diff --git a/.github/actionlint.yaml b/.github/actionlint.yaml new file mode 100644 index 000000000000..433eb35aecd0 --- /dev/null +++ b/.github/actionlint.yaml @@ -0,0 +1,26 @@ +self-hosted-runner: + # Labels of self-hosted runner in array of strings. + labels: ["benchmark", "glue-notify"] + +# Configuration variables in array of strings defined in your repository or +# organization. `null` means disabling configuration variables check. +# Empty array means no configuration variable is allowed. +config-variables: null + +# Configuration for file paths. The keys are glob patterns to match to file +# paths relative to the repository root. The values are the configurations for +# the file paths. Note that the path separator is always '/'. +# The following configurations are available. +# +# "ignore" is an array of regular expression patterns. Matched error messages +# are ignored. This is similar to the "-ignore" command line option. +paths: + # .github/workflows/**/*.yml: + # ignore: [] + ".github/workflows/*.y*ml": + ignore: ["string should not be empty", ".* SC2002:.*"] + ".github/workflows/test-single.yml": + ignore: [ + # special case here using a variable as a key in the excludes + 'value .*\$\{\{ inputs.matrix_mode \}\}.* in "exclude" does not match in matrix "python" combinations. possible values are', + ] diff --git a/.github/workflows/benchmarks.yml b/.github/workflows/benchmarks.yml index 807a8336b62c..d5c933dd49f9 100644 --- a/.github/workflows/benchmarks.yml +++ b/.github/workflows/benchmarks.yml @@ -5,7 +5,7 @@ on: inputs: repeats: description: "The number of times to execute each benchmark" - type: int + type: number default: 1 push: paths-ignore: diff --git a/.github/workflows/build-linux-installer-deb.yml b/.github/workflows/build-linux-installer-deb.yml index 5575fd3f4f52..08406e350a2a 100644 --- a/.github/workflows/build-linux-installer-deb.yml +++ b/.github/workflows/build-linux-installer-deb.yml @@ -39,6 +39,8 @@ permissions: jobs: version: uses: ./.github/workflows/reflow-version.yml + with: + release_type: ${{ inputs.release_type }} build: name: Build ${{ matrix.os.arch }} @@ -133,8 +135,8 @@ jobs: mkdir "$GITHUB_WORKSPACE"/bladebit cd "$GITHUB_WORKSPACE"/bladebit gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-${{ matrix.os.bladebit-suffix }}' - ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}' - ls bladebit* | xargs -I{} chmod +x {} + find . -maxdepth 1 -name '*.tar.gz' -print0 | xargs -0 -I{} bash -c 'tar -xzf {} && rm {}' + find . -maxdepth 1 -name 'bladebit*' -print0 | xargs -0 -I{} chmod +x {} cd "$OLDPWD" - uses: ./.github/actions/install @@ -332,7 +334,7 @@ jobs: shell: bash if: matrix.mode.name == 'GUI' run: | - [ $(stat -c %a:%G:%U /opt/chia/chrome-sandbox) == "4755:root:root" ] + [ "$(stat -c %a:%G:%U /opt/chia/chrome-sandbox)" == "4755:root:root" ] - name: Remove package run: | diff --git a/.github/workflows/build-linux-installer-rpm.yml b/.github/workflows/build-linux-installer-rpm.yml index 586f75fc0431..a56d96dc9169 100644 --- a/.github/workflows/build-linux-installer-rpm.yml +++ b/.github/workflows/build-linux-installer-rpm.yml @@ -39,6 +39,8 @@ permissions: jobs: version: uses: ./.github/workflows/reflow-version.yml + with: + release_type: ${{ inputs.release_type }} build: name: Build amd64 RPM @@ -123,8 +125,8 @@ jobs: mkdir "$GITHUB_WORKSPACE"/bladebit cd "$GITHUB_WORKSPACE"/bladebit gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-centos-x86-64.tar.gz' - ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}' - ls bladebit* | xargs -I{} chmod +x {} + find . -maxdepth 1 -name '*.tar.gz' -print0 | xargs -0 -I{} bash -c 'tar -xzf {} && rm {}' + find . -maxdepth 1 -name 'bladebit*' -print0 | xargs -0 -I{} chmod +x {} cd "$OLDPWD" - uses: ./.github/actions/install diff --git a/.github/workflows/build-macos-installers.yml b/.github/workflows/build-macos-installers.yml index 13227c61b736..827227f78c0e 100644 --- a/.github/workflows/build-macos-installers.yml +++ b/.github/workflows/build-macos-installers.yml @@ -39,6 +39,8 @@ permissions: jobs: version: uses: ./.github/workflows/reflow-version.yml + with: + release_type: ${{ inputs.release_type }} build: name: Build ${{ matrix.os.name }} DMG @@ -119,10 +121,10 @@ jobs: run: | LATEST_MADMAX=$(gh api repos/Chia-Network/chia-plotter-madmax/releases/latest --jq 'select(.prerelease == false) | .tag_name') mkdir "$GITHUB_WORKSPACE"/madmax - gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p 'chia_plot-'$LATEST_MADMAX'-macos-${{ matrix.os.name }}' - mv chia_plot-$LATEST_MADMAX-macos-${{ matrix.os.name }} "$GITHUB_WORKSPACE"/madmax/chia_plot - gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p 'chia_plot_k34-'$LATEST_MADMAX'-macos-${{ matrix.os.name }}' - mv chia_plot_k34-$LATEST_MADMAX-macos-${{ matrix.os.name }} "$GITHUB_WORKSPACE"/madmax/chia_plot_k34 + gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p "chia_plot-$LATEST_MADMAX-macos-${{ matrix.os.name }}" + mv "chia_plot-$LATEST_MADMAX-macos-${{ matrix.os.name }}" "$GITHUB_WORKSPACE"/madmax/chia_plot + gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p "chia_plot_k34-$LATEST_MADMAX-macos-${{ matrix.os.name }}" + mv "chia_plot_k34-$LATEST_MADMAX-macos-${{ matrix.os.name }}" "$GITHUB_WORKSPACE"/madmax/chia_plot_k34 chmod +x "$GITHUB_WORKSPACE"/madmax/chia_plot chmod +x "$GITHUB_WORKSPACE"/madmax/chia_plot_k34 @@ -162,8 +164,8 @@ jobs: LATEST_VERSION=v2.0.1 fi gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-${{ matrix.os.bladebit-suffix }}' - ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}' - ls bladebit* | xargs -I{} chmod +x {} + find . -maxdepth 1 -name '*.tar.gz' -print0 | xargs -0 -I{} bash -c 'tar -xzf {} && rm {}' + find . -maxdepth 1 -name 'bladebit*' -print0 | xargs -0 -I{} chmod +x {} cd "$OLDPWD" - uses: ./.github/actions/install @@ -312,10 +314,6 @@ jobs: matrix: intel artifact-name: intel exclude: - - os: - matrix: 12 - arch: - matrix: arm - os: matrix: 13 arch: @@ -353,6 +351,8 @@ jobs: - name: Run chia dev installers test run: | + # TODO: maybe fix this and remove the disable + # shellcheck disable=SC2211 "/Volumes/Chia "*"/Chia.app/Contents/Resources/app.asar.unpacked/daemon/chia" dev installers test --expected-chia-version "${{ needs.version.outputs.chia-installer-version }}" - name: Detach .dmg diff --git a/.github/workflows/build-windows-installer.yml b/.github/workflows/build-windows-installer.yml index 78c73ddb9e74..af65df2da939 100644 --- a/.github/workflows/build-windows-installer.yml +++ b/.github/workflows/build-windows-installer.yml @@ -39,6 +39,8 @@ permissions: jobs: version: uses: ./.github/workflows/reflow-version.yml + with: + release_type: ${{ inputs.release_type }} build: name: Build EXE @@ -46,8 +48,6 @@ jobs: needs: - version timeout-minutes: 65 - outputs: - chia-installer-version: ${{ steps.version_number.outputs.CHIA_INSTALLER_VERSION }} strategy: fail-fast: false matrix: @@ -121,14 +121,18 @@ jobs: if: steps.check_secrets.outputs.HAS_SIGNING_SECRET shell: bash run: | - echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV" - echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV" - echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV" - echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV" - echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV" - echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH - echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH - echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH + { + echo "SM_HOST=${{ secrets.SM_HOST }}" + echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" + echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" + echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" + echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" + } >> "$GITHUB_ENV" + { + echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" + echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" + echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" + } >> "$GITHUB_PATH" - name: Setup SSM KSP on windows latest if: steps.check_secrets.outputs.HAS_SIGNING_SECRET @@ -183,7 +187,7 @@ jobs: mkdir "$GITHUB_WORKSPACE\\bladebit" cd "$GITHUB_WORKSPACE\\bladebit" gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*windows-x86-64.zip' - ls *.zip | xargs -I{} bash -c 'unzip {} && rm {}' + find . -maxdepth 1 -name '*.zip' -print0 | xargs -0 -I{} bash -c 'unzip {} && rm {}' cd "$OLDPWD" - uses: ./.github/actions/install @@ -213,12 +217,14 @@ jobs: - if: steps.cache-gui.outputs.cache-hit != 'true' name: Build GUI + shell: pwsh continue-on-error: false run: | cd .\build_scripts .\build_windows-1-gui.ps1 - name: Build Windows installer + shell: pwsh env: HAS_SIGNING_SECRET: ${{ steps.check_secrets.outputs.HAS_SIGNING_SECRET }} run: | @@ -234,6 +240,7 @@ jobs: path: chia-blockchain-gui\release-builds\windows-installer\ - name: Remove Windows exe and installer to exclude from cache + shell: pwsh run: | Remove-Item .\chia-blockchain-gui\packages\gui\dist -Recurse -Force Remove-Item .\chia-blockchain-gui\packages\gui\daemon -Recurse -Force @@ -335,6 +342,7 @@ jobs: path: packages - name: Install package + shell: pwsh run: | dir ./packages/ $env:INSTALLER_PATH = (Get-ChildItem packages/ChiaSetup-*.exe) @@ -347,14 +355,16 @@ jobs: dir ./installed/ - name: List installed files + shell: pwsh run: | Get-ChildItem -Recurse $env:INSTALL_PATH | Select FullName - name: List all files - if: + shell: pwsh run: | Get-ChildItem -Recurse $env:INSTALL_PATH | Select FullName - name: Run chia dev installers test + shell: pwsh run: | & ($env:INSTALL_PATH + "/resources/app.asar.unpacked/daemon/chia.exe") dev installers test --expected-chia-version "${{ needs.version.outputs.chia-installer-version }}" diff --git a/.github/workflows/mozilla-ca-cert.yml b/.github/workflows/mozilla-ca-cert.yml index 33e4dd1b97ee..ba4fdf274621 100644 --- a/.github/workflows/mozilla-ca-cert.yml +++ b/.github/workflows/mozilla-ca-cert.yml @@ -1,8 +1,6 @@ name: "Update Mozilla CA sub module" on: workflow_dispatch: - branches: - - $default-branch jobs: update_ca_module: @@ -11,7 +9,6 @@ jobs: - uses: actions/checkout@v4 with: fetch-depth: 0 - ref: "${{ github.event.inputs.chia_ref }}" repository: chia-network/chia-blockchain submodules: recursive token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/reflow-publish-installer.yml b/.github/workflows/reflow-publish-installer.yml index edb1a903270a..a387a8bc3be5 100644 --- a/.github/workflows/reflow-publish-installer.yml +++ b/.github/workflows/reflow-publish-installer.yml @@ -118,25 +118,25 @@ jobs: env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | - py3createtorrent -f -t ${TRACKER_URL} artifacts/${FILE} -o artifacts/${FILE}.torrent --webseed https://download.chia.net/install/${FILE} - gh release upload --repo ${{ github.repository }} $RELEASE_TAG artifacts/${FILE}.torrent + py3createtorrent -f -t "${TRACKER_URL}" "artifacts/${FILE}" -o "artifacts/${FILE}.torrent" --webseed "https://download.chia.net/install/${FILE}" + gh release upload --repo "${{ github.repository }}" "$RELEASE_TAG" "artifacts/${FILE}.torrent" - name: Upload Dev Installer if: steps.check_secrets.outputs.HAS_AWS_SECRET && github.ref == 'refs/heads/main' run: | - aws s3 cp artifacts/${FILE} ${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE} - aws s3 cp artifacts/${FILE}.sha256 ${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}.sha256 + aws s3 cp "artifacts/${FILE}" "${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}" + aws s3 cp "artifacts/${FILE}.sha256" "${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}.sha256" - name: Upload Release Files if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.RELEASE == 'true' run: | - aws s3 cp artifacts/${FILE} ${INSTALL_S3_URL} - aws s3 cp artifacts/${FILE}.sha256 ${INSTALL_S3_URL} + aws s3 cp "artifacts/${FILE}" "${INSTALL_S3_URL}" + aws s3 cp "artifacts/${FILE}.sha256" "${INSTALL_S3_URL}" - name: Upload Release Torrent if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.RELEASE == 'true' && matrix.mode.matrix == 'gui' run: | - aws s3 cp artifacts/${FILE}.torrent ${TORRENT_S3_URL} + aws s3 cp "artifacts/${FILE}.torrent" "${TORRENT_S3_URL}" - name: Upload release artifacts if: env.RELEASE == 'true' @@ -144,9 +144,9 @@ jobs: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} run: | gh release upload \ - --repo ${{ github.repository }} \ - $RELEASE_TAG \ - artifacts/${FILE} + --repo "${{ github.repository }}" \ + "$RELEASE_TAG" \ + "artifacts/${FILE}" - name: Mark installer complete uses: Chia-Network/actions/github/glue@main diff --git a/.github/workflows/reflow-version.yml b/.github/workflows/reflow-version.yml index 695e77a27ec4..ee8e366e8bd6 100644 --- a/.github/workflows/reflow-version.yml +++ b/.github/workflows/reflow-version.yml @@ -2,7 +2,15 @@ name: identify version on: workflow_call: + inputs: + release_type: + description: "Tagged release testing scenario" + required: false + type: string + default: "" outputs: + chia-dev-version: + value: ${{ jobs.version.outputs.chia-dev-version }} chia-installer-version: value: ${{ jobs.version.outputs.chia-installer-version }} tag-type: diff --git a/.github/workflows/test-install-scripts.yml b/.github/workflows/test-install-scripts.yml index 418ffc0f1553..03e01458188f 100644 --- a/.github/workflows/test-install-scripts.yml +++ b/.github/workflows/test-install-scripts.yml @@ -121,7 +121,7 @@ jobs: PRE_VERSION: ${{ steps.editable-info.outputs.pre-edit-version }} POST_VERSION: ${{ steps.editable-info.outputs.post-edit-version }} run: | - [ "$POST_VERSION" = "shooby-doowah" -a "$PRE_VERSION" != "shooby-doowah" ] + [ "$POST_VERSION" = "shooby-doowah" ] && [ "$PRE_VERSION" != "shooby-doowah" ] - name: Check non-editable if: matrix.editable.matrix == 'non-editable' @@ -130,7 +130,7 @@ jobs: PRE_VERSION: ${{ steps.editable-info.outputs.pre-edit-version }} POST_VERSION: ${{ steps.editable-info.outputs.post-edit-version }} run: | - [ "$POST_VERSION" != "shooby-doowah" -a "$PRE_VERSION" = "$POST_VERSION" ] + [ "$POST_VERSION" != "shooby-doowah" ] && [ "$PRE_VERSION" = "$POST_VERSION" ] test_scripts_in_docker: name: Docker ${{ matrix.distribution.name }} ${{ matrix.arch.name }} @@ -259,7 +259,6 @@ jobs: - uses: ./.github/actions/install with: - python-version: ${{ matrix.python-version }} development: true do-system-installs: true diff --git a/.github/workflows/test-single.yml b/.github/workflows/test-single.yml index 123c093ee0f4..cb14431dbb04 100644 --- a/.github/workflows/test-single.yml +++ b/.github/workflows/test-single.yml @@ -240,6 +240,8 @@ jobs: diff --unified source_tests installed_tests; DIFF_EXIT_CODE=$? echo '::endgroup::' + exit $DIFF_EXIT_CODE + - name: Move chia/ so we test the installed code run: | mv chia/ notchia/ diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index 47f23557903f..594041d155ba 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -91,7 +91,7 @@ jobs: run: | python chia/_tests/build-job-matrix.py --per directory --verbose ${{ inputs.only && format('--only {0}', inputs.only) || '' }} ${{ inputs.duplicates > 1 && format('--duplicates {0}', inputs.duplicates) || '' }} ${{ inputs.build-job-matrix-arguments }} > matrix.json cat matrix.json - echo configuration=$(cat matrix.json) >> "$GITHUB_OUTPUT" + echo "configuration=$(cat matrix.json)" >> "$GITHUB_OUTPUT" echo matrix_mode=${{ ( github.repository_owner == 'Chia-Network' && github.repository != 'Chia-Network/chia-blockchain' ) && 'limited' @@ -217,12 +217,12 @@ jobs: if: false run: | sudo snap install yq - ls junit-data/*.xml | xargs --max-procs=10 --replace={} yq eval '.testsuites.testsuite.testcase |= sort_by(.+@classname, .+@name)' --inplace {} + find junit-data -maxdepth 1 -name '*.xml' -print0 | xargs -0 --max-procs=10 --replace={} yq eval '.testsuites.testsuite.testcase |= sort_by(.+@classname, .+@name)' --inplace {} sudo apt-get install junitparser mkdir junit-results junitparser merge junit-data/*.xml junit-results/junit.xml - ls junit-results/*.xml | xargs --max-procs=10 --replace={} yq eval '.testsuites.testsuite |= sort_by(.+@name) | .testsuites.testsuite[].testcase |= sort_by(.+@classname, .+@name)' --inplace {} + find junit-results -maxdepth 1 -name '*.xml' -print0 | xargs -0 --max-procs=10 --replace={} yq eval '.testsuites.testsuite |= sort_by(.+@name) | .testsuites.testsuite[].testcase |= sort_by(.+@classname, .+@name)' --inplace {} - name: Publish formatted JUnit data if: false @@ -291,7 +291,7 @@ jobs: - name: Identify parent commit id: parent-commit run: | - echo hash=$(git rev-parse HEAD~1) >> "$GITHUB_OUTPUT" + echo "hash=$(git rev-parse HEAD~1)" >> "$GITHUB_OUTPUT" - name: Coverage report (diff) if: (github.base_ref != '' || github.event.before != '') && always() @@ -316,7 +316,7 @@ jobs: run: | PR_NUM=$(jq -r '.number' "$GITHUB_EVENT_PATH") COMMENTS=$(gh api -X GET /repos/"${ORG_REPO}"/issues/"${PR_NUM}"/comments) - COMMENT_ID=$(echo "$COMMENTS" | jq '.[] | select(.user.login == "github-actions[bot]" and (.body | tostring | contains(""))) | .id') + COMMENT_ID=$(echo "$COMMENTS" | jq '.[] | select(.user.login == "github-actions[bot]" and (.body | tostring | contains(""))) | .id') COVERAGE_LABEL=$(gh pr view "$PR_NUM" --json labels --jq ' .labels[].name | select(. == "coverage-diff")') if [[ -n "$COMMENT_ID" ]]; then gh api -X DELETE /repos/"${ORG_REPO}"/issues/comments/"${COMMENT_ID}" diff --git a/.github/workflows/upload-pypi-source.yml b/.github/workflows/upload-pypi-source.yml index 1b2a6e3aeeaf..014bce1933ef 100644 --- a/.github/workflows/upload-pypi-source.yml +++ b/.github/workflows/upload-pypi-source.yml @@ -129,6 +129,10 @@ jobs: - name: poetry command: | .penv/bin/poetry check + - name: actionlint + command: | + bash <(curl https://raw.githubusercontent.com/rhysd/actionlint/main/scripts/download-actionlint.bash) + ./actionlint -color -shellcheck shellcheck steps: - uses: chia-network/actions/clean-workspace@main @@ -165,7 +169,8 @@ jobs: - check strategy: matrix: - python-version: [3.10] + python: + - major_dot_minor: "3.10" os: [ubuntu-latest] steps: @@ -181,7 +186,7 @@ jobs: - uses: Chia-Network/actions/setup-python@main name: Install Python with: - python-version: "3.10" + python-version: ${{ matrix.python.major_dot_minor }} - uses: ./.github/actions/install with: diff --git a/.shellcheckrc b/.shellcheckrc new file mode 100644 index 000000000000..6eccb2a81279 --- /dev/null +++ b/.shellcheckrc @@ -0,0 +1 @@ +disable=SC2002