Skip to content

Runbooks for test distributions and deployments #4660

Runbooks for test distributions and deployments

Runbooks for test distributions and deployments #4660

Workflow file for this run

name: CI
on:
push:
branches:
- 'main'
- 'hotfix**'
pull_request:
types: [opened, reopened, synchronize]
paths-ignore: # ignore docs only changes since they use a dedicated workflows: docs.yml
- 'docs/**'
- 'mithril-explorer/**'
- '.github/workflows/docs.yml'
branches-ignore:
- 'hotfix**' # hotfix are handled by the push trigger
concurrency:
group: ci-build-test-${{ github.ref }}
cancel-in-progress: true
jobs:
build-ubuntu-X64:
runs-on: ubuntu-20.04
outputs:
eras: ${{ steps.eras-test-lab.outputs.eras }}
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Install stable toolchain, tools, and restore cache
uses: ./.github/workflows/actions/toolchain-and-cache
with:
cache-version: 20.04-${{ secrets.CACHE_VERSION }}
cargo-tools: cargo-deb
# We separate the build in 2 steps as we want to avoid side effects with Rust feature unification.
- name: Cargo build - Tooling
shell: bash
run: |
cargo build --features portable --release --workspace \
--exclude mithril-aggregator --exclude mithril-client-cli \
--exclude mithril-client --exclude mithril-signer \
--exclude mithril-stm
- name: Build Mithril workspace & publish artifacts
uses: ./.github/workflows/actions/build-upload-mithril-artifact
with:
binaries-build-args: --bin mithril-aggregator --bin mithril-signer --bin mithril-client --bin mithril-relay --features bundle_openssl
libraries-build-args: --package mithril-stm --package mithril-client
- name: Build Debian packages
shell: bash
run: |
cargo deb --no-build --package mithril-aggregator
cargo deb --no-build --package mithril-signer
cargo deb --no-build --package mithril-client-cli
cargo deb --no-build --package mithril-relay
- name: Publish Debian packages
uses: actions/upload-artifact@v3
with:
name: mithril-deb-packages-${{ runner.os }}-${{ runner.arch }}
path: target/debian/*.deb
if-no-files-found: error
- name: Publish End-to-end runner (${{ runner.os }}-${{ runner.arch }})
uses: actions/upload-artifact@v3
with:
name: mithril-end-to-end-${{ runner.os }}-${{ runner.arch }}
path: target/release/mithril-end-to-end
if-no-files-found: error
- name: Prepare test lab eras
id: eras-test-lab
run: |
ERAS=$(./target/release/mithril-aggregator era list --json)
echo "Test Lab Eras: $ERAS"
echo "eras=$ERAS" >> $GITHUB_OUTPUT
build:
strategy:
fail-fast: false
matrix:
os: [ macos-12, windows-latest ]
include:
# Only build client on windows & mac
- os: macos-12
binaries-build-args: --bin mithril-client --features bundle_openssl
libraries-build-args: --package mithril-stm --package mithril-client
- os: windows-latest
# Use `--bins --package <package>` instead of `--bin <package>`, otherwise the 'windows' compatibility
# hack in mithril common cargo.toml doesn't apply (we have no idea why).
binaries-build-args: --bins --package mithril-client-cli --features bundle_openssl
libraries-build-args: --package mithril-stm --package mithril-client --no-default-features --features num-integer-backend
runs-on: ${{ matrix.os }}
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Install stable toolchain and restore cache
uses: ./.github/workflows/actions/toolchain-and-cache
with:
cache-version: ${{ secrets.CACHE_VERSION }}
- name: Build Mithril workspace & publish artifacts
uses: ./.github/workflows/actions/build-upload-mithril-artifact
with:
binaries-build-args: ${{ matrix.binaries-build-args }}
libraries-build-args: ${{ matrix.libraries-build-args }}
common-build-args: ${{ matrix.common-build-args }}
test:
strategy:
fail-fast: false
matrix:
os: [ ubuntu-22.04, macos-12, windows-latest ]
include:
- os: ubuntu-22.04
test-args: --features portable --workspace
# Only test client on windows & mac (since its the only binaries supported for those os for now)
- os: macos-12
test-args: --package mithril-client --package mithril-client-cli
- os: windows-latest
test-args: --package mithril-client --package mithril-client-cli
runs-on: ${{ matrix.os }}
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Install stable toolchain, tools, and restore cache
uses: ./.github/workflows/actions/toolchain-and-cache
with:
cache-version: ${{ secrets.CACHE_VERSION }}
cargo-tools: cargo-nextest
- name: Build tests
run: cargo nextest run --no-run ${{ matrix.test-args }}
- name: Run tests
run: cargo nextest run --profile ci ${{ matrix.test-args }}
- name: Run doc tests
run: cargo test --doc ${{ matrix.test-args }}
- name: Ensure examples build
run: cargo build --examples ${{ matrix.test-args }}
- name: Rename junit file to include runner info
shell: bash
if: success() || failure()
run: |
mv target/nextest/ci/tests-result.junit.xml test-results${{ matrix.artifact-suffix }}-${{ runner.os }}-${{ runner.arch }}.xml
- name: Upload Tests Results
uses: actions/upload-artifact@v3
if: success() || failure()
with:
name: test-results${{ matrix.artifact-suffix }}-${{ runner.os }}-${{ runner.arch }}
path: |
./test-results-*.xml
check:
runs-on: ubuntu-22.04
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Install stable toolchain, tools, and restore cache
uses: ./.github/workflows/actions/toolchain-and-cache
with:
cache-version: ${{ secrets.CACHE_VERSION }}
cargo-tools: cargo-sort clippy-sarif sarif-fmt
- name: Clippy Check
if: success() || failure()
run: |
cargo clippy \
--all-features --all-targets --no-deps --message-format=json \
| clippy-sarif | tee rust-clippy-results.sarif | sarif-fmt
# Make this step fail if any warning has been found
if [[ $(cat rust-clippy-results.sarif | jq '.runs[0].results') != "[]" ]]; then
false
fi
- name: Upload clippy analysis results to GitHub
if: success() || failure()
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: rust-clippy-results.sarif
wait-for-processing: true
- name: Cargo fmt
if: success() || failure()
shell: bash
run: cargo fmt --check
- name: Cargo sort
if: success() || failure()
shell: bash
run: cargo sort -w -c
- name: Dependency & Vulnerabilities Review
if: github.event_name == 'pull_request'
uses: actions/dependency-review-action@v3
with:
base-ref: ${{ github.event.pull_request.base.sha || 'main' }}
head-ref: ${{ github.event.pull_request.head.sha || github.ref }}
run-test-lab:
runs-on: ubuntu-22.04
needs: [ build-ubuntu-X64 ]
strategy:
fail-fast: false
matrix:
era: ${{ fromJSON(needs.build-ubuntu-X64.outputs.eras) }}
run_id: [1,2,3]
extra_args: [""]
include:
- era: ${{ fromJSON(needs.build-ubuntu-X64.outputs.eras)[0] }}
run_id: 3
extra_args: "--use-p2p-network"
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Download binaries
uses: actions/download-artifact@v3
with:
name: mithril-distribution-${{ runner.os }}-${{ runner.arch }}
path: ./bin
- name: Download rust test runner
uses: actions/download-artifact@v3
with:
name: mithril-end-to-end-${{ runner.os }}-${{ runner.arch }}
path: ./
- run: |
chmod +x ./bin/mithril-aggregator
chmod +x ./bin/mithril-client
chmod +x ./bin/mithril-signer
chmod +x ./bin/mithril-relay
chmod +x ./mithril-end-to-end
mkdir artifacts
- name: Test
run: ./mithril-end-to-end --bin-directory ./bin --work-directory=./artifacts --devnet-scripts-directory=./mithril-test-lab/mithril-devnet --mithril-era=${{ matrix.era }} ${{ matrix.extra_args }}
- name: Upload E2E Tests Artifacts
if: ${{ failure() }}
uses: actions/upload-artifact@v3
with:
name: mithril-e2e-tests-artifacts-run_${{ github.run_number }}-attempt_${{ github.run_attempt }}-era_${{ matrix.era }}-run_id_${{ matrix.run_id }}
path: |
./artifacts/*
# including node.sock makes the upload fails so exclude them:
!./artifacts/**/node.sock
# exclude cardano tools, saving ~50mb of data:
!./artifacts/devnet/cardano-cli
!./artifacts/devnet/cardano-node
if-no-files-found: error
publish-tests-results:
if: success() || failure()
runs-on: ubuntu-22.04
needs:
- test
steps:
- name: Download Tests Results (${{ runner.os }}-${{ runner.arch }})
if: success() || failure()
uses: actions/download-artifact@v3
with:
name: test-results-${{ runner.os }}-${{ runner.arch }}
- name: Download Tests Results (macOS-X64)
if: success() || failure()
uses: actions/download-artifact@v3
with:
name: test-results-macOS-X64
- name: Download Tests Results (Windows-X64)
if: success() || failure()
uses: actions/download-artifact@v3
with:
name: test-results-Windows-X64
- name: Publish Unit Test Results
if: success() || failure()
uses: EnricoMi/publish-unit-test-result-action@v2
with:
junit_files: ./**/test-results-*.xml
docker-mithril:
runs-on: ubuntu-22.04
needs:
- build
- check
- test
- run-test-lab
strategy:
fail-fast: false
matrix:
project: [ mithril-aggregator, mithril-client-cli, mithril-signer, mithril-relay ]
include:
- project: mithril-client-cli
package: mithril-client
permissions:
contents: read
packages: write
env:
PUSH_PACKAGES: ${{ github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith('refs/heads/hotfix', github.ref)) }}
REGISTRY: ghcr.io
PACKAGE: ${{ github.repository_owner }}/${{ matrix.package != '' && matrix.package || matrix.project }}
DOCKER_FILE: ./${{ matrix.project }}/Dockerfile.ci
CONTEXT: .
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Log in to the Container registry
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v4
with:
images: ${{ env.REGISTRY }}/${{ env.PACKAGE }}
tags: |
unstable
type=raw,value=${{ github.base_ref || github.ref_name }}-{{sha}}
- name: Download built artifacts
uses: actions/download-artifact@v3
with:
name: mithril-distribution-${{ runner.os }}-${{ runner.arch }}
path: ${{ matrix.project }}
- name: Build and push Docker image
uses: docker/build-push-action@v3
with:
context: ${{ env.CONTEXT }}
file: ${{ env.DOCKER_FILE }}
push: ${{ env.PUSH_PACKAGES }}
tags: ${{ steps.meta.outputs.tags }}
publish-crate-test:
strategy:
fail-fast: false
max-parallel: 1
matrix:
package: [ mithril-stm, mithril-common, mithril-client ]
runs-on: ubuntu-22.04
needs:
- build
- test
- run-test-lab
- check
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: stable
- name: Publish package to crates.io
uses: ./.github/workflows/actions/publish-crate-package
with:
dry_run: "true"
package: ${{ matrix.package }}
unstable-release:
if: github.event_name == 'push' && (github.ref == 'refs/heads/main' || startsWith('refs/heads/hotfix', github.ref))
runs-on: ubuntu-22.04
needs:
- build
- test
- run-test-lab
- check
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Prepare packaging
run: mkdir package
- name: Get short SHA
id: slug
run: echo "sha8=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT
- name: Download built artifacts (Linux-X64)
uses: actions/download-artifact@v3
with:
name: mithril-distribution-Linux-X64
path: ./package-Linux-X64
- name: Download Debian packages (Linux-X64)
uses: actions/download-artifact@v3
with:
name: mithril-deb-packages-Linux-X64
path: ./package
- name: Download built artifacts (macOS-X64)
uses: actions/download-artifact@v3
with:
name: mithril-distribution-macOS-X64
path: ./package-macOS-X64
- name: Download built artifacts (Windows-X64)
uses: actions/download-artifact@v3
with:
name: mithril-distribution-Windows-X64
path: ./package-Windows-X64
- name: Prepare distribution package
uses: ./.github/workflows/actions/prepare-distribution
with:
version-name: unstable-${{ steps.slug.outputs.sha8 }}
download-url-base: ${{ github.server_url }}/${{ github.repository }}/releases/download/unstable
gpg-secret-key: ${{ secrets.GPG_SECRET_KEY }}
compatibility-table: '{ "release-mainnet": "⛔", "release-preprod": "⛔", "pre-release-preview": "⛔", "testing-preview": "✔" }'
- name: Update unstable release
uses: marvinpinto/action-automatic-releases@latest
with:
repo_token: ${{ secrets.GITHUB_TOKEN }}
automatic_release_tag: unstable
prerelease: true
title: Unstable Development Builds
files: package/*
- name: Update unstable release body with release notes addon
uses: tubone24/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
TAG_NAME: unstable
with:
is_append_body: true
body_path: ./release-notes-addon.txt
deploy-testing:
# Don't run on pull request from forks since they don't have access to all the needed secrets
if: github.event_name == 'push' || (github.event_name == 'pull_request' && !github.event.pull_request.head.repo.fork)
strategy:
fail-fast: false
matrix:
environment: [ testing-preview ]
include:
- environment: testing-preview
environment_prefix: testing
cardano_network: preview
mithril_api_domain: api.mithril.network
mithril_protocol_parameters: |
{
k = 2422
m = 20973
phi_f = 0.2
}
mithril_signers: |
{
"1" = {
type = "verified",
pool_id = "",
},
"2" = {
type = "verified",
pool_id = "",
},
"3" = {
type = "verified",
pool_id = "",
},
}
terraform_backend_bucket: hydra-terraform-admin
google_region: europe-west1
google_zone: europe-west1-b
google_machine_type: e2-highmem-4
google_compute_instance_boot_disk_size: 200
google_compute_instance_data_disk_size: 250
environment: ${{ matrix.environment }}
runs-on: ubuntu-22.04
needs:
- docker-mithril
defaults:
run:
working-directory: mithril-infra
steps:
- name: Checkout sources
uses: actions/checkout@v3
- name: Get Docker image id
run: echo "DOCKER_IMAGE_ID=${{ github.base_ref || github.ref_name }}-$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_ENV
- name: ${{ env.DEPLOY == 'true' && 'Apply' || 'Plan' }} terraform infrastructure
uses: ./.github/workflows/actions/deploy-terraform-infrastructure
env:
DEPLOY: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
with:
dry_run: ${{ env.DEPLOY == 'true' && 'false' || 'true' }}
terraform_backend_bucket: ${{ matrix.terraform_backend_bucket }}
environment_prefix: ${{ matrix.environment_prefix }}
environment: ${{ matrix.environment }}
cardano_network: ${{ matrix.cardano_network }}
cardano_node_version: ${{ vars.CARDANO_NODE_VERSION }}
google_region: ${{ matrix.google_region }}
google_zone: ${{ matrix.google_zone }}
google_machine_type: ${{ matrix.google_machine_type }}
google_compute_instance_boot_disk_size: ${{ matrix.google_compute_instance_boot_disk_size }}
google_compute_instance_data_disk_size: ${{ matrix.google_compute_instance_data_disk_size }}
google_application_credentials: ${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}
mithril_api_domain: ${{ matrix.mithril_api_domain }}
mithril_image_id: ${{ env.DOCKER_IMAGE_ID }}
mithril_protocol_parameters: ${{ toJSON(matrix.mithril_protocol_parameters) }}
mithril_signers: ${{ toJSON(matrix.mithril_signers) }}
mithril_genesis_secret_key: ${{ secrets.GENESIS_SECRET_KEY }}
mithril_genesis_verification_key_url: ${{ vars.GENESIS_VERIFICATION_KEY_URL }}
mithril_era_reader_address_url: ${{ vars.ERA_READER_ADDRESS_URL }}
mithril_era_reader_verification_key_url: ${{ vars.ERA_READER_VERIFICATION_KEY_URL }}
mithril_era_reader_secret_key: ${{ secrets.ERA_READER_SECRET_KEY }}
mithril_aggregator_cdn_cname: ${{ vars.AGGREGATOR_CDN_CNAME }}
mithril_aggregator_snapshot_use_cdn_domain: ${{ vars.AGGREGATOR_USE_CDN_DOMAIN }}
mithril_aggregator_snapshot_compression_algorithm: ${{ vars.AGGREGATOR_SNAPSHOT_COMPRESSION_ALGORITHM }}
mithril_aggregator_zstandard_parameters_level: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_LEVEL }}
mithril_aggregator_zstandard_parameters_workers: ${{ vars.AGGREGATOR_SNAPSHOT_ZSTANDARD_WORKERS }}
mithril_aggregator_cexplorer_pools_url: ${{ vars.AGGREGATOR_CEXPLORER_POOLS_URL }}
prometheus_auth_username: ${{ secrets.PROMETHEUS_AUTH_USERNAME }}
prometheus_auth_password: ${{ secrets.PROMETHEUS_AUTH_PASSWORD }}
prometheus_ingest_host: ${{ vars.PROMETHEUS_INGEST_HOST }}
prometheus_ingest_username: ${{ secrets.PROMETHEUS_INGEST_USERNAME }}
prometheus_ingest_password: ${{ secrets.PROMETHEUS_INGEST_PASSWORD }}
loki_auth_username: ${{ secrets.LOKI_AUTH_USERNAME }}
loki_auth_password: ${{ secrets.LOKI_AUTH_PASSWORD }}
loki_ingest_host: ${{ vars.LOKI_INGEST_HOST }}
loki_ingest_username: ${{ secrets.LOKI_INGEST_USERNAME }}
loki_ingest_password: ${{ secrets.LOKI_INGEST_PASSWORD }}