name: CI on: workflow_dispatch: push: branches: - master pull_request: types: [ opened, synchronize, reopened, labeled, unlabeled ] release: types: [ published ] concurrency: group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} cancel-in-progress: true env: CARGO_TERM_COLOR: always RUST_VERSION: 1.75.0 NIGHTLY_RUST_VERSION: nightly-2023-10-29 RUSTFLAGS: -D warnings REGISTRY: ghcr.io SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2 FUEL_ALWAYS_USE_WASM: true jobs: check-changelog: name: Check Changelog runs-on: ubuntu-latest steps: - uses: tarides/changelog-check-action@v2 with: changelog: CHANGELOG.md rustfmt: runs-on: buildjet-4vcpu-ubuntu-2204 steps: - uses: actions/checkout@v3 - name: Install latest nightly uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.NIGHTLY_RUST_VERSION }} components: rustfmt - name: Rustfmt check run: cargo +${{ env.NIGHTLY_RUST_VERSION }} fmt --all -- --check lint-toml-files: runs-on: buildjet-4vcpu-ubuntu-2204 steps: - uses: actions/checkout@v3 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_VERSION }} - name: setup binstall uses: taiki-e/install-action@cargo-binstall - name: Install Cargo.toml linter run: cargo binstall --no-confirm cargo-sort - name: Run Cargo.toml sort check run: cargo sort -w --check - name: Install Prettier and TOML Plugin run: | # prettier has issues with global installation and plugin discovery. The temporary `package.json` created by `npm init -y` is a workaround. npm init -y > /dev/null 2>&1 npm install prettier prettier-plugin-toml - name: Check format of Cargo.toml files run: | if ! npx prettier --check "**/Cargo.toml"; then npx prettier --write "**/Cargo.toml" > /dev/null 2>&1 echo "Changes required:" git --no-pager diff exit 1 fi - uses: FuelLabs/.github/.github/actions/slack-notify-template@master if: always() && github.ref == 'refs/heads/master' with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} lint-helm-chart: runs-on: buildjet-4vcpu-ubuntu-2204 steps: - uses: actions/checkout@v3 - name: Set up Helm uses: azure/setup-helm@v3 with: version: v3.10.0 - name: helm lint run: | cd deployment/charts helm lint prevent-openssl: runs-on: buildjet-4vcpu-ubuntu-2204 steps: - uses: actions/checkout@v3 # ensure openssl hasn't crept into the dep tree - name: Check if openssl is included run: ./.github/workflows/scripts/verify_openssl.sh - uses: FuelLabs/.github/.github/actions/slack-notify-template@master if: always() && github.ref == 'refs/heads/master' with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} cargo-verifications: needs: - lint-toml-files - prevent-openssl - rustfmt - check-changelog runs-on: buildjet-4vcpu-ubuntu-2204 env: RUSTFLAGS: -D warnings strategy: matrix: include: - command: clippy args: -p fuel-core-wasm-executor --target wasm32-unknown-unknown --no-default-features - command: clippy args: --all-targets --all-features - command: check args: --all-targets - command: doc args: --all-features --workspace --no-deps - command: make args: check --locked - command: test args: --workspace - command: test args: --all-features --workspace - command: test args: -p fuel-core --no-default-features - command: test args: -p fuel-core-client --no-default-features - command: test args: -p fuel-core-chain-config --no-default-features - command: test args: --manifest-path version-compatibility/Cargo.toml --workspace - command: build args: -p fuel-core-bin --no-default-features --features production # WASM compatibility checks - command: check args: -p fuel-core-types --target wasm32-unknown-unknown --no-default-features - command: check args: -p fuel-core-storage --target wasm32-unknown-unknown --no-default-features - command: check args: -p fuel-core-client --target wasm32-unknown-unknown --no-default-features - command: check args: -p fuel-core-chain-config --target wasm32-unknown-unknown --no-default-features - command: check args: -p fuel-core-executor --target wasm32-unknown-unknown --no-default-features # disallow any job that takes longer than 45 minutes timeout-minutes: 45 continue-on-error: ${{ matrix.skip-error || false }} steps: - uses: actions/checkout@v3 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_VERSION }} targets: "wasm32-unknown-unknown" components: "clippy" - name: Install Cargo Make uses: davidB/rust-cargo-make@v1 with: version: "0.36.4" - uses: rui314/setup-mold@v1 - uses: buildjet/cache@v3 with: path: | ~/.cargo/bin/ ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ target/ key: ${{ matrix.command }}-${{ matrix.args }}-${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - name: ${{ matrix.command }} ${{ matrix.args }} run: cargo ${{ matrix.command }} ${{ matrix.args }} - uses: FuelLabs/.github/.github/actions/slack-notify-template@master if: always() && github.ref == 'refs/heads/master' with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} env: RUSTFLAGS: -D warnings publish-crates-check: runs-on: buildjet-4vcpu-ubuntu-2204 steps: - name: Checkout repository uses: actions/checkout@v3 - uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_VERSION }} - name: Publish crate check uses: xgreenx/publish-crates@v1 with: dry-run: true check-repo: false ignore-unpublished-changes: true verifications-complete: needs: - cargo-verifications - publish-crates-check - lint-helm-chart runs-on: buildjet-4vcpu-ubuntu-2204 steps: - run: echo "pass" verify-tag-version: # Only do this job if publishing a release if: github.event_name == 'release' && github.event.action == 'published' runs-on: buildjet-4vcpu-ubuntu-2204 steps: - name: Checkout repository uses: actions/checkout@v3 - name: Verify tag version run: | # TODO: Automate running `verify_tag` only for "publish = true" crates curl -sSLf "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -L -o dasel && chmod +x dasel mv ./dasel /usr/local/bin/dasel ./.github/workflows/scripts/verify_tag.sh ${{ github.ref_name }} Cargo.toml - name: Verify helm chart version run: | ./.github/workflows/scripts/verify_chart_version.sh publish-crates: # Only do this job if publishing a release needs: - verify-tag-version - verifications-complete if: github.event_name == 'release' && github.event.action == 'published' runs-on: buildjet-4vcpu-ubuntu-2204 steps: - name: Checkout repository uses: actions/checkout@v3 - name: Install toolchain uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_VERSION }} - name: Publish crate uses: xgreenx/publish-crates@v1 with: publish-delay: 60000 registry-token: ${{ secrets.CARGO_REGISTRY_TOKEN }} - uses: FuelLabs/.github/.github/actions/slack-notify-template@master if: always() with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} publish-docker-image: needs: - verifications-complete runs-on: buildjet-4vcpu-ubuntu-2204 permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v3 - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/fuellabs/fuel-core tags: | type=sha type=ref,event=branch type=ref,event=tag type=semver,pattern={{raw}} type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} flavor: | latest=${{ github.ref == 'refs/heads/master' }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - name: Log in to the ghcr.io registry uses: docker/login-action@v1 with: registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Log in to the docker.io registry uses: docker/login-action@v2 with: username: fuellabs password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} - name: Build and push the image to ghcr.io uses: docker/build-push-action@v4 with: context: . platforms: linux/amd64,linux/arm64 file: deployment/Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-build-cache:latest cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-build-cache:latest,mode=max # duplicate of publish-docker-image, but with profiling features enabled # this is split into a separate action since it takes longer to build publish-docker-image-profiling: needs: - verifications-complete runs-on: buildjet-16vcpu-ubuntu-2204 permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v3 - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/fuellabs/fuel-core-debug tags: | type=sha type=ref,event=branch type=ref,event=tag type=semver,pattern={{raw}} type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} flavor: | latest=${{ github.ref == 'refs/heads/master' }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - name: Log in to the ghcr.io registry uses: docker/login-action@v1 with: registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Build and push the image to ghcr.io uses: docker/build-push-action@v2 with: context: . file: deployment/Dockerfile build-args: "DEBUG_SYMBOLS=true" push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-debug-build-cache:latest cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-debug-build-cache:latest,mode=max - uses: FuelLabs/.github/.github/actions/slack-notify-template@master if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} publish-e2e-client-docker-image: needs: - verifications-complete runs-on: buildjet-4vcpu-ubuntu-2204 permissions: contents: read packages: write steps: - name: Checkout repository uses: actions/checkout@v3 - name: Docker meta id: meta uses: docker/metadata-action@v3 with: images: | ghcr.io/fuellabs/fuel-core-e2e-client tags: | type=sha type=ref,event=branch type=ref,event=tag type=semver,pattern={{raw}} type=raw,value=sha-{{sha}}-{{date 'YYYYMMDDhhmmss'}} flavor: | latest=${{ github.ref == 'refs/heads/master' }} - name: Set up Docker Buildx uses: docker/setup-buildx-action@v1 - name: Log in to the ghcr.io registry uses: docker/login-action@v1 with: registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Log in to the docker.io registry uses: docker/login-action@v2 with: username: fuellabs password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} - name: Build and push the image to ghcr.io uses: docker/build-push-action@v2 with: context: . file: deployment/e2e-client.Dockerfile push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=registry,ref=ghcr.io/fuellabs/fuel-core-e2e-build-cache:latest cache-to: type=registry,ref=ghcr.io/fuellabs/fuel-core-e2e-build-cache:latest,mode=max - uses: FuelLabs/.github/.github/actions/slack-notify-template@master if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} publish-fuel-core-binary: name: Release fuel-core binaries runs-on: ${{ matrix.job.os }} # Only do this job if publishing a release needs: - verify-tag-version - verifications-complete if: github.event_name == 'release' && github.event.action == 'published' continue-on-error: true strategy: fail-fast: false matrix: job: - os: buildjet-4vcpu-ubuntu-2204 platform: linux target: x86_64-unknown-linux-gnu cross_image: x86_64-linux-gnu - os: buildjet-4vcpu-ubuntu-2204 platform: linux-arm target: aarch64-unknown-linux-gnu cross_image: aarch64-linux-gnu - os: macos-latest platform: darwin target: x86_64-apple-darwin - os: macos-latest platform: darwin-arm target: aarch64-apple-darwin steps: - name: Checkout repository uses: actions/checkout@v3 - name: Set up Docker Buildx if: matrix.job.cross_image uses: docker/setup-buildx-action@v1 - name: Log in to the ghcr.io registry if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' uses: docker/login-action@v1 with: registry: ${{ env.REGISTRY }} username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - name: Log in to the docker.io registry if: matrix.job.os == 'buildjet-4vcpu-ubuntu-2204' uses: docker/login-action@v2 with: username: fuellabs password: ${{ secrets.DOCKER_IO_READ_ONLY_TOKEN }} - name: Setup custom cross env ${{ matrix.job.cross_image }} if: matrix.job.cross_image uses: docker/build-push-action@v2 with: context: ci file: ci/Dockerfile.${{ matrix.job.target }}-clang tags: ${{ matrix.job.cross_image }}:latest load: true cache-from: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest cache-to: type=registry,ref=ghcr.io/fuellabs/${{ matrix.job.cross_image }}-build-cache:latest,mode=max - name: Install packages (macOS) if: matrix.job.os == 'macos-latest' run: | ci/macos-install-packages.sh - name: Install toolchain uses: dtolnay/rust-toolchain@master with: toolchain: ${{ env.RUST_VERSION }} target: ${{ matrix.job.target }} - name: Install cross uses: baptiste0928/cargo-install@v1 with: crate: cross cache-key: '${{ matrix.job.target }}' - name: Build fuel-core and fuel-core-keygen run: | cross build --profile=release --target ${{ matrix.job.target }} --no-default-features --features "production" -p fuel-core-bin cross build --profile=release --target ${{ matrix.job.target }} -p fuel-core-keygen-bin - name: Strip release binary linux x86_64 if: matrix.job.platform == 'linux' run: | strip "target/${{ matrix.job.target }}/release/fuel-core" strip "target/${{ matrix.job.target }}/release/fuel-core-keygen" - name: Strip release binary aarch64-linux-gnu if: matrix.job.target == 'aarch64-unknown-linux-gnu' run: | docker run --rm -v \ "$PWD/target:/target:Z" \ aarch64-linux-gnu:latest \ aarch64-linux-gnu-strip \ /target/aarch64-unknown-linux-gnu/release/fuel-core docker run --rm -v \ "$PWD/target:/target:Z" \ aarch64-linux-gnu:latest \ aarch64-linux-gnu-strip \ /target/aarch64-unknown-linux-gnu/release/fuel-core-keygen - name: Strip release binary mac if: matrix.job.os == 'macos-latest' run: | strip -x "target/${{ matrix.job.target }}/release/fuel-core" strip -x "target/${{ matrix.job.target }}/release/fuel-core-keygen" - name: Prepare Binary Artifact env: PLATFORM_NAME: ${{ matrix.job.platform }} TARGET: ${{ matrix.job.target }} run: | # trim refs/tags/ prefix FUEL_CORE_VERSION="${GITHUB_REF#refs/tags/}" # optionally trim v from tag prefix FUEL_CORE_VERSION="${FUEL_CORE_VERSION#v}" echo "version is: $FUEL_CORE_VERSION" # setup artifact filename ARTIFACT="fuel-core-$FUEL_CORE_VERSION-${{ env.TARGET }}" ZIP_FILE_NAME="$ARTIFACT.tar.gz" echo "ZIP_FILE_NAME=$ZIP_FILE_NAME" >> $GITHUB_ENV # create zip file mkdir -pv "$ARTIFACT" cp "target/${{ matrix.job.target }}/release/fuel-core" "$ARTIFACT" cp "target/${{ matrix.job.target }}/release/fuel-core-keygen" "$ARTIFACT" cp "target/${{ matrix.job.target }}/release/fuel-core-upgradable-executor-cache/wasm32-unknown-unknown/release/fuel-core-wasm-executor.wasm" "$ARTIFACT" tar -czvf "$ZIP_FILE_NAME" "$ARTIFACT" - name: Upload Binary Artifact uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ github.token }} with: upload_url: ${{ github.event.release.upload_url }} asset_path: ./${{ env.ZIP_FILE_NAME }} asset_name: ${{ env.ZIP_FILE_NAME }} asset_content_type: application/gzip - uses: FuelLabs/.github/.github/actions/slack-notify-template@master if: always() && (github.ref == 'refs/heads/master' || github.ref_type == 'tag') && matrix.job.os != 'macos-latest' with: github_token: ${{ secrets.GITHUB_TOKEN }} slack_webhook: ${{ secrets.SLACK_WEBHOOK_NOTIFY_BUILD }} # Deploy Fuel Core Ephemeral Developer Environment deploy-eph-env: if: startsWith(github.head_ref, 'preview/') needs: - publish-docker-image runs-on: buildjet-4vcpu-ubuntu-2204 steps: - name: Set Environment Variables run: | tag=(`echo $GITHUB_SHA | cut -c1-7`) echo "IMAGE_TAG=`echo sha-$tag`" >> $GITHUB_ENV echo "DEPLOYMENT_VERSION=$(echo $GITHUB_SHA)" >> $GITHUB_ENV echo "NAMESPACE=$(echo ${GITHUB_HEAD_REF} | cut -c 9-)" >> $GITHUB_ENV - name: Deploy Fuel Core Ephemeral Developer Environment uses: benc-uk/workflow-dispatch@v1 with: workflow: Deploy Fuel-Core on k8s repo: FuelLabs/fuel-deployment ref: refs/heads/master token: ${{ secrets.REPO_TOKEN }} inputs: '{ "k8s-type": "${{ env.K8S }}", "config-directory": "${{ env.CONFIG }}", "config-env": "${{ env.ENV }}", "deployment-version": "${{ env.DEPLOYMENT_VERSION }}", "image-tag": "${{ env.IMAGE_TAG }}", "namespace": "${{ env.NAMESPACE }}", "delete-infra": "${{ env.DELETE_INFRA }}" }' env: K8S: 'eks' CONFIG: 'fuel-dev1' ENV: 'fueldevsway.env' DELETE_INFRA: true cargo-audit: runs-on: ubuntu-latest continue-on-error: true steps: - uses: actions/checkout@v3 - uses: actions-rs/audit-check@v1 with: token: ${{ secrets.GITHUB_TOKEN }}