exposesecret: a way to back up the hsm_secret via rpc (if enabled!) #11016
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Continuous Integration | |
on: | |
push: | |
branches: | |
- "master" | |
pull_request: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
# Makes the upload-artifact work more reliably at the cost | |
# of a bit of compile time. | |
RUST_PROFILE: release | |
SLOW_MACHINE: 1 | |
CI_SERVER_URL: "http://35.239.136.52:3170" | |
jobs: | |
prebuild: | |
name: Pre-build checks | |
runs-on: ubuntu-20.04 | |
timeout-minutes: 30 | |
env: | |
BOLTDIR: bolts | |
strategy: | |
fail-fast: true | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- name: Rebase | |
# We can't rebase if we're on master already. | |
if: github.ref != 'refs/heads/master' | |
run: | | |
git config user.name github-actions | |
git config user.email github-actions@github.com | |
git fetch origin ${{ github.base_ref }} | |
git rebase origin/${{ github.base_ref }} | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
bash -x .github/scripts/setup.sh | |
pip install -U pip wheel poetry | |
# Export and then use pip to install into the current env | |
poetry export -o /tmp/requirements.txt --without-hashes --with dev | |
pip install -r /tmp/requirements.txt | |
# We're going to check BOLT quotes, so get the latest version | |
git clone https://github.com/lightning/bolts.git ../${BOLTDIR} | |
- name: Configure | |
run: ./configure --enable-debugbuild --enable-rust | |
- name: Check source | |
run: make check-source BASE_REF="origin/${{ github.base_ref }}" | |
- name: Check Generated Files have been updated | |
run: make check-gen-updated | |
- name: Check docs | |
run: make check-doc | |
compile: | |
name: Compile CLN ${{ matrix.cfg }} | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 30 | |
needs: | |
- prebuild | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- CFG: compile-gcc | |
VALGRIND: 1 | |
COMPILER: gcc | |
- CFG: compile-gcc-O3 | |
VALGRIND: 1 | |
COMPILER: gcc | |
COPTFLAGS_VAR: COPTFLAGS="-O3 -Werror" | |
# While we're at it let's try to compile with clang | |
- CFG: compile-clang | |
VALGRIND: 1 | |
COMPILER: clang | |
- CFG: compile-clang-sanitizers | |
COMPILER: clang | |
ASAN: 1 | |
UBSAN: 1 | |
VALGRIND: 0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
bash -x .github/scripts/setup.sh | |
- name: Build | |
env: | |
COMPILER: ${{ matrix.COMPILER }} | |
ASAN: ${{ matrix.ASAN }} | |
UBSAN: ${{ matrix.UBSAN }} | |
VALGRIND: ${{ matrix.VALGRIND }} | |
COMPAT: 1 | |
CFG: ${{ matrix.CFG }} | |
run: | | |
set -e | |
pip3 install --user pip wheel poetry | |
poetry export -o requirements.txt --with dev --without-hashes | |
python3 -m pip install -r requirements.txt | |
./configure --enable-debugbuild CC="$COMPILER" ${{ matrix.COPTFLAGS_VAR }} | |
make -j $(nproc) testpack.tar.bz2 | |
# Rename now so we don't clash | |
mv testpack.tar.bz2 cln-${CFG}.tar.bz2 | |
- name: Check rust packages | |
run: cargo test --all | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: cln-${{ matrix.CFG }}.tar.bz2 | |
path: cln-${{ matrix.CFG }}.tar.bz2 | |
check-units: | |
# The unit test checks are not in the critical path (not dependent | |
# on the integration tests), so run them with `valgrind` | |
name: Run unit tests | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 30 | |
env: | |
BOLTDIR: bolts | |
needs: | |
- compile | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- CFG: compile-gcc | |
VALGRIND: 1 | |
- CFG: compile-clang-sanitizers | |
VALGRIND: 0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
bash -x .github/scripts/setup.sh | |
sudo apt-get update -qq | |
sudo apt-get install -y -qq lowdown | |
pip install -U pip wheel poetry | |
# Export and then use pip to install into the current env | |
poetry export -o /tmp/requirements.txt --without-hashes --with dev | |
pip install -r /tmp/requirements.txt | |
# We're going to check BOLT quotes, so get the latest version | |
git clone https://github.com/lightning/bolts.git ../${BOLTDIR} | |
- name: Download build | |
uses: actions/download-artifact@v4 | |
with: | |
name: cln-${{ matrix.CFG }}.tar.bz2 | |
- name: Check | |
run: | | |
tar -xaf cln-${{ matrix.CFG }}.tar.bz2 | |
make -j $(nproc) check-units installcheck VALGRIND=${{ matrix.VALGRIND }} | |
check-fuzz: | |
name: Run fuzz regression tests | |
runs-on: ubuntu-22.04 | |
needs: | |
- prebuild | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
bash -x .github/scripts/setup.sh | |
pip install -U pip wheel poetry | |
# Export and then use pip to install into the current env | |
poetry export -o /tmp/requirements.txt --without-hashes --with dev | |
pip install -r /tmp/requirements.txt | |
- name: Build | |
run: | | |
./configure --enable-debugbuild --enable-fuzzing --enable-address-sanitizer --enable-ub-sanitizer --disable-valgrind CC=clang | |
make -j $(nproc) check-fuzz | |
integration: | |
name: Test CLN ${{ matrix.name }} | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
env: | |
RUST_PROFILE: release # Has to match the one in the compile step | |
PYTEST_OPTS: --timeout=1200 --force-flaky | |
needs: | |
- compile | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- NAME: gcc | |
CFG: compile-gcc | |
TEST_DB_PROVIDER: sqlite3 | |
COMPILER: gcc | |
TEST_NETWORK: regtest | |
# While we're at it let's try to compile with clang | |
- NAME: clang | |
CFG: compile-clang | |
TEST_DB_PROVIDER: sqlite3 | |
COMPILER: clang | |
TEST_NETWORK: regtest | |
# And of course we want to test postgres too | |
- NAME: postgres | |
CFG: compile-gcc | |
COMPILER: gcc | |
TEST_DB_PROVIDER: postgres | |
TEST_NETWORK: regtest | |
# And don't forget about elements (like cdecker did when | |
# reworking the CI...) | |
- NAME: liquid | |
CFG: compile-gcc | |
COMPILER: gcc | |
TEST_NETWORK: liquid-regtest | |
TEST_DB_PROVIDER: sqlite3 | |
# And dual funding! | |
- NAME: dual-fund | |
CFG: compile-gcc | |
TEST_DB_PROVIDER: sqlite3 | |
COMPILER: gcc | |
TEST_NETWORK: regtest | |
EXPERIMENTAL_DUAL_FUND: 1 | |
# And splicing! | |
- NAME: splicing | |
CFG: compile-gcc | |
TEST_DB_PROVIDER: sqlite3 | |
COMPILER: gcc | |
TEST_NETWORK: regtest | |
EXPERIMENTAL_SPLICING: 1 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
pip3 install --user pip wheel poetry | |
poetry install | |
- name: Install bitcoind | |
env: | |
TEST_NETWORK: ${{ matrix.TEST_NETWORK }} | |
run: .github/scripts/install-bitcoind.sh | |
- name: Download build | |
uses: actions/download-artifact@v4 | |
with: | |
name: cln-${{ matrix.CFG }}.tar.bz2 | |
- name: Unpack pre-built CLN | |
env: | |
CFG: ${{ matrix.CFG }} | |
run: | | |
tar -xaf cln-${CFG}.tar.bz2 | |
- name: Switch network | |
if: ${{ matrix.TEST_NETWORK == 'liquid-regtest' }} | |
run: | | |
# Loading the network from config.vars rather than the envvar is a terrible idea... | |
sed -i 's/TEST_NETWORK=regtest/TEST_NETWORK=liquid-regtest/g' config.vars | |
cat config.vars | |
- name: Test | |
env: | |
COMPILER: ${{ matrix.COMPILER }} | |
EXPERIMENTAL_DUAL_FUND: ${{ matrix.EXPERIMENTAL_DUAL_FUND }} | |
EXPERIMENTAL_SPLICING: ${{ matrix.EXPERIMENTAL_SPLICING }} | |
COMPAT: 1 | |
CFG: ${{ matrix.CFG }} | |
SLOW_MACHINE: 1 | |
PYTEST_PAR: 10 | |
TEST_DEBUG: 1 | |
TEST_DB_PROVIDER: ${{ matrix.TEST_DB_PROVIDER }} | |
TEST_NETWORK: ${{ matrix.TEST_NETWORK }} | |
LIGHTNINGD_POSTGRES_NO_VACUUM: 1 | |
run: | | |
env | |
cat config.vars | |
VALGRIND=0 poetry run pytest tests/ -vvv -n ${PYTEST_PAR} ${PYTEST_OPTS} | |
integration-valgrind: | |
name: Valgrind Test CLN ${{ matrix.name }} | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
env: | |
RUST_PROFILE: release # Has to match the one in the compile step | |
CFG: compile-gcc | |
PYTEST_OPTS: --test-group-random-seed=42 --timeout=1800 --force-flaky | |
needs: | |
- compile | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- NAME: Valgrind (01/10) | |
PYTEST_OPTS: --test-group=1 --test-group-count=10 | |
- NAME: Valgrind (02/10) | |
PYTEST_OPTS: --test-group=2 --test-group-count=10 | |
- NAME: Valgrind (03/10) | |
PYTEST_OPTS: --test-group=3 --test-group-count=10 | |
- NAME: Valgrind (04/10) | |
PYTEST_OPTS: --test-group=4 --test-group-count=10 | |
- NAME: Valgrind (05/10) | |
PYTEST_OPTS: --test-group=5 --test-group-count=10 | |
- NAME: Valgrind (06/10) | |
PYTEST_OPTS: --test-group=6 --test-group-count=10 | |
- NAME: Valgrind (07/10) | |
PYTEST_OPTS: --test-group=7 --test-group-count=10 | |
- NAME: Valgrind (08/10) | |
PYTEST_OPTS: --test-group=8 --test-group-count=10 | |
- NAME: Valgrind (09/10) | |
PYTEST_OPTS: --test-group=9 --test-group-count=10 | |
- NAME: Valgrind (10/10) | |
PYTEST_OPTS: --test-group=10 --test-group-count=10 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
sudo apt-get update -qq | |
sudo apt-get install -yyq valgrind | |
pip3 install --user pip wheel poetry | |
poetry install | |
- name: Install bitcoind | |
run: .github/scripts/install-bitcoind.sh | |
- name: Download build | |
uses: actions/download-artifact@v4 | |
with: | |
name: cln-compile-gcc.tar.bz2 | |
- name: Unpack build | |
run: tar -xvjf cln-compile-gcc.tar.bz2 | |
- name: Test | |
env: | |
SLOW_MACHINE: 1 | |
TEST_DEBUG: 1 | |
run: | | |
VALGRIND=1 poetry run pytest tests/ -vvv -n 3 ${PYTEST_OPTS} ${{ matrix.PYTEST_OPTS }} | |
integration-sanitizers: | |
name: Sanitizers Test CLN | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
env: | |
RUST_PROFILE: release | |
SLOW_MACHINE: 1 | |
TEST_DEBUG: 1 | |
PYTEST_OPTS: --test-group-random-seed=42 --timeout=1800 --force-flaky | |
needs: | |
- compile | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- NAME: ASan/UBSan (01/10) | |
PYTEST_OPTS: --test-group=1 --test-group-count=10 | |
- NAME: ASan/UBSan (02/10) | |
PYTEST_OPTS: --test-group=2 --test-group-count=10 -n 1 | |
- NAME: ASan/UBSan (03/10) | |
PYTEST_OPTS: --test-group=3 --test-group-count=10 | |
- NAME: ASan/UBSan (04/10) | |
PYTEST_OPTS: --test-group=4 --test-group-count=10 | |
- NAME: ASan/UBSan (05/10) | |
PYTEST_OPTS: --test-group=5 --test-group-count=10 | |
- NAME: ASan/UBSan (06/10) | |
PYTEST_OPTS: --test-group=6 --test-group-count=10 | |
- NAME: ASan/UBSan (07/10) | |
PYTEST_OPTS: --test-group=7 --test-group-count=10 | |
- NAME: ASan/UBSan (08/10) | |
PYTEST_OPTS: --test-group=8 --test-group-count=10 | |
- NAME: ASan/UBSan (09/10) | |
PYTEST_OPTS: --test-group=9 --test-group-count=10 | |
- NAME: ASan/UBSan (10/10) | |
PYTEST_OPTS: --test-group=10 --test-group-count=10 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
bash -x .github/scripts/setup.sh | |
set -e | |
pip3 install --user wheel poetry | |
poetry install --with dev --no-root | |
- name: Install bitcoind | |
run: .github/scripts/install-bitcoind.sh | |
- name: Download build | |
uses: actions/download-artifact@v4 | |
with: | |
name: cln-compile-clang-sanitizers.tar.bz2 | |
- name: Unpack build | |
run: tar -xvjf cln-compile-clang-sanitizers.tar.bz2 | |
- name: Test | |
run: | | |
poetry run pytest tests/ -vvv -n 2 ${PYTEST_OPTS} ${{ matrix.PYTEST_OPTS }} | |
min-btc-support: | |
name: Test minimum supported BTC v${{ matrix.MIN_BTC_VERSION }} with ${{ matrix.NAME }} | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 120 | |
env: | |
RUST_PROFILE: release # Has to match the one in the compile step | |
PYTEST_OPTS: --timeout=1200 --force-flaky | |
needs: | |
- compile | |
strategy: | |
fail-fast: true | |
matrix: | |
include: | |
- NAME: clang | |
CFG: compile-clang | |
TEST_DB_PROVIDER: sqlite3 | |
COMPILER: clang | |
TEST_NETWORK: regtest | |
MIN_BTC_VERSION: '25.0' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Python 3.8 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: 3.8 | |
- name: Install dependencies | |
run: | | |
pip3 install --user pip wheel poetry | |
poetry install | |
- name: Download Bitcoin Core | |
run: wget "https://bitcoincore.org/bin/bitcoin-core-${{ matrix.MIN_BTC_VERSION }}/bitcoin-${{ matrix.MIN_BTC_VERSION }}-x86_64-linux-gnu.tar.gz" | |
- name: Extract Bitcoin Core | |
run: tar -xf "bitcoin-${{ matrix.MIN_BTC_VERSION }}-x86_64-linux-gnu.tar.gz" | |
- name: Move Bitcoin Core Binaries | |
run: sudo mv bitcoin-${{ matrix.MIN_BTC_VERSION }}/bin/* /usr/local/bin/ | |
- name: Clean Up Downloaded Bitcoin | |
run: rm -rf "bitcoin-${{ matrix.MIN_BTC_VERSION }}-x86_64-linux-gnu.tar.gz" "bitcoin-${{ matrix.MIN_BTC_VERSION }}" | |
- name: Download build | |
uses: actions/download-artifact@v4 | |
with: | |
name: cln-${{ matrix.CFG }}.tar.bz2 | |
- name: Unpack pre-built CLN | |
env: | |
CFG: ${{ matrix.CFG }} | |
run: | | |
tar -xaf cln-${CFG}.tar.bz2 | |
- name: Test | |
env: | |
COMPILER: ${{ matrix.COMPILER }} | |
COMPAT: 1 | |
CFG: ${{ matrix.CFG }} | |
SLOW_MACHINE: 1 | |
PYTEST_PAR: 10 | |
TEST_DEBUG: 1 | |
TEST_DB_PROVIDER: ${{ matrix.TEST_DB_PROVIDER }} | |
TEST_NETWORK: ${{ matrix.TEST_NETWORK }} | |
LIGHTNINGD_POSTGRES_NO_VACUUM: 1 | |
run: | | |
env | |
cat config.vars | |
VALGRIND=0 poetry run pytest tests/ -vvv -n ${PYTEST_PAR} ${PYTEST_OPTS} | |
gather: | |
# A dummy task that depends on the full matrix of tests, and | |
# signals successful completion. Used for the PR status to pass | |
# before merging. | |
name: CI completion | |
runs-on: ubuntu-20.04 | |
needs: | |
- integration | |
- check-units | |
- integration-valgrind | |
- integration-sanitizers | |
- min-btc-support | |
steps: | |
- name: Complete | |
run: | | |
echo CI completed successfully |