Bump rustls form 0.21.7 to 0.21.11 #7558
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
- 'release/**' | |
paths-ignore: | |
- '**.md' | |
workflow_dispatch: | |
env: | |
CARGO_TERM_COLOR: always | |
RUST_BACKTRACE: 1 | |
MC_TELEMETRY: 0 | |
SKIP_SLOW_TESTS: 1 | |
SGX_MODE: SW | |
permissions: | |
checks: write | |
jobs: | |
build-dev: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Cargo build (SW) | |
shell: bash | |
run: cargo build --locked | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
build-prod: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Cargo build (HW) | |
env: | |
SGX_MODE: HW | |
shell: bash | |
run: cargo build --locked | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
build-and-test-wasm: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- name: Install wasm-pack | |
run: curl https://rustwasm.github.io/wasm-pack/installer/init.sh -sSf | sh | |
- name: Build and test the wasm-test crate | |
env: | |
SGX_MODE: HW | |
run: wasm-pack test --node wasm-test | |
lint-rust: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Run lint script | |
run: ./tools/lint.sh --check | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
build-and-test-go: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Build go | |
working-directory: go-grpc-gateway | |
shell: bash | |
run: ./install_tools.sh && ./build.sh | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
- name: Lint Go code | |
working-directory: go-grpc-gateway | |
shell: bash | |
run: ./lint.sh | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
- name: Build rust testing stub | |
working-directory: go-grpc-gateway/testing | |
shell: bash | |
run: cargo build --locked | |
- name: Run curl test | |
working-directory: go-grpc-gateway | |
shell: bash | |
run: ./test.sh | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
docs: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Generate docs | |
shell: bash | |
run: cargo doc --no-deps && tar -C target -czvf /tmp/doc.tgz doc/ | |
- name: Store docs | |
uses: mobilecoinofficial/gh-actions/upload-artifact@v0 | |
with: | |
name: doc.tgz | |
path: /tmp/doc.tgz | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
mc-tests: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
strategy: | |
matrix: | |
num_runners: [2] | |
runner_index: [1, 2] | |
# Run each shard to completion. | |
fail-fast: false | |
env: | |
NUM_RUNNERS: ${{ matrix.num_runners }} | |
RUNNER_INDEX: ${{ matrix.runner_index }} | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: List packages to test\ | |
shell: bash | |
run: | | |
cargo metadata --no-deps --format-version=1 | jq -r '.packages[].name' | \ | |
grep -v -e mc-fog -e mc-consensus | \ | |
awk "{ print \"-p \" \$1 }" | \ | |
sort > /tmp/test-packages | |
split -n "l/$RUNNER_INDEX/$NUM_RUNNERS" /tmp/test-packages | \ | |
tee /tmp/mc-test-packages | |
# Hack: mc-util-sample-ledger needs mc-util-keyfile bins. | |
# TODO: Replace with artifact deps when that does not require | |
# additional cargo flags. | |
if grep -q generate-sample-ledger /tmp/mc-test-packages | |
then | |
echo '-p mc-util-keyfile' >> /tmp/mc-test-packages | |
fi | |
- name: Run tests | |
uses: ./.github/actions/run-mc-tests | |
with: | |
args: $(cat /tmp/mc-test-packages) | |
junit_artifact: junit-mc-tests-${{matrix.runner_index}} | |
consensus-tests: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
strategy: | |
matrix: | |
num_runners: [2] | |
runner_index: [1, 2] | |
# Run each shard to completion. | |
fail-fast: false | |
env: | |
NUM_RUNNERS: ${{ matrix.num_runners }} | |
RUNNER_INDEX: ${{ matrix.runner_index }} | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: List packages to test | |
shell: bash | |
run: | | |
cargo metadata --no-deps --format-version=1 | jq -r '.packages[].name' | \ | |
awk "/mc-consensus/ { print \"-p \" \$1 }" | \ | |
sort > /tmp/test-packages | |
split -n "l/$RUNNER_INDEX/$NUM_RUNNERS" /tmp/test-packages | \ | |
tee /tmp/consensus-test-packages | |
- name: Run tests | |
uses: ./.github/actions/run-mc-tests | |
with: | |
args: $(cat /tmp/consensus-test-packages) | |
junit_artifact: junit-consensus-tests-${{matrix.runner_index}} | |
fog-tests: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
strategy: | |
matrix: | |
num_runners: [4] | |
runner_index: [1, 2, 3, 4] | |
# Run each shard to completion. | |
fail-fast: false | |
env: | |
NUM_RUNNERS: ${{ matrix.num_runners }} | |
RUNNER_INDEX: ${{ matrix.runner_index }} | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_HOST_AUTH_METHOD: trust | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: List packages to test | |
shell: bash | |
run: | | |
cargo metadata --no-deps --format-version=1 | jq -r '.packages[].name' | \ | |
awk "/mc-fog/ { print \"-p \" \$1 }" | \ | |
grep -v mc-fog-ingest | \ | |
sort > /tmp/test-packages | |
split -n "l/$RUNNER_INDEX/$NUM_RUNNERS" /tmp/test-packages | \ | |
tee /tmp/fog-test-packages | |
# Hack: mc-fog-distribution needs bins from | |
# mc-util-{keyfile,generate-sample-ledger}. | |
# TODO: Replace with artifact deps when that does not require | |
# additional cargo flags. | |
if grep -q fog-distribution /tmp/fog-test-packages | |
then | |
echo '-p mc-util-keyfile -p mc-util-generate-sample-ledger' >> /tmp/fog-test-packages | |
fi | |
- name: Run tests | |
uses: ./.github/actions/run-mc-tests | |
with: | |
args: $(cat /tmp/fog-test-packages) | |
junit_artifact: junit-fog-tests-${{matrix.runner_index}} | |
env: | |
# TEST_DATABASE_URL points at the server, as Fog recovery DB tests | |
# create and drop PG databases. | |
TEST_DATABASE_URL: postgres://postgres@postgres | |
fog-ingest-tests: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_HOST_AUTH_METHOD: trust | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Run tests | |
uses: ./.github/actions/run-mc-tests | |
with: | |
# These tests time out without release mode. | |
args: -p 'mc-fog-ingest-*' --release | |
junit_artifact: junit-fog-ingest-tests | |
env: | |
# TEST_DATABASE_URL points at the server, as Fog recovery DB tests | |
# create and drop PG databases. | |
TEST_DATABASE_URL: postgres://postgres@postgres | |
fog-conformance-tests: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_HOST_AUTH_METHOD: trust | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3' | |
- name: Set up environment | |
working-directory: tools/fog-local-network | |
shell: bash | |
run: | | |
python3 -m venv env | |
. ./env/bin/activate | |
pip install --upgrade pip | |
pip install -r requirements.txt | |
./build.sh | |
- name: fog_conformance_tests.py | |
working-directory: tools/fog-local-network | |
env: | |
PGHOST: postgres | |
PGUSER: postgres | |
shell: bash | |
run: | | |
. /opt/intel/sgxsdk/environment | |
. ./env/bin/activate | |
python3 fog_conformance_tests.py --release | |
- name: Upload core dumps | |
uses: ./.github/actions/upload-core-dumps | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
# An end to end test to ensure minting works and that the fog local | |
# network script continues to work. | |
# This test has more than one purpose, due to the time it takes to generate | |
# sample keys and sample ledger | |
minting-and-burning-tests: | |
runs-on: mcf-dev-large-x64 | |
container: mobilecoin/builder-install:v0.0.36 | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_HOST_AUTH_METHOD: trust | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
steps: | |
- name: Check out code | |
uses: mobilecoinofficial/gh-actions/checkout@v0 | |
- name: Setup Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3' | |
- name: Build and generate sample data | |
shell: bash | |
run: | | |
. /opt/intel/sgxsdk/environment | |
# Generate enclave signing key | |
openssl genrsa -out Enclave_private.pem -3 3072 | |
export CONSENSUS_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem" | |
export INGEST_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem" | |
export LEDGER_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem" | |
export VIEW_ENCLAVE_PRIVKEY="$PWD/Enclave_private.pem" | |
export MC_LOG=debug | |
# Build binaries | |
cargo build \ | |
-p mc-admin-http-gateway \ | |
-p mc-consensus-mint-client \ | |
-p mc-consensus-service \ | |
-p mc-consensus-tool \ | |
-p mc-crypto-x509-test-vectors \ | |
-p mc-fog-distribution \ | |
-p mc-fog-ingest-client \ | |
-p mc-fog-ingest-server \ | |
-p mc-fog-ledger-server \ | |
-p mc-fog-report-server \ | |
-p mc-fog-sql-recovery-db \ | |
-p mc-fog-test-client \ | |
-p mc-fog-view-server \ | |
-p mc-ledger-distribution \ | |
-p mc-mobilecoind \ | |
-p mc-mobilecoind-dev-faucet \ | |
-p mc-util-generate-sample-ledger \ | |
-p mc-util-grpc-admin-tool \ | |
-p mc-util-keyfile \ | |
-p mc-util-seeded-ed25519-key-gen \ | |
--release | |
BIN_DIR="$PWD/target/release" | |
# Run in temp dir to appease check-dirty-git. | |
mkdir -p /tmp/fog-local-network | |
cd /tmp/fog-local-network || exit 1 | |
# Generate sample keys and ledger. | |
FOG_AUTHORITY_ROOT=$("$BIN_DIR/mc-crypto-x509-test-vectors" --type=chain --test-name=ok_rsa_head) | |
"$BIN_DIR/sample-keys" --num 10 --seed=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA | |
"$BIN_DIR/generate-sample-ledger" --txs 100 | |
# Generate sample Fog keys. | |
"$BIN_DIR/sample-keys" --num 4 --output-dir fog_keys --fog-report-url 'insecure-fog://localhost:6200' --fog-authority-root "$FOG_AUTHORITY_ROOT" | |
- name: Run local network | |
env: | |
PGHOST: postgres | |
PGUSER: postgres | |
shell: bash | |
run: | | |
BIN_DIR="$PWD/target/release" | |
SCRIPT_DIR="$PWD/tools/fog-local-network" | |
STRATEGIES_DIR="$PWD/mobilecoind/strategies" | |
export MC_CHAIN_ID="local" | |
export MC_LOG=info | |
# This is needed since we want to capture the output of mc-consensus-tool, and we can't have the | |
# logs getting in the way. | |
export MC_LOG_STDERR=1 | |
# Used by mc-consensus-tool | |
export MC_PEER="insecure-mc://localhost:3200/,insecure-mc://localhost:3201/,insecure-mc://localhost:3202/,insecure-mc://localhost:3203/,insecure-mc://localhost:3204/" | |
cd /tmp/fog-local-network | |
export LEDGER_BASE="$PWD/ledger" | |
# Run local network in background. | |
MC_LOG="info,rustls=warn,hyper=warn,tokio_reactor=warn,mio=warn,want=warn,rusoto_core=error,h2=error,reqwest=error,rocket=error,<unknown>=error" \ | |
python3 "$SCRIPT_DIR/fog_local_network.py" --network-type dense5 --skip-build & | |
# Give it time to spin up | |
for PORT in 3200 3201 3202 3203 3204 4444; do | |
for _unused in $(seq 0 60); do | |
if ss -l | grep -q ":$PORT"; then break; else sleep 1; fi; | |
done | |
done | |
PRE_AUTH_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet) | |
# Authorize minters | |
echo "Authorizing minters" | |
python3 "$SCRIPT_DIR/../local-network/authorize-minters.py" | |
echo "Waiting for quiet after authorizing minters..." | |
PRE_MINT_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet --beyond-block="$PRE_AUTH_BLOCK_INDEX") | |
echo "Done waiting, PRE_MINT_BLOCK_INDEX=${PRE_MINT_BLOCK_INDEX}" | |
# Mint 1 million token1's to the first 4 accounts | |
echo "Minting" | |
for ACCOUNT_NUM in $(seq 0 3); do | |
"$BIN_DIR/mc-consensus-mint-client" \ | |
generate-and-submit-mint-tx \ | |
--node insecure-mc://localhost:3200/ \ | |
--signing-key "$BIN_DIR/mc-local-network/minting-keys/minter1" \ | |
--recipient "$(cat "keys/account_keys_${ACCOUNT_NUM}.b58pub")" \ | |
--token-id 1 \ | |
--amount 1000000 | |
done | |
echo "Waiting for quiet after minting" | |
POST_MINT_BLOCK_INDEX=$("$BIN_DIR/mc-consensus-tool" wait-for-quiet --beyond-block "$PRE_MINT_BLOCK_INDEX") | |
echo "Done waiting, POST_MINT_BLOCK_INDEX = ${POST_MINT_BLOCK_INDEX}" | |
# Use burn.py to burn some token1 | |
cd "$STRATEGIES_DIR" || exit 1 | |
./compile_proto.sh | |
python3 burn.py \ | |
--mobilecoind-host localhost \ | |
--mobilecoind-port 4444 \ | |
--key "$LEDGER_BASE/../keys/account_keys_2.json" \ | |
--value 550000 \ | |
--token-id 1 \ | |
--fee 10000 \ | |
--burn-redemption-memo "0xf43f5e8C04519efE0f54d7eBAEab20E86b235114" | |
- name: Upload core dumps | |
uses: ./.github/actions/upload-core-dumps | |
- name: Check dirty git | |
uses: ./.github/actions/check-dirty-git | |
publish-test-results: | |
runs-on: mcf-dev-small-x64 | |
if: success() || failure() | |
needs: | |
- mc-tests | |
- consensus-tests | |
- fog-tests | |
- fog-ingest-tests | |
steps: | |
- name: Download XML reports | |
if: success() || failure() | |
uses: actions/download-artifact@v4 | |
- name: Publish Test Report | |
if: success() || failure() | |
uses: mikepenz/action-junit-report@v4 | |
with: | |
check_name: Test Report | |
report_paths: '**/*.xml' | |
# via https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#example-only-cancel-in-progress-jobs-or-runs-for-the-current-workflow | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true |