Use expiration policy #11226
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: [ opened, synchronize, reopened, labeled, unlabeled ] | |
release: | |
types: [ published ] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
GIT_BRANCH: ${{ github.head_ref || github.ref_name }} | |
GIT_REPO_OWNER: ${{ github.repository_owner }} | |
GIT_REPO: ${{ github.repository }} | |
GIT_REPO_NAME: ${{ github.event.repository.name }} | |
AWS_ROLE_ARN: arn:aws:iam::024848458133:role/github_oidc_FuelLabs_fuel-core | |
AWS_ECR_ORG: fuellabs | |
CARGO_TERM_COLOR: always | |
RUST_VERSION: 1.81.0 | |
RUST_VERSION_FMT: nightly-2023-10-29 | |
RUST_VERSION_COV: nightly-2024-06-05 | |
RUSTFLAGS: -D warnings | |
REGISTRY: ghcr.io | |
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2 | |
jobs: | |
check-changelog: | |
name: Check Changelog | |
runs-on: ubuntu-latest | |
steps: | |
- uses: tarides/changelog-check-action@v2 | |
with: | |
changelog: CHANGELOG.md | |
rustfmt: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install latest nightly | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION_FMT }} | |
components: rustfmt | |
- name: Rustfmt check | |
run: cargo +${{ env.RUST_VERSION_FMT }} fmt --all -- --check | |
lint-toml-files: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: setup binstall | |
uses: taiki-e/install-action@cargo-binstall | |
- name: Install Cargo.toml linter | |
run: cargo binstall --no-confirm cargo-sort | |
- name: Run Cargo.toml sort check | |
run: cargo sort -w --check | |
- name: Install Prettier and TOML Plugin | |
run: | | |
# prettier has issues with global installation and plugin discovery. The temporary `package.json` created by `npm init -y` is a workaround. | |
npm init -y > /dev/null 2>&1 | |
npm install prettier prettier-plugin-toml | |
- name: Check format of Cargo.toml files | |
run: | | |
if ! npx prettier --check "**/Cargo.toml"; then | |
npx prettier --write "**/Cargo.toml" > /dev/null 2>&1 | |
echo "Changes required:" | |
git --no-pager diff | |
exit 1 | |
fi | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
prevent-openssl: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v4 | |
# ensure openssl hasn't crept into the dep tree | |
- name: Check if openssl is included | |
run: ./.github/workflows/scripts/verify_openssl.sh | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
cargo-verifications: | |
needs: | |
- lint-toml-files | |
- prevent-openssl | |
- rustfmt | |
- check-changelog | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
env: | |
RUSTFLAGS: -D warnings | |
strategy: | |
matrix: | |
include: | |
- command: clippy | |
args: -p fuel-core-wasm-executor --target wasm32-unknown-unknown --no-default-features | |
- command: clippy | |
args: --all-targets --all-features | |
- command: check | |
args: --all-targets | |
- command: doc | |
args: --all-features --workspace --no-deps | |
- command: make | |
args: check --locked | |
- command: nextest | |
args: run --workspace | |
- command: nextest | |
args: run --all-features --workspace | |
- command: nextest | |
args: run -p fuel-core --no-default-features | |
- command: nextest | |
args: run -p fuel-core --lib executor --features wasm-executor | |
env: | |
FUEL_ALWAYS_USE_WASM=true | |
- command: nextest | |
args: run -p fuel-core-client --no-default-features | |
- command: nextest | |
args: run -p fuel-core-chain-config --no-default-features | |
# Don't split this command; this is a workaround. | |
# We need to run `cargo check` first to fetch the locked dependencies | |
# for `fuel-core 0.26.0`(because of the bug with `--offline` | |
# and `--locked` when we build `fuel-core-wasm-executor 0.26.0`). | |
- command: check | |
args: --manifest-path version-compatibility/Cargo.toml --workspace && cargo test --manifest-path version-compatibility/Cargo.toml --workspace | |
- command: build | |
args: -p fuel-core-bin --no-default-features --features production | |
# WASM compatibility checks | |
- command: check | |
args: -p fuel-core-types --target wasm32-unknown-unknown --no-default-features --features alloc | |
- command: check | |
args: -p fuel-core-storage --target wasm32-unknown-unknown --no-default-features --features alloc | |
- command: check | |
args: -p fuel-core-client --target wasm32-unknown-unknown --no-default-features | |
- command: check | |
args: -p fuel-core-chain-config --target wasm32-unknown-unknown --no-default-features | |
- command: check | |
args: -p fuel-core-executor --target wasm32-unknown-unknown --no-default-features --features alloc | |
fail-fast: false | |
# disallow any job that takes longer than 45 minutes | |
timeout-minutes: 45 | |
continue-on-error: ${{ matrix.skip-error || false }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: "wasm32-unknown-unknown" | |
components: "clippy" | |
- name: Install Cargo Make | |
uses: davidB/rust-cargo-make@v1 | |
with: | |
version: "0.36.4" | |
- uses: rui314/setup-mold@v1 | |
- uses: buildjet/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ matrix.command }}-${{ matrix.args }}-${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- uses: actions-rs/cargo@v1 | |
if: ${{ matrix.command == 'nextest' }} | |
with: | |
command: install | |
args: cargo-nextest --locked | |
continue-on-error: true | |
- name: ${{ matrix.command }} ${{ matrix.args }} | |
run: ${{ matrix.env }} cargo ${{ matrix.command }} ${{ matrix.args }} | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-crates-check: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: "wasm32-unknown-unknown" | |
- name: Publish crate check | |
uses: FuelLabs/publish-crates@v1 | |
with: | |
dry-run: true | |
check-repo: false | |
ignore-unpublished-changes: true | |
cargo-test-kms: | |
if: github.event.repository.fork == false | |
needs: | |
- rustfmt | |
- check-changelog | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
env: | |
RUSTFLAGS: -D warnings | |
FUEL_CORE_TEST_AWS_KMS_ARN: "arn:aws:kms:us-east-1:249945542445:key/mrk-e13c7118ce544f7da66294f6e87c8790" | |
timeout-minutes: 45 | |
permissions: | |
contents: read | |
id-token: write | |
steps: | |
- name: Configure AWS credentials for integration testing | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
role-to-assume: arn:aws:iam::249945542445:role/github_oidc_FuelLabs_fuel-core | |
aws-region: us-east-1 | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- uses: rui314/setup-mold@v1 | |
- uses: buildjet/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: cargo-test-kms-${{ hashFiles('**/Cargo.lock') }} | |
- name: Run integration tests for kms only | |
run: cargo test -p fuel-core-tests --features aws-kms -- kms | |
verifications-complete: | |
needs: | |
- cargo-verifications | |
- publish-crates-check | |
- cargo-test-kms | |
runs-on: ubuntu-latest | |
steps: | |
- run: echo "pass" | |
verify-tag-version: | |
# Only do this job if publishing a release | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Verify tag version | |
run: | | |
# TODO: Automate running `verify_tag` only for "publish = true" crates | |
curl -sSLf "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -L -o dasel && chmod +x dasel | |
mv ./dasel /usr/local/bin/dasel | |
./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml | |
publish-crates: | |
# Only do this job if publishing a release | |
needs: | |
- verify-tag-version | |
- verifications-complete | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Install toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: "wasm32-unknown-unknown" | |
- name: Publish crate | |
uses: FuelLabs/publish-crates@v1 | |
with: | |
publish-delay: 60000 | |
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-fuel-core-binary: | |
name: Release fuel-core binaries | |
runs-on: ${{ matrix.job.os }} | |
# Only do this job if publishing a release | |
needs: | |
- verify-tag-version | |
- verifications-complete | |
if: github.event_name == 'release' && github.event.action == 'published' | |
continue-on-error: true | |
strategy: | |
fail-fast: false | |
matrix: | |
job: | |
- os: buildjet-4vcpu-ubuntu-2204 | |
platform: linux | |
target: x86_64-unknown-linux-gnu | |
cross_image: x86_64-linux-gnu | |
- os: buildjet-4vcpu-ubuntu-2204 | |
platform: linux-arm | |
target: aarch64-unknown-linux-gnu | |
cross_image: aarch64-linux-gnu | |
- os: macos-latest | |
platform: darwin | |
target: x86_64-apple-darwin | |
- os: macos-latest | |
platform: darwin-arm | |
target: aarch64-apple-darwin | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
if: matrix.job.cross_image | |
uses: docker/setup-buildx-action@v1 | |
- name: Log in to the ghcr.io registry | |
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Setup custom cross env ${{ matrix.job.cross_image }} | |
if: matrix.job.cross_image | |
uses: docker/build-push-action@v2 | |
with: | |
context: ci | |
file: ci/Dockerfile.${{ matrix.job.target }}-clang | |
tags: ${{ matrix.job.cross_image }}:latest | |
load: true | |
cache-from: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest | |
cache-to: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest,mode=max | |
- name: Install packages (macOS) | |
if: matrix.job.os == 'macos-latest' | |
run: | | |
ci/macos-install-packages.sh | |
- name: Install toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
target: ${{ matrix.job.target }},"wasm32-unknown-unknown" | |
- name: Install cross | |
uses: baptiste0928/cargo-install@v1 | |
with: | |
crate: cross | |
cache-key: '${{ matrix.job.target }}' | |
- name: Build fuel-core and fuel-core-keygen | |
run: | | |
cross build --profile=release --target ${{ matrix.job.target }} --no-default-features --features "production" -p fuel-core-bin | |
cross build --profile=release --target ${{ matrix.job.target }} -p fuel-core-keygen-bin | |
- name: Strip release binary linux x86_64 | |
if: matrix.job.platform == 'linux' | |
run: | | |
strip "target/${{ matrix.job.target }}/release/fuel-core" | |
strip "target/${{ matrix.job.target }}/release/fuel-core-keygen" | |
- name: Strip release binary aarch64-linux-gnu | |
if: matrix.job.target == 'aarch64-unknown-linux-gnu' | |
run: | | |
docker run --rm -v \ | |
"$PWD/target:/target:Z" \ | |
aarch64-linux-gnu:latest \ | |
aarch64-linux-gnu-strip \ | |
/target/aarch64-unknown-linux-gnu/release/fuel-core | |
docker run --rm -v \ | |
"$PWD/target:/target:Z" \ | |
aarch64-linux-gnu:latest \ | |
aarch64-linux-gnu-strip \ | |
/target/aarch64-unknown-linux-gnu/release/fuel-core-keygen | |
- name: Strip release binary mac | |
if: matrix.job.os == 'macos-latest' | |
run: | | |
strip -x "target/${{ matrix.job.target }}/release/fuel-core" | |
strip -x "target/${{ matrix.job.target }}/release/fuel-core-keygen" | |
- name: Prepare Binary Artifact | |
env: | |
PLATFORM_NAME: ${{ matrix.job.platform }} | |
TARGET: ${{ matrix.job.target }} | |
run: | | |
# trim refs/tags/ prefix | |
FUEL_CORE_VERSION="${GITHUB_REF#refs/tags/}" | |
# optionally trim v from tag prefix | |
FUEL_CORE_VERSION="${FUEL_CORE_VERSION#v}" | |
echo "version is: $FUEL_CORE_VERSION" | |
# setup artifact filename | |
ARTIFACT="fuel-core-$FUEL_CORE_VERSION-${{ env.TARGET }}" | |
ZIP_FILE_NAME="$ARTIFACT.tar.gz" | |
echo "ZIP_FILE_NAME=$ZIP_FILE_NAME" >> $GITHUB_ENV | |
# create zip file | |
mkdir -pv "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core" "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core-keygen" "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core-upgradable-executor-cache/wasm32-unknown-unknown/release/fuel-core-wasm-executor.wasm" "$ARTIFACT" | |
tar -czvf "$ZIP_FILE_NAME" "$ARTIFACT" | |
- name: Upload Binary Artifact | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./${{ env.ZIP_FILE_NAME }} | |
asset_name: ${{ env.ZIP_FILE_NAME }} | |
asset_content_type: application/gzip | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') && matrix.job.os != 'macos-latest' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
cargo-audit: | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions-rs/audit-check@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} |