General CI #12254
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: General CI | |
| # This file is a joint CI of parachain and tee-worker, it contains: | |
| # - build (of docker images) | |
| # - format check | |
| # - unit tests | |
| # - integration tests | |
| # Some notes: | |
| # | |
| # [1] the tee-worker part is a modified version of tee-worker/.github/workflows/build_and_test.yml | |
| # with extra triggering control. | |
| # | |
| # [2] the original file (`tee-worker/.github/workflows/build_and_test.yml`) is kept to sync | |
| # upstream changes, therefore we need to manually apply the changes to this file. | |
| # [3] please beware that if a job in `needs` is skipped, its dependent job will also be skipped, | |
| # see https://github.com/actions/runner/issues/491 | |
| # | |
| # jobs that will always be executed: | |
| # - fmt | |
| # - set-condition | |
| # - parachain-build | |
| # | |
| # [4] please note that job-level if `env` is not supported: | |
| # https://github.com/actions/runner/issues/1189 | |
| # as a workaround, we need to put it in a step-level or use `needs.outputs` | |
| # | |
| on: | |
| push: | |
| branches: | |
| - dev | |
| paths-ignore: | |
| - "**/dependabot.yml" | |
| - "**/README.md" | |
| pull_request: | |
| branches: | |
| - dev | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| - ready_for_review | |
| workflow_dispatch: | |
| inputs: | |
| rebuild-parachain: | |
| type: boolean | |
| description: rebuild-parachain | |
| required: true | |
| default: false | |
| rebuild-omni-executor: | |
| type: boolean | |
| description: rebuild-omni-executor | |
| required: true | |
| default: false | |
| rebuild-contract: | |
| type: boolean | |
| description: rebuild-contract | |
| required: true | |
| default: false | |
| push-docker: | |
| type: boolean | |
| description: push-docker | |
| required: true | |
| default: false | |
| env: | |
| CARGO_TERM_COLOR: always | |
| DOCKER_BUILDKIT: 1 | |
| # the branch or tag on which this workflow is triggered | |
| # `head_ref` will only be set if the triggering event is `pull_request` | |
| REF_VERSION: ${{ github.head_ref || github.ref_name }} | |
| concurrency: | |
| # see https://stackoverflow.com/questions/74117321/if-condition-in-concurrency-in-gha | |
| # along with the `sequentialise` job below, it guarantees: | |
| # - for push in dev: all triggered CIs will be run sequentially, none is cancelled | |
| # - for PR: later triggered CIs will cancel previous runs, maximum one CI will be run | |
| group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| set-condition: | |
| runs-on: ubuntu-22.04 | |
| # see https://github.com/orgs/community/discussions/25722 | |
| if: ${{ github.event_name == 'push' || !github.event.pull_request.draft }} | |
| outputs: | |
| rebuild_parachain: ${{ steps.env.outputs.rebuild_parachain }} | |
| rebuild_omni_executor: ${{ steps.env.outputs.rebuild_omni_executor }} | |
| rebuild_contract: ${{ steps.env.outputs.rebuild_contract }} | |
| push_docker: ${{ steps.env.outputs.push_docker }} | |
| run_parachain_test: ${{ steps.env.outputs.run_parachain_test }} | |
| run_omni_executor_test: ${{ steps.env.outputs.run_omni_executor_test }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| # Checks to see if any files in the PR/commit match one of the listed file types. | |
| # We can use this filter to decide whether or not to build docker images | |
| - uses: dorny/paths-filter@v3 | |
| id: filter | |
| with: | |
| filters: .github/file-filter.yml | |
| list-files: shell | |
| - name: Set condition | |
| id: env | |
| run: | | |
| rebuild_parachain=false | |
| rebuild_omni_executor=false | |
| rebuild_contract=false | |
| push_docker=false | |
| run_parachain_test=false | |
| run_omni_executor_test=false | |
| if [ "${{ github.event.inputs.rebuild-parachain }}" = "true" ] || [ "${{ steps.filter.outputs.parachain_src }}" = "true" ]; then | |
| rebuild_parachain=true | |
| fi | |
| if [ "${{ github.event.inputs.rebuild-omni-executor }}" = "true" ] || [ "${{ steps.filter.outputs.omni_executor_src }}" = "true" ]; then | |
| rebuild_omni_executor=true | |
| fi | |
| if [ "${{ github.event.inputs.rebuild-contract }}" = "true" ] || [ "${{ steps.filter.outputs.contract_src }}" = "true" ]; then | |
| rebuild_contract=true | |
| fi | |
| if [ "${{ github.event.inputs.push-docker }}" = "true" ]; then | |
| push_docker=true | |
| elif [ "${{ github.event_name }}" = 'push' ] && [ "${{ github.ref }}" = 'refs/heads/dev' ]; then | |
| push_docker=true | |
| fi | |
| if [ "${{ steps.filter.outputs.parachain_test }}" = "true" ] || [ "$rebuild_parachain" = "true" ]; then | |
| run_parachain_test=true | |
| fi | |
| if [ "${{ steps.filter.outputs.omni_executor_test }}" = "true" ] || [ "$rebuild_parachain" = "true" ] || [ "$rebuild_omni_executor" = "true" ]; then | |
| run_omni_executor_test=true | |
| fi | |
| echo "rebuild_parachain=$rebuild_parachain" | tee -a $GITHUB_OUTPUT | |
| echo "rebuild_omni_executor=$rebuild_omni_executor" | tee -a $GITHUB_OUTPUT | |
| echo "rebuild_contract=$rebuild_contract" | tee -a $GITHUB_OUTPUT | |
| echo "push_docker=$push_docker" | tee -a $GITHUB_OUTPUT | |
| echo "run_parachain_test=$run_parachain_test" | tee -a $GITHUB_OUTPUT | |
| echo "run_omni_executor_test=$run_omni_executor_test" | tee -a $GITHUB_OUTPUT | |
| fmt: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install rust toolchain | |
| run: rustup show | |
| - name: Install pre-built taplo | |
| run: | | |
| mkdir -p $HOME/.local/bin | |
| wget -q https://github.com/tamasfe/taplo/releases/latest/download/taplo-linux-x86_64.gz | |
| gzip -d taplo-linux-x86_64.gz | |
| cp taplo-linux-x86_64 $HOME/.local/bin/taplo | |
| chmod a+x $HOME/.local/bin/taplo | |
| echo "$HOME/.local/bin" >> $GITHUB_PATH | |
| - name: Parachain fmt check | |
| working-directory: ./parachain | |
| run: | | |
| cargo fmt -- --check | |
| taplo fmt --check | |
| - name: omni-executor fmt check | |
| working-directory: ./tee-worker/omni-executor | |
| run: | | |
| cargo fmt -- --check | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20.x' | |
| - name: Use Latest Corepack | |
| run: | | |
| echo "Before: corepack version => $(corepack --version || echo 'not installed')" | |
| npm install -g corepack@latest | |
| echo "After : corepack version => $(corepack --version)" | |
| corepack enable && corepack enable pnpm | |
| pnpm --version | |
| - name: Fail early | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| # sequentialise the workflow runs on `dev` branch | |
| # the if condition is applied in step level to make this job always `successful` | |
| sequentialise: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Wait for previous run | |
| if: ${{ !failure() && (github.event_name == 'push') && (github.ref == 'refs/heads/dev') }} | |
| uses: litentry/consecutive-workflow-action@main | |
| with: | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| interval: 300 | |
| branch: dev | |
| omni-executor-check: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - fmt | |
| - set-condition | |
| - sequentialise | |
| if: needs.set-condition.outputs.rebuild_omni_executor == 'true' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Free up disk space | |
| if: startsWith(runner.name, 'GitHub Actions') | |
| uses: ./.github/actions/disk-cleanup | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update && \ | |
| sudo apt-get install -yq protobuf-compiler | |
| - name: Cargo clippy | |
| working-directory: ./tee-worker/omni-executor | |
| run: cargo clippy -- -D warnings | |
| - name: Cargo test | |
| working-directory: ./tee-worker/omni-executor | |
| run: cargo test | |
| parachain-build: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - fmt | |
| - set-condition | |
| - sequentialise | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Free up disk space | |
| if: startsWith(runner.name, 'GitHub Actions') | |
| uses: ./.github/actions/disk-cleanup | |
| - name: Build docker image | |
| working-directory: ./parachain | |
| if: needs.set-condition.outputs.rebuild_parachain == 'true' | |
| run: | | |
| echo "::group::build docker image" | |
| ./scripts/build-docker.sh release latest --features=fast-runtime | |
| echo "::endgroup::" | |
| echo "::group::docker images" | |
| docker images --all | |
| echo "::endgroup::" | |
| - name: Pull docker image optionally | |
| if: needs.set-condition.outputs.rebuild_parachain == 'false' | |
| run: | | |
| docker pull litentry/heima:latest | |
| - name: Save docker image | |
| run: | | |
| docker save litentry/heima:latest | gzip > heima.tar.gz | |
| - name: Upload parachain docker image | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: heima | |
| path: heima.tar.gz | |
| if-no-files-found: error | |
| - name: Fail early | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| omni-executor-build: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - fmt | |
| - set-condition | |
| - sequentialise | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Free up disk space | |
| if: startsWith(runner.name, 'GitHub Actions') | |
| uses: ./.github/actions/disk-cleanup | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| # use the docker driver to access the local image | |
| # we don't need external caches or multi platforms here | |
| # see https://docs.docker.com/build/drivers/ | |
| driver: docker | |
| - name: Build omni-executor image | |
| if: needs.set-condition.outputs.rebuild_omni_executor == 'true' | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: . | |
| file: tee-worker/omni-executor/Dockerfile | |
| tags: litentry/omni-executor:latest | |
| target: omni-executor | |
| build-args: | | |
| CARGO_FEATURES=mock-server | |
| - name: Dockerhub login | |
| if: needs.set-condition.outputs.rebuild_omni_executor == 'false' | |
| uses: docker/login-action@v3 | |
| with: | |
| username: litentry | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Pull omni-executor image optionally | |
| if: needs.set-condition.outputs.rebuild_omni_executor == 'false' | |
| run: | | |
| docker pull litentry/omni-executor:latest | |
| - run: docker images --all | |
| - name: Save docker image | |
| run: | | |
| docker save litentry/omni-executor:latest | gzip > litentry-omni.tar.gz | |
| - name: Upload docker image | |
| uses: actions/upload-artifact@v6 | |
| with: | |
| name: litentry-omni | |
| path: litentry-omni.tar.gz | |
| if-no-files-found: error | |
| contract-check: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - fmt | |
| - set-condition | |
| - sequentialise | |
| if: needs.set-condition.outputs.rebuild_contract == 'true' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| submodules: recursive | |
| fetch-depth: 0 | |
| - name: Install foundry | |
| uses: foundry-rs/foundry-toolchain@v1 | |
| - name: Show Forge version | |
| working-directory: ./tee-worker/omni-executor/contracts/aa | |
| run: forge --version | |
| - name: Check AA contracts | |
| working-directory: ./tee-worker/omni-executor/contracts/aa | |
| run: | | |
| forge b | |
| forge t --gas-report > ./../../../../gasreport.ansi | |
| env: | |
| FOUNDRY_FUZZ_SEED: 0x${{ github.event.pull_request.base.sha || github.sha }} | |
| - name: Compare gas reports | |
| uses: Rubilmax/foundry-gas-diff@v3 | |
| with: | |
| summaryQuantile: 0.9 # only display the 10% most significant gas diffs in the summary (defaults to 20%) | |
| sortCriteria: avg,max # sort diff rows by criteria | |
| sortOrders: desc,asc # and directions | |
| ignore: test-foundry/**/* # filter out gas reports from specific paths (test/ is included by default) | |
| id: gas_diff | |
| - name: Install solana sdk | |
| run: | | |
| sh -c "$(curl -sSfL https://release.anza.xyz/stable/install)" | |
| echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH | |
| - name: Install system dependencies for anchor | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y libudev-dev | |
| - name: Install anchor | |
| run: | | |
| cargo install --git https://github.com/coral-xyz/anchor anchor-cli --locked | |
| anchor -V | |
| solana -V | |
| - name: Check bsc accounting contracts | |
| working-directory: ./tee-worker/omni-executor/contracts/accounting/bsc | |
| run: | | |
| forge b | |
| forge t | |
| - name: Check solana accounting contracts | |
| working-directory: ./tee-worker/omni-executor/contracts/accounting/solana | |
| run: | | |
| anchor b --ignore-keys | |
| # TODO: P-1575 tests fail randomly in CI | |
| # anchor t -- --features test-skip-auth | |
| parachain-ts-test: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - set-condition | |
| - parachain-build | |
| strategy: | |
| matrix: | |
| chain: | |
| - heima | |
| - paseo | |
| name: ${{ matrix.chain }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| name: heima | |
| - name: Load docker image | |
| run: | | |
| docker load < heima.tar.gz | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v6 | |
| with: | |
| node-version: '20.x' | |
| - name: Use Latest Corepack | |
| run: | | |
| echo "Before: corepack version => $(corepack --version || echo 'not installed')" | |
| npm install -g corepack@latest | |
| echo "After : corepack version => $(corepack --version)" | |
| corepack enable && corepack enable pnpm | |
| pnpm --version | |
| - name: Run ts tests for ${{ matrix.chain }} | |
| if: needs.set-condition.outputs.run_parachain_test == 'true' | |
| timeout-minutes: 35 | |
| run: | | |
| make test-ts-${{ matrix.chain }} | |
| - name: Collect docker logs if test fails | |
| continue-on-error: true | |
| uses: jwalton/gh-docker-logs@v2 | |
| if: failure() | |
| with: | |
| tail: all | |
| dest: docker-logs | |
| - name: Upload docker logs if test fails | |
| uses: actions/upload-artifact@v6 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.chain }}-ts-tests-docker-logs | |
| path: docker-logs | |
| if-no-files-found: ignore | |
| retention-days: 3 | |
| - name: Archive logs if test fails | |
| uses: actions/upload-artifact@v6 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.chain }}-ts-tests-artifact | |
| path: /tmp/parachain_dev/ | |
| if-no-files-found: ignore | |
| retention-days: 3 | |
| - name: Fail early | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| parachain-check: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - fmt | |
| - set-condition | |
| - sequentialise | |
| # run_parachain_test is related to ts-tests only | |
| if: needs.set-condition.outputs.rebuild_parachain == 'true' | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Free up disk space | |
| if: startsWith(runner.name, 'GitHub Actions') | |
| uses: ./.github/actions/disk-cleanup | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update && \ | |
| sudo apt-get install -yq protobuf-compiler | |
| - name: Run cargo clippy check | |
| run: make clippy | |
| - name: Run all unittests | |
| working-directory: ./parachain | |
| run: | | |
| echo "::group::heima-primitives unittest" | |
| cargo test --locked -p heima-primitives --lib | |
| echo "::endgroup::" | |
| echo "::group::all pallets unittest" | |
| cargo test --locked -p pallet-* --lib | |
| echo "::endgroup::" | |
| echo "::group::all pallets unittest with runtime-benchmarks feature" | |
| cargo test --locked -p pallet-* --lib --features=runtime-benchmarks | |
| echo "::endgroup::" | |
| # We could have used matrix but the runtime tests are executed sequentially for a cleaner GHA visualisation graph. | |
| # It won't take much longer as we run them back to back. | |
| - name: Run runtime tests | |
| working-directory: ./parachain | |
| run: | | |
| echo "::group::paseo runtime test" | |
| cargo test --locked -p paseo-runtime --lib | |
| echo "::endgroup::" | |
| echo "::group::heima runtime test" | |
| cargo test --locked -p heima-runtime --lib | |
| echo "::endgroup::" | |
| - name: Fail early | |
| if: failure() | |
| uses: andymckay/[email protected] | |
| omni-executor-test: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - set-condition | |
| - omni-executor-build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - test_name: jsonrpc-mock-tests | |
| - test_name: submit-user-op-tests | |
| # disable it during RPC method refactoring | |
| # - test_name: omni-client-sdk-test | |
| # - test_name: omni-account-test | |
| name: ${{ matrix.test_name }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| name: litentry-omni | |
| - name: Load docker image | |
| run: | | |
| docker load < litentry-omni.tar.gz | |
| docker images | |
| - name: Integration omni executor test ${{ matrix.test_name }} | |
| working-directory: ./tee-worker/omni-executor/docker | |
| if: needs.set-condition.outputs.run_omni_executor_test == 'true' | |
| timeout-minutes: 40 | |
| run: | | |
| # Create .env file that needs by the docker-compose.yml | |
| touch ../.env | |
| git submodule update --init --recursive | |
| docker compose build --no-cache aa-contracts-deploy | |
| docker compose -f docker-compose.yml -f docker-compose.test.yml -f ${{ matrix.test_name }}.yml up --no-build --exit-code-from ${{ matrix.test_name }} ${{ matrix.test_name }} | |
| - name: Collect docker logs if test fails | |
| continue-on-error: true | |
| uses: jwalton/gh-docker-logs@v2 | |
| if: failure() | |
| with: | |
| tail: all | |
| dest: docker-logs | |
| - name: Upload docker logs if test fails | |
| uses: actions/upload-artifact@v6 | |
| if: failure() | |
| with: | |
| name: ${{ matrix.test_name }}-docker-logs | |
| path: docker-logs | |
| if-no-files-found: ignore | |
| retention-days: 3 | |
| # Secrets are not passed to the runner when a workflow is triggered from a forked repository, | |
| # see https://docs.github.com/en/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow | |
| # | |
| # Only try to push docker image when | |
| # - parachain-ts-test passes | |
| # - omni-executor-test passes | |
| # - set-condition.outputs.push_docker is `true` | |
| # Whether the parachain or tee-worker image will actually be pushed still depends on if a new image was built/rebuilt. | |
| # This is important not to overwrite any other jobs where a rebuild **was** triggered. | |
| # | |
| # We don't have to depend on jobs like `parachain-unit-test` as they have the same trigger condition `rebuild_parachain`, | |
| # so there must be no new image if `parachain-unit-test` is skipped. | |
| # | |
| # `!failure()` needs to be used to cover skipped jobs | |
| push-docker: | |
| runs-on: ubuntu-22.04 | |
| needs: | |
| - set-condition | |
| - parachain-ts-test | |
| - omni-executor-test | |
| if: ${{ !failure() && needs.set-condition.outputs.push_docker == 'true' }} | |
| steps: | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| name: heima | |
| - uses: actions/download-artifact@v7 | |
| with: | |
| name: litentry-omni | |
| - name: Dockerhub login | |
| uses: docker/login-action@v3 | |
| with: | |
| username: litentry | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Push parachain image | |
| if: needs.set-condition.outputs.rebuild_parachain == 'true' | |
| run: | | |
| docker load < heima.tar.gz | |
| docker push litentry/heima | |
| - name: Push omni-executor image | |
| if: needs.set-condition.outputs.rebuild_omni_executor == 'true' | |
| run: | | |
| docker load < litentry-omni.tar.gz | |
| docker push litentry/omni-executor |