test suite for feat(gate)!: new policy spec #4388
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: test suite | |
run-name: test suite for ${{ github.event.pull_request.title || github.ref }} | |
on: | |
workflow_dispatch: | |
inputs: | |
tmate_enabled: | |
type: boolean | |
description: | | |
Run the build with tmate debugging enabled (https://github.com/marketplace/actions/debugging-with-tmate). | |
This disables all but the test-full jobs. | |
required: false | |
default: false | |
push: | |
branches: | |
- main | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- ready_for_review | |
# Cancel any in-flight jobs for the same PR/branch so there's only one active | |
# at a time | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
GHJK_VERSION: "v0.2.1" | |
GHJK_ENV: "ci" | |
RUST_BACKTRACE: "full" | |
DENO_DIR: deno-dir | |
# used by ghjk | |
# TODO: add logic to setup-ghjk | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
DOCKER_BUILD_NO_SUMMARY: true | |
SCCACHE_BUCKET: "metacache" | |
SCCACHE_ENDPOINT: "https://s3.pub1.infomaniak.cloud" | |
SCCACHE_REGION: "us-east-1" | |
SCCACHE_S3_USE_SSL: "true" | |
SCCACHE_CACHE_SIZE: "50G" | |
AWS_ACCESS_KEY_ID: ${{ secrets.SCCACHE_AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.SCCACHE_AWS_SECRET_ACCESS_KEY }} | |
jobs: | |
changes: | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: read | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
website: | |
- '.github/workflows/tests.yml' | |
- 'src/metatype.dev/**' | |
typegate: # for the standalone/image (not typegate tests which rely on everything) | |
- '.github/workflows/tests.yml' | |
- 'src/common/**' | |
- 'src/mt_deno/**' | |
- 'src/pyrt_wit_wire/**' | |
- 'src/typegate/**' | |
- 'src/wit/**' | |
- 'Cargo.lock' | |
full: | |
- '.github/workflows/tests.yml' | |
- 'src/**' | |
- 'tests/**' | |
- 'examples/**' | |
- 'Cargo.lock' | |
outputs: | |
website: ${{ steps.filter.outputs.website }} | |
typegate: ${{ steps.filter.outputs.typegate }} | |
full: ${{ steps.filter.outputs.full }} | |
pre-commit: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dsherret/rust-toolchain-file@v1 | |
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }} | |
name: Setup sccache secrets | |
run: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }} | |
uses: mozilla-actions/[email protected] | |
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc | |
- shell: bash | |
run: | | |
sudo apt update && sudo apt install -y --no-install-recommends libclang-dev clang | |
ghjk x install-ts | |
ghjk x install-website | |
ghjk x fetch-deno | |
# pre-resolve everything to disable resolutions | |
# changing the lockfile which would fail the hooks | |
ghjk p resolve | |
SKIP=ghjk-resolve pre-commit run --show-diff-on-failure --color=always --all-files | |
lint-compat: | |
needs: changes | |
if: ${{ needs.changes.outputs.full == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.tmate_enabled) }} | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
matrix: | |
include: | |
- os: macos-13 | |
target: x86_64-apple-darwin | |
cross: false | |
- os: macos-14 | |
target: aarch64-apple-darwin | |
cross: false | |
# FIXME: linux/arm64 needs arm runners | |
# this target doesn't have a meta-cli build anyways | |
# the typegate is covered by the docker build down below | |
# - os: custom-macos | |
# target: aarch64-unknown-linux-gnu | |
# cross: true | |
#- os: windows-latest | |
# activate: '.venv\Scripts\activate.bat' | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dsherret/rust-toolchain-file@v1 | |
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }} | |
name: Setup sccache secrets | |
run: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }} | |
uses: mozilla-actions/[email protected] | |
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc | |
with: | |
# temporary fix | |
cache-key-prefix: ${{ matrix.os }} | |
- if: ${{ matrix.cross }} | |
shell: bash | |
env: | |
# arguments for our custom cross.Dockerfile | |
CROSS_BUILD_OPTS: "--build-arg 'CROSS_TARGET=${{ matrix.target }}'" | |
run: | | |
cross check --locked --all-features --all-targets --target ${{ matrix.target }} | |
- if: ${{ matrix.cross != true }} | |
shell: bash | |
run: | | |
cargo check --locked --all-features --all-targets --target ${{ matrix.target }} | |
test-website: | |
needs: changes | |
if: ${{ needs.changes.outputs.website == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.tmate_enabled) }} | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# - name: Cache deno dir | |
# uses: actions/cache@v4 | |
# with: | |
# path: ${{ env.DENO_DIR }} | |
# key: deno-mac-${{ hashFiles('**/deno.lock') }} | |
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc | |
- name: Cache .venv dir | |
uses: actions/cache@v4 | |
with: | |
path: .venv | |
key: ${{ runner.os }}-venv-${{ hashFiles('**/poetry.lock', '.ghjk/lock.json') }} | |
- shell: bash | |
run: | | |
ghjk x install-py | |
source .venv/bin/activate | |
ghjk x install-website | |
ghjk x test-website | |
bulid-docker: | |
needs: changes | |
if: ${{ needs.changes.outputs.typegate == 'true' && !(github.event_name == 'workflow_dispatch' && inputs.tmate_enabled) }} | |
runs-on: ${{ matrix.runner }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- platform: linux/amd64 | |
runner: custom-ubuntu-large | |
- platform: linux/arm64 | |
runner: custom-arm | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: docker/setup-buildx-action@v3 | |
- uses: scherermichael-oss/action-has-permission@master | |
id: check | |
with: | |
required-permission: write | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- uses: docker/login-action@v3 | |
if: steps.check.outputs.has-permission | |
with: | |
registry: docker.io | |
username: zifeo | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Build with cache (internal) | |
uses: docker/build-push-action@v6 | |
if: steps.check.outputs.has-permission | |
with: | |
file: tools/Dockerfile | |
platforms: ${{ matrix.platform }} | |
push: false | |
cache-from: type=registry,ref=docker.io/zifeo/metatype-cache:ci | |
cache-to: type=registry,ref=docker.io/zifeo/metatype-cache:ci,mode=max | |
# check target runs extra validation steps in the Dockerfile | |
target: check | |
build-args: | | |
CARGO_PROFILE=dev | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
- name: Build without cache (external) | |
uses: docker/build-push-action@v6 | |
if: "! steps.check.outputs.has-permission" | |
with: | |
file: tools/Dockerfile | |
platforms: ${{ matrix.platform }} | |
push: false | |
cache-from: type=registry,ref=ghcr.io/${{ github.repository_owner }}/typegate:latest | |
build-args: | | |
CARGO_PROFILE=dev | |
GITHUB_TOKEN=${{ secrets.GITHUB_TOKEN }} | |
target: check | |
test-full: | |
needs: changes | |
if: ${{ needs.changes.outputs.full == 'true' }} | |
runs-on: | |
# - ubuntu-latest | |
- self-hosted # https://check-jsonschema.readthedocs.io/en/latest/faq.html#using-self-hosted-runners | |
- custom-ubuntu-large | |
timeout-minutes: 80 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup tmate session | |
if: ${{ github.event_name == 'workflow_dispatch' && inputs.tmate_enabled }} | |
uses: mxschmitt/action-tmate@v3 | |
with: | |
detached: true | |
- uses: dsherret/rust-toolchain-file@v1 | |
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }} | |
name: Setup sccache secrets | |
run: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }} | |
uses: mozilla-actions/[email protected] | |
# - name: Cache deno dir | |
# uses: actions/cache@v4 | |
# with: | |
# path: ${{ env.DENO_DIR }} | |
# key: deno-${{ hashFiles('**/deno.lock') }} | |
- name: Cache .venv dir | |
uses: actions/cache@v4 | |
with: | |
path: .venv | |
key: ${{ runner.os }}-venv-${{ hashFiles('**/poetry.lock', '.ghjk/lock.json') }} | |
# FIXME: the custom runner is missing some ambient items found in | |
# github runner images by default. remove this hack when ghjk handles | |
# zstd/bsdtar on it's own | |
- run: | | |
sudo apt update | |
sudo apt install -y --no-install-recommends zstd | |
- uses: metatypedev/setup-ghjk@318209a9d215f70716a4ac89dbeb9653a2deb8bc | |
with: | |
cache-disable: true | |
- shell: bash | |
run: | | |
# the big run | |
# we don't want bash sub shells to do ghjk_reload | |
# TODO: consider disabling ghjk_reload on non-interactive shells | |
# by default | |
unset BASH_ENV | |
ghjk x install-sys | bash | |
ghjk x install-py | |
ghjk x install-wasi-adapter | |
source .venv/bin/activate | |
# this doesn't publish it but only builds it | |
WASM_OPT=1 ghjk x build-tgraph-ts | |
# start the docker containers | |
ghjk x dev-compose base prisma grpc subredis | |
WASM_OPT=1 ghjk x build-tgraph | |
ghjk x install-ts | |
ghjk x fetch-deno | |
ghjk x dev update --cache-only | |
ghjk x test-rust | |
ghjk x test-e2e -- --coverage=coverage | |
# FIXME: required due to https://github.com/denoland/deno/issues/21621#issuecomment-1887870712 | |
deno cache --config src/typegate/deno.jsonc \ | |
src/typegate/src/main.ts \ | |
tests/utils/*.ts \ | |
tests/runtimes/wasm_wire/*.ts \ | |
tests/runtimes/wasm_reflected/*.ts \ | |
tests/runtimes/python/*.ts \ | |
tests/runtimes/substantial/common.ts \ | |
tests/e2e/self_deploy/self_deploy.ts \ | |
tests/metagen/typegraphs/metagen.ts \ | |
src/typegraph/deno/src/*.ts \ | |
tools/*.ts | |
deno --unstable-worker-options --unstable-net coverage ./coverage --lcov > coverage.lcov | |
# we need secrets for coverage so we skip if not avail | |
# this applies to dedpendabot PRs for example | |
- if: ${{ env.AWS_ACCESS_KEY_ID != '' }} | |
uses: codecov/codecov-action@v5 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
files: ./coverage.lcov | |
fail_ci_if_error: true |