release: remove prev node v0.3.0 that is not reproducible #45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - master | |
| # Workflows run on a PR should cancel previous workflows run on the same PR, but | |
| # this rule should NOT apply to workflows running anywhere else (e.g. master) | |
| # `head_ref` is only defined for PRs, and `run_id` is unique per run, QED. | |
| # https://docs.github.com/en/actions/using-jobs/using-concurrency | |
| # https://docs.github.com/en/actions/learn-github-actions/contexts#github-context | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| # TODO(phlip9): read-all? | |
| # https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs | |
| permissions: | |
| contents: read | |
| env: | |
| # Fail CI even on rustc "warning" lints | |
| RUSTFLAGS: -D warnings | |
| RUSTDOCFLAGS: -D warnings | |
| RUST_BACKTRACE: 1 | |
| CARGO_TERM_COLOR: always | |
| # less wasteful caching w/ non-incremental builds | |
| CARGO_INCREMENTAL: 0 | |
| LEXE_RUST_VERSION: nightly-2024-05-03 | |
| LEXE_CI: 1 | |
| jobs: | |
| # FIXME: Cargo is not picking up .cargo/config.toml, hence RUSTFLAGS is used | |
| # whenever the target is SGX | |
| # --- Linting the whole workspace --- # | |
| clippy: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.LEXE_RUST_VERSION }} | |
| targets: x86_64-fortanix-unknown-sgx | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: arduino/setup-protoc@v3 | |
| # Native | |
| - run: cargo clippy --locked --workspace | |
| # Native + tests | |
| - run: cargo clippy --locked --workspace --tests | |
| clippy-sgx: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.LEXE_RUST_VERSION }} | |
| targets: x86_64-fortanix-unknown-sgx | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: arduino/setup-protoc@v3 | |
| # SGX | |
| - run: RUSTFLAGS="-C target-feature=+aes,+ssse3 -D warnings" cargo clippy --locked -p node -p common -p lexe-ln -p sgx-test --target=x86_64-fortanix-unknown-sgx | |
| # SGX + tests | |
| - run: RUSTFLAGS="-C target-feature=+aes,+ssse3 -D warnings" cargo clippy --locked -p node -p common -p lexe-ln -p sgx-test --target=x86_64-fortanix-unknown-sgx --tests | |
| # --- Check the production binaries, which don't use feature unification --- # | |
| check-release: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.LEXE_RUST_VERSION }} | |
| targets: x86_64-fortanix-unknown-sgx | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: arduino/setup-protoc@v3 | |
| # Utils | |
| - run: cargo check --release --locked -p run-sgx | |
| # Node | |
| - run: RUSTFLAGS="-C target-feature=+aes,+ssse3 -D warnings" cargo check --release --locked -p node --target=x86_64-fortanix-unknown-sgx | |
| test: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.LEXE_RUST_VERSION }} | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: arduino/setup-protoc@v3 | |
| - run: cargo test --locked -- -Zunstable-options --report-time | |
| # TODO(max): Enable once we are approved so we don't need to constantly reauth | |
| # test-gdrive: | |
| # runs-on: ubuntu-22.04 | |
| # env: | |
| # # These secrets originate from a random Google account owned by Max. | |
| # # Don't remove this account from the Lexe project test users in Google | |
| # # Cloud, otherwise this CI workflow will break, | |
| # GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} | |
| # GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} | |
| # GOOGLE_REFRESH_TOKEN: ${{ secrets.GOOGLE_REFRESH_TOKEN }} | |
| # GOOGLE_ACCESS_TOKEN: ${{ secrets.GOOGLE_ACCESS_TOKEN }} | |
| # GOOGLE_ACCESS_TOKEN_EXPIRY: 0 | |
| # SKIP_GDRIVE_TOKEN_PRINT: 1 | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - uses: dtolnay/rust-toolchain@master | |
| # with: | |
| # toolchain: ${{ env.LEXE_RUST_VERSION }} | |
| # - uses: Swatinem/rust-cache@v2 | |
| # - uses: arduino/setup-protoc@v3 | |
| # with: # Authenticate to prevent rate limit error | |
| # repo-token: ${{ secrets.GITHUB_TOKEN }} | |
| # # Run only the `#[ignore]`d gdrive tests, and do it on one thread to | |
| # # prevent the tests (which create and delete the regtest VFS root) from | |
| # # interfering with each other | |
| # - run: cargo test --locked -p gdrive -- --ignored --test-threads=1 -Zunstable-options --report-time | |
| fmt: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.LEXE_RUST_VERSION }} | |
| - run: cargo fmt --all -- --check | |
| doc: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: dtolnay/rust-toolchain@master | |
| with: | |
| toolchain: ${{ env.LEXE_RUST_VERSION }} | |
| - uses: Swatinem/rust-cache@v2 | |
| - uses: arduino/setup-protoc@v3 | |
| - run: cargo doc --locked --no-deps --document-private-items | |
| # don't cache built docs, they take up a lot of space and rebuild quickly | |
| - run: rm -rf target/doc/ | |
| nix-reproducible-sgx-build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: DeterminateSystems/nix-installer-action@main | |
| - uses: DeterminateSystems/magic-nix-cache-action@main | |
| - run: nix build -L .#node-release-sgx |