"contract" op code sanity checks (#1453) #5663
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: [opened, synchronize, reopened, labeled, unlabeled] | |
release: | |
types: [published] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
env: | |
CARGO_TERM_COLOR: always | |
RUST_VERSION: 1.73.0 | |
NIGHTLY_RUST_VERSION: nightly-2023-10-29 | |
RUSTFLAGS: -D warnings | |
REGISTRY: ghcr.io | |
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2 | |
jobs: | |
check-changelog: | |
name: Check Changelog | |
runs-on: ubuntu-latest | |
steps: | |
- uses: tarides/changelog-check-action@v2 | |
with: | |
changelog: CHANGELOG.md | |
rustfmt: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install latest nightly | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.NIGHTLY_RUST_VERSION }} | |
components: rustfmt | |
- name: Rustfmt check | |
run: cargo +${{ env.NIGHTLY_RUST_VERSION }} fmt --all -- --check | |
lint-toml-files: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: setup binstall | |
uses: taiki-e/install-action@cargo-binstall | |
- name: Install Cargo.toml linter | |
run: cargo binstall --no-confirm cargo-sort | |
- name: Run Cargo.toml sort check | |
run: cargo sort -w --check | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
lint-helm-chart: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Helm | |
uses: azure/setup-helm@v3 | |
with: | |
version: v3.10.0 | |
- name: helm lint | |
run: | | |
cd deployment/charts | |
helm lint | |
prevent-openssl: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- uses: actions/checkout@v3 | |
# ensure openssl hasn't crept into the dep tree | |
- name: Check if openssl is included | |
run: ./.github/workflows/scripts/verify_openssl.sh | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
cargo-verifications: | |
needs: | |
- lint-toml-files | |
- prevent-openssl | |
- rustfmt | |
- check-changelog | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
env: | |
RUSTFLAGS: -D warnings | |
strategy: | |
matrix: | |
include: | |
- command: clippy | |
args: --all-targets --all-features | |
- command: check | |
args: --all-targets | |
- command: make | |
args: check --locked | |
- command: test | |
args: --all-features --workspace | |
- command: test | |
args: -p fuel-core --no-default-features | |
- command: test | |
args: -p fuel-core-client --no-default-features | |
- command: test | |
args: -p fuel-core-chain-config --no-default-features | |
- command: test | |
args: --manifest-path version-compatibility/Cargo.toml --workspace | |
- command: build | |
args: -p fuel-core-bin --no-default-features --features production | |
# WASM compatibility checks | |
- command: check | |
args: -p fuel-core-types --target wasm32-unknown-unknown --no-default-features | |
- command: check | |
args: -p fuel-core-storage --target wasm32-unknown-unknown --no-default-features | |
- command: check | |
args: -p fuel-core-client --target wasm32-unknown-unknown --no-default-features | |
- command: check | |
args: -p fuel-core-chain-config --target wasm32-unknown-unknown --no-default-features | |
# disallow any job that takes longer than 45 minutes | |
timeout-minutes: 45 | |
continue-on-error: ${{ matrix.skip-error || false }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
targets: "wasm32-unknown-unknown" | |
components: "clippy" | |
- name: Install Cargo Make | |
uses: davidB/rust-cargo-make@v1 | |
with: | |
version: "0.36.4" | |
- name: Install Protoc | |
run: | | |
sudo apt-get update | |
sudo apt-get install protobuf-compiler | |
- uses: rui314/setup-mold@v1 | |
- uses: buildjet/cache@v3 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ matrix.command }}-${{ matrix.args }}-${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
- name: ${{ matrix.command }} ${{ matrix.args }} | |
run: cargo ${{ matrix.command }} ${{ matrix.args }} | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && github.ref == 'refs/heads/master' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
env: | |
RUSTFLAGS: -D warnings | |
publish-crates-check: | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Publish crate check | |
uses: katyo/publish-crates@v2 | |
with: | |
dry-run: true | |
check-repo: false | |
ignore-unpublished-changes: true | |
verifications-complete: | |
needs: | |
- cargo-verifications | |
- publish-crates-check | |
- lint-helm-chart | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- run: echo "pass" | |
verify-tag-version: | |
# Only do this job if publishing a release | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Verify tag version | |
run: | | |
# TODO: Automate running `verify_tag` only for "publish = true" crates | |
curl -sSLf "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -L -o dasel && chmod +x dasel | |
mv ./dasel /usr/local/bin/dasel | |
./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml | |
- name: Verify helm chart version | |
run: | | |
./.github/workflows/scripts/verify_chart_version.sh | |
publish-crates: | |
# Only do this job if publishing a release | |
needs: | |
- verify-tag-version | |
- verifications-complete | |
if: github.event_name == 'release' && github.event.action == 'published' | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Install toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
- name: Install Protoc | |
run: | | |
sudo apt-get update | |
sudo apt-get install protobuf-compiler | |
- name: Publish crate | |
uses: katyo/publish-crates@v2 | |
with: | |
publish-delay: 60000 | |
registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-docker-image: | |
needs: | |
- verifications-complete | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
ghcr.io/fuellabs/fuel-core | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
flavor: | | |
latest=${{ github.ref == 'refs/heads/master' }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Build and push the image to ghcr.io | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
platforms: linux/amd64,linux/arm64 | |
file: deployment/Dockerfile | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-build-cache:latest | |
cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-build-cache:latest,mode=max | |
# duplicate of publish-docker-image, but with profiling features enabled | |
# this is split into a separate action since it takes longer to build | |
publish-docker-image-profiling: | |
needs: | |
- verifications-complete | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
ghcr.io/fuellabs/fuel-core-debug | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
flavor: | | |
latest=${{ github.ref == 'refs/heads/master' }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push the image to ghcr.io | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
file: deployment/Dockerfile | |
build-args: "DEBUG_SYMBOLS=true" | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-debug-build-cache:latest | |
cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-debug-build-cache:latest,mode=max | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-e2e-client-docker-image: | |
needs: | |
- verifications-complete | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Docker meta | |
id: meta | |
uses: docker/metadata-action@v3 | |
with: | |
images: | | |
ghcr.io/fuellabs/fuel-core-e2e-client | |
tags: | | |
type=sha | |
type=ref,event=branch | |
type=ref,event=tag | |
type=semver,pattern={{raw}} | |
flavor: | | |
latest=${{ github.ref == 'refs/heads/master' }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Log in to the ghcr.io registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Build and push the image to ghcr.io | |
uses: docker/build-push-action@v2 | |
with: | |
context: . | |
file: deployment/e2e-client.Dockerfile | |
push: true | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-e2e-build-cache:latest | |
cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-e2e-build-cache:latest,mode=max | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
publish-fuel-core-binary: | |
name: Release fuel-core binaries | |
runs-on: ${{ matrix.job.os }} | |
# Only do this job if publishing a release | |
needs: | |
- verify-tag-version | |
- verifications-complete | |
if: github.event_name == 'release' && github.event.action == 'published' | |
continue-on-error: true | |
strategy: | |
fail-fast: false | |
matrix: | |
job: | |
- os: buildjet-4vcpu-ubuntu-2204 | |
platform: linux | |
target: x86_64-unknown-linux-gnu | |
cross_image: x86_64-linux-gnu | |
- os: buildjet-4vcpu-ubuntu-2204 | |
platform: linux-arm | |
target: aarch64-unknown-linux-gnu | |
cross_image: aarch64-linux-gnu | |
- os: macos-latest | |
platform: darwin | |
target: x86_64-apple-darwin | |
- os: macos-latest | |
platform: darwin-arm | |
target: aarch64-apple-darwin | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
if: matrix.job.cross_image | |
uses: docker/setup-buildx-action@v1 | |
- name: Log in to the ghcr.io registry | |
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ env.REGISTRY }} | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Log in to the docker.io registry | |
if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' | |
uses: docker/login-action@v2 | |
with: | |
username: fuellabs | |
password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} | |
- name: Setup custom cross env ${{ matrix.job.cross_image }} | |
if: matrix.job.cross_image | |
uses: docker/build-push-action@v2 | |
with: | |
context: ci | |
file: ci/Dockerfile.${{ matrix.job.target }}-clang | |
tags: ${{ matrix.job.cross_image }}:latest | |
load: true | |
cache-from: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest | |
cache-to: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest,mode=max | |
- name: Install packages (macOS) | |
if: matrix.job.os == 'macos-latest' | |
run: | | |
ci/macos-install-packages.sh | |
- name: Install toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUST_VERSION }} | |
target: ${{ matrix.job.target }} | |
- name: Install cross | |
uses: baptiste0928/cargo-install@v1 | |
with: | |
crate: cross | |
cache-key: '${{ matrix.job.target }}' | |
- name: Build fuel-core and fuel-core-keygen | |
run: | | |
cross build --profile=release --target ${{ matrix.job.target }} --no-default-features --features "production" -p fuel-core-bin | |
cross build --profile=release --target ${{ matrix.job.target }} -p fuel-core-keygen-bin | |
- name: Strip release binary linux x86_64 | |
if: matrix.job.platform == 'linux' | |
run: | | |
strip "target/${{ matrix.job.target }}/release/fuel-core" | |
strip "target/${{ matrix.job.target }}/release/fuel-core-keygen-bin" | |
- name: Strip release binary aarch64-linux-gnu | |
if: matrix.job.target == 'aarch64-unknown-linux-gnu' | |
run: | | |
docker run --rm -v \ | |
"$PWD/target:/target:Z" \ | |
aarch64-linux-gnu:latest \ | |
aarch64-linux-gnu-strip \ | |
/target/aarch64-unknown-linux-gnu/release/fuel-core | |
docker run --rm -v \ | |
"$PWD/target:/target:Z" \ | |
aarch64-linux-gnu:latest \ | |
aarch64-linux-gnu-strip \ | |
/target/aarch64-unknown-linux-gnu/release/fuel-core-keygen-bin | |
- name: Strip release binary mac | |
if: matrix.job.os == 'macos-latest' | |
run: | | |
strip -x "target/${{ matrix.job.target }}/release/fuel-core" | |
strip -x "target/${{ matrix.job.target }}/release/fuel-core-keygen-bin" | |
- name: Prepare Binary Artifact | |
env: | |
PLATFORM_NAME: ${{ matrix.job.platform }} | |
TARGET: ${{ matrix.job.target }} | |
run: | | |
# trim refs/tags/ prefix | |
FUEL_CORE_VERSION="${GITHUB_REF#refs/tags/}" | |
# optionally trim v from tag prefix | |
FUEL_CORE_VERSION="${FUEL_CORE_VERSION#v}" | |
echo "version is: $FUEL_CORE_VERSION" | |
# setup artifact filename | |
ARTIFACT="fuel-core-$FUEL_CORE_VERSION-${{ env.TARGET }}" | |
ZIP_FILE_NAME="$ARTIFACT.tar.gz" | |
echo "ZIP_FILE_NAME=$ZIP_FILE_NAME" >> $GITHUB_ENV | |
# create zip file | |
mkdir -pv "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core" "$ARTIFACT" | |
cp "target/${{ matrix.job.target }}/release/fuel-core-keygen-bin" "$ARTIFACT" | |
tar -czvf "$ZIP_FILE_NAME" "$ARTIFACT" | |
- name: Upload Binary Artifact | |
uses: actions/upload-release-asset@v1 | |
env: | |
GITHUB_TOKEN: ${{ github.token }} | |
with: | |
upload_url: ${{ github.event.release.upload_url }} | |
asset_path: ./${{ env.ZIP_FILE_NAME }} | |
asset_name: ${{ env.ZIP_FILE_NAME }} | |
asset_content_type: application/gzip | |
- uses: FuelLabs/.github/.github/actions/slack-notify-template@master | |
if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') && matrix.job.os != 'macos-latest' | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} | |
# Deploy Fuel Core Ephemeral Developer Environment | |
deploy-eph-env: | |
if: startsWith(github.head_ref, 'preview/') | |
needs: | |
- publish-docker-image | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Set Environment Variables | |
run: | | |
tag=(`echo $GITHUB_SHA | cut -c1-7`) | |
echo "IMAGE_TAG=`echo sha-$tag`" >> $GITHUB_ENV | |
echo "DEPLOYMENT_VERSION=$(echo $GITHUB_SHA)" >> $GITHUB_ENV | |
echo "NAMESPACE=$(echo ${GITHUB_HEAD_REF} | cut -c 9-)" >> $GITHUB_ENV | |
- name: Deploy Fuel Core Ephemeral Developer Environment | |
uses: benc-uk/workflow-dispatch@v1 | |
with: | |
workflow: Deploy Fuel-Core on k8s | |
repo: FuelLabs/fuel-deployment | |
ref: refs/heads/master | |
token: ${{ secrets.REPO_TOKEN }} | |
inputs: '{ "k8s-type": "${{ env.K8S }}", "config-directory": "${{ env.CONFIG }}", "config-env": "${{ env.ENV }}", "deployment-version": "${{ env.DEPLOYMENT_VERSION }}", "image-tag": "${{ env.IMAGE_TAG }}", "namespace": "${{ env.NAMESPACE }}", "delete-infra": "${{ env.DELETE_INFRA }}" }' | |
env: | |
K8S: 'eks' | |
CONFIG: 'fuel-dev1' | |
ENV: 'fueldevsway.env' | |
DELETE_INFRA: true | |
# Deploy Latest Fuel-Core Release | |
deploy: | |
if: github.ref == 'refs/heads/master' | |
needs: | |
- publish-docker-image | |
runs-on: buildjet-4vcpu-ubuntu-2204 | |
steps: | |
- name: Set Environment Variables | |
run: | | |
tag=(`echo $GITHUB_SHA | cut -c1-7`) | |
echo "IMAGE_TAG=`echo sha-$tag`" >> $GITHUB_ENV | |
echo "DEPLOYMENT_VERSION=$(echo $GITHUB_SHA)" >> $GITHUB_ENV | |
- name: Deploy Fuel-Core Developer Environment | |
uses: benc-uk/workflow-dispatch@v1 | |
with: | |
workflow: Deploy Fuel-Core on k8s | |
repo: FuelLabs/fuel-deployment | |
ref: refs/heads/master | |
token: ${{ secrets.REPO_TOKEN }} | |
inputs: '{ "k8s-type": "${{ env.K8S }}", "config-directory": "${{ env.CONFIG }}", "config-env": "${{ env.ENV }}", "deployment-version": "${{ env.DEPLOYMENT_VERSION }}", "image-tag": "${{ env.IMAGE_TAG }}", "delete-infra": "${{ env.DELETE_INFRA }}" }' | |
env: | |
K8S: 'eks' | |
CONFIG: 'fuel-dev1' | |
ENV: 'fueldevsway.env' | |
DELETE_INFRA: true | |
cargo-audit: | |
runs-on: ubuntu-latest | |
continue-on-error: true | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: actions-rs/audit-check@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} |