Skip to content
This repository has been archived by the owner on Aug 22, 2024. It is now read-only.

Deployer/testing shell script #50

Deployer/testing shell script

Deployer/testing shell script #50

Workflow file for this run

name: CI
## Only run when:
## - manually triggered
## - PR's are (re)opened
## - push to master (i.e. merge develop -> master)
on:
push:
branches:
- master
pull_request:
workflow_dispatch:
inputs:
tag:
description: 'The tag to create (optional)'
required: false
concurrency:
group: ${{ github.head_ref || github.run_id }}
cancel-in-progress: true
jobs:
## rust format: Execute on every run
rustfmt:
name: Rust Format
runs-on: ubuntu-latest
steps:
- name: Checkout the latest code
id: git_checkout
uses: actions/checkout@v3
- name: Define Rust Toolchain
id: define_rust_toolchain
run: echo "RUST_TOOLCHAIN=$(cat ./rust-toolchain)" >> $GITHUB_ENV
- name: Setup Rust Toolchain
id: setup_rust_toolchain
uses: actions-rust-lang/setup-rust-toolchain@v1
with:
toolchain: ${{ env.RUST_TOOLCHAIN }}
components: rustfmt
- name: Rustfmt
id: rustfmt
uses: actions-rust-lang/rustfmt@v1
## Release tests: Execute on every run
release-tests:
name: Release Tests
uses: ./.github/workflows/stacks-blockchain-tests.yml
## Checked for leaked credentials: Execute on every run
leaked-cred-test:
name: Leaked Credential Test
runs-on: ubuntu-latest
steps:
- name: Extract branch name
id: extract_branch
if: ${{ github.event_name != 'pull_request' }}
run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
- name: Extract branch name
id: extract_branch_pr
if: ${{ github.event_name == 'pull_request' }}
run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_ENV
- name: Branch name
run: echo running on branch ${{ env.BRANCH_NAME }}
- name: Checkout the latest code
id: git_checkout
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: TruffleHog Scan
id: trufflehog_check
uses: trufflesecurity/trufflehog@main
with:
path: ./
base: ${{ env.BRANCH_NAME }}
head: HEAD
## Mutants testing: Execute on PR on packages that have tested functions modified
incremental-mutants:
name: Incremental Mutants Testing
runs-on: ubuntu-latest
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0 # do we want to fetch all?
- name: Relative diff
run: |
git branch -av
git diff origin/${{ github.base_ref }}.. | tee git.diff
- uses: Swatinem/rust-cache@v2
- run: cargo install cargo-mutants
- name: Mutants
run: |
cargo mutants --no-shuffle -j 2 -vV --in-diff git.diff || true
- name: Archive mutants.out
uses: actions/upload-artifact@v3
if: always()
with:
name: mutants-incremental.out
path: mutants.out
###############################################
## Build Tagged Release
###############################################
## Build source binaries
## Only run if:
## - Tag is provided
## - OR
## - Not the default branch
## - AND
## - Not a PR
build-source:
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }}
name: Build Binaries
uses: stacks-network/stacks-blockchain/.github/workflows/build-source-binary.yml@master
needs:
- rustfmt
- release-tests
- leaked-cred-test
with:
tag: ${{ inputs.tag }}
parallel_jobs: 4
arch: >-
["linux-glibc-x64", "linux-musl-x64", "linux-glibc-arm64", "linux-musl-arm64", "macos-x64", "macos-arm64", "windows-x64"]
## Create github release with binary archives
## Only run if:
## - Tag is provided
## - OR
## - Not the default branch
## - AND
## - Not a PR
github-release:
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }}
name: Github Release
uses: stacks-network/stacks-blockchain/.github/workflows/github-release.yml@master
needs: build-source
with:
tag: ${{ inputs.tag }}
arch: >-
["linux-glibc-x64", "linux-musl-x64", "linux-glibc-arm64", "linux-musl-arm64", "macos-x64", "macos-arm64", "windows-x64"]
secrets:
GH_TOKEN: ${{ secrets.GH_TOKEN }}
## Create docker alpine images
## Only run if:
## - Tag is provided
## - OR
## - Not the default branch
## - AND
## - Not a PR
docker-alpine:
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }}
name: Docker Alpine (Binary)
uses: stacks-network/stacks-blockchain/.github/workflows/image-build-alpine-binary.yml@master
needs: github-release
with:
tag: ${{ inputs.tag }}
docker_platforms: linux/arm64, linux/amd64, linux/amd64/v2, linux/amd64/v3
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
## Create docker debian images
## Only run if:
## - Tag is provided
## - OR
## - Not the default branch
## - AND
## - Not a PR
docker-debian:
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }}
name: Docker Debian (Binary)
uses: stacks-network/stacks-blockchain/.github/workflows/image-build-debian-binary.yml@master
needs: github-release
with:
tag: ${{ inputs.tag }}
docker_platforms: linux/amd64, linux/amd64/v2, linux/amd64/v3
linux_version: debian
build_type: binary
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}
###############################################
## Build Branch/PR
###############################################
## Create docker debian images
## Only run if:
## - Tag is *not* provided
build-branch:
if: ${{ inputs.tag == '' }}
name: Docker Debian (Source)
uses: stacks-network/stacks-blockchain/.github/workflows/image-build-debian-source.yml@master
needs:
- rustfmt
- leaked-cred-test
with:
docker_platforms: linux/amd64
linux_version: debian
build_type: source
secrets:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }}