-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #293 from eosnetworkfoundation/zach-contract-ci
TrustEVM Contract CI
- Loading branch information
Showing
5 changed files
with
237 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
#!/bin/bash | ||
set -eo pipefail | ||
|
||
# print and run a command | ||
function ee() | ||
{ | ||
echo "$ $*" | ||
eval "$@" | ||
} | ||
|
||
export Deosio_DIR='/usr/lib/x86_64-linux-gnu/cmake/eosio' | ||
# debug code | ||
ee cmake --version | ||
echo 'Leap version:' | ||
cat "$Deosio_DIR/EosioTester.cmake" | grep 'EOSIO_VERSION' | grep -oP "['\"].*['\"]" | tr -d "'\"" || : | ||
|
||
# build | ||
ee mkdir -p contract/tests/build | ||
ee pushd contract/tests | ||
ee pushd build | ||
ee "cmake -DCMAKE_BUILD_TYPE=$DCMAKE_BUILD_TYPE .." | ||
ee make -j "$(nproc)" unit_test | ||
|
||
# pack | ||
ee popd | ||
ee 'tar -czf ../../contract-test.tar.gz build/*' | ||
ee popd | ||
|
||
echo "Done! - ${0##*/}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
#!/bin/bash | ||
set -eo pipefail | ||
|
||
# print and run a command | ||
function ee() | ||
{ | ||
echo "$ $*" | ||
eval "$@" | ||
} | ||
|
||
# debug code | ||
ee cdt-cc --version | ||
ee cmake --version | ||
|
||
# build | ||
ee mkdir -p contract/build | ||
ee pushd contract | ||
ee pushd build | ||
ee "cmake -DCMAKE_BUILD_TYPE=$DCMAKE_BUILD_TYPE -DWITH_TEST_ACTIONS=$DWITH_TEST_ACTIONS .." | ||
ee make -j "$(nproc)" | ||
|
||
# pack | ||
ee popd | ||
ee 'tar -czf ../contract.tar.gz build/*' | ||
ee popd | ||
|
||
echo "Done! - ${0##*/}" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
# TrustEVM Contract CI | ||
This GitHub Actions workflow builds the TrustEVM contract and its associated tests. | ||
|
||
### Index | ||
1. [Triggers](#triggers) | ||
1. [Inputs](#inputs) | ||
1. [Steps](#steps) | ||
1. [Outputs](#outputs) | ||
1. [GitHub App Integration](#github-app-integration) | ||
1. [See Also](#see-also) | ||
|
||
## Triggers | ||
This GitHub action will run under the following circumstances: | ||
1. When code is pushed to the `main` branch. | ||
1. When code is pushed to any branch with a name starting with `release/`. | ||
1. Workflow dispatch event, which is triggered manually using the "Workflow Dispatch" button in the Actions tab of the GitHub repository. | ||
|
||
## Inputs | ||
The inputs for this GitHub action are: | ||
1. `DCMAKE_BUILD_TYPE` - defined in the GitHub Action YAML, this sets the build type and determines the level of optimization, debugging information, and other flags; one of `Debug`, `Release`, `RelWithDebInfo`, or `MinSizeRel`. | ||
1. `DWITH_TEST_ACTIONS` - defined in the GitHub Action YAML, build with or without code paths intended to be excercised exclusively by tests. | ||
1. `GITHUB_TOKEN` - a GitHub Actions intrinsic used to access the repository and other public resources. | ||
1. `TRUSTEVM_CI_APP_ID` - the app ID of the `trustevm-ci-submodule-checkout` GitHub App. | ||
1. `TRUSTEVM_CI_APP_KEY` - the private key to the `trustevm-ci-submodule-checkout` GitHub App. | ||
|
||
These inputs are used in various steps of the workflow to perform actions such as authentication, downloading artifacts, configuring the build, and uploading artifacts. | ||
|
||
## Steps | ||
This workflow performs the following steps: | ||
1. Attach Documentation | ||
1. Checkout the repo with no submodules. | ||
1. Attach an annotation to the GitHub Actions build summary page containing CI documentation. | ||
1. TrustEVM Contract Build | ||
> This is a build matrix with and without tests enabled. | ||
1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action to obtain an ephemeral token. | ||
1. Checkout the repo and submodules using the ephemeral token. | ||
1. Download the CDT binary using the [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. | ||
1. Install the CDT binary. | ||
1. Build the TrustEVM contract using `make` and `cmake`. | ||
1. Upload the contract build folder to GitHub Actions. | ||
1. If tests are enabled, download the `leap-dev` binary using [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. | ||
1. If tests are enabled, install the `leap-dev` binary. | ||
1. If tests are enabled, build the TrustEVM contract tests using `make` and `cmake`. | ||
1. If tests are enabled, upload the build folder for the contract test code to GitHub Actions. | ||
|
||
## Outputs | ||
This workflow produces the following outputs: | ||
1. Contract Build Artifacts - `contract.test-actions-off.tar.gz` containing the built contract from the `contract/build` folder with `DWITH_TEST_ACTIONS=off`. | ||
1. Contract Build Artifacts - `contract.test-actions-on.tar.gz` containing the built contract from the `contract/build` folder with `DWITH_TEST_ACTIONS=on`. | ||
1. Contract Test Artifacts - `contract-test.tar.gz` containing the built contract test artifacts from the `contract/tests/build` folder. | ||
|
||
> 📁 Due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years and counting_, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for Microsoft/GitHub. | ||
## GitHub App Integration | ||
This workflow uses the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) GitHub action to assume the role of a GitHub application installed to the AntelopeIO organization to clone the private submodules. It requests a token from the GitHub app, clones everything using this token under the identity of the app, then the token expires. This is advantageous over a persistent API key from a GitHub service account because this does not consume a paid user seat, the "account" associated with the app cannot be logged into in the GitHub web UI, the app is scoped to exactly the permissions it needs to perform the clones for this repo _and nothing more_, and the API key expires very quickly so a bad actor who exfiltrates this key from the CI system should find it is not useful. | ||
|
||
**The downside is that if TrustEVM adds additional private submodules, the GitHub app must be granted permissions to these new submodules.** The CI system will not work until this happens. | ||
|
||
## See Also | ||
- [asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) GitHub Action | ||
- [github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) GitHub action | ||
- [TrustEVM Documentation](../../README.md) | ||
|
||
For assistance with the CI system, please open an issue in this repo or reach out in the `#help-automation` channel via IM. | ||
|
||
*** | ||
**_Legal notice_** | ||
This document was generated in collaboration with ChatGPT from OpenAI, a machine learning algorithm or weak artificial intelligence (AI). At the time of this writing, the [OpenAI terms of service agreement](https://openai.com/terms) §3.a states: | ||
> Your Content. You may provide input to the Services (“Input”), and receive output generated and returned by the Services based on the Input (“Output”). Input and Output are collectively “Content.” As between the parties and to the extent permitted by applicable law, you own all Input, and subject to your compliance with these Terms, OpenAI hereby assigns to you all its right, title and interest in and to Output. | ||
This notice is required in some countries. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,102 @@ | ||
name: TrustEVM Contract CI | ||
|
||
on: | ||
push: | ||
branches: | ||
- main | ||
- release/* | ||
pull_request: | ||
workflow_dispatch: | ||
|
||
jobs: | ||
documentation: | ||
name: Attach Documentation | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 1 | ||
submodules: 'false' | ||
|
||
- name: Attach Documentation | ||
run: cat .github/workflows/contract.md >> $GITHUB_STEP_SUMMARY | ||
|
||
build: | ||
runs-on: ubuntu-20.04 | ||
strategy: | ||
matrix: | ||
DWITH_TEST_ACTIONS: ['on', 'off'] | ||
name: TrustEVM Contract Build - Tests ${{ matrix.DWITH_TEST_ACTIONS }} | ||
env: | ||
CC: gcc-10 | ||
CXX: g++-10 | ||
DCMAKE_BUILD_TYPE: 'Release' | ||
|
||
steps: | ||
- name: Authenticate | ||
id: auth | ||
uses: AntelopeIO/github-app-token-action@v1 | ||
with: | ||
app_id: ${{ secrets.TRUSTEVM_CI_APP_ID }} | ||
private_key: ${{ secrets.TRUSTEVM_CI_APP_KEY }} | ||
|
||
- name: Checkout Repo | ||
uses: actions/checkout@v3 | ||
with: | ||
fetch-depth: 0 | ||
submodules: 'recursive' | ||
token: ${{ steps.auth.outputs.token }} | ||
|
||
- name: Download CDT | ||
uses: AntelopeIO/asset-artifact-download-action@v2 | ||
with: | ||
owner: AntelopeIO | ||
repo: cdt | ||
target: 'v3.1.0' | ||
prereleases: false | ||
file: 'cdt_.*amd64.deb' | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Install CDT | ||
run: sudo apt-get install -y ./cdt*.deb | ||
|
||
- name: Build TrustEVM Contract | ||
run: .github/workflows/build-contract.sh | ||
env: | ||
DWITH_TEST_ACTIONS: ${{ matrix.DWITH_TEST_ACTIONS }} | ||
|
||
- name: Upload Artifacts | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: contract.test-actions-${{ matrix.DWITH_TEST_ACTIONS }}.tar.gz | ||
path: contract.tar.gz | ||
if-no-files-found: error | ||
|
||
- name: Download Leap - dev binary | ||
if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' | ||
uses: AntelopeIO/asset-artifact-download-action@v2 | ||
with: | ||
owner: AntelopeIO | ||
repo: leap | ||
target: 'v3.1.3' | ||
prereleases: false | ||
file: 'leap-dev.*(x86_64|amd64).deb' | ||
container-package: experimental-binaries | ||
token: ${{ secrets.GITHUB_TOKEN }} | ||
|
||
- name: Install Leap | ||
if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' | ||
run: sudo apt-get install -y ./leap*.deb | ||
|
||
- name: Build TrustEVM Contract Tests | ||
if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' | ||
run: .github/workflows/build-contract-test.sh | ||
|
||
- name: Upload Artifacts | ||
if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' | ||
uses: actions/upload-artifact@v3 | ||
with: | ||
name: contract-test.tar.gz | ||
path: contract-test.tar.gz | ||
if-no-files-found: error |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters