov-action@v1 | ||
# with: | ||
# flags: unittests | ||
# name: ${{ matrix.name }} | ||
# verbose: true | ||
dist_chainhook: | ||
name: Build Chainhook Distributions | ||
runs-on: ${{ matrix.os }} | ||
needs: pre_run | ||
# Related upstream issue: | ||
# https://github.com/nagisa/rust_libloading/issues/61#issuecomment-607941377 | ||
# | ||
# env: | ||
# CC: deny_c | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
include: | ||
- os: ubuntu-latest | ||
platform: linux | ||
target: x86_64-unknown-linux-gnu | ||
architecture: x64 | ||
libc: glibc | ||
- os: windows-latest | ||
platform: windows | ||
target: x86_64-pc-windows-msvc | ||
architecture: x64 | ||
- os: macos-latest | ||
platform: darwin | ||
target: x86_64-apple-darwin | ||
architecture: x64 | ||
- os: macos-latest | ||
platform: darwin | ||
target: aarch64-apple-darwin | ||
architecture: arm64 | ||
steps: | ||
- name: Configure git to use LF (Windows) | ||
if: matrix.os == 'windows-latest' | ||
run: | | ||
git config --global core.autocrlf false | ||
git config --global core.eol lf | ||
- name: Checkout repository | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
- name: Install Rust toolchain | ||
uses: actions-rs/toolchain@v1 | ||
with: | ||
toolchain: stable | ||
target: ${{ matrix.target }} | ||
profile: minimal | ||
components: llvm-tools-preview | ||
override: true | ||
- name: Install wix (Windows) | ||
if: matrix.os == 'windows-latest' | ||
run: cargo install cargo-wix | ||
- if: matrix.os != 'windows-latest' | ||
run: sudo chown -R $(whoami):$(id -ng) ~/.cargo/ | ||
- name: Cache cargo | ||
uses: actions/cache@v2 | ||
with: | ||
path: | | ||
~/.cargo/bin/ | ||
~/.cargo/registry/index/ | ||
~/.cargo/registry/cache/ | ||
~/.cargo/git/db/ | ||
target/${{ matrix.target }}/release/ | ||
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | ||
# Set environment variables required from cross compiling from macos-x86_64 to macos-arm64 | ||
- name: Configure macos-arm64 cross compile config | ||
if: matrix.target == 'aarch64-apple-darwin' | ||
run: | | ||
echo "SDKROOT=$(xcrun -sdk macosx --show-sdk-path)" >> $GITHUB_ENV | ||
echo "MACOSX_DEPLOYMENT_TARGET=$(xcrun -sdk macosx --show-sdk-platform-version)" >> $GITHUB_ENV | ||
- name: Configure artifact names (libc) | ||
if: ${{ matrix.libc }} | ||
shell: bash | ||
run: | | ||
echo "SHORT_TARGET_NAME=${{ matrix.platform }}-${{ matrix.architecture }}-${{ matrix.libc }}" >> $GITHUB_ENV | ||
echo "PRE_GYP_TARGET_NAME=${{ matrix.platform }}-${{ matrix.architecture }}-${{ matrix.libc }}" >> $GITHUB_ENV | ||
- name: Configure artifact names (not libc) | ||
if: ${{ ! matrix.libc }} | ||
shell: bash | ||
run: | | ||
echo "SHORT_TARGET_NAME=${{ matrix.platform }}-${{ matrix.architecture }}" >> $GITHUB_ENV | ||
echo "PRE_GYP_TARGET_NAME=${{ matrix.platform }}-${{ matrix.architecture }}-unknown" >> $GITHUB_ENV | ||
- name: Build - Cargo | ||
if: matrix.target != 'x86_64-unknown-linux-musl' | ||
run: cargo build --release --features=telemetry --locked --target ${{ matrix.target }} | ||
- name: Code sign bin (Windows) | ||
if: startsWith(github.ref, 'refs/heads/main') && matrix.os == 'windows-latest' | ||
run: | | ||
$certificate_file_name = "${env:TEMP}\certificate.pfx" | ||
$bytes_cert = [Convert]::FromBase64String('${{ secrets.WINDOWS_CODE_SIGNING_CERTIFICATE }}') | ||
[IO.File]::WriteAllBytes(${certificate_file_name}, ${bytes_cert}) | ||
$signtool_path = ((Resolve-Path -Path "${env:ProgramFiles(x86)}/Windows Kits/10/bin/10*/x86").Path[-1]) + "/signtool.exe" | ||
$bin_path = (Resolve-Path -Path "target/${{ matrix.target }}/release/chainhook.exe").Path | ||
& ${signtool_path} sign ` | ||
/d "Clarinet is a clarity runtime packaged as a command line tool, designed to facilitate smart contract understanding, development, testing and deployment." ` | ||
/du "https://github.com/hirosystems/chainhook" ` | ||
/tr http://timestamp.digicert.com ` | ||
/td sha256 ` | ||
/fd sha256 ` | ||
-f "${certificate_file_name}" ` | ||
-p "${{ secrets.WINDOWS_CODE_SIGNING_PASSWORD }}" ` | ||
"${bin_path}" | ||
- name: Build Installer (Windows) | ||
if: matrix.os == 'windows-latest' | ||
run: cargo wix -v --no-build --nocapture -p chainhook-cli | ||
- name: Code sign installer (Windows) | ||
if: startsWith(github.ref, 'refs/heads/main') && matrix.os == 'windows-latest' | ||
run: | | ||
$certificate_file_name = "${env:TEMP}\certificate.pfx" | ||
$bytes_cert = [Convert]::FromBase64String('${{ secrets.WINDOWS_CODE_SIGNING_CERTIFICATE }}') | ||
[IO.File]::WriteAllBytes(${certificate_file_name}, ${bytes_cert}) | ||
$signtool_path = ((Resolve-Path -Path "${env:ProgramFiles(x86)}/Windows Kits/10/bin/10*/x86").Path[-1]) + "/signtool.exe" | ||
$msi_path = (Resolve-Path -Path "target/wix/*.msi").Path | ||
& ${signtool_path} sign ` | ||
/d "Clarinet is a clarity runtime packaged as a command line tool, designed to facilitate smart contract understanding, development, testing and deployment." ` | ||
/du "https://github.com/hirosystems/chainhook" ` | ||
/tr http://timestamp.digicert.com ` | ||
/td sha256 ` | ||
/fd sha256 ` | ||
-f "${certificate_file_name}" ` | ||
-p "${{ secrets.WINDOWS_CODE_SIGNING_PASSWORD }}" ` | ||
"${msi_path}" | ||
# Don't compress for Windows because winget can't yet unzip files | ||
- name: Compress cargo artifact (Linux) | ||
if: matrix.os != 'windows-latest' | ||
run: tar -C target/${{ matrix.target }}/release -zcvf chainhook-${{ env.SHORT_TARGET_NAME }}.tar.gz chainhook | ||
- name: Rename cargo artifact (Windows) | ||
if: matrix.os == 'windows-latest' | ||
shell: bash | ||
run: mv target/wix/*.msi chainhook-${{ env.SHORT_TARGET_NAME }}.msi | ||
# Separate uploads to prevent paths from being preserved | ||
- name: Upload cargo artifacts (Linux) | ||
if: matrix.os != 'windows-latest' | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: chainhook-${{ env.SHORT_TARGET_NAME }} | ||
path: chainhook-${{ env.SHORT_TARGET_NAME }}.tar.gz | ||
- name: Upload cargo artifact (Windows) | ||
if: matrix.os == 'windows-latest' | ||
uses: actions/upload-artifact@v2 | ||
with: | ||
name: chainhook-${{ env.SHORT_TARGET_NAME }} | ||
path: chainhook-${{ env.SHORT_TARGET_NAME }}.msi | ||
- name: Unit Tests - Cargo | ||
# can't easily run mac-arm64 tests in GH without native runners for that arch | ||
if: matrix.target != 'aarch64-apple-darwin' | ||
run: cargo test --release --locked --target ${{ matrix.target }} | ||
# - name: Functional Tests (Linux) | ||
# # can't easily run mac-arm64 tests in GH without native runners for that arch | ||
# if: matrix.os != 'windows-latest' && matrix.target != 'aarch64-apple-darwin' | ||
# run: | | ||
# for testdir in $(ls components/chainhook-cli/examples); do | ||
# ./target/${{ matrix.target }}/release/clarinet test --manifest-path components/clarinet-cli/examples/${testdir}/Clarinet.toml | ||
# done | ||
# - name: Functional Tests (Windows) | ||
# if: matrix.os == 'windows-latest' | ||
# run: | | ||
# foreach($testdir in Get-ChildItem components/clarinet-cli/examples) { | ||
# ./target/${{ matrix.target }}/release/clarinet test --manifest-path ${testdir}/Clarinet.toml | ||
# } | ||
docker_images: | ||
name: Create ${{ matrix.name }} Docker Image | ||
runs-on: ubuntu-latest | ||
needs: | ||
- get_release_info | ||
- dist_chainhook_node | ||
Check failure on line 358 in .github/workflows/ci.yaml GitHub Actions / CIInvalid workflow file
|
||
outputs: | ||
version: ${{ steps.docker_meta.outputs.version }} | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
include: | ||
- name: Chainhook Node | ||
description: A Stacks event observer. | ||
image: ${{ github.repository_owner }}/chainhook-cli | ||
artifact: chainhook-cli-linux-x64-glibc | ||
dockerfile: dockerfiles/components/chainhook-cli.dockerfile | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
- name: Generate Docker tags/labels | ||
id: docker_meta | ||
uses: docker/metadata-action@v4 | ||
with: | ||
images: ${{ matrix.image }} | ||
tags: | | ||
type=ref,event=branch | ||
type=ref,event=pr | ||
type=semver,pattern={{version}},value=${{ needs.get_release_info.outputs.tag }},enable=${{ needs.get_release_info.outputs.tag != '' }} | ||
type=semver,pattern={{major}}.{{minor}},value=${{ needs.get_release_info.outputs.tag }},enable=${{ needs.get_release_info.outputs.tag != '' }} | ||
labels: | | ||
org.opencontainers.image.title=${{ matrix.name }} | ||
org.opencontainers.image.description=${{ matrix.description }} | ||
- name: Login to Dockerhub | ||
uses: docker/login-action@v2 | ||
if: github.event_name != 'pull_request' | ||
with: | ||
username: ${{ secrets.DOCKERHUB_USERNAME }} | ||
password: ${{ secrets.DOCKERHUB_PASSWORD }} | ||
- name: Download pre-built dist | ||
uses: actions/download-artifact@v3 | ||
with: | ||
name: ${{ matrix.artifact }} | ||
- name: Untar pre-built dist | ||
run: tar zxvf *.tar.gz | ||
- name: Create Image | ||
uses: docker/build-push-action@v3 | ||
with: | ||
context: . | ||
file: ${{ matrix.dockerfile }} | ||
push: ${{ github.event_name != 'pull_request' }} | ||
tags: ${{ steps.docker_meta.outputs.tags }} | ||
labels: ${{ steps.docker_meta.outputs.labels }} | ||
release: | ||
name: Release | ||
runs-on: ubuntu-latest | ||
if: startsWith(github.ref, 'refs/heads/main') && needs.get_release_info.outputs.tag != '' | ||
needs: | ||
- get_release_info | ||
- audit | ||
# - test_coverage_cargo | ||
- docker_images | ||
permissions: | ||
actions: write | ||
contents: write | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
with: | ||
submodules: recursive | ||
- name: Download pre-built dists | ||
uses: actions/download-artifact@v3 | ||
- name: Tag and Release | ||
uses: ncipollo/release-action@v1 | ||
with: | ||
artifacts: "**/*.tar.gz,**/*.msi" | ||
tag: ${{ needs.get_release_info.outputs.tag }} | ||
commit: ${{ env.GITHUB_SHA }} | ||
- name: Trigger pkg-version-bump workflow | ||
uses: peter-evans/repository-dispatch@v1 | ||
with: | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
event-type: released | ||
client-payload: '{"tag": "${{ needs.get_release_info.outputs.tag }}"}' |