Skip to content

Enable the signing logic to fall back to the hardware wallet if secret key is not found. #584

Enable the signing logic to fall back to the hardware wallet if secret key is not found.

Enable the signing logic to fall back to the hardware wallet if secret key is not found. #584

Workflow file for this run

name: Lint 🧹 Build 🛠️ Test 🚦
on:
push:
branches:
- main
# Run in PRs with conflicts (https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#pull_request)
pull_request_target:
branches:
- main
types: [opened, synchronize, reopened, ready_for_review]
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
cancel-in-progress: true
permissions:
id-token: write
contents: read
packages: read
env:
RUSTC_WRAPPER: sccache
SCCACHE_S3_USE_SSL: false
GIT_LFS_SKIP_SMUDGE: 1
CARGO_INCREMENTAL: 0
RUST_BACKTRACE: full
CACHE_BUCKET: github-runners-remote-cache-shared
SCCACHE_BUCKET: github-runners-remote-cache-shared
AWS_REGION: us-west-2
NIGHTLY: nightly-2024-05-15
NAMADA_MASP_PARAMS_DIR: /masp/.masp-params
jobs:
changelog:
runs-on: [ubuntu-latest]
if: github.event_name == 'pull_request_target' && github.event.pull_request.draft == false && !contains(github.ref, '-rc')
timeout-minutes: 5
steps:
- name: Checkout repo
if: ${{ github.event_name != 'pull_request_target' }}
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Checkout PR
if: ${{ github.event_name == 'pull_request_target' }}
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Check changelog
run: bash .github/workflows/scripts/check-changelog.sh
env:
SHA: ${{ github.event.pull_request.head.sha }}
rust-docs:
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
runs-on: [self-hosted, 4vcpu-8ram-ubuntu22-namada-x86]
timeout-minutes: 20
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Build docs
run: make build-doc
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
lints:
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
runs-on: [self-hosted, 8vcpu-16ram-ubuntu22-namada-x86]
timeout-minutes: 15
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Clippy lints
run: make clippy
env:
RUSTFLAGS: "-Z threads=8"
- name: Check format
run: make fmt-check
env:
RUSTFLAGS: "-Z threads=8"
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
build-wasm:
timeout-minutes: 10
runs-on: [self-hosted, 4vcpu-8ram-ubuntu22-namada-x86]
container:
image: ghcr.io/heliaxdev/namada-ci:wasm-main
strategy:
fail-fast: true
matrix:
make:
- name: wasm
command: build-wasm-scripts
files: |
wasm/tx_*.wasm
wasm/vp_*.wasm
wasm/checksums.json
- name: wasm-for-tests
command: build-wasm-tests-scripts
files:
wasm_for_tests/*.wasm
env:
RUSTC_WRAPPER: ""
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Build ${{ matrix.make.name }}
run: make ${{ matrix.make.command }}
- name: Upload ${{ matrix.make.name }} artifacts
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.make.name }}-${{ github.event.pull_request.head.sha || github.sha }}
path: ${{ matrix.make.files }}
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
test-wasm:
timeout-minutes: 30
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
runs-on: [self-hosted, 4vcpu-8ram-ubuntu22-namada-x86]
needs: [build-wasm]
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Download wasm artifacts
uses: actions/download-artifact@v4
with:
name: wasm-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm
- name: Download wasm-for-tests artifacts
uses: actions/download-artifact@v4
with:
name: wasm-for-tests-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm_for_tests
- name: Test Wasm
run: cargo +${{ env.NIGHTLY }} nextest run --manifest-path wasm/Cargo.toml
env:
RUSTFLAGS: "-C linker=clang -C link-arg=-fuse-ld=/usr/local/bin/mold"
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
test-unit:
runs-on: [self-hosted, 8vcpu-16ram-ubuntu22-namada-x86]
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
timeout-minutes: 20
needs: [build-wasm]
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Download wasm artifacts
uses: actions/download-artifact@v4
with:
name: wasm-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm
- name: Download wasm-for-tests artifacts
uses: actions/download-artifact@v4
with:
name: wasm-for-tests-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm_for_tests
- name: Run unit tests with coverage
run: make test-unit-with-coverage
# run: cargo +${{ env.NIGHTLY }} llvm-cov nextest run -E 'not test(e2e)' -E 'not test(integration)' -E 'not test(pos_state_machine_test)' --features namada/testing --no-fail-fast --lcov --output-path lcov.info
env:
RUSTFLAGS: "-C linker=clang -C link-arg=-fuse-ld=/usr/local/bin/mold -Z threads=8"
- name: Store coverage file artifact
uses: actions/upload-artifact@v4
with:
name: unit-cov-${{ github.event.pull_request.head.sha || github.sha }}
path: lcov.info # output of `make test-unit-with-coverage`
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
check-packages:
runs-on: [self-hosted, 8vcpu-16ram-ubuntu22-namada-x86]
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
timeout-minutes: 15
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Check crates build with default features
run: make check-crates
env:
RUSTFLAGS: "-C linker=clang -C link-arg=-fuse-ld=/usr/local/bin/mold"
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
test-integration:
runs-on: [self-hosted, 8vcpu-16ram-ubuntu22-namada-x86]
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
timeout-minutes: 20
needs: [build-wasm]
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Download wasm artifacts
uses: actions/download-artifact@v4
with:
name: wasm-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm
- name: Download wasm-for-tests artifacts
uses: actions/download-artifact@v4
with:
name: wasm-for-tests-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm_for_tests
- name: Run integration tests with coverage
run: make test-integration-with-coverage
# run: cargo +${{ env.NIGHTLY }} nextest run -E 'test(integration)' --test-threads 1 --no-fail-fast
env:
RUSTFLAGS: "-C linker=clang -C link-arg=-fuse-ld=/usr/local/bin/mold -Z threads=8"
- name: Store coverage file artifact
uses: actions/upload-artifact@v4
with:
name: integration-cov-${{ github.event.pull_request.head.sha || github.sha }}
path: lcov.info # output of `make test-integration-with-coverage`
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
check-benchmarks:
runs-on: [self-hosted, 8vcpu-16ram-ubuntu22-namada-x86]
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
if: github.event.pull_request.draft == false || contains(github.head_ref, 'mergify/merge-queue') || contains(github.ref_name, 'mergify/merge-queue')
timeout-minutes: 25
needs: [build-wasm]
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Download wasm artifacts
uses: actions/download-artifact@v4
with:
name: wasm-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm
- name: Download wasm-for-tests artifacts
uses: actions/download-artifact@v4
with:
name: wasm-for-tests-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm_for_tests
- name: Run benchmarks tests
run: make test-benches
env:
RUSTFLAGS: "-C linker=clang -C link-arg=-fuse-ld=/usr/local/bin/mold -Z threads=8"
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
build-binaries:
runs-on: [self-hosted, 16vcpu-32ram-ubuntu22-namada-x86]
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
timeout-minutes: 20
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Release build
run: make build-release
env:
RUSTFLAGS: "-C linker=clang -C debug_assertions=true -C link-arg=-fuse-ld=/usr/local/bin/mold"
- name: Upload binaries
uses: actions/upload-artifact@v4
with:
name: binaries-${{ github.event.pull_request.head.sha || github.sha }}
path: |
target/release/namada
target/release/namadac
target/release/namadaw
target/release/namadan
- name: Upload build timing report
uses: actions/upload-artifact@v4
with:
name: build-timings-${{ github.event.pull_request.head.sha || github.sha }}
path: target/cargo-timings/cargo-timing.html
retention-days: 7
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
test-e2e:
runs-on: [self-hosted, 4vcpu-8ram-ubuntu22-namada-x86]
container:
image: ghcr.io/heliaxdev/namada-ci:namada-main
if: github.event.pull_request.draft == false || contains(github.head_ref, 'mergify/merge-queue') || contains(github.ref_name, 'mergify/merge-queue')
needs: [build-wasm, build-binaries]
timeout-minutes: 50
strategy:
fail-fast: false
matrix:
make:
- index: 0
- index: 1
- index: 2
- index: 3
- index: 4
steps:
- name: Checkout repo
uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request_target' }}
- name: Checkout PR
uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request_target' }}
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Configure AWS
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ env.AWS_REGION }}
role-to-assume: ${{ secrets.AWS_ROLE }}
- name: Cache cargo
id: cache
uses: runs-on/cache@v4
env:
RUNS_ON_S3_BUCKET_CACHE: ${{ env.CACHE_BUCKET }}
with:
path: /usr/local/cargo
key: /cache/${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}
- name: Start sccache server
id: sccache
run: sccache --start-server
- name: Download wasm artifacts
uses: actions/download-artifact@v4
with:
name: wasm-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm
- name: Download wasm-for-tests artifacts
uses: actions/download-artifact@v4
with:
name: wasm-for-tests-${{ github.event.pull_request.head.sha|| github.sha }}
path: wasm_for_tests
- name: Download namada binaries
uses: actions/download-artifact@v4
with:
name: binaries-${{ github.event.pull_request.head.sha || github.sha }}
path: ./target/release/
- name: Download Hermes
run: |
HERMES_VERSION=$(cat .github/workflows/scripts/hermes.txt)
echo "Using hermes version: ${HERMES_VERSION}"
curl -o hermes.zip -LO https://github.com/heliaxdev/hermes/releases/download/v${HERMES_VERSION}/hermes-v${HERMES_VERSION}-x86_64-unknown-linux-gnu.zip
unzip hermes.zip
mv hermes /usr/local/bin
- name: Change permissions
run: |
chmod +x target/release/namada
chmod +x target/release/namadaw
chmod +x target/release/namadan
chmod +x target/release/namadac
chmod +x /usr/local/bin/hermes
- name: Run e2e test
id: e2e
run: python3 .github/workflows/scripts/schedule-e2e.py
env:
NAMADA_E2E_USE_PREBUILT_BINARIES: "true"
NAMADA_E2E_KEEP_TEMP: "true"
NAMADA_TM_STDOUT: "false"
NAMADA_LOG_COLOR: "false"
NAMADA_LOG: "info"
RUSTFLAGS: "-C linker=clang -C debug_assertions=true -C link-arg=-fuse-ld=/usr/local/bin/mold"
N_OF_MACHINES: 5
INDEX: ${{ matrix.make.index }}
- name: Upload e2e logs
if: success() || steps.e2e.conclusion == 'failure' || steps.e2e.conclusion == 'success'
uses: actions/upload-artifact@v4
with:
name: logs-e2e-${{ matrix.make.index }}-${{ github.event.pull_request.head.sha || github.sha }}
path: |
/tmp/.*/logs/
/tmp/.*/setup/validator-*/logs/
/tmp/.*/setup/valiator-*/e2e-test.*/*.toml
retention-days: 5
- name: Clean cargo cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo cache --autoclean-expensive
- name: Stop sccache
if: always() && steps.sccache.conclusion == 'success'
run: sccache --stop-server || true
upload-coverage:
runs-on: [ubuntu-latest]
timeout-minutes: 20
needs: [test-unit, test-integration]
steps:
- name: Download unit coverage artifacts
uses: actions/download-artifact@v4
with:
name: unit-cov-${{ github.event.pull_request.head.sha || github.sha }}
path: unit-cov
- name: Download integration coverage artifacts
uses: actions/download-artifact@v4
with:
name: integration-cov-${{ github.event.pull_request.head.sha || github.sha }}
path: integration-cov
- name: Upload coverage to codecov
uses: codecov/codecov-action@v4
with:
files: integration-cov/lcov.info, unit-cov/lcov.info
fail_ci_if_error: true
token: ${{ secrets.CODECOV_TOKEN }}