feat(avm): revert in fuzzer #45636
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # CI for external Aztec contributors. Like ci3.yml, but more locked down. | |
| # | |
| # CAREFUL! We use "exec" a lot to ensure signal propagation to the child process, to allow proper ec2 cleanup. | |
| name: CI3 (External) | |
| on: | |
| # This check is skipped in merge queue, but we need it to run (even skipped) for status checks. | |
| merge_group: | |
| # Run with pull_request_target for external devs. This forces them to use this workflow as-is. | |
| pull_request_target: | |
| types: [opened, synchronize, reopened, ready_for_review, labeled] | |
| concurrency: | |
| # Only allow one run per <forked-repo>/<branch> and full concurrency on merge queue. | |
| group: | | |
| ci3-external-${{ github.event_name == 'pull_request' && format('{0}/{1}', github.event.pull_request.head.repo.full_name, github.head_ref) | |
| || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| ci-external: | |
| runs-on: ubuntu-latest | |
| # exclusive with ci3.yml, only run on forks. | |
| if: github.event.pull_request.head.repo.fork | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 | |
| with: | |
| # The commit to checkout. We want our actual commit, and not the result of merging the PR to the target. | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| persist-credentials: false | |
| # NOTE: in ci3.yml we just rely on draft mode not being mergable. | |
| # Here we are a little more careful than just skipping the worklfow, in case of an edge case allowing merge. | |
| - name: Fail If Draft | |
| if: github.event.pull_request.draft | |
| run: echo "CI is not run on drafts." && exit 1 | |
| - name: External Contributor Checks | |
| run: | | |
| set -o pipefail | |
| git fetch origin ${{ github.event.pull_request.base.ref }} --depth=1 &>/dev/null | |
| forbidden_changes=$(git diff --name-only origin/${{ github.event.pull_request.base.ref }} HEAD -- ci3 .github ci.sh scripts) | |
| if echo "$forbidden_changes" | grep -q .; then | |
| echo "Error: External PRs can't contain CI changes (forbidden files: $forbidden_changes)." | |
| exit 1 | |
| fi | |
| if [[ "${{ github.event.pull_request.base.ref }}" != "master" && \ | |
| "${{ github.event.pull_request.base.ref }}" != "staging" && \ | |
| "${{ github.event.pull_request.base.ref }}" != "next" && \ | |
| "${{ github.event.pull_request.base.ref }}" != merge-train/* ]]; then | |
| echo "Error: External PRs can only target master, staging, next or merge-train/* branches. Targeted: ${{ github.event.pull_request.base.ref }}." | |
| exit 1 | |
| fi | |
| labeled="${{contains(github.event.pull_request.labels.*.name, 'ci-external') || github.event.label.name == 'ci-external-once'}}" | |
| if [ "$labeled" = false ]; then | |
| echo "External PRs need the 'ci-external' or 'ci-external-once' labels to run." | |
| exit 1 | |
| fi | |
| GITHUB_TOKEN=${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} gh pr edit ${{ github.event.pull_request.number }} --remove-label "ci-external-once" | |
| - name: Run | |
| env: | |
| REF_NAME: repo-fork/${{ github.repository }}/${{ github.head_ref }} | |
| # We only test on amd64. | |
| ARCH: amd64 | |
| # We need to pass these creds to start the AWS ec2 instance. | |
| # They are not injected into that instance. Instead, it has minimal | |
| # creds for being able to upload to cache. | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} | |
| BUILD_INSTANCE_SSH_KEY: ${{ secrets.BUILD_INSTANCE_SSH_KEY }} | |
| # DO NOT allow build instance key access to external jobs. | |
| CI_USE_BUILD_INSTANCE_KEY: "0" | |
| MERGE_GROUP_BASE_REF: ${{ github.event.merge_group.base_ref }} | |
| PR_BASE_REF: ${{ github.event.pull_request.base.ref }} | |
| PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} | |
| PR_COMMITS: ${{ github.event.pull_request.commits }} | |
| GITHUB_REF_NAME: ${{ github.ref_name }} | |
| run: ./.github/ci3.sh "${{ join(github.event.pull_request.labels.*.name, ',') }}" | |
| - name: Post-Actions | |
| if: always() | |
| env: | |
| SHOULD_SQUASH_MERGE: ${{ contains(github.event.pull_request.labels.*.name, 'ci-squash-and-merge') && '1' || '0' }} | |
| SHOULD_UPLOAD_BENCHMARKS: "0" | |
| # For updating success cache. | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.AZTEC_BOT_GITHUB_TOKEN }} | |
| PR_NUMBER: ${{ github.event.pull_request.number }} | |
| PR_HEAD_REF: ${{ github.event.pull_request.head.ref }} | |
| PR_BASE_REF: ${{ github.event.pull_request.base.ref }} | |
| PR_BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
| run: ./.github/ci3_success.sh |