Skip to content

test suite for feat(gate)!: new policy spec #4388

test suite for feat(gate)!: new policy spec

test suite for feat(gate)!: new policy spec #4388

Workflow file for this run

name: test suite
run-name: test suite for ${{ github.event.pull_request.title || github.ref }}
on:
workflow_dispatch:
inputs:
tmate_enabled:
type: boolean
description: |
Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate).
This disables all but the test-full jobs.
required: false
default: false
push:
branches:
- main
pull_request:
types:
- opened
- reopened
- synchronize
- ready_for_review
# Cancel any in-flight jobs for the same PR/branch so there's only one active
# at a time
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
GHJK_VERSION: "v0.2.1"
GHJK_ENV: "ci"
RUST_BACKTRACE: "full"
DENO_DIR: deno-dir
# used by ghjk
# TODO: add logic to setup-ghjk
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_BUILD_NO_SUMMARY: true
SCCACHE_BUCKET: "metacache"
SCCACHE_ENDPOINT: "https://s3.pub1.infomaniak.cloud"
SCCACHE_REGION: "us-east-1"
SCCACHE_S3_USE_SSL: "true"
SCCACHE_CACHE_SIZE: "50G"
AWS_ACCESS_KEY_ID: ${{ secrets.SCCACHE_AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.SCCACHE_AWS_SECRET_ACCESS_KEY }}
jobs:
changes:
runs-on: ubuntu-latest
permissions:
pull-requests: read
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
website:
- '.github/workflows/tests.yml'
- 'src/metatype.dev/**'
typegate: # for the standalone/image (not typegate tests which rely on everything)
- '.github/workflows/tests.yml'
- 'src/common/**'
- 'src/mt_deno/**'
- 'src/pyrt_wit_wire/**'
- 'src/typegate/**'
- 'src/wit/**'
- 'Cargo.lock'
full:
- '.github/workflows/tests.yml'
- 'src/**'
- 'tests/**'
- 'examples/**'
- 'Cargo.lock'
outputs:
website: ${{ steps.filter.outputs.website }}
typegate: ${{ steps.filter.outputs.typegate }}
full: ${{ steps.filter.outputs.full }}
pre-commit:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dsherret/rust-toolchain-file@v1
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
name: Setup sccache secrets
run: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
uses: mozilla-actions/[email protected]
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc
- shell: bash
run: |
sudo apt update && sudo apt install -y --no-install-recommends libclang-dev clang
ghjk x install-ts
ghjk x install-website
ghjk x fetch-deno
# pre-resolve everything to disable resolutions
# changing the lockfile which would fail the hooks
ghjk p resolve
SKIP=ghjk-resolve pre-commit run --show-diff-on-failure --color=always --all-files
lint-compat:
needs: changes
if: ${{ needs.changes.outputs.full == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.tmate_enabled) }}
runs-on: "${{ matrix.os }}"
strategy:
matrix:
include:
- os: macos-13
target: x86_64-apple-darwin
cross: false
- os: macos-14
target: aarch64-apple-darwin
cross: false
# FIXME: linux/arm64 needs arm runners
# this target doesn't have a meta-cli build anyways
# the typegate is covered by the docker build down below
# - os: custom-macos
# target: aarch64-unknown-linux-gnu
# cross: true
#- os: windows-latest
# activate: '.venv\Scripts\activate.bat'
steps:
- uses: actions/checkout@v4
- uses: dsherret/rust-toolchain-file@v1
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
name: Setup sccache secrets
run: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
uses: mozilla-actions/[email protected]
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc
with:
# temporary fix
cache-key-prefix: ${{ matrix.os }}
- if: ${{ matrix.cross }}
shell: bash
env:
# arguments for our custom cross.Dockerfile
CROSS_BUILD_OPTS: "--build-arg 'CROSS_TARGET=${{ matrix.target }}'"
run: |
cross check --locked --all-features --all-targets --target ${{ matrix.target }}
- if: ${{ matrix.cross != true }}
shell: bash
run: |
cargo check --locked --all-features --all-targets --target ${{ matrix.target }}
test-website:
needs: changes
if: ${{ needs.changes.outputs.website == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.tmate_enabled) }}
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# - name: Cache deno dir
# uses: actions/cache@v4
# with:
# path: ${{ env.DENO_DIR }}
# key: deno-mac-${{ hashFiles('**/deno.lock') }}
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc
- name: Cache .venv dir
uses: actions/cache@v4
with:
path: .venv
key: ${{ runner.os }}-venv-${{ hashFiles('**/poetry.lock', '.ghjk/lock.json') }}
- shell: bash
run: |
ghjk x install-py
source .venv/bin/activate
ghjk x install-website
ghjk x test-website
bulid-docker:
needs: changes
if: ${{ needs.changes.outputs.typegate == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.tmate_enabled) }}
runs-on: ${{ matrix.runner }}
strategy:
fail-fast: false
matrix:
include:
- platform: linux/amd64
runner: custom-ubuntu-large
- platform: linux/arm64
runner: custom-arm
steps:
- uses: actions/checkout@v4
- uses: docker/setup-buildx-action@v3
- uses: scherermichael-oss/action-has-permission@master
id: check
with:
required-permission: write
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/login-action@v3
if: steps.check.outputs.has-permission
with:
registry: docker.io
username: zifeo
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build with cache (internal)
uses: docker/build-push-action@v6
if: steps.check.outputs.has-permission
with:
file: tools/Dockerfile
platforms: ${{ matrix.platform }}
push: false
cache-from: type=registry,ref=docker.io/zifeo/metatype-cache:ci
cache-to: type=registry,ref=docker.io/zifeo/metatype-cache:ci,mode=max
# check target runs extra validation steps in the Dockerfile
target: check
build-args: |
CARGO_PROFILE=dev
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
- name: Build without cache (external)
uses: docker/build-push-action@v6
if: "! steps.check.outputs.has-permission"
with:
file: tools/Dockerfile
platforms: ${{ matrix.platform }}
push: false
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/typegate:latest
build-args: |
CARGO_PROFILE=dev
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }}
target: check
test-full:
needs: changes
if: ${{ needs.changes.outputs.full == 'true' }}
runs-on:
# - ubuntu-latest
- self-hosted # https://check-jsonschema.readthedocs.io/en/latest/faq.html#using-self-hosted-runners
- custom-ubuntu-large
timeout-minutes: 80
steps:
- uses: actions/checkout@v4
- name: Setup tmate session
if: ${{ github.event_name == 'workflow_dispatch' && inputs.tmate_enabled }}
uses: mxschmitt/action-tmate@v3
with:
detached: true
- uses: dsherret/rust-toolchain-file@v1
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
name: Setup sccache secrets
run: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
uses: mozilla-actions/[email protected]
# - name: Cache deno dir
# uses: actions/cache@v4
# with:
# path: ${{ env.DENO_DIR }}
# key: deno-${{ hashFiles('**/deno.lock') }}
- name: Cache .venv dir
uses: actions/cache@v4
with:
path: .venv
key: ${{ runner.os }}-venv-${{ hashFiles('**/poetry.lock', '.ghjk/lock.json') }}
# FIXME: the custom runner is missing some ambient items found in
# github runner images by default. remove this hack when ghjk handles
# zstd/bsdtar on it's own
- run: |
sudo apt update
sudo apt install -y --no-install-recommends zstd
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc
with:
cache-disable: true
- shell: bash
run: |
# the big run
# we don't want bash sub shells to do ghjk_reload
# TODO: consider disabling ghjk_reload on non-interactive shells
# by default
unset BASH_ENV
ghjk x install-sys | bash
ghjk x install-py
ghjk x install-wasi-adapter
source .venv/bin/activate
# this doesn't publish it but only builds it
WASM_OPT=1 ghjk x build-tgraph-ts
# start the docker containers
ghjk x dev-compose base prisma grpc subredis
WASM_OPT=1 ghjk x build-tgraph
ghjk x install-ts
ghjk x fetch-deno
ghjk x dev update --cache-only
ghjk x test-rust
ghjk x test-e2e -- --coverage=coverage
# FIXME: required due to https://github.com/denoland/deno/issues/21621#issuecomment-1887870712
deno cache --config src/typegate/deno.jsonc \
src/typegate/src/main.ts \
tests/utils/*.ts \
tests/runtimes/wasm_wire/*.ts \
tests/runtimes/wasm_reflected/*.ts \
tests/runtimes/python/*.ts \
tests/runtimes/substantial/common.ts \
tests/e2e/self_deploy/self_deploy.ts \
tests/metagen/typegraphs/metagen.ts \
src/typegraph/deno/src/*.ts \
tools/*.ts
deno --unstable-worker-options --unstable-net coverage ./coverage --lcov > coverage.lcov
# we need secrets for coverage so we skip if not avail
# this applies to dedpendabot PRs for example
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }}
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: ./coverage.lcov
fail_ci_if_error: true