-
Notifications
You must be signed in to change notification settings - Fork 50
277 lines (265 loc) · 11.3 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
# Smoldot
# Copyright (C) 2019-2022 Parity Technologies (UK) Ltd.
# SPDX-License-Identifier: GPL-3.0-or-later WITH Classpath-exception-2.0
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <http://www.gnu.org/licenses/>.
name: deploy
on:
pull_request: # All deployment steps are tested on PRs, but the actual deployment doesn't happen.
merge_group:
push:
branches:
- main
# TODO: improve the security of this module
permissions: read-all
jobs:
build-push-docker-image:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: actions/checkout@v4
- uses: docker/login-action@v3
# This `if` adds an additional safety against accidental pushes.
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- uses: docker/build-push-action@v5.4.0
with:
context: .
file: ./full-node/Dockerfile
load: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
tags: ghcr.io/smol-dot/full-node:main
- run: docker push ghcr.io/smol-dot/full-node:main
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
build-js-doc:
runs-on: ubuntu-latest
container:
image: rust:1.79
steps:
- uses: actions/checkout@v4
with:
path: repo
- run: rustup target add wasm32-unknown-unknown
- uses: actions/setup-node@v4.0.3
with:
node-version: current
- run: npm install
working-directory: ./repo/wasm-node/javascript
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./repo -> target
- run: npm run doc
working-directory: ./repo/wasm-node/javascript
- run: |
mkdir -p ./doc
mv ./repo/wasm-node/javascript/dist/doc/* ./doc
- uses: actions/upload-artifact@v4
with:
name: javascript-documentation
path: ./doc/
build-rust-doc:
runs-on: ubuntu-latest
container:
image: rust:1.79
steps:
- uses: actions/checkout@v4
with:
path: repo
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./repo -> target
- run: cargo doc --verbose --all-features --no-deps --package smoldot --package smoldot-light --package smoldot-full-node
working-directory: ./repo
- run: |
mkdir -p ./doc
mv ./repo/target/doc/* ./doc
- uses: actions/upload-artifact@v4
with:
name: rust-documentation
path: ./doc/
build-tests-coverage:
runs-on: ubuntu-latest
container:
image: rust:1.79
steps:
- run: apt update && apt install -y jq
- run: rustup component add llvm-tools-preview
- uses: actions/checkout@v4
with:
path: repo
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./repo -> target
- run: |
mkdir -p ../coverage
RUSTFLAGS="-C instrument-coverage" LLVM_PROFILE_FILE="`pwd`/../coverage/default_%m_%p.profraw" cargo test --workspace --tests
RUSTFLAGS="-C instrument-coverage" cargo test --workspace --tests --no-run --message-format=json | jq -r "select(.profile.test == true) | .filenames[]" | grep -v dSYM > ../coverage/binaries-list
working-directory: ./repo
- run: |
`rustc --print sysroot`/lib/rustlib/x86_64-unknown-linux-gnu/bin/llvm-profdata merge -sparse ./coverage/default_*.profraw -o ./coverage/tests-coverage.profdata
`rustc --print sysroot`/lib/rustlib/x86_64-unknown-linux-gnu/bin/llvm-cov show --format=html --output-dir=./html-out --instr-profile=./coverage/tests-coverage.profdata --ignore-filename-regex='cargo/registry' --ignore-filename-regex='/rustc/' --show-instantiations --show-line-counts-or-regions $(for file in `cat ./coverage/binaries-list`; do printf "%s %s " -object $file; done)
`rustc --print sysroot`/lib/rustlib/x86_64-unknown-linux-gnu/bin/llvm-cov report --instr-profile=./coverage/tests-coverage.profdata --ignore-filename-regex='cargo/registry' --ignore-filename-regex='/rustc/' $(for file in `cat ./coverage/binaries-list`; do printf "%s %s " -object $file; done)
- uses: actions/upload-artifact@v4
with:
name: code-coverage-report
path: ./html-out/
docs-publish:
runs-on: ubuntu-latest
needs: [build-js-doc, build-rust-doc, build-tests-coverage]
permissions:
contents: write # Necessary to push on the `gh-pages` branch.
steps:
- uses: actions/checkout@v4
with:
path: repo
- run: |
mkdir -p ./upload/doc-javascript
mkdir -p ./upload/doc-rust
mkdir -p ./upload/tests-coverage
touch ./upload/.nojekyll
- uses: actions/download-artifact@v4
with:
name: javascript-documentation
path: ./upload/doc-javascript
- uses: actions/download-artifact@v4
with:
name: rust-documentation
path: ./upload/doc-rust
- uses: actions/download-artifact@v4
with:
name: code-coverage-report
path: ./upload/tests-coverage
- run: |
git config user.email "github-action@users.noreply.github.com"
git config user.name "GitHub Action"
git config user.password ${{ secrets.GITHUB_TOKEN }}
git checkout --orphan gh-pages
git rm -rf .
git clean -d --force
shopt -s dotglob
mv ../upload/* .
git add --all
git commit -m "Documentation"
working-directory: ./repo
shell: bash # Necessary for `shopt`
- run: git push -f origin gh-pages:gh-pages
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
working-directory: ./repo
npm-publish:
runs-on: ubuntu-latest
container:
image: rust:1.79
steps:
- uses: actions/checkout@v4
- run: rustup target add wasm32-unknown-unknown
- uses: actions/setup-node@v4.0.3
with:
# Set the oldest version still maintained, in order to ensure compatibility. See <https://nodejs.dev/en/about/releases/>
node-version: 16
- uses: Swatinem/rust-cache@v2
- run: npm install
working-directory: ./wasm-node/javascript
- run: npm publish --unsafe-perm --dry-run
working-directory: ./wasm-node/javascript
- uses: JS-DevTools/npm-publish@v3
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
# Warning: this GitHub action doesn't seem to run prepublish scripts, hence
# the `npm publish --dry-run` done right above is important to ensure this.
with:
token: ${{ secrets.NPM_TOKEN }}
package: ./wasm-node/javascript/package.json
access: public
deno-publish:
runs-on: ubuntu-latest
permissions:
contents: write # Necessary in order to push tags.
# This action checks if a certain git tag exists. If not, it compiles the JavaScript package,
# then commits the compilation artifacts, tags the commit, and pushes the tag.
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0 # Necessary below for checking if the tag exists.
- run: rustup target add wasm32-unknown-unknown
- uses: actions/setup-node@v4.0.3
with:
node-version: 16
- uses: denoland/setup-deno@v1
with:
deno-version: v1.x
# TODO: do not use `actions-rs/toolchain` but instead use `image: rust:...` like all the other stages; unfortunately this causes incomprehensible `detected dubious ownership in repository` git errors
- uses: actions-rs/toolchain@v1
with:
# Ideally we don't want to install any toolchain, but the GH action doesn't support this.
toolchain: 1.79
profile: minimal
- uses: Swatinem/rust-cache@v2
- id: compute-tag # Compute the tag that we might push.
run: echo "tag=light-js-deno-v`jq -r .version ./wasm-node/javascript/package.json`" >> $GITHUB_OUTPUT
- id: check-tag-exists # Check whether the tag already exists.
run: echo "num-existing=`git tag -l | grep ${{ steps.compute-tag.outputs.tag }} | wc -l`" >> $GITHUB_OUTPUT
- run: npm install
working-directory: ./wasm-node/javascript
- run: npm publish --unsafe-perm --dry-run
working-directory: ./wasm-node/javascript
- run: cp ./README.md ./dist/mjs
working-directory: ./wasm-node/javascript
- run: |
git add --force ./wasm-node/javascript/dist/mjs # --force bypasses the .gitignore
git config --local user.email "github-actions[bot]@users.noreply.github.com"
git config --local user.name "github-actions[bot]"
git commit -m "Deno version publishing"
- run: |
git tag ${{ steps.compute-tag.outputs.tag }}
if: ${{ steps.check-tag-exists.outputs.num-existing == 0 }}
- run: git push origin ${{ steps.compute-tag.outputs.tag }}
if: ${{ steps.check-tag-exists.outputs.num-existing == 0 && github.event_name == 'push' && github.ref == 'refs/heads/main' }}
crates-io-publish:
runs-on: ubuntu-latest
container:
image: rust:1.79
steps:
- uses: actions/checkout@v4
- run: cargo publish --dry-run --locked
working-directory: ./lib
# Note that no dry run is performed for the crates that have dependencies towards the
# library, as `cargo publish --dry-run` tries to build them against the version on
# `crates.io`, which causes build failures if its public API has changed.
# TODO: is there a way to solve that? ^
- run: cargo login ${{ secrets.CRATES_IO_TOKEN }}
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
- run: cargo publish --no-verify
working-directory: ./lib
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
continue-on-error: true
- run: cargo publish --no-verify
working-directory: ./light-base
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
continue-on-error: true
- run: cargo publish --no-verify
working-directory: ./full-node
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
continue-on-error: true
all-deploy:
# This dummy job depends on all the mandatory checks. It succeeds if and only if CI is
# considered successful.
needs: [build-push-docker-image, docs-publish, npm-publish, deno-publish, crates-io-publish]
runs-on: ubuntu-latest
steps:
- run: echo Success