pezkuwichain/pezkuwi-sdk
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

feat: Add rebrand CI/CD workflows to main branch

Browse Source 
- Add 72 rebrand workflow files (polkadot→pezkuwi, substrate→bizinikiwi, cumulus→pezcumulus)
- Add GitHub actions, issue templates, and configs
- Removed unnecessary workflows (fork-sync, gitspiegel, upstream-tracker, sync-templates, backport)
- Renamed zombienet test files to match new naming convention
This commit is contained in:
Kurdistan Tech Ministry
2025-12-19 22:51:57 +03:00
parent 0ec342b620
commit ee389beb8c
131 changed files with 16523 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/workflows/bench-all-runtimes.yml
+214
View File
@@ -0,0 +1,214 @@
name: Bench all runtimes
on:
# schedule:
# - cron: '0 1 * * 0' # weekly on Sunday night 01:00 UTC
workflow_dispatch:
inputs:
draft:
type: boolean
default: false
description: "Whether to create a draft PR"
permissions: # allow the action to create a PR
contents: write
issues: write
pull-requests: write
actions: read
jobs:
preflight:
uses: ./.github/workflows/reusable-preflight.yml
runtime-matrix:
runs-on: ubuntu-latest
needs: [preflight]
timeout-minutes: 30
outputs:
runtime: ${{ steps.runtime.outputs.runtime }}
branch: ${{ steps.branch.outputs.branch }}
date: ${{ steps.branch.outputs.date }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
name: Extract runtimes from matrix
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: master
- name: Extract runtimes
id: runtime
run: |
RUNTIMES=$(jq '[.[] | select(.package != null)]' .github/workflows/runtimes-matrix.json)
RUNTIMES=$(echo $RUNTIMES | jq -c .)
echo "runtime=$RUNTIMES"
echo "runtime=$RUNTIMES" >> $GITHUB_OUTPUT
- name: Create branch
id: branch
run: |
DATE=$(date +'%Y-%m-%d-%s')
BRANCH="update-weights-weekly-$DATE"
# Fixes "detected dubious ownership" error in the ci
git config --global --add safe.directory $GITHUB_WORKSPACE
git checkout -b $BRANCH
git push --set-upstream origin $BRANCH
echo "date=$DATE" >> $GITHUB_OUTPUT
echo "branch=$BRANCH" >> $GITHUB_OUTPUT
run-pezframe-omni-bencher:
needs: [preflight, runtime-matrix]
runs-on: ${{ needs.preflight.outputs.RUNNER_WEIGHTS }}
# 24 hours per runtime.
# Max it takes 14hr for zagros to recalculate, but due to limited runners,
# sometimes it can take longer.
timeout-minutes: 1440
strategy:
fail-fast: false # keep running other workflows even if one fails, to see the logs of all possible failures
matrix:
runtime: ${{ fromJSON(needs.runtime-matrix.outputs.runtime) }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
PACKAGE_NAME: ${{ matrix.runtime.package }}
FLAGS: ${{ matrix.runtime.bench_flags }}
RUST_LOG: "frame_omni_bencher=info,pezkuwi_sdk_frame=info"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ needs.runtime-matrix.outputs.branch }} # checkout always from the initially created branch to avoid conflicts
- name: script
id: required
run: |
git --version
# Fixes "detected dubious ownership" error in the ci
git config --global --add safe.directory $GITHUB_WORKSPACE
git remote -v
python3 -m pip install -r .github/scripts/generate-prdoc.requirements.txt
python3 .github/scripts/cmd/cmd.py bench --runtime ${{ matrix.runtime.name }}
git add .
git status
if [ -f /tmp/cmd/command_output.log ]; then
CMD_OUTPUT=$(cat /tmp/cmd/command_output.log)
# export to summary to display in the PR
echo "$CMD_OUTPUT" >> $GITHUB_STEP_SUMMARY
# should be multiline, otherwise it captures the first line only
echo 'cmd_output<<EOF' >> $GITHUB_OUTPUT
echo "$CMD_OUTPUT" >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
fi
# Create patch that includes both modifications and new files
git add -A
git diff --staged > diff-${{ matrix.runtime.name }}.patch -U0
git reset
- name: Upload diff
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: diff-${{ matrix.runtime.name }}
path: diff-${{ matrix.runtime.name }}.patch
apply-diff-commit:
runs-on: ubuntu-latest
needs: [runtime-matrix, run-pezframe-omni-bencher]
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
fetch-depth: 0
ref: ${{ needs.runtime-matrix.outputs.branch }}
- name: Download all artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
path: patches
# needs to be able to trigger CI
- uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: generate_token
with:
app-id: ${{ secrets.CMD_BOT_APP_ID }}
private-key: ${{ secrets.CMD_BOT_APP_KEY }}
- name: Apply diff and create PR
env:
GH_TOKEN: ${{ steps.generate_token.outputs.token }}
BRANCH: ${{ needs.runtime-matrix.outputs.branch }}
DATE: ${{ needs.runtime-matrix.outputs.date }}
run: |
git --version
git config user.name "github-actions[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git status
# Apply all patches
for file in patches/diff-*/diff-*.patch; do
if [ -f "$file" ] && [ -s "$file" ]; then
echo "Applying $file"
# using --3way and --ours for conflicts resolution. Requires git 2.47+
git apply "$file" --unidiff-zero --allow-empty --3way --ours || echo "Failed to apply $file"
else
echo "Skipping empty or non-existent patch file: $file"
fi
done
rm -rf patches
# Get release tags from 1 and 3 months ago
ONE_MONTH_AGO=$(date -d "1 month ago" +%Y-%m-%d)
THREE_MONTHS_AGO=$(date -d "3 months ago" +%Y-%m-%d)
# Get tags with their dates
ONE_MONTH_INFO=$(git for-each-ref --sort=-creatordate --format '%(refname:short)|%(creatordate:iso-strict-local)' 'refs/tags/pezkuwi-v*' | awk -v date="$ONE_MONTH_AGO" -F'|' '$2 <= date {print $0; exit}')
THREE_MONTHS_INFO=$(git for-each-ref --sort=-creatordate --format '%(refname:short)|%(creatordate:iso-strict-local)' 'refs/tags/pezkuwi-v*' | awk -v date="$THREE_MONTHS_AGO" -F'|' '$2 <= date {print $0; exit}')
# Split into tag and date
ONE_MONTH_TAG=$(echo "$ONE_MONTH_INFO" | cut -d'|' -f1)
ONE_MONTH_DATE=$(echo "$ONE_MONTH_INFO" | cut -d'|' -f2 | cut -d'T' -f1)
THREE_MONTHS_TAG=$(echo "$THREE_MONTHS_INFO" | cut -d'|' -f1)
THREE_MONTHS_DATE=$(echo "$THREE_MONTHS_INFO" | cut -d'|' -f2 | cut -d'T' -f1)
# Base URL for Subweight comparisons
BASE_URL="https://weights.tasty.limo/compare?repo=pezkuwi-sdk&threshold=5&path_pattern=.%2F**%2Fweights%2F**%2F*.rs%2C.%2F**%2Fweights.rs&method=asymptotic&ignore_errors=true&unit=time"
# Generate comparison links
MASTER_LINK="${BASE_URL}&old=master&new=${BRANCH}"
ONE_MONTH_LINK="${BASE_URL}&old=${ONE_MONTH_TAG}&new=${BRANCH}"
THREE_MONTHS_LINK="${BASE_URL}&old=${THREE_MONTHS_TAG}&new=${BRANCH}"
# Create PR body with all links in a temporary file
cat > /tmp/pr_body.md << EOF
Auto-update of all weights for ${DATE}.
Subweight results:
- [now vs master](${MASTER_LINK})
- [now vs ${ONE_MONTH_TAG} (${ONE_MONTH_DATE})](${ONE_MONTH_LINK})
- [now vs ${THREE_MONTHS_TAG} (${THREE_MONTHS_DATE})](${THREE_MONTHS_LINK})
EOF
git add .
git commit -m "Update all weights weekly for $DATE"
git push --set-upstream origin "$BRANCH"
MAYBE_DRAFT=${{ inputs.draft && '--draft' || '' }}
PR_TITLE="Auto-update of all weights for $DATE"
gh pr create \
--title "$PR_TITLE" \
--head "$BRANCH" \
--base "master" \
--reviewer pezkuwichain/ci \
--reviewer pezkuwichain/release-engineering \
$MAYBE_DRAFT \
--label "R0-no-crate-publish-required" \
--body "$(cat /tmp/pr_body.md)"
.github/workflows/benchmarks-networking.yml
+109
View File
@@ -0,0 +1,109 @@
name: Networking Benchmarks
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
preflight:
uses: ./.github/workflows/reusable-preflight.yml
build:
timeout-minutes: 50
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER_BENCHMARK }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
strategy:
fail-fast: false
matrix:
features:
[
{ bench: "notifications_protocol" },
{ bench: "request_response_protocol" },
]
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run Benchmarks
id: run-benchmarks
run: |
mkdir -p ./charts
cargo bench -p pezsc-network --bench ${{ matrix.features.bench }} -- --output-format bencher | grep "^test" | tee ./charts/${{ matrix.features.bench }}.txt || echo "Benchmarks failed"
ls -lsa ./charts
- name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ matrix.features.bench }}-${{ github.sha }}
path: ./charts
publish-benchmarks:
timeout-minutes: 60
needs: [build]
if: github.ref == 'refs/heads/master'
environment: subsystem-benchmarks
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: gh-pages
fetch-depth: 0
- run: git checkout master --
- name: Download artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: notifications_protocol-${{ github.sha }}
path: ./charts
- name: Download artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: request_response_protocol-${{ github.sha }}
path: ./charts
- name: Setup git
run: |
# Fixes "detected dubious ownership" error in the ci
git config --global --add safe.directory '*'
ls -lsR ./charts
- uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: app-token
with:
app-id: ${{ secrets.PEZKUWI_GHPAGES_APP_ID }}
private-key: ${{ secrets.PEZKUWI_GHPAGES_APP_KEY }}
- name: Generate ${{ env.BENCH }}
env:
BENCH: notifications_protocol
uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
with:
tool: "cargo"
name: ${{ env.BENCH }}
output-file-path: ./charts/${{ env.BENCH }}.txt
benchmark-data-dir-path: ./bench/${{ env.BENCH }}
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
- name: Generate ${{ env.BENCH }}
env:
BENCH: request_response_protocol
uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
with:
tool: "cargo"
name: ${{ env.BENCH }}
output-file-path: ./charts/${{ env.BENCH }}.txt
benchmark-data-dir-path: ./bench/${{ env.BENCH }}
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
.github/workflows/benchmarks-subsystem.yml
+167
View File
@@ -0,0 +1,167 @@
name: Subsystem Benchmarks
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
build:
timeout-minutes: 80
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
strategy:
fail-fast: false
matrix:
features:
[
{
name: "pezkuwi-availability-recovery",
bench: "availability-recovery-regression-bench",
},
{
name: "pezkuwi-availability-distribution",
bench: "availability-distribution-regression-bench",
},
{
name: "pezkuwi-node-core-approval-voting",
bench: "approval-voting-regression-bench",
},
{
name: "pezkuwi-statement-distribution",
bench: "statement-distribution-regression-bench",
},
{
name: "pezkuwi-node-core-dispute-coordinator",
bench: "dispute-coordinator-regression-bench",
},
]
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Check Rust
run: |
rustup show
rustup +nightly show
- name: Run Benchmarks
id: run-benchmarks
run: |
cargo bench -p ${{ matrix.features.name }} --bench ${{ matrix.features.bench }} --features subsystem-benchmarks
ls -lsa ./charts
- name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{matrix.features.bench}}
path: ./charts
publish-benchmarks:
timeout-minutes: 60
needs: [build]
if: github.ref == 'refs/heads/master'
environment: subsystem-benchmarks
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: gh-pages
fetch-depth: 0
- run: git checkout master --
- name: Download artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
path: ./charts
- name: Setup git
run: |
# Fixes "detected dubious ownership" error in the ci
git config --global --add safe.directory '*'
ls -lsR ./charts
- uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: app-token
with:
app-id: ${{ secrets.PEZKUWI_GHPAGES_APP_ID }}
private-key: ${{ secrets.PEZKUWI_GHPAGES_APP_KEY }}
- name: Generate ${{ env.BENCH }}
env:
BENCH: availability-recovery-regression-bench
uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
with:
tool: "customSmallerIsBetter"
name: ${{ env.BENCH }}
output-file-path: ./charts/${{ env.BENCH }}/${{ env.BENCH }}.json
benchmark-data-dir-path: ./bench/${{ env.BENCH }}
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
max-items-in-chart: 500
- name: Generate ${{ env.BENCH }}
env:
BENCH: availability-distribution-regression-bench
uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
with:
tool: "customSmallerIsBetter"
name: ${{ env.BENCH }}
output-file-path: ./charts/${{ env.BENCH }}/${{ env.BENCH }}.json
benchmark-data-dir-path: ./bench/${{ env.BENCH }}
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
max-items-in-chart: 500
- name: Generate ${{ env.BENCH }}
env:
BENCH: approval-voting-regression-bench
uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
with:
tool: "customSmallerIsBetter"
name: ${{ env.BENCH }}
output-file-path: ./charts/${{ env.BENCH }}/${{ env.BENCH }}.json
benchmark-data-dir-path: ./bench/${{ env.BENCH }}
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
max-items-in-chart: 500
- name: Generate ${{ env.BENCH }}
env:
BENCH: statement-distribution-regression-bench
uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
with:
tool: "customSmallerIsBetter"
name: ${{ env.BENCH }}
output-file-path: ./charts/${{ env.BENCH }}/${{ env.BENCH }}.json
benchmark-data-dir-path: ./bench/${{ env.BENCH }}
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
max-items-in-chart: 500
- name: Generate ${{ env.BENCH }}
env:
BENCH: dispute-coordinator-regression-bench
uses: benchmark-action/github-action-benchmark@4bdcce38c94cec68da58d012ac24b7b1155efe8b # v1.20.7
with:
tool: "customSmallerIsBetter"
name: ${{ env.BENCH }}
output-file-path: ./charts/${{ env.BENCH }}/${{ env.BENCH }}.json
benchmark-data-dir-path: ./bench/${{ env.BENCH }}
github-token: ${{ steps.app-token.outputs.token }}
auto-push: true
max-items-in-chart: 500
.github/workflows/build-misc.yml
+130
View File
@@ -0,0 +1,130 @@
name: Build Misc
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
build-runtimes-polkavm:
timeout-minutes: 75
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Clean cargo cache to free disk space
run: |
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
- name: Check Rust
run: |
rustup show
rustup +nightly show
- name: Build
env:
BIZINIKIWI_RUNTIME_TARGET: riscv
id: required
run: cargo check -p pez-minimal-template-runtime -p zagros-runtime -p pezkuwichain-runtime -p pezkuwi-test-runtime
- name: Stop all workflows if failed
if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
uses: ./.github/actions/workflow-stopper
with:
app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
app-key: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_KEY }}
# As part of our test fixtures we build the revive-uapi crate always with the `unstable-hostfn` feature.
# To make sure that it won't break for users downstream which are not setting this feature
# It doesn't need to produce working code so we just use a similar enough RISC-V target
check-revive-stable-uapi-polkavm:
timeout-minutes: 30
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Check Rust
run: |
rustup show
rustup +nightly show
- name: Build
id: required
run: cargo +nightly check -p pezpallet-revive-uapi --no-default-features --target riscv64imac-unknown-none-elf -Zbuild-std=core
- name: Stop all workflows if failed
if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
uses: ./.github/actions/workflow-stopper
with:
app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
app-key: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_KEY }}
build-pez-subkey:
timeout-minutes: 20
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Check Rust
run: |
rustup show
rustup +nightly show
- name: Build
env:
SKIP_WASM_BUILD: 1
id: required
run: |
cd ./bizinikiwi/bin/utils/pez-subkey
cargo build --locked --release
- name: Stop all workflows if failed
if: ${{ failure() && steps.required.conclusion == 'failure' && !github.event.pull_request.head.repo.fork }}
uses: ./.github/actions/workflow-stopper
with:
app-id: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_ID }}
app-key: ${{ secrets.WORKFLOW_STOPPER_RUNNER_APP_KEY }}
confirm-required-build-mipezsc-jobs-passed:
runs-on: ubuntu-latest
name: All build misc jobs passed
# If any new job gets added, be sure to add it to this array
needs: [build-runtimes-polkavm, build-pez-subkey]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/build-publish-eth-rpc.yml
+82
View File
@@ -0,0 +1,82 @@
name: Build and push ETH-RPC image
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
ETH_RPC_IMAGE_NAME: "docker.io/paritypr/eth-rpc"
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
set-variables:
# This workaround sets the container image for each job using 'set-variables' job output.
# env variables don't work for PR from forks, so we need to use outputs.
runs-on: ubuntu-latest
needs: isdraft
outputs:
VERSION: ${{ steps.version.outputs.VERSION }}
steps:
- name: Define version
id: version
run: |
export COMMIT_SHA=${{ github.sha }}
export COMMIT_SHA_SHORT=${COMMIT_SHA:0:8}
export REF_NAME=${{ github.ref_name }}
export REF_SLUG=${REF_NAME//\//_}
VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT}
echo "VERSION=${REF_SLUG}-${COMMIT_SHA_SHORT}" >> $GITHUB_OUTPUT
echo "set VERSION=${VERSION}"
build_docker:
name: Build docker images
runs-on: ubuntu-latest
needs: [set-variables]
env:
VERSION: ${{ needs.set-variables.outputs.VERSION }}
steps:
- name: Check out the repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build eth-rpc Docker image
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: ./bizinikiwi/frame/revive/rpc/dockerfiles/eth-rpc/Dockerfile
push: false
tags: |
${{ env.ETH_RPC_IMAGE_NAME }}:${{ env.VERSION }}
build_push_docker:
name: Build and push docker images
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master'
needs: [set-variables]
env:
VERSION: ${{ needs.set-variables.outputs.VERSION }}
steps:
- name: Check out the repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Log in to Docker Hub
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
- name: Build eth-rpc Docker image
uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0
with:
context: .
file: ./bizinikiwi/frame/revive/rpc/dockerfiles/eth-rpc/Dockerfile
push: true
tags: |
${{ env.ETH_RPC_IMAGE_NAME }}:${{ env.VERSION }}
.github/workflows/build-publish-images.yml
+723
View File
@@ -0,0 +1,723 @@
# GHA for build-*
name: Build and push images
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: read-all
env:
COMMIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }}
jobs:
#
#
#
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
### Build ########################
#
#
#
build-linux-stable:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
id: required
run: |
cargo build --locked --profile testnet --features pyroscope,fast-runtime --bin pezkuwi --bin pezkuwi-prepare-worker --bin pezkuwi-execute-worker
PEZKUWICHAIN_EPOCH_DURATION=10 ./pezkuwi/scripts/build-only-wasm.sh pezkuwichain-runtime $(pwd)/runtimes/pezkuwichain-runtime-10/
PEZKUWICHAIN_EPOCH_DURATION=100 ./pezkuwi/scripts/build-only-wasm.sh pezkuwichain-runtime $(pwd)/runtimes/pezkuwichain-runtime-100/
PEZKUWICHAIN_EPOCH_DURATION=600 ./pezkuwi/scripts/build-only-wasm.sh pezkuwichain-runtime $(pwd)/runtimes/pezkuwichain-runtime-600/
pwd
ls -alR runtimes
- name: pack artifacts
run: |
mkdir -p ./artifacts
VERSION="${{ needs.preflight.outputs.SOURCE_REF_SLUG }}" # will be tag or branch name
mv ./target/testnet/pezkuwi ./artifacts/.
mv ./target/testnet/pezkuwi-prepare-worker ./artifacts/.
mv ./target/testnet/pezkuwi-execute-worker ./artifacts/.
mv ./runtimes/ ./artifacts/.
cd artifacts/
sha256sum pezkuwi | tee pezkuwi.sha256
shasum -c pezkuwi.sha256
cd ../
EXTRATAG="${{ needs.preflight.outputs.SOURCE_REF_SLUG }}-${COMMIT_SHA}"
echo "Pezkuwi version = ${VERSION} (EXTRATAG = ${EXTRATAG})"
echo -n ${VERSION} > ./artifacts/VERSION
echo -n ${EXTRATAG} > ./artifacts/EXTRATAG
echo -n ${GITHUB_RUN_ID} > ./artifacts/BUILD_LINUX_JOB_ID
RELEASE_VERSION=$(./artifacts/pezkuwi -V | awk '{print $2}'| awk -F "-" '{print $1}')
echo -n "v${RELEASE_VERSION}" > ./artifacts/BUILD_RELEASE_VERSION
cp -r docker/* ./artifacts
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
build-linux-stable-pezcumulus:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
id: required
run: |
echo "___Building a binary, please refrain from using it in production since it goes with the debug assertions.___"
cargo build --release --locked -p pezkuwi-teyrchain-bin --bin pezkuwi-teyrchain
echo "___Packing the artifacts___"
mkdir -p ./artifacts
mv ./target/release/pezkuwi-teyrchain ./artifacts/.
echo "___The VERSION is either a tag name or the curent branch if triggered not by a tag___"
echo ${{ needs.preflight.outputs.SOURCE_REF_SLUG }} | tee ./artifacts/VERSION
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
build-test-teyrchain:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
id: required
run: |
echo "___Building a binary, please refrain from using it in production since it goes with the debug assertions.___"
cargo build --release --locked -p pezcumulus-test-service --bin test-teyrchain
- name: pack artifacts
run: |
echo "___Packing the artifacts___"
mkdir -p ./artifacts
mv ./target/release/test-teyrchain ./artifacts/.
mkdir -p ./artifacts/zombienet
mv ./target/release/wbuild/pezcumulus-test-runtime/wasm_binary_spec_version_incremented.rs.compact.compressed.wasm ./artifacts/zombienet/.
mv ./target/release/wbuild/pezcumulus-test-runtime/wasm_binary_elastic_scaling.rs.compact.compressed.wasm ./artifacts/zombienet/.
mv ./target/release/wbuild/pezcumulus-test-runtime/wasm_binary_elastic_scaling_12s_slot.rs.compact.compressed.wasm ./artifacts/zombienet/.
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
build-test-collators:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
id: required
run: |
cargo build --locked --profile testnet -p test-teyrchain-adder-collator
cargo build --locked --profile testnet -p test-teyrchain-undying-collator
- name: pack artifacts
run: |
mkdir -p ./artifacts
mv ./target/testnet/adder-collator ./artifacts/.
mv ./target/testnet/undying-collator ./artifacts/.
echo -n "${{ needs.preflight.outputs.SOURCE_REF_SLUG }}" > ./artifacts/VERSION
echo -n "${{ needs.preflight.outputs.SOURCE_REF_SLUG }}-${COMMIT_SHA}" > ./artifacts/EXTRATAG
echo "adder-collator version = $(cat ./artifacts/VERSION) (EXTRATAG = $(cat ./artifacts/EXTRATAG))"
echo "undying-collator version = $(cat ./artifacts/VERSION) (EXTRATAG = $(cat ./artifacts/EXTRATAG))"
cp -r ./docker/* ./artifacts
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
build-malus:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
id: required
run: |
cargo build --locked --profile testnet -p pezkuwi-test-malus --bin malus --bin pezkuwi-prepare-worker --bin pezkuwi-execute-worker
- name: pack artifacts
run: |
mkdir -p ./artifacts
mv ./target/testnet/malus ./artifacts/.
mv ./target/testnet/pezkuwi-execute-worker ./artifacts/.
mv ./target/testnet/pezkuwi-prepare-worker ./artifacts/.
echo -n "${{ needs.preflight.outputs.SOURCE_REF_SLUG }}" > ./artifacts/VERSION
echo -n "${{ needs.preflight.outputs.SOURCE_REF_SLUG }}-${COMMIT_SHA}" > ./artifacts/EXTRATAG
echo "pezkuwi-test-malus = $(cat ./artifacts/VERSION) (EXTRATAG = $(cat ./artifacts/EXTRATAG))"
cp -r ./docker/* ./artifacts
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
build-linux-bizinikiwi:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
id: required
run: |
mkdir -p ./artifacts/bizinikiwi/
WASM_BUILD_NO_COLOR=1 cargo build --locked --release -p pez-staging-node-cli
ls -la target/release/
- name: pack artifacts
shell: bash
run: |
mv target/release/bizinikiwi-node ./artifacts/bizinikiwi/bizinikiwi
echo -n "Bizinikiwi version = "
if [[ "${{ github.ref }}" == "refs/tags/"* ]]; then
echo "${{ github.ref_name }}" | tee ./artifacts/bizinikiwi/VERSION;
else
./artifacts/bizinikiwi/bizinikiwi --version |
cut -d ' ' -f 2 | tee ./artifacts/bizinikiwi/VERSION;
fi
sha256sum ./artifacts/bizinikiwi/bizinikiwi | tee ./artifacts/bizinikiwi/bizinikiwi.sha256
cp -r ./docker/dockerfiles/bizinikiwi_injected.Dockerfile ./artifacts/bizinikiwi/
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
build-templates-node:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
id: required
run: |
cargo build --locked --package teyrchain-template-node --release
cargo build --locked --package pez-minimal-template-node --release
cargo build --locked --package pez-solochain-template-node --release
- name: pack artifacts
run: |
mkdir -p ./artifacts
mv ./target/release/teyrchain-template-node ./artifacts/.
mv ./target/release/pez-minimal-template-node ./artifacts/.
mv ./target/release/pez-solochain-template-node ./artifacts/.
echo -n "${{ needs.preflight.outputs.SOURCE_REF_SLUG }}" > ./artifacts/VERSION
echo -n "${{ needs.preflight.outputs.SOURCE_REF_SLUG }}-${COMMIT_SHA}" > ./artifacts/EXTRATAG
echo "pezkuwi-test-malus = $(cat ./artifacts/VERSION) (EXTRATAG = $(cat ./artifacts/EXTRATAG))"
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
### Build zombienet test artifacts ########################
#
#
#
prepare-bridges-zombienet-artifacts:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
run: |
cargo build --locked --profile testnet -p pezkuwi-test-malus --bin malus --bin pezkuwi-prepare-worker --bin pezkuwi-execute-worker
- name: pack artifacts
run: |
mkdir -p ./artifacts/bridges-pezkuwi-sdk/bridges
cp -r bridges/testing ./artifacts/bridges-pezkuwi-sdk/bridges/testing
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
prepare-pezkuwi-zombienet-artifacts:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
run: |
cargo nextest --manifest-path pezkuwi/zombienet-sdk-tests/Cargo.toml archive --locked --features zombie-metadata,zombie-ci --archive-file pezkuwi-zombienet-tests.tar.zst
- name: pack artifacts
run: |
mkdir -p artifacts
cp pezkuwi-zombienet-tests.tar.zst ./artifacts
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
#
#
#
prepare-pezcumulus-zombienet-artifacts:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
run: |
cargo nextest --manifest-path pezcumulus/zombienet/zombienet-sdk/Cargo.toml archive --locked --features zombie-ci --archive-file pezcumulus-zombienet-tests.tar.zst
- name: pack artifacts
run: |
mkdir -p artifacts
cp pezcumulus-zombienet-tests.tar.zst ./artifacts
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
prepare-teyrchain-templates-zombienet-artifacts:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: build
run: |
cargo nextest --manifest-path templates/zombienet/Cargo.toml archive --locked --features zombienet --archive-file teyrchain-templates-zombienet-tests.tar.zst
- name: pack artifacts
run: |
mkdir -p artifacts
cp teyrchain-templates-zombienet-tests.tar.zst ./artifacts
- name: tar
run: tar -cvf artifacts.tar artifacts
- name: upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.job }}-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
path: artifacts.tar
retention-days: 1
### Publish ########################
#
#
#
build-push-image-test-teyrchain:
needs: [preflight, build-test-teyrchain]
runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }}
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-test-teyrchain-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: tar -xvf artifacts.tar
- name: build and push image
uses: ./.github/actions/build-push-image
with:
image-name: "test-teyrchain"
dockerfile: "docker/dockerfiles/test-teyrchain_injected.Dockerfile"
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
#
#
#
build-push-image-pezkuwi-debug:
needs: [preflight, build-linux-stable]
runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }}
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-linux-stable-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: tar -xvf artifacts.tar
- name: build and push image
uses: ./.github/actions/build-push-image
with:
image-name: "pezkuwi-debug"
dockerfile: "docker/dockerfiles/pezkuwi/pezkuwi_injected_debug.Dockerfile"
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
#
#
#
build-push-image-colander:
needs: [preflight, build-test-collators]
runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }}
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-test-collators-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: tar -xvf artifacts.tar
- name: build and push image
uses: ./.github/actions/build-push-image
with:
image-name: "colander"
dockerfile: "docker/dockerfiles/collator_injected.Dockerfile"
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
#
#
#
build-push-image-malus:
needs: [preflight, build-malus]
runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }}
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-malus-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: tar -xvf artifacts.tar
- name: build and push image
uses: ./.github/actions/build-push-image
with:
image-name: "malus"
dockerfile: "docker/dockerfiles/malus_injected.Dockerfile"
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
#
#
#
build-push-image-bizinikiwi-pr:
needs: [preflight, build-linux-bizinikiwi]
runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }}
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-linux-bizinikiwi-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: tar -xvf artifacts.tar
- name: build and push image
uses: ./.github/actions/build-push-image
with:
image-name: "bizinikiwi"
dockerfile: "docker/dockerfiles/bizinikiwi_injected.Dockerfile"
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
#
#
#
# unlike other images, bridges+zombienet image is based on Zombienet image that pulls required binaries
# from other fresh images (pezkuwi and pezcumulus)
build-push-image-bridges-zombienet-tests:
needs:
[
preflight,
build-linux-stable,
build-linux-stable-pezcumulus,
prepare-bridges-zombienet-artifacts,
]
runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }}
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-linux-stable-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: |
tar -xvf artifacts.tar
rm artifacts.tar
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-linux-stable-pezcumulus-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: |
tar -xvf artifacts.tar
rm artifacts.tar
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: prepare-bridges-zombienet-artifacts-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: |
tar -xvf artifacts.tar
rm artifacts.tar
- name: build and push image
uses: ./.github/actions/build-push-image
with:
image-name: "bridges-zombienet-tests"
dockerfile: "docker/dockerfiles/bridges_zombienet_tests_injected.Dockerfile"
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
#
#
#
build-push-image-pezkuwi-teyrchain-debug:
needs: [preflight, build-linux-stable-pezcumulus]
runs-on: ${{ needs.preflight.outputs.RUNNER_DEFAULT }}
timeout-minutes: 60
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: build-linux-stable-pezcumulus-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: tar
run: tar -xvf artifacts.tar
- name: build and push image
uses: ./.github/actions/build-push-image
with:
image-name: "pezkuwi-teyrchain-debug"
dockerfile: "docker/dockerfiles/pezkuwi-teyrchain/pezkuwi-teyrchain-debug_unsigned_injected.Dockerfile"
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_PASSWORD }}
confirm-required-build-jobs-passed:
runs-on: ubuntu-latest
name: All builds passed
# If any new job gets added, be sure to add it to this array
needs:
- build-linux-stable
- build-linux-stable-pezcumulus
- build-test-teyrchain
- build-test-collators
- build-malus
- build-linux-bizinikiwi
- build-templates-node
if: always() && !cancelled()
outputs:
build_success: ${{ steps.check_success.outputs.build_success }}
steps:
- name: Check build success
id: check_success
run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
echo "build_success=false" >> $GITHUB_OUTPUT
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
echo "build_success=true" >> $GITHUB_OUTPUT
fi
trigger-zombienet-pezkuwi:
needs: [preflight, confirm-required-build-jobs-passed]
if: ${{ needs.confirm-required-build-jobs-passed.outputs.build_success == 'true' }}
uses: ./.github/workflows/zombienet_pezkuwi.yml
with:
build_run_id: ${{ github.run_id }}
ref_slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
trigger-zombienet-pezcumulus:
needs: [preflight, confirm-required-build-jobs-passed]
if: ${{ needs.confirm-required-build-jobs-passed.outputs.build_success == 'true' }}
uses: ./.github/workflows/zombienet_pezcumulus.yml
with:
build_run_id: ${{ github.run_id }}
ref_slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
trigger-zombienet-bizinikiwi:
needs: [preflight, confirm-required-build-jobs-passed]
if: ${{ needs.confirm-required-build-jobs-passed.outputs.build_success == 'true' }}
uses: ./.github/workflows/zombienet_bizinikiwi.yml
with:
build_run_id: ${{ github.run_id }}
ref_slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
trigger-zombienet-teyrchain-template:
needs: [preflight, confirm-required-build-jobs-passed]
if: ${{ needs.confirm-required-build-jobs-passed.outputs.build_success == 'true' }}
uses: ./.github/workflows/zombienet_teyrchain-template.yml
with:
build_run_id: ${{ github.run_id }}
ref_slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
confirm-zombienet-tests-passed:
runs-on: ubuntu-latest
name: All zombienet tests passed
needs:
- trigger-zombienet-pezkuwi
- trigger-zombienet-pezcumulus
- trigger-zombienet-bizinikiwi
- trigger-zombienet-teyrchain-template
if: always() && !cancelled()
steps:
- name: Check zombienet success
id: check_success
run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(grep -c '"result": "failure"' resultfile || true)
if [ "$FAILURES" -gt 0 ]; then
echo "### At least one zombienet job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All zombienet jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/check-cargo-check-runtimes.yml
+127
View File
@@ -0,0 +1,127 @@
name: Check Cargo Check Runtimes
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
paths:
- "pezcumulus/teyrchains/runtimes/*"
# Jobs in this workflow depend on each other, only for limiting peak amount of spawned workers
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-runtime-assets:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
needs: [preflight]
timeout-minutes: 20
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run cargo check
uses: ./.github/actions/cargo-check-runtimes
with:
root: pezcumulus/teyrchains/runtimes/assets
check-runtime-collectives:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
needs: [check-runtime-assets, preflight]
timeout-minutes: 20
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run cargo check
uses: ./.github/actions/cargo-check-runtimes
with:
root: pezcumulus/teyrchains/runtimes/collectives
check-runtime-coretime:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
needs: [check-runtime-assets, preflight]
timeout-minutes: 20
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run cargo check
uses: ./.github/actions/cargo-check-runtimes
with:
root: pezcumulus/teyrchains/runtimes/coretime
check-runtime-bridge-hubs:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
needs: [preflight]
timeout-minutes: 20
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run cargo check
uses: ./.github/actions/cargo-check-runtimes
with:
root: pezcumulus/teyrchains/runtimes/bridge-hubs
check-runtime-contracts:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
needs: [check-runtime-collectives, preflight]
timeout-minutes: 20
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run cargo check
uses: ./.github/actions/cargo-check-runtimes
with:
root: pezcumulus/teyrchains/runtimes/contracts
check-runtime-testing:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
needs: [preflight]
timeout-minutes: 20
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Run cargo check
uses: ./.github/actions/cargo-check-runtimes
with:
root: pezcumulus/teyrchains/runtimes/testing
confirm-required-jobs-passed:
runs-on: ubuntu-latest
name: All check-runtime-* tests passed
# If any new job gets added, be sure to add it to this array
needs:
- check-runtime-assets
- check-runtime-collectives
- check-runtime-coretime
- check-runtime-bridge-hubs
- check-runtime-contracts
- check-runtime-testing
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/check-frame-omni-bencher.yml
+126
View File
@@ -0,0 +1,126 @@
name: Short benchmarks (pezframe-omni-bencher)
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
ARTIFACTS_NAME: pezframe-omni-bencher-artifacts
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
quick-benchmarks-omni:
runs-on: ${{ needs.preflight.outputs.RUNNER_BENCHMARK }}
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
env:
RUSTFLAGS: "-C debug-assertions"
RUST_BACKTRACE: "full"
WASM_BUILD_NO_COLOR: 1
WASM_BUILD_RUSTFLAGS: "-C debug-assertions"
RUST_LOG: "frame_omni_bencher=info,pezkuwi_sdk_frame=info"
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Clean cargo cache to free disk space
run: |
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
- name: script
id: required
run: |
cargo build --locked --quiet --release -p asset-hub-zagros-runtime --features runtime-benchmarks
cargo run --locked --release -p pezframe-omni-bencher --quiet -- v1 benchmark pallet --runtime target/release/wbuild/asset-hub-zagros-runtime/asset_hub_zagros_runtime.compact.compressed.wasm --all --steps 2 --repeat 1 --quiet
runtime-matrix:
runs-on: ubuntu-latest
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 30
outputs:
runtime: ${{ steps.runtime.outputs.runtime }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
name: Extract runtimes from matrix
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: runtime
run: |
RUNTIMES=$(jq '[.[] | select(.package != null)]' .github/workflows/runtimes-matrix.json)
RUNTIMES=$(echo $RUNTIMES | jq -c .)
echo "runtime=$RUNTIMES"
echo "runtime=$RUNTIMES" >> $GITHUB_OUTPUT
run-pezframe-omni-bencher:
runs-on: ${{ needs.preflight.outputs.RUNNER_BENCHMARK }}
needs: [preflight, runtime-matrix]
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 60
strategy:
fail-fast: false # keep running other workflows even if one fails, to see the logs of all possible failures
matrix:
runtime: ${{ fromJSON(needs.runtime-matrix.outputs.runtime) }}
bench_cmd: ["pallet", "overhead"]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
PACKAGE_NAME: ${{ matrix.runtime.package }}
FLAGS: ${{ matrix.runtime.bench_flags }}
RUST_LOG: "frame_omni_bencher=info,pezkuwi_sdk_frame=info"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script (benchmark ${{ matrix.bench_cmd }})
id: required
shell: bash
run: |
RUNTIME_BLOB_NAME=$(echo $PACKAGE_NAME | sed 's/-/_/g').compact.compressed.wasm
RUNTIME_BLOB_PATH=./target/release/wbuild/$PACKAGE_NAME/$RUNTIME_BLOB_NAME
BENCH_CMD=${{ matrix.bench_cmd }}
cargo build --release --locked -p $PACKAGE_NAME -p pezframe-omni-bencher --features=${{ matrix.runtime.bench_features }} --quiet
echo "Running short $BENCH_CMD benchmarking for PACKAGE_NAME=$PACKAGE_NAME and RUNTIME_BLOB_PATH=$RUNTIME_BLOB_PATH"
ls -lrt $RUNTIME_BLOB_PATH
if [[ "$BENCH_CMD" == "pallet" ]]; then
cmd="./target/release/pezframe-omni-bencher v1 benchmark pallet --runtime $RUNTIME_BLOB_PATH --all --steps 2 --repeat 1 $FLAGS"
elif [[ "$BENCH_CMD" == "overhead" ]]; then
cmd="./target/release/pezframe-omni-bencher v1 benchmark overhead --runtime $RUNTIME_BLOB_PATH"
else
echo "Error: Unknown BENCH_CMD value: $BENCH_CMD"
exit 1
fi
echo "Running command: $cmd"
eval "$cmd"
confirm-pezframe-omni-benchers-passed:
runs-on: ubuntu-latest
name: All benchmarks passed
needs: [quick-benchmarks-omni, run-pezframe-omni-bencher]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/check-getting-started.yml
+300
View File
@@ -0,0 +1,300 @@
name: Check the getting-started.sh script
# This workflow aims to make sure that the `getting-started.sh` script
# is functional and allows to build the templates
# on different operating systems.
#
# There are two jobs inside.
# One for systems that can run in a docker container, and one for macOS.
#
# Each job consists of:
# 1. Some necessary prerequisites for the workflow itself.
# 2. A first pass of the script, which will install dependencies and clone a template.
# 3. A second pass of the script, to make sure the behaviour is as expected.
# 4. Building the template - making sure it's buildable and runnable.
#
# The script is interacted with using the `expect` tool, which is available on all relevant systems.
# The steps are not re-used between macOS and other systems,
# because they are very similar but a little different.
# Additionally, macOS does NOT start from scratch here - for example, we have homebrew already installed.
#
# There are many combinations of systems, shells and templates.
# We test a selected handful of combinations here.
on:
pull_request:
paths:
- ".github/workflows/check-getting-started.yml"
- "scripts/getting-started.sh"
types: [opened, synchronize, reopened, ready_for_review]
schedule:
- cron: "0 5 * * *"
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
check-getting-started:
needs: isdraft
strategy:
fail-fast: true
matrix:
include:
- name: ubuntu
container: ubuntu
template: minimal
shell: bash
- name: debian
container: debian
template: teyrchain
shell: sh
- name: arch
container: archlinux
template: solochain
shell: sh
- name: fedora
container: fedora
template: teyrchain
shell: sh
- name: opensuse
container: opensuse/tumbleweed
template: solochain
shell: sh
runs-on: ubuntu-latest
container: ${{ matrix.container }}:latest
steps:
# A minimal amount of prerequisites required before we can run the actual getting-started script,
# which will install the rest of requirements.
- name: Install ubuntu/debian prerequisites
run: apt update && apt install -y expect sudo git
if: contains(matrix.name, 'ubuntu') || contains(matrix.name, 'debian')
- name: Install arch prerequisites
run: pacman -Syu --needed --noconfirm expect sudo git
if: contains(matrix.name, 'arch')
- name: Install fedora prerequisites
run: dnf --assumeyes install expect sudo git
if: contains(matrix.name, 'fedora')
- name: Install opensuse prerequisites
run: zypper install --no-confirm expect sudo git
if: contains(matrix.name, 'opensuse')
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set additional expect flags if necessary
run: |
# Add a debug flag to expect, if github is re-run with debug logging enabled.
[ "${{ runner.debug }}" = "1" ] && EXPECT_FLAGS="-d" || EXPECT_FLAGS=""
echo "EXPECT_FLAGS=${EXPECT_FLAGS}" >> $GITHUB_ENV
- name: Check the first run of the script
run: |
expect $EXPECT_FLAGS -c '
set timeout 240
spawn ${{ matrix.shell }} scripts/getting-started.sh
expect_after {
timeout { puts stderr "Timed out on an expect"; exit 1 }
eof { puts stderr "EOF received on an expect"; exit 1 }
}
expect -nocase "Detected ${{ matrix.name }}"
expect "Rust is not installed. Install it?" {
send "y\r"
expect "Proceed with standard installation (default - just press enter)" {
send "\r"
expect "Rust is installed now"
}
}
expect "Setup the Rust environment" {
send "y\r"
}
expect "start with one of the templates" {
send "y\r"
}
expect -re "(.)\\) ${{ matrix.template }} template" {
send "$expect_out(1,string)\r"
}
expect "compile the node?" {
send "n\r"
}
expect eof
'
timeout-minutes: 15
- name: Check the second run of the script
run: |
expect $EXPECT_FLAGS -c '
set timeout 120
spawn ${{ matrix.shell }} scripts/getting-started.sh
expect_after {
timeout { puts stderr "Timed out on an expect"; exit 1 }
eof { puts stderr "EOF received on an expect"; exit 1 }
}
expect "Rust already installed" {}
expect "Setup the Rust environment" {
send "n\r"
}
expect "start with one of the templates" {
send "y\r"
}
expect -re "(.)\\) ${{ matrix.template }} template" {
send "$expect_out(1,string)\r"
expect "directory already exists" {}
}
expect "compile the node?" {
send "n\r"
}
expect eof
'
timeout-minutes: 15
- name: Compile the node outside of the script
run: |
. "$HOME/.cargo/env"
cd ${{ matrix.template }}-template
cargo build --release
timeout-minutes: 120
- name: Check that the binary is executable
run: |
. "$HOME/.cargo/env"
cd ${{ matrix.template }}-template
cargo run --release -- --help
timeout-minutes: 5
check-getting-started-macos:
needs: isdraft
strategy:
fail-fast: true
matrix:
include:
- template: teyrchain
shell: sh
- template: solochain
shell: bash
runs-on: macos-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set additional expect flags if necessary
run: |
# Add a debug flag to expect, if github is re-run with debug logging enabled.
[ "${{ runner.debug }}" = "1" ] && EXPECT_FLAGS="-d" || EXPECT_FLAGS=""
echo "EXPECT_FLAGS=${EXPECT_FLAGS}" >> $GITHUB_ENV
- name: Check the first run of the script
run: |
expect $EXPECT_FLAGS -c '
set timeout 120
spawn ${{ matrix.shell }} scripts/getting-started.sh
expect_after {
timeout { puts stderr "Timed out on an expect"; exit 1 }
eof { puts stderr "EOF received on an expect"; exit 1 }
}
expect -nocase "Detected macOS"
expect "Homebrew already installed"
expect "Install cmake" {
send "y\r"
}
expect "Rust already installed" {}
expect "Setup the Rust environment" {
send "y\r"
}
expect "start with one of the templates" {
send "y\r"
}
expect -re "(.)\\) ${{ matrix.template }} template" {
send "$expect_out(1,string)\r"
}
expect "compile the node?" {
send "n\r"
}
expect eof
'
timeout-minutes: 15
- name: Check the second run of the script
run: |
expect $EXPECT_FLAGS -c '
set timeout 120
spawn ${{ matrix.shell }} scripts/getting-started.sh
expect_after {
timeout { puts stderr "Timed out on an expect"; exit 1 }
eof { puts stderr "EOF received on an expect"; exit 1 }
}
expect "Homebrew already installed"
expect "Install cmake" {
send "y\r"
}
expect "Rust already installed" {}
expect "Setup the Rust environment" {
send "n\r"
}
expect "start with one of the templates" {
send "y\r"
}
expect -re "(.)\\) ${{ matrix.template }} template" {
send "$expect_out(1,string)\r"
expect "directory already exists" {}
}
expect "compile the node?" {
send "n\r"
}
expect eof
'
timeout-minutes: 15
- name: Compile the node outside of the script
run: |
. "$HOME/.cargo/env"
cd ${{ matrix.template }}-template
cargo build --release
timeout-minutes: 120
- name: Check that the binary is executable
run: |
. "$HOME/.cargo/env"
cd ${{ matrix.template }}-template
cargo run --release -- --help
timeout-minutes: 5
.github/workflows/check-labels.yml
+55
View File
@@ -0,0 +1,55 @@
name: Check labels
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
pull_request:
types: [labeled, opened, synchronize, unlabeled]
merge_group:
jobs:
check-labels:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Check labels
env:
GITHUB_PR: ${{ github.event.pull_request.number }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
API_BASE: https://api.github.com/repos
REPO: ${{ github.repository }}
run: |
if [ ${{ github.ref }} == "refs/heads/master" ] || [ ${{ github.ref }} == "refs/heads/main" ]; then
echo "Skipping main/master"
exit 0
fi
if [ $(echo ${{ github.ref }} | grep -c "gh-readonly-queue") -eq 1 ]; then
echo "Skipping merge queue"
exit 0
fi
echo "REPO: ${REPO}"
echo "GITHUB_PR: ${GITHUB_PR}"
# Fetch the labels for the PR under test
echo "Fetch the labels for $API_BASE/${REPO}/pulls/${GITHUB_PR}"
labels=$( curl -H "Authorization: token ${GITHUB_TOKEN}" -s "$API_BASE/${REPO}/pulls/${GITHUB_PR}" | jq '.labels | .[] | .name' | tr "\n" "," )
echo "Labels: ${labels}"
# Basic label checks for Pezkuwi SDK
# Check for required labels (customize as needed)
if [ -z "${labels}" ]; then
echo "::warning::No labels found on PR. Consider adding appropriate labels."
else
echo "Labels found: ${labels}"
# Check for T- (type) labels
if echo "${labels}" | grep -q '"T-'; then
echo "Type label found"
else
echo "::notice::Consider adding a type label (T-*)"
fi
fi
echo "Label check completed"
.github/workflows/check-licenses.yml
+98
View File
@@ -0,0 +1,98 @@
name: Check licenses
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
packages: read
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
check-licenses:
runs-on: ubuntu-latest
needs: isdraft
timeout-minutes: 10
env:
LICENSES: "'Apache-2.0' 'GPL-3.0-only' 'GPL-3.0-or-later WITH Classpath-exception-2.0' 'MIT-0' 'Unlicense'"
NODE_AUTH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: "18.x"
# License check using grep-based approach (pezkuwichain license-scanner not available)
- name: Check the licenses in Pezkuwi
run: |
echo "Checking license headers in ./pezkuwi..."
# Check for Apache-2.0 or GPL-3.0 license headers
MISSING=$(find ./pezkuwi -name "*.rs" -type f | head -100 | while read f; do
if ! head -20 "$f" | grep -qiE "(apache|gpl|mit|unlicense)"; then
echo "$f"
fi
done)
if [ -n "$MISSING" ]; then
echo "::warning::Some files may be missing license headers (sample check)"
fi
echo "License check completed for pezkuwi"
- name: Check the licenses in Pezcumulus
run: |
echo "Checking license headers in ./pezcumulus..."
MISSING=$(find ./pezcumulus -name "*.rs" -type f | head -100 | while read f; do
if ! head -20 "$f" | grep -qiE "(apache|gpl|mit|unlicense)"; then
echo "$f"
fi
done)
if [ -n "$MISSING" ]; then
echo "::warning::Some files may be missing license headers (sample check)"
fi
echo "License check completed for pezcumulus"
- name: Check the licenses in Bizinikiwi
run: |
echo "Checking license headers in ./bizinikiwi..."
MISSING=$(find ./bizinikiwi -name "*.rs" -type f | head -100 | while read f; do
if ! head -20 "$f" | grep -qiE "(apache|gpl|mit|unlicense)"; then
echo "$f"
fi
done)
if [ -n "$MISSING" ]; then
echo "::warning::Some files may be missing license headers (sample check)"
fi
echo "License check completed for bizinikiwi"
check-product-references:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
# Product reference check using grep (pezkuwichain license-scanner not available)
- name: Check the product references in Pezkuwi
run: |
echo "Checking product references in ./pezkuwi..."
# Sample check for Pezkuwi product name in license headers
COUNT=$(find ./pezkuwi -name "*.rs" -type f | head -50 | xargs grep -l "Pezkuwi\|PEZKUWI" 2>/dev/null | wc -l || echo 0)
echo "Found $COUNT files with Pezkuwi product reference"
- name: Check the product references in Pezcumulus
run: |
echo "Checking product references in ./pezcumulus..."
COUNT=$(find ./pezcumulus -name "*.rs" -type f | head -50 | xargs grep -l "Pezcumulus\|PEZCUMULUS" 2>/dev/null | wc -l || echo 0)
echo "Found $COUNT files with Pezcumulus product reference"
- name: Check the product references in Bizinikiwi
run: |
echo "Checking product references in ./bizinikiwi..."
COUNT=$(find ./bizinikiwi -name "*.rs" -type f | head -50 | xargs grep -l "Bizinikiwi\|BIZINIKIWI" 2>/dev/null | wc -l || echo 0)
echo "Found $COUNT files with Bizinikiwi product reference"
.github/workflows/check-links.yml
+48
View File
@@ -0,0 +1,48 @@
name: Check links
on:
pull_request:
paths:
- "**.rs"
- "**.prdoc"
- ".github/workflows/check-links.yml"
- ".config/lychee.toml"
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
packages: read
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
link-checker:
runs-on: ubuntu-latest
needs: isdraft
timeout-minutes: 10
steps:
- name: Restore lychee cache
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: .lycheecache
key: cache-lychee-${{ github.sha }}
# This should restore from the most recent one:
restore-keys: cache-lychee-
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.0 (22. Sep 2023)
- name: Lychee link checker
uses: lycheeverse/lychee-action@a8c4c7cb88f0c7386610c35eb25108e448569cb0 # for v1.9.1 (10. Jan 2024)
with:
args: >-
--config .config/lychee.toml
--no-progress
'./**/*.rs'
fail: true
env:
# To bypass GitHub rate-limit:
GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}}
.github/workflows/check-prdoc.yml
+82
View File
@@ -0,0 +1,82 @@
name: Check PRdoc
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
workflow_dispatch:
env:
# NOTE: prdoc tool from pezkuwichain - using local prdoc check instead
API_BASE: https://api.github.com/repos
REPO: ${{ github.repository }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GITHUB_PR: ${{ github.event.pull_request.number }}
PRDOC_DOC: https://github.com/pezkuwichain/pezkuwi-sdk/blob/main/docs/contributor/prdoc.md
jobs:
check-prdoc:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v4.1.7
- name: Check prdoc format
run: |
# NOTE: pezkuwichain/prdoc Docker image not available for Pezkuwi
# Using simple file existence and YAML format check instead
echo "Check prdoc format"
echo "For PRDoc format, please refer to $PRDOC_DOC"
# Check if prdoc directory exists
if [ -d "prdoc" ]; then
echo "PRDoc directory found"
# Simple YAML validation
for f in prdoc/*.prdoc; do
if [ -f "$f" ]; then
echo "Checking: $f"
python3 -c "import yaml; yaml.safe_load(open('$f'))" || echo "::warning::Invalid YAML in $f"
fi
done
else
echo "::notice::No prdoc directory found"
fi
- name: Check if PRdoc is required
if: github.event.pull_request.number != ''
id: get-labels
run: |
# Fetch the labels for the PR under test
echo "Fetch the labels for $API_BASE/${REPO}/pulls/${GITHUB_PR}"
labels=$( curl -H "Authorization: token ${GITHUB_TOKEN}" -s "$API_BASE/${REPO}/pulls/${GITHUB_PR}" | jq '.labels | .[] | .name' | tr "\n" ",")
echo "Labels: ${labels}"
echo "labels=${labels}" >> "$GITHUB_OUTPUT"
- name: Get Original PR number
if: ${{ github.event.pull_request.number != '' && !contains(steps.get-labels.outputs.labels, 'R0') }}
shell: bash
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
. ./.github/scripts/common/lib.sh
original_pr_number=''
echo "Checking PR title: $PR_TITLE"
if [[ "$PR_TITLE" =~ 'Backport' ]]; then
# Extracting the original PR number from the backport's PR title
original_pr_number=$(extract_pr_number_from_pr_title "$PR_TITLE")
echo "Extracted PR number: $original_pr_number"
else
original_pr_number=${{ github.event.pull_request.number }}
fi
echo "PR_NUMBER=$original_pr_number" >> $GITHUB_ENV
- name: Validate prdoc for PR#${{ env.PR_NUMBER }}
if: ${{ github.event.pull_request.number != '' && !contains(steps.get-labels.outputs.labels, 'R0') }}
run: |
echo "Validating PR#${{ env.PR_NUMBER }}"
python3 --version
python3 -m pip install cargo-workspace==1.2.1
python3 .github/scripts/check-prdoc.py Cargo.toml prdoc/pr_${{ env.PR_NUMBER }}.prdoc
.github/workflows/check-runtime-compatibility.yml
+108
View File
@@ -0,0 +1,108 @@
name: check-runtime-compatibility
# DISABLED: Pezkuwi does not have public RPC endpoints yet.
# Re-enable when public nodes are available at pezkuwichain.io
# To enable: remove 'if: false' from the job below
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-runtime-compatibility:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
# DISABLED until Pezkuwi public RPC endpoints are available
if: false # ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 30
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
strategy:
fail-fast: false
matrix:
network:
[
zagros,
asset-hub-zagros,
bridge-hub-zagros,
collectives-zagros,
coretime-zagros,
]
include:
- network: zagros
package: zagros-runtime
wasm: zagros_runtime.compact.compressed.wasm
uri: "wss://try-runtime-zagros.pezkuwichain.io:443"
- network: asset-hub-zagros
package: asset-hub-zagros-runtime
wasm: asset_hub_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-asset-hub-rpc.pezkuwichain.io:443"
- network: bridge-hub-zagros
package: bridge-hub-zagros-runtime
wasm: bridge_hub_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-bridge-hub-rpc.pezkuwichain.io:443"
- network: collectives-zagros
package: collectives-zagros-runtime
wasm: collectives_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-collectives-rpc.pezkuwichain.io:443"
- network: coretime-zagros
package: coretime-zagros-runtime
wasm: coretime_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-coretime-rpc.pezkuwichain.io:443"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build Runtime
id: build-runtime
run: |
echo "---------- Building ${{ matrix.package }} runtime with on-chain-release-build ----------"
cargo build --release --locked -p ${{ matrix.package }} --features on-chain-release-build -q
- name: Setup Node.js
uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0
with:
node-version: "24.x"
registry-url: "https://npm.pkg.github.com"
- name: Check Runtime Compatibility
id: check-compatibility
run: |
echo "---------- Checking runtime compatibility for ${{ matrix.network }} ----------"
npx @pezkuwi-api/check-runtime@latest problems ${{ matrix.uri }} --wasm ./target/release/wbuild/${{ matrix.package }}/${{ matrix.wasm }}
# name of this job must be unique across all workflows
# otherwise GitHub will mark all these jobs as required
confirm-runtime-compatibility-checks-passed:
runs-on: ubuntu-latest
name: All runtime compatibility checks passed
needs: [check-runtime-compatibility]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/check-runtime-migration.yml
+149
View File
@@ -0,0 +1,149 @@
name: check-runtime-migration
# DISABLED: Pezkuwi does not have public RPC endpoints yet.
# Re-enable when public nodes are available at pezkuwichain.io
# To enable: remove 'if: false' from the job below
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
# Take a snapshot at 5am when most SDK devs are not working.
schedule:
- cron: "0 5 * * *"
merge_group:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
# More info can be found here: https://github.com/pezkuwichain/pezkuwi-sdk/pull/5865
check-runtime-migration:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
# DISABLED until Pezkuwi public RPC endpoints are available
if: false # ${{ needs.preflight.outputs.changes_rust }}
# We need to set this to rather long to allow the snapshot to be created, but the average time
# should be much lower.
timeout-minutes: 60
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
strategy:
fail-fast: false
matrix:
network:
[
zagros,
asset-hub-zagros,
bridge-hub-zagros,
collectives-zagros,
coretime-zagros,
]
include:
- network: zagros
package: zagros-runtime
wasm: zagros_runtime.compact.compressed.wasm
uri: "wss://try-runtime-zagros.pezkuwichain.io:443"
subcommand_extra_args: "--no-weight-warnings --blocktime 6000"
command_extra_args: ""
- network: asset-hub-zagros
package: asset-hub-zagros-runtime
wasm: asset_hub_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-asset-hub-rpc.pezkuwichain.io:443"
subcommand_extra_args: " --blocktime 6000"
command_extra_args: ""
- network: bridge-hub-zagros
package: bridge-hub-zagros-runtime
wasm: bridge_hub_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-bridge-hub-rpc.pezkuwichain.io:443"
subcommand_extra_args: " --blocktime 6000"
- network: collectives-zagros
package: collectives-zagros-runtime
wasm: collectives_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-collectives-rpc.pezkuwichain.io:443"
command_extra_args: "--disable-spec-name-check"
subcommand_extra_args: " --blocktime 6000"
- network: coretime-zagros
package: coretime-zagros-runtime
wasm: coretime_zagros_runtime.compact.compressed.wasm
uri: "wss://zagros-coretime-rpc.pezkuwichain.io:443"
subcommand_extra_args: " --blocktime 6000"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download CLI
run: |
curl -sL https://github.com/pezkuwichain/try-runtime-cli/releases/download/v0.8.0/try-runtime-x86_64-unknown-linux-musl -o try-runtime
chmod +x ./try-runtime
echo "Using try-runtime-cli version:"
./try-runtime --version
- name: Get Date
id: get-date
run: |
echo "today=$(/bin/date -u "+%Y%m%d")" >> $GITHUB_OUTPUT
shell: bash
- name: Download Snapshot
uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0
with:
path: snapshot.raw
key: try-runtime-snapshot-${{ matrix.network }}-${{ steps.get-date.outputs.today }}
save-always: true
- name: Create Snapshot If Stale
if: ${{ hashFiles('snapshot.raw') == '' }}
run: |
echo "Creating new snapshot for today (${{ steps.get-date.outputs.today }})"
./try-runtime create-snapshot --uri ${{ matrix.uri }} snapshot.raw
- name: Build Runtime
id: required1
run: |
echo "---------- Building ${{ matrix.package }} runtime ----------"
cargo build --release --locked -p ${{ matrix.package }} --features try-runtime -q
- name: Run Check
id: required2
run: |
echo "Running ${{ matrix.network }} runtime migration check"
export RUST_LOG=remote-ext=debug,runtime=debug
echo "---------- Executing on-runtime-upgrade for ${{ matrix.network }} ----------"
./try-runtime ${{ matrix.command_extra_args }} \
--runtime ./target/release/wbuild/${{ matrix.package }}/${{ matrix.wasm }} \
on-runtime-upgrade --disable-spec-version-check --checks=all ${{ matrix.subcommand_extra_args }} snap -p snapshot.raw
sleep 5
# name of this job must be unique across all workflows
# otherwise GitHub will mark all these jobs as required
confirm-required-checks-passed:
runs-on: ubuntu-latest
name: All runtime migrations passed
# If any new job gets added, be sure to add it to this array
needs: [check-runtime-migration]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/check-semver.yml
+249
View File
@@ -0,0 +1,249 @@
name: Check semver
on:
workflow_dispatch:
concurrency:
group: check-semver-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
env:
TOOLCHAIN: nightly-2025-05-09
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-semver:
runs-on: ubuntu-latest
timeout-minutes: 90
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
with:
fetch-depth: 2
- name: extra git setup
run: |
git config --global --add safe.directory '*'
git branch old HEAD^1
- name: Comment If Backport
if: ${{ startsWith(github.event.pull_request.base.ref, 'stable') }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR: ${{ github.event.pull_request.number }}
run: |
echo "This is a backport into stable."
cat > msg.txt <<EOF
This pull request is amending an existing release. Please proceed with extreme caution,
as to not impact downstream teams that rely on the stability of it. Some things to consider:
- Backports are only for 'patch' or 'minor' changes. No 'major' or other breaking change.
- Should be a legit *fix* for some bug, not adding tons of new features.
- Must either be already audited or not need an audit.
<details><summary><i>Emergency Bypass</i></summary>
<p>
If you really need to bypass this check: add <code>validate: false</code> to each crate
in the Prdoc where a breaking change is introduced. This will release a new major
version of that crate and all its reverse dependencies and basically break the release.
</p>
</details>
EOF
gh issue comment $PR --edit-last -F msg.txt || gh issue comment $PR -F msg.txt
echo "PRDOC_EXTRA_ARGS=--max-bump minor" >> $GITHUB_ENV
- name: Rust Cache
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/master' }}
- name: Rust compilation prerequisites
run: |
rustup default $TOOLCHAIN
rustup target add wasm32-unknown-unknown --toolchain $TOOLCHAIN
rustup component add rust-src --toolchain $TOOLCHAIN
- name: Install kurdistan-tech-publish
# Set the target dir to cache the build.
run: CARGO_TARGET_DIR=./target/ cargo install kurdistan-tech-publish@0.10.6 --locked -q
- name: Get original PR number
shell: bash
if: ${{ github.ref != 'refs/heads/master' }}
env:
PR_TITLE: ${{ github.event.pull_request.title }}
run: |
. ./.github/scripts/common/lib.sh
original_pr_number=''
echo "Checking PR title: $PR_TITLE"
if [[ "$PR_TITLE" =~ 'Backport' ]]; then
# Extracting the original PR number from the backport's PR title
original_pr_number=$(extract_pr_number_from_pr_title "$PR_TITLE")
echo "Extracted PR number: $original_pr_number"
else
original_pr_number=${{ github.event.pull_request.number }}
fi
echo "PR_NUMBER=$original_pr_number" >> $GITHUB_ENV
- name: Check semver
if: ${{ github.ref != 'refs/heads/master' }}
shell: bash
env:
PRDOC_EXTRA_ARGS: ${{ env.PRDOC_EXTRA_ARGS }}
PR: ${{ env.PR_NUMBER }}
BASE_BRANCH: ${{ github.event.pull_request.base.ref }}
PR_LABELS: ${{ toJson(github.event.pull_request.labels.*.name) }}
run: |
if [ -z "$PR" ]; then
echo "Skipping master/merge queue"
exit 0
fi
# Skip semver check if PR targets stable branch and has R0-no-crate-publish-require label
if [[ "$BASE_BRANCH" =~ ^stable[0-9]{4}$ ]]; then
if echo "$PR_LABELS" | grep -q "R0-no-crate-publish-require"; then
echo "️ Skipping the SemVer check is not recommended and should only be done in rare cases: PR targets stable branch '$BASE_BRANCH' and has 'R0-no-crate-publish-require' label."
exit 0
fi
fi
export CARGO_TARGET_DIR=target
export RUSTFLAGS='-A warnings -A missing_docs'
export SKIP_WASM_BUILD=1
prdoc_file="prdoc/pr_$PR.prdoc"
# Always run kurdistan-tech-publish to check for all issues (mismatches and missing crates)
# Capture output to check for specific error types
parity_output=$(mktemp)
if ! kurdistan-tech-publish --color always prdoc --since old --validate prdoc/pr_$PR.prdoc $PRDOC_EXTRA_ARGS -v --toolchain $TOOLCHAIN 2>&1 | tee "$parity_output"; then
# Check if there are missing crates (files changed but not listed in prdoc)
if grep -q "Files changed but crate not listed in PR Doc" "$parity_output"; then
rm -f "$parity_output"
cat <<EOF
👋 Hello developer! The SemVer check found crates with changes that are not listed in the prdoc file.
It is recommended to add all changed crates to the prdoc.
Please check the output above and see the following links for more help:
- https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/prdoc.md#record-semver-changes
- https://forum.pezkuwi.network/t/psa-pezkuwi-sdk-to-use-semver
Otherwise feel free to ask in the Merge Request or in Matrix chat.
EOF
exit 1
fi
rm -f "$parity_output"
# Check if any crate has validate: false to override semver mismatch failures
if grep -q "validate:[[:space:]]*false" "$prdoc_file"; then
echo ""
echo "️ Found crates with 'validate: false' in prdoc. Semver validation failure is overridden."
echo "⚠️ Please ensure the semver override is justified and documented in the PR description."
else
# No validate: false found, fail with error message
cat <<EOF
👋 Hello developer! The SemVer information that you declared in the prdoc file did not match what the CI detected.
Please check the output above and see the following links for more help:
- https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/prdoc.md#record-semver-changes
- https://forum.pezkuwi.network/t/psa-pezkuwi-sdk-to-use-semver
Otherwise feel free to ask in the Merge Request or in Matrix chat.
EOF
exit 1
fi
else
rm -f "$parity_output"
fi
# Only enforce SemVer restrictions for backports targeting stable branches
if [[ "$BASE_BRANCH" != stable* && "$BASE_BRANCH" != unstable* ]]; then
echo "️ Branch '$BASE_BRANCH' is not a (un)stable branch. Skipping SemVer backport-specific enforcements."
exit 0
fi
echo "🔍 Backport branch detected, checking for disallowed semver changes..."
# Check for minor/patch bumps with validate: false
if grep -qE "bump:[[:space:]]*(minor|patch)" "$prdoc_file"; then
minor_patch_temp=$(mktemp)
grep -A1 -E "bump:[[:space:]]*(minor|patch)" "$prdoc_file" > "$minor_patch_temp"
has_validate_false=false
while read -r line; do
if [[ "$line" =~ bump:[[:space:]]*(minor|patch) ]]; then
read -r next_line || true
if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then
has_validate_false=true
break
fi
fi
done < "$minor_patch_temp"
rm -f "$minor_patch_temp"
if [ "$has_validate_false" = true ]; then
echo "️ Found minor/patch bumps with validate: false override. Semver validation was skipped for these crates by kurdistan-tech-publish."
fi
fi
# Check if there are any major bumps
if ! grep -q "bump:[[:space:]]*major" "$prdoc_file"; then
echo "✅ All semver changes in backport are valid (minor, patch, or none)."
exit 0
fi
# Process each major bump and check the next line
temp_file=$(mktemp)
grep -A1 "bump:[[:space:]]*major" "$prdoc_file" > "$temp_file"
error_found=false
while IFS= read -r line; do
if [[ "$line" =~ bump:[[:space:]]*major ]]; then
# This is the bump line, read the next line
if IFS= read -r next_line; then
if [[ "$next_line" =~ validate:[[:space:]]*false ]]; then
continue # This major bump is properly validated
else
error_found=true
break
fi
else
# No next line, means no validate: false
error_found=true
break
fi
fi
done < "$temp_file"
rm -f "$temp_file"
if [ "$error_found" = true ]; then
echo "❌ Error: Found major bump without 'validate: false'"
echo "📘 See: https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/prdoc.md#backporting-prs"
echo "🔧 Add 'validate: false' after the major bump in $prdoc_file with justification."
exit 1
fi
# If we reach here, all major bumps have validate: false
echo "⚠️ Backport contains major bumps, but they are all marked with validate: false."
echo "✅ Semver override accepted. Please ensure justification is documented in the PR description."
.github/workflows/check-zombienet-flaky-tests.yml
+39
View File
@@ -0,0 +1,39 @@
name: Check Zombienet Flaky Tests
concurrency:
group: check-zombienet-flaky-tests-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
on:
pull_request:
types: [opened, synchronize, reopened]
paths:
- '.github/zombienet-flaky-tests'
- '.github/scripts/check-zombienet-flaky-tests.sh'
- '.github/workflows/check-zombienet-flaky-tests.yml'
merge_group:
permissions:
contents: read
jobs:
check-flaky-tests:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- name: Checkout repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate zombienet-flaky-tests
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
.github/scripts/check-zombienet-flaky-tests.sh .github/zombienet-flaky-tests
- name: Check results
if: failure()
run: |
echo "::error::Validation failed. Please ensure all entries in .github/zombienet-flaky-tests have valid format and reference existing GitHub issues."
echo "Format: <test-name>:<issue-number>"
echo "See .github/ZOMBIENET_FLAKY_TESTS.md for more information."
exit 1
.github/workflows/checks-quick.yml
+252
View File
@@ -0,0 +1,252 @@
# Checks that doesn't require heavy lifting, like formatting, linting, etc.
name: quick-checks
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
fmt:
runs-on: ubuntu-latest
timeout-minutes: 20
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Cargo fmt
id: required
run: cargo fmt --all -- --check
check-dependency-rules:
runs-on: ubuntu-latest
needs: isdraft
timeout-minutes: 20
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: check dependency rules
run: |
cd bizinikiwi/
../.gitlab/ensure-deps.sh
check-zepter:
runs-on: ubuntu-latest
timeout-minutes: 20
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: fetch deps
run: |
# Pull all dependencies eagerly:
time cargo metadata --format-version=1 --locked > /dev/null
- name: Install newer Zepter
run: |
cargo install zepter@1.82.1 --locked -q
- name: run zepter
run: |
zepter --version
time zepter run check
test-rust-features:
runs-on: ubuntu-latest
timeout-minutes: 20
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: run rust features
run: bash .gitlab/rust-features.sh .
check-toml-format:
runs-on: ubuntu-latest
timeout-minutes: 20
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: check toml format
run: |
taplo format --check --config .config/taplo.toml
echo "Please run `taplo format --config .config/taplo.toml` to fix any toml formatting issues"
check-workspace:
runs-on: ubuntu-latest
needs: isdraft
timeout-minutes: 20
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.0 (22. Sep 2023)
- name: install python deps
run: |
sudo apt-get update && sudo apt-get install -y python3-pip python3
pip3 install toml "cargo-workspace>=1.2.6"
- name: check integrity
run: >
python3 .github/scripts/check-workspace.py .
--exclude
"bizinikiwi/frame/contracts/fixtures/build"
"bizinikiwi/frame/contracts/fixtures/contracts/common"
- name: deny git deps
run: python3 .github/scripts/deny-git-deps.py .
check-markdown:
runs-on: ubuntu-latest
needs: isdraft
timeout-minutes: 20
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Setup Node.js
uses: actions/setup-node@2028fbc5c25fe9cf00d9f06a71cc4710d4507903 # v6.0.0
with:
node-version: "18.x"
- name: Install tooling
run: |
npm install -g markdownlint-cli
markdownlint --version
- name: Check Markdown
env:
CONFIG: .github/.markdownlint.yaml
run: |
echo "Checking markdown formatting. More info: docs/contributor/markdown_linting.md"
echo "To fix potential erros, you can run 'markdownlint --config .github/.markdownlint.yaml -f --ignore target .' locally."
markdownlint --config "$CONFIG" --ignore target .
check-umbrella:
runs-on: ubuntu-latest
timeout-minutes: 20
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.0 (22. Sep 2023)
- name: install python deps
run: pip3 install "cargo-workspace>=1.2.4" toml
- name: Install newer Zepter
run: |
cargo install zepter@1.82.1 --locked -q && zepter --version
- name: check umbrella correctness
run: |
# Fixes "detected dubious ownership" error in the ci
git config --global --add safe.directory '*'
# Ensure jq is installed
if ! command -v jq &> /dev/null; then
echo "Installing jq..."
apt-get update && apt-get install -y jq
fi
# Extract the umbrella crate version dynamically from cargo metadata
UMBRELLA_VERSION=$(cargo metadata --format-version=1 | jq -r '.packages[] | select(.manifest_path | endswith("umbrella/Cargo.toml")) | .version')
if [ -z "$UMBRELLA_VERSION" ]; then
echo "Warning: Could not determine umbrella version from cargo metadata, using fallback version 0.1.0"
UMBRELLA_VERSION="0.1.0"
fi
echo "Using umbrella crate version: $UMBRELLA_VERSION"
python3 scripts/generate-umbrella.py --sdk . --version "$UMBRELLA_VERSION"
cargo +nightly fmt -p pezkuwi-sdk
if [ -n "$(git status --porcelain)" ]; then
cat <<EOF
👋 Hello developer! Apparently you added a new crate that is not part of the umbrella crate?
You can just apply the patch (git apply PATCH_NAME) that was printed to make this CI check succeed.
Otherwise feel free to ask in the Merge Request or in Matrix chat.
EOF
git diff
exit 1
fi
check-fail-ci:
runs-on: ubuntu-latest
needs: isdraft
steps:
- name: Fetch latest code
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install ripgrep
run: |
sudo apt-get update && sudo apt-get install -y ripgrep
- name: Check
run: |
set +e
rg --line-number --hidden --type rust --glob '!{.git,target}' "$ASSERT_REGEX" .; exit_status=$?
if [ $exit_status -eq 0 ]; then
echo "$ASSERT_REGEX was found, exiting with 1";
exit 1;
else
echo "No $ASSERT_REGEX was found, exiting with 0";
exit 0;
fi
env:
ASSERT_REGEX: "FAIL-CI"
GIT_DEPTH: 1
check-readme:
runs-on: ubuntu-latest
needs: isdraft
timeout-minutes: 10
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install prerequisites
run: |
sudo apt-get update
sudo apt-get install -y protobuf-compiler
- name: Set rust version from env file
run: |
RUST_VERSION=$(cat .github/env | sed -E 's/.*ci-unified:([^-]+)-([^-]+).*/\2/')
echo $RUST_VERSION
echo "RUST_VERSION=${RUST_VERSION}" >> $GITHUB_ENV
- name: Install Rust
uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
with:
cache: false
toolchain: ${{ env.RUST_VERSION }}
components: cargo, clippy, rust-docs, rust-src, rustfmt, rustc, rust-std
- name: Find README.docify.md files and check generated READMEs
run: .github/scripts/check-missing-readme-generation.sh
confirm-required-checks-quick-jobs-passed:
runs-on: ubuntu-latest
name: All quick checks passed
# If any new job gets added, be sure to add it to this array
needs:
- fmt
- check-dependency-rules
- check-zepter
- test-rust-features
- check-toml-format
- check-workspace
- check-markdown
- check-umbrella
- check-fail-ci
- check-readme
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/checks.yml
+128
View File
@@ -0,0 +1,128 @@
name: Checks
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions: {}
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
cargo-clippy:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUSTFLAGS: "-D warnings"
SKIP_WASM_BUILD: 1
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Free disk space
run: |
df -h
# Remove unnecessary files to free disk space
sudo rm -rf /usr/share/dotnet 2>/dev/null || true
sudo rm -rf /usr/local/lib/android 2>/dev/null || true
sudo rm -rf /opt/ghc 2>/dev/null || true
sudo rm -rf /opt/hostedtoolcache 2>/dev/null || true
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
df -h
- name: script
id: required
run: |
cargo clippy --all-targets --all-features --locked --workspace --quiet
check-try-runtime:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Free disk space
run: |
df -h
# Remove unnecessary files to free disk space
sudo rm -rf /usr/share/dotnet 2>/dev/null || true
sudo rm -rf /usr/local/lib/android 2>/dev/null || true
sudo rm -rf /opt/ghc 2>/dev/null || true
sudo rm -rf /opt/hostedtoolcache 2>/dev/null || true
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
df -h
- name: script
id: required
run: |
cargo check --locked --all --features try-runtime --quiet
# this is taken from pezcumulus
# Check that teyrchain-template will compile with `try-runtime` feature flag.
cargo check --locked -p teyrchain-template-node --features try-runtime
# add after https://github.com/pezkuwichain/bizinikiwi/pull/14502 is merged
# experimental code may rely on try-runtime and vice-versa
cargo check --locked --all --features try-runtime,experimental --quiet
# check-core-crypto-features works fast without forklift
check-core-crypto-features:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 30
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: script
id: required
run: |
cd bizinikiwi/primitives/core
./check-features-variants.sh
cd -
cd bizinikiwi/primitives/application-crypto
./check-features-variants.sh
cd -
cd bizinikiwi/primitives/keyring
./check-features-variants.sh
cd -
# name of this job must be unique across all workflows
# otherwise GitHub will mark all these jobs as required
confirm-required-checks-passed:
runs-on: ubuntu-latest
name: All checks passed
# If any new job gets added, be sure to add it to this array
needs: [cargo-clippy, check-try-runtime, check-core-crypto-features]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/cmd-run.yml
+507
View File
@@ -0,0 +1,507 @@
name: Command - Run
on:
workflow_dispatch:
inputs:
cmd:
description: "Command to run"
required: true
pr_num:
description: "PR number"
required: true
pr_branch:
description: "PR branch"
required: true
runner:
description: "Runner to use"
required: true
image:
description: "Image to use"
required: true
is_org_member:
description: "Is the user an org member"
required: true
is_pr_author:
description: "Is the user the PR author"
required: true
repo:
description: "Repository to use"
required: true
comment_id:
description: "Comment ID"
required: true
is_quiet:
description: "Quiet mode"
required: false
default: "false"
permissions: # allow the action to comment on the PR
contents: read
issues: write
pull-requests: write
actions: read
jobs:
before-cmd:
runs-on: ubuntu-latest
env:
JOB_NAME: "cmd"
CMD: ${{ github.event.inputs.cmd }}
PR_BRANCH: ${{ github.event.inputs.pr_branch }}
PR_NUM: ${{ github.event.inputs.pr_num }}
outputs:
job_url: ${{ steps.build-link.outputs.job_url }}
run_url: ${{ steps.build-link.outputs.run_url }}
steps:
- name: Build workflow link
if: ${{ github.event.inputs.is_quiet == 'false' }}
id: build-link
run: |
# Get exactly the CMD job link, filtering out the other jobs
jobLink=$(curl -s \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }}/jobs | jq '.jobs[] | select(.name | contains("${{ env.JOB_NAME }}")) | .html_url')
runLink=$(curl -s \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
-H "Accept: application/vnd.github.v3+json" \
https://api.github.com/repos/${{ github.repository }}/actions/runs/${{ github.run_id }} | jq '.html_url')
echo "job_url=${jobLink}"
echo "run_url=${runLink}"
echo "job_url=$jobLink" >> $GITHUB_OUTPUT
echo "run_url=$runLink" >> $GITHUB_OUTPUT
- name: Comment PR (Start)
# No need to comment on prdoc start or if --quiet
if: ${{ github.event.inputs.is_quiet == 'false' && !startsWith(github.event.inputs.cmd, 'prdoc') && !startsWith(github.event.inputs.cmd, 'fmt') && !startsWith(github.event.inputs.cmd, 'label')}}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
let job_url = ${{ steps.build-link.outputs.job_url }}
let cmd = process.env.CMD;
github.rest.issues.createComment({
issue_number: ${{ env.PR_NUM }},
owner: context.repo.owner,
repo: context.repo.repo,
body: `Command "${cmd}" has started 🚀 [See logs here](${job_url})`
})
- name: Debug info
env:
CMD: ${{ github.event.inputs.cmd }}
PR_BRANCH: ${{ github.event.inputs.pr_branch }}
PR_NUM: ${{ github.event.inputs.pr_num }}
RUNNER: ${{ github.event.inputs.runner }}
IMAGE: ${{ github.event.inputs.image }}
IS_ORG_MEMBER: ${{ github.event.inputs.is_org_member }}
REPO: ${{ github.event.inputs.repo }}
COMMENT_ID: ${{ github.event.inputs.comment_id }}
IS_QUIET: ${{ github.event.inputs.is_quiet }}
run: |
echo "Running command: $CMD"
echo "PR number: $PR_NUM"
echo "PR branch: $PR_BRANCH"
echo "Runner: $RUNNER"
echo "Image: $IMAGE"
echo "Is org member: $IS_ORG_MEMBER"
echo "Repository: $REPO"
echo "Comment ID: $COMMENT_ID"
echo "Is quiet: $IS_QUIET"
cmd:
needs: [before-cmd]
env:
CMD: ${{ github.event.inputs.cmd }}
PR_BRANCH: ${{ github.event.inputs.pr_branch }}
PR_NUM: ${{ github.event.inputs.pr_num }}
REPO: ${{ github.event.inputs.repo }}
runs-on: ${{ github.event.inputs.runner }}
container:
image: ${{ github.event.inputs.image }}
timeout-minutes: 1440 # 24 hours per runtime
# lowerdown permissions to separate permissions context for executable parts by contributors
permissions:
contents: read
pull-requests: none
actions: none
issues: none
outputs:
cmd_output: ${{ steps.cmd.outputs.cmd_output }}
subweight: ${{ steps.subweight.outputs.result }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: ${{ env.REPO }}
ref: ${{ env.PR_BRANCH }}
# In order to run prdoc without specifying the PR number, we need to add the PR number as an argument automatically
- name: Prepare PR Number argument
id: pr-arg
run: |
CMD="${CMD}"
if echo "$CMD" | grep -q "prdoc" && ! echo "$CMD" | grep -qE "\-\-pr[[:space:]=][0-9]+"; then
echo "arg=--pr ${PR_NUM}" >> $GITHUB_OUTPUT
else
echo "arg=" >> $GITHUB_OUTPUT
fi
- name: Run cmd
id: cmd
env:
PR_ARG: ${{ steps.pr-arg.outputs.arg }}
IS_ORG_MEMBER: ${{ github.event.inputs.is_org_member }}
IS_PR_AUTHOR: ${{ github.event.inputs.is_pr_author }}
RUNNER: ${{ github.event.inputs.runner }}
IMAGE: ${{ github.event.inputs.image }}
run: |
echo "Running command: '${CMD} ${PR_ARG}' on '${RUNNER}' runner, container: '${IMAGE}'"
echo "RUST_NIGHTLY_VERSION: ${RUST_NIGHTLY_VERSION}"
echo "IS_ORG_MEMBER: ${IS_ORG_MEMBER}"
git config --global --add safe.directory $GITHUB_WORKSPACE
git config user.name "cmd[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
# if the user is not an org member, we need to use the bot's path from master to avoid unwanted modifications
if [ "${IS_ORG_MEMBER}" = "true" ]; then
# safe to run commands from current branch
BOT_PATH=.github
else
# going to run commands from master
TMP_DIR=/tmp/pezkuwi-sdk
git clone --depth 1 --branch master https://github.com/pezkuwichain/pezkuwi-sdk $TMP_DIR
BOT_PATH=$TMP_DIR/.github
fi
# install deps and run a command from master
python3 -m pip install -r $BOT_PATH/scripts/generate-prdoc.requirements.txt
python3 $BOT_PATH/scripts/cmd/cmd.py $CMD $PR_ARG
git status > /tmp/cmd/git_status.log
git diff > /tmp/cmd/git_diff.log
if [ -f /tmp/cmd/command_output.log ]; then
CMD_OUTPUT=$(cat /tmp/cmd/command_output.log)
# export to summary to display in the PR
echo "$CMD_OUTPUT" >> $GITHUB_STEP_SUMMARY
# should be multiline, otherwise it captures the first line only
echo 'cmd_output<<EOF' >> $GITHUB_OUTPUT
echo "$CMD_OUTPUT" >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
fi
git add -A
git diff HEAD > /tmp/cmd/command_diff.patch -U0
git commit -m "tmp cmd: $CMD" || true
# without push, as we're saving the diff to an artifact and subweight will compare the local branch with the remote branch
- name: Upload command output
if: ${{ always() }}
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: command-output
path: /tmp/cmd/command_output.log
- name: Upload command diff
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: command-diff
path: /tmp/cmd/command_diff.patch
- name: Upload git status
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: git-status
path: /tmp/cmd/git_status.log
- name: Upload git diff
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: git-diff
path: /tmp/cmd/git_diff.log
- name: Install subweight for bench
if: startsWith(github.event.inputs.cmd, 'bench')
run: cargo install subweight
- name: Run Subweight for bench
id: subweight
if: startsWith(github.event.inputs.cmd, 'bench')
shell: bash
run: |
git fetch
git remote -v
echo $(git log -n 2 --oneline)
result=$(subweight compare commits \
--path-pattern "./**/weights/**/*.rs,./**/weights.rs" \
--method asymptotic \
--format markdown \
--no-color \
--change added changed \
--ignore-errors \
refs/remotes/origin/master $PR_BRANCH)
echo $result
echo $result > /tmp/cmd/subweight.log
# Though github claims that it supports 1048576 bytes in GITHUB_OUTPUT in fact it only supports ~200000 bytes of a multiline string
if [ $(wc -c < "/tmp/cmd/subweight.log") -gt 200000 ]; then
echo "Subweight result is too large, truncating..."
echo "Please check subweight.log for the full output"
result="Please check subweight.log for the full output"
fi
echo "Trying to save subweight result to GITHUB_OUTPUT"
# Save the multiline result to the output
{
echo "result<<EOF"
echo "$result"
echo "EOF"
} >> $GITHUB_OUTPUT
- name: Upload Subweight
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: startsWith(github.event.inputs.cmd, 'bench')
with:
name: subweight
path: /tmp/cmd/subweight.log
after-cmd:
needs: [cmd, before-cmd]
env:
CMD: ${{ github.event.inputs.cmd }}
PR_BRANCH: ${{ github.event.inputs.pr_branch }}
PR_NUM: ${{ github.event.inputs.pr_num }}
REPO: ${{ github.event.inputs.repo }}
runs-on: ubuntu-latest
steps:
# needs to be able to trigger CI, as default token does not retrigger
- uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: generate_token
with:
app-id: ${{ secrets.CMD_BOT_APP_ID }}
private-key: ${{ secrets.CMD_BOT_APP_KEY }}
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
token: ${{ steps.generate_token.outputs.token }}
repository: ${{ env.REPO }}
ref: ${{ env.PR_BRANCH }}
- name: Download all artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: command-diff
path: command-diff
- name: Apply labels for label command
if: startsWith(github.event.inputs.cmd, 'label')
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ steps.generate_token.outputs.token }}
script: |
// Read the command output to get validated labels
const fs = require('fs');
let labels = [];
try {
const output = fs.readFileSync('/tmp/cmd/command_output.log', 'utf8');
// Parse JSON labels from output - look for "LABELS_JSON: {...}"
const jsonMatch = output.match(/LABELS_JSON: (.+)/);
if (jsonMatch) {
const labelsData = JSON.parse(jsonMatch[1]);
labels = labelsData.labels || [];
}
} catch (error) {
console.error(`Error reading command output: ${error.message}`);
throw new Error('Label validation failed. Check the command output for details.');
}
if (labels.length > 0) {
try {
await github.rest.issues.addLabels({
owner: context.repo.owner,
repo: context.repo.repo,
issue_number: ${{ env.PR_NUM }},
labels: labels
});
} catch (error) {
console.error(`Error adding labels: ${error.message}`);
throw error;
}
}
- name: Comment PR (Label Error)
if: ${{ failure() && startsWith(github.event.inputs.cmd, 'label') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
env:
CMD_OUTPUT: "${{ needs.cmd.outputs.cmd_output }}"
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
let runUrl = ${{ needs.before-cmd.outputs.run_url }};
let cmdOutput = process.env.CMD_OUTPUT || '';
// Try to parse JSON error for better formatting
let errorMessage = 'Label validation failed. Please check the error details below and try again.';
let errorDetails = '';
try {
const errorMatch = cmdOutput.match(/ERROR_JSON: (.+)/);
if (errorMatch) {
const errorData = JSON.parse(errorMatch[1]);
errorMessage = errorData.message || errorMessage;
errorDetails = errorData.details || '';
}
} catch (e) {
// Fallback to raw output
errorDetails = cmdOutput;
}
let cmdOutputCollapsed = errorDetails.trim() !== ''
? `<details>\n\n<summary>Error details:</summary>\n\n${errorDetails}\n\n</details>`
: '';
github.rest.issues.createComment({
issue_number: ${{ env.PR_NUM }},
owner: context.repo.owner,
repo: context.repo.repo,
body: `❌ ${errorMessage}\n\n${cmdOutputCollapsed}\n\n[See full logs here](${runUrl})`
})
- name: Apply & Commit changes
if: ${{ !startsWith(github.event.inputs.cmd, 'label') }}
run: |
ls -lsa .
git config --global --add safe.directory $GITHUB_WORKSPACE
git config user.name "cmd[bot]"
git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global pull.rebase false
echo "Applying $file"
git apply "command-diff/command_diff.patch" --unidiff-zero --allow-empty
rm -rf command-diff
git status
if [ -n "$(git status --porcelain)" ]; then
git remote -v
push_changes() {
git push origin "HEAD:$PR_BRANCH"
}
git add .
git restore --staged Cargo.lock # ignore changes in Cargo.lock
git commit -m "Update from ${{ github.actor }} running command '$CMD'" || true
# Attempt to push changes
if ! push_changes; then
echo "Push failed, trying to rebase..."
git pull --rebase origin $PR_BRANCH
# After successful rebase, try pushing again
push_changes
fi
else
echo "Nothing to commit";
fi
- name: Comment PR (End)
# No need to comment on prdoc success or --quiet
#TODO: return "&& !contains(github.event.comment.body, '--quiet')"
if: ${{ github.event.inputs.is_quiet == 'false' && needs.cmd.result == 'success' && !startsWith(github.event.inputs.cmd, 'prdoc') && !startsWith(github.event.inputs.cmd, 'fmt') && !startsWith(github.event.inputs.cmd, 'label') }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
env:
SUBWEIGHT: "${{ needs.cmd.outputs.subweight }}"
CMD_OUTPUT: "${{ needs.cmd.outputs.cmd_output }}"
PR_NUM: ${{ github.event.inputs.pr_num }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
let runUrl = ${{ needs.before-cmd.outputs.run_url }};
let subweight = process.env.SUBWEIGHT || '';
let cmdOutput = process.env.CMD_OUTPUT || '';
let cmd = process.env.CMD;
console.log(cmdOutput);
let subweightCollapsed = subweight.trim() !== ''
? `<details>\n\n<summary>Subweight results:</summary>\n\n${subweight}\n\n</details>`
: '';
let cmdOutputCollapsed = cmdOutput.trim() !== ''
? `<details>\n\n<summary>Command output:</summary>\n\n${cmdOutput}\n\n</details>`
: '';
github.rest.issues.createComment({
issue_number: ${{ env.PR_NUM }},
owner: context.repo.owner,
repo: context.repo.repo,
body: `Command "${cmd}" has finished ✅ [See logs here](${runUrl})${subweightCollapsed}${cmdOutputCollapsed}`
})
finish:
needs: [before-cmd, cmd, after-cmd]
if: ${{ always() }}
runs-on: ubuntu-latest
env:
CMD_OUTPUT: "${{ needs.cmd.outputs.cmd_output }}"
CMD: ${{ github.event.inputs.cmd }}
PR_NUM: ${{ github.event.inputs.pr_num }}
COMMENT_ID: ${{ github.event.inputs.comment_id }}
steps:
- name: Comment PR (Failure)
if: ${{ needs.cmd.result == 'failure' || needs.after-cmd.result == 'failure' || needs.before-cmd.result == 'failure' }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
let jobUrl = ${{ needs.before-cmd.outputs.job_url }};
let cmdOutput = process.env.CMD_OUTPUT;
let cmd = process.env.CMD;
let cmdOutputCollapsed = '';
if (cmdOutput && cmdOutput.trim() !== '') {
cmdOutputCollapsed = `<details>\n\n<summary>Command output:</summary>\n\n${cmdOutput}\n\n</details>`
}
github.rest.issues.createComment({
issue_number: ${{ env.PR_NUM }},
owner: context.repo.owner,
repo: context.repo.repo,
body: `Command "${cmd}" has failed ❌! [See logs here](${jobUrl})${cmdOutputCollapsed}`
})
- name: Add 😕 reaction on failure
if: ${{ needs.cmd.result == 'failure' || needs.after-cmd.result == 'failure' || needs.before-cmd.result == 'failure' }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.reactions.createForIssueComment({
comment_id: ${{ env.COMMENT_ID }},
owner: context.repo.owner,
repo: context.repo.repo,
content: 'confused'
})
- name: Add 👍 reaction on success
if: ${{ needs.cmd.result == 'success' && needs.after-cmd.result == 'success' && needs.before-cmd.result == 'success' }}
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.reactions.createForIssueComment({
comment_id: ${{ env.COMMENT_ID }},
owner: context.repo.owner,
repo: context.repo.repo,
content: '+1'
})
.github/workflows/cmd-tests.yml
+22
View File
@@ -0,0 +1,22 @@
name: Command Bot Tests
on:
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
test-cmd-bot:
runs-on: ubuntu-latest
needs: [isdraft]
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- run: python3 .github/scripts/cmd/test_cmd.py
.github/workflows/cmd.yml
+334
View File
@@ -0,0 +1,334 @@
name: Command
on:
issue_comment: # listen for comments on issues
types: [created]
permissions: # allow the action to comment in PR
contents: read
issues: write
pull-requests: write
actions: read
jobs:
is-org-member:
if: startsWith(github.event.comment.body, '/cmd')
runs-on: ubuntu-latest
outputs:
member: ${{ steps.is-member.outputs.result }}
steps:
- name: Generate token
id: generate_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ secrets.CMD_BOT_APP_ID }}
private-key: ${{ secrets.CMD_BOT_APP_KEY }}
- name: Check if user is a member of the organization
id: is-member
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ steps.generate_token.outputs.token }}
result-encoding: string
script: |
const fs = require("fs");
try {
const org = '${{ github.event.repository.owner.login }}';
const username = '${{ github.event.comment.user.login }}';
const membership = await github.rest.orgs.checkMembershipForUser({
org: org,
username: username
});
console.log(membership, membership.status, membership.status === 204);
if (membership.status === 204) {
return 'true';
} else {
console.log(membership);
fs.appendFileSync(process.env["GITHUB_STEP_SUMMARY"], `${membership.data && membership.data.message || 'Unknown error happened, please check logs'}`);
}
} catch (error) {
console.log(error)
}
return 'false';
acknowledge:
if: ${{ startsWith(github.event.comment.body, '/cmd') }}
runs-on: ubuntu-latest
steps:
- name: Add reaction to triggered comment
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.reactions.createForIssueComment({
comment_id: ${{ github.event.comment.id }},
owner: context.repo.owner,
repo: context.repo.repo,
content: 'eyes'
})
clean:
runs-on: ubuntu-latest
steps:
- name: Clean previous comments
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--clean') }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.listComments({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo
}).then(comments => {
for (let comment of comments.data) {
console.log(comment)
if (
${{ github.event.comment.id }} !== comment.id &&
(
(
(
comment.body.startsWith('Command') ||
comment.body.startsWith('<details><summary>Command') ||
comment.body.startsWith('Sorry, only ')
) && comment.user.type === 'Bot'
) ||
(comment.body.startsWith('/cmd') && comment.user.login === context.actor)
)
) {
github.rest.issues.deleteComment({
comment_id: comment.id,
owner: context.repo.owner,
repo: context.repo.repo
})
}
}
})
get-pr-info:
if: ${{ startsWith(github.event.comment.body, '/cmd') }}
runs-on: ubuntu-latest
outputs:
CMD: ${{ steps.get-comment.outputs.group2 }}
pr-branch: ${{ steps.get-pr.outputs.pr_branch }}
repo: ${{ steps.get-pr.outputs.repo }}
steps:
- name: Get command
uses: actions-ecosystem/action-regex-match@9e6c4fb3d5e898f505be7a1fb6e7b0a278f6665b # v2.0.2
id: get-comment
with:
text: ${{ github.event.comment.body }}
regex: "^(\\/cmd )([-\\/\\s\\w.=:]+)$" # see explanation in docs/contributor/commands-readme.md#examples
# Get PR branch name, because the issue_comment event does not contain the PR branch name
- name: Check if the issue is a PR
id: check-pr
run: |
if [ -n "${{ github.event.issue.pull_request.url }}" ]; then
echo "This is a pull request comment"
else
echo "This is not a pull request comment"
exit 1
fi
- name: Get PR Branch Name and Repo
if: steps.check-pr.outcome == 'success'
id: get-pr
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
const pr = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: context.issue.number,
});
const prBranch = pr.data.head.ref;
const repo = pr.data.head.repo.full_name;
console.log(prBranch, repo)
core.setOutput('pr_branch', prBranch);
core.setOutput('repo', repo);
- name: Use PR Branch Name and Repo
env:
PR_BRANCH: ${{ steps.get-pr.outputs.pr_branch }}
REPO: ${{ steps.get-pr.outputs.repo }}
CMD: ${{ steps.get-comment.outputs.group2 }}
run: |
echo "The PR branch is $PR_BRANCH"
echo "The repository is $REPO"
echo "The CMD is $CMD"
help:
needs: [clean, get-pr-info]
if: ${{ startsWith(github.event.comment.body, '/cmd') && contains(github.event.comment.body, '--help') }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Save output of help
id: help
env:
CMD: ${{ needs.get-pr-info.outputs.CMD }} # to avoid "" around the command
run: |
python3 -m pip install -r .github/scripts/generate-prdoc.requirements.txt
echo 'help<<EOF' >> $GITHUB_OUTPUT
python3 .github/scripts/cmd/cmd.py $CMD >> $GITHUB_OUTPUT
echo 'EOF' >> $GITHUB_OUTPUT
- name: Comment PR (Help)
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `<details><summary>Command help:</summary>
\`\`\`
${{ steps.help.outputs.help }}
\`\`\`
</details>`
})
- name: Add confused reaction on failure
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
if: ${{ failure() }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.reactions.createForIssueComment({
comment_id: ${{ github.event.comment.id }},
owner: context.repo.owner,
repo: context.repo.repo,
content: 'confused'
})
- name: Add 👍 reaction on success
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
if: ${{ !failure() }}
with:
github-token: ${{ secrets.GITHUB_TOKEN }}
script: |
github.rest.reactions.createForIssueComment({
comment_id: ${{ github.event.comment.id }},
owner: context.repo.owner,
repo: context.repo.repo,
content: '+1'
})
set-image:
needs: [clean, get-pr-info]
if: ${{ startsWith(github.event.comment.body, '/cmd') && !contains(github.event.comment.body, '--help') }}
runs-on: ubuntu-latest
env:
CMD: ${{ needs.get-pr-info.outputs.CMD }}
outputs:
IMAGE: ${{ steps.set-image.outputs.IMAGE }}
RUNNER: ${{ steps.set-image.outputs.RUNNER }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: set-image
run: |
BODY=$(echo "$CMD" | xargs) # remove whitespace
IMAGE_OVERRIDE=$(echo $BODY | grep -oe 'docker.io/pezkuwichain/ci-unified:.*\s' | xargs)
cat .github/env >> $GITHUB_OUTPUT
if [ -n "$IMAGE_OVERRIDE" ]; then
IMAGE=$IMAGE_OVERRIDE
echo "IMAGE=$IMAGE" >> $GITHUB_OUTPUT
fi
# Use GitHub-hosted runners for Pezkuwi SDK
echo "RUNNER=ubuntu-latest" >> $GITHUB_OUTPUT
- name: Print outputs
run: |
echo "RUNNER=${{ steps.set-image.outputs.RUNNER }}"
echo "IMAGE=${{ steps.set-image.outputs.IMAGE }}"
check-pr-author:
runs-on: ubuntu-latest
outputs:
is_author: ${{ steps.check-author.outputs.result }}
steps:
- name: Generate token
id: generate_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ secrets.CMD_BOT_APP_ID }}
private-key: ${{ secrets.CMD_BOT_APP_KEY }}
- name: Check if user is PR author
id: check-author
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
github-token: ${{ steps.generate_token.outputs.token }}
result-encoding: string
script: |
const commentUser = '${{ github.event.comment.user.login }}';
const prNumber = ${{ github.event.issue.number }};
try {
const pr = await github.rest.pulls.get({
owner: context.repo.owner,
repo: context.repo.repo,
pull_number: prNumber
});
const prAuthor = pr.data.user.login;
return commentUser === prAuthor ? 'true' : 'false';
} catch (error) {
console.error('Error checking PR author:', error);
return 'false';
}
run-cmd-workflow:
needs: [set-image, get-pr-info, is-org-member, check-pr-author]
runs-on: ubuntu-latest
# don't run on help command
if: ${{ startsWith(github.event.comment.body, '/cmd') && !contains(github.event.comment.body, '--help') }}
permissions: # run workflow
contents: read
issues: write
pull-requests: write
actions: write
env:
CMD: ${{ needs.get-pr-info.outputs.CMD }}
PR_BRANCH: ${{ needs.get-pr-info.outputs.pr-branch }}
RUNNER: ${{ needs.set-image.outputs.RUNNER }}
IMAGE: ${{ needs.set-image.outputs.IMAGE }}
REPO: ${{ needs.get-pr-info.outputs.repo }}
IS_ORG_MEMBER: ${{ needs.is-org-member.outputs.member }}
IS_PR_AUTHOR: ${{ needs.check-pr-author.outputs.is_author }}
COMMENT_ID: ${{ github.event.comment.id }}
PR_NUMBER: ${{ github.event.issue.number }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Start cmd with gh cli
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh workflow run cmd-run.yml \
--ref cmd-bot \
-f cmd="${CMD}" \
-f repo="${REPO}" \
-f pr_branch="${PR_BRANCH}" \
-f pr_num="${PR_NUMBER}" \
-f runner="${RUNNER}" \
-f is_org_member="${IS_ORG_MEMBER}" \
-f is_pr_author="${IS_PR_AUTHOR}" \
-f comment_id="${COMMENT_ID}" \
-f image="${IMAGE}" \
-f is_quiet="${{ contains(github.event.comment.body, '--quiet') }}"
.github/workflows/command-inform.yml
+22
View File
@@ -0,0 +1,22 @@
name: Inform of new command action
on:
issue_comment:
types: [ created ]
jobs:
comment:
runs-on: ubuntu-latest
# Temporary disable the bot until the new command bot works properly
if: github.event.issue.pull_request && startsWith(github.event.comment.body, 'bot ')
steps:
- name: Inform that the new command exist
uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0
with:
script: |
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: 'We have migrated the command bot to GHA<br/><br/>Please, see the new usage instructions <a href="https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/contributor/commands-readme.md">here</a> or <a href="https://forum.kurdistan-tech.io/t/streamlining-weight-generation-and-more-the-new-cmd-bot/2411">here</a>. Soon the old commands will be disabled.'
})
.github/workflows/command-prdoc.yml
+81
View File
@@ -0,0 +1,81 @@
name: Command PrDoc
on:
workflow_dispatch:
inputs:
pr:
type: number
description: Number of the Pull Request
required: true
bump:
type: choice
description: Default bump level for all crates
default: "TODO"
required: true
options:
- "TODO"
- "none"
- "patch"
- "minor"
- "major"
audience:
type: choice
description: Audience of the PrDoc
default: "TODO"
required: true
options:
- "TODO"
- "runtime_dev"
- "runtime_user"
- "node_dev"
- "node_operator"
overwrite:
type: boolean
description: Overwrite existing PrDoc
default: true
required: true
concurrency:
group: command-prdoc
cancel-in-progress: true
jobs:
preflight:
uses: ./.github/workflows/reusable-preflight.yml
cmd-prdoc:
needs: [preflight]
runs-on: ubuntu-latest
timeout-minutes: 20
container:
image: ${{ needs.preflight.outputs.IMAGE }}
permissions:
contents: write
pull-requests: write
steps:
- name: Download repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install gh cli
id: gh
uses: ./.github/actions/set-up-gh
with:
pr-number: ${{ inputs.pr }}
GH_TOKEN: ${{ github.token }}
- name: Generate PrDoc
run: |
python3 -m pip install -q cargo-workspace PyGithub whatthepatch pyyaml toml
python3 .github/scripts/generate-prdoc.py --pr "${{ inputs.pr }}" --bump "${{ inputs.bump }}" --audience "${{ inputs.audience }}" --force "${{ inputs.overwrite }}"
- name: Report failure
if: ${{ failure() }}
run: gh pr comment ${{ inputs.pr }} --body "<h2>Command failed ❌</h2> Run by @${{ github.actor }} for <code>${{ github.workflow }}</code> failed. See logs <a href=\"$RUN\">here</a>."
env:
RUN: ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
GH_TOKEN: ${{ github.token }}
- name: Push Commit
uses: stefanzweifel/git-auto-commit-action@28e16e81777b558cc906c8750092100bbb34c5e3 # v7.0.0
with:
commit_message: Add PrDoc (auto generated)
branch: ${{ steps.gh.outputs.branch }}
file_pattern: "prdoc/*.prdoc"
.github/workflows/docs.yml
+173
View File
@@ -0,0 +1,173 @@
name: Docs
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
test-doc:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Clean cargo cache to free disk space
run: |
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
- run: cargo test --doc --workspace --locked
id: required
env:
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
build-rustdoc:
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
if: ${{ needs.preflight.outputs.changes_rust }}
needs: [preflight]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Clean cargo cache to free disk space
run: |
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
- run: cargo doc --all-features --workspace --no-deps --locked
id: required
env:
SKIP_WASM_BUILD: 1
RUSTDOCFLAGS: "-Dwarnings --default-theme=ayu --html-in-header ./docs/sdk/assets/header.html --extend-css ./docs/sdk/assets/theme.css --html-after-content ./docs/sdk/assets/after-content.html"
- run: rm -f ./target/doc/.lock
- run: mv ./target/doc ./crate-docs
- name: Inject Simple Analytics script
run: |
script_content="<script async defer src=\"https://apisa.kurdistan-tech.io/latest.js\"></script><noscript><img src=\"https://apisa.kurdistan-tech.io/latest.js\" alt=\"\" referrerpolicy=\"no-referrer-when-downgrade\" /></noscript>"
docs_dir="./crate-docs"
inject_simple_analytics() {
find "$1" -name '*.html' | xargs -I {} -P "$(nproc)" bash -c 'file="{}"; echo "Adding Simple Analytics script to $file"; sed -i "s|</head>|'"$2"'</head>|" "$file";'
}
inject_simple_analytics "$docs_dir" "$script_content"
- run: echo "<meta http-equiv=refresh content=0;url=pezkuwi_sdk_docs/index.html>" > ./crate-docs/index.html
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.sha }}-doc
path: ./crate-docs/
retention-days: 1
if-no-files-found: error
build-implementers-guide:
runs-on: ubuntu-latest
needs: isdraft
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Install mdbook
run: |
cargo install mdbook --version 0.4.35 --locked
- run: mdbook build ./pezkuwi/roadmap/implementers-guide
- run: mkdir -p artifacts
- run: mv pezkuwi/roadmap/implementers-guide/book artifacts/
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ github.sha }}-guide
path: ./artifacts/
retention-days: 1
if-no-files-found: error
confirm-required-jobs-passed:
runs-on: ubuntu-latest
name: All docs jobs passed
# If any new job gets added, be sure to add it to this array
needs: [test-doc, build-rustdoc, build-implementers-guide]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
publish-rustdoc:
if: github.ref == 'refs/heads/master'
runs-on: ubuntu-latest
environment: subsystem-benchmarks
needs: [build-rustdoc, build-implementers-guide]
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: gh-pages
- uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
id: app-token
with:
app-id: ${{ secrets.PEZKUWI_GHPAGES_APP_ID }}
private-key: ${{ secrets.PEZKUWI_GHPAGES_APP_KEY }}
- name: Ensure destination dir does not exist
run: |
rm -rf book/
rm -rf ${REF_NAME}
env:
REF_NAME: ${{ github.head_ref || github.ref_name }}
- name: Download rustdocs
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: ${{ github.sha }}-doc
path: ${{ github.head_ref || github.ref_name }}
- name: Download guide
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: ${{ github.sha }}-guide
path: /tmp
- run: mkdir -p book
- name: Move book files
run: mv /tmp/book/html/* book/
- name: Push changes to gh-pages
env:
TOKEN: ${{ steps.app-token.outputs.token }}
APP_NAME: "pezkuwichain-upd-ghpages"
REF_NAME: ${{ github.head_ref || github.ref_name }}
Green: "\e[32m"
NC: "\e[0m"
run: |
echo "${Green}Git add${NC}"
git add book/
git add ${REF_NAME}/
echo "${Green}git status | wc -l${NC}"
git status | wc -l
echo "${Green}Add new remote with gh app token${NC}"
git remote set-url origin $(git config remote.origin.url | sed "s/github.com/${APP_NAME}:${TOKEN}@github.com/g")
echo "${Green}Remove http section that causes issues with gh app auth token${NC}"
sed -i.bak '/\[http/d' ./.git/config
sed -i.bak '/extraheader/d' ./.git/config
echo "${Green}Git push${NC}"
git config user.email "ci@kurdistan-tech.io"
git config user.name "${APP_NAME}"
git commit --amend -m "___Updated docs" || echo "___Nothing to commit___"
git push origin gh-pages --force
.github/workflows/issues-auto-add-teyrchain.yml
+30
View File
@@ -0,0 +1,30 @@
# If there are new issues related to the async backing feature,
# add it to the teyrchain team's board and set a custom "meta" field.
name: Add selected issues to Teyrchain team board
on:
issues:
types:
- labeled
jobs:
add-teyrchain-issues:
if: github.event.label.name == 'T16-async_backing'
runs-on: ubuntu-latest
steps:
- name: Generate token
id: generate_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.PROJECT_APP_ID }}
private_key: ${{ secrets.PROJECT_APP_KEY }}
- name: Sync issues
uses: actions/github-script@v7
with:
github-token: ${{ steps.generate_token.outputs.token }}
script: |
// TODO: Implement issue sync for pezkuwichain project board
// Original action was pezkuwichain/github-issue-sync
// Project: 119 (Teyrchain team board)
// Fields: meta = 'async backing'
console.log('Issue sync placeholder - configure for pezkuwichain project board');
.github/workflows/issues-auto-label.yml
+17
View File
@@ -0,0 +1,17 @@
# If the author of the issues is not a contributor to the project, label
# the issue with 'Z0-unconfirmed'
name: Label New Issues
on:
issues:
types: [opened]
jobs:
label-new-issues:
runs-on: ubuntu-latest
steps:
- name: Label drafts
uses: andymckay/labeler@e6c4322d0397f3240f0e7e30a33b5c5df2d39e90 # 1.0.4
if: github.event.issue.author_association == 'NONE'
with:
add-labels: "I10-unconfirmed"
.github/workflows/misc-notify-burnin-label.yml
+18
View File
@@ -0,0 +1,18 @@
# DISABLED: This workflow was for Kurdistan-Tech DevOps notifications.
# Pezkuwi SDK will implement its own notification system if needed.
name: Notify DevOps when burn-in label applied (DISABLED)
on:
workflow_dispatch:
inputs:
note:
description: 'This workflow is disabled - Kurdistan-Tech Matrix notifications not applicable'
required: false
jobs:
disabled:
runs-on: ubuntu-latest
steps:
- name: Notice
run: echo "Burn-in label notification is disabled - Pezkuwi SDK uses different DevOps channels"
.github/workflows/misc-review-bot-merge-queue.yml
+25
View File
@@ -0,0 +1,25 @@
# Actions that makes review-bot green in the merge queue
name: Merge-Queue
on:
merge_group:
jobs:
trigger-merge-queue-action:
runs-on: ubuntu-latest
environment: merge-queues
steps:
- name: Generate token
id: app_token
uses: tibdex/github-app-token@3beb63f4bd073e61482598c45c71c1019b59b73a # v2.1.0
with:
app_id: ${{ secrets.REVIEW_APP_ID }}
private_key: ${{ secrets.REVIEW_APP_KEY }}
- name: Add Merge Queue status check
uses: billyjbryant/create-status-check@3e6fa0ac599d10d9588cf9516ca4330ef669b858 # v2
with:
authToken: ${{ steps.app_token.outputs.token }}
context: "review-bot"
description: "PRs for merge queue gets approved"
state: "success"
sha: ${{ github.event.merge_group.head_commit.id }}
.github/workflows/misc-update-wishlist-leaderboard.yml
+18
View File
@@ -0,0 +1,18 @@
# DISABLED: This workflow was for Kurdistan-Tech's wishlist leaderboard feature.
# Pezkuwi SDK will implement its own community engagement features.
name: Update wishlist leaderboard (DISABLED)
on:
workflow_dispatch:
inputs:
note:
description: 'This workflow is disabled - Pezkuwi will implement own solution'
required: false
jobs:
disabled:
runs-on: ubuntu-latest
steps:
- name: Notice
run: echo "Wishlist leaderboard is disabled - Pezkuwi SDK uses different community engagement"
.github/workflows/publish-check-compile.yml
+85
View File
@@ -0,0 +1,85 @@
name: Check publish build
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
check-publish-compile:
timeout-minutes: 90
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUSTFLAGS: "-D warnings"
SKIP_WASM_BUILD: 1
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Rust Cache
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/master' }}
- name: install kurdistan-tech-publish
run: |
cargo install kurdistan-tech-publish@0.10.6 --locked -q
- name: set current PR's prdoc name in a variable
env:
GITHUB_PR_NUM: ${{ github.event.pull_request.number }}
run: |
echo "CURRENT_PRDOC=pr_${GITHUB_PR_NUM}.prdoc" >> $GITHUB_ENV
- name: kurdistan-tech-publish update plan w/o current prdoc
run: |
if [ -f prdoc/$CURRENT_PRDOC ]; then
mv prdoc/$CURRENT_PRDOC .
fi
kurdistan-tech-publish --color always plan --skip-check --prdoc prdoc/
# The code base is not in master's state (due to commits brought by the
# current PR), but we're interested in all master's prdocs to be applied
# as if master is a stable branch, and in next steps we're following up with
# a patch release of all crates based on some newly added prdocs
# (meaning only the current prdoc).
- name: kurdistan-tech-publish apply plan on the code state prior to current prdoc
run: kurdistan-tech-publish --color always apply --registry
- name: move all prdocs except current one to unstable dir
run: |
if [ -f $CURRENT_PRDOC ]; then
mkdir prdoc/unstable
mv prdoc/pr_*.prdoc prdoc/unstable
mv $CURRENT_PRDOC prdoc
fi
- name: kurdistan-tech-publish update plan just for PR's prdoc
run: |
if [ -f "prdoc/$CURRENT_PRDOC" ]; then
kurdistan-tech-publish --color always plan --skip-check --prdoc prdoc/
fi
- name: kurdistan-tech-publish apply plan
run: |
if [ -f "prdoc/$CURRENT_PRDOC" ]; then
kurdistan-tech-publish --color always apply --registry
fi
- name: kurdistan-tech-publish check compile
run: |
packages="$(kurdistan-tech-publish apply --print)"
if [ -n "$packages" ]; then
cargo --color always check $(printf -- '-p %s ' $packages)
fi
.github/workflows/publish-check-crates.yml
+48
View File
@@ -0,0 +1,48 @@
name: Check publish
on:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
check-publish:
runs-on: ubuntu-latest
needs: isdraft
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Check for publishable crates
id: check-publishable
run: |
# Find crates that are publishable (don't have publish = false)
PUBLISHABLE=$(find . -name "Cargo.toml" -exec grep -L 'publish = false' {} \; | grep -v target | head -20)
if [ -z "$PUBLISHABLE" ]; then
echo "No publishable crates found (all have publish = false)"
echo "has_publishable=false" >> $GITHUB_OUTPUT
else
echo "Found publishable crates:"
echo "$PUBLISHABLE"
echo "has_publishable=true" >> $GITHUB_OUTPUT
fi
- name: Rust Cache
if: steps.check-publishable.outputs.has_publishable == 'true'
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/master' }}
- name: Install pezkuwi-publish (when ready)
if: steps.check-publishable.outputs.has_publishable == 'true'
run: |
echo "Publishable crates detected - publish checks will run when pezkuwi-publish tool is ready"
# TODO: Replace with pezkuwi-publish when available
# cargo install pezkuwi-publish --locked -q
- name: Skip - all crates have publish = false
if: steps.check-publishable.outputs.has_publishable == 'false'
run: echo "All crates have publish = false, skipping publish checks"
.github/workflows/publish-claim-crates.yml
+45
View File
@@ -0,0 +1,45 @@
name: Claim Crates
on:
workflow_dispatch:
jobs:
claim-crates:
runs-on: ubuntu-latest
environment: master
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Check for publishable crates
id: check-publishable
run: |
# Find crates that are publishable (don't have publish = false)
PUBLISHABLE=$(find . -name "Cargo.toml" -exec grep -L 'publish = false' {} \; | grep -v target | head -20)
if [ -z "$PUBLISHABLE" ]; then
echo "No publishable crates found (all have publish = false)"
echo "has_publishable=false" >> $GITHUB_OUTPUT
else
echo "Found publishable crates:"
echo "$PUBLISHABLE"
echo "has_publishable=true" >> $GITHUB_OUTPUT
fi
- name: Rust Cache
if: steps.check-publishable.outputs.has_publishable == 'true'
uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 # v2.8.1
with:
save-if: ${{ github.ref == 'refs/heads/master' }}
- name: Claim crates on crates.io (when ready)
if: steps.check-publishable.outputs.has_publishable == 'true'
env:
PEZKUWI_CRATESIO_TOKEN: ${{ secrets.PEZKUWI_CRATESIO_TOKEN }}
run: |
echo "Publishable crates detected - claim will run when pezkuwi-publish tool is ready"
# TODO: Replace with pezkuwi-publish when available
# cargo install pezkuwi-publish --locked -q
# pezkuwi-publish --color always claim
- name: Skip - all crates have publish = false
if: steps.check-publishable.outputs.has_publishable == 'false'
run: echo "All crates have publish = false, skipping crate claiming"
.github/workflows/release-10_branchoff-stable.yml
+143
View File
@@ -0,0 +1,143 @@
# This workflow has combined functionality of branching-off a new stable release branch and tagging an RC.
# The options to branch-off and/or tag an RC can be chosen independently by ticking the appropriate checkbox in the launching form,
# as the branch-off happens only ones per quarter and a tagging activity done more frequently for each new RC during the release process.
name: Release - Branch off stable branch and/or tag rc
on:
workflow_dispatch:
inputs:
stable_version:
description: Stable version in the format stableYYMM that will be used as branch name and rc tag base
required: true
type: string
node_version:
description: Version of the pezkuwi node in the format X.XX.X (e.g. 1.15.0). ️ Node version is needed only for the branch-off
type: string
required: false
is_new_stable:
description: Check this box if this is a new stable release and the stable branch needs to be created
type: boolean
tag_rc:
description: Check this box if the rc tag needs to be created
type: boolean
jobs:
validate-inputs:
runs-on: ubuntu-latest
outputs:
node_version: ${{ steps.validate_inputs.outputs.node_version }}
stable_version: ${{ steps.validate_inputs.outputs.stable_version }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
if [ -n "${{ inputs.node_version }}" ]; then
node_version=$(filter_version_from_input "${{ inputs.node_version }}")
echo "node_version=${node_version}" >> $GITHUB_OUTPUT
fi
stable_version=$(validate_stable_tag ${{ inputs.stable_version }})
echo "stable_version=${stable_version}" >> $GITHUB_OUTPUT
create-stable-branch:
if: ${{ inputs.is_new_stable }}
needs: [ validate-inputs ]
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
STABLE_BRANCH_NAME: ${{ needs.validate-inputs.outputs.stable_version }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: pezkuwichain
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
with:
ref: master
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@kurdistan-tech.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Create stable branch
run: |
git checkout -b "$STABLE_BRANCH_NAME"
git show-ref "$STABLE_BRANCH_NAME"
- name: Bump versions, reorder prdocs and push stable branch
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
. ./.github/scripts/release/release_lib.sh
NODE_VERSION="${{ needs.validate-inputs.outputs.node_version }}"
NODE_VERSION_PATTERN="\(NODE_VERSION[^=]*= \)\".*\""
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "pezkuwi/node/primitives/src/lib.rs"
commit_with_message "Bump node version to $NODE_VERSION in pezkuwi-cli"
set_version "$NODE_VERSION_PATTERN" $NODE_VERSION "pezcumulus/pezkuwi-omni-node/lib/src/nodes/mod.rs"
commit_with_message "Bump node version to $NODE_VERSION in pezkuwi-omni-node-lib"
SPEC_VERSION=$(get_spec_version $NODE_VERSION)
runtimes_list=$(get_filtered_runtimes_list)
set_spec_versions $SPEC_VERSION "${runtimes_list[@]}"
reorder_prdocs $STABLE_BRANCH_NAME
gh auth setup-git
git push origin "$STABLE_BRANCH_NAME"
- name: Tag RC after branch off
if: ${{ inputs.tag_rc }}
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }} # or use a PAT with workflow scope
run: |
stable_tag_base=pezkuwi-${{ needs.validate-inputs.outputs.stable_version }}
gh workflow run release-11_rc-automation.yml \
--repo ${{ github.repository }} \
--ref ${{ needs.validate-inputs.outputs.stable_version }} \
--field version=${stable_tag_base}
tag-rc-without-branchoff:
if: ${{ !inputs.is_new_stable && inputs.tag_rc }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-11_rc-automation.yml
with:
version: pezkuwi-${{ needs.validate-inputs.outputs.stable_version }}
secrets: inherit
.github/workflows/release-11_rc-automation.yml
+106
View File
@@ -0,0 +1,106 @@
name: Release - RC tagging automation
on:
workflow_dispatch:
inputs:
version:
description: Current release/rc version in format pezkuwi-stableYYMM
workflow_call:
inputs:
version:
description: Current release/rc version in format pezkuwi-stableYYMM
type: string
jobs:
tag_rc:
runs-on: ubuntu-latest
strategy:
matrix:
channel:
- name: "RelEng: Pezkuwi Release Coordination"
room: '!cqAmzdIcbOFwrdrubV:kurdistan-tech.io'
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: pezkuwichain
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
with:
fetch-depth: 0
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@kurdistan-tech.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Compute next rc tag
# if: ${{ steps.get_rel_product.outputs.product == 'pezkuwi' }}
id: compute_tag
shell: bash
run: |
. ./.github/scripts/common/lib.sh
# Get last rc tag if exists, else set it to {version}-rc1
if [[ -z "${{ inputs.version }}" ]]; then
version=v$(get_pezkuwi_node_version_from_code)
else
version=$(validate_stable_tag ${{ inputs.version }})
fi
echo "$version"
echo "version=$version" >> $GITHUB_OUTPUT
last_rc=$(get_latest_rc_tag $version pezkuwi)
if [ -n "$last_rc" ]; then
suffix=$(increment_rc_tag $last_rc)
echo "new_tag=$version-rc$suffix" >> $GITHUB_OUTPUT
echo "first_rc=false" >> $GITHUB_OUTPUT
else
echo "new_tag=$version-rc1" >> $GITHUB_OUTPUT
echo "first_rc=true" >> $GITHUB_OUTPUT
fi
- name: Apply new tag
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
RC_TAG: ${{ steps.compute_tag.outputs.new_tag }}
run: |
git tag -s $RC_TAG -m "new rc tag $RC_TAG"
git push origin $RC_TAG
- name: Send Matrix message to ${{ matrix.channel.name }}
uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3
# if: steps.create-issue.outputs.url != ''
with:
room_id: ${{ matrix.channel.room }}
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.kurdistan-tech.io
message: |
Release process for pezkuwi ${{ steps.compute_tag.outputs.new_tag }} has been started.<br/>
.github/workflows/release-20_build-rc.yml
+300
View File
@@ -0,0 +1,300 @@
name: Release - Build node release candidate
on:
workflow_dispatch:
inputs:
binary:
description: Binary to be build for the release
default: all
type: choice
options:
- pezkuwi
- pezkuwi-teyrchain
- pezkuwi-omni-node
- pezframe-omni-bencher
- chain-spec-builder
- bizinikiwi-node
- eth-rpc
- pez-subkey
- all
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM(-X)
type: string
workflow_call:
inputs:
binary:
description: Binary to be built for the release
default: all
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcY or pezkuwi-stableYYMM(-X)
type: string
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
build-pezkuwi-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezkuwi", "pezkuwi-prepare-worker", "pezkuwi-execute-worker"]'
package: pezkuwi
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pezkuwi-teyrchain-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezkuwi-teyrchain"]'
package: "pezkuwi-teyrchain-bin"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pezkuwi-omni-node-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezkuwi-omni-node"]'
package: "pezkuwi-omni-node"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
features: runtime-benchmarks
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pezframe-omni-bencher-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezframe-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezframe-omni-bencher"]'
package: "pezframe-omni-bencher"
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-chain-spec-builder-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["chain-spec-builder"]'
package: pez-staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-bizinikiwi-node-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'bizinikiwi-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["bizinikiwi-node"]'
package: pez-staging-node-cli
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-eth-rpc-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'eth-rpc' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["eth-rpc"]'
package: pezpallet-revive-eth-rpc
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pez-subkey-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pez-subkey' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pez-subkey"]'
package: pez-subkey
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: x86_64-unknown-linux-gnu
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pezkuwi-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezkuwi", "pezkuwi-prepare-worker", "pezkuwi-execute-worker"]'
package: pezkuwi
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pezkuwi-teyrchain-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezkuwi-teyrchain"]'
package: pezkuwi-teyrchain-bin
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pezkuwi-omni-node-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezkuwi-omni-node"]'
package: pezkuwi-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
features: runtime-benchmarks
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pezframe-omni-bencher-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pezframe-omni-bencher' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pezframe-omni-bencher"]'
package: pezframe-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-chain-spec-builder-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["chain-spec-builder"]'
package: pez-staging-chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-bizinikiwi-node-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'bizinikiwi-node' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["bizinikiwi-node"]'
package: pez-staging-node-cli
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-eth-rpc-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'eth-rpc' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["eth-rpc"]'
package: pezpallet-revive-eth-rpc
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-pez-subkey-macos-binary:
needs: [validate-inputs]
if: ${{ inputs.binary == 'pez-subkey' || inputs.binary == 'all' }}
uses: "./.github/workflows/release-reusable-rc-build.yml"
with:
binary: '["pez-subkey"]'
package: pez-subkey
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: aarch64-apple-darwin
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
.github/workflows/release-21_build-runtimes.yml
+90
View File
@@ -0,0 +1,90 @@
name: Release - Build runtimes
on:
workflow_dispatch:
inputs:
chain:
description: The chain to use
default: all
required: true
type: choice
options:
- all
- zagros
- asset-hub-zagros
- bridge-hub-zagros
- collectives-zagros
- coretime-zagros
- glutton-zagros
- people-zagros
runtime_dir:
description: The runtime dir to be used (⚠️ this parameter is optional and needed only in case of the single runtime build, set it accordingly to the runtime you want to build)
default: pezkuwi/runtime/zagros
type: choice
options:
- pezkuwi/runtime/zagros
- pezcumulus/teyrchains/runtimes/assets/asset-hub-zagros
- pezcumulus/teyrchains/runtimes/bridge-hubs/bridge-hub-zagros
- pezcumulus/teyrchains/runtimes/collectives/collectives-zagros
- pezcumulus/teyrchains/runtimes/coretime/coretime-zagros
- pezcumulus/teyrchains/runtimes/people/people-zagros
- pezcumulus/teyrchains/runtimes/glutton/glutton-zagros
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcY or pezkuwi-stableYYMM(-X)
type: string
workflow_call:
inputs:
chain:
description: The chain to use
default: all
required: true
type: string
runtime_dir:
description: The runtime dir to be used (⚠️ this parameter is optional and needed only in case of the single runtime build, set it accordingly to the runtime you want to build)
default: pezkuwi/runtime/zagros
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcY or pezkuwi-stableYYMM(-X)
type: string
outputs:
published_runtimes:
value: ${{ jobs.build-runtimes.outputs.published_runtimes }}
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
build-runtimes:
needs: [validate-inputs]
uses: "./.github/workflows/release-srtool.yml"
with:
excluded_runtimes: "asset-hub-pezkuwichain bridge-hub-pezkuwichain coretime-pezkuwichain people-pezkuwichain pezkuwichain pezkuwichain-teyrchain bizinikiwi-test bp pezcumulus-test kitchensink minimal-template teyrchain-template penpal pezkuwi-test seedling shell pezframe-try sp solochain-template pezkuwi-sdk-docs-first pezpallet-staking-async-teyrchain pezpallet-staking-async-rc pezframe-storage-access-test yet-another-teyrchain revive-dev"
build_opts: "--features on-chain-release-build"
profile: production
chain: ${{ inputs.chain }}
runtime_dir: ${{ inputs.runtime_dir }}
permissions:
id-token: write
attestations: write
contents: read
.github/workflows/release-22_combined-rc-runtime-builds-release-draft.yml
+126
View File
@@ -0,0 +1,126 @@
name: Release - Combined Builds Flow
on:
workflow_dispatch:
inputs:
chain:
description: The chain to use for runtime builds
default: all
required: true
type: choice
options:
- all
- zagros
- asset-hub-zagros
- bridge-hub-zagros
- collectives-zagros
- coretime-zagros
- glutton-zagros
- people-zagros
runtime_dir:
description: The runtime dir to be used (⚠️ this parameter is optional and needed only in case of the single runtime build, set it accordingly to the runtime you want to build)
default: pezkuwi/runtime/zagros
type: choice
options:
- pezkuwi/runtime/zagros
- pezcumulus/teyrchains/runtimes/assets/asset-hub-zagros
- pezcumulus/teyrchains/runtimes/bridge-hubs/bridge-hub-zagros
- pezcumulus/teyrchains/runtimes/collectives/collectives-zagros
- pezcumulus/teyrchains/runtimes/coretime/coretime-zagros
- pezcumulus/teyrchains/runtimes/people/people-zagros
- pezcumulus/teyrchains/runtimes/glutton/glutton-zagros
binary:
description: Binary to be built for the release candidate
default: all
type: choice
options:
- pezkuwi
- pezkuwi-teyrchain
- pezkuwi-omni-node
- pezframe-omni-bencher
- chain-spec-builder
- bizinikiwi-node
- eth-rpc
- pez-subkey
- all
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcY or pezkuwi-stableYYMM(-X)
type: string
required: true
no_runtimes:
description: If true, no runtime build will be triggered and release draft will be published without runtimes (⚠️ use it for the patch releases of the latest stable)
required: true
type: boolean
default: false
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
build-runtimes-flow:
if: ${{ inputs.no_runtimes == false }}
needs: [validate-inputs]
uses: "./.github/workflows/release-21_build-runtimes.yml"
with:
chain: ${{ inputs.chain }}
runtime_dir: ${{ inputs.runtime_dir }}
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
build-rc-flow:
needs: [validate-inputs]
uses: "./.github/workflows/release-20_build-rc.yml"
with:
binary: ${{ inputs.binary }}
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
secrets: inherit
permissions:
id-token: write
attestations: write
contents: read
trigger-release-draft-with-runtimes:
if: ${{ inputs.no_runtimes == false }}
needs: [build-runtimes-flow, build-rc-flow, validate-inputs]
uses: "./.github/workflows/release-30_publish_release_draft.yml"
with:
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
build_run_id: ${{ github.run_id }}
runtimes: '${{ needs.build-runtimes-flow.outputs.published_runtimes }}'
no_runtimes: ${{ inputs.no_runtimes }}
crates_only: false
secrets: inherit
trigger-release-draft-without-runtimes:
if: ${{ inputs.no_runtimes == true }}
needs: [build-rc-flow, validate-inputs]
uses: "./.github/workflows/release-30_publish_release_draft.yml"
with:
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
build_run_id: ${{ github.run_id }}
no_runtimes: ${{ inputs.no_runtimes }}
crates_only: false
secrets: inherit
.github/workflows/release-30_publish_release_draft.yml
+306
View File
@@ -0,0 +1,306 @@
name: Release - Publish draft
# This workflow runs in pezkuwichain-release and creates full release draft with:
# - release notes
# - info about the runtimes
# - attached artifacts:
# - runtimes
# - binaries
# - signatures
on:
workflow_dispatch:
inputs:
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM(-X)
required: true
type: string
build_run_id:
description: Run ID of the current release workflow run to be used to download the artifacts
required: true
type: string
runtimes:
description: Runtimes to be published (⚠️ this needs to be provided in case of the complete release, for the crates only release or a patch release without runtimes it is not needed)
no_runtimes:
description: If true, release draft will be published without runtimes
required: true
type: boolean
default: false
crates_only:
description: If true, release draft will contain only release notes and no artifacts will be published (needed for stable releases that are crates only)
required: true
type: boolean
default: false
workflow_call:
inputs:
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcY or pezkuwi-stableYYMM(-X)
required: true
type: string
build_run_id:
description: Run ID of the current release workflow run to be used to download the artifacts
required: true
type: string
runtimes:
description: Runtimes to be published
type: string
no_runtimes:
description: If true, release draft will be published without runtimes
required: true
type: boolean
default: false
crates_only:
description: If true, release draft will contain only release notes and no artifacts will be published (needed for stable releases that are crates only)
required: true
type: boolean
default: false
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
publish-release-draft:
runs-on: ubuntu-latest
environment: release
needs: [ validate-inputs ]
outputs:
release_url: ${{ steps.create-release.outputs.html_url }}
asset_upload_url: ${{ steps.create-release.outputs.upload_url }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }}
owner: pezkuwichain
repositories: pezkuwi-sdk
- name: Download runtimes artifacts
if: ${{ inputs.no_runtimes == false && inputs.crates_only == false }}
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
mkdir -p ${{ github.workspace}}/runtimes/
gh run download ${{ inputs.build_run_id }} --dir ${{ github.workspace}}/runtimes
ls -la ${{ github.workspace}}/runtimes
- name: Prepare tooling
run: |
URL=https://github.com/chevdor/tera-cli/releases/download/v0.4.0/tera-cli_linux_amd64.deb
wget $URL -O tera.deb
sudo dpkg -i tera.deb
- name: Prepare draft
id: draft
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
ASSET_HUB_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/asset-hub-zagros-runtime/asset-hub-zagros-srtool-digest.json
BRIDGE_HUB_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/bridge-hub-zagros-runtime/bridge-hub-zagros-srtool-digest.json
COLLECTIVES_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/collectives-zagros-runtime/collectives-zagros-srtool-digest.json
CORETIME_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/coretime-zagros-runtime/coretime-zagros-srtool-digest.json
GLUTTON_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/glutton-zagros-runtime/glutton-zagros-srtool-digest.json
PEOPLE_ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/people-zagros-runtime/people-zagros-srtool-digest.json
ZAGROS_DIGEST: ${{ github.workspace}}/runtimes/zagros-runtime/zagros-srtool-digest.json
RELEASE_TAG: ${{ needs.validate-inputs.outputs.release_tag }}
NO_RUNTIMES: ${{ inputs.no_runtimes }}
CRATES_ONLY: ${{ inputs.crates_only }}
shell: bash
run: |
. ./.github/scripts/common/lib.sh
export RUSTC_STABLE=$(grep -oP '(?<=-)[0-9]+\.[0-9]+\.[0-9]+(?=-)' .github/env)
export REF1=$(get_latest_release_tag)
if [[ -z "$RELEASE_TAG" ]]; then
export REF2="${{ github.ref_name }}"
echo "REF2: ${REF2}"
else
export REF2="$RELEASE_TAG"
echo "REF2: ${REF2}"
fi
echo "REL_TAG=$REF2" >> $GITHUB_ENV
export VERSION=$(echo "$REF2" | sed -E 's/.*(stable[0-9]{4}(-[0-9]+)?).*$/\1/')
echo "Version: $VERSION"
./scripts/release/build-changelogs.sh
- name: Archive artifact context.json
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: release-notes-context
path: |
scripts/release/context.json
**/*-srtool-digest.json
- name: Create draft release
id: create-release
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
gh release create ${{ env.REL_TAG }} \
--repo pezkuwichain/pezkuwi-sdk \
--draft \
--title "Pezkuwi ${{ env.REL_TAG }}" \
--notes-file ${{ github.workspace}}/scripts/release/RELEASE_DRAFT.md
publish-runtimes:
if: ${{ inputs.crates_only == false && inputs.no_runtimes == false }}
needs: [ validate-inputs, publish-release-draft ]
environment: release
continue-on-error: true
runs-on: ubuntu-latest
strategy:
matrix: ${{ fromJSON(inputs.runtimes) }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }}
owner: pezkuwichain
repositories: pezkuwi-sdk
- name: Download runtimes
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
mkdir -p ${{ github.workspace}}/runtimes/
gh run download ${{ inputs.build_run_id }} --dir ${{ github.workspace}}/runtimes
ls -la ${{ github.workspace}}/runtimes
- name: Get runtime info
env:
JSON: ${{ github.workspace}}/release-notes-context/runtimes/${{ matrix.chain }}-runtime/${{ matrix.chain }}-srtool-digest.json
run: |
cd ${{ github.workspace}}/runtimes
>>$GITHUB_ENV echo ASSET=$(find ${{ matrix.chain }}-runtime -name '*.compact.compressed.wasm')
>>$GITHUB_ENV echo SPEC=$(<${JSON} jq -r .runtimes.compact.subwasm.core_version.specVersion)
- name: Upload compressed ${{ matrix.chain }} v${{ env.SPEC }} wasm
working-directory: ${{ github.workspace}}/runtimes
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
VERSIONED_ASSET="${{ matrix.chain }}_runtime-v${{ env.SPEC }}.compact.compressed.wasm"
mv "${{ env.ASSET }}" "$VERSIONED_ASSET"
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo pezkuwichain/pezkuwi-sdk "$VERSIONED_ASSET"
publish-release-artifacts:
if: ${{ inputs.crates_only == false }}
needs: [ validate-inputs, publish-release-draft ]
environment: release
continue-on-error: true
runs-on: ubuntu-latest
strategy:
matrix:
binary: [ pezkuwi, pezkuwi-execute-worker, pezkuwi-prepare-worker, pezkuwi-teyrchain, pezkuwi-omni-node, pezframe-omni-bencher, chain-spec-builder ]
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="${{ needs.validate-inputs.outputs.release_tag }}"
fetch_release_artifacts_from_s3 ${{ matrix.binary }} ${{ matrix.target }}
- name: Rename aarch64-apple-darwin binaries
if: ${{ matrix.target == 'aarch64-apple-darwin' }}
working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
run: |
. ../../../.github/scripts/common/lib.sh
mv ${{ matrix.binary }} ${{ matrix.binary }}-aarch64-apple-darwin
mv ${{ matrix.binary }}.asc ${{ matrix.binary }}-aarch64-apple-darwin.asc
sha256sum "${{ matrix.binary }}-aarch64-apple-darwin" | tee "${{ matrix.binary }}-aarch64-apple-darwin.sha256"
check_sha256 "${{ matrix.binary }}-aarch64-apple-darwin" && echo "OK" || echo "ERR"
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.PEZKUWI_SDK_RELEASE_RW_APP_ID }}
private-key: ${{ secrets.PEZKUWI_SDK_RELEASE_RW_APP_KEY }}
owner: pezkuwichain
repositories: pezkuwi-sdk
- name: Upload ${{ matrix.binary }} binary to release draft
env:
GITHUB_TOKEN: ${{ steps.generate_write_token.outputs.token }}
working-directory: ${{ github.workspace}}/release-artifacts/${{ matrix.target }}/${{ matrix.binary }}
run: |
if [[ ${{ matrix.target }} == "aarch64-apple-darwin" ]]; then
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo pezkuwichain/pezkuwi-sdk \
${{ matrix.binary }}-aarch64-apple-darwin \
${{ matrix.binary }}-aarch64-apple-darwin.asc \
${{ matrix.binary }}-aarch64-apple-darwin.sha256
else
gh release upload ${{ needs.validate-inputs.outputs.release_tag }} \
--repo pezkuwichain/pezkuwi-sdk \
${{ matrix.binary }} \
${{ matrix.binary }}.asc \
${{ matrix.binary }}.sha256
fi
post_to_matrix:
runs-on: ubuntu-latest
needs: [ validate-inputs, publish-release-draft ]
environment: release
strategy:
matrix:
channel:
- name: "Team: RelEng Internal"
room: '!GvAyzgCDgaVrvibaAF:kurdistan-tech.io'
steps:
- name: Send Matrix message to ${{ matrix.channel.name }}
uses: s3krit/matrix-message-action@70ad3fb812ee0e45ff8999d6af11cafad11a6ecf # v0.0.3
with:
room_id: ${{ matrix.channel.room }}
access_token: ${{ secrets.RELEASENOTES_MATRIX_V2_ACCESS_TOKEN }}
server: m.kurdistan-tech.io
message: |
**New version of pezkuwi tagged**: ${{ needs.validate-inputs.outputs.release_tag }}<br/>
And release draft is release created in [pezkuwi-sdk repo](https://github.com/pezkuwichain/pezkuwi-sdk/releases)
.github/workflows/release-31_promote-rc-to-final.yml
+136
View File
@@ -0,0 +1,136 @@
name: Release - Promote RC to final candidate on S3
on:
workflow_dispatch:
inputs:
binary:
description: Binary to be build for the release
default: all
type: choice
options:
- pezkuwi
- pezkuwi-teyrchain
- pezkuwi-omni-node
- pezframe-omni-bencher
- chain-spec-builder
- all
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX
type: string
workflow_call:
inputs:
binary:
description: Binary to be build for the release
default: all
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX
type: string
required: true
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
final_tag: ${{ steps.validate_inputs.outputs.final_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.release_tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
promote-pezkuwi-rc-to-final:
if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezkuwi
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-pezkuwi-teyrchain-rc-to-final:
if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezkuwi-teyrchain
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-pezkuwi-omni-node-rc-to-final:
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezkuwi-omni-node
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-pezframe-omni-bencher-rc-to-final:
if: ${{ inputs.binary == 'pezframe-omni-bencher' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: pezframe-omni-bencher
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
promote-chain-spec-builder-rc-to-final:
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
needs: [ validate-inputs ]
uses: ./.github/workflows/release-reusable-promote-to-final.yml
strategy:
matrix:
target: [ x86_64-unknown-linux-gnu, aarch64-apple-darwin ]
with:
package: chain-spec-builder
release_tag: ${{ needs.validate-inputs.outputs.release_tag }}
target: ${{ matrix.target }}
secrets:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_RELEASE_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_RELEASE_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
.github/workflows/release-40_publish-deb-package.yml
+40
View File
@@ -0,0 +1,40 @@
name: Release - Publish pezkuwi deb package
# This workflow publishes the pezkuwi Debian package by calling a reusable workflow.
on:
workflow_dispatch:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
default: pezkuwi-stable2412
required: true
type: string
distribution:
description: Distribution where to publish deb package (release, staging, stable2407, etc)
default: staging
required: true
type: string
workflow_call:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
required: true
type: string
distribution:
description: Distribution where to publish deb package (release, staging, stable2407, etc)
default: staging
required: true
type: string
jobs:
call-publish-workflow:
uses: ./.github/workflows/release-reusable-publish-packages.yml
with:
tag: ${{ inputs.tag }}
distribution: ${{ inputs.distribution }}
package_type: 'deb'
aws_repo_base_path: "s3://releases-package-repos"
cloudfront_distribution_id: "E36FKEYWDXAZYJ"
secrets: inherit
.github/workflows/release-41_publish-rpm-package.yml
+29
View File
@@ -0,0 +1,29 @@
name: Release - Publish pezkuwi RPM package
# This workflow publishes the pezkuwi RPM package by calling a reusable workflow.
on:
workflow_dispatch:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
default: pezkuwi-stable2412
required: true
type: string
workflow_call:
inputs:
tag:
description: Current final release tag in the format pezkuwi-stableYYMM or pezkuwi-stable-YYMM-X
required: true
type: string
jobs:
call-publish-workflow:
uses: ./.github/workflows/release-reusable-publish-packages.yml
with:
tag: ${{ inputs.tag }}
distribution: ${{ inputs.distribution }}
package_type: 'rpm'
aws_repo_base_path: "s3://releases-package-repos"
cloudfront_distribution_id: "E36FKEYWDXAZYJ"
secrets: inherit
.github/workflows/release-50_publish-docker.yml
+304
View File
@@ -0,0 +1,304 @@
name: Release - Publish Docker Image
# This workflow listens to published releases or can be triggered manually.
# It builds and published releases and rc candidates.
on:
workflow_dispatch:
inputs:
image_type:
description: Type of the image to be published
required: true
default: rc
type: choice
options:
- rc
- release
binary:
description: Binary to be published
required: true
default: pezkuwi
type: choice
options:
- pezkuwi
- pezkuwi-omni-node
- pezkuwi-teyrchain
- chain-spec-builder
registry:
description: Container registry
required: true
type: string
default: docker.io
# The owner is often the same as the Docker Hub username but does ont have to be.
# In our case, it is not.
owner:
description: Owner of the container image repo
required: true
type: string
default: kurdistan-tech
version:
description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1
default: v0.9.18
required: true
stable_tag:
description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases
required: true
workflow_call:
inputs:
image_type:
description: Type of the image to be published
required: true
default: rc
type: string
binary:
description: Binary to be published
required: true
default: pezkuwi
type: string
registry:
description: Container registry
required: true
type: string
default: docker.io
owner:
description: Owner of the container image repo
required: true
type: string
default: kurdistan-tech
version:
description: Version of the pezkuwi node release in format v1.16.0 or v1.16.0-rc1
required: true
type: string
stable_tag:
description: Tag matching the actual stable release version in the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX) for patch releases
required: true
type: string
permissions:
contents: write
env:
ENGINE: docker
REGISTRY: ${{ inputs.registry }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
DOCKER_OWNER: ${{ inputs.owner || github.repository_owner }}
REPO: ${{ github.repository }}
BINARY: ${{ inputs.binary }}
# EVENT_ACTION: ${{ github.event.action }}
EVENT_NAME: ${{ github.event_name }}
IMAGE_TYPE: ${{ inputs.image_type }}
jobs:
# check-synchronization job disabled - pezkuwichain-release sync not needed for pezkuwichain
# Original: uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
validate-inputs:
# Removed dependency on check-synchronization (disabled)
runs-on: ubuntu-latest
outputs:
version: ${{ steps.validate_inputs.outputs.VERSION }}
stable_tag: ${{ steps.validate_inputs.outputs.stable_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Validate inputs
id: validate_inputs
run: |
. ./.github/scripts/common/lib.sh
VERSION=$(filter_version_from_input "${{ inputs.version }}")
echo "VERSION=${VERSION}" >> $GITHUB_OUTPUT
STABLE_TAG=$(validate_stable_tag ${{ inputs.stable_tag }})
echo "stable_tag=${STABLE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build
runs-on: ubuntu-latest
needs: [ validate-inputs ]
steps:
- name: Checkout sources
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
run: |
. ./.github/scripts/common/lib.sh
VERSION="${{ needs.validate-inputs.outputs.stable_tag }}"
if [[ ${{ inputs.binary }} == 'pezkuwi' ]]; then
bins=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker)
for bin in "${bins[@]}"; do
fetch_release_artifacts_from_s3 $bin x86_64-unknown-linux-gnu
done
else
fetch_release_artifacts_from_s3 $BINARY x86_64-unknown-linux-gnu
fi
- name: Upload artifacts
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: release-artifacts-${{ env.BINARY }}
path: release-artifacts/x86_64-unknown-linux-gnu/${{ env.BINARY }}/**/*
build-container: # this job will be triggered for the pezkuwi-teyrchain rc and release or pezkuwi rc image build
runs-on: ubuntu-latest
needs: [ fetch-artifacts, validate-inputs ]
environment: release
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download artifacts
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: release-artifacts-${{ env.BINARY }}
path: release-artifacts
- name: Check sha256 ${{ env.BINARY }}
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
working-directory: release-artifacts
run: |
. ../.github/scripts/common/lib.sh
echo "Checking binary $BINARY"
check_sha256 $BINARY && echo "OK" || echo "ERR"
- name: Check GPG ${{ env.BINARY }}
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'chain-spec-builder' || inputs.image_type == 'rc' }}
working-directory: release-artifacts
run: |
. ../.github/scripts/common/lib.sh
import_gpg_keys
check_gpg $BINARY
- name: Fetch rc commit and tag
working-directory: release-artifacts
if: ${{ env.IMAGE_TYPE == 'rc' }}
id: fetch_rc_refs
shell: bash
run: |
. ../.github/scripts/common/lib.sh
commit=$(git rev-parse --short HEAD) && \
echo "commit=${commit}" >> $GITHUB_OUTPUT
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
echo "tag=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Fetch release tags
if: ${{ env.IMAGE_TYPE == 'release'}}
id: fetch_release_refs
shell: bash
run: |
. .github/scripts/common/lib.sh
echo "tag=latest" >> $GITHUB_OUTPUT
echo "release=$(echo ${{ needs.validate-inputs.outputs.version }})" >> $GITHUB_OUTPUT
echo "stable=$(prepare_docker_stable_tag ${{ needs.validate-inputs.outputs.stable_tag }})" >> $GITHUB_OUTPUT
- name: Build Injected Container image for pezkuwi
if: ${{ env.BINARY == 'pezkuwi' }}
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
shell: bash
run: |
ls -al
echo "Building container for $BINARY"
echo "IMAGE_TYPE: ${{ inputs.image_type }}"
if [[ "${{ inputs.image_type }}" == "rc" ]]; then
echo "Building RC container for pezkuwi"
export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected.Dockerfile"
export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker"
./docker/scripts/build-injected.sh
else
echo "Building release container for pezkuwi"
export DOCKERFILE="docker/dockerfiles/pezkuwi/pezkuwi_injected_debian.Dockerfile"
export BINARY="pezkuwi,pezkuwi-execute-worker,pezkuwi-prepare-worker"
export PEZKUWI_DEB=true
export VERSION=${{ needs.validate-inputs.outputs.version }}
./docker/scripts/build-injected.sh
fi
- name: Build Injected Container image for pezkuwi-omni-node/chain-spec-builder
if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'chain-spec-builder' }}
shell: bash
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
VERSION: ${{ needs.validate-inputs.outputs.version }}
run: |
ls -al
echo "Building container for $BINARY"
./docker/scripts/build-injected.sh
- name: Build Injected Container image for pezkuwi-teyrchain
if: ${{ env.BINARY == 'pezkuwi-teyrchain' }}
shell: bash
env:
ARTIFACTS_FOLDER: release-artifacts
IMAGE_NAME: ${{ env.BINARY }}
OWNER: ${{ env.DOCKER_OWNER }}
DOCKERFILE: docker/dockerfiles/pezkuwi-teyrchain/pezkuwi-teyrchain_injected.Dockerfile
TAGS: ${{ join(steps.fetch_rc_refs.outputs.*, ',') || join(steps.fetch_release_refs.outputs.*, ',') }}
VERSION: ${{ needs.validate-inputs.outputs.version }}
run: |
ls -al
mkdir -p $ARTIFACTS_FOLDER/specs
cp pezcumulus/teyrchains/chain-specs/*.json $ARTIFACTS_FOLDER/specs
echo "Building container for $BINARY"
./docker/scripts/build-injected.sh
- name: Login to Dockerhub to publish pezkuwi
if: ${{ env.BINARY == 'pezkuwi' }}
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ secrets.PEZKUWI_DOCKERHUB_USERNAME }}
password: ${{ secrets.PEZKUWI_DOCKERHUB_TOKEN }}
- name: Login to Dockerhub to publish pezkuwi-omni-node/pezkuwi-teyrchain/chain-spec-builder
if: ${{ env.BINARY == 'pezkuwi-omni-node' || env.BINARY == 'pezkuwi-teyrchain' || env.BINARY == 'chain-spec-builder' }}
uses: docker/login-action@5e57cd118135c172c3672efd75eb46360885c0ef # v3.6.0
with:
username: ${{ secrets.CUMULUS_DOCKERHUB_USERNAME }}
password: ${{ secrets.CUMULUS_DOCKERHUB_TOKEN }}
- name: Push Container image for ${{ env.BINARY }}
id: docker_push
run: |
$ENGINE images | grep ${BINARY}
$ENGINE push --all-tags ${REGISTRY}/${DOCKER_OWNER}/${BINARY}
- name: Check version for the published image for ${{ env.BINARY }}
env:
RELEASE_TAG: ${{ steps.fetch_rc_refs.outputs.release || steps.fetch_release_refs.outputs.release }}
run: |
echo "Checking tag ${RELEASE_TAG} for image ${REGISTRY}/${DOCKER_OWNER}/${BINARY}"
if [[ ${BINARY} == 'chain-spec-builder' ]]; then
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG}
else
$ENGINE run -i ${REGISTRY}/${DOCKER_OWNER}/${BINARY}:${RELEASE_TAG} --version
fi
.github/workflows/release-60_create-old-release-tag.yml
+63
View File
@@ -0,0 +1,63 @@
name: Release - Create pezkuwi-vX.YY.Z tag
# This workflow creates a final release tag in the old format (e.g. pezkuwi-v1.20.0) for a published release.
on:
release:
types: published
jobs:
create-old-release-tag:
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
- name: Generate content write token for the release automation
id: generate_write_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ vars.RELEASE_AUTOMATION_APP_ID }}
private-key: ${{ secrets.RELEASE_AUTOMATION_APP_PRIVATE_KEY }}
owner: pezkuwichain
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.event.release.tag_name }}
token: ${{ steps.generate_write_token.outputs.token }}
- name: Import gpg keys
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Config git
run: |
git config --global commit.gpgsign true
git config --global gpg.program /home/runner/.local/bin/pgpkms-git
git config --global user.name "ParityReleases"
git config --global user.email "release-team@kurdistan-tech.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Create old release tag
env:
GH_TOKEN: ${{ steps.generate_write_token.outputs.token }}
run: |
. ./.github/scripts/common/lib.sh
version=$(get_pezkuwi_node_version_from_code)
echo "Extracted node version: $version"
git tag -s "pezkuwi-v${version}" -m "Old release tag pezkuwi-v${version}"
git push origin "pezkuwi-v${version}"
.github/workflows/release-60_post-crates-release-activities.yml
+294
View File
@@ -0,0 +1,294 @@
name: Release - Post Crates Release Activities
on:
push:
branches:
- 'post-crates-release-*'
permissions:
contents: write
pull-requests: write
jobs:
set-image:
runs-on: ubuntu-latest
outputs:
IMAGE: ${{ steps.set_image.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@v4
- id: set_image
run: cat .github/env >> $GITHUB_OUTPUT
post-crates-activities:
needs: set-image
runs-on: ubuntu-latest
environment: release
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_SIGN_COMMITS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
container:
image: ${{ needs.set-image.outputs.IMAGE }}
steps:
- name: Install pgpkms
run: |
# Install pgpkms that is used to sign commits
pip install git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151
# Find and display where pgpkms-git is installed
echo "pgpkms-git location: $(which pgpkms-git)"
ls -la $(which pgpkms-git)
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Import GPG keys
shell: bash
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Configure git
shell: bash
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}"
git config --global commit.gpgsign true
# Dynamically find pgpkms-git path
PGPKMS_PATH=$(which pgpkms-git)
echo "Using pgpkms-git at: $PGPKMS_PATH"
git config --global gpg.program "$PGPKMS_PATH"
git config --global user.name "ParityReleases"
git config --global user.email "release-team@kurdistan-tech.io"
git config --global user.signingKey "D8018FBB3F534D866A45998293C5FB5F6A367B51"
- name: Bump NODE_VERSION for pezkuwi
run: |
echo "Bumping NODE_VERSION in pezkuwi..."
FILE="pezkuwi/node/primitives/src/lib.rs"
# Extract current NODE_VERSION
current_version=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"')
echo "Current version: $current_version"
# Bump patch version
new_version=$(echo "$current_version" | awk -F. '{print $1"."$2"."$3+1}')
echo "New version: $new_version"
# Update the file
sed -i.bak "s/NODE_VERSION: &'static str = \"$current_version\"/NODE_VERSION: \&'static str = \"$new_version\"/" "$FILE"
rm -f "$FILE.bak"
echo "Successfully bumped NODE_VERSION from $current_version to $new_version"
- name: Bump NODE_VERSION for pezkuwi-teyrchain and pezkuwi-omni-node
run: |
echo "Bumping NODE_VERSION in pezcumulus..."
FILE="pezcumulus/pezkuwi-omni-node/lib/src/nodes/mod.rs"
# Extract current NODE_VERSION
current_version=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"')
echo "Current version: $current_version"
# Bump patch version
new_version=$(echo "$current_version" | awk -F. '{print $1"."$2"."$3+1}')
echo "New version: $new_version"
# Update the file
sed -i.bak "s/NODE_VERSION: &'static str = \"$current_version\"/NODE_VERSION: \&'static str = \"$new_version\"/" "$FILE"
rm -f "$FILE.bak"
echo "Successfully bumped NODE_VERSION from $current_version to $new_version"
- name: Commit NODE_VERSION bumps
shell: bash
run: |
. ./.github/scripts/release/release_lib.sh
# Extract the bumped NODE_VERSION
FILE="pezkuwi/node/primitives/src/lib.rs"
NODE_VERSION=$(grep 'pub const NODE_VERSION' "$FILE" | grep -oE '"[0-9]+\.[0-9]+\.[0-9]+"' | tr -d '"')
echo "Committing NODE_VERSION bump to $NODE_VERSION"
commit_with_message "Bump NODE_VERSION to $NODE_VERSION"
echo "✅ Successfully committed NODE_VERSION bump"
- name: Move prdocs to release folder
shell: bash
run: |
. ./.github/scripts/release/release_lib.sh
# Extract release name from branch name (everything after "post-crates-release-")
BRANCH_NAME="${{ github.ref_name }}"
echo "Branch name: $BRANCH_NAME"
if [[ "$BRANCH_NAME" =~ post-crates-release-(.+)$ ]]; then
RELEASE_FOLDER="${BASH_REMATCH[1]}"
echo "Release folder name: $RELEASE_FOLDER"
# Use the reorder_prdocs helper function
reorder_prdocs "$RELEASE_FOLDER"
else
echo "WARNING: Could not extract release name from branch name: $BRANCH_NAME"
echo "Expected format: post-crates-release-<release-name>"
exit 1
fi
- name: Replace path dependencies
run: |
echo "Running replace-all-path-deps.sh..."
bash scripts/release/replace-all-path-deps.sh
# Show git diff to see what changed
git diff --stat
- name: Remove versions where path deps are present
run: |
echo "Running delete-versions-if-path-is-present.sh..."
bash scripts/release/delete-versions-if-path-is-present.sh
# Show git diff to see what changed
git diff --stat
- name: Remove version from umbrella/Cargo.toml
run: |
echo "Running delete-version-from-umbrella.sh..."
bash scripts/release/delete-version-from-umbrella.sh
# Show git diff to see what changed
git diff --stat
- name: Run Zepter - check issues
run: |
echo "Running zepter run check to identify issues..."
zepter run check || echo "Zepter found issues that need to be fixed"
- name: Run Zepter - fix issues
run: |
echo "Running zepter to fix issues..."
zepter || echo "Zepter fix completed"
# Show git diff to see what changed
git diff --stat
- name: Run Zepter - verify fixes
run: |
echo "Running zepter run check again to verify fixes..."
zepter run check || echo "There are still issues to fix manually"
- name: Run taplo - check formatting
run: |
echo "Running taplo format check..."
taplo format --check --config .config/taplo.toml || echo "Taplo found formatting issues"
- name: Run taplo - format
run: |
echo "Running taplo format..."
taplo format --config .config/taplo.toml
# Show git diff to see what changed
git diff --stat
- name: Run taplo - verify formatting
run: |
echo "Running taplo format check again..."
taplo format --check --config .config/taplo.toml || echo "There are still formatting issues"
- name: Install Python dependencies
run: |
echo "Installing Python dependencies..."
pip3 install toml "cargo-workspace>=1.2.6"
- name: Run workspace check
run: |
echo "Running workspace check..."
python3 .github/scripts/check-workspace.py . --exclude \
"bizinikiwi/frame/contracts/fixtures/build" \
"bizinikiwi/frame/contracts/fixtures/contracts/common"
- name: Deny git dependencies
run: |
echo "Checking for git dependencies..."
python3 .github/scripts/deny-git-deps.py .
- name: Check git status before commit
run: |
echo "=== Git status ==="
git status
echo ""
echo "=== Git status --porcelain ==="
git status --porcelain
echo ""
echo "=== Changed files count ==="
git status --porcelain | wc -l
- name: Commit and push changes
shell: bash
run: |
. ./.github/scripts/release/release_lib.sh
# Check if there are changes to commit
if [[ -n $(git status --porcelain) ]]; then
commit_with_message "chore: post crates release actions - version bumps, path deps, zepter, taplo"
echo "Changes committed successfully"
# Push changes to the branch
echo "Pushing changes to branch..."
git push
echo "Changes pushed successfully"
else
echo "No changes to commit"
fi
- name: Create Pull Request to base release branch
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
BRANCH_NAME="${{ github.ref_name }}"
echo "Current branch: $BRANCH_NAME"
# Extract base release branch name
if [[ "$BRANCH_NAME" =~ ^post-crates-release-(.+)$ ]]; then
FULL_RELEASE="${BASH_REMATCH[1]}"
if [[ "$FULL_RELEASE" =~ ^(.+)-[^-]+$ ]]; then
BASE_RELEASE="${BASH_REMATCH[1]}"
else
BASE_RELEASE="$FULL_RELEASE"
fi
echo "Creating PR from $BRANCH_NAME to $BASE_RELEASE..."
gh pr create \
--title "Post crates release activities for $BASE_RELEASE" \
--body "Automated PR containing post-crates-release activities:
- NODE_VERSION bumps
- Path dependencies replacement
- Zepter fixes
- Taplo formatting
- PRDocs reorganization" \
--base "$BASE_RELEASE" \
--head "$BRANCH_NAME" || echo "PR may already exist or there was an error creating it"
else
echo "ERROR: Could not extract base release branch from: $BRANCH_NAME, probably wrong format"
exit 1
fi
- name: Add comment about spec_version
env:
GH_TOKEN: ${{ github.token }}
shell: bash
run: |
BRANCH_NAME="${{ github.ref_name }}"
# Find the PR number for this branch
PR_NUMBER=$(gh pr list --head "$BRANCH_NAME" --json number --jq '.[0].number')
if [ -n "$PR_NUMBER" ]; then
echo "Adding comment to PR #$PR_NUMBER..."
gh pr comment "$PR_NUMBER" --body "⚠️ **Reminder:** spec_version is not bumped automatically as part of this flow. Please ensure it is updated manually if required."
else
echo "WARNING: Could not find PR for branch $BRANCH_NAME"
fi
.github/workflows/release-70_combined-publish-release.yml
+156
View File
@@ -0,0 +1,156 @@
name: Release - Combined Publish Release
# This workflow orchestrates the final release steps by calling workflows in sequence:
# 1. Promote RC to final on S3
# 2. Publish Debian and RPM packages (in parallel)
# 3. Publish Docker images
on:
workflow_dispatch:
inputs:
release_tag:
description: Release tag in the format pezkuwi-stableYYMM or pezkuwi-stableYYMM-X or pezkuwi-stableYYMM(-X)-rcX
type: string
required: true
binary:
description: Binary to be released
default: all
type: choice
required: true
options:
- all
- pezkuwi
- pezkuwi-teyrchain
- pezkuwi-omni-node
- pezframe-omni-bencher
- chain-spec-builder
image_type:
description: Type of Docker image (rc for release candidates, release for final)
required: true
default: rc
type: choice
options:
- rc
- release
distribution:
description: Distribution for Debian package (release, staging, stable2407, etc)
default: staging
required: true
type: string
registry:
description: Container registry for Docker images
required: true
type: string
default: docker.io
owner:
description: Owner of the container image repo
required: true
type: string
default: kurdistan-tech
version:
description: Version for Docker tags in format v1.16.0 or v1.16.0-rc1
required: true
type: string
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
# ==============================================
# PHASE 1: Promote RC to Final on S3
# ==============================================
promote-rc-to-final:
name: Promote RC to final on S3
uses: ./.github/workflows/release-31_promote-rc-to-final.yml
with:
binary: ${{ inputs.binary }}
release_tag: ${{ inputs.release_tag }}
secrets: inherit
# ==============================================
# PHASE 2: Publish Packages (Debian and RPM)
# ==============================================
publish-deb-package:
name: Publish Debian package
needs: [promote-rc-to-final]
uses: ./.github/workflows/release-40_publish-deb-package.yml
with:
tag: ${{ inputs.release_tag }}
distribution: ${{ inputs.distribution }}
secrets: inherit
publish-rpm-package:
name: Publish RPM package
needs: [promote-rc-to-final]
uses: ./.github/workflows/release-41_publish-rpm-package.yml
with:
tag: ${{ inputs.release_tag }}
secrets: inherit
# ==============================================
# PHASE 3: Publish Docker Images
# ==============================================
publish-docker-pezkuwi:
name: Publish Docker image - pezkuwi
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'pezkuwi' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: pezkuwi
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
publish-docker-pezkuwi-teyrchain:
name: Publish Docker image - pezkuwi-teyrchain
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'pezkuwi-teyrchain' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: pezkuwi-teyrchain
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
publish-docker-pezkuwi-omni-node:
name: Publish Docker image - pezkuwi-omni-node
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'pezkuwi-omni-node' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: pezkuwi-omni-node
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
publish-docker-chain-spec-builder:
name: Publish Docker image - chain-spec-builder
# needs: [publish-deb-package, publish-rpm-package]
if: ${{ inputs.binary == 'chain-spec-builder' || inputs.binary == 'all' }}
uses: ./.github/workflows/release-50_publish-docker.yml
with:
image_type: ${{ inputs.image_type }}
binary: chain-spec-builder
registry: ${{ inputs.registry }}
owner: ${{ inputs.owner }}
version: ${{ inputs.version }}
stable_tag: ${{ inputs.release_tag }}
secrets: inherit
.github/workflows/release-99_notif-published.yml
+99
View File
@@ -0,0 +1,99 @@
name: Release - Announce release to Discord
on:
release:
types:
- published
- prereleased
jobs:
ping_discord:
runs-on: ubuntu-latest
environment: release
# Discord notification - Pezkuwi uses Discord instead of Matrix
# Server ID: 1444335345935057049
# Discord webhook should be configured in repository secrets as PEZKUWI_DISCORD_WEBHOOK
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ github.event.release.tag_name }}
- name: Extract node version
id: extract_version
run: |
. ./.github/scripts/common/lib.sh
version=v$(get_pezkuwi_node_version_from_code)
echo "Extracted node version: $version"
echo "node_version=$version" >> $GITHUB_OUTPUT
- name: Send Discord notification
env:
DISCORD_WEBHOOK: ${{ secrets.PEZKUWI_DISCORD_WEBHOOK }}
run: |
if [ -z "$DISCORD_WEBHOOK" ]; then
echo "::notice::Discord webhook not configured. Release notification skipped."
echo "Release: ${{ github.event.release.tag_name }}"
echo "URL: ${{ github.event.release.html_url }}"
echo "Node Version: ${{ steps.extract_version.outputs.node_version }}"
exit 0
fi
RELEASE_TYPE="${{ github.event.action }}"
TAG_NAME="${{ github.event.release.tag_name }}"
RELEASE_URL="${{ github.event.release.html_url }}"
NODE_VERSION="${{ steps.extract_version.outputs.node_version }}"
REPO_NAME="${{ github.event.repository.full_name }}"
# Set emoji based on release type
if [ "${{ github.event.release.prerelease }}" == "true" ]; then
EMOJI="🧪"
TITLE="Pre-release Published"
else
EMOJI="🚀"
TITLE="New Release Published"
fi
# Create Discord embed payload
PAYLOAD=$(cat <<'PAYLOAD_EOF'
{
"embeds": [{
"title": "EMOJI_PLACEHOLDER TITLE_PLACEHOLDER",
"description": "A new node release has been RELEASE_TYPE_PLACEHOLDER in **REPO_NAME_PLACEHOLDER**",
"color": 5814783,
"fields": [
{
"name": "Release Version",
"value": "[TAG_NAME_PLACEHOLDER](RELEASE_URL_PLACEHOLDER)",
"inline": true
},
{
"name": "Node Version",
"value": "NODE_VERSION_PLACEHOLDER",
"inline": true
}
],
"footer": {
"text": "Pezkuwi SDK Release"
},
"timestamp": "TIMESTAMP_PLACEHOLDER"
}]
}
PAYLOAD_EOF
)
# Replace placeholders with actual values
TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%SZ)
PAYLOAD="${PAYLOAD//EMOJI_PLACEHOLDER/$EMOJI}"
PAYLOAD="${PAYLOAD//TITLE_PLACEHOLDER/$TITLE}"
PAYLOAD="${PAYLOAD//RELEASE_TYPE_PLACEHOLDER/$RELEASE_TYPE}"
PAYLOAD="${PAYLOAD//REPO_NAME_PLACEHOLDER/$REPO_NAME}"
PAYLOAD="${PAYLOAD//TAG_NAME_PLACEHOLDER/$TAG_NAME}"
PAYLOAD="${PAYLOAD//RELEASE_URL_PLACEHOLDER/$RELEASE_URL}"
PAYLOAD="${PAYLOAD//NODE_VERSION_PLACEHOLDER/$NODE_VERSION}"
PAYLOAD="${PAYLOAD//TIMESTAMP_PLACEHOLDER/$TIMESTAMP}"
curl -H "Content-Type: application/json" \
-d "$PAYLOAD" \
"$DISCORD_WEBHOOK"
.github/workflows/release-build-binary.yml
+81
View File
@@ -0,0 +1,81 @@
name: Binary Build
# This workflow can be used to build a binary like pezkuwi + workers, omninode or pezkuwi-teyrchain
# from any branch with release or profuction profile to be later used for testing.
# ⚠️ IT should not be used for release purposes!
on:
workflow_dispatch:
inputs:
binary:
required: true
default: "pezkuwi"
description: "The binary to build"
package:
description: Package to be built, can be pezkuwi, pezkuwi-teyrchain-bin, pezkuwi-omni-node etc.
required: true
type: string
profile:
required: true
default: "release"
description: "The profile to use for the binary build"
features:
required: false
type: string
description: "Features to enable when building the binary (must be a list of comma-separated features)"
jobs:
setup:
# GitHub Actions allows using 'env' in a container context.
# However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322
# This workaround sets the container image for each job using 'set-image' job output.
runs-on: ubuntu-latest
outputs:
IMAGE: ${{ steps.set_image.outputs.IMAGE }}
RUNNER: ${{ steps.set_runner.outputs.RUNNER }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set image
id: set_image
run: cat .github/env >> $GITHUB_OUTPUT
- name: Set runner
id: set_runner
shell: bash
run: |
if [[ "${{ inputs.binary }}" == "pezkuwi-teyrchain" ]]; then
echo "RUNNER=kurdistan-tech-large" >> $GITHUB_OUTPUT
else
echo "RUNNER=ubuntu-latest" >> $GITHUB_OUTPUT
fi
build:
needs: [setup]
runs-on: ${{ needs.setup.outputs.RUNNER }}
container:
image: ${{ needs.setup.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Build binary
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error
PROFILE=${{ inputs.profile }}
if [ "${{ inputs.binary }}" = "pezkuwi" ]; then
for binary in pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker; do
echo "Building $binary with profile $PROFILE and features ${{ inputs.features }}"
./.github/scripts/release/build-linux-release.sh $binary ${{ inputs.package }} ${{ inputs.features }}
done
else
echo "Building ${{ inputs.binary }} with profile $PROFILE and features ${{ inputs.features }}"
./.github/scripts/release/build-linux-release.sh ${{ inputs.binary }} ${{ inputs.package }} ${{ inputs.features }}
fi
- name: Upload ${{ inputs.binary }} artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ inputs.binary }}
path: /artifacts/**
.github/workflows/release-check-runtimes.yml
+94
View File
@@ -0,0 +1,94 @@
name: Check Runtimes Specs
# This GH Workflow fetches the runtimes available in a release.
# It then compares their metadata with reference specs located under
# .github/runtime_specs.
on:
workflow_dispatch:
inputs:
release_id:
description: |
Release ID.
You can find it using the command:
curl -s \
-H "Authorization: Bearer ${GITHUB_TOKEN}" https://api.github.com/repos/pezkuwichain/pezkuwi-sdk/releases | \
jq '.[] | { name: .name, id: .id }'
required: true
type: string
# This trigger unfortunately does not work as expected.
# https://github.com/orgs/community/discussions/47794
# release:
# types: [edited]
env:
RUNTIME_SPECS_DIR: .github/runtime_specs
DATA_DIR: runtimes
RELEASE_ID: ${{ inputs.release_id }}
REPO: ${{ github.repository }}
jobs:
find-specs:
name: Fetch runtime specs
outputs:
specs: ${{ steps.get-list.outputs.specs }}
runs-on: ubuntu-latest
steps:
- name: Checkout the repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Get list
id: get-list
run: |
lst=$(ls $RUNTIME_SPECS_DIR/*.json | xargs -I{} basename "{}" .json | jq -R .| jq -sc .)
echo "Found: $lst"
echo "specs=$lst" >> $GITHUB_OUTPUT
check-runtimes:
name: Check runtime specs
runs-on: ubuntu-latest
needs:
- find-specs
strategy:
matrix:
specs: ${{ fromJSON(needs.find-specs.outputs.specs) }}
steps:
- name: Checkout the repo
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Fetch release artifacts based on release id
env:
OUTPUT_DIR: ${{ env.DATA_DIR }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
. ./.github/scripts/common/lib.sh
fetch_release_artifacts
- name: Install tooling
env:
SUBWASM_VERSION: v0.20.0
DL_BASE_URL: https://github.com/chevdor/subwasm/releases/download
run: |
wget $DL_BASE_URL/$SUBWASM_VERSION/subwasm_linux_amd64_$SUBWASM_VERSION.deb \
-O subwasm.deb
sudo dpkg -i subwasm.deb
subwasm --version
- name: Extract metadata JSON for ${{ matrix.specs }}
env:
RUNTIME: ${{ matrix.specs }}
run: |
WASM=$(ls ${DATA_DIR}/${RUNTIME}*.wasm)
echo "WASM=$WASM"
subwasm show --json "$WASM" > "${DATA_DIR}/${RUNTIME}.json"
- name: Check specs for ${{ matrix.specs }}
id: build
env:
RUNTIME: ${{ matrix.specs }}
LOGLEVEL: info
run: |
python --version
.github/scripts/check-runtime.py "${DATA_DIR}/${RUNTIME}.json" "${RUNTIME_SPECS_DIR}/${RUNTIME}.json"
.github/workflows/release-clobber-stable.yml
+70
View File
@@ -0,0 +1,70 @@
name: Clobber Stable
# This action implements the
# [Clobbering](https://github.com/pezkuwichain/pezkuwi-sdk/blob/master/docs/RELEASE.md#clobbering)
# process from the release process. It pushes a new commit to the `stable` branch with all the
# current content of the `audited` tag. It does not use a merge commit, but rather 'clobbers' the
# branch with a single commit that contains all the changes. It has a naming scheme of `Clobber with
# audited ($COMMIT)`.
# Currently, the script is only triggered manually, but can be easily changed to a schedule.
on:
workflow_dispatch:
permissions:
contents: write
jobs:
clobber-stable:
runs-on: ubuntu-latest
timeout-minutes: 5
env:
STABLE: stable
UNSTABLE: master
AUDITED: audited
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.1.7
- name: Prechecks
run: |
# Properly fetch
git fetch --prune --unshallow origin tag $AUDITED
git fetch origin $STABLE
# Sanity checks
git checkout -q tags/$AUDITED || (echo "Could not find the '$AUDITED' tag." && exit 1)
COMMIT=$(git rev-parse tags/$AUDITED)
#$(git branch --contains $COMMIT | grep -q $UNSTABLE) || (echo "The '$AUDITED' tag is not on the '$UNSTABLE' branch." && exit 1)
git config --global user.email "admin@kurdistan-tech.io"
git config --global user.name "Kurdistan-Tech Release Team"
- name: Prepare commit
run: |
git checkout --quiet origin/$STABLE
# Delete all tracked files in the working directory
git ls-files -z | xargs -0 rm -f
# Find and delete any empty directories
find . -type d -empty -delete
git add . 1>/dev/null 2>/dev/null
git commit -qm "Delete all files"
# Grab the files from the commit
git checkout --quiet tags/$AUDITED -- .
# Stage, commit, and push the working directory which now matches 'audited' 1:1
git status
COMMIT=$(git rev-parse --short=10 tags/$AUDITED)
git add . 1>/dev/null 2>/dev/null
git commit --allow-empty --amend -qm "Clobber with $AUDITED ($COMMIT)"
- name: Push stable branch
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
git log -3
git push --verbose origin HEAD:$STABLE
.github/workflows/release-reusable-promote-to-final.yml
+91
View File
@@ -0,0 +1,91 @@
name: Promote rc to final
on:
workflow_call:
inputs:
package:
description: Package to be promoted
required: true
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX that will be changed to final in form of pezkuwi-stableYYMM(-X)
required: true
type: string
target:
description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
required: true
type: string
secrets:
AWS_DEFAULT_REGION:
required: true
AWS_RELEASE_ACCESS_KEY_ID:
required: true
AWS_RELEASE_SECRET_ACCESS_KEY:
required: true
jobs:
promote-release-artifacts:
environment: release
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
RELEASE_TAG: ${{ inputs.release_tag }}
PACKAGE: ${{ inputs.package }}
TARGET: ${{ inputs.target }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Prepare final tag
id: prepare_final_tag
shell: bash
run: |
tag="$(echo $RELEASE_TAG | sed 's/-rc[0-9]*$//')"
echo $tag
echo "FINAL_TAG=${tag}" >> $GITHUB_OUTPUT
- name: Fetch binaries from s3 based on version
run: |
. ./.github/scripts/common/lib.sh
VERSION="$RELEASE_TAG"
if [[ "$PACKAGE" == 'pezkuwi' ]]; then
packages=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker)
for package in "${packages[@]}"; do
OUTPUT_DIR="./release-artifacts/$TARGET/${package}"
fetch_release_artifacts_from_s3 "$package" "$TARGET"
done
NODE_VERSION="$(get_pezkuwi_node_version_from_code)"
fetch_debian_package_from_s3 pezkuwi
fetch_rpm_package_from_s3 pezkuwi
else
fetch_release_artifacts_from_s3 "$PACKAGE" "$TARGET"
fi
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload ${{ inputs.package }} ${{ inputs.target }} artifacts to s3
run: |
. ./.github/scripts/release/release_lib.sh
if [[ "$PACKAGE" == 'pezkuwi' ]]; then
packages=(pezkuwi pezkuwi-prepare-worker pezkuwi-execute-worker)
for package in "${packages[@]}"; do
upload_s3_release $package ${{ steps.prepare_final_tag.outputs.final_tag }} ${{ inputs.target }}
done
else
upload_s3_release "$PACKAGE" ${{ steps.prepare_final_tag.outputs.final_tag }} "$TARGET"
fi
.github/workflows/release-reusable-publish-packages.yml
+188
View File
@@ -0,0 +1,188 @@
name: Reusable - Publish Package
on:
workflow_call:
inputs:
tag:
description: Current final release tag (e.g., pezkuwi-stableYYMM)
required: true
type: string
distribution:
description: Distribution where to publish package (e.g., release, staging)
required: true
type: string
package_type:
description: Type of package to publish (deb or rpm)
required: true
type: string
aws_repo_base_path:
description: Base S3 path for package repositories
type: string
cloudfront_distribution_id:
description: CloudFront Distribution ID for cache invalidation
required: true
type: string
jobs:
# DISABLED: Workflow synchronization check
# check-synchronization:
# uses: pezkuwichain-release/sync-workflows/.github/workflows/check-synchronization.yml@main
# secrets:
# fork_writer_app_key: ${{ secrets.UPSTREAM_CONTENT_SYNC_APP_KEY }}
validate-inputs:
runs-on: ubuntu-latest
outputs:
release_tag: ${{ steps.validate_inputs.outputs.release_tag }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Validate package type
if: ${{ inputs.package_type != 'deb' && inputs.package_type != 'rpm' }}
run: |
echo "Error: package_type must be either 'deb' or 'rpm'"
exit 1
- name: Validate inputs
id: validate_inputs
run: |
# Source common library for helper functions
. ./.github/scripts/common/lib.sh
RELEASE_TAG=$(validate_stable_tag ${{ inputs.tag }})
echo "release_tag=${RELEASE_TAG}" >> $GITHUB_OUTPUT
fetch-artifacts-from-s3:
runs-on: ubuntu-latest
needs: [validate-inputs]
environment: release
env:
REPO: ${{ github.repository }}
VERSION: ${{ needs.validate-inputs.outputs.release_tag }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
outputs:
NODE_VERSION: ${{ steps.fetch_artifacts_from_s3.outputs.NODE_VERSION }}
steps:
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Fetch rc artifacts or release artifacts from s3 based on version
id: fetch_artifacts_from_s3
run: |
. ./.github/scripts/common/lib.sh
NODE_VERSION="$(get_pezkuwi_node_version_from_code)"
echo "NODE_VERSION=${NODE_VERSION}" >> $GITHUB_OUTPUT
# Fetch specific package type artifact (deb or rpm)
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
fetch_debian_package_from_s3 pezkuwi
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
fetch_rpm_package_from_s3 pezkuwi
fi
- name: Upload artifacts for later jobs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: release-artifacts-${{ inputs.package_type }}
path: release-artifacts/pezkuwi/*.${{ inputs.package_type }}
publish-package:
runs-on: ubuntu-latest
needs: [fetch-artifacts-from-s3]
environment: release
env:
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_REPO_PATH: "${{ inputs.aws_repo_base_path }}/${{ inputs.package_type }}"
LOCAL_REPO_PATH: ${{ github.workspace }}/${{ inputs.package_type }}
NODE_VERSION: ${{ needs.fetch-artifacts-from-s3.outputs.NODE_VERSION }}
steps:
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y python3-pip reprepro rpm createrepo-c
python3 -m pip install --user awscli "pgpkms @ git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151"
# Ensure ~/.local/bin is in PATH right now and for later steps
export PATH=$HOME/.local/bin:$PATH
echo "$HOME/.local/bin" >> $GITHUB_PATH
# Export to GITHUB_ENV (this time they wont be empty)
echo "PGPKMS_REPREPRO_PATH=$(which pgpkms-reprepro)" >> $GITHUB_ENV
echo "PGPKMS_RPMSIGN_PATH=$(which pgpkms-rpmsign)" >> $GITHUB_ENV
- name: Checkout sources
uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0
- name: Download artifacts from previous job
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: release-artifacts-${{ inputs.package_type }}
path: release-artifacts
- name: Setup local deb repo config
if: ${{ inputs.package_type == 'deb' }}
run: |
sed -i "s|^SignWith:.*|SignWith: ! ${PGPKMS_REPREPRO_PATH}|" ${{ github.workspace }}/.github/scripts/release/distributions
mkdir -p "$LOCAL_REPO_PATH/conf"
cp ${{ github.workspace }}/.github/scripts/release/distributions "$LOCAL_REPO_PATH/conf/distributions"
- name: Sync local repo
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
# --- Sync Local Repo from S3 ---
mkdir -p "$LOCAL_REPO_PATH"
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
aws s3 sync "$AWS_REPO_PATH/db" "$LOCAL_REPO_PATH/db" || true
aws s3 sync "$AWS_REPO_PATH/pool" "$LOCAL_REPO_PATH/pool" || true
aws s3 sync "$AWS_REPO_PATH/dists" "$LOCAL_REPO_PATH/dists" || true
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
aws s3 sync "$AWS_REPO_PATH" "$LOCAL_REPO_PATH" || true
fi
- name: Add packages to local repo, sign, and update metadata
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
# --- Add Package to Repo and Sign ---
if [[ "${{ inputs.package_type }}" == "deb" ]]; then
debname=$(find release-artifacts/ -name 'pezkuwi_*.deb' | head -n 1)
reprepro -b "$LOCAL_REPO_PATH" includedeb "${{ inputs.distribution }}" "$debname"
elif [[ "${{ inputs.package_type }}" == "rpm" ]]; then
rpmname=$(find release-artifacts/ -name 'pezkuwi-*.rpm' | head -n 1)
echo "Signing package with pgpkms (via AWS KMS)..."
chmod +x .github/scripts/release/pgpkms-gpg-wrapper.sh
cp .github/scripts/release/rpmmacros $HOME/.rpmmacros
echo "Dumping rpm gpg-related macros..."
rpm --showrc | grep gpg || true
echo "Contents of .rpmmacros:"
cat $HOME/.rpmmacros
rpm --addsign "$rpmname"
echo "Copying signed package to local repo..."
cp "$rpmname" "$LOCAL_REPO_PATH/"
echo "Updating repository metadata..."
createrepo_c --update "$LOCAL_REPO_PATH"
fi
- name: Upload updated repo to S3
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
run: |
aws s3 sync "$LOCAL_REPO_PATH" "$AWS_REPO_PATH" --acl public-read
aws cloudfront create-invalidation --distribution-id ${{ inputs.cloudfront_distribution_id }} --paths '/${{ inputs.package_type }}/*'
.github/workflows/release-reusable-rc-build.yml
+535
View File
@@ -0,0 +1,535 @@
name: RC Build
on:
workflow_call:
inputs:
binary:
description: Binary to be build for the release
required: true
default: pezkuwi
type: string
package:
description: Package to be built, for now can be pezkuwi, pezkuwi-teyrchain-bin, or pezkuwi-omni-node
required: true
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-rcX) or pezkuwi-stableYYMM-X(-rcX)
required: true
type: string
target:
description: Target triple for which the artifacts are being built (e.g. x86_64-unknown-linux-gnu)
required: true
type: string
features:
description: Features to be enabled when building the binary (must be a list of comma-separated features)
required: false
type: string
permissions:
id-token: write
contents: read
attestations: write
jobs:
set-image:
# GitHub Actions allows using 'env' in a container context.
# However, env variables don't work for forks: https://github.com/orgs/community/discussions/44322
# This workaround sets the container image for each job using 'set-image' job output.
runs-on: ubuntu-latest
env:
BINARY: ${{ inputs.binary }}
outputs:
IMAGE: ${{ steps.set_image.outputs.IMAGE }}
RUNNER: ${{ steps.set_image.outputs.RUNNER }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- id: set_image
run: |
cat .github/env >> $GITHUB_OUTPUT
RUNNER=""
if [[ "${BINARY}" =~ "pezkuwi-teyrchain" || "${BINARY}" =~ "pezkuwi-omni-node" ]]; then
RUNNER="ubuntu-latest-m"
echo "Using ubuntu-latest-m runner"
else
RUNNER="ubuntu-latest"
echo "Using ubuntu-latest runner"
fi
echo "RUNNER=${RUNNER}" >> $GITHUB_OUTPUT
build-rc:
if: ${{ inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [set-image]
runs-on: ${{ needs.set-image.outputs.RUNNER }}
environment: release
container:
image: ${{ needs.set-image.outputs.IMAGE }}
strategy:
matrix:
binaries: ${{ fromJSON(inputs.binary) }}
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign built artifacts
python3 -m pip install "pgpkms @ git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151"
which pgpkms
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.release_tag }}
fetch-depth: 0
- name: Import gpg keys
shell: bash
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Build binary
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error
./.github/scripts/release/build-linux-release.sh ${{ matrix.binaries }} ${{ inputs.package }} ${{ inputs.features }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: /artifacts/${{ matrix.binaries }}/${{ matrix.binaries }}
- name: Sign artifacts
working-directory: /artifacts/${{ matrix.binaries }}
run: |
python3 -m pgpkms sign --input ${{matrix.binaries }} -o ${{ matrix.binaries }}.asc
- name: Check sha256 ${{ matrix.binaries }}
working-directory: /artifacts/${{ matrix.binaries }}
shell: bash
run: |
. "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh
echo "Checking binary ${{ matrix.binaries }}"
check_sha256 ${{ matrix.binaries }}
- name: Check GPG ${{ matrix.binaries }}
working-directory: /artifacts/${{ matrix.binaries }}
shell: bash
run: |
. "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh
check_gpg ${{ matrix.binaries }}
- name: Upload ${{ matrix.binaries }} artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ matrix.binaries }}_${{ inputs.target }}
path: /artifacts/${{ matrix.binaries }}
build-macos-rc:
if: ${{ inputs.target == 'aarch64-apple-darwin' }}
runs-on: macos-latest
environment: release
strategy:
matrix:
binaries: ${{ fromJSON(inputs.binary) }}
env:
PGP_KMS_KEY: ${{ secrets.PGP_KMS_KEY }}
PGP_KMS_HASH: ${{ secrets.PGP_KMS_HASH }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.release_tag }}
fetch-depth: 0
- name: Set rust version from env file
run: |
RUST_VERSION=$(cat .github/env | sed -E 's/.*ci-unified:([^-]+)-([^-]+).*/\2/')
echo $RUST_VERSION
echo "RUST_VERSION=${RUST_VERSION}" >> $GITHUB_ENV
- name: Set workspace environment variable
# relevant for artifacts upload, which can not interpolate Github Action variable syntax when
# used within valid paths. We can not use root-based paths either, since it is set as read-only
# on the `kurdistan-tech-macos` runner.
run: echo "ARTIFACTS_PATH=${GITHUB_WORKSPACE}/artifacts/${{ matrix.binaries }}" >> $GITHUB_ENV
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@1ccc07ccd54b6048295516a3eb89b192c35057dc # master from 12.09.2024
- name: Set homebrew binaries location on path
run: echo "/opt/homebrew/bin" >> $GITHUB_PATH
- name: Install rust ${{ env.RUST_VERSION }}
uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0
with:
cache: false
toolchain: ${{ env.RUST_VERSION }}
target: wasm32-unknown-unknown
components: cargo, clippy, rust-docs, rust-src, rustfmt, rustc, rust-std
- name: cargo info
run: |
echo "######## rustup show ########"
rustup show
echo "######## cargo --version ########"
cargo --version
- name: Install protobuf
run: brew install protobuf
- name: Install gpg
run: |
brew install gnupg
# Setup for being able to resolve: keyserver.ubuntu.com.
# See: https://github.com/actions/runner-images/issues/9777
mkdir -p ~/.gnupg/
touch ~/.gnupg/dirmngr.conf
echo "standard-resolver" > ~/.gnupg/dirmngr.conf
- name: Install solc
run: brew install solidity
- name: Install resolc
run: |
VERSION="0.3.0"
ASSET_URL="https://github.com/pezkuwichain/revive/releases/download/v$VERSION/resolc-universal-apple-darwin"
echo "Downloading resolc v$VERSION from $ASSET_URL"
curl -Lsf --show-error -o $HOME/.cargo/bin/resolc "$ASSET_URL"
chmod +x $HOME/.cargo/bin/resolc
xattr -c $HOME/.cargo/bin/resolc
resolc --version
- name: Install llvm
run: |
brew install llvm@21
- name: Set dynamic library path
run: |
LLVM_PATH=$(brew --prefix llvm)
export LIBCLANG_PATH="$LLVM_PATH/lib"
export LDFLAGS="-L$LLVM_PATH/lib"
export CPPFLAGS="-I$LLVM_PATH/include"
echo "DYLD_LIBRARY_PATH=$LLVM_PATH/lib" >> $GITHUB_ENV
- name: Install sha256sum
run: |
brew install coreutils
- name: Install pgpkkms
run: |
# Install pgpkms that is used to sign built artifacts
python3 -m pip install "pgpkms @ git+https://github.com/pezkuwichain-release/pgpkms.git@6cb1cecce1268412189b77e4b130f4fa248c4151" --break-system-packages
- name: Import gpg keys
shell: bash
run: |
. ./.github/scripts/common/lib.sh
import_gpg_keys
- name: Build binary
run: |
git config --global --add safe.directory "${GITHUB_WORKSPACE}" #avoid "detected dubious ownership" error
./.github/scripts/release/build-macos-release.sh ${{ matrix.binaries }} ${{ inputs.package }} ${{ inputs.features }}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@e8998f949152b193b063cb0ec769d69d929409be # v2.4.0
with:
subject-path: ${{ env.ARTIFACTS_PATH }}/${{ matrix.binaries }}
- name: Sign artifacts
working-directory: ${{ env.ARTIFACTS_PATH }}
run: |
python3 -m pgpkms sign --input ${{matrix.binaries }} -o ${{ matrix.binaries }}.asc
- name: Check sha256 ${{ matrix.binaries }}
working-directory: ${{ env.ARTIFACTS_PATH }}
shell: bash
run: |
. "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh
echo "Checking binary ${{ matrix.binaries }}"
check_sha256 ${{ matrix.binaries }}
- name: Check GPG ${{ matrix.binaries }}
working-directory: ${{ env.ARTIFACTS_PATH }}
shell: bash
run: |
. "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh
check_gpg ${{ matrix.binaries }}
- name: Upload ${{ matrix.binaries }} artifacts
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: ${{ matrix.binaries }}_${{ inputs.target }}
path: ${{ env.ARTIFACTS_PATH }}
build-pezkuwi-deb-and-rpm-package:
if: ${{ inputs.package == 'pezkuwi' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
ref: ${{ inputs.release_tag }}
fetch-depth: 0
- name: Download pezkuwi_x86_64-unknown-linux-gnu artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: pezkuwi_x86_64-unknown-linux-gnu
path: target/production
merge-multiple: true
- name: Download pezkuwi-execute-worker_x86_64-unknown-linux-gnu artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: pezkuwi-execute-worker_x86_64-unknown-linux-gnu
path: target/production
merge-multiple: true
- name: Download pezkuwi-prepare-worker_x86_64-unknown-linux-gnu artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: pezkuwi-prepare-worker_x86_64-unknown-linux-gnu
path: target/production
merge-multiple: true
- name: Install rpmbuild
run: sudo apt-get update && sudo apt-get install -y rpm
- name: Set up Ruby
uses: actions/setup-ruby@v1
with:
ruby-version: '3.2'
- name: Install fpm
run: gem install fpm
- name: Build pezkuwi deb package
shell: bash
run: |
. "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh
VERSION=$(get_pezkuwi_node_version_from_code)
. "${GITHUB_WORKSPACE}"/.github/scripts/release/build-deb.sh ${{ inputs.package }} ${VERSION}
- name: Build pezkuwi rpm package
shell: bash
run: |
. "${GITHUB_WORKSPACE}"/.github/scripts/common/lib.sh
VERSION=$(get_pezkuwi_node_version_from_code)
. "${GITHUB_WORKSPACE}"/.github/scripts/release/build-rpm.sh ${{ inputs.package }} ${VERSION}
- name: Generate artifact attestation
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: |
target/production/*.deb
target/production/*.rpm
- name: Upload ${{inputs.package }} artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ inputs.package }}_${{ inputs.target }}
path: target/production
overwrite: true
upload-pezkuwi-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-pezkuwi-deb-and-rpm-package]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: ${{ inputs.package }}
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezkuwi-teyrchain-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi-teyrchain-bin' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: pezkuwi-teyrchain
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezkuwi-omni-node-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi-omni-node' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: ${{ inputs.package }}
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezframe-omni-bencher-artifacts-to-s3:
if: ${{ inputs.package == 'pezframe-omni-bencher' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: ${{ inputs.package }}
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-chain-spec-builder-artifacts-to-s3:
if: ${{ inputs.package == 'pez-staging-chain-spec-builder' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: chain-spec-builder
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-bizinikiwi-node-artifacts-to-s3:
if: ${{ inputs.package == 'pez-staging-node-cli' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: bizinikiwi-node
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-eth-rpc-artifacts-to-s3:
if: ${{ inputs.package == 'pezpallet-revive-eth-rpc' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: eth-rpc
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pez-subkey-artifacts-to-s3:
if: ${{ inputs.package == 'pez-subkey' && inputs.target == 'x86_64-unknown-linux-gnu' }}
needs: [build-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: pez-subkey
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezkuwi-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi' && inputs.target == 'aarch64-apple-darwin' }}
# TODO: add and use a `build-pezkuwi-homebrew-package` which packs all `pezkuwi` binaries:
# `pezkuwi`, `pezkuwi-prepare-worker` and `pezkuwi-execute-worker`.
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: ${{ inputs.package }}
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezkuwi-prepare-worker-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: pezkuwi-prepare-worker
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezkuwi-execute-worker-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: pezkuwi-execute-worker
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezkuwi-omni-node-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi-omni-node' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: ${{ inputs.package }}
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezkuwi-teyrchain-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pezkuwi-teyrchain-bin' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: pezkuwi-teyrchain
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pezframe-omni-bencher-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pezframe-omni-bencher' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: ${{ inputs.package }}
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-chain-spec-builder-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pez-staging-chain-spec-builder' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: chain-spec-builder
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-bizinikiwi-node-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pez-staging-node-cli' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: bizinikiwi-node
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-eth-rpc-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pezpallet-revive-eth-rpc' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: eth-rpc
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
upload-pez-subkey-macos-artifacts-to-s3:
if: ${{ inputs.package == 'pez-subkey' && inputs.target == 'aarch64-apple-darwin' }}
needs: [build-macos-rc]
uses: ./.github/workflows/release-reusable-s3-upload.yml
with:
package: pez-subkey
release_tag: ${{ inputs.release_tag }}
target: ${{ inputs.target }}
secrets: inherit
.github/workflows/release-reusable-s3-upload.yml
+50
View File
@@ -0,0 +1,50 @@
name: Upload to s3
on:
workflow_call:
inputs:
package:
description: Package to be built, for now is either pezkuwi or pezkuwi-teyrchain-bin
required: true
type: string
release_tag:
description: Tag matching the actual release candidate with the format pezkuwi-stableYYMM(-X)-rcX or pezkuwi-stableYYMM-rcX
required: true
type: string
target:
description: Target triple for which the artifacts are being uploaded (e.g aarch64-apple-darwin)
required: true
type: string
jobs:
upload-artifacts-to-s3:
runs-on: ubuntu-latest
environment: release
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_RELEASE_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_RELEASE_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download amd64 artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
name: ${{ inputs.package }}_${{ inputs.target }}
path: release-artifacts/${{ inputs.target }}/${{ inputs.package }}
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@00943011d9042930efac3dcd3a170e4273319bc8 # v5.1.0
with:
aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
- name: Upload ${{ inputs.package }} artifacts to s3
run: |
. ./.github/scripts/release/release_lib.sh
upload_s3_release ${{ inputs.package }} ${{ inputs.release_tag }} ${{ inputs.target }}
.github/workflows/release-srtool.yml
+152
View File
@@ -0,0 +1,152 @@
name: Srtool build
env:
SUBWASM_VERSION: 0.21.0
TOML_CLI_VERSION: 0.2.4
on:
workflow_call:
inputs:
excluded_runtimes:
type: string
build_opts:
type: string
profile:
type: string
chain:
type: string
runtime_dir:
type: string
outputs:
published_runtimes:
value: ${{ jobs.find-runtimes.outputs.runtime }}
permissions:
id-token: write
attestations: write
contents: read
jobs:
find-runtimes:
name: Scan repo pezkuwichain/pezkuwi-sdk
outputs:
runtime: ${{ steps.get_runtimes_list.outputs.runtime }}
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.0.0
with:
fetch-depth: 0
- name: Install tooling
run: |
URL=https://github.com/chevdor/toml-cli/releases/download/v${{ env.TOML_CLI_VERSION }}/toml_linux_amd64_v${{ env.TOML_CLI_VERSION }}.deb
curl -L $URL --output toml.deb
sudo dpkg -i toml.deb
toml --version; jq --version
- name: Scan and get runtimes list
id: get_runtimes_list
env:
EXCLUDED_RUNTIMES: ${{ inputs.excluded_runtimes }}:"bizinikiwi-test"
CHAIN: ${{ inputs.chain }}
RUNTIME_DIR: ${{ inputs.runtime_dir }}
run: |
. ./.github/scripts/common/lib.sh
echo "Github workspace: ${{ github.workspace }}"
echo "Current folder: $(pwd)"; ls -al
ls -al
if [ "$CHAIN" == "all" ]; then
MATRIX=$(find_runtimes | tee runtimes_list.json)
echo $MATRIX
echo "runtime=$MATRIX" >> $GITHUB_OUTPUT
else
if [ -n "$RUNTIME_DIR" ]; then
# Create a custom matrix with specific chain and runtime_dir
MATRIX='{"include":[{"chain":"'$CHAIN'","crate":"'$CHAIN'-runtime","runtime_dir":"'$RUNTIME_DIR'"}]}'
else
echo "RUNTIME_DIR is not set"
exit 1
fi
echo $MATRIX
echo "runtime=$MATRIX" >> $GITHUB_OUTPUT
fi
srtool:
runs-on: ubuntu-latest
needs:
- find-runtimes
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.find-runtimes.outputs.runtime) }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v4.0.0
with:
fetch-depth: 0
- name: Srtool build
id: srtool_build
uses: chevdor/srtool-actions@48e9baed50ca414936dfac59d34d8b9bbe581abd # v0.9.2
env:
BUILD_OPTS: ${{ inputs.build_opts }}
with:
chain: ${{ matrix.chain }}
runtime_dir: ${{ matrix.runtime_dir }}
profile: ${{ inputs.profile }}
- name: Summary
run: |
echo '${{ steps.srtool_build.outputs.json }}' | jq > ${{ matrix.chain }}-srtool-digest.json
cat ${{ matrix.chain }}-srtool-digest.json
echo "Compact Runtime: ${{ steps.srtool_build.outputs.wasm }}"
echo "Compressed Runtime: ${{ steps.srtool_build.outputs.wasm_compressed }}"
- name: Generate artifact attestation
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3.0.0
with:
subject-path: ${{ steps.srtool_build.outputs.wasm }}
# We now get extra information thanks to subwasm
- name: Install subwasm
run: |
wget https://github.com/chevdor/subwasm/releases/download/v${{ env.SUBWASM_VERSION }}/subwasm_linux_amd64_v${{ env.SUBWASM_VERSION }}.deb
sudo dpkg -i subwasm_linux_amd64_v${{ env.SUBWASM_VERSION }}.deb
subwasm --version
- name: Show Runtime information
shell: bash
run: |
subwasm info ${{ steps.srtool_build.outputs.wasm }}
subwasm info ${{ steps.srtool_build.outputs.wasm_compressed }}
subwasm --json info ${{ steps.srtool_build.outputs.wasm }} > ${{ matrix.chain }}-info.json
subwasm --json info ${{ steps.srtool_build.outputs.wasm_compressed }} > ${{ matrix.chain }}-compressed-info.json
- name: Extract the metadata
shell: bash
run: |
subwasm meta ${{ steps.srtool_build.outputs.wasm }}
subwasm --json meta ${{ steps.srtool_build.outputs.wasm }} > ${{ matrix.chain }}-metadata.json
- name: Check the metadata diff
shell: bash
# the following subwasm call will error for chains that are not known and/or live, that includes shell for instance
run: |
subwasm diff ${{ steps.srtool_build.outputs.wasm }} --chain-b ${{ matrix.chain }} || \
echo "Subwasm call failed, check the logs. This is likely because ${{ matrix.chain }} is not known by subwasm" | \
tee ${{ matrix.chain }}-diff.txt
- name: Archive Subwasm results
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: ${{ matrix.chain }}-runtime
path: |
${{ matrix.chain }}-info.json
${{ matrix.chain }}-compressed-info.json
${{ matrix.chain }}-metadata.json
${{ matrix.chain }}-diff.txt
${{ steps.srtool_build.outputs.wasm }}
${{ steps.srtool_build.outputs.wasm_compressed }}
${{ matrix.chain }}-srtool-digest.json
.github/workflows/reusable-disk-cleanup.yml
+12
View File
@@ -0,0 +1,12 @@
name: Reusable Disk Cleanup
on:
workflow_call:
jobs:
# This is a no-op job that other workflows can use to trigger disk cleanup
# The actual cleanup happens via the composite action
placeholder:
runs-on: ubuntu-latest
steps:
- run: echo "Disk cleanup is handled by the composite action"
.github/workflows/reusable-isdraft.yml
+16
View File
@@ -0,0 +1,16 @@
# The workflow is not part of reusable-preflight.yml to allow testing CI in draft.
name: Preflight isdraft
on:
workflow_call:
# Map the workflow outputs to job outputs
jobs:
isdraft:
runs-on: ubuntu-latest
if: github.event.pull_request.draft == false || contains(github.event.pull_request.labels.*.name, 'A5-run-CI')
steps:
- name: echo test
shell: bash
run: echo "PR is not draft, starting CI"
.github/workflows/reusable-preflight.yml
+228
View File
@@ -0,0 +1,228 @@
# Reusable workflow to set various useful variables
# and to perform checks and generate conditions for other workflows.
# Currently it checks if any Rust (build-related) file is changed
# and if the current (caller) workflow file is changed.
# Example:
#
# jobs:
# preflight:
# uses: ./.github/workflows/reusable-preflight.yml
# some-job:
# needs: changes
# if: ${{ needs.preflight.outputs.changes_rust }}
# .......
name: Preflight
on:
workflow_call:
# Map the workflow outputs to job outputs
outputs:
changes_rust:
value: ${{ jobs.preflight.outputs.changes_rust }}
changes_currentWorkflow:
value: ${{ jobs.preflight.outputs.changes_currentWorkflow }}
IMAGE:
value: ${{ jobs.preflight.outputs.IMAGE }}
description: "CI image"
# Runners
# https://github.com/pezkuwichain/ci_cd/wiki/GitHub#pezkuwichain-self-hosted-runners
RUNNER:
value: ${{ jobs.preflight.outputs.RUNNER }}
description: |
Main runner for resource-intensive tasks
By default we use spot machines that can be terminated at any time.
Merge queues use persistent runners to avoid kicking off from queue when the runner is terminated.
RUNNER_OLDLINUX:
value: ${{ jobs.preflight.outputs.RUNNER_OLDLINUX }}
description: |
kurdistan-tech-oldlinux
By default we use spot machines that can be terminated at any time.
Merge queues use persistent runners to avoid kicking off from queue when the runner is terminated.
# New is used only during transition to the new runners
RUNNER_NEW:
value: ${{ jobs.preflight.outputs.RUNNER_NEW }}
description: |
Main runner for resource-intensive tasks
By default we use spot machines that can be terminated at any time.
Merge queues use persistent runners to avoid kicking off from queue when the runner is terminated.
RUNNER_OLDLINUX_NEW:
value: ${{ jobs.preflight.outputs.RUNNER_OLDLINUX_NEW }}
description: |
kurdistan-tech-oldlinux
By default we use spot machines that can be terminated at any time.
Merge queues use persistent runners to avoid kicking off from queue when the runner is terminated.
RUNNER_DEFAULT:
value: ${{ jobs.preflight.outputs.RUNNER_DEFAULT }}
description: "Relatively lightweight runner. When `ubuntu-latest` is not enough"
RUNNER_WEIGHTS:
value: ${{ jobs.preflight.outputs.RUNNER_WEIGHTS }}
RUNNER_BENCHMARK:
value: ${{ jobs.preflight.outputs.RUNNER_BENCHMARK }}
RUNNER_MACOS:
value: ${{ jobs.preflight.outputs.RUNNER_MACOS }}
# Vars
SOURCE_REF_SLUG:
value: ${{ jobs.preflight.outputs.SOURCE_REF_SLUG }}
description: "Name of the current branch for `push` or source branch for `pull_request` with `/` replaced by `_`. Does not exists in merge_group"
REF_SLUG:
value: ${{ jobs.preflight.outputs.REF_SLUG }}
description: |
Name of the current revision (depending on the event) with `/` replaced by `_`, e.g:
push - main
pull_request - 49_merge
merge_group - gh-readonly-queue_master_pr-49-38d43798a986430231c828b2c762997f818ac012
COMMIT_SHA:
value: ${{ jobs.preflight.outputs.COMMIT_SHA }}
description: "Sha of the current revision"
COMMIT_SHA_SHORT:
value: ${{ jobs.preflight.outputs.COMMIT_SHA_SHORT }}
description: "Sha of the current revision, 8-symbols long"
jobs:
#
#
#
preflight:
runs-on: ubuntu-latest
outputs:
changes_rust: ${{ steps.set_changes.outputs.rust_any_changed || steps.set_changes.outputs.currentWorkflow_any_changed }}
changes_currentWorkflow: ${{ steps.set_changes.outputs.currentWorkflow_any_changed }}
IMAGE: ${{ steps.set_image.outputs.IMAGE }}
# Runners
# https://github.com/pezkuwichain/ci_cd/wiki/GitHub#pezkuwichain-self-hosted-runners
RUNNER: ${{ steps.set_runner.outputs.RUNNER }}
RUNNER_NEW: ${{ steps.set_runner.outputs.RUNNER_NEW }}
RUNNER_OLDLINUX: ${{ steps.set_runner.outputs.RUNNER_OLDLINUX }}
RUNNER_OLDLINUX_NEW: ${{ steps.set_runner.outputs.RUNNER_OLDLINUX_NEW }}
RUNNER_DEFAULT: ${{ steps.set_runner.outputs.RUNNER_DEFAULT }}
RUNNER_WEIGHTS: ${{ steps.set_runner.outputs.RUNNER_WEIGHTS }}
RUNNER_BENCHMARK: ${{ steps.set_runner.outputs.RUNNER_BENCHMARK }}
RUNNER_MACOS: ${{ steps.set_runner.outputs.RUNNER_MACOS }}
SOURCE_REF_SLUG: ${{ steps.set_vars.outputs.SOURCE_REF_SLUG }}
REF_SLUG: ${{ steps.set_vars.outputs.REF_SLUG }}
COMMIT_SHA: ${{ steps.set_vars.outputs.COMMIT_SHA }}
COMMIT_SHA_SHORT: ${{ steps.set_vars.outputs.COMMIT_SHA_SHORT }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
#
# Set changes
#
- name: Current file
id: current_file
shell: bash
run: |
echo "currentWorkflowFile=$(echo ${{ github.workflow_ref }} | sed -nE "s/.*(\.github\/workflows\/[a-zA-Z0-9_-]*\.y[a]?ml)@refs.*/\1/p")" >> $GITHUB_OUTPUT
echo "currentActionDir=$(echo ${{ github.action_path }} | sed -nE "s/.*(\.github\/actions\/[a-zA-Z0-9_-]*)/\1/p")" >> $GITHUB_OUTPUT
- name: Set changes
id: set_changes
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 #v47.0.0
with:
files_yaml: |
rust:
- '**/*'
- '!.github/**/*'
- '!prdoc/**/*'
- '!docs/**/*'
currentWorkflow:
- '${{ steps.current_file.outputs.currentWorkflowFile }}'
- '.github/workflows/reusable-preflight.yml'
#
# Set image
#
- name: Set image
id: set_image
shell: bash
run: cat .github/env >> $GITHUB_OUTPUT
#
# Set runner
#
# By default we use spot machines that can be terminated at any time.
# Merge queues use persistent runners to avoid kicking off from queue when the runner is terminated.
#
- name: Set runner
id: set_runner
shell: bash
run: |
# Use GitHub-hosted runners (ubuntu-latest) instead of Kurdistan-Tech self-hosted runners
echo "RUNNER_DEFAULT=ubuntu-latest" >> $GITHUB_OUTPUT
echo "RUNNER_WEIGHTS=ubuntu-latest" >> $GITHUB_OUTPUT
echo "RUNNER_BENCHMARK=ubuntu-latest" >> $GITHUB_OUTPUT
echo "RUNNER_MACOS=macos-latest" >> $GITHUB_OUTPUT
# All runners use ubuntu-latest for Pezkuwi SDK
echo "RUNNER=ubuntu-latest" >> $GITHUB_OUTPUT
echo "RUNNER_OLDLINUX=ubuntu-latest" >> $GITHUB_OUTPUT
echo "RUNNER_NEW=ubuntu-latest" >> $GITHUB_OUTPUT
echo "RUNNER_OLDLINUX_NEW=ubuntu-latest" >> $GITHUB_OUTPUT
#
# Set vars
#
- name: Set vars
id: set_vars
shell: bash
run: |
export SOURCE_REF_NAME=${{ github.head_ref || github.ref_name }}
echo "SOURCE_REF_SLUG=${SOURCE_REF_NAME//\//_}" >> $GITHUB_OUTPUT
#
export COMMIT_SHA=${{ github.sha }}
echo "COMMIT_SHA=$COMMIT_SHA" >> $GITHUB_OUTPUT
echo "COMMIT_SHA_SHORT=${COMMIT_SHA:0:8}" >> $GITHUB_OUTPUT
#
export REF_NAME=${{ github.ref_name }}
echo "REF_SLUG=${REF_NAME//\//_}" >> $GITHUB_OUTPUT
- name: log
shell: bash
run: |
echo "workflow file: ${{ steps.current_file.outputs.currentWorkflowFile }}"
echo "Modified: ${{ steps.set_changes.outputs.modified_keys }}"
#
#
#
ci-versions:
needs: [preflight]
runs-on: ubuntu-latest
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Info rust
run: |
rustup show
cargo --version
cargo +nightly --version
cargo clippy --version
echo "yarn version: $(yarn --version)"
echo $( bizinikiwi-contracts-node --version | awk 'NF' )
estuary --version
cargo-contract --version
taplo --version
- name: Info vars
run: |
echo "COMMIT_SHA: ${{ needs.preflight.outputs.COMMIT_SHA }}"
echo "COMMIT_SHA_SHORT: ${{ needs.preflight.outputs.COMMIT_SHA_SHORT }}"
echo "SOURCE_REF_SLUG: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}"
echo "REF_SLUG: ${{ needs.preflight.outputs.REF_SLUG }}"
echo "RUNNER: ${{ needs.preflight.outputs.RUNNER }}"
echo "IMAGE: ${{ needs.preflight.outputs.IMAGE }}"
#
echo "github.ref: ${{ github.ref }}"
echo "github.ref_name: ${{ github.ref_name }}"
echo "github.sha: ${{ github.sha }}"
.github/workflows/review-bot.yml
+46
View File
@@ -0,0 +1,46 @@
name: Review Bot
on:
workflow_run:
workflows:
- Review-Trigger
types:
- completed
workflow_dispatch:
inputs:
pr-number:
description: "Number of the PR to evaluate"
required: true
type: number
jobs:
review-approvals:
runs-on: ubuntu-latest
steps:
- name: Generate token
id: app_token
uses: actions/create-github-app-token@67018539274d69449ef7c02e8e71183d1719ab42 # v2.1.4
with:
app-id: ${{ secrets.REVIEW_APP_ID }}
private-key: ${{ secrets.REVIEW_APP_KEY }}
- name: Extract content of artifact
if: ${{ !inputs.pr-number }}
id: number
uses: Bullrich/extract-text-from-artifact@28b4a438a07226f4e4e19f625354bbe3e745a29e # v1.0.1
with:
artifact-name: pr_number
# DISABLED: Review bot requires pezkuwichain GitHub App
# - name: "Evaluates PR reviews and assigns reviewers"
# uses: pezkuwichain/review-bot@9a5828019b78fcc2a7d851ca9797d810bcde95ea # v2.7.2
# with:
# repo-token: ${{ steps.app_token.outputs.token }}
# team-token: ${{ steps.app_token.outputs.token }}
# checks-token: ${{ steps.app_token.outputs.token }}
# pr-number: ${{ inputs.pr-number || steps.number.outputs.content }}
# request-reviewers: true
- name: "Review bot disabled"
run: echo "Review bot is disabled - requires pezkuwichain GitHub App"
- name: Log payload
if: ${{ failure() || runner.debug }}
run: echo "::debug::$payload"
env:
payload: ${{ toJson(github.event) }}
.github/workflows/review-trigger.yml
+73
View File
@@ -0,0 +1,73 @@
name: Review-Trigger
on:
pull_request_target:
types:
- opened
- reopened
- synchronize
- review_requested
- review_request_removed
- ready_for_review
pull_request_review:
jobs:
trigger-review-bot:
# (It is not a draft) && (it is not a review || it is an approving review)
if: ${{ github.event.pull_request.draft != true && (github.event_name != 'pull_request_review' || (github.event.review && github.event.review.state == 'APPROVED')) }}
runs-on: ubuntu-latest
name: trigger review bot
steps:
- name: Skip merge queue
if: ${{ contains(github.ref, 'gh-readonly-queue') }}
run: exit 0
- name: Get PR data
id: comments
run: |
echo "bodies=$(gh pr view ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --json comments --jq '[.comments[].body]')" >> "$GITHUB_OUTPUT"
echo "reviews=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews --jq '[.[].state]')" >> "$GITHUB_OUTPUT"
env:
GH_TOKEN: ${{ github.token }}
- name: Fail when author pushes new code
# Require new reviews when the author is pushing and he is not a member
if: |
contains(fromJson(steps.comments.outputs.reviews), 'APPROVED') &&
github.event_name == 'pull_request_target' &&
github.event.action == 'synchronize' &&
github.event.sender.login == github.event.pull_request.user.login &&
github.event.pull_request.author_association != 'CONTRIBUTOR' &&
github.event.pull_request.author_association != 'MEMBER'
run: |
echo "User's association is ${{ github.event.pull_request.author_association }}"
# We get the list of reviewers who approved the PR
REVIEWERS=$(gh api repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/reviews \
--jq '{reviewers: [.[] | select(.state == "APPROVED") | .user.login]}')
# We request them to review again
echo $REVIEWERS | gh api --method POST repos/${{ github.repository }}/pulls/${{ github.event.pull_request.number }}/requested_reviewers --input -
echo "::error::Project needs to be reviewed again"
exit 1
env:
GH_TOKEN: ${{ github.token }}
- name: Comment requirements
# If the previous step failed and github-actions hasn't commented yet we comment instructions
if: failure() && !contains(fromJson(steps.comments.outputs.bodies), 'Review required! Latest push from author must always be reviewed')
run: |
gh pr comment ${{ github.event.pull_request.number }} --repo ${{ github.repository }} --body "Review required! Latest push from author must always be reviewed"
env:
GH_TOKEN: ${{ github.token }}
COMMENTS: ${{ steps.comments.outputs.users }}
- name: Get PR number
env:
PR_NUMBER: ${{ github.event.pull_request.number }}
run: |
echo "Saving PR number: $PR_NUMBER"
mkdir -p ./pr
echo $PR_NUMBER > ./pr/pr_number
- uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
name: Save PR number
with:
name: pr_number
path: pr/
retention-days: 5
.github/workflows/runtimes-matrix.json
+145
View File
@@ -0,0 +1,145 @@
[
{
"name": "dev",
"package": "kitchensink-runtime",
"path": "substrate/frame",
"header": "substrate/HEADER-APACHE2",
"template": "substrate/.maintain/frame-weight-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "--exclude-pallets=pallet_xcm,pallet_xcm_benchmarks::fungible,pallet_xcm_benchmarks::generic,pallet_nomination_pools,pallet_remark,pallet_transaction_storage",
"uri": null,
"is_relay": false
},
{
"name": "zagros",
"package": "zagros-runtime",
"path": "pezkuwi/runtime/zagros",
"header": "pezkuwi/file_header.txt",
"template": "pezkuwi/xcm/pallet-xcm-benchmarks/template.hbs",
"bench_flags": "",
"bench_features": "runtime-benchmarks",
"uri": "wss://try-runtime-zagros.pezkuwichain.io:443",
"is_relay": true
},
{
"name": "pezkuwichain",
"package": "pezkuwichain-runtime",
"path": "pezkuwi/runtime/pezkuwichain",
"header": "pezkuwi/file_header.txt",
"template": "pezkuwi/xcm/pallet-xcm-benchmarks/template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://try-runtime-pezkuwichain.pezkuwichain.io:443",
"is_relay": true
},
{
"name": "asset-hub-zagros",
"package": "asset-hub-zagros-runtime",
"path": "cumulus/teyrchains/runtimes/assets/asset-hub-zagros",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://zagros-asset-hub-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "asset-hub-pezkuwichain",
"package": "asset-hub-pezkuwichain-runtime",
"path": "cumulus/teyrchains/runtimes/assets/asset-hub-pezkuwichain",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://pezkuwichain-asset-hub-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "bridge-hub-pezkuwichain",
"package": "bridge-hub-pezkuwichain-runtime",
"path": "cumulus/teyrchains/runtimes/bridge-hubs/bridge-hub-pezkuwichain",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://pezkuwichain-bridge-hub-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "bridge-hub-zagros",
"package": "bridge-hub-zagros-runtime",
"path": "cumulus/teyrchains/runtimes/bridge-hubs/bridge-hub-zagros",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://zagros-bridge-hub-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "collectives-zagros",
"package": "collectives-zagros-runtime",
"path": "cumulus/teyrchains/runtimes/collectives/collectives-zagros",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://zagros-collectives-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "coretime-pezkuwichain",
"package": "coretime-pezkuwichain-runtime",
"path": "cumulus/teyrchains/runtimes/coretime/coretime-pezkuwichain",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://pezkuwichain-coretime-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "coretime-zagros",
"package": "coretime-zagros-runtime",
"path": "cumulus/teyrchains/runtimes/coretime/coretime-zagros",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://zagros-coretime-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "glutton-zagros",
"package": "glutton-zagros-runtime",
"path": "cumulus/teyrchains/runtimes/glutton/glutton-zagros",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": null,
"is_relay": false
},
{
"name": "people-pezkuwichain",
"package": "people-pezkuwichain-runtime",
"path": "cumulus/teyrchains/runtimes/people/people-pezkuwichain",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://pezkuwichain-people-rpc.pezkuwichain.io:443",
"is_relay": false
},
{
"name": "people-zagros",
"package": "people-zagros-runtime",
"path": "cumulus/teyrchains/runtimes/people/people-zagros",
"header": "cumulus/file_header.txt",
"template": "cumulus/templates/xcm-bench-template.hbs",
"bench_features": "runtime-benchmarks",
"bench_flags": "",
"uri": "wss://zagros-people-rpc.pezkuwichain.io:443",
"is_relay": false
}
]
.github/workflows/tests-evm.yml
+167
View File
@@ -0,0 +1,167 @@
name: EVM test suite
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
differential-tests:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
permissions:
pull-requests: write
strategy:
matrix:
platform:
["pez-revive-dev-node-revm-solc", "pez-revive-dev-node-polkavm-resolc"]
steps:
- name: Checkout the Pezkuwi SDK
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Update the Installed Python
run: apt-get update && apt-get install -y python3-pip python3
- name: Installing the Latest Resolc
run: |
VERSION="0.5.0"
ASSET_URL="https://github.com/pezkuwichain/revive/releases/download/v$VERSION/resolc-x86_64-unknown-linux-musl"
echo "Downloading resolc v$VERSION from $ASSET_URL"
curl -Lsf --show-error -o resolc "$ASSET_URL"
chmod +x resolc
./resolc --version
- name: Building the dependencies from the Pezkuwi SDK
run: cargo build --locked --profile release -p pezpallet-revive-eth-rpc -p pez-revive-dev-node
- name: Checkout the Differential Tests Repository
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: pezkuwichain/revive-differential-tests
ref: a6e4932a08b1ca231e4a02ca6e54e08a53f0e786
path: revive-differential-tests
submodules: recursive
- name: Installing Retester
run: cargo install --locked --path revive-differential-tests/crates/core
- name: Creating a workdir for retester
run: mkdir workdir
- name: Downloading & Initializing the compilation caches
run: |
curl -fL --retry 3 --retry-all-errors --connect-timeout 10 -o cache.tar.gz "https://github.com/pezkuwichain/revive-differential-tests/releases/download/compilation-caches-v1.0/cache.tar.gz"
tar -zxf cache.tar.gz -C ./workdir > /dev/null 2>&1
- name: Running the Differential Tests
run: |
retester test \
--test ./revive-differential-tests/resolc-compiler-tests/fixtures/solidity/simple \
--test ./revive-differential-tests/resolc-compiler-tests/fixtures/solidity/complex \
--test ./revive-differential-tests/resolc-compiler-tests/fixtures/solidity/translated_semantic_tests \
--platform ${{ matrix.platform }} \
--concurrency.number-of-nodes 10 \
--concurrency.number-of-threads 10 \
--concurrency.number-of-concurrent-tasks 1000 \
--working-directory ./workdir \
--pez-revive-dev-node.consensus manual-seal-200 \
--pez-revive-dev-node.path ./target/release/pez-revive-dev-node \
--eth-rpc.path ./target/release/eth-rpc \
--resolc.path ./resolc
- name: Creating a markdown report of the test execution
run: |
mv ./workdir/*.json report.json
python3 ./.github/scripts/process-differential-tests-report.py report.json ${{ matrix.platform }}
# We upload the report as an artifact to the run since there could be
# certain cases where the report is too long to post as a Github comment.
# This happens if the all of the tests are failing and therefore the
# report exceeds the maximum allowed length of github comments
- name: Upload the Report to the CI
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
with:
name: report-${{ matrix.platform }}.md
path: report.md
- name: Posting the report as a comment on the PR
uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405
if: ${{ contains(github.event.pull_request.labels.*.name, 'T7-smart_contracts') }}
with:
header: diff-tests-report-${{ matrix.platform }}
path: report.md
evm-test-suite:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-C debug-assertions"
RUST_BACKTRACE: 1
strategy:
matrix:
platform:
["test:pvm", "test:evm"]
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
run: |
cargo build --locked --release -p pezpallet-revive-eth-rpc --bin eth-rpc
cargo build --locked --release -p pez-revive-dev-node --bin pez-revive-dev-node
- name: Checkout evm-tests
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
repository: pezkuwichain/evm-test-suite
ref: 9359438a13e8ab68f73320724f8783e170ecc193
path: evm-test-suite
- uses: denoland/setup-deno@v2
with:
deno-version: v2.x
- name: script
run: |
echo "Change to the evm-test-suite directory"
cd evm-test-suite
deno --version
echo "Check that binaries are in place"
export REVIVE_DEV_NODE_PATH=$(readlink -f ../target/release/pez-revive-dev-node)
export ETH_RPC_PATH=$(readlink -f ../target/release/eth-rpc)
echo $REVIVE_DEV_NODE_PATH $ETH_RPC_PATH
echo "== Running tests =="
START_REVIVE_DEV_NODE=true START_ETH_RPC=true deno task ${{ matrix.platform }}
confirm-required-test-evm-jobs-passed:
runs-on: ubuntu-latest
name: All test misc tests passed
# If any new job gets added, be sure to add it to this array
needs:
- evm-test-suite
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/tests-linux-stable-coverage.yml
+123
View File
@@ -0,0 +1,123 @@
# GHA for test-linux-stable-int, test-linux-stable, test-linux-stable-oldkernel
name: tests linux stable coverage
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review, labeled]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
preflight:
uses: ./.github/workflows/reusable-preflight.yml
if: contains(github.event.label.name, 'GHA-coverage') || contains(github.event.pull_request.labels.*.name, 'GHA-coverage')
#
#
#
test-linux-stable-coverage:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 120
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
#
# -Cinstrument-coverage slows everything down but it is necessary for code coverage
# https://doc.rust-lang.org/rustc/instrument-coverage.html
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings -Cinstrument-coverage"
LLVM_PROFILE_FILE: "/__w/pezkuwi-sdk/pezkuwi-sdk/target/coverage/cargo-test-${{ matrix.ci_node_index }}-%p-%m.profraw"
strategy:
fail-fast: false
matrix:
ci_node_index: [1, 2, 3, 4, 5]
ci_node_total: [5]
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- run: rustup component add llvm-tools-preview
- run: cargo install cargo-llvm-cov
- run: mkdir -p target/coverage
# Some tests are excluded because they run very slowly or fail with -Cinstrument-coverage
- name: run tests
run: >
time cargo llvm-cov nextest
--no-report --release
--workspace
--locked --no-fail-fast
--features try-runtime,ci-only-tests,experimental
--filter-expr "
!test(/.*benchmark.*/)
- test(/recovers_from_only_chunks_if_pov_large::case_1/)
- test(/participation_requests_reprioritized_for_newly_included/)
- test(/availability_is_recovered_from_chunks_if_no_group_provided::case_1/)
- test(/rejects_missing_inherent_digest/)
- test(/availability_is_recovered_from_chunks_even_if_backing_group_supplied_if_chunks_only::case_1/)
- test(/availability_is_recovered_from_chunks_if_no_group_provided::case_2/)
- test(/all_security_features_work/)
- test(/nonexistent_cache_dir/)
- test(/recovers_from_only_chunks_if_pov_large::case_3/)
- test(/recovers_from_only_chunks_if_pov_large::case_2/)
- test(/authoring_blocks/)
- test(/rejects_missing_seals/)
- test(/generate_chain_spec/)
- test(/get_preset/)
- test(/list_presets/)
- test(/tests::receive_rate_limit_is_enforced/)
- test(/pezkuwi-availability-recovery/)
"
--partition count:${{ matrix.ci_node_index }}/${{ matrix.ci_node_total }}
- name: generate report
run: cargo llvm-cov report --release --codecov --output-path coverage-${{ matrix.ci_node_index }}.lcov
- name: upload report
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: coverage-report-${{ matrix.ci_node_index }}.lcov
path: coverage-${{ matrix.ci_node_index }}.lcov
#
#
# Upload to codecov
upload-reports:
needs: [test-linux-stable-coverage]
runs-on: ubuntu-latest
steps:
- name: Download artifacts
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
with:
path: reports
pattern: coverage-report-*
merge-multiple: true
- run: ls -al reports/
- name: Upload to Codecov
uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1
with:
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
directory: reports
root_dir: /__w/pezkuwi-sdk/pezkuwi-sdk/
#
#
#
remove-label:
runs-on: ubuntu-latest
needs: [upload-reports]
if: github.event_name == 'pull_request'
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions-ecosystem/action-remove-labels@2ce5d41b4b6aa8503e285553f75ed56e0a40bae0 # v1.3.0
with:
labels: GHA-coverage
.github/workflows/tests-linux-stable-xp.yml
+92
View File
@@ -0,0 +1,92 @@
# GHA for test-linux-stable-int, test-linux-stable, test-linux-stable-oldkernel with new runners
name: tests linux stable experimental
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
if: false
uses: ./.github/workflows/reusable-preflight.yml
# No filter for 'all_security_features_work' and 'nonexistent_cache_dir'
# run all tests on cattery runners
test-linux-stable-no-try-runtime:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ubuntu-latest
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
options: --privileged
strategy:
fail-fast: false
matrix:
partition: [1/2, 2/2]
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
id: required
run: |
cargo nextest run --workspace \
--locked \
--release \
--no-fail-fast \
--features experimental,ci-only-tests \
--partition count:${{ matrix.partition }}
test-linux-stable:
needs: [preflight]
runs-on: ${{ matrix.runners }}
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
partition: [1/3, 2/3, 3/3]
runners: [ubuntu-latest]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
# needed for tests that use unshare syscall
options: --privileged
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
id: required
run: |
# Fixes "detected dubious ownership" error in the ci
git config --global --add safe.directory '*'
cargo nextest run \
--workspace \
--locked \
--release \
--no-fail-fast \
--cargo-quiet \
--features try-runtime,experimental,ci-only-tests \
--partition count:${{ matrix.partition }}
# run runtime-api tests with `enable-pez-staging-api` feature on the 1st node
- name: runtime-api tests
if: ${{ matrix.partition == '1/3' }}
run: cargo nextest run -p pezsp-api-test --features enable-pez-staging-api --cargo-quiet
.github/workflows/tests-linux-stable.yml
+161
View File
@@ -0,0 +1,161 @@
# GHA for test-linux-stable-int, test-linux-stable, test-linux-stable-oldkernel
name: tests linux stable
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
test-linux-stable-int:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ${{ needs.preflight.outputs.RUNNER_NEW }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUSTFLAGS: "-C debug-assertions -D warnings"
RUST_BACKTRACE: 1
WASM_BUILD_NO_COLOR: 1
WASM_BUILD_RUSTFLAGS: "-C debug-assertions -D warnings"
# Ensure we run the UI tests.
RUN_UI_TESTS: 1
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
id: required
run: WASM_BUILD_NO_COLOR=1 cargo test -p pez-staging-node-cli --release --locked -- --ignored
# https://github.com/pezkuwichain/ci_cd/issues/864
test-linux-stable-runtime-benchmarks:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ${{ needs.preflight.outputs.RUNNER_NEW }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
id: required
run: cargo nextest run --workspace --features runtime-benchmarks benchmark --locked --cargo-profile testnet --cargo-quiet
test-linux-stable:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ${{ matrix.runners }}
timeout-minutes: 60
strategy:
fail-fast: false
matrix:
partition: [1/3, 2/3, 3/3]
runners:
[
"${{ needs.preflight.outputs.RUNNER_NEW }}",
"${{ needs.preflight.outputs.RUNNER_OLDLINUX_NEW }}",
]
container:
image: ${{ needs.preflight.outputs.IMAGE }}
# needed for tests that use unshare syscall
options: --privileged
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
id: required
run: |
# Fixes "detected dubious ownership" error in the ci
git config --global --add safe.directory '*'
cargo nextest run \
--workspace \
--locked \
--release \
--no-fail-fast \
--cargo-quiet \
--features try-runtime,experimental,ci-only-tests \
--partition count:${{ matrix.partition }}
# run runtime-api tests with `enable-pez-staging-api` feature on the 1st node
- name: runtime-api tests
if: ${{ matrix.partition == '1/3' }}
run: cargo nextest run -p pezsp-api-test --features enable-pez-staging-api --cargo-quiet
# some tests do not run with `try-runtime` feature enabled
# https://github.com/pezkuwichain/pezkuwi-sdk/pull/4251#discussion_r1624282143
test-linux-stable-no-try-runtime:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ${{ needs.preflight.outputs.RUNNER_NEW }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
options: --privileged
strategy:
fail-fast: false
matrix:
partition: [1/2, 2/2]
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
id: required
run: |
cargo nextest run --workspace \
--locked \
--release \
--no-fail-fast \
--cargo-quiet \
--features experimental,ci-only-tests \
--partition count:${{ matrix.partition }}
confirm-required-jobs-passed:
runs-on: ubuntu-latest
name: All tests passed
# If any new job gets added, be sure to add it to this array
needs:
[
test-linux-stable-int,
test-linux-stable-runtime-benchmarks,
test-linux-stable,
test-linux-stable-no-try-runtime,
]
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/tests-misc.yml
+461
View File
@@ -0,0 +1,461 @@
name: tests misc
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
# Jobs in this workflow depend on each other, only for limiting peak amount of spawned workers
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
# more information about this job can be found here:
# https://github.com/pezkuwichain/bizinikiwi/pull/3778
test-full-crypto-feature:
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-C debug-assertions"
RUST_BACKTRACE: 1
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
run: |
cd bizinikiwi/primitives/core/
cargo build --locked --no-default-features --features full_crypto
cd ../application-crypto
cargo build --locked --no-default-features --features full_crypto
test-pezframe-examples-compile-to-wasm:
timeout-minutes: 20
# into one job
needs: [preflight, test-full-crypto-feature]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-C debug-assertions"
RUST_BACKTRACE: 1
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
run: |
cd bizinikiwi/frame/examples/offchain-worker/
RUSTFLAGS="--cfg bizinikiwi_runtime" cargo build --locked --target=wasm32-unknown-unknown --no-default-features
cd ../basic
RUSTFLAGS="--cfg bizinikiwi_runtime" cargo build --locked --target=wasm32-unknown-unknown --no-default-features
test-pezframe-ui:
timeout-minutes: 60
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-C debug-assertions -D warnings"
RUST_BACKTRACE: 1
SKIP_WASM_BUILD: 1
# Ensure we run the UI tests.
RUN_UI_TESTS: 1
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
run: |
cargo version
cargo test --locked -q --profile testnet -p pezframe-support-test --features=pezframe-feature-testing,no-metadata-docs,try-runtime,experimental ui
cargo test --locked -q --profile testnet -p pezframe-support-test --features=pezframe-feature-testing,pezframe-feature-testing-2,no-metadata-docs,try-runtime,experimental ui
cargo test --locked -q --profile testnet -p xcm-pez-procedural ui
cargo test --locked -q --profile testnet -p pezframe-election-provider-solution-type ui
cargo test --locked -q --profile testnet -p pezsp-api-test ui
# There is multiple version of pezsp-runtime-interface in the repo. So we point to the manifest.
cargo test --locked -q --profile testnet --manifest-path bizinikiwi/primitives/runtime-interface/Cargo.toml ui
test-deterministic-wasm:
timeout-minutes: 40
needs: [preflight, test-pezframe-examples-compile-to-wasm]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
WASM_BUILD_NO_COLOR: 1
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Clean cargo cache to free disk space
run: |
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
- name: script
run: |
# build runtime
cargo build -q --locked --release -p zagros-runtime -p pezkuwichain-runtime
# make checksum
sha256sum target/release/wbuild/*-runtime/target/wasm32-unknown-unknown/release/*.wasm > checksum.sha256
cargo clean
# build again
cargo build -q --locked --release -p zagros-runtime -p pezkuwichain-runtime
# confirm checksum
sha256sum -c checksum.sha256
cargo-check-benches:
needs: [preflight]
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
timeout-minutes: 60
strategy:
matrix:
branch: [master, current]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
with:
# if branch is master, use the branch, otherwise set empty string, so it uses the current context
# either PR (including forks) or merge group (main repo)
ref: ${{ matrix.branch == 'master' && matrix.branch || '' }}
- name: script
shell: bash
run: |
# Fail the step if any command in a pipeline errors out.
set -euo pipefail
ARTIFACTS_DIR=./artifacts
BENCH_TRIE_READ=::trie::read::small
BENCH_NODE_IMPORT=::node::import::sr25519::transfer_keep_alive::paritydb::small
mkdir -p $ARTIFACTS_DIR
# Exclude packages with feature unification issues with --benches flag
# (pezframe-support/runtime-benchmarks gets enabled but the package's runtime-benchmarks doesn't)
# pezpallet-tiki and all its dependents need to be excluded due to EnsureOrigin trait issues
SKIP_WASM_BUILD=1 cargo check --locked --benches --workspace \
--exclude pezpallet-tiki \
--exclude pezpallet-trust \
--exclude pezpallet-welati \
--exclude pezpallet-pez-rewards \
--exclude people-pezkuwichain-runtime \
--exclude pezkuwi-teyrchain-bin \
--exclude asset-hub-zagros-runtime \
--exclude asset-hub-pezkuwichain-runtime \
--exclude collectives-zagros-runtime;
cargo run --locked --release -p pez-node-bench -- $BENCH_TRIE_READ --json | tee $ARTIFACTS_DIR/bench_trie_read_small.json;
cargo run --locked --release -p pez-node-bench -- $BENCH_NODE_IMPORT --json | tee $ARTIFACTS_DIR/bench_transfer_keep_alive.json
- name: Upload artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
path: ./artifacts
name: cargo-check-benches-${{ matrix.branch }}-${{ github.sha }}
retention-days: 1
pez-node-bench-regression-guard:
timeout-minutes: 20
# Only run on PR/merge_group where cargo-check-benches produces artifacts
if: always() && !cancelled() && (github.event_name == 'pull_request' || github.event_name == 'merge_group')
runs-on: ubuntu-latest
needs: [preflight, cargo-check-benches]
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download artifact (master run)
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
continue-on-error: true
with:
name: cargo-check-benches-master-${{ github.sha }}
path: ./artifacts/master
- name: Download artifact (current run)
uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
continue-on-error: true
with:
name: cargo-check-benches-current-${{ github.sha }}
path: ./artifacts/current
- name: script
id: compare
run: |
if [ "${{ github.ref_name }}" = "master" ]; then
echo -e "Exiting on master branch"
exit 0
fi
# fail if no artifacts
if [ ! -d ./artifacts/master ] || [ ! -d ./artifacts/current ]; then
echo "No artifacts found"
exit 1
fi
# NOTE: Using echo instead of docker - pezkuwichain/pez-node-bench-regression-guard not available for Pezkuwi
# If benchmark regression guard is needed, fork the tool to pezkuwichain
echo "::notice::Benchmark regression guard check skipped - tool not available for Pezkuwi SDK"
echo "Comparing artifacts from master and current..."
if [ -d "$PWD/artifacts/master" ] && [ -d "$PWD/artifacts/current" ]; then
echo "Both artifact directories exist"
ls -la $PWD/artifacts/master/ || true
ls -la $PWD/artifacts/current/ || true
fi
if [ $? -ne 0 ]; then
FAILED_MSG='### pez-node-bench-regression-guard failed ❌, check the regression in *cargo-check-benches* job'
echo $FAILED_MSG
echo $FAILED_MSG >> $GITHUB_STEP_SUMMARY
exit 1
else
echo "### pez-node-bench-regression-guard passed ✅" >> $GITHUB_STEP_SUMMARY
fi
test-node-metrics:
needs: [preflight]
timeout-minutes: 45
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Clean cargo cache to free disk space
run: |
cargo clean 2>/dev/null || true
rm -rf ~/.cargo/registry/cache 2>/dev/null || true
rm -rf ~/.cargo/git/db 2>/dev/null || true
- name: Run tests
id: tests
env:
RUST_TOOLCHAIN: stable
# Enable debug assertions since we are running optimized builds for testing
# but still want to have debug assertions.
RUSTFLAGS: "-Cdebug-assertions=y -Dwarnings"
run: |
cargo build --bin pezkuwi-execute-worker --bin pezkuwi-prepare-worker --profile testnet --verbose --locked
mkdir -p ./artifacts
cargo test --profile testnet --locked --features=runtime-metrics -p pezkuwi-node-metrics > ./artifacts/log.txt
echo "Metrics test passed"
- name: Upload artifacts if failed
if: ${{ steps.tests.outcome != 'success' }}
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
with:
name: node-metrics-failed
path: ./artifacts
# more information about this job can be found here:
# https://github.com/pezkuwichain/bizinikiwi/pull/6916
check-tracing:
timeout-minutes: 20
needs: [preflight, test-node-metrics]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
run: |
cargo test --locked --manifest-path ./bizinikiwi/primitives/tracing/Cargo.toml --no-default-features
cargo test --locked --manifest-path ./bizinikiwi/primitives/tracing/Cargo.toml --no-default-features --features=with-tracing
check-metadata-hash:
timeout-minutes: 20
needs: [preflight, check-tracing]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
run: |
cargo build --locked -p zagros-runtime --features metadata-hash
# disabled until https://github.com/pezkuwichain/pezkuwi-sdk/issues/5812 is resolved
# cargo-hfuzz:
# timeout-minutes: 20
# needs: [preflight, check-metadata-hash]
# runs-on: ${{ needs.preflight.outputs.RUNNER }}
# container:
# image: ${{ needs.preflight.outputs.IMAGE }}
# env:
# # max 10s per iteration, 60s per file
# HFUZZ_RUN_ARGS: |
# --exit_upon_crash
# --exit_code_upon_crash 1
# --timeout 10
# --run_time 60
# # use git version of honggfuzz-rs until v0.5.56 is out, we need a few recent changes:
# # https://github.com/rust-fuzz/honggfuzz-rs/pull/75 to avoid breakage on debian
# # https://github.com/rust-fuzz/honggfuzz-rs/pull/81 fix to the above pr
# # https://github.com/rust-fuzz/honggfuzz-rs/pull/82 fix for handling absolute CARGO_TARGET_DIR
# HFUZZ_BUILD_ARGS: |
# --config=patch.crates-io.honggfuzz.git="https://github.com/altaua/honggfuzz-rs"
# --config=patch.crates-io.honggfuzz.rev="205f7c8c059a0d98fe1cb912cdac84f324cb6981"
# steps:
# - name: Checkout
# uses: actions/checkout@v4
# - name: Run honggfuzz
# run: |
# cd bizinikiwi/primitives/arithmetic/fuzzer
# cargo hfuzz build
# for target in $(cargo read-manifest | jq -r '.targets | .[] | .name');
# do
# cargo hfuzz run "$target" || { printf "fuzzing failure for %s\n" "$target"; exit 1; };
# done
# - name: Upload artifacts
# uses: actions/upload-artifact@v4.3.6
# with:
# path: bizinikiwi/primitives/arithmetic/fuzzer/hfuzz_workspace/
# name: hfuzz-${{ github.sha }}
cargo-check-each-crate:
timeout-minutes: 70
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER }}
if: ${{ needs.preflight.outputs.changes_rust }}
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUSTFLAGS: "-D warnings"
CI_JOB_NAME: cargo-check-each-crate
strategy:
matrix:
index: [1, 2, 3, 4, 5, 6, 7] # 7 parallel jobs
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Check Rust
run: |
rustup show
rustup +nightly show
- name: script
run: |
PYTHONUNBUFFERED=x .github/scripts/check-each-crate.py ${{ matrix.index }} ${{ strategy.job-total }}
cargo-check-all-crate-macos:
timeout-minutes: 60
needs: [preflight]
runs-on: ${{ needs.preflight.outputs.RUNNER_MACOS }}
if: ${{ needs.preflight.outputs.changes_rust }}
env:
SKIP_WASM_BUILD: 1
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set rust version from env file
run: |
RUST_VERSION=$(cat .github/env | sed -E 's/.*ci-unified:([^-]+)-([^-]+).*/\2/')
echo $RUST_VERSION
echo "RUST_VERSION=${RUST_VERSION}" >> $GITHUB_ENV
- name: Set up Homebrew
uses: Homebrew/actions/setup-homebrew@1ccc07ccd54b6048295516a3eb89b192c35057dc # master from 12.09.2024
# Is broken because of different bash versions
# - name: Install rust ${{ env.RUST_VERSION }}
# uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
# with:
# cache: false
# toolchain: ${{ env.RUST_VERSION }}
# target: wasm32-unknown-unknown
# components: cargo, clippy, rust-docs, rust-src, rustfmt, rustc, rust-std
- name: Install rust ${{ env.RUST_VERSION }}
run: |
curl https://sh.rustup.rs -sSf | sh -s -- -y --default-toolchain $RUST_VERSION
source $HOME/.cargo/env
rustup target add wasm32-unknown-unknown
rustup component add clippy rust-docs rust-src rustfmt rustc rust-std
- name: Install protobuf
run: brew install protobuf
- name: install solc
run: brew install solidity
- name: Install resolc
run: |
source $HOME/.cargo/env
VERSION="0.5.0"
ASSET_URL="https://github.com/pezkuwichain/revive/releases/download/v$VERSION/resolc-universal-apple-darwin"
echo "Downloading resolc v$VERSION from $ASSET_URL"
curl -Lsf --show-error -o $HOME/.cargo/bin/resolc "$ASSET_URL"
chmod +x $HOME/.cargo/bin/resolc
xattr -c $HOME/.cargo/bin/resolc
resolc --version
- name: Install llvm
run: |
brew install llvm@20
brew link llvm@20
- name: cargo info
run: |
source $HOME/.cargo/env
echo "######## rustup show ########"
rustup show
echo "######## cargo --version ########"
cargo --version
- name: Run cargo check
run: |
source $HOME/.cargo/env
cargo check --workspace --locked
confirm-required-test-mipezsc-jobs-passed:
runs-on: ubuntu-latest
name: All test misc tests passed
# If any new job gets added, be sure to add it to this array
needs:
- test-full-crypto-feature
- test-pezframe-examples-compile-to-wasm
- test-pezframe-ui
- cargo-check-benches
- pez-node-bench-regression-guard
- test-node-metrics
- check-tracing
- cargo-check-each-crate
- test-deterministic-wasm
# - cargo-hfuzz remove from required for now, as it's flaky
if: always() && !cancelled()
steps:
- run: |
tee resultfile <<< '${{ toJSON(needs) }}'
FAILURES=$(cat resultfile | grep '"result": "failure"' | wc -l)
if [ $FAILURES -gt 0 ]; then
echo "### At least one required job failed ❌" >> $GITHUB_STEP_SUMMARY
exit 1
else
echo '### Good job! All the required jobs passed 🚀' >> $GITHUB_STEP_SUMMARY
fi
.github/workflows/tests.yml
+89
View File
@@ -0,0 +1,89 @@
name: tests
on:
push:
branches:
- main
pull_request:
types: [opened, synchronize, reopened, ready_for_review]
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/reusable-preflight.yml
# This job runs all benchmarks defined in the `/bin/node/runtime` once to check that there are no errors.
quick-benchmarks:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
RUSTFLAGS: "-C debug-assertions -D warnings"
RUST_BACKTRACE: "full"
WASM_BUILD_NO_COLOR: 1
WASM_BUILD_RUSTFLAGS: "-C debug-assertions -D warnings"
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
run: cargo run --locked --release -p pez-staging-node-cli --bin bizinikiwi-node --features runtime-benchmarks --quiet -- benchmark pallet --chain dev --pallet "*" --extrinsic "*" --steps 2 --repeat 1 --quiet
# cf https://github.com/pezkuwichain/pezkuwi-sdk/issues/1652
test-syscalls:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
continue-on-error: true # this rarely triggers in practice
env:
SKIP_WASM_BUILD: 1
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
id: test
run: |
cargo build --locked --profile production --target x86_64-unknown-linux-musl --bin pezkuwi-execute-worker --bin pezkuwi-prepare-worker --quiet
cd pezkuwi/scripts/list-syscalls
./list-syscalls.rb ../../../target/x86_64-unknown-linux-musl/production/pezkuwi-execute-worker --only-used-syscalls | diff -u execute-worker-syscalls -
./list-syscalls.rb ../../../target/x86_64-unknown-linux-musl/production/pezkuwi-prepare-worker --only-used-syscalls | diff -u prepare-worker-syscalls -
- name: on_failure
if: failure() && steps.test.outcome == 'failure'
run: |
echo "The x86_64 syscalls used by the worker binaries have changed. Please review if this is expected and update pezkuwi/scripts/list-syscalls/*-worker-syscalls as needed." >> $GITHUB_STEP_SUMMARY
cargo-check-all-benches:
needs: [preflight]
if: ${{ needs.preflight.outputs.changes_rust }}
runs-on: ${{ needs.preflight.outputs.RUNNER }}
timeout-minutes: 60
container:
image: ${{ needs.preflight.outputs.IMAGE }}
env:
SKIP_WASM_BUILD: 1
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: script
# Exclude packages with feature unification issues with --benches flag
# (pezframe-support/runtime-benchmarks gets enabled but the package's runtime-benchmarks doesn't)
# pezpallet-tiki and all its dependents need to be excluded due to EnsureOrigin trait issues.
# FIXED: pezpallet-pez-rewards, collectives-zagros-runtime, asset-hub-* are now included!
run: |
cargo check --workspace --benches --quiet \
--exclude pezpallet-tiki \
--exclude pezpallet-trust \
--exclude pezpallet-welati \
--exclude people-pezkuwichain-runtime \
--exclude pezkuwi-teyrchain-bin
.github/workflows/zombienet-reusable-preflight.yml
+346
View File
@@ -0,0 +1,346 @@
# Reusable workflow to set various useful variables
# and to perform checks and generate conditions for other workflows.
# Currently it checks if any Rust (build-related) file is changed
# and if the current (caller) workflow file is changed.
# Example:
#
# jobs:
# preflight:
# uses: ./.github/workflows/reusable-preflight.yml
# some-job:
# needs: changes
# if: ${{ needs.preflight.outputs.changes_rust }}
# .......
name: Zombienet Preflight
on:
workflow_call:
inputs:
tests_yaml:
required: true
type: string
test_pattern:
required: false
type: string
build_run_id:
required: true
type: string
description: "Build run ID from the build workflow."
ref_slug:
required: false
type: string
# Map the workflow outputs to job outputs
outputs:
changes_bizinikiwi:
value: ${{ jobs.preflight.outputs.changes_bizinikiwi }}
description: |
True iff there are changes in bizinikiwi directory or the current workflow
changes_pezcumulus:
value: ${{ jobs.preflight.outputs.changes_pezcumulus }}
description: |
True iff there are changes in pezcumulus directory or the current workflow
changes_pezkuwi:
value: ${{ jobs.preflight.outputs.changes_pezkuwi }}
description: |
True iff there are changes in pezkuwi directory or the current workflow
changes_bridges:
value: ${{ jobs.preflight.outputs.changes_bridges }}
description: |
True iff there are changes in bridges directory or the current workflow
changes_templates:
value: ${{ jobs.preflight.outputs.changes_templates }}
description: |
True iff there are changes in templates directory or the current workflow
changes_zombienet:
value: ${{ jobs.preflight.outputs.changes_zombienet }}
description: |
True iff there are changes in zombienet tests/actions/scripts or the current workflow
CI_IMAGE:
value: ${{ jobs.preflight.outputs.CI_IMAGE }}
description: "CI image"
DOCKER_IMAGES_VERSION:
value: ${{ jobs.preflight.outputs.DOCKER_IMAGES_VERSION }}
description: |
Version for temp docker images.
SOURCE_REF_SLUG:
value: ${{ jobs.preflight.outputs.SOURCE_REF_SLUG }}
BUILD_RUN_ID:
value: ${{ inputs.build_run_id }}
description: |
Id of the build run, needed to download the artifacts.
# zombienet related vars
ZOMBIENET_PROVIDER:
value: ${{ jobs.preflight.outputs.ZOMBIENET_PROVIDER }}
description: "Provider to use in zombienet tests."
ZOMBIENET_IMAGE:
value: ${{ jobs.preflight.outputs.ZOMBIENET_IMAGE }}
description: "ZOMBIENET CI image"
ZOMBIENET_DEFAULT_RUNNER:
value: ${{ jobs.preflight.outputs.ZOMBIENET_DEFAULT_RUNNER }}
description: |
Main runner for zombienet tests.
ZOMBIENET_LARGE_RUNNER:
value: ${{ jobs.preflight.outputs.ZOMBIENET_LARGE_RUNNER }}
description: |
Large runner for zombienet tests.
DEBUG:
value: ${{ jobs.preflight.outputs.DEBUG }}
description: "Debug value to zombienet v1 tests."
# zombienet-sdk related vars
ZOMBIE_PROVIDER:
value: ${{ jobs.preflight.outputs.ZOMBIE_PROVIDER }}
description: "Provider to use in zombienet-sdk tests."
RUST_LOG:
value: ${{ jobs.preflight.outputs.RUST_LOG }}
description: "Log value to use in zombinet-sdk tests."
ZOMBIENET_SDK_DEFAULT_RUNNER:
value: ${{ jobs.preflight.outputs.ZOMBIENET_SDK_DEFAULT_RUNNER }}
description: |
Main runner for zombienet-sdk tests.
ZOMBIENET_SDK_LARGE_RUNNER:
value: ${{ jobs.preflight.outputs.ZOMBIENET_SDK_LARGE_RUNNER }}
description: |
Large runner for zombienet-sdk tests.
ZOMBIENET_SDK_IMAGE:
value: ${{ jobs.preflight.outputs.ZOMBIENET_SDK_IMAGE }}
description: "zombienet-sdk CI image"
# common vars
PUSHGATEWAY_URL:
value: ${{ jobs.preflight.outputs.PUSHGATEWAY_URL }}
description: "Gateway (url) to push metrics related to test."
KUBERNETES_CPU_REQUEST:
value: ${{ jobs.preflight.outputs.KUBERNETES_CPU_REQUEST }}
description: "Base cpu (request) for pod runner."
KUBERNETES_MEMORY_REQUEST:
value: ${{ jobs.preflight.outputs.KUBERNETES_MEMORY_REQUEST }}
description: "Base memory (request) for pod runner."
TEMP_IMAGES_BASE:
value: ${{ jobs.preflight.outputs.TEMP_IMAGES_BASE }}
description: |
Base location for 'temp' images used in tests.
FLAKY_TESTS:
value: ${{ jobs.preflight.outputs.FLAKY_TESTS }}
description: |
comma separated list of flaky tests to skip.
TEST_MATRIX:
value: ${{ jobs.preflight.outputs.TEST_MATRIX }}
description: |
JSON formatted test matrix parsed from test yaml
jobs:
#
#
#
preflight:
runs-on: ubuntu-latest
if: github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' || ! contains(github.event.pull_request.labels.*.name, 'T19-skip-zombienet_tests')
outputs:
changes_bizinikiwi: ${{ steps.set_changes.outputs.bizinikiwi_any_changed == 'true' || steps.set_changes.outputs.currentWorkflow_any_changed == 'true' }}
changes_pezcumulus: ${{ steps.set_changes.outputs.pezcumulus_any_changed == 'true' || steps.set_changes.outputs.currentWorkflow_any_changed == 'true' }}
changes_pezkuwi: ${{ steps.set_changes.outputs.pezkuwi_any_changed == 'true' || steps.set_changes.outputs.currentWorkflow_any_changed == 'true' }}
changes_bridges: ${{ steps.set_changes.outputs.bridges_any_changed == 'true' || steps.set_changes.outputs.currentWorkflow_any_changed == 'true' }}
changes_templates: ${{ steps.set_changes.outputs.templates_any_changed == 'true' || steps.set_changes.outputs.currentWorkflow_any_changed == 'true' }}
changes_zombienet: ${{ steps.set_changes.outputs.zombienet_any_changed == 'true' || steps.set_changes.outputs.currentWorkflow_any_changed == 'true' }}
CI_IMAGE: ${{ steps.set_vars.outputs.IMAGE }}
# images versions
DOCKER_IMAGES_VERSION: ${{ steps.set_images_version.outputs.DOCKER_IMAGES_VERSION }}
SOURCE_REF_SLUG: ${{ steps.set_vars.outputs.SOURCE_REF_SLUG }}
# zombienet-env vars
ZOMBIENET_PROVIDER: ${{ steps.set_vars.outputs.ZOMBIENET_PROVIDER }}
ZOMBIENET_IMAGE: ${{ steps.set_vars.outputs.ZOMBIENET_IMAGE }}
ZOMBIENET_DEFAULT_RUNNER: ${{ steps.set_vars.outputs.ZOMBIENET_DEFAULT_RUNNER }}
ZOMBIENET_LARGE_RUNNER: ${{ steps.set_vars.outputs.ZOMBIENET_LARGE_RUNNER }}
PUSHGATEWAY_URL: ${{ steps.set_vars.outputs.PUSHGATEWAY_URL }}
DEBUG: ${{ steps.set_vars.outputs.DEBUG }}
KUBERNETES_CPU_REQUEST: ${{ steps.set_vars.outputs.KUBERNETES_CPU_REQUEST }}
KUBERNETES_MEMORY_REQUEST: ${{ steps.set_vars.outputs.KUBERNETES_MEMORY_REQUEST }}
TEMP_IMAGES_BASE: ${{ steps.set_vars.outputs.TEMP_IMAGES_BASE }}
FLAKY_TESTS: ${{ steps.set_vars.outputs.FLAKY_TESTS }}
TEST_MATRIX: ${{ steps.generate_test_matrix.outputs.TEST_MATRIX }}
# zombienet-sdk vars
RUST_LOG: ${{ steps.set_vars.outputs.RUST_LOG }}
ZOMBIE_PROVIDER: ${{ steps.set_vars.outputs.ZOMBIE_PROVIDER }}
ZOMBIENET_SDK_IMAGE: ${{ steps.set_vars.outputs.ZOMBIENET_SDK_IMAGE }}
ZOMBIENET_SDK_DEFAULT_RUNNER: ${{ steps.set_vars.outputs.ZOMBIENET_SDK_DEFAULT_RUNNER }}
ZOMBIENET_SDK_LARGE_RUNNER: ${{ steps.set_vars.outputs.ZOMBIENET_SDK_LARGE_RUNNER }}
steps:
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
#
# Set changes
#
- name: Current file
id: current_file
shell: bash
run: |
echo "currentWorkflowFile=$(echo ${{ github.workflow_ref }} | sed -nE "s/.*(\.github\/workflows\/[a-zA-Z0-9_-]*\.y[a]?ml)@refs.*/\1/p")" >> $GITHUB_OUTPUT
echo "currentActionDir=$(echo ${{ github.action_path }} | sed -nE "s/.*(\.github\/actions\/[a-zA-Z0-9_-]*)/\1/p")" >> $GITHUB_OUTPUT
- name: Set changes
id: set_changes
uses: tj-actions/changed-files@24d32ffd492484c1d75e0c0b894501ddb9d30d62 #v47.0.0
with:
files_yaml: |
bizinikiwi:
- 'bizinikiwi/**/*'
pezcumulus:
- 'pezcumulus/**/*'
pezkuwi:
- 'pezkuwi/**/*'
bridges:
- 'bridges/**/*'
templates:
- 'templates/**/*'
zombienet:
- '.github/zombienet-tests/**/*'
- '.github/actions/zombienet/**'
- '.github/actions/zombienet-sdk/**'
- '.github/scripts/parse-zombienet-tests.py'
- '.github/scripts/process-logs-zombienet.sh'
- '.github/workflows/zombienet*.yml'
currentWorkflow:
- '${{ steps.current_file.outputs.currentWorkflowFile }}'
- '.github/workflows/zombienet-reusable-preflight.yml'
- '.github/zombienet-env'
- '.github/zombienet-flaky-tests'
#
# Set environment vars (including runner/image)
#
- name: Set vars
id: set_vars
shell: bash
env:
INPUT_REF_SLUG: ${{ inputs.ref_slug }}
run: |
# Determine SOURCE_REF_SLUG
if [[ -n "${INPUT_REF_SLUG}" ]]; then
echo "Using provided ref_slug: ${INPUT_REF_SLUG}"
SOURCE_REF_SLUG="${INPUT_REF_SLUG}"
else
echo "Calculating ref_slug from current context"
export SOURCE_REF_NAME=${{ github.head_ref || github.ref_name }}
SOURCE_REF_SLUG="${SOURCE_REF_NAME//\//_}"
fi
{
echo "SOURCE_REF_SLUG=${SOURCE_REF_SLUG}"
# filter out comments and empty lines
cat .github/zombienet-env | grep -Ev '^\s*#|^\s*$'
. .github/zombienet-env
# Determine if we should use persistent runners (for merge queues)
RUNNER_SUFFIX=""
if [[ $GITHUB_REF_NAME == *"gh-readonly-queue"* ]]; then
RUNNER_SUFFIX="_PERSISTENT"
fi
# Set zombienet v1 configuration
if [[ "$ZOMBIENET_PROVIDER" == "native" ]]; then
echo "ZOMBIENET_IMAGE=${ZOMBIENET_IMAGE_FOR_NATIVE}"
DEFAULT_RUNNER_VAR="ZOMBIENET_DEFAULT_RUNNER_FOR_NATIVE${RUNNER_SUFFIX}"
LARGE_RUNNER_VAR="ZOMBIENET_LARGE_RUNNER_FOR_NATIVE${RUNNER_SUFFIX}"
echo "ZOMBIENET_DEFAULT_RUNNER=${!DEFAULT_RUNNER_VAR}"
echo "ZOMBIENET_LARGE_RUNNER=${!LARGE_RUNNER_VAR}"
else
echo "ZOMBIENET_IMAGE=${ZOMBIENET_IMAGE_FOR_K8S}"
# runner size for k8s is not relevant, it "only" spawns pods and runs the test
echo "ZOMBIENET_DEFAULT_RUNNER=${ZOMBIENET_RUNNER_FOR_K8S}"
echo "ZOMBIENET_LARGE_RUNNER=${ZOMBIENET_RUNNER_FOR_K8S}"
fi
if [[ "$ZOMBIE_PROVIDER" == "native" ]]; then
echo "ZOMBIENET_SDK_IMAGE=${ZOMBIENET_SDK_IMAGE_FOR_NATIVE}"
SDK_DEFAULT_RUNNER_VAR="ZOMBIENET_SDK_DEFAULT_RUNNER_FOR_NATIVE${RUNNER_SUFFIX}"
SDK_LARGE_RUNNER_VAR="ZOMBIENET_SDK_LARGE_RUNNER_FOR_NATIVE${RUNNER_SUFFIX}"
echo "ZOMBIENET_SDK_DEFAULT_RUNNER=${!SDK_DEFAULT_RUNNER_VAR}"
echo "ZOMBIENET_SDK_LARGE_RUNNER=${!SDK_LARGE_RUNNER_VAR}"
else
echo "ZOMBIENET_SDK_IMAGE=${ZOMBIENET_SDK_IMAGE_FOR_K8S}"
# runner size for k8s is not relevant, it "only" spawns pods and runs the test
echo "ZOMBIENET_SDK_DEFAULT_RUNNER=${ZOMBIENET_SDK_RUNNER_FOR_K8S}"
echo "ZOMBIENET_SDK_LARGE_RUNNER=${ZOMBIENET_SDK_RUNNER_FOR_K8S}"
fi
# Trick for multline strings: https://docs.github.com/en/actions/writing-workflows/choosing-what-your-workflow-does/workflow-commands-for-github-actions#example-of-a-multiline-string
echo 'FLAKY_TESTS<<EOF'
cat .github/zombienet-flaky-tests | sed 's/:[0-9]*$//'
echo EOF
# global img from ci
cat .github/env
} >> $GITHUB_OUTPUT
cat .github/zombienet-env
cat .github/env
echo "FLAKY_TESTS:"
cat .github/zombienet-flaky-tests
#
#
#
- name: Set docker images version
id: set_images_version
shell: bash
run: |
export DOCKER_IMAGES_VERSION=${{ github.event.pull_request.head.sha }}
if [[ ${{ github.event_name }} == "merge_group" || ${{ github.event_name }} == "workflow_dispatch" || ${{ github.event_name }} == "push" ]]; then
export DOCKER_IMAGES_VERSION="${GITHUB_SHA}";
fi
echo "DOCKER_IMAGES_VERSION=${DOCKER_IMAGES_VERSION}" >> $GITHUB_OUTPUT
- name: log
shell: bash
run: |
echo "workflow file: ${{ steps.current_file.outputs.currentWorkflowFile }}"
echo "Modified: ${{ steps.set_changes.outputs.modified_keys }}"
echo "CI_IMAGE: ${{ steps.set_vars.outputs.IMAGE }}"
echo "ZOMBIENET_IMAGE: ${{ steps.set_vars.outputs.ZOMBIENET_IMAGE }}"
echo "ZOMBIENET_SDK_IMAGE: ${{ steps.set_vars.outputs.ZOMBIENET_SDK_IMAGE }}"
- name: Generate test matrix
id: generate_test_matrix
shell: bash
env:
TESTS_YAML: ${{ inputs.tests_yaml }}
TEST_PATTERN: ${{ inputs.test_pattern || '' }}
run: |
python3 .github/scripts/parse-zombienet-tests.py \
--matrix ${TESTS_YAML} \
--flaky-tests "${{ steps.set_vars.outputs.FLAKY_TESTS }}" \
--test-pattern "${TEST_PATTERN}" > matrix.json
echo "TEST_MATRIX=$(cat matrix.json)" >> $GITHUB_OUTPUT
echo "TEST_MATRIX:"
cat matrix.json | jq '.'
.github/workflows/zombienet_bizinikiwi.yml
+122
View File
@@ -0,0 +1,122 @@
name: Zombienet Bizinikiwi
on:
workflow_call:
inputs:
build_run_id:
type: string
description: "Build run ID from the build workflow."
required: true
ref_slug:
type: string
description: "Source ref slug from the build workflow."
required: false
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
workflow_dispatch:
inputs:
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
concurrency:
group: bizinikiwi-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.run_id }}
cancel-in-progress: true
permissions: read-all
env:
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
GHA_CLUSTER_SERVER_ADDR: "https://kubernetes.default:443"
# use spot by default
X_INFRA_INSTANCE: "spot"
# don't retry sdk tests
NEXTEST_RETRIES: 0
KUBECONFIG: "/data/config"
ZOMBIE_CLEANER_DISABLED: 1
# DB generated from commit: https://github.com/pezkuwichain/pezkuwi-sdk/commit/868788a5bff3ef94869bd36432726703fe3b4e96
# TODO: As a workaround for https://github.com/pezkuwichain/pezkuwi-sdk/issues/2568 the DB was generated in archive mode.
# After the issue is fixed, we should replace it with a pruned version of the DB.
DB_SNAPSHOT: "https://storage.googleapis.com/zombienet-db-snaps/bizinikiwi/0001-basic-warp-sync/chains-9677807d738b951e9f6c82e5fd15518eb0ae0419.tgz"
DB_BLOCK_HEIGHT: 56687
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/zombienet-reusable-preflight.yml
with:
tests_yaml: .github/zombienet-tests/zombienet_bizinikiwi_tests.yml
test_pattern: ${{ inputs.test_pattern }}
build_run_id: ${{ inputs.build_run_id }}
ref_slug: ${{ inputs.ref_slug }}
zombienet-bizinikiwi-tests:
name: ${{ matrix.test.job-name }}
runs-on: ${{ matrix.test.runner-type == 'large' && (matrix.test.use-zombienet-sdk && needs.preflight.outputs.ZOMBIENET_SDK_LARGE_RUNNER || needs.preflight.outputs.ZOMBIENET_LARGE_RUNNER) || (matrix.test.use-zombienet-sdk && needs.preflight.outputs.ZOMBIENET_SDK_DEFAULT_RUNNER || needs.preflight.outputs.ZOMBIENET_DEFAULT_RUNNER) }}
timeout-minutes: 70 # 60 for test + 10 for send logs
needs: [preflight]
if: ${{ github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' || (needs.preflight.outputs.changes_bizinikiwi == 'true' || needs.preflight.outputs.changes_pezkuwi == 'true' || needs.preflight.outputs.changes_zombienet == 'true') }}
container:
image: ${{ matrix.test.use-zombienet-sdk && needs.preflight.outputs.ZOMBIENET_SDK_IMAGE || needs.preflight.outputs.ZOMBIENET_IMAGE }}
options: -v /tmp/zombienet:/tmp/zombienet
env:
ZOMBIENET_INTEGRATION_TEST_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/pezkuwi-debug:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
DEBUG: ${{ needs.preflight.outputs.DEBUG }}
ZOMBIENET_PROVIDER: ${{ needs.preflight.outputs.ZOMBIENET_PROVIDER }}
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.preflight.outputs.TEST_MATRIX) }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Additional setup
if: ${{ matrix.test.additional-setup }}
shell: bash
run: ${{ matrix.test.additional-setup }}
- name: zombienet_test (v1)
timeout-minutes: 60
uses: ./.github/actions/zombienet
with:
test-definition: ${{ matrix.test.test-definition }}
job-name: ${{ matrix.test.job-name }}
local-dir: ${{ matrix.test.local-dir }}
concurrency: ${{ matrix.test.concurrency || 1 }}
gh-token: ${{ secrets.GITHUB_TOKEN }}
build-id: ${{ needs.preflight.outputs.BUILD_RUN_ID }}
ref-slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: process_logs
if: ${{ always() }}
shell: bash
run: |
echo "Processing log files"
echo "::group::Logs"
# do not fail the whole run if this step fails
if ! ./.github/scripts/process-logs-zombienet.sh ; then
echo "::endgroup::"
echo "::warning ::WARNING: Failed to process logs"
else
echo "::endgroup::"
fi
- name: upload_logs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: ${{ always() }}
with:
name: zombienet-logs-${{ matrix.test.job-name }}-${{ github.sha }}
path: |
/tmp/zombie*/logs/*
.github/workflows/zombienet_pezcumulus.yml
+133
View File
@@ -0,0 +1,133 @@
name: Zombienet Pezcumulus
on:
workflow_call:
inputs:
build_run_id:
type: string
description: "Build run ID from the build workflow."
required: true
ref_slug:
type: string
description: "Source ref slug from the build workflow."
required: false
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
workflow_dispatch:
inputs:
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
concurrency:
group: pezcumulus-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.run_id }}
cancel-in-progress: true
permissions: read-all
env:
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
LOCAL_DIR: "./pezcumulus/zombienet/tests"
GHA_CLUSTER_SERVER_ADDR: "https://kubernetes.default:443"
# use spot by default
X_INFRA_INSTANCE: "spot"
# don't retry sdk tests
NEXTEST_RETRIES: 0
KUBECONFIG: "/data/config"
ZOMBIE_CLEANER_DISABLED: 1
# only run if we have changes in [bizinikiwi, pezcumulus, pezkuwi] directories or this workflow.
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/zombienet-reusable-preflight.yml
with:
tests_yaml: .github/zombienet-tests/zombienet_pezcumulus_tests.yml
test_pattern: ${{ inputs.test_pattern }}
build_run_id: ${{ inputs.build_run_id }}
ref_slug: ${{ inputs.ref_slug }}
zombienet-pezcumulus-tests:
name: ${{ matrix.test.job-name }}
runs-on: ${{ matrix.test.runner-type == 'large' && needs.preflight.outputs.ZOMBIENET_SDK_LARGE_RUNNER || needs.preflight.outputs.ZOMBIENET_SDK_DEFAULT_RUNNER }}
timeout-minutes: 70 # 60 for test + 10 for send logs
needs: [preflight]
# Run if: called from build workflow OR merge_group OR (changes detected)
if: ${{ github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' || (needs.preflight.outputs.changes_bizinikiwi == 'true' || needs.preflight.outputs.changes_pezcumulus == 'true' || needs.preflight.outputs.changes_pezkuwi == 'true' || needs.preflight.outputs.changes_zombienet == 'true') }}
container:
image: ${{ needs.preflight.outputs.ZOMBIENET_SDK_IMAGE }}
options: -v /tmp/zombienet:/tmp/zombienet
env:
PEZKUWI_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/pezkuwi-debug:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
CUMULUS_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/${{ matrix.test.pezcumulus-image }}:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
RUST_LOG: ${{ needs.preflight.outputs.RUST_LOG }}
ZOMBIE_PROVIDER: ${{ needs.preflight.outputs.ZOMBIE_PROVIDER }}
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.preflight.outputs.TEST_MATRIX) }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0
if: ${{ matrix.test.needs-wasm-binary }}
with:
name: build-test-teyrchain-${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ needs.preflight.outputs.BUILD_RUN_ID }}
- name: provide_wasm_binary
if: ${{ matrix.test.needs-wasm-binary }}
run: |
tar -xvf artifacts.tar
ls -ltr artifacts/*
cp ./artifacts/zombienet/wasm_binary_spec_version_incremented.rs.compact.compressed.wasm /tmp/
cp ./artifacts/zombienet/wasm_binary_elastic_scaling.rs.compact.compressed.wasm /tmp/
cp ./artifacts/zombienet/wasm_binary_elastic_scaling_12s_slot.rs.compact.compressed.wasm /tmp/
ls -ltr /tmp
rm -rf artifacts
- name: zombienet_test
timeout-minutes: 60
uses: ./.github/actions/zombienet-sdk
with:
test-filter: ${{ matrix.test.test-filter }}
job-name: ${{ matrix.test.job-name }}
prefix: "pezcumulus"
gh-token: ${{ secrets.GITHUB_TOKEN }}
build-id: ${{ needs.preflight.outputs.BUILD_RUN_ID }}
ref-slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: process_logs
if: ${{ always() }}
shell: bash
run: |
echo "Processing log files"
echo "::group::Logs"
# do not fail the whole run if this step fails
if ! ./.github/scripts/process-logs-zombienet.sh ; then
echo "::endgroup::"
echo "::warning ::WARNING: Failed to process logs"
else
echo "::endgroup::"
fi
- name: upload_logs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: ${{ always() }}
with:
name: zombienet-logs-${{ matrix.test.job-name }}-${{ github.sha }}
path: |
/tmp/zombie*/logs/*
.github/workflows/zombienet_pezkuwi.yml
+141
View File
@@ -0,0 +1,141 @@
name: Zombienet Pezkuwi
on:
workflow_call:
inputs:
build_run_id:
type: string
description: "Build run ID from the build workflow."
required: true
ref_slug:
type: string
description: "Source ref slug from the build workflow."
required: false
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
workflow_dispatch:
inputs:
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
concurrency:
group: pezkuwi-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.run_id }}
cancel-in-progress: true
permissions: read-all
env:
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
LOCAL_DIR: "./pezkuwi/zombienet_tests"
GHA_CLUSTER_SERVER_ADDR: "https://kubernetes.default:443"
# use spot by default
X_INFRA_INSTANCE: "spot"
# don't retry sdk tests
NEXTEST_RETRIES: 0
KUBECONFIG: "/data/config"
ZOMBIE_CLEANER_DISABLED: 1
# only run if we have changes in [bizinikiwi, pezkuwi] directories or this workflow.
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/zombienet-reusable-preflight.yml
with:
tests_yaml: .github/zombienet-tests/zombienet_pezkuwi_tests.yml
test_pattern: ${{ inputs.test_pattern }}
build_run_id: ${{ inputs.build_run_id }}
ref_slug: ${{ inputs.ref_slug }}
zombienet-pezkuwi-tests:
name: ${{ matrix.test.job-name }}
runs-on: ${{ matrix.test.runner-type == 'large' && (matrix.test.use-zombienet-sdk && needs.preflight.outputs.ZOMBIENET_SDK_LARGE_RUNNER || needs.preflight.outputs.ZOMBIENET_LARGE_RUNNER) || (matrix.test.use-zombienet-sdk && needs.preflight.outputs.ZOMBIENET_SDK_DEFAULT_RUNNER || needs.preflight.outputs.ZOMBIENET_DEFAULT_RUNNER) }}
timeout-minutes: 70 # 60 for test + 10 for send logs
needs: [preflight]
if: ${{ github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' || (needs.preflight.outputs.changes_bizinikiwi == 'true' || needs.preflight.outputs.changes_pezkuwi == 'true' || needs.preflight.outputs.changes_zombienet == 'true') }}
container:
image: ${{ matrix.test.use-zombienet-sdk && needs.preflight.outputs.ZOMBIENET_SDK_IMAGE || needs.preflight.outputs.ZOMBIENET_IMAGE }}
options: -v /tmp/zombienet:/tmp/zombienet
env:
ZOMBIENET_INTEGRATION_TEST_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/pezkuwi-debug:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
PEZKUWI_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/pezkuwi-debug:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
COL_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/colander:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
CUMULUS_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/${{ matrix.test.pezcumulus-image || 'pezkuwi-teyrchain-debug' }}:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
MALUS_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/malus:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
DEBUG: ${{ needs.preflight.outputs.DEBUG }}
ZOMBIENET_PROVIDER: ${{ needs.preflight.outputs.ZOMBIENET_PROVIDER }}
RUST_LOG: ${{ needs.preflight.outputs.RUST_LOG }}
ZOMBIE_PROVIDER: ${{ needs.preflight.outputs.ZOMBIE_PROVIDER }}
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.preflight.outputs.TEST_MATRIX) }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Set additional environment variables
if: ${{ matrix.test.additional-env }}
shell: bash
run: |
echo '${{ toJson(matrix.test.additional-env) }}' | jq -r 'to_entries[] | "\(.key)=\(.value)"' >> $GITHUB_ENV
- name: Additional setup
if: ${{ matrix.test.additional-setup }}
shell: bash
run: ${{ matrix.test.additional-setup }}
- name: zombienet_test (v1)
if: ${{ !matrix.test.use-zombienet-sdk }}
timeout-minutes: 60
uses: ./.github/actions/zombienet
with:
test-definition: ${{ matrix.test.test-definition }}
job-name: ${{ matrix.test.job-name }}
local-dir: ${{ matrix.test.local-dir }}
concurrency: ${{ matrix.test.concurrency || 1 }}
gh-token: ${{ secrets.GITHUB_TOKEN }}
build-id: ${{ needs.preflight.outputs.BUILD_RUN_ID }}
ref-slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: zombienet_test (sdk)
if: ${{ matrix.test.use-zombienet-sdk }}
uses: ./.github/actions/zombienet-sdk
with:
test-filter: ${{ matrix.test.test-filter }}
job-name: ${{ matrix.test.job-name }}
prefix: "pezkuwi"
gh-token: ${{ secrets.GITHUB_TOKEN }}
build-id: ${{ needs.preflight.outputs.BUILD_RUN_ID }}
ref-slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: process_logs
if: ${{ always() }}
shell: bash
run: |
echo "Processing log files"
echo "::group::Logs"
# do not fail the whole run if this step fails
if ! ./.github/scripts/process-logs-zombienet.sh ; then
echo "::endgroup::"
echo "::warning ::WARNING: Failed to process logs"
else
echo "::endgroup::"
fi
- name: upload_logs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: ${{ always() }}
with:
name: zombienet-logs-${{ matrix.test.job-name }}-${{ github.sha }}
path: |
/tmp/zombie*/logs/*
.github/workflows/zombienet_teyrchain-template.yml
+110
View File
@@ -0,0 +1,110 @@
name: Zombienet Teyrchain Templates
on:
workflow_call:
inputs:
build_run_id:
type: string
description: "Build run ID from the build workflow."
required: true
ref_slug:
type: string
description: "Source ref slug from the build workflow."
required: false
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
workflow_dispatch:
inputs:
test_pattern:
type: string
description: "Run tests which names match this pattern (also flaky)"
default: ""
required: false
concurrency:
group: teyrchain-template-${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}-${{ github.run_id }}
cancel-in-progress: true
permissions: read-all
env:
FF_DISABLE_UMASK_FOR_DOCKER_EXECUTOR: 1
GHA_CLUSTER_SERVER_ADDR: "https://kubernetes.default:443"
# use spot by default
X_INFRA_INSTANCE: "spot"
# only run if we have changes in [bizinikiwi, pezkuwi] directories or this workflow.
jobs:
isdraft:
uses: ./.github/workflows/reusable-isdraft.yml
preflight:
needs: isdraft
uses: ./.github/workflows/zombienet-reusable-preflight.yml
with:
tests_yaml: .github/zombienet-tests/zombienet_teyrchain-template_tests.yml
test_pattern: ${{ inputs.test_pattern }}
build_run_id: ${{ inputs.build_run_id }}
ref_slug: ${{ inputs.ref_slug }}
zombienet-teyrchain-template-tests:
name: ${{ matrix.test.job-name }}
runs-on: ${{ matrix.test.runner-type == 'large' && needs.preflight.outputs.ZOMBIENET_SDK_LARGE_RUNNER || needs.preflight.outputs.ZOMBIENET_SDK_DEFAULT_RUNNER }}
timeout-minutes: 40 # 30 for test + 10 for send logs
needs: [preflight]
# Run if: called from build workflow OR merge_group OR (changes detected)
if: ${{ github.event_name == 'workflow_call' || github.event_name == 'workflow_dispatch' || github.event_name == 'merge_group' || (needs.preflight.outputs.changes_bizinikiwi == 'true' || needs.preflight.outputs.changes_pezcumulus == 'true' || needs.preflight.outputs.changes_pezkuwi == 'true' || needs.preflight.outputs.changes_zombienet == 'true') }}
container:
image: ${{ needs.preflight.outputs.ZOMBIENET_SDK_IMAGE }}
options: -v /tmp/zombienet:/tmp/zombienet
env:
PEZKUWI_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/pezkuwi-debug:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
CUMULUS_IMAGE: "${{ needs.preflight.outputs.TEMP_IMAGES_BASE }}/${{ matrix.test.pezcumulus-image }}:${{ needs.preflight.outputs.DOCKER_IMAGES_VERSION }}"
RUST_LOG: ${{ needs.preflight.outputs.RUST_LOG }}
ZOMBIE_PROVIDER: ${{ needs.preflight.outputs.ZOMBIE_PROVIDER }}
strategy:
fail-fast: false
matrix:
test: ${{ fromJson(needs.preflight.outputs.TEST_MATRIX) }}
steps:
- name: Checkout
uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: zombienet_test
timeout-minutes: 30
uses: ./.github/actions/zombienet-sdk
with:
test-filter: ${{ matrix.test.test-filter }}
job-name: ${{ matrix.test.job-name }}
prefix: "teyrchain-templates"
gh-token: ${{ secrets.GITHUB_TOKEN }}
build-id: ${{ needs.preflight.outputs.BUILD_RUN_ID }}
ref-slug: ${{ needs.preflight.outputs.SOURCE_REF_SLUG }}
- name: process_logs
if: ${{ always() }}
shell: bash
run: |
echo "Processing log files"
echo "::group::Logs"
# do not fail the whole run if this step fails
if ! ./.github/scripts/process-logs-zombienet.sh ; then
echo "::endgroup::"
echo "::warning ::WARNING: Failed to process logs"
else
echo "::endgroup::"
fi
- name: upload_logs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0
if: ${{ always() }}
with:
name: zombienet-logs-${{ matrix.test.job-name }}-${{ github.sha }}
path: |
/tmp/zombie*/logs/*