Chia-Network · pmaslana · Dec 3, 2024 · Dec 2, 2024 · Dec 2, 2024 · Dec 2, 2024
@@ -0,0 +1,26 @@
+self-hosted-runner:
+  # Labels of self-hosted runner in array of strings.
+  labels: ["benchmark", "glue-notify"]
+
+# Configuration variables in array of strings defined in your repository or
+# organization. `null` means disabling configuration variables check.
+# Empty array means no configuration variable is allowed.
+config-variables: null
+
+# Configuration for file paths. The keys are glob patterns to match to file
+# paths relative to the repository root. The values are the configurations for
+# the file paths. Note that the path separator is always '/'.
+# The following configurations are available.
+#
+# "ignore" is an array of regular expression patterns. Matched error messages
+# are ignored. This is similar to the "-ignore" command line option.
+paths:
+  #  .github/workflows/**/*.yml:
+  #    ignore: []
+  ".github/workflows/*.y*ml":
+    ignore: ["string should not be empty", ".* SC2002:.*"]
+  ".github/workflows/test-single.yml":
+    ignore: [
+        # special case here using a variable as a key in the excludes
+        'value .*\$\{\{ inputs.matrix_mode \}\}.* in "exclude" does not match in matrix "python" combinations. possible values are',
+      ]
@@ -5,7 +5,7 @@ on:
     inputs:
       repeats:
         description: "The number of times to execute each benchmark"
-        type: int
+        type: number
         default: 1
   push:
     paths-ignore:

@@ -39,6 +39,8 @@ permissions:
 jobs:
   version:
     uses: ./.github/workflows/reflow-version.yml
+    with:
+      release_type: ${{ inputs.release_type }}
 
   build:
     name: Build ${{ matrix.os.arch }}
@@ -133,8 +135,8 @@ jobs:
           mkdir "$GITHUB_WORKSPACE"/bladebit
           cd "$GITHUB_WORKSPACE"/bladebit
           gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-${{ matrix.os.bladebit-suffix }}'
-          ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}'
-          ls bladebit* | xargs -I{} chmod +x {}
+          find . -maxdepth 1 -name '*.tar.gz' -print0 | xargs -0 -I{} bash -c 'tar -xzf {} && rm {}'
+          find . -maxdepth 1 -name 'bladebit*' -print0 | xargs -0 -I{} chmod +x {}
           cd "$OLDPWD"
 
       - uses: ./.github/actions/install
@@ -332,7 +334,7 @@ jobs:
         shell: bash
         if: matrix.mode.name == 'GUI'
         run: |
-          [ $(stat -c %a:%G:%U /opt/chia/chrome-sandbox) == "4755:root:root" ]
+          [ "$(stat -c %a:%G:%U /opt/chia/chrome-sandbox)" == "4755:root:root" ]
 
       - name: Remove package
         run: |

@@ -39,6 +39,8 @@ permissions:
 jobs:
   version:
     uses: ./.github/workflows/reflow-version.yml
+    with:
+      release_type: ${{ inputs.release_type }}
 
   build:
     name: Build amd64 RPM
@@ -123,8 +125,8 @@ jobs:
           mkdir "$GITHUB_WORKSPACE"/bladebit
           cd "$GITHUB_WORKSPACE"/bladebit
           gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-centos-x86-64.tar.gz'
-          ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}'
-          ls bladebit* | xargs -I{} chmod +x {}
+          find . -maxdepth 1 -name '*.tar.gz' -print0 | xargs -0 -I{} bash -c 'tar -xzf {} && rm {}'
+          find . -maxdepth 1 -name 'bladebit*' -print0 | xargs -0 -I{} chmod +x {}
           cd "$OLDPWD"
 
       - uses: ./.github/actions/install

@@ -39,6 +39,8 @@ permissions:
 jobs:
   version:
     uses: ./.github/workflows/reflow-version.yml
+    with:
+      release_type: ${{ inputs.release_type }}
 
   build:
     name: Build ${{ matrix.os.name }} DMG
@@ -119,10 +121,10 @@ jobs:
         run: |
           LATEST_MADMAX=$(gh api repos/Chia-Network/chia-plotter-madmax/releases/latest --jq 'select(.prerelease == false) | .tag_name')
           mkdir "$GITHUB_WORKSPACE"/madmax
-          gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p 'chia_plot-'$LATEST_MADMAX'-macos-${{ matrix.os.name }}'
-          mv chia_plot-$LATEST_MADMAX-macos-${{ matrix.os.name }} "$GITHUB_WORKSPACE"/madmax/chia_plot
-          gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p 'chia_plot_k34-'$LATEST_MADMAX'-macos-${{ matrix.os.name }}'
-          mv chia_plot_k34-$LATEST_MADMAX-macos-${{ matrix.os.name }} "$GITHUB_WORKSPACE"/madmax/chia_plot_k34
+          gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p "chia_plot-$LATEST_MADMAX-macos-${{ matrix.os.name }}"
+          mv "chia_plot-$LATEST_MADMAX-macos-${{ matrix.os.name }}" "$GITHUB_WORKSPACE"/madmax/chia_plot
+          gh release download -R Chia-Network/chia-plotter-madmax "$LATEST_MADMAX" -p "chia_plot_k34-$LATEST_MADMAX-macos-${{ matrix.os.name }}"
+          mv "chia_plot_k34-$LATEST_MADMAX-macos-${{ matrix.os.name }}" "$GITHUB_WORKSPACE"/madmax/chia_plot_k34
           chmod +x "$GITHUB_WORKSPACE"/madmax/chia_plot
           chmod +x "$GITHUB_WORKSPACE"/madmax/chia_plot_k34
 
@@ -162,8 +164,8 @@ jobs:
                 LATEST_VERSION=v2.0.1
               fi
           gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*-${{ matrix.os.bladebit-suffix }}'
-          ls *.tar.gz | xargs -I{} bash -c 'tar -xzf {} && rm {}'
-          ls bladebit* | xargs -I{} chmod +x {}
+          find . -maxdepth 1 -name '*.tar.gz' -print0 | xargs -0 -I{} bash -c 'tar -xzf {} && rm {}'
+          find . -maxdepth 1 -name 'bladebit*' -print0 | xargs -0 -I{} chmod +x {}
           cd "$OLDPWD"
 
       - uses: ./.github/actions/install
@@ -312,10 +314,6 @@ jobs:
             matrix: intel
             artifact-name: intel
         exclude:
-          - os:
-              matrix: 12
-            arch:
-              matrix: arm
           - os:
               matrix: 13
             arch:
@@ -353,6 +351,8 @@ jobs:
 
       - name: Run chia dev installers test
         run: |
+          # TODO: maybe fix this and remove the disable
+          # shellcheck disable=SC2211
           "/Volumes/Chia "*"/Chia.app/Contents/Resources/app.asar.unpacked/daemon/chia" dev installers test --expected-chia-version "${{ needs.version.outputs.chia-installer-version }}"
 
       - name: Detach .dmg

@@ -39,15 +39,15 @@ permissions:
 jobs:
   version:
     uses: ./.github/workflows/reflow-version.yml
+    with:
+      release_type: ${{ inputs.release_type }}
 
   build:
     name: Build EXE
     runs-on: [windows-2019]
     needs:
       - version
     timeout-minutes: 65
-    outputs:
-      chia-installer-version: ${{ steps.version_number.outputs.CHIA_INSTALLER_VERSION }}
     strategy:
       fail-fast: false
       matrix:
@@ -121,14 +121,18 @@ jobs:
         if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
         shell: bash
         run: |
-          echo "SM_HOST=${{ secrets.SM_HOST }}" >> "$GITHUB_ENV"
-          echo "SM_API_KEY=${{ secrets.SM_API_KEY }}" >> "$GITHUB_ENV"
-          echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12" >> "$GITHUB_ENV"
-          echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}" >> "$GITHUB_ENV"
-          echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}" >> "$GITHUB_ENV"
-          echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit" >> $GITHUB_PATH
-          echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools" >> $GITHUB_PATH
-          echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools" >> $GITHUB_PATH
+          {
+            echo "SM_HOST=${{ secrets.SM_HOST }}"
+            echo "SM_API_KEY=${{ secrets.SM_API_KEY }}"
+            echo "SM_CLIENT_CERT_FILE=D:\\Certificate_pkcs12.p12"
+            echo "SM_CLIENT_CERT_PASSWORD=${{ secrets.SM_CLIENT_CERT_PASSWORD }}"
+            echo "SM_CODE_SIGNING_CERT_SHA1_HASH=${{ secrets.SM_CODE_SIGNING_CERT_SHA1_HASH }}"
+          } >> "$GITHUB_ENV"
+          {
+            echo "C:\Program Files (x86)\Windows Kits\10\App Certification Kit"
+            echo "C:\Program Files (x86)\Microsoft SDKs\Windows\v10.0A\bin\NETFX 4.8 Tools"
+            echo "C:\Program Files\DigiCert\DigiCert One Signing Manager Tools"
+          } >> "$GITHUB_PATH"
 
       - name: Setup SSM KSP on windows latest
         if: steps.check_secrets.outputs.HAS_SIGNING_SECRET
@@ -183,7 +187,7 @@ jobs:
           mkdir "$GITHUB_WORKSPACE\\bladebit"
           cd "$GITHUB_WORKSPACE\\bladebit"
           gh release download -R Chia-Network/bladebit "$LATEST_VERSION" -p 'bladebit*windows-x86-64.zip'
-          ls *.zip | xargs -I{} bash -c 'unzip {} && rm {}'
+          find . -maxdepth 1 -name '*.zip' -print0 | xargs -0 -I{} bash -c 'unzip {} && rm {}'
           cd "$OLDPWD"
 
       - uses: ./.github/actions/install
@@ -213,12 +217,14 @@ jobs:
 
       - if: steps.cache-gui.outputs.cache-hit != 'true'
         name: Build GUI
+        shell: pwsh
         continue-on-error: false
         run: |
           cd .\build_scripts
           .\build_windows-1-gui.ps1
 
       - name: Build Windows installer
+        shell: pwsh
         env:
           HAS_SIGNING_SECRET: ${{ steps.check_secrets.outputs.HAS_SIGNING_SECRET }}
         run: |
@@ -234,6 +240,7 @@ jobs:
           path: chia-blockchain-gui\release-builds\windows-installer\
 
       - name: Remove Windows exe and installer to exclude from cache
+        shell: pwsh
         run: |
           Remove-Item .\chia-blockchain-gui\packages\gui\dist -Recurse -Force
           Remove-Item .\chia-blockchain-gui\packages\gui\daemon -Recurse -Force
@@ -335,6 +342,7 @@ jobs:
           path: packages
 
       - name: Install package
+        shell: pwsh
         run: |
           dir ./packages/
           $env:INSTALLER_PATH = (Get-ChildItem packages/ChiaSetup-*.exe)
@@ -347,14 +355,16 @@ jobs:
           dir ./installed/
 
       - name: List installed files
+        shell: pwsh
         run: |
           Get-ChildItem -Recurse $env:INSTALL_PATH | Select FullName
 
       - name: List all files
-        if:
+        shell: pwsh
         run: |
           Get-ChildItem -Recurse $env:INSTALL_PATH | Select FullName
 
       - name: Run chia dev installers test
+        shell: pwsh
         run: |
           & ($env:INSTALL_PATH + "/resources/app.asar.unpacked/daemon/chia.exe") dev installers test --expected-chia-version "${{ needs.version.outputs.chia-installer-version }}"
@@ -1,8 +1,6 @@
 name: "Update Mozilla CA sub module"
 on:
   workflow_dispatch:
-    branches:
-      - $default-branch
 
 jobs:
   update_ca_module:
@@ -11,7 +9,6 @@ jobs:
       - uses: actions/checkout@v4
         with:
           fetch-depth: 0
-          ref: "${{ github.event.inputs.chia_ref }}"
           repository: chia-network/chia-blockchain
           submodules: recursive
           token: "${{ secrets.GITHUB_TOKEN }}"

@@ -118,35 +118,35 @@ jobs:
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
-          py3createtorrent -f -t ${TRACKER_URL} artifacts/${FILE} -o artifacts/${FILE}.torrent --webseed https://download.chia.net/install/${FILE}
-          gh release upload --repo ${{ github.repository }} $RELEASE_TAG artifacts/${FILE}.torrent
+          py3createtorrent -f -t "${TRACKER_URL}" "artifacts/${FILE}" -o "artifacts/${FILE}.torrent" --webseed "https://download.chia.net/install/${FILE}"
+          gh release upload --repo "${{ github.repository }}" "$RELEASE_TAG" "artifacts/${FILE}.torrent"
 
       - name: Upload Dev Installer
         if: steps.check_secrets.outputs.HAS_AWS_SECRET && github.ref == 'refs/heads/main'
         run: |
-          aws s3 cp artifacts/${FILE} ${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}
-          aws s3 cp artifacts/${FILE}.sha256 ${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}.sha256
+          aws s3 cp "artifacts/${FILE}" "${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}"
+          aws s3 cp "artifacts/${FILE}.sha256" "${LATEST_DEV_S3_URL}/${LATEST_DEV_FILE}.sha256"
 
       - name: Upload Release Files
         if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.RELEASE == 'true'
         run: |
-          aws s3 cp artifacts/${FILE} ${INSTALL_S3_URL}
-          aws s3 cp artifacts/${FILE}.sha256 ${INSTALL_S3_URL}
+          aws s3 cp "artifacts/${FILE}" "${INSTALL_S3_URL}"
+          aws s3 cp "artifacts/${FILE}.sha256" "${INSTALL_S3_URL}"
 
       - name: Upload Release Torrent
         if: steps.check_secrets.outputs.HAS_AWS_SECRET && env.RELEASE == 'true' && matrix.mode.matrix == 'gui'
         run: |
-          aws s3 cp artifacts/${FILE}.torrent ${TORRENT_S3_URL}
+          aws s3 cp "artifacts/${FILE}.torrent" "${TORRENT_S3_URL}"
 
       - name: Upload release artifacts
         if: env.RELEASE == 'true'
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         run: |
           gh release upload \
-            --repo ${{ github.repository }} \
-            $RELEASE_TAG \
-            artifacts/${FILE}
+            --repo "${{ github.repository }}" \
+            "$RELEASE_TAG" \
+            "artifacts/${FILE}"
 
       - name: Mark installer complete
         uses: Chia-Network/actions/github/glue@main

@@ -2,7 +2,15 @@ name: identify version
 
 on:
   workflow_call:
+    inputs:
+      release_type:
+        description: "Tagged release testing scenario"
+        required: false
+        type: string
+        default: ""
     outputs:
+      chia-dev-version:
+        value: ${{ jobs.version.outputs.chia-dev-version }}
       chia-installer-version:
         value: ${{ jobs.version.outputs.chia-installer-version }}
       tag-type:

@@ -121,7 +121,7 @@ jobs:
           PRE_VERSION: ${{ steps.editable-info.outputs.pre-edit-version }}
           POST_VERSION: ${{ steps.editable-info.outputs.post-edit-version }}
         run: |
-          [ "$POST_VERSION" = "shooby-doowah" -a "$PRE_VERSION" != "shooby-doowah" ]
+          [ "$POST_VERSION" = "shooby-doowah" ] && [ "$PRE_VERSION" != "shooby-doowah" ]
 
       - name: Check non-editable
         if: matrix.editable.matrix == 'non-editable'
@@ -130,7 +130,7 @@ jobs:
           PRE_VERSION: ${{ steps.editable-info.outputs.pre-edit-version }}
           POST_VERSION: ${{ steps.editable-info.outputs.post-edit-version }}
         run: |
-          [ "$POST_VERSION" != "shooby-doowah" -a "$PRE_VERSION" = "$POST_VERSION" ]
+          [ "$POST_VERSION" != "shooby-doowah" ] && [ "$PRE_VERSION" = "$POST_VERSION" ]
 
   test_scripts_in_docker:
     name: Docker ${{ matrix.distribution.name }} ${{ matrix.arch.name }}
@@ -259,7 +259,6 @@ jobs:
 
       - uses: ./.github/actions/install
         with:
-          python-version: ${{ matrix.python-version }}
           development: true
           do-system-installs: true
 

@@ -240,6 +240,8 @@ jobs:
           diff --unified source_tests installed_tests; DIFF_EXIT_CODE=$?
           echo '::endgroup::'
 
+          exit $DIFF_EXIT_CODE
+
       - name: Move chia/ so we test the installed code
         run: |
           mv chia/ notchia/

@@ -91,7 +91,7 @@ jobs:
         run: |
           python chia/_tests/build-job-matrix.py --per directory --verbose ${{ inputs.only && format('--only {0}', inputs.only) || '' }} ${{ inputs.duplicates > 1 && format('--duplicates {0}', inputs.duplicates) || '' }} ${{ inputs.build-job-matrix-arguments }} > matrix.json
           cat matrix.json
-          echo configuration=$(cat matrix.json) >> "$GITHUB_OUTPUT"
+          echo "configuration=$(cat matrix.json)" >> "$GITHUB_OUTPUT"
           echo matrix_mode=${{
             ( github.repository_owner == 'Chia-Network' && github.repository != 'Chia-Network/chia-blockchain' )
             && 'limited'
@@ -217,12 +217,12 @@ jobs:
         if: false
         run: |
           sudo snap install yq
-          ls junit-data/*.xml | xargs --max-procs=10 --replace={} yq eval '.testsuites.testsuite.testcase |= sort_by(.+@classname, .+@name)' --inplace {}
+          find junit-data -maxdepth 1 -name '*.xml' -print0 | xargs -0 --max-procs=10 --replace={} yq eval '.testsuites.testsuite.testcase |= sort_by(.+@classname, .+@name)' --inplace {}
 
           sudo apt-get install junitparser
           mkdir junit-results
           junitparser merge junit-data/*.xml junit-results/junit.xml
-          ls junit-results/*.xml | xargs --max-procs=10 --replace={} yq eval '.testsuites.testsuite |= sort_by(.+@name) | .testsuites.testsuite[].testcase |= sort_by(.+@classname, .+@name)' --inplace {}
+          find junit-results -maxdepth 1 -name '*.xml' -print0 | xargs -0 --max-procs=10 --replace={} yq eval '.testsuites.testsuite |= sort_by(.+@name) | .testsuites.testsuite[].testcase |= sort_by(.+@classname, .+@name)' --inplace {}
 
       - name: Publish formatted JUnit data
         if: false
@@ -291,7 +291,7 @@ jobs:
       - name: Identify parent commit
         id: parent-commit
         run: |
-          echo hash=$(git rev-parse HEAD~1) >> "$GITHUB_OUTPUT"
+          echo "hash=$(git rev-parse HEAD~1)" >> "$GITHUB_OUTPUT"
 
       - name: Coverage report (diff)
         if: (github.base_ref != '' || github.event.before != '') && always()
@@ -316,7 +316,7 @@ jobs:
         run: |
           PR_NUM=$(jq -r '.number' "$GITHUB_EVENT_PATH")
           COMMENTS=$(gh api -X GET /repos/"${ORG_REPO}"/issues/"${PR_NUM}"/comments)
-          COMMENT_ID=$(echo "$COMMENTS" | jq '.[] | select(.user.login == "github-actions[bot]" and (.body | tostring | contains("<!-- COVERAGE_COMMENT_'${PR_NUM}' -->"))) | .id')
+          COMMENT_ID=$(echo "$COMMENTS" | jq '.[] | select(.user.login == "github-actions[bot]" and (.body | tostring | contains("<!-- COVERAGE_COMMENT_'"${PR_NUM}"' -->"))) | .id')
           COVERAGE_LABEL=$(gh pr view "$PR_NUM" --json labels --jq ' .labels[].name | select(. == "coverage-diff")')
           if [[ -n "$COMMENT_ID" ]]; then
             gh api -X DELETE /repos/"${ORG_REPO}"/issues/comments/"${COMMENT_ID}"