Triggered by jamilbk on pull_request #11884
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Continuous Integration | |
run-name: Triggered by ${{ github.actor }} on ${{ github.event_name }} | |
on: | |
pull_request: | |
merge_group: | |
types: [checks_requested] | |
workflow_call: | |
inputs: | |
stage: | |
required: true | |
type: string | |
profile: | |
required: true | |
type: string | |
env: | |
# mark:automatic-version | |
VERSION: "1.0.6" | |
# Cancel old workflow runs if new code is pushed | |
concurrency: | |
group: "ci-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}" | |
cancel-in-progress: ${{ github.event_name != 'workflow_call' }} | |
jobs: | |
kotlin: | |
uses: ./.github/workflows/_kotlin.yml | |
secrets: inherit | |
swift: | |
uses: ./.github/workflows/_swift.yml | |
secrets: inherit | |
tauri: | |
uses: ./.github/workflows/_tauri.yml | |
secrets: inherit | |
elixir: | |
uses: ./.github/workflows/_elixir.yml | |
rust: | |
uses: ./.github/workflows/_rust.yml | |
secrets: inherit | |
static-analysis: | |
uses: ./.github/workflows/_static-analysis.yml | |
terraform: | |
uses: ./.github/workflows/_terraform.yml | |
secrets: inherit | |
codeql: | |
uses: ./.github/workflows/_codeql.yml | |
secrets: inherit | |
update-release-draft: | |
runs-on: ubuntu-22.04 | |
outputs: | |
tag_name: ${{ steps.update-release-draft.outputs.tag_name }} | |
steps: | |
- uses: release-drafter/release-drafter@v6 | |
id: update-release-draft | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
build-artifacts: | |
needs: update-release-draft | |
uses: ./.github/workflows/_build_artifacts.yml | |
secrets: inherit | |
with: | |
# Build debug/ on PRs and merge group, no prefix for production release images | |
image_prefix: ${{ ((github.event_name == 'pull_request' || github.event_name == 'merge_group') && 'debug') || '' }} | |
profile: ${{ inputs.profile || 'debug' }} | |
stage: ${{ inputs.stage || 'debug' }} | |
tag_name: ${{ needs.update-release-draft.outputs.tag_name }} | |
build-base-perf-artifacts: | |
needs: update-release-draft | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: ./.github/workflows/_build_artifacts.yml | |
secrets: inherit | |
with: | |
sha: ${{ github.event.pull_request.base.sha }} | |
image_prefix: 'perf' | |
profile: 'release' | |
stage: 'debug' | |
tag_name: ${{ needs.update-release-draft.outputs.tag_name }} | |
build-head-perf-artifacts: | |
needs: update-release-draft | |
if: ${{ github.event_name == 'pull_request' }} | |
uses: ./.github/workflows/_build_artifacts.yml | |
secrets: inherit | |
with: | |
sha: ${{ github.sha }} | |
image_prefix: 'perf' | |
profile: 'release' | |
stage: 'debug' | |
tag_name: ${{ needs.update-release-draft.outputs.tag_name }} | |
integration-tests: | |
uses: ./.github/workflows/_integration_tests.yml | |
needs: build-artifacts | |
secrets: inherit | |
with: | |
gateway_image: ${{ needs.build-artifacts.outputs.gateway_image }} | |
client_image: ${{ needs.build-artifacts.outputs.client_image }} | |
relay_image: ${{ needs.build-artifacts.outputs.relay_image }} | |
snownet-tests: | |
needs: build-artifacts | |
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} | |
name: snownet-tests-${{ matrix.name }} | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
id-token: write | |
pull-requests: write | |
env: | |
RELAY_TAG: ${{ github.sha }} | |
SNOWNET_TAG: ${{ github.sha }} | |
strategy: | |
fail-fast: false | |
matrix: | |
name: | |
- lan | |
- wan-hp | |
- wan-relay | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: ./.github/actions/gcp-docker-login | |
id: login | |
with: | |
project: firezone-staging | |
- name: Run docker-compose.${{ matrix.name }}.yml test | |
run: | | |
sudo sysctl -w vm.overcommit_memory=1 | |
timeout 600 docker compose -f rust/snownet-tests/docker-compose.${{ matrix.name }}.yml up --exit-code-from dialer --abort-on-container-exit | |
compatibility-tests: | |
# Don't run compatibility tests when called from hotfix.yml or publish.yml on `main` because | |
# it'll be red if there was a breaking change we're tring to publish, | |
# and the deploy_production workflow checks for main to be green. | |
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }} | |
uses: ./.github/workflows/_integration_tests.yml | |
needs: build-artifacts | |
secrets: inherit | |
with: | |
gateway_image: "ghcr.io/firezone/gateway" | |
gateway_tag: "latest" | |
client_image: "ghcr.io/firezone/client" | |
client_tag: "latest" | |
perf-tests: | |
# Only the debug images have perf tooling | |
if: ${{ github.event_name == 'pull_request' }} | |
name: perf-tests-${{ matrix.version.prefix }}-${{ matrix.test_name }} | |
needs: | |
- build-base-perf-artifacts | |
- build-head-perf-artifacts | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
id-token: write | |
pull-requests: write | |
env: | |
API_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/api' | |
API_TAG: ${{ matrix.version.sha }} | |
WEB_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/web' | |
WEB_TAG: ${{ matrix.version.sha }} | |
ELIXIR_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/elixir' | |
ELIXIR_TAG: ${{ matrix.version.sha }} | |
GATEWAY_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/perf/gateway' | |
GATEWAY_TAG: ${{ matrix.version.sha }} | |
CLIENT_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/perf/client' | |
CLIENT_TAG: ${{ matrix.version.sha }} | |
RELAY_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/perf/relay' | |
RELAY_TAG: ${{ matrix.version.sha }} | |
strategy: | |
fail-fast: false | |
matrix: | |
version: | |
- sha: ${{ github.sha }} | |
prefix: head | |
- sha: ${{ github.event.pull_request.base.sha }} | |
prefix: base | |
test_name: | |
- direct-tcp-client2server | |
- direct-tcp-server2client | |
- direct-udp-client2server | |
- direct-udp-server2client | |
- relayed-tcp-client2server | |
- relayed-tcp-server2client | |
- relayed-udp-client2server | |
- relayed-udp-server2client | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.version.sha }} | |
- uses: ./.github/actions/gcp-docker-login | |
id: login | |
with: | |
project: firezone-staging | |
- name: Seed database | |
run: | |
docker compose run elixir /bin/sh -c 'cd apps/domain && mix ecto.seed' | |
- name: Start docker compose in the background | |
run: | | |
# We need to increase the log level to make sure that they don't hold off storm of packets | |
# generated by UDP tests. Wire is especially chatty. | |
sed -i 's/^\(\s*\)RUST_LOG:.*$/\1RUST_LOG: wire=error,info/' docker-compose.yml | |
cat docker-compose.yml | grep RUST_LOG | |
# Start services in the same order each time for the tests | |
docker compose up -d iperf3 | |
docker compose up -d api web domain --no-build | |
docker compose up -d relay-1 relay-2 --no-build | |
docker compose up -d gateway --no-build | |
docker compose up -d client --no-build | |
- name: 'Performance test: ${{ matrix.test_name }}' | |
timeout-minutes: 5 | |
env: | |
TEST_NAME: ${{ matrix.test_name }} | |
run: ./scripts/tests/perf/${{ matrix.test_name }}.sh | |
- name: 'Save performance test results: ${{ matrix.test_name }}' | |
uses: actions/upload-artifact@v4 | |
with: | |
overwrite: true | |
name: ${{ matrix.test_name }}-${{ matrix.version.sha }}-iperf3results | |
path: ./${{ matrix.test_name }}.json | |
- name: Show Client logs | |
if: "!cancelled()" | |
run: docker compose logs client | |
- name: Show Client UDP stats | |
if: "!cancelled()" | |
run: docker compose exec client cat /proc/net/udp | |
- name: Show Relay-1 logs | |
if: "!cancelled()" | |
run: docker compose logs relay-1 | |
- name: Show Relay-2 logs | |
if: "!cancelled()" | |
run: docker compose logs relay-2 | |
- name: Show Gateway logs | |
if: "!cancelled()" | |
run: docker compose logs gateway | |
- name: Show Gateway UDP stats | |
if: "!cancelled()" | |
run: docker compose exec gateway cat /proc/net/udp | |
- name: Show API logs | |
if: "!cancelled()" | |
run: docker compose logs api | |
- name: Show iperf3 logs | |
if: "!cancelled()" | |
run: docker compose logs iperf3 | |
compare-results: | |
if: github.event_name == 'pull_request' | |
needs: perf-tests | |
runs-on: ubuntu-22.04 | |
permissions: | |
contents: read | |
id-token: write | |
pull-requests: write | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Download base ref performance test results | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: '*-${{ github.event.pull_request.base.sha }}-iperf3results' | |
merge-multiple: true | |
path: ./${{ github.event.pull_request.base.sha }} | |
- name: Download head ref performance test results | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: '*-${{ github.sha }}-iperf3results' | |
merge-multiple: true | |
path: ./${{ github.sha }} | |
- name: Update PR with results | |
uses: actions/github-script@v7 | |
with: | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
script: | | |
const { script } = require('./scripts/tests/perf/results.js'); | |
script(github, context, '${{ github.event.pull_request.base.sha }}', '${{ github.sha }}', [ | |
'direct-tcp-client2server', | |
'direct-tcp-server2client', | |
'direct-udp-client2server', | |
'direct-udp-server2client', | |
'relayed-tcp-client2server', | |
'relayed-tcp-server2client', | |
'relayed-udp-client2server', | |
'relayed-udp-server2client' | |
]); |