Performance benchmarking #6460
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| types: [opened, synchronize, reopened, closed] | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| inputs: | |
| sha: | |
| description: 'Commit SHA to build (required for build_and_publish)' | |
| required: false | |
| type: string | |
| build_and_publish: | |
| description: 'Build and publish artifacts' | |
| required: false | |
| type: boolean | |
| default: true | |
| run_post_merge_tests: | |
| description: 'Run ci-preview e2e tests' | |
| required: false | |
| type: boolean | |
| default: false | |
| env: | |
| AWS_REGION: "eu-central-1" | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| permissions: | |
| id-token: write | |
| contents: write | |
| packages: write | |
| jobs: | |
| ### Pre merge workflow ############################################################################################################### | |
| build-linux-x86_64-pre-merge: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == false | |
| steps: | |
| - name: Free up disk space | |
| run: | | |
| df -h | |
| sudo rm -rf /opt/hostedtoolcache || true | |
| sudo rm -rf /usr/share/dotnet || true | |
| sudo rm -rf /usr/local/lib/android || true | |
| docker system prune -af || true | |
| df -h | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@v11 | |
| with: | |
| extra-conf: | | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org/ | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Setup sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| - name: Enable sccache | |
| run: | | |
| echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV | |
| echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
| echo "SCCACHE_CACHE_SIZE=5G" >> $GITHUB_ENV | |
| - name: Cache sccache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/sccache | |
| key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} | |
| restore-keys: | | |
| sccache-${{ runner.os }}- | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| cargo-registry-${{ runner.os }}- | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| prefix-key: v1 | |
| shared-key: global | |
| cache-all-crates: true | |
| cache-targets: true | |
| cache-bin: true | |
| cache-on-failure: true | |
| workspaces: | | |
| . | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| - name: Formatting | |
| run: nix develop --accept-flake-config -c bash -c "cargo fmt --check" | |
| - name: Build (Stable) | |
| run: nix develop --accept-flake-config -c bash -c "cargo build --locked --release" | |
| - name: sccache stats | |
| if: always() | |
| run: sccache -s || true | |
| # - name: Build chain specs | |
| # run: | | |
| # nix develop --accept-flake-config -c bash -c ' | |
| # source ./dev/envs/devnet/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json | |
| # | |
| # source ./dev/envs/ci-preview/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json | |
| # | |
| # source ./dev/envs/staging-preview/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json | |
| # ' | |
| - name: Build and push docker image | |
| run: | | |
| cp target/release/partner-chains-demo-node . | |
| nix develop --accept-flake-config -c bash -c "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 partner-chains-demo-node" | |
| docker build -f dev/ci/Dockerfile -t ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ github.sha }} . | |
| docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ github.sha }} | |
| - name: Upload partner-chains-node artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: partner-chains-node-artifact | |
| path: ./partner-chains-demo-node | |
| - name: Upload chain spec artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chain-specs | |
| path: | | |
| ./devnet_chain_spec.json | |
| ./ci_preview_chain_spec.json | |
| ./staging_preview_chain_spec.json | |
| build-nightly-pre-merge: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == false | |
| steps: | |
| - name: Free up disk space | |
| run: | | |
| df -h | |
| sudo rm -rf /opt/hostedtoolcache || true | |
| sudo rm -rf /usr/share/dotnet || true | |
| sudo rm -rf /usr/local/lib/android || true | |
| docker system prune -af || true | |
| df -h | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@v11 | |
| with: | |
| extra-conf: | | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org/ | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Setup sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| - name: Enable sccache | |
| run: | | |
| echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV | |
| echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
| echo "SCCACHE_CACHE_SIZE=2G" >> $GITHUB_ENV | |
| echo "CARGO_INCREMENTAL=0" >> $GITHUB_ENV | |
| - name: Cache sccache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/sccache | |
| key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} | |
| restore-keys: | | |
| sccache-${{ runner.os }}- | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| cargo-registry-${{ runner.os }}- | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| prefix-key: v1-nightly | |
| shared-key: global-nightly | |
| cache-all-crates: true | |
| cache-targets: true | |
| cache-bin: true | |
| cache-on-failure: true | |
| workspaces: | | |
| . | |
| - name: Build (Nightly) | |
| env: | |
| WASM_BUILD_WORKSPACE_HINT: ${{ github.workspace }} | |
| run: nix develop --accept-flake-config -c bash -c "RUSTUP_TOOLCHAIN=nightly cargo build --locked --release" | |
| - name: Test (Nightly) | |
| env: | |
| WASM_BUILD_WORKSPACE_HINT: ${{ github.workspace }} | |
| run: nix develop --accept-flake-config -c bash -c "RUSTUP_TOOLCHAIN=nightly cargo test --locked --release --all-features" | |
| - name: Lint (Nightly) | |
| run: nix develop --accept-flake-config -c bash -c "RUSTUP_TOOLCHAIN=nightly RUSTFLAGS=-Dwarnings cargo clippy --locked --all-features" | |
| - name: sccache stats | |
| if: always() | |
| run: sccache -s || true | |
| local-env: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == false | |
| needs: build-linux-x86_64-pre-merge | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| markers: [ci, smoke, rpc, reserve, governed_map, delegator_rewards, ariadne, wizards, dolos] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Deploy and test against local environment | |
| uses: ./.github/actions/tests/local-environment-tests | |
| with: | |
| tag: CI | |
| image: ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ github.sha }} | |
| sha: ${{ github.sha }} | |
| markers: ${{ matrix.markers }} | |
| env: | |
| SUBSTRATE_REPO_SSH_KEY: ${{ secrets.SUBSTRATE_REPO_SSH_KEY }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| TEST_ENVIRONMENT: local | |
| documentation-tests: | |
| needs: build-linux-x86_64-pre-merge | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == false | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| - name: Run Documentation Tests | |
| uses: ./.github/actions/tests/doc-tests | |
| # upload-chain-specs-pre-merge: | |
| # if: github.event_name == 'pull_request' && github.event.pull_request.merged == false | |
| # needs: build-linux-x86_64-pre-merge | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: ${{ github.event.pull_request.head.sha || github.sha }} | |
| # - name: Upload chain spec artifacts to Kubernetes | |
| # uses: ./.github/actions/deploy/upload-chain-specs | |
| # with: | |
| # sha: ${{ github.sha }} | |
| # env: | |
| # kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| # K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| # K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| pre-merge-checks-complete: | |
| if: ${{ always() && github.event_name == 'pull_request' && github.event.pull_request.merged == false }} | |
| needs: [ | |
| build-linux-x86_64-pre-merge, | |
| build-nightly-pre-merge, | |
| local-env, | |
| documentation-tests | |
| ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if any needed job failed | |
| run: | | |
| if [[ "${{ needs.build-linux-x86_64-pre-merge.result }}" != "success" || | |
| "${{ needs.build-nightly-pre-merge.result }}" != "success" || | |
| "${{ needs.local-env.result }}" != "success" || | |
| "${{ needs.documentation-tests.result }}" != "success" ]]; then | |
| echo "One or more needed jobs failed." | |
| exit 1 | |
| else | |
| echo "All needed jobs passed." | |
| fi | |
| ### Post merge workflow ############################################################################################################### | |
| build-linux-x86_64-post-merge: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| outputs: | |
| sha: ${{ steps.get_sha.outputs.sha }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Get current commit SHA | |
| id: get_sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@v11 | |
| with: | |
| extra-conf: | | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org/ | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Setup sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| - name: Enable sccache | |
| run: | | |
| echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV | |
| echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
| echo "SCCACHE_CACHE_SIZE=5G" >> $GITHUB_ENV | |
| - name: Cache sccache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/sccache | |
| key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} | |
| restore-keys: | | |
| sccache-${{ runner.os }}- | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| cargo-registry-${{ runner.os }}- | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| prefix-key: v1 | |
| shared-key: global | |
| cache-all-crates: true | |
| cache-targets: true | |
| cache-bin: true | |
| cache-on-failure: true | |
| workspaces: | | |
| . | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build | |
| run: nix develop --accept-flake-config -c bash -c "cargo build --locked --profile=release" | |
| - name: sccache stats | |
| if: always() | |
| run: sccache -s || true | |
| # - name: Build chain specs | |
| # run: | | |
| # nix develop --accept-flake-config -c bash -c ' | |
| # source ./dev/envs/devnet/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json | |
| # | |
| # source ./dev/envs/ci-preview/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json | |
| # | |
| # source ./dev/envs/staging-preview/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json | |
| # ' | |
| - name: Build and push docker image | |
| run: | | |
| cp target/release/partner-chains-demo-node . | |
| nix develop --accept-flake-config -c bash -c "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 partner-chains-demo-node" | |
| docker build -f dev/ci/Dockerfile -t ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} . | |
| docker tag ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:latest | |
| docker tag ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} ghcr.io/${{ github.repository }}/partner-chains-node-unstable:latest | |
| docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ steps.get_sha.outputs.sha }} | |
| docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:latest | |
| docker push ghcr.io/${{ github.repository }}/partner-chains-node-unstable:latest | |
| - name: Rename artifact | |
| run: | | |
| cp ./partner-chains-demo-node partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux | |
| chmod +x ./partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux | |
| cp ./partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux partner-chains-node-binary | |
| - name: Upload partner-chains-node artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: partner-chains-node-linux-artifact | |
| path: partner-chains-node-${{ steps.get_sha.outputs.sha }}-x86_64-linux | |
| - name: Upload chain spec artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chain-specs | |
| path: | | |
| devnet_chain_spec.json | |
| ci_preview_chain_spec.json | |
| staging_preview_chain_spec.json | |
| upload-to-s3: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| needs: | |
| - build-linux-x86_64-post-merge | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Get current commit SHA | |
| id: get_sha | |
| run: echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT | |
| - name: Upload Artifacts to S3 | |
| uses: ./.github/actions/artifacts/upload-to-s3 | |
| with: | |
| sha: ${{ steps.get_sha.outputs.sha }} | |
| bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }} | |
| env: | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }} | |
| # upload-chain-specs: | |
| # if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| # needs: build-linux-x86_64-post-merge | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: master | |
| # - name: Upload chain spec artifacts to Kubernetes | |
| # uses: ./.github/actions/deploy/upload-chain-specs | |
| # with: | |
| # sha: ${{ needs.build-linux-x86_64-post-merge.outputs.sha }} | |
| # env: | |
| # kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| # K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| # K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| deploy-rustdoc: | |
| if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| needs: build-linux-x86_64-post-merge | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: master | |
| - name: Deploy Rust Docs | |
| uses: ./.github/actions/deploy/deploy-rustdoc | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # deploy-ci-preview: | |
| # needs: | |
| # - build-linux-x86_64-post-merge | |
| # permissions: | |
| # id-token: write | |
| # contents: write | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: master | |
| # - name: Deploy ci-preview | |
| # uses: ./.github/actions/deploy/deploy-ci-preview | |
| # with: | |
| # image: ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ needs.build-linux-x86_64-post-merge.outputs.sha }} | |
| # sha: ${{ needs.build-linux-x86_64-post-merge.outputs.sha }} | |
| # no-wipe: true | |
| # env: | |
| # AWS_REGION: "eu-central-1" | |
| # SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| # ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| # AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| # ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| # kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| # K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| # K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| # ci-preview-tests-post-merge: | |
| # if: github.event_name == 'pull_request' && github.event.pull_request.merged == true | |
| # needs: deploy-ci-preview | |
| # runs-on: eks | |
| # steps: | |
| # - name: Acquire AWS credentials | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }} | |
| # aws-region: ${{ env.AWS_REGION }} | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: master | |
| # - name: Setup tests | |
| # uses: ./.github/actions/tests/setup-python | |
| # env: | |
| # ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| # kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| # K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| # K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| # - name: Test against ci-preview | |
| # uses: ./.github/actions/tests/run-e2e-tests | |
| # with: | |
| # env: ci | |
| # decrypt: true | |
| # blockchain: substrate | |
| # markers: ci | |
| # env: | |
| # AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }} | |
| # AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| # AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} | |
| post-merge-actions-complete: | |
| if: ${{ always() && (github.event_name == 'pull_request' && github.event.pull_request.merged == true) }} | |
| needs: | |
| [ | |
| build-linux-x86_64-post-merge, | |
| deploy-rustdoc, | |
| upload-to-s3, | |
| ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if any needed job failed | |
| run: | | |
| if [[ "${{ needs.build-linux-x86_64-post-merge.result }}" != "success" || | |
| "${{ needs.deploy-rustdoc.result }}" != "success" || | |
| "${{ needs.upload-to-s3.result }}" != "success" ]]; then | |
| echo "One or more needed jobs failed." | |
| exit 1 | |
| else | |
| echo "All needed jobs passed." | |
| fi | |
| ### Workflow dispatch flow ############################################################################################################### | |
| build-linux-x86_64-workflow-dispatch: | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'workflow_dispatch' && (inputs.build_and_publish == true || inputs.run_post_merge_tests == true) && inputs.sha != '' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ inputs.sha }} | |
| - name: Install Nix | |
| uses: DeterminateSystems/nix-installer-action@v11 | |
| with: | |
| extra-conf: | | |
| experimental-features = nix-command flakes | |
| substituters = https://cache.nixos.org/ | |
| trusted-public-keys = cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= | |
| - name: Setup sccache | |
| uses: mozilla-actions/sccache-action@v0.0.9 | |
| - name: Enable sccache | |
| run: | | |
| echo "SCCACHE_GHA_ENABLED=true" >> $GITHUB_ENV | |
| echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
| echo "SCCACHE_CACHE_SIZE=5G" >> $GITHUB_ENV | |
| - name: Cache sccache | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.cache/sccache | |
| key: sccache-${{ runner.os }}-${{ hashFiles('Cargo.lock') }} | |
| restore-keys: | | |
| sccache-${{ runner.os }}- | |
| - name: Cache cargo registry | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: cargo-registry-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| cargo-registry-${{ runner.os }}- | |
| - name: Setup Rust cache | |
| uses: Swatinem/rust-cache@v2 | |
| with: | |
| prefix-key: v1 | |
| shared-key: global | |
| cache-all-crates: true | |
| cache-targets: true | |
| cache-bin: true | |
| cache-on-failure: true | |
| workspaces: | | |
| . | |
| - name: Acquire AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| - name: Formatting | |
| run: nix develop --accept-flake-config -c bash -c "cargo fmt --check" | |
| - name: Build | |
| run: nix develop --accept-flake-config -c bash -c "cargo build --locked --release" | |
| - name: Test | |
| run: nix develop --accept-flake-config -c bash -c "cargo test --locked --release --all-features" | |
| - name: Lint | |
| run: nix develop --accept-flake-config -c bash -c "RUSTFLAGS=-Dwarnings cargo clippy --locked --release --all-features" | |
| - name: sccache stats | |
| if: always() | |
| run: sccache -s || true | |
| #- name: Run cargo-deny to check licenses | |
| # uses: EmbarkStudios/cargo-deny-action@v1 | |
| # with: | |
| # command: check licenses | |
| # - name: Build chain specs | |
| # run: | | |
| # nix develop --accept-flake-config -c bash -c ' | |
| # source ./dev/envs/devnet/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain local --disable-default-bootnode > devnet_chain_spec.json | |
| # | |
| # source ./dev/envs/ci-preview/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > ci_preview_chain_spec.json | |
| # | |
| # source ./dev/envs/staging-preview/.envrc | |
| # target/release/partner-chains-demo-node build-spec --chain staging --disable-default-bootnode > staging_preview_chain_spec.json | |
| # ' | |
| - name: Build and push docker image | |
| run: | | |
| cp target/release/partner-chains-demo-node . | |
| nix develop --accept-flake-config -c bash -c "patchelf --set-interpreter /lib64/ld-linux-x86-64.so.2 partner-chains-demo-node" | |
| docker build -f dev/ci/Dockerfile -t ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ inputs.sha }} . | |
| docker push ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ inputs.sha }} | |
| - name: Rename and prepare artifact for workflow dispatch | |
| run: | | |
| ARTIFACT_NAME="partner-chains-node-${{ inputs.sha }}-x86_64-linux" | |
| cp ./partner-chains-demo-node "$ARTIFACT_NAME" | |
| chmod +x "$ARTIFACT_NAME" | |
| shell: bash | |
| - name: Upload partner-chains-node artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: partner-chains-node-linux-artifact | |
| path: partner-chains-node-${{ inputs.sha }}-x86_64-linux | |
| - name: Upload chain spec artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: chain-specs | |
| path: | | |
| devnet_chain_spec.json | |
| ci_preview_chain_spec.json | |
| staging_preview_chain_spec.json | |
| upload-to-s3-workflow-dispatch: | |
| if: github.event_name == 'workflow_dispatch' && inputs.build_and_publish == true | |
| needs: | |
| - build-linux-x86_64-workflow-dispatch | |
| runs-on: ubuntu-latest | |
| permissions: | |
| id-token: write | |
| contents: write | |
| steps: | |
| - name: Checkout specific SHA | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ inputs.sha }} | |
| - name: Upload Artifacts to S3 | |
| uses: ./.github/actions/artifacts/upload-to-s3 | |
| with: | |
| sha: ${{ inputs.sha }} | |
| bucket-name: ${{ secrets.AWS_CD_ARTIFACT_S3_BUCKET }} | |
| env: | |
| AWS_REGION: ${{ env.AWS_REGION }} | |
| AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_S3_ROLE_ARN_SECRET }} | |
| # upload-chain-specs-workflow-dispatch: | |
| # if: github.event_name == 'workflow_dispatch' && inputs.build_and_publish == true | |
| # needs: build-linux-x86_64-workflow-dispatch | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout specific SHA | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: ${{ inputs.sha }} | |
| # - name: Upload chain spec artifacts to Kubernetes | |
| # uses: ./.github/actions/deploy/upload-chain-specs | |
| # with: | |
| # sha: ${{ inputs.sha }} | |
| # env: | |
| # kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| # K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| # K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| # deploy-ci-preview-workflow-dispatch: | |
| # if: github.event_name == 'workflow_dispatch' && inputs.run_post_merge_tests == true | |
| # needs: build-linux-x86_64-workflow-dispatch | |
| # permissions: | |
| # id-token: write | |
| # contents: write | |
| # runs-on: ubuntu-latest | |
| # steps: | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: ${{ inputs.sha }} | |
| # - name: Deploy ci-preview | |
| # uses: ./.github/actions/deploy/deploy-ci-preview | |
| # with: | |
| # image: ${{ secrets.ECR_REGISTRY_SECRET }}/partner-chains-node:${{ inputs.sha }} | |
| # sha: ${{ inputs.sha }} | |
| # no-wipe: true | |
| # env: | |
| # AWS_REGION: "eu-central-1" | |
| # SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| # ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| # AWS_ROLE_ARN_SECRET: ${{ secrets.AWS_ROLE_ARN_SECRET }} | |
| # ECR_REGISTRY_SECRET: ${{ secrets.ECR_REGISTRY_SECRET }} | |
| # kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| # K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| # K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| # ci-preview-tests-workflow-dispatch: | |
| # if: github.event_name == 'workflow_dispatch' && inputs.run_post_merge_tests == true | |
| # runs-on: eks | |
| # steps: | |
| # - name: Acquire AWS credentials | |
| # uses: aws-actions/configure-aws-credentials@v4 | |
| # with: | |
| # role-to-assume: ${{ secrets.AWS_ROLE_ARN_ }} | |
| # aws-region: ${{ env.AWS_REGION }} | |
| # - name: Checkout | |
| # uses: actions/checkout@v4 | |
| # with: | |
| # fetch-depth: 0 | |
| # ref: ${{ inputs.sha }} | |
| # - name: Setup tests | |
| # uses: ./.github/actions/tests/setup-python | |
| # env: | |
| # ACTIONS_PAT: ${{ secrets.ACTIONS_PAT }} | |
| # kubeconfig_base64: ${{ secrets.kubeconfig_base64 }} | |
| # K8S_SERVER: ${{ secrets.K8S_SERVER }} | |
| # K8S_SA_TOKEN: ${{ secrets.K8S_SA_TOKEN }} | |
| # - name: Test against ci-preview | |
| # uses: ./.github/actions/tests/run-e2e-tests | |
| # with: | |
| # env: ci | |
| # decrypt: true | |
| # blockchain: substrate | |
| # env: | |
| # AWS_SESSION_TOKEN: ${{ env.AWS_SESSION_TOKEN }} | |
| # AWS_ACCESS_KEY_ID: ${{ env.AWS_ACCESS_KEY_ID }} | |
| # AWS_SECRET_ACCESS_KEY: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| # AWS_DEFAULT_REGION: ${{ env.AWS_REGION }} | |
| workflow-dispatch-flow-complete: | |
| if: ${{ always() && github.event_name == 'workflow_dispatch' }} | |
| needs: [ | |
| build-linux-x86_64-workflow-dispatch, | |
| upload-to-s3-workflow-dispatch | |
| ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check if any needed job failed | |
| run: | | |
| failed=false | |
| # Check build job (always runs if either option is enabled) | |
| if [[ "${{ needs.build-linux-x86_64-workflow-dispatch.result }}" == "failure" ]]; then | |
| echo "build-linux-x86_64-workflow-dispatch failed" | |
| failed=true | |
| fi | |
| # Check publish jobs (only if build_and_publish is enabled) | |
| if [[ "${{ inputs.build_and_publish }}" == "true" ]]; then | |
| if [[ "${{ needs.upload-to-s3-workflow-dispatch.result }}" == "failure" ]]; then | |
| echo "upload-to-s3-workflow-dispatch failed" | |
| failed=true | |
| fi | |
| fi | |
| # Check test jobs (only if run_post_merge_tests is enabled) | |
| if [[ "${{ inputs.run_post_merge_tests }}" == "true" ]]; then | |
| # No more test jobs to check, if there were any, they would be here | |
| fi | |
| if [[ "$failed" == "true" ]]; then | |
| echo "One or more needed jobs failed." | |
| exit 1 | |
| else | |
| echo "All needed jobs passed." | |
| fi |