Update pipeline and dependencies: replace make commands with cargo co… #62
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Pipeline | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| concurrency: | |
| group: pipeline-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| BENCH_VERBOSE: 0 | |
| LOADGEN_WARN: 0 | |
| jobs: | |
| lint: | |
| name: lint | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install OpenSSL build deps | |
| run: sudo apt-get update && sudo apt-get install -y libssl-dev pkg-config | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: pipeline | |
| - name: Format & Lint | |
| run: | | |
| make fmt-check | |
| cargo clippy --workspace --all-targets --all-features --locked -- -D warnings -W clippy::all | |
| make shellcheck | |
| build: | |
| name: build (release bins) | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install OpenSSL build deps | |
| run: sudo apt-get update && sudo apt-get install -y libssl-dev pkg-config | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| shared-key: pipeline | |
| - name: Build release binaries | |
| run: | | |
| set -euo pipefail | |
| make binary-build CRATE=workspace | |
| make binary-build CRATE=pavis-benchkit BIN=bench-loadgen | |
| - name: Upload release binaries | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: release-bins | |
| path: | | |
| target/release/pavis | |
| target/release/pavctl | |
| target/release/pavis-relay | |
| target/release/bench-loadgen | |
| target/release/pavis-mock-relay | |
| target/release/pavis-mock-upstream | |
| retention-days: 7 | |
| unit: | |
| name: unit tests | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install OpenSSL build deps | |
| run: sudo apt-get update && sudo apt-get install -y libssl-dev pkg-config | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Run unit tests | |
| run: cargo test --workspace --locked | |
| e2e_binary: | |
| name: e2e (binary) - ${{ matrix.suite }} | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| suite: [pavis, relay, integrated] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download release binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-bins | |
| path: .artifacts/release-bins | |
| - name: Ensure executable bits | |
| run: chmod +x .artifacts/release-bins/* || true | |
| - name: Add release-bins to PATH | |
| run: echo "$GITHUB_WORKSPACE/.artifacts/release-bins" >> "$GITHUB_PATH" | |
| - name: Run e2e (binary) | |
| run: make e2e-${{ matrix.suite }}-binary | |
| images: | |
| name: images - ${{ matrix.image }} | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: [pavis, relay, mock-relay, mock-upstream] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build image | |
| run: | | |
| set -euo pipefail | |
| case "${{ matrix.image }}" in | |
| pavis) make docker-build IMAGE=pavis MODE=ci ;; | |
| relay) make docker-build IMAGE=relay MODE=ci ;; | |
| mock-upstream) make docker-build IMAGE=mock-upstream MODE=ci ;; | |
| mock-relay) make docker-build IMAGE=mock-relay MODE=ci ;; | |
| *) echo "unknown image"; exit 1 ;; | |
| esac | |
| - name: Assert image present locally | |
| run: | | |
| set -euo pipefail | |
| case "${{ matrix.image }}" in | |
| pavis) TAG="pavis:local" ;; | |
| relay) TAG="pavis-relay:local" ;; | |
| mock-upstream) TAG="pavis-mock-upstream:local" ;; | |
| mock-relay) TAG="pavis-mock-relay:local" ;; | |
| esac | |
| docker image inspect "$TAG" >/dev/null | |
| - name: Save image tar | |
| run: | | |
| set -euo pipefail | |
| case "${{ matrix.image }}" in | |
| pavis) TAG="pavis:local"; OUT="img-core-pavis.tar" ;; | |
| relay) TAG="pavis-relay:local"; OUT="img-core-relay.tar" ;; | |
| mock-upstream) TAG="pavis-mock-upstream:local"; OUT="img-e2e-mock-upstream.tar" ;; | |
| mock-relay) TAG="pavis-mock-relay:local"; OUT="img-e2e-mock-relay.tar" ;; | |
| esac | |
| docker save "$TAG" -o "$OUT" | |
| ls -lh "$OUT" | |
| - name: Upload image tar | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ${{ matrix.image == 'pavis' && 'img-core-pavis' || matrix.image == 'relay' && 'img-core-relay' || matrix.image == 'mock-upstream' && 'img-e2e-mock-upstream' || 'img-e2e-mock-relay' }} | |
| path: img-*.tar | |
| retention-days: 7 | |
| e2e_docker: | |
| name: e2e (docker) - ${{ matrix.suite }} | |
| runs-on: ubuntu-latest | |
| needs: [images, build] | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| suite: [pavis, relay, integrated] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download release binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-bins | |
| path: .artifacts/release-bins | |
| - name: Ensure executable bits | |
| run: chmod +x .artifacts/release-bins/* || true | |
| - name: Add release-bins to PATH | |
| run: echo "$GITHUB_WORKSPACE/.artifacts/release-bins" >> "$GITHUB_PATH" | |
| - name: Download core images | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: img-core-* | |
| path: .artifacts/images | |
| merge-multiple: true | |
| - name: Download e2e mock images | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: img-e2e-* | |
| path: .artifacts/images | |
| merge-multiple: true | |
| - name: Load images | |
| run: | | |
| set -euo pipefail | |
| imgdir=".artifacts/images" | |
| load() { docker load -i "${imgdir}/$1"; } | |
| case "${{ matrix.suite }}" in | |
| pavis) | |
| load img-core-pavis.tar | |
| load img-e2e-mock-upstream.tar | |
| load img-e2e-mock-relay.tar | |
| ;; | |
| relay) | |
| load img-core-pavis.tar | |
| load img-core-relay.tar | |
| load img-e2e-mock-relay.tar | |
| ;; | |
| integrated) | |
| load img-core-pavis.tar | |
| load img-core-relay.tar | |
| load img-e2e-mock-relay.tar | |
| load img-e2e-mock-upstream.tar | |
| ;; | |
| esac | |
| - name: Run e2e (docker) | |
| run: | | |
| make e2e-${{ matrix.suite }}-docker | |
| bench_image: | |
| name: bench image (bench-upstream) | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| if: github.event_name != 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build pavis-bench-upstream image | |
| run: | | |
| make docker-build IMAGE=bench-upstream MODE=ci | |
| - name: Assert pavis-bench-upstream present locally | |
| run: | | |
| docker image inspect pavis-bench-upstream:local >/dev/null | |
| - name: Save pavis-bench-upstream tar | |
| run: | | |
| set -euo pipefail | |
| docker save "pavis-bench-upstream:local" -o "img-bench-upstream.tar" | |
| ls -lh img-bench-upstream.tar | |
| - name: Upload bench-upstream tar | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: img-bench-upstream | |
| path: img-bench-upstream.tar | |
| retention-days: 7 | |
| bench: | |
| name: bench (${{ matrix.mode }}) | |
| runs-on: ubuntu-latest | |
| needs: [images, bench_image, build] | |
| if: github.event_name != 'pull_request' | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| mode: [standalone, system] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install wrk, jq, bc, kind, kubectl | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y wrk jq bc | |
| if [ "${{ matrix.mode }}" = "system" ]; then | |
| K8S_VERSION=$(curl -L -s https://dl.k8s.io/release/stable.txt | tr -d '[:space:]') | |
| curl -LO "https://dl.k8s.io/release/${K8S_VERSION}/bin/linux/amd64/kubectl" | |
| sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl | |
| KIND_VERSION="v0.20.0" | |
| curl -Lo ./kind "https://kind.sigs.k8s.io/dl/${KIND_VERSION}/kind-linux-amd64" | |
| chmod +x ./kind | |
| sudo mv ./kind /usr/local/bin/kind | |
| fi | |
| - name: Download release binaries | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: release-bins | |
| path: .artifacts/release-bins | |
| - name: Ensure executable bits | |
| run: chmod +x .artifacts/release-bins/* || true | |
| - name: Add release-bins to PATH | |
| run: echo "$GITHUB_WORKSPACE/.artifacts/release-bins" >> "$GITHUB_PATH" | |
| - name: Download core image tars | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: img-core-* | |
| path: .artifacts/images | |
| merge-multiple: true | |
| - name: Download pavis-bench-upstream tar | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: img-bench-upstream | |
| path: .artifacts/bench | |
| - name: Load images needed for bench | |
| run: | | |
| set -euo pipefail | |
| docker load -i ".artifacts/images/img-core-pavis.tar" | |
| docker load -i ".artifacts/images/img-core-relay.tar" | |
| docker load -i ".artifacts/bench/img-bench-upstream.tar" | |
| - name: Run bench | |
| id: run_bench | |
| run: | | |
| set -euo pipefail | |
| if [ "${{ matrix.mode }}" = "standalone" ]; then | |
| MODE=standalone PROXY=pavis BENCH_PROFILE=github make bench-standalone | |
| else | |
| MODE=system PROXY=pavis BENCH_PROFILE=github make bench-system | |
| fi | |
| continue-on-error: true | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| set -u | |
| if [ "${{ matrix.mode }}" = "standalone" ]; then | |
| cd bench | |
| docker compose down -v || true | |
| else | |
| make bench-system-down || true | |
| fi | |
| - name: Upload bench output (per mode) | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bench-output-${{ matrix.mode }} | |
| path: bench/output/ | |
| retention-days: 30 | |
| bench_report: | |
| name: bench report (aggregate) | |
| runs-on: ubuntu-latest | |
| needs: [bench] | |
| if: always() && github.event_name != 'pull_request' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download bench artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| pattern: bench-output-* | |
| path: bench/output | |
| merge-multiple: true | |
| - name: Generate combined report + job summary | |
| run: | | |
| make bench-report || true | |
| cat bench/output/report.github.md >> "$GITHUB_STEP_SUMMARY" || true | |
| codeql: | |
| name: codeql | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| if: github.event_name != 'pull_request' | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v4 | |
| with: | |
| languages: rust | |
| queries: security-and-quality | |
| - name: Install system deps | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y --no-install-recommends \ | |
| pkg-config cmake clang make \ | |
| libssl-dev zlib1g-dev ca-certificates | |
| - name: Build (explicit) | |
| run: | | |
| cargo build --workspace --all-targets --all-features --locked | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v4 | |
| with: | |
| ram: 8192 | |
| threads: 2 | |
| coverage: | |
| name: coverage (tarpaulin) | |
| runs-on: ubuntu-latest | |
| needs: [lint] | |
| if: github.event_name != 'pull_request' | |
| container: | |
| image: xd009642/tarpaulin:develop-nightly | |
| options: --security-opt seccomp=unconfined | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install build dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y cmake libssl-dev pkg-config | |
| - name: Generate code coverage | |
| run: | | |
| cargo +nightly tarpaulin \ | |
| --all-features \ | |
| --workspace \ | |
| --exclude pavis-benchkit \ | |
| --exclude pavis-testkit \ | |
| --exclude-files 'crates/*/tests/*' \ | |
| --exclude-files 'crates/**/*tests.rs' \ | |
| --out xml \ | |
| -- --skip retry_context_skips_backoff_when_budget_exhausted | |
| - name: Upload to codecov.io | |
| uses: codecov/codecov-action@v5 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| fail_ci_if_error: true | |
| summary: | |
| name: summary | |
| runs-on: ubuntu-latest | |
| if: always() | |
| needs: | |
| - lint | |
| - build | |
| - unit | |
| - e2e_binary | |
| - e2e_docker | |
| - bench_report | |
| steps: | |
| - name: Pipeline summary | |
| run: | | |
| echo "Pipeline finished (see job statuses above)." |