-
Notifications
You must be signed in to change notification settings - Fork 0
157 lines (152 loc) · 6.31 KB
/
daily.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
name: daily
on:
schedule:
- cron: "14 14 * * *"
# Uncomment below to test.
# push:
# branches: [gha-test-*, canary, auto]
jobs:
audit:
runs-on: ubuntu-20.04
container:
image: ghcr.io/diem/diem_build_environment:main
volumes:
- "${{github.workspace}}:/opt/git/diem"
strategy:
fail-fast: false
matrix:
#this is a painful solution since it doesn't pick up new branches, other option is lotsa shell in one job....
#to test in canary add in canary here.....
target-branch: [main, release-1.5, release-1.4]
env:
AUDIT_SUMMARY_FILE: /tmp/summary
steps:
- uses: actions/[email protected]
with:
ref: ${{ matrix.target-branch }}
- uses: ./.github/actions/build-setup
- name: install cargo-audit
run: cargo install --force cargo-audit
- name: audit crates
# List of ignored RUSTSEC
# 1. RUSTSEC-2021-0073 - Not impacted.
# 2. RUSTSEC-2021-0072 - Not impacted.
run: |
cargo audit --color never --ignore RUSTSEC-2021-0073 --ignore RUSTSEC-2021-0072 > $AUDIT_SUMMARY_FILE
- name: set issue body content
if: ${{ failure() }}
env:
JOB_URL: "https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
run: |
echo "ISSUE_BODY<<EOF" >> $GITHUB_ENV
echo "Found RUSTSEC in dependencies in job ${JOB_URL}" >> $GITHUB_ENV
echo "\`\`\`" >> $GITHUB_ENV
head -100 $AUDIT_SUMMARY_FILE >> $GITHUB_ENV
echo "\`\`\`" >> $GITHUB_ENV
echo "EOF" >> $GITHUB_ENV
- uses: diem/actions/create-issue@faadd16607b77dfa2231a8f366883e01717b3225
if: ${{ failure() }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
title: "RUSTSEC in dependencies in branch ${{ matrix.target-branch }}"
body: ${{ env.ISSUE_BODY }}
labels: "dependecies"
- uses: ./.github/actions/build-teardown
coverage:
runs-on: ubuntu-20.04-xl
container:
image: ghcr.io/diem/diem_build_environment:main
volumes:
- "${{github.workspace}}:/opt/git/diem"
environment:
name: Sccache
env:
CODECOV_OUTPUT: codecov
MESSAGE_PAYLOAD_FILE: /tmp/message
steps:
- uses: actions/[email protected]
- uses: ./.github/actions/build-setup
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.ENV_DIEM_S3_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.ENV_DIEM_S3_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.ENV_DIEM_S3_AWS_REGION }}
- name: produce coverage
run: cargo xtest --html-cov-dir=$CODECOV_OUTPUT/grcovhtml/ --html-lcov-dir=$CODECOV_OUTPUT/lcovhtml/ --no-fail-fast -j 16 || true
- name: Push Coverage Reports to S3
run: |
set -x
SUFFIX="$(date +"%Y-%m-%d")-$(git rev-parse --short=8 HEAD)"
PREFIX="ci-artifacts.diem.com/coverage";
#Push grcov
aws s3 cp --recursive ${CODECOV_OUTPUT}/grcovhtml "s3://${PREFIX}/unit-coverage/${SUFFIX}/";
aws s3 cp --recursive ${CODECOV_OUTPUT}/grcovhtml "s3://${PREFIX}/unit-coverage/latest/";
echo "Grcov available in s3 https://${PREFIX}/unit-coverage/${SUFFIX}/index.html" >> ${MESSAGE_PAYLOAD_FILE}
#Push lcov
aws s3 cp --recursive ${CODECOV_OUTPUT}/lcovhtml "s3://${PREFIX}/lcov-unit-coverage/${SUFFIX}/";
aws s3 cp --recursive ${CODECOV_OUTPUT}/lcovhtml "s3://${PREFIX}/lcov-unit-coverage/latest/";
echo "lcov available in s3 https://${PREFIX}/lcov-unit-coverage/${SUFFIX}/index.html" >> ${MESSAGE_PAYLOAD_FILE}
- name: "Send Message"
uses: ./.github/actions/slack-file
with:
payload-file: ${{ env.MESSAGE_PAYLOAD_FILE }}
webhook: ${{ secrets.WEBHOOK_COVERAGE }}
# Disabling for now as this is not critical for job success. TODO: fix it up.
#- name: publish to codecov.io
# run: bash <(curl -s https://codecov.io/bash) -f $CODECOV_OUTPUT/lcovhtml/lcov.info -F unittest;
#- uses: ./.github/actions/build-teardown
prover-inconsistency-test:
runs-on: ubuntu-20.04-xl
container:
image: ghcr.io/diem/diem_build_environment:${{ matrix.target-branch }}
volumes:
- "${{github.workspace}}:/opt/git/diem"
env:
MESSAGE_PAYLOAD_FILE: /tmp/message
strategy:
fail-fast: false
matrix:
target-branch: [main]
steps:
- uses: actions/[email protected]
with:
ref: ${{ matrix.target-branch }}
- uses: ./.github/actions/build-setup
- uses: actions/[email protected]
with:
path: "/opt/cargo/git\n/opt/cargo/registry\n/opt/cargo/.package-cache"
key: crates-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
restore-keys: "crates-${{ runner.os }}"
- name: Run the prover tests with the inconsistency check and other nightly checks
shell: bash
run: |
cd /opt/git/diem/
set -o pipefail
MVP_TEST_INCONSISTENCY=1 cargo test -p move-prover --release 2>&1 | tee -a $MESSAGE_PAYLOAD_FILE
MVP_TEST_FEATURE=cvc5 cargo test -p move-prover --release 2>&1 | tee -a $MESSAGE_PAYLOAD_FILE
- uses: ./.github/actions/slack-file
with:
webhook: ${{ secrets.WEBHOOK_MOVE_PROVER }}
payload-file: ${{ env.MESSAGE_PAYLOAD_FILE }}
if: ${{ failure() }}
- uses: ./.github/actions/build-teardown
prune-docker-images:
runs-on: ubuntu-20.04
environment:
name: Docker
url: https://hub.docker.com/u/diem
steps:
- uses: actions/[email protected]
- name: sign in to DockerHub; install image signing cert
uses: ./.github/actions/dockerhub_login
with:
username: ${{ secrets.ENV_DOCKERHUB_USERNAME }}
password: ${{ secrets.ENV_DOCKERHUB_PASSWORD }}
key_material: ${{ secrets.ENV_DOCKERHUB_KEY_MATERIAL }}
key_name: ${{ secrets.ENV_DOCKERHUB_KEY_NAME }}
key_password: ${{ secrets.ENV_DOCKERHUB_KEY_PASSWORD }}
- name: prune Docker image
if: ${{ github.ref != 'refs/heads/auto' }}
run: |
scripts/dockerhub_prune.sh -u "${{ secrets.ENV_DOCKERHUB_USERNAME }}" -p "${{ secrets.ENV_DOCKERHUB_PASSWORD }}" -x