Skip to content

Commit

Permalink
Merge branch 'master' into leon/transcripts_in_cup
Browse files Browse the repository at this point in the history
  • Loading branch information
Sawchord authored Nov 6, 2024
2 parents d1863e1 + 907865e commit 5ea12ad
Show file tree
Hide file tree
Showing 581 changed files with 20,623 additions and 13,996 deletions.
2 changes: 1 addition & 1 deletion .devcontainer/devcontainer.json
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
{
"image": "ghcr.io/dfinity/ic-build@sha256:14f87ab5f58f00929a0adcdbadd025a5d1dc1911b00f8b7e407a5f56966a0ca3",
"image": "ghcr.io/dfinity/ic-build@sha256:80e976b63af2b1b352c8c5959cb6c6b02aaa56a4efa327569d8c85c9c81a2cec",
"remoteUser": "ubuntu",
"privileged": true,
"runArgs": [
Expand Down
1 change: 1 addition & 0 deletions .github/CODEOWNERS
Validating CODEOWNERS rules …
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ go_deps.bzl @dfinity/idx
/.github/CODEOWNERS @dfinity/ic-owners-owners
/ci/ @dfinity/idx
/ci/src/dependencies/ @dfinity/product-security
/ci/src/dependencies/resources/container_scanner_finding_failover_ignore_list_guestos.txt @dfinity/node
/.pre-commit-config.yaml @dfinity/idx
/pre-commit/ @dfinity/idx

Expand Down
3 changes: 3 additions & 0 deletions .github/actions/bazel-test-all/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -58,6 +58,9 @@ runs:
rm "$exportout"
fi
# output node name to gihub step summary
[ -n "${NODE_NAME:-}" ] && echo "Run on node: $NODE_NAME" >>$GITHUB_STEP_SUMMARY
exit "$BAZEL_EXIT_CODE"
env:
BAZEL_COMMAND: ${{ inputs.BAZEL_COMMAND }}
Expand Down
44 changes: 12 additions & 32 deletions .github/workflows-source/ci-main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -34,7 +34,7 @@ env:

anchors:
image: &image
image: ghcr.io/dfinity/ic-build@sha256:14f87ab5f58f00929a0adcdbadd025a5d1dc1911b00f8b7e407a5f56966a0ca3
image: ghcr.io/dfinity/ic-build@sha256:80e976b63af2b1b352c8c5959cb6c6b02aaa56a4efa327569d8c85c9c81a2cec
dind-large-setup: &dind-large-setup
runs-on:
labels: dind-large
Expand All @@ -51,12 +51,6 @@ anchors:
container:
<<: *image
timeout-minutes: 30
before-script: &before-script
name: Before script
id: before-script
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
docker-login: &docker-login
name: Login to Dockerhub
shell: bash
Expand Down Expand Up @@ -107,7 +101,6 @@ jobs:
labels: dind-large
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Set BAZEL_EXTRA_ARGS
shell: bash
Expand Down Expand Up @@ -173,7 +166,6 @@ jobs:
name: Bazel Build All Config Check
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run bazel build --config=check //rs/...
id: bazel-build-config-check
Expand Down Expand Up @@ -222,7 +214,6 @@ jobs:
<<: *dind-large-setup
steps:
- <<: *checkout
- <<: *before-script
- name: Run Bazel Build Fuzzers
id: bazel-build-fuzzers
uses: ./.github/actions/bazel-test-all/
Expand All @@ -238,7 +229,6 @@ jobs:
<<: *dind-large-setup
steps:
- <<: *checkout
- <<: *before-script
- name: Run Bazel Build Fuzzers AFL
id: bazel-build-fuzzers-afl
uses: ./.github/actions/bazel-test-all/
Expand Down Expand Up @@ -274,16 +264,20 @@ jobs:
build-ic:
name: Build IC
<<: *dind-large-setup
# keep options from dind-large-setup but run on dind-small-setup
runs-on:
group: ch1
labels: dind-small
if: ${{ github.event_name != 'merge_group' }}
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run Build IC
id: build-ic
shell: bash
run: |
set -eExuo pipefail
[ -n "${NODE_NAME:-}" ] && echo "Run on node: $NODE_NAME" >>$GITHUB_STEP_SUMMARY
REPO_NAME="${GITHUB_REPOSITORY##*/}"
rm -rf "/cache/job/${CI_JOB_NAME}/${CI_RUN_ID}"
mkdir -p "/cache/job/${CI_JOB_NAME}/${CI_RUN_ID}/artifacts"
Expand Down Expand Up @@ -359,7 +353,9 @@ jobs:

cargo-clippy-linux:
name: Cargo Clippy Linux
<<: *dind-large-setup
<<: *dind-small-setup
runs-on:
group: ch1
steps:
- <<: *checkout
- name: Filter Rust Files [*.{rs,toml,lock}]
Expand Down Expand Up @@ -390,7 +386,9 @@ jobs:
cargo-build-release-linux:
name: Cargo Build Release Linux
<<: *dind-large-setup
<<: *dind-small-setup
runs-on:
group: ch1
steps:
- <<: *checkout
- name: Filter Rust Files [*.{rs,toml,lock}]
Expand Down Expand Up @@ -418,21 +416,3 @@ jobs:
set -eExuo pipefail
buildevents cmd "$CI_RUN_ID" "$CI_JOB_NAME" build-command -- \
cargo build --release --locked
# CI job is also executed in Schedule Hourly
bazel-test-coverage:
name: Bazel Test Coverage
<<: *dind-large-setup
if: |
github.event_name == 'pull_request' &&
contains(github.event.pull_request.labels.*.name, 'CI_COVERAGE')
steps:
- <<: *checkout
- <<: *before-script
- name: Run Bazel Test Coverage
shell: bash
run: |
./ci/scripts/bazel-coverage.sh
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
27 changes: 17 additions & 10 deletions .github/workflows-source/ci-pr-only.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ env:

anchors:
image: &image
image: ghcr.io/dfinity/ic-build@sha256:14f87ab5f58f00929a0adcdbadd025a5d1dc1911b00f8b7e407a5f56966a0ca3
image: ghcr.io/dfinity/ic-build@sha256:80e976b63af2b1b352c8c5959cb6c6b02aaa56a4efa327569d8c85c9c81a2cec
dind-small-setup: &dind-small-setup
timeout-minutes: 30
runs-on:
Expand All @@ -34,12 +34,6 @@ anchors:
<<: *image
options: >-
-e NODE_NAME
before-script: &before-script
name: Before script
id: before-script
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
checkout: &checkout
name: Checkout
uses: actions/checkout@v4
Expand All @@ -50,7 +44,6 @@ jobs:
<<: *dind-large-setup
steps:
- <<: *checkout
- <<: *before-script
- name: Filter Relevant Files
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: filter
Expand Down Expand Up @@ -89,7 +82,6 @@ jobs:
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.IDX_PUSH_TO_PR }}
- <<: *before-script
- name: Filter Relevant Files
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: filter
Expand Down Expand Up @@ -130,7 +122,6 @@ jobs:
- <<: *checkout
with:
fetch-depth: 256
- <<: *before-script
- name: Set up Python
uses: actions/setup-python@v5
with:
Expand All @@ -148,3 +139,19 @@ jobs:
export PYTHONPATH=$PWD/ci/src:$PWD/ci/src/dependencies
cd ci/src/dependencies/
$SHELL_WRAPPER python3 job/bazel_rust_ic_scanner_merge_job.py
# CI job is also executed in Schedule Hourly
bazel-test-coverage:
name: Bazel Test Coverage
<<: *dind-large-setup
if: contains(github.event.pull_request.labels.*.name, 'CI_COVERAGE')
steps:
- <<: *checkout
- name: Run Bazel Test Coverage
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
./ci/scripts/bazel-coverage.sh
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
13 changes: 1 addition & 12 deletions .github/workflows-source/release-testing.yml
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@ env:

anchors:
image: &image
image: ghcr.io/dfinity/ic-build@sha256:14f87ab5f58f00929a0adcdbadd025a5d1dc1911b00f8b7e407a5f56966a0ca3
image: ghcr.io/dfinity/ic-build@sha256:80e976b63af2b1b352c8c5959cb6c6b02aaa56a4efa327569d8c85c9c81a2cec
dind-large-setup: &dind-large-setup
runs-on:
group: zh1
Expand All @@ -42,12 +42,6 @@ anchors:
uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_branch }}
before-script: &before-script
name: Before script
id: before-script
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
docker-login: &docker-login
name: Login to Dockerhub
shell: bash
Expand Down Expand Up @@ -81,7 +75,6 @@ jobs:
<<: *dind-large-setup
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run Bazel System Test Nightly
id: bazel-test-all
Expand All @@ -99,7 +92,6 @@ jobs:
<<: *dind-large-setup
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run Bazel System Test Staging
id: bazel-test-all
Expand All @@ -118,7 +110,6 @@ jobs:
timeout-minutes: 90
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run Bazel Test All
id: bazel-test-all
Expand Down Expand Up @@ -146,7 +137,6 @@ jobs:
REPO_NAME: ${{ github.repository }}
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Set up Python
uses: actions/setup-python@v5
Expand Down Expand Up @@ -193,7 +183,6 @@ jobs:
<<: *dind-large-setup
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run qualification for version ${{ matrix.version }} from the tip of the branch
uses: ./.github/actions/bazel-test-all/
Expand Down
29 changes: 17 additions & 12 deletions .github/workflows-source/schedule-daily.yml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ env:

anchors:
image: &image
image: ghcr.io/dfinity/ic-build@sha256:14f87ab5f58f00929a0adcdbadd025a5d1dc1911b00f8b7e407a5f56966a0ca3
image: ghcr.io/dfinity/ic-build@sha256:80e976b63af2b1b352c8c5959cb6c6b02aaa56a4efa327569d8c85c9c81a2cec
dind-large-setup: &dind-large-setup
runs-on:
group: zh1
Expand All @@ -33,12 +33,6 @@ anchors:
checkout: &checkout
name: Checkout
uses: actions/checkout@v4
before-script: &before-script
name: Before script
id: before-script
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
docker-login: &docker-login
name: Login to Dockerhub
shell: bash
Expand Down Expand Up @@ -72,13 +66,13 @@ jobs:
labels: dind-large
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run Bazel Launch Bare Metal
shell: bash
run: |
echo "$ZH2_DLL01_CSV_SECRETS" > file1
echo "$ZH2_FILE_SHARE_KEY" > file2 && chmod 400 file2
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
# Run bare metal installation test
# shellcheck disable=SC2046,SC2086
Expand Down Expand Up @@ -115,7 +109,6 @@ jobs:
timeout-minutes: 720 # 12 hours
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run FI Tests Nightly
id: bazel-test-all
Expand All @@ -135,7 +128,6 @@ jobs:
timeout-minutes: 20
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Run NNS Tests Nightly
id: bazel-test-all
Expand All @@ -155,7 +147,6 @@ jobs:
timeout-minutes: 480
steps:
- <<: *checkout
- <<: *before-script
- <<: *docker-login
- name: Set Benchmark Targets
shell: bash
Expand Down Expand Up @@ -193,7 +184,6 @@ jobs:
REPO_NAME: ${{ github.repository }}
steps:
- <<: *checkout
- <<: *before-script
- name: Set up Python
uses: actions/setup-python@v5
with:
Expand All @@ -218,3 +208,18 @@ jobs:
$SHELL_WRAPPER python3 job/bazel_rust_ic_scanner_periodic_job.py
$SHELL_WRAPPER python3 job/npm_scanner_periodic_job.py
$SHELL_WRAPPER python3 job/bazel_trivy_container_ic_scanner_periodic_job.py
# CI job is also executed in PR on use of 'CI_COVERAGE' label
bazel-test-coverage:
name: Bazel Test Coverage
<<: *dind-large-setup
steps:
- <<: *checkout
- name: Run Bazel Test Coverage
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
./ci/scripts/bazel-coverage.sh
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
Loading

0 comments on commit 5ea12ad

Please sign in to comment.