mirror of
https://github.com/pezkuwichain/pezkuwi-subxt.git
synced 2026-05-30 16:21:02 +00:00
antonio-dropulic
292 lines
11 KiB
YAML
292 lines
11 KiB
YAML
stages:
|
|
- lint
|
|
- check
|
|
- test
|
|
- build
|
|
- publish
|
|
|
|
workflow:
|
|
rules:
|
|
- if: $CI_COMMIT_TAG
|
|
- if: $CI_COMMIT_BRANCH
|
|
|
|
variables: &default-vars
|
|
GIT_STRATEGY: fetch
|
|
GIT_DEPTH: 100
|
|
CARGO_INCREMENTAL: 0
|
|
ARCH: "x86_64"
|
|
CI_IMAGE: "paritytech/bridges-ci:staging"
|
|
RUST_BACKTRACE: full
|
|
|
|
default:
|
|
cache: {}
|
|
|
|
.collect-artifacts: &collect-artifacts
|
|
artifacts:
|
|
name: "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}"
|
|
when: on_success
|
|
expire_in: 7 days
|
|
paths:
|
|
- artifacts/
|
|
|
|
.kubernetes-build: &kubernetes-build
|
|
tags:
|
|
- kubernetes-parity-build
|
|
interruptible: true
|
|
|
|
.docker-env: &docker-env
|
|
image: "${CI_IMAGE}"
|
|
before_script:
|
|
- rustup show
|
|
- cargo --version
|
|
- rustup +nightly show
|
|
- cargo +nightly --version
|
|
- sccache -s
|
|
retry:
|
|
max: 2
|
|
when:
|
|
- runner_system_failure
|
|
- unknown_failure
|
|
- api_failure
|
|
interruptible: true
|
|
tags:
|
|
- linux-docker
|
|
|
|
.test-refs: &test-refs
|
|
rules:
|
|
# FIXME: This is the cause why pipelines wouldn't start. The problem might be in our custom
|
|
# mirroring. This should be investigated further, but for now let's have the working
|
|
# pipeline.
|
|
# - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH
|
|
# changes:
|
|
# - '**.md'
|
|
# - diagrams/*
|
|
# - docs/*
|
|
# when: never
|
|
- if: $CI_PIPELINE_SOURCE == "pipeline"
|
|
- if: $CI_PIPELINE_SOURCE == "web"
|
|
- if: $CI_PIPELINE_SOURCE == "schedule"
|
|
- if: $CI_COMMIT_REF_NAME == "master"
|
|
- if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs
|
|
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
|
|
|
|
.build-refs: &build-refs
|
|
rules:
|
|
# won't run on the CI image update pipeline
|
|
- if: $CI_PIPELINE_SOURCE == "pipeline"
|
|
when: never
|
|
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
|
|
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]{4}-[0-9]{2}-[0-9]{2}.*$/ # i.e. v2021-09-27, v2021-09-27-1
|
|
# there are two types of nightly pipelines:
|
|
# 1. this one is triggered by the schedule with $PIPELINE == "nightly", it's for releasing.
|
|
# this job runs only on nightly pipeline with the mentioned variable, against `master` branch
|
|
- if: $CI_PIPELINE_SOURCE == "schedule" && $PIPELINE == "nightly"
|
|
|
|
.nightly-test: &nightly-test
|
|
rules:
|
|
# 2. another is triggered by scripts repo $CI_PIPELINE_SOURCE == "pipeline" it's for the CI image
|
|
# update, it also runs all the nightly checks.
|
|
- if: $CI_PIPELINE_SOURCE == "pipeline"
|
|
|
|
#### stage: lint
|
|
|
|
clippy-nightly:
|
|
stage: lint
|
|
<<: *docker-env
|
|
<<: *test-refs
|
|
script:
|
|
- SKIP_WASM_BUILD=1 cargo +nightly clippy --all-targets -- -A clippy::redundant_closure
|
|
|
|
fmt:
|
|
stage: lint
|
|
<<: *docker-env
|
|
<<: *test-refs
|
|
script:
|
|
- cargo +nightly fmt --all -- --check
|
|
|
|
spellcheck:
|
|
stage: lint
|
|
<<: *docker-env
|
|
<<: *test-refs
|
|
script:
|
|
- cargo spellcheck check -vvvv --cfg=.config/spellcheck.toml --checkers hunspell -m 1
|
|
|
|
#### stage: check
|
|
|
|
check:
|
|
stage: check
|
|
<<: *docker-env
|
|
<<: *test-refs
|
|
script: &check-script
|
|
- SKIP_WASM_BUILD=1 time cargo check --locked --verbose --workspace
|
|
# Check Rialto benchmarks runtime
|
|
- SKIP_WASM_BUILD=1 time cargo check -p rialto-runtime --locked --features runtime-benchmarks --verbose
|
|
# Check Millau benchmarks runtime
|
|
- SKIP_WASM_BUILD=1 time cargo check -p millau-runtime --locked --features runtime-benchmarks --verbose
|
|
|
|
check-nightly:
|
|
stage: check
|
|
<<: *docker-env
|
|
<<: *nightly-test
|
|
script:
|
|
- rustup default nightly
|
|
- *check-script
|
|
|
|
#### stage: test
|
|
|
|
test:
|
|
stage: test
|
|
<<: *docker-env
|
|
<<: *test-refs
|
|
# variables:
|
|
# RUSTFLAGS: "-D warnings"
|
|
script: &test-script
|
|
- time cargo fetch
|
|
- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-test-runtime\").manifest_path"`
|
|
- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-runtime\").manifest_path"`
|
|
- CARGO_NET_OFFLINE=true time cargo test --verbose --workspace
|
|
|
|
test-nightly:
|
|
stage: test
|
|
<<: *docker-env
|
|
<<: *nightly-test
|
|
script:
|
|
- rustup default nightly
|
|
- *test-script
|
|
|
|
deny:
|
|
stage: test
|
|
<<: *docker-env
|
|
<<: *nightly-test
|
|
<<: *collect-artifacts
|
|
script:
|
|
- cargo deny check advisories --hide-inclusion-graph
|
|
- cargo deny check bans sources --hide-inclusion-graph
|
|
after_script:
|
|
- mkdir -p ./artifacts
|
|
- echo "___Complete logs can be found in the artifacts___"
|
|
- cargo deny check advisories 2> advisories.log
|
|
- cargo deny check bans sources 2> bans_sources.log
|
|
# this job is allowed to fail, only licenses check is important
|
|
allow_failure: true
|
|
|
|
deny-licenses:
|
|
stage: test
|
|
<<: *docker-env
|
|
<<: *test-refs
|
|
<<: *collect-artifacts
|
|
script:
|
|
- cargo deny check licenses --hide-inclusion-graph
|
|
after_script:
|
|
- mkdir -p ./artifacts
|
|
- echo "___Complete logs can be found in the artifacts___"
|
|
- cargo deny check licenses 2> licenses.log
|
|
|
|
#### stage: build
|
|
|
|
build:
|
|
stage: build
|
|
<<: *docker-env
|
|
<<: *build-refs
|
|
<<: *collect-artifacts
|
|
# master
|
|
script: &build-script
|
|
- time cargo fetch
|
|
- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-test-runtime\").manifest_path"`
|
|
- time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-runtime\").manifest_path"`
|
|
- CARGO_NET_OFFLINE=true time cargo build --release --verbose --workspace
|
|
after_script:
|
|
# Prepare artifacts
|
|
- mkdir -p ./artifacts
|
|
- strip ./target/release/rialto-bridge-node
|
|
- mv -v ./target/release/rialto-bridge-node ./artifacts/
|
|
- strip ./target/release/rialto-parachain-collator
|
|
- mv -v ./target/release/rialto-parachain-collator ./artifacts/
|
|
- strip ./target/release/millau-bridge-node
|
|
- mv -v ./target/release/millau-bridge-node ./artifacts/
|
|
- strip ./target/release/substrate-relay
|
|
- mv -v ./target/release/substrate-relay ./artifacts/
|
|
- mv -v ./deployments/local-scripts/bridge-entrypoint.sh ./artifacts/
|
|
- mv -v ./ci.Dockerfile ./artifacts/
|
|
|
|
build-nightly:
|
|
stage: build
|
|
<<: *docker-env
|
|
<<: *collect-artifacts
|
|
<<: *nightly-test
|
|
script:
|
|
- rustup default nightly
|
|
- *build-script
|
|
|
|
#### stage: publish
|
|
|
|
.build-push-image: &build-push-image
|
|
<<: *kubernetes-build
|
|
image: quay.io/buildah/stable
|
|
<<: *build-refs
|
|
variables: &image-variables
|
|
GIT_STRATEGY: none
|
|
DOCKERFILE: ci.Dockerfile
|
|
IMAGE_NAME: docker.io/paritytech/$CI_JOB_NAME
|
|
VAULT_SERVER_URL: "https://vault.parity-mgmt-vault.parity.io"
|
|
VAULT_AUTH_PATH: "gitlab-parity-io-jwt"
|
|
VAULT_AUTH_ROLE: "cicd_gitlab_parity_${CI_PROJECT_NAME}"
|
|
needs:
|
|
- job: build
|
|
artifacts: true
|
|
before_script: &check-versions
|
|
- if [[ "${CI_COMMIT_TAG}" ]]; then
|
|
VERSION=${CI_COMMIT_TAG};
|
|
elif [[ "${CI_COMMIT_REF_NAME}" ]]; then
|
|
VERSION=$(echo ${CI_COMMIT_REF_NAME} | sed -r 's#/+#-#g');
|
|
fi
|
|
- echo "Effective tags = ${VERSION} sha-${CI_COMMIT_SHORT_SHA} latest"
|
|
secrets:
|
|
DOCKER_HUB_USER:
|
|
vault: cicd/gitlab/parity/DOCKER_HUB_USER@kv
|
|
file: false
|
|
DOCKER_HUB_PASS:
|
|
vault: cicd/gitlab/parity/DOCKER_HUB_PASS@kv
|
|
file: false
|
|
script:
|
|
- test "${DOCKER_HUB_USER}" -a "${DOCKER_HUB_PASS}" ||
|
|
( echo "no docker credentials provided"; exit 1 )
|
|
- cd ./artifacts
|
|
- buildah bud
|
|
--format=docker
|
|
--build-arg VCS_REF="${CI_COMMIT_SHORT_SHA}"
|
|
--build-arg BUILD_DATE="$(date +%d-%m-%Y)"
|
|
--build-arg PROJECT="${CI_JOB_NAME}"
|
|
--build-arg VERSION="${VERSION}"
|
|
--tag "${IMAGE_NAME}:${VERSION}"
|
|
--tag "${IMAGE_NAME}:sha-${CI_COMMIT_SHORT_SHA}"
|
|
--tag "${IMAGE_NAME}:latest"
|
|
--file "${DOCKERFILE}" .
|
|
# The job will success only on the protected branch
|
|
- echo "${DOCKER_HUB_PASS}" |
|
|
buildah login --username "${DOCKER_HUB_USER}" --password-stdin docker.io
|
|
- buildah info
|
|
- buildah push --format=v2s2 "${IMAGE_NAME}:${VERSION}"
|
|
- buildah push --format=v2s2 "${IMAGE_NAME}:sha-${CI_COMMIT_SHORT_SHA}"
|
|
- buildah push --format=v2s2 "${IMAGE_NAME}:latest"
|
|
after_script:
|
|
- env REGISTRY_AUTH_FILE= buildah logout --all
|
|
|
|
rialto-bridge-node:
|
|
stage: publish
|
|
<<: *build-push-image
|
|
|
|
rialto-parachain-collator:
|
|
stage: publish
|
|
<<: *build-push-image
|
|
|
|
millau-bridge-node:
|
|
stage: publish
|
|
<<: *build-push-image
|
|
|
|
substrate-relay:
|
|
stage: publish
|
|
<<: *build-push-image
|
|
|
|
# FIXME: publish binaries
|