diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..6ae0517 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,78 @@ +# Copyright (C) 2023, AllianceBlock. All rights reserved. +# See the file LICENSE for licensing terms. + +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: 'CodeQL' + +on: + push: + branches: ['main'] + pull_request: + # The branches below must be a subset of the branches above + branches: ['main'] + schedule: + - cron: '41 18 * * 3' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ['go'] + # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] + # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + queries: security-extended,security-and-quality + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + + # If the Autobuild fails above, remove it and uncomment the following three lines. + # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. + + # - run: | + # echo "Run, Build Application using script" + # ./location_of_script_within_repo/buildscript.sh + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true diff --git a/.github/workflows/go.yml b/.github/workflows/go.yml deleted file mode 100644 index 794d5b8..0000000 --- a/.github/workflows/go.yml +++ /dev/null @@ -1,31 +0,0 @@ -# This workflow will build a golang project -# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-go - -name: Go - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -jobs: - - build: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Set up Go - uses: actions/setup-go@v4 - with: - go-version: '1.20' - - - name: Build Nuklai VM - run: go build -v -o ./build ./cmd/nuklaivm - - - name: Build Nuklai CLI - run: go build -v -o ./build ./cmd/nuklai-cli - - - name: Unit Testing - run: go test $(go list ./... | grep -v tests) diff --git a/.github/workflows/load-tests.yml b/.github/workflows/load-tests.yml new file mode 100644 index 0000000..ec4fa67 --- /dev/null +++ b/.github/workflows/load-tests.yml @@ -0,0 +1,39 @@ +# Copyright (C) 2023, AllianceBlock. All rights reserved. +# See the file LICENSE for licensing terms. + +name: NuklaiVM Load Tests + +on: + push: + branches: + - main + pull_request: + types: [labeled, synchronize, reopened] + +jobs: + nuklaivm-load-tests: + if: ${{ github.ref == 'refs/heads/main' || contains(github.event.pull_request.labels.*.name, 'run load') }} + strategy: + matrix: + level: [v1, v2, v3] # v4 is not supported + runs-on: + labels: ubuntu-20.04-32 + timeout-minutes: 10 + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.20' + check-latest: true + cache: true + cache-dependency-path: | + go.sum + - name: Run load tests + working-directory: ./ + shell: bash + run: GOAMD64=${{ matrix.level }} scripts/tests.load.sh +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..95da80b --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,64 @@ +# Copyright (C) 2023, AllianceBlock. All rights reserved. +# See the file LICENSE for licensing terms. + +name: NuklaiVM Release + +on: + push: + branches: + - main + tags: + - '*' + pull_request: + types: [labeled, synchronize, reopened] + +jobs: + nuklaivm-release: + # We build with 20.04 to maintain max compatibility: https://github.com/golang/go/issues/57328 + runs-on: ubuntu-20.04-32 + if: ${{ github.ref == 'refs/heads/main' || startsWith(github.event.ref, 'refs/tags/v') || contains(github.event.pull_request.labels.*.name, 'run release') }} + steps: + - name: Git checkout + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.20' + check-latest: true + cache: true + cache-dependency-path: | + go.sum + - name: Set up arm64 cross compiler + run: | + sudo apt-get -y update + sudo apt-get -y install gcc-aarch64-linux-gnu + - name: Checkout osxcross + uses: actions/checkout@v2 + with: + repository: tpoechtrager/osxcross + path: osxcross + - name: Build osxcross + run: | + sudo apt-get -y install clang llvm-dev libxml2-dev uuid-dev libssl-dev bash patch make tar xz-utils bzip2 gzip sed cpio libbz2-dev + cd osxcross + wget https://github.com/joseluisq/macosx-sdks/releases/download/12.3/$MACOS_SDK_FNAME -O tarballs/$MACOS_SDK_FNAME + echo $MACOS_SDK_CHECKSUM tarballs/$MACOS_SDK_FNAME | sha256sum -c - + UNATTENDED=1 ./build.sh + echo $PWD/target/bin >> $GITHUB_PATH + env: + MACOS_SDK_FNAME: MacOSX12.3.sdk.tar.xz + MACOS_SDK_CHECKSUM: 3abd261ceb483c44295a6623fdffe5d44fc4ac2c872526576ec5ab5ad0f6e26c + - name: Run GoReleaser + uses: goreleaser/goreleaser-action@v2 + with: + distribution: goreleaser + version: latest + args: release + workdir: ./ + env: + # https://docs.github.com/en/actions/security-guides/automatic-token-authentication#about-the-github_token-secret + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml new file mode 100644 index 0000000..5e21362 --- /dev/null +++ b/.github/workflows/stale.yml @@ -0,0 +1,26 @@ +name: Mark stale issues and pull requests +on: + schedule: + - cron: '0 0 * * *' # Run every day at midnight UTC +jobs: + stale: + runs-on: ubuntu-latest + steps: + - uses: actions/stale@v8 + with: + # Overall configuration + operations-per-run: 100 + + # PR configuration + days-before-pr-stale: 30 + stale-pr-message: 'This PR has become stale because it has been open for 30 days with no activity. Adding the `lifecycle/frozen` label will exempt this PR from future lifecycle events..' + days-before-pr-close: -1 + stale-pr-label: lifecycle/stale + exempt-pr-labels: lifecycle/frozen + + # Issue configuration + days-before-issue-stale: 60 + stale-issue-message: 'This issue has become stale because it has been open 60 days with no activity. Adding the `lifecycle/frozen` label will exempt this issue from future lifecycle events.' + days-before-issue-close: -1 + stale-issue-label: lifecycle/stale + exempt-issue-labels: lifecycle/frozen diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml new file mode 100644 index 0000000..b77767b --- /dev/null +++ b/.github/workflows/static-analysis.yml @@ -0,0 +1,39 @@ +# Copyright (C) 2023, AllianceBlock. All rights reserved. +# See the file LICENSE for licensing terms. + +name: NuklaiVM Static Analysis + +on: + push: + branches: + - main + pull_request: + +jobs: + nuklaivm-lint: + runs-on: + labels: ubuntu-20.04-32 + timeout-minutes: 10 + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.20' + check-latest: true + cache: true + cache-dependency-path: | + go.sum + - name: Run static analysis tests + working-directory: ./ + shell: bash + run: scripts/tests.lint.sh + - name: Build vm, cli + working-directory: ./ + shell: bash + run: scripts/build.sh + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true diff --git a/.github/workflows/sync-tests.yml b/.github/workflows/sync-tests.yml new file mode 100644 index 0000000..1f66c47 --- /dev/null +++ b/.github/workflows/sync-tests.yml @@ -0,0 +1,38 @@ +# Copyright (C) 2023, AllianceBlock. All rights reserved. +# See the file LICENSE for licensing terms. + +name: NuklaiVM Sync Tests + +on: + push: + branches: + - main + pull_request: + types: [labeled, synchronize, reopened] + +jobs: + nuklaivm-sync-tests: + if: ${{ github.ref == 'refs/heads/main' || contains(github.event.pull_request.labels.*.name, 'run sync') }} + runs-on: + labels: ubuntu-20.04-32 + timeout-minutes: 25 + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.20' + check-latest: true + cache: true + cache-dependency-path: | + go.sum + - name: Run sync tests + working-directory: ./ + shell: bash + run: scripts/run.sh + env: + MODE: 'full-test' +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true diff --git a/.github/workflows/tidy-checker.yml b/.github/workflows/tidy-checker.yml new file mode 100644 index 0000000..314f643 --- /dev/null +++ b/.github/workflows/tidy-checker.yml @@ -0,0 +1,30 @@ +name: go.mod Checker +on: + push: + branches: + - main + pull_request: + +jobs: + go_mod_tidy: + name: Tidy + runs-on: ubuntu-20.04 + steps: + - uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.20' + check-latest: true + cache: true + - shell: bash + run: go mod tidy + - shell: bash + working-directory: ./ + run: go mod tidy + - shell: bash + run: scripts/tests.clean.sh + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml new file mode 100644 index 0000000..2212c0f --- /dev/null +++ b/.github/workflows/unit-tests.yml @@ -0,0 +1,57 @@ +# Copyright (C) 2023, AllianceBlock. All rights reserved. +# See the file LICENSE for licensing terms. + +name: NuklaiVM Unit Tests + +on: + push: + branches: + - main + pull_request: + types: [labeled, synchronize, reopened] + +jobs: + nuklaivm-unit-tests: + if: ${{ github.ref == 'refs/heads/main' || contains(github.event.pull_request.labels.*.name, 'run unit') }} + runs-on: + labels: ubuntu-20.04-32 + timeout-minutes: 10 + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Go + uses: actions/setup-go@v4 + with: + go-version: '1.20' + check-latest: true + cache: true + cache-dependency-path: | + go.sum + - name: Run unit tests + working-directory: ./ + shell: bash + run: scripts/tests.unit.sh + - name: Run integration tests + working-directory: ./ + shell: bash + run: scripts/tests.integration.sh + - name: Archive code coverage results (text) + uses: actions/upload-artifact@v3 + with: + name: code-coverage-out + path: ./integration.coverage.out + - name: Archive code coverage results (html) + uses: actions/upload-artifact@v3 + with: + name: code-coverage-html + path: ./integration.coverage.html + - name: Run e2e tests + working-directory: ./ + shell: bash + run: scripts/run.sh + env: + MODE: 'test' + +concurrency: + group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} + cancel-in-progress: true diff --git a/scripts/tests.clean.sh b/scripts/tests.clean.sh new file mode 100755 index 0000000..00929ab --- /dev/null +++ b/scripts/tests.clean.sh @@ -0,0 +1,9 @@ +#!/bin/bash +# Exits if any uncommitted changes are found. + +set -o errexit +set -o nounset +set -o pipefail + +git update-index --really-refresh >> /dev/null +git diff-index --quiet HEAD \ No newline at end of file