Skip to content

Use expiration policy #11620

Use expiration policy

Use expiration policy #11620

Workflow file for this run

name: CI
on:
workflow_dispatch:
push:
branches:
- master
pull_request:
types: [ opened, synchronize, reopened, labeled, unlabeled ]
release:
types: [ published ]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
GIT_BRANCH: ${{ github.head_ref || github.ref_name }}
GIT_REPO_OWNER: ${{ github.repository_owner }}
GIT_REPO: ${{ github.repository }}
GIT_REPO_NAME: ${{ github.event.repository.name }}
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core
AWS_ECR_ORG: fuellabs
CARGO_TERM_COLOR: always
RUST_VERSION: 1.81.0
RUST_VERSION_FMT: nightly-2023-10-29
RUST_VERSION_COV: nightly-2024-06-05
RUSTFLAGS: -D warnings
REGISTRY: ghcr.io
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
jobs:
check-changelog:
name: Check Changelog
runs-on: ubuntu-latest
steps:
- uses: tarides/changelog-check-action@v2
with:
changelog: CHANGELOG.md
rustfmt:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- uses: actions/checkout@v4
- name: Install latest nightly
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION_FMT }}
components: rustfmt
- name: Rustfmt check
run: cargo +${{ env.RUST_VERSION_FMT }} fmt --all -- --check
lint-toml-files:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- name: setup binstall
uses: taiki-e/install-action@cargo-binstall
- name: Install Cargo.toml linter
run: cargo binstall --no-confirm cargo-sort
- name: Run Cargo.toml sort check
run: cargo sort -w --check
- name: Install Prettier and TOML Plugin
run: |
# prettier has issues with global installation and plugin discovery. The temporary `package.json` created by `npm init -y` is a workaround.
npm init -y > /dev/null 2>&1
npm install prettier prettier-plugin-toml
- name: Check format of Cargo.toml files
run: |
if ! npx prettier --check "**/Cargo.toml"; then
npx prettier --write "**/Cargo.toml" > /dev/null 2>&1
echo "Changes required:"
git --no-pager diff
exit 1
fi
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && github.ref == 'refs/heads/master'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
prevent-openssl:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- uses: actions/checkout@v4
# ensure openssl hasn't crept into the dep tree
- name: Check if openssl is included
run: ./.github/workflows/scripts/verify_openssl.sh
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && github.ref == 'refs/heads/master'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
cargo-verifications:
needs:
- lint-toml-files
- prevent-openssl
- rustfmt
- check-changelog
runs-on: buildjet-4vcpu-ubuntu-2204
env:
RUSTFLAGS: -D warnings
strategy:
matrix:
include:
- command: clippy
args: -p fuel-core-wasm-executor --target wasm32-unknown-unknown --no-default-features
- command: clippy
args: --all-targets --all-features
- command: check
args: --all-targets
- command: doc
args: --all-features --workspace --no-deps
- command: make
args: check --locked
- command: nextest
args: run --workspace
- command: nextest
args: run --all-features --workspace
- command: nextest
args: run -p fuel-core --no-default-features
- command: nextest
args: run -p fuel-core --lib executor --features wasm-executor
env:
FUEL_ALWAYS_USE_WASM=true
- command: nextest
args: run -p fuel-core-client --no-default-features
- command: nextest
args: run -p fuel-core-chain-config --no-default-features
# Don't split this command; this is a workaround.
# We need to run `cargo check` first to fetch the locked dependencies
# for `fuel-core 0.26.0`(because of the bug with `--offline`
# and `--locked` when we build `fuel-core-wasm-executor 0.26.0`).
- command: check
args: --manifest-path version-compatibility/Cargo.toml --workspace && cargo test --manifest-path version-compatibility/Cargo.toml --workspace
- command: build
args: -p fuel-core-bin --no-default-features --features production
# WASM compatibility checks
- command: check
args: -p fuel-core-types --target wasm32-unknown-unknown --no-default-features --features alloc
- command: check
args: -p fuel-core-storage --target wasm32-unknown-unknown --no-default-features --features alloc
- command: check
args: -p fuel-core-client --target wasm32-unknown-unknown --no-default-features
- command: check
args: -p fuel-core-chain-config --target wasm32-unknown-unknown --no-default-features
- command: check
args: -p fuel-core-executor --target wasm32-unknown-unknown --no-default-features --features alloc
fail-fast: false
# disallow any job that takes longer than 45 minutes
timeout-minutes: 45
continue-on-error: ${{ matrix.skip-error || false }}
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
targets: "wasm32-unknown-unknown"
components: "clippy"
- name: Install Cargo Make
uses: davidB/rust-cargo-make@v1
with:
version: "0.36.4"
- uses: rui314/setup-mold@v1
- uses: buildjet/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ matrix.command }}-${{ matrix.args }}-${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- uses: actions-rs/cargo@v1
if: ${{ matrix.command == 'nextest' }}
with:
command: install
args: cargo-nextest --locked
continue-on-error: true
- name: ${{ matrix.command }} ${{ matrix.args }}
run: ${{ matrix.env }} cargo ${{ matrix.command }} ${{ matrix.args }}
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && github.ref == 'refs/heads/master'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
publish-crates-check:
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- name: Checkout repository
uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
targets: "wasm32-unknown-unknown"
- name: Publish crate check
uses: FuelLabs/publish-crates@v1
with:
dry-run: true
check-repo: false
ignore-unpublished-changes: true
cargo-test-kms:
if: github.event.repository.fork == false
needs:
- rustfmt
- check-changelog
runs-on: buildjet-4vcpu-ubuntu-2204
env:
RUSTFLAGS: -D warnings
FUEL_CORE_TEST_AWS_KMS_ARN: "arn:aws:kms:us-east-1:249945542445:key/mrk-e13c7118ce544f7da66294f6e87c8790"
timeout-minutes: 45
permissions:
contents: read
id-token: write
steps:
- name: Configure AWS credentials for integration testing
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::249945542445:role/github_oidc_FuelLabs_fuel-core
aws-region: us-east-1
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
- uses: rui314/setup-mold@v1
- uses: buildjet/cache@v3
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: cargo-test-kms-${{ hashFiles('**/Cargo.lock') }}
- name: Run integration tests for kms only
run: cargo test -p fuel-core-tests --features aws-kms -- kms
verifications-complete:
needs:
- cargo-verifications
- publish-crates-check
- cargo-test-kms
runs-on: ubuntu-latest
steps:
- run: echo "pass"
verify-tag-version:
# Only do this job if publishing a release
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Verify tag version
run: |
# TODO: Automate running `verify_tag` only for "publish = true" crates
curl -sSLf "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -L -o dasel && chmod +x dasel
mv ./dasel /usr/local/bin/dasel
./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml
publish-crates:
# Only do this job if publishing a release
needs:
- verify-tag-version
- verifications-complete
if: github.event_name == 'release' && github.event.action == 'published'
runs-on: buildjet-4vcpu-ubuntu-2204
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Install toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
targets: "wasm32-unknown-unknown"
- name: Publish crate
uses: FuelLabs/publish-crates@v1
with:
publish-delay: 60000
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }}
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always()
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
publish-fuel-core-binary:
name: Release fuel-core binaries
runs-on: ${{ matrix.job.os }}
# Only do this job if publishing a release
needs:
- verify-tag-version
- verifications-complete
if: github.event_name == 'release' && github.event.action == 'published'
continue-on-error: true
strategy:
fail-fast: false
matrix:
job:
- os: buildjet-4vcpu-ubuntu-2204
platform: linux
target: x86_64-unknown-linux-gnu
cross_image: x86_64-linux-gnu
- os: buildjet-4vcpu-ubuntu-2204
platform: linux-arm
target: aarch64-unknown-linux-gnu
cross_image: aarch64-linux-gnu
- os: macos-latest
platform: darwin
target: x86_64-apple-darwin
- os: macos-latest
platform: darwin-arm
target: aarch64-apple-darwin
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Set up Docker Buildx
if: matrix.job.cross_image
uses: docker/setup-buildx-action@v1
- name: Log in to the ghcr.io registry
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204'
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Log in to the docker.io registry
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204'
uses: docker/login-action@v2
with:
username: fuellabs
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }}
- name: Setup custom cross env ${{ matrix.job.cross_image }}
if: matrix.job.cross_image
uses: docker/build-push-action@v2
with:
context: ci
file: ci/Dockerfile.${{ matrix.job.target }}-clang
tags: ${{ matrix.job.cross_image }}:latest
load: true
cache-from: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest
cache-to: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest,mode=max
- name: Install packages (macOS)
if: matrix.job.os == 'macos-latest'
run: |
ci/macos-install-packages.sh
- name: Install toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ env.RUST_VERSION }}
target: ${{ matrix.job.target }},"wasm32-unknown-unknown"
- name: Install cross
uses: baptiste0928/cargo-install@v1
with:
crate: cross
cache-key: '${{ matrix.job.target }}'
- name: Build fuel-core and fuel-core-keygen
run: |
cross build --profile=release --target ${{ matrix.job.target }} --no-default-features --features "production" -p fuel-core-bin
cross build --profile=release --target ${{ matrix.job.target }} -p fuel-core-keygen-bin
- name: Strip release binary linux x86_64
if: matrix.job.platform == 'linux'
run: |
strip "target/${{ matrix.job.target }}/release/fuel-core"
strip "target/${{ matrix.job.target }}/release/fuel-core-keygen"
- name: Strip release binary aarch64-linux-gnu
if: matrix.job.target == 'aarch64-unknown-linux-gnu'
run: |
docker run --rm -v \
"$PWD/target:/target:Z" \
aarch64-linux-gnu:latest \
aarch64-linux-gnu-strip \
/target/aarch64-unknown-linux-gnu/release/fuel-core
docker run --rm -v \
"$PWD/target:/target:Z" \
aarch64-linux-gnu:latest \
aarch64-linux-gnu-strip \
/target/aarch64-unknown-linux-gnu/release/fuel-core-keygen
- name: Strip release binary mac
if: matrix.job.os == 'macos-latest'
run: |
strip -x "target/${{ matrix.job.target }}/release/fuel-core"
strip -x "target/${{ matrix.job.target }}/release/fuel-core-keygen"
- name: Prepare Binary Artifact
env:
PLATFORM_NAME: ${{ matrix.job.platform }}
TARGET: ${{ matrix.job.target }}
run: |
# trim refs/tags/ prefix
FUEL_CORE_VERSION="${GITHUB_REF#refs/tags/}"
# optionally trim v from tag prefix
FUEL_CORE_VERSION="${FUEL_CORE_VERSION#v}"
echo "version is: $FUEL_CORE_VERSION"
# setup artifact filename
ARTIFACT="fuel-core-$FUEL_CORE_VERSION-${{ env.TARGET }}"
ZIP_FILE_NAME="$ARTIFACT.tar.gz"
echo "ZIP_FILE_NAME=$ZIP_FILE_NAME" >> $GITHUB_ENV
# create zip file
mkdir -pv "$ARTIFACT"
cp "target/${{ matrix.job.target }}/release/fuel-core" "$ARTIFACT"
cp "target/${{ matrix.job.target }}/release/fuel-core-keygen" "$ARTIFACT"
cp "target/${{ matrix.job.target }}/release/fuel-core-upgradable-executor-cache/wasm32-unknown-unknown/release/fuel-core-wasm-executor.wasm" "$ARTIFACT"
tar -czvf "$ZIP_FILE_NAME" "$ARTIFACT"
- name: Upload Binary Artifact
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ github.token }}
with:
upload_url: ${{ github.event.release.upload_url }}
asset_path: ./${{ env.ZIP_FILE_NAME }}
asset_name: ${{ env.ZIP_FILE_NAME }}
asset_content_type: application/gzip
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') && matrix.job.os != 'macos-latest'
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }}
cargo-audit:
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}