Skip to content

Enable PR san checks on github runners #6265

Enable PR san checks on github runners

Enable PR san checks on github runners #6265

Workflow file for this run

#
# Copyright Quadrivium LLC
# All Rights Reserved
# SPDX-License-Identifier: Apache-2.0
#
name: Build
on:
push:
branches: [ master ]
tags: [ '*' ]
pull_request:
env:
BUILD_DIR: build
KAGOME_IN_DOCKER: 1
CTEST_OUTPUT_ON_FAILURE: 1
GITHUB_HUNTER_USERNAME: ${{ secrets.HUNTER_USERNAME }}
GITHUB_HUNTER_TOKEN: ${{ secrets.HUNTER_TOKEN }}
# Change all container: values to this variable once this feature is available
# https://github.community/t/how-to-set-and-access-a-workflow-variable/17335/6
CACHE_VERSION: v07
CACHE_PATHS: |
~/Library/Caches/pip
~/.cargo
~/.ccache
~/.hunter
~/.rustup
jobs:
MacOS:
runs-on: macos-14
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ env.CACHE_VERSION }}
- name: install
run: ./housekeeping/macos/dependency.sh
env:
KAGOME_MAC_CI: 1
- name: build
run: ./housekeeping/make_build.sh -G Ninja -DCLEAR_OBJS=ON -DCOVERAGE=OFF -DWASM_COMPILER=WasmEdge -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/cxx20.cmake
env:
KAGOME_IN_DOCKER: 0
KAGOME_MAC_CI: 1
Linux:
if: ${{ !(github.ref == 'refs/heads/master' || startsWith( github.ref, 'refs/tags/' )) }}
strategy:
fail-fast: false
matrix:
options:
- name: "Linux: clang-15 External Project"
run: ./housekeeping/make_external_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=../../cmake/toolchain/clang-15_cxx20.cmake
name: "${{ matrix.options.name }}"
runs-on: ubuntu-latest
container: qdrvm/kagome-dev@sha256:2d70246c32418a3dd45c246d3f5c2dd99bdafde145b903271849affe476c4cfc
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ matrix.options.name }}-${{ env.CACHE_VERSION }}
- name: df du
run: |
df -m || true
du -hd1 /__w /github || true
- name: Install mold
run: ./housekeeping/ci_install_mold.sh --make-default
- name: "${{ matrix.options.name }}"
run: "${{ matrix.options.run }}"
- name: df du
if: ${{ always() }}
run: |
df -m || true
du -hd1 /__w /github || true
Linux-self-hosted:
if: ${{ github.ref == 'refs/heads/master' || startsWith( github.ref, 'refs/tags/' ) }}
strategy:
fail-fast: false
matrix:
options:
- name: "Self-hosted: Linux: gcc-12 ASAN"
run: ./housekeeping/make_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/gcc-12_cxx20.cmake -DASAN=ON
- name: "Self-hosted: Linux: clang-15 TSAN WAVM"
run: ./housekeeping/make_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/clang-15_cxx20.cmake -DTSAN=ON -DWASM_COMPILER=WAVM
- name: "Self-hosted: Linux: clang-15 UBSAN"
run: ./housekeeping/make_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/clang-15_cxx20.cmake -DUBSAN=ON
- name: "Self-hosted: Linux: clang-15 External Project"
run: ./housekeeping/make_external_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=../../cmake/toolchain/clang-15_cxx20.cmake
name: "${{ matrix.options.name }}"
runs-on: [ self-hosted ]
container: qdrvm/kagome-dev@sha256:2d70246c32418a3dd45c246d3f5c2dd99bdafde145b903271849affe476c4cfc
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ matrix.options.name }}-${{ env.CACHE_VERSION }}
- name: df du
run: |
df -m || true
du -hd1 /__w /github || true
- name: Install mold
run: ./housekeeping/ci_install_mold.sh --make-default
- name: "${{ matrix.options.name }}"
run: "${{ matrix.options.run }}"
- name: df du
if: ${{ always() }}
run: |
df -m || true
du -hd1 /__w /github || true
Linux-PR:
if: ${{ github.ref != 'refs/heads/master' }}
strategy:
fail-fast: false
matrix:
options:
- name: "Linux: gcc-12 ASAN"
run: ./housekeeping/make_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/gcc-12_cxx20.cmake -DASAN=ON
- name: "Linux: clang-15 TSAN WAVM"
run: ./housekeeping/make_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/clang-15_cxx20.cmake -DTSAN=ON -DWASM_COMPILER=WAVM
- name: "Linux: clang-15 UBSAN"
run: ./housekeeping/make_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/clang-15_cxx20.cmake -DUBSAN=ON
- name: "Linux: clang-15 External Project"
run: ./housekeeping/make_external_build.sh -DCLEAR_OBJS=ON -DCMAKE_TOOLCHAIN_FILE=../../cmake/toolchain/clang-15_cxx20.cmake
name: "${{ matrix.options.name }}"
runs-on: ubuntu-latest
container: qdrvm/kagome-dev@sha256:2d70246c32418a3dd45c246d3f5c2dd99bdafde145b903271849affe476c4cfc
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ matrix.options.name }}-${{ env.CACHE_VERSION }}
- name: df du
run: |
df -m || true
du -hd1 /__w /github || true
- name: Install mold
run: ./housekeeping/ci_install_mold.sh --make-default
- name: "${{ matrix.options.name }}"
run: "${{ matrix.options.run }}"
- name: df du
if: ${{ always() }}
run: |
df -m || true
du -hd1 /__w /github || true
clang-tidy:
name: "Linux: clang-tidy"
runs-on: ubuntu-latest
container: qdrvm/kagome-dev@sha256:2d70246c32418a3dd45c246d3f5c2dd99bdafde145b903271849affe476c4cfc
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
with:
fetch-depth: 0
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ env.CACHE_VERSION }}
- name: clang-tidy
env:
# build only generated files, so clang-tidy will work correctly
BUILD_FINAL_TARGET: generated
run: |
./housekeeping/make_build.sh
./housekeeping/clang-tidy-diff.sh
coverage-self-hosted:
if: ${{ github.ref == 'refs/heads/master' || startsWith( github.ref, 'refs/tags/') || contains( github.event.pull_request.labels.*.name, 'Non-master self-hosted') }}
name: "Self-hosted: Linux: gcc-12 coverage/sonar"
runs-on: [ self-hosted ]
container: qdrvm/kagome-dev@sha256:2d70246c32418a3dd45c246d3f5c2dd99bdafde145b903271849affe476c4cfc
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ env.CACHE_VERSION }}
- name: df du
run: |
df -m || true
du -hd1 /__w /github || true
- name: Install mold
run: ./housekeeping/ci_install_mold.sh --make-default
- name: makeBuild
env:
BUILD_FINAL_TARGET: ctest_coverage
run: ./housekeeping/make_build.sh -DCMAKE_TOOLCHAIN_FILE=cmake/toolchain/gcc-12_cxx20.cmake -DCOVERAGE=ON -DCLEAR_OBJS=ON
- name: df du
if: ${{ always() }}
run: |
df -m || true
du -hd1 /__w /github || true
- if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
name: Submit Coverage
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
run: if [ "CODECOV_TOKEN" != "null" ]; then ./housekeeping/codecov.sh; else echo "Some secret undefined. Step passed..."; fi
- if: ${{ github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository }}
name: Sonar
env:
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
GITHUB_USERNAME: ${{ secrets.GITHUB_USERNAME }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
BRANCH_NAME: ${{ github.ref }}
run: if [ "$SONAR_TOKEN" != "null" -a "$GITHUB_USERNAME" != "null" -a "$GITHUB_TOKEN" != "null" ]; then ./housekeeping/sonar.sh; else echo "Some secret undefined. Step passed..."; fi
Minideb:
if: ${{ !(github.ref == 'refs/heads/master' || startsWith( github.ref, 'refs/tags/' )) }}
strategy:
fail-fast: false
matrix:
options:
- name: "Minideb: Build Debug"
build-type: "Debug"
- name: "Minideb: Build Release"
build-type: "Release"
name: "${{ matrix.options.name }}"
runs-on: ubuntu-latest
container: qdrvm/kagome-dev@sha256:2d70246c32418a3dd45c246d3f5c2dd99bdafde145b903271849affe476c4cfc
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ matrix.options.name }}-${{ env.CACHE_VERSION }}
- name: "${{ matrix.options.name }}"
env:
BUILD_TYPE: "${{ matrix.options.build-type }}"
run: ./housekeeping/docker/kagome-dev/make.sh
Minideb-self-hosted:
if: ${{ github.ref == 'refs/heads/master' || startsWith( github.ref, 'refs/tags/') || contains( github.event.pull_request.labels.*.name, 'Non-master self-hosted') }}
strategy:
fail-fast: false
matrix:
options:
- name: "Self-hosted: Minideb: Build Debug"
build-type: "Debug"
- name: "Self-hosted: Minideb: Build Release"
build-type: "Release"
name: "${{ matrix.options.name }}"
runs-on: [ self-hosted ]
container: qdrvm/kagome-dev@sha256:2d70246c32418a3dd45c246d3f5c2dd99bdafde145b903271849affe476c4cfc
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ matrix.options.name }}-${{ env.CACHE_VERSION }}
- name: "${{ matrix.options.name }}"
env:
BUILD_TYPE: "${{ matrix.options.build-type }}"
run: ./housekeeping/docker/kagome-dev/make.sh
Push-self-hosted:
if: ${{ github.ref == 'refs/heads/master' || startsWith( github.ref, 'refs/tags/' ) }}
needs: [clang-tidy, MacOS, Minideb-self-hosted]
strategy:
fail-fast: false
matrix:
options:
- name: "Self-hosted: Push Debug Docker image"
build-type: "Debug"
- name: "Self-hosted: Push Release Docker image"
build-type: "Release"
- name: "Self-hosted: Push RelWithDebInfo Docker image"
build-type: "RelWithDebInfo"
runs-on: [ self-hosted ]
container: qdrvm/kagome-dev@sha256:14d5aa92c971073e82ba9bbac9b615701e99c71f64e58bdd45e5b3dbc09944bd
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ env.CACHE_VERSION }}
- run: git config --global --add safe.directory /__w/kagome/kagome
- run: git fetch --prune --unshallow
- name: build
env:
BUILD_TYPE: "${{ matrix.options.build-type }}"
run: ./housekeeping/docker/kagome-dev/make.sh
- uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
with:
login-server: https://index.docker.io/v1/
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: docker pack and push
env:
VERSION: ${{ github.ref }}
BUILD_TYPE: "${{ matrix.options.build-type }}"
run: ./housekeeping/docker/kagome/build_and_push.sh
Push-self-hosted-PR:
if: ${{ contains( github.event.pull_request.labels.*.name, 'Non-master push') }}
strategy:
fail-fast: false
matrix:
options:
- name: "Self-hosted: Push Debug Docker image"
build-type: "Debug"
- name: "Self-hosted: Push Release Docker image"
build-type: "Release"
- name: "Self-hosted: Push RelWithDebInfo Docker image"
build-type: "RelWithDebInfo"
runs-on: [ self-hosted ]
container: qdrvm/kagome-dev@sha256:14d5aa92c971073e82ba9bbac9b615701e99c71f64e58bdd45e5b3dbc09944bd
steps:
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
with:
ref: ${{ github.event.pull_request.head.sha }}
- uses: actions/cache@937d24475381cd9c75ae6db12cb4e79714b926ed
with:
path: ${{ env.CACHE_PATHS }}
key: ${{ github.job }}-${{ env.CACHE_VERSION }}
- run: git config --global --add safe.directory /__w/kagome/kagome
- run: git fetch --prune --unshallow
- name: build
env:
BUILD_TYPE: "${{ matrix.options.build-type }}"
run: ./housekeeping/docker/kagome-dev/make.sh
- uses: azure/docker-login@83efeb77770c98b620c73055fbb59b2847e17dc0
with:
login-server: https://index.docker.io/v1/
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_TOKEN }}
- name: docker pack and push
env:
VERSION: ${{ github.ref }}
BUILD_TYPE: "${{ matrix.options.build-type }}"
run: ./housekeeping/docker/kagome/build_and_push.sh
zombie-tests:
strategy:
fail-fast: false
matrix:
options:
- name: "Parachains smoke test"
test: "test0001"
- name: "Parachains smoke test kagome"
test: "test0001_kagome"
- name: "Parachains upgrade smoke test"
test: "test0002"
- name: "Parachains upgrade smoke test kagome"
test: "test0002_kagome"
- name: "Parachains smoke test cumulus"
test: "test0003"
- name: "Parachains smoke test cumulus kagome"
test: "test0003_kagome"
- name: "Runtime upgrade"
test: "test0004"
- name: "Runtime upgrade kagome"
test: "test0004_kagome"
- name: "Dispute valid block"
test: "test0005"
- name: "Parachains disputes"
test: "test0006"
- name: "Deregister register validator smoke"
test: "test0008"
- name: "Basic warp sync"
test: "test0009"
- name: "Validators warp sync"
test: "test0010"
- name: "Block building warp sync"
test: "test0011"
runs-on: [ self-hosted ]
needs: [Push-self-hosted]
steps:
- name: Set owner of working dir recurively
run: sudo chown -R $(whoami) .
- uses: actions/checkout@dc323e67f16fb5f7663d20ff7941f27f5809e9b6
- name: build zombie-tester
working-directory: ./zombienet/docker
run: make tester
- name: Run test
working-directory: ./zombienet/docker
run: make ${{ matrix.options.test }}
Trigger_CD:
if: ${{ github.ref == 'refs/heads/master' }}
needs: [Push-self-hosted]
runs-on: ubuntu-latest
steps:
- name: trigger cd job
run: |
curl -fI "${{ secrets.JENKINS_URL }}kagome-test&token=${{ secrets.JENKINS_TOKEN }}"
curl -fI "${{ secrets.JENKINS_URL }}polkadot-test&token=${{ secrets.JENKINS_TOKEN }}"