Merge pull request #194 from NicoSerranoP/transcript_verification #589
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build, Test & Deploy | |
on: | |
- push | |
- pull_request | |
- workflow_dispatch | |
env: | |
RUST_VERSION: "1.66" | |
NIGHTLY_VERSION: nightly-2022-08-10 | |
CARGO_TERM_COLOR: always | |
# Skip incremental build and debug info generation in CI | |
CARGO_INCREMENTAL: 0 | |
CARGO_PROFILE_DEV_DEBUG: 0 | |
IMAGE_ID: ghcr.io/${{ github.repository }}:${{ github.sha }} | |
IMAGE_LATEST: ghcr.io/${{ github.repository }}:latest | |
BIN: ${{ github.event.repository.name }} | |
jobs: | |
accept: | |
name: Accept | |
runs-on: ubuntu-latest | |
needs: [ lint, test, build_and_push, image_manifest ] | |
steps: | |
- name: Accept | |
run: true | |
lint: | |
name: Lint | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install protobuf | |
run: sudo apt-get install protobuf-compiler | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: ${{ env.NIGHTLY_VERSION }} | |
override: true | |
components: rustfmt, clippy | |
- name: Cache build | |
uses: Swatinem/rust-cache@v1 | |
with: | |
key: cache-v1 | |
- name: Check formatting | |
uses: actions-rs/cargo@v1 | |
with: | |
command: fmt | |
args: --all -- --check | |
- uses: actions-rs/clippy-check@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
args: --locked --workspace --all-features --all-targets | |
- name: Check docs | |
uses: actions-rs/cargo@v1 | |
with: | |
command: doc | |
args: --locked --workspace --all-features --no-deps --document-private-items | |
test: | |
name: Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install protobuf | |
run: sudo apt-get install protobuf-compiler | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: ${{ env.NIGHTLY_VERSION }} | |
override: true | |
- name: Cache build | |
uses: Swatinem/rust-cache@v1 | |
with: | |
key: cache-v1 | |
# Cargo doc test is not included in `--all-targets` | |
# See <https://github.com/rust-lang/cargo/issues/6669> | |
# Cargo doc test also doesn't support `--no-run`, so we run it but | |
# have it just print `--help`. | |
# Cargo doc test also fails if there are no library targets. | |
- name: Build tests | |
run: | | |
cargo test --locked --workspace --all-features --all-targets --no-run | |
cargo test --locked --workspace --all-features --doc -- --help | |
- name: Run tests | |
run: | | |
cargo test --locked --workspace --all-features --all-targets -- --nocapture | |
cargo test --locked --workspace --all-features --doc -- --nocapture | |
codecov: | |
# See <https://doc.rust-lang.org/nightly/unstable-book/compiler-flags/source-based-code-coverage.html> | |
name: Coverage | |
runs-on: ubuntu-latest | |
env: | |
RUSTFLAGS: -Cinstrument-coverage | |
RUSTDOCFLAGS: -C instrument-coverage -Z unstable-options --persist-doctests target/debug/doctestbins | |
LLVM_PROFILE_FILE: profile-%m.profraw | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install protobuf | |
run: sudo apt-get install protobuf-compiler | |
- name: Install rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: ${{ env.NIGHTLY_VERSION }} | |
override: true | |
components: llvm-tools-preview | |
- name: Cache build | |
uses: Swatinem/rust-cache@v1 | |
with: | |
key: cache-v1 | |
- name: Install cargo-tarpaulin | |
run: | | |
cargo install cargo-tarpaulin | |
- name: Generate RSA Test Keys | |
run: | | |
openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -out private.key | |
openssl rsa -in private.key -pubout -out publickey.pem | |
- name: Generate code coverage | |
run: | | |
cargo tarpaulin --out Xml --avoid-cfg-tarpaulin --timeout 180 --features arkworks blst --workspace | |
- name: Submit to codecov.io | |
uses: codecov/codecov-action@v3.1.1 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} # Optional for public repos | |
flags: test | |
fail_ci_if_error: true | |
verbose: true | |
security_audit: | |
name: Dependency Security Audit | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install protobuf | |
run: sudo apt-get install protobuf-compiler | |
- name: Set up Rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: ${{ env.RUST_VERSION }} | |
default: true | |
- uses: actions-rs/audit-check@v1 | |
with: | |
token: ${{ secrets.GITHUB_TOKEN }} | |
build_and_push: | |
name: Build image | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
platform: [ amd64, arm64 ] | |
env: | |
FEATURES: mimalloc | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install protobuf | |
run: sudo apt-get install protobuf-compiler | |
- name: Set up Rust | |
uses: actions-rs/toolchain@v1 | |
with: | |
profile: minimal | |
toolchain: ${{ env.RUST_VERSION }} | |
default: true | |
- name: Set up QEMU | |
id: qemu | |
uses: docker/setup-qemu-action@v2 | |
- name: Available platforms | |
run: echo ${{ steps.qemu.outputs.platforms }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
version: v0.9.1 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Cache build | |
uses: Swatinem/rust-cache@v1 | |
with: | |
key: ${{ matrix.platform }}-cache-v1 | |
- name: Build executable | |
run: | | |
case ${{ matrix.platform }} in | |
amd64) ARCH=x86_64 ;; | |
arm64) ARCH=aarch64 ;; | |
*) false | |
esac | |
docker run --rm \ | |
-u $UID:$GID \ | |
-v "$(pwd)":/src \ | |
-v $HOME/.cargo:/usr/local/cargo \ | |
-v /usr/local/cargo/bin \ | |
ghcr.io/recmo/rust-static-build:$RUST_VERSION-$ARCH \ | |
cargo build --locked --release --features "$FEATURES" | |
- name: Build and push | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
platforms: linux/${{ matrix.platform }} | |
tags: ${{ env.IMAGE_ID }}-${{ matrix.platform }} | |
push: true | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
build-args: BIN=${{ env.BIN }} | |
- name: Test image | |
run: | |
docker run --pull always --platform linux/${{ matrix.platform }} --rm $IMAGE_ID-${{ matrix.platform }} --version | |
image_manifest: | |
name: Image manifest | |
runs-on: ubuntu-latest | |
needs: [ build_and_push ] | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Create manifest | |
run: docker manifest create $IMAGE_ID{,-amd64,-arm64} | |
- name: Inspect manifest | |
run: docker manifest inspect $IMAGE_ID | |
- name: Push manifest | |
run: docker manifest push $IMAGE_ID | |
- name: Push latest tag | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
run: | | |
docker pull $IMAGE_ID | |
docker tag $IMAGE_ID $IMAGE_LATEST | |
docker push $IMAGE_LATEST | |
push_to_docker: | |
name: Push to Docker Hub | |
runs-on: ubuntu-latest | |
needs: [ image_manifest ] | |
steps: | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
# Access token `kzg-ceremony-sequencer-github-actions` | |
username: carlbeek | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
- name: Push commit tag | |
run: | | |
docker pull $IMAGE_ID | |
docker tag $IMAGE_ID ethereum/kzg-ceremony-sequencer:${{ github.sha }} | |
docker push ethereum/kzg-ceremony-sequencer:${{ github.sha }} | |
- name: Push latest tag | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
run: | | |
docker pull $IMAGE_ID | |
docker tag $IMAGE_ID ethereum/kzg-ceremony-sequencer:latest | |
docker push ethereum/kzg-ceremony-sequencer:latest | |
deploy_on_fly: | |
name: Deploy on fly.io | |
runs-on: ubuntu-latest | |
needs: [ push_to_docker ] | |
if: ${{ github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: recursive | |
- name: Install flyctl | |
uses: superfly/flyctl-actions/setup-flyctl@master | |
- name: Deploy on fly.io | |
env: | |
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} | |
run: flyctl deploy --remote-only |