refactor(ci): only run ARM on master (#5705)

- Standardize GA action naming, refactor runner setup to a subworkflow
- Use https://github.com/ben-z/gh-action-mutex in a different repo,
begrudgingly our best concurrency primitive. The standard GA concurrency
primitive has a gotcha surrounding canceling pending jobs, see
https://github.com/orgs/community/discussions/5435
- Up timeouts, 25 wasn't always enough for full build
- Split out ARM CI, only run it on master

.github/ci-setup-action/action.yml

@@ -6,6 +6,12 @@ inputs:
   dockerhub_password:
     required: true
     description: 'DockerHub Password'
+  concurrency_key:
+    required: false
+    description: 'Concurrency key for locking jobs'
+  concurrency_token:
+    required: false
+    description: 'Must be provided with concurrency key. GH token used to lock this job.'
 runs:
   # define an action, runs in OS of caller
   using: composite
@@ -56,3 +62,13 @@ runs:
         else
           echo "Docker daemon already configured."
         fi
+    # As detailed in https://github.com/ben-z/gh-action-mutex
+    # things do not become 'pending' in github actions, and instead just cancel one another
+    # so we can't use the native concurrency in GA
+    - name: Limit concurrency
+      uses: ben-z/gh-action-mutex@v1.0.0-alpha.9
+      if: ${{ inputs.concurrency_key }}
+      with:
+        repo-token: ${{ inputs.concurrency_token }}
+        repository: AztecProtocol/git-metadata
+        branch: gh-actions-mutex-${{ inputs.concurrency_key }}

.github/workflows/ci-arm.yml

@@ -0,0 +1,70 @@
+name: CI
+on:
+  push:
+    branches: [master]
+  workflow_dispatch:
+    inputs:
+      runner_action:
+        description: "The action to take with the self-hosted runner (start, stop, restart)."
+        required: false
+      just_start_spot:
+        description: "Should we just run spots?"
+        type: boolean
+        required: false
+concurrency:
+  # force parallelism in master, cancelling in branches (only relevant to workflow_dispatch)
+  group: ci-${{ github.ref_name == 'master' && github.run_id || github.ref_name }}
+  cancel-in-progress: true
+jobs:
+  setup:
+    uses: ./.github/workflows/setup-runner.yml
+    with:
+      runner_label: master-arm
+      ebs_cache_size_gb: 128
+      runner_concurrency: 8
+      ec2_instance_type: r6g.16xlarge
+      ec2_ami_id: ami-0d8a9b0419ddb331a
+      ec2_instance_ttl: 40 # refreshed by jobs
+    secrets: inherit
+
+  build:
+    needs: setup
+    runs-on: master-arm
+    timeout-minutes: 40
+    steps:
+      - {uses: actions/checkout@v4, with: { ref: "${{ github.event.pull_request.head.sha }}"}}
+      - uses: ./.github/ci-setup-action
+        with:
+          dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}"
+          concurrency_token: "${{ secrets.AZTEC_GITHUB_TOKEN }}"
+          # must be globally unique for build x runner
+          concurrency_key: build-master-arm
+      # prepare images locally, tagged by commit hash
+      - run: earthly ./yarn-project+export-end-to-end
+
+  # all the end-to-end integration tests for aztec
+  e2e:
+    needs: build
+    runs-on: master-arm
+    timeout-minutes: 15
+    strategy:
+      fail-fast: false
+      matrix:
+        test:
+          - e2e-card-game
+          - e2e-crowdfunding-and-claim
+    steps:
+      - {uses: actions/checkout@v4, with: { ref: "${{ github.event.pull_request.head.sha }}"}}
+      - uses: ./.github/ci-setup-action
+        with:
+          dockerhub_password: "${{ secrets.DOCKERHUB_PASSWORD }}"
+          concurrency_token: "${{ secrets.AZTEC_GITHUB_TOKEN }}"
+          concurrency_key: e2e-master-arm
+      # Ensure that a test only ever is running one e2e at a time
+      - name: Set up mutex
+        uses: ben-z/gh-action-mutex@v1.0.0-alpha.9
+        with:
+          branch: gh-action-mutex-e2e-arm-master-${{ matrix.test }}
+      - name: Test
+        working-directory: ./yarn-project/end-to-end/
+        run: earthly -P --no-output +${{ matrix.test }} --e2e_mode=cache