-
Notifications
You must be signed in to change notification settings - Fork 217
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
2437992
commit 5315036
Showing
5 changed files
with
398 additions
and
9 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,361 @@ | ||
name: Release (test) | ||
|
||
on: | ||
pull_request: | ||
types: | ||
- labeled | ||
- synchronize | ||
- opened | ||
- reopened | ||
workflow_dispatch: | ||
|
||
permissions: | ||
contents: write | ||
actions: read | ||
checks: write | ||
|
||
jobs: | ||
make_sbom: | ||
name: SBOM Generation | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 1 | ||
- name: "Install SBOM tool" | ||
run: | | ||
set -ex | ||
curl -Lo sbom-tool https://github.com/microsoft/sbom-tool/releases/latest/download/sbom-tool-linux-x64 > sbom-tool | ||
chmod +x sbom-tool | ||
shell: bash | ||
- name: "Produce SBOM" | ||
run: | | ||
set -ex | ||
CCF_VERSION=${{ github.ref_name }} | ||
CCF_VERSION=${CCF_VERSION#ccf-} | ||
./sbom-tool generate -b . -bc . -pn CCF -ps Microsoft -nsb https://sbom.microsoft -pv $CCF_VERSION -V Error | ||
shell: bash | ||
# - name: "Upload SBOM" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: sbom | ||
# path: _manifest/spdx_2.2/* | ||
|
||
# release_notes: | ||
# name: Release Notes | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - uses: actions/checkout@v4 | ||
# with: | ||
# fetch-depth: 1 | ||
# - name: "Check Release Notes" | ||
# run: | | ||
# set -ex | ||
# python scripts/extract-release-notes.py --target-git-version | ||
# shell: bash | ||
# - name: "Produce Release Notes" | ||
# run: | | ||
# set -ex | ||
# set -o pipefail | ||
# python ./scripts/extract-release-notes.py --target-git-version --describe-path-changes "./samples/constitution" | tee rel-notes.md | ||
# - name: "Upload .deb Package" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: relnotes | ||
# path: rel-notes.md | ||
|
||
build_release: | ||
name: Build Release | ||
# needs: release_notes | ||
if: ${{ contains(github.event.pull_request.labels.*.name, 'release-test') || github.event_name == 'workflow_dispatch' || github.event_name == 'schedule' }} | ||
strategy: | ||
matrix: | ||
platform: | ||
- name: virtual | ||
os: ubuntu | ||
image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025 | ||
package_version: DEB | ||
# - name: snp | ||
# os: ubuntu | ||
# image: ghcr.io/microsoft/ccf/ci/default:build-14-01-2025 | ||
- name: virtual | ||
os: azure-linux | ||
image: mcr.microsoft.com/azurelinux/base/core:3.0 | ||
package_version: RPM | ||
# - name: snp | ||
# os: azure-linux | ||
# image: mcr.microsoft.com/azurelinux/base/core:3.0 | ||
|
||
runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] | ||
container: | ||
image: ${{ matrix.platform.image }} | ||
options: "--user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE -v /lib/modules:/lib/modules:ro" | ||
|
||
steps: | ||
- name: "Install dependencies" | ||
if: ${{ matrix.platform.os == 'azure-linux' }} | ||
shell: bash | ||
run: | | ||
set -ex | ||
gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY | ||
tdnf -y update | ||
# Source control | ||
tdnf -y install ca-certificates git | ||
# Build tools | ||
tdnf -y install build-essential clang cmake ninja-build which | ||
# libc++ | ||
tdnf -y install libcxx-devel llvm-libunwind-devel llvm-libunwind-static | ||
# Dependencies | ||
tdnf -y install openssl-devel libuv-devel nghttp2-devel curl-devel | ||
# Test dependencies | ||
tdnf -y install libarrow-devel parquet-libs-devel lldb npm jq expect | ||
# Install CDDL via rubygems | ||
tdnf -y install rubygems | ||
gem install cddl | ||
- uses: actions/checkout@v4 | ||
with: | ||
fetch-depth: 0 | ||
|
||
- name: "Build Release ${{ matrix.platform.name }}" | ||
shell: bash | ||
run: | | ||
set -ex | ||
git config --global --add safe.directory /__w/CCF/CCF | ||
mkdir build | ||
cd build | ||
CC=`which clang` CXX=`which clang++` cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} -DCLIENT_PROTOCOLS_TEST=ON -DPACKAGE_VERSION=${{ matrix.platform.package_version }} .. | ||
ninja -v | tee build.log | ||
- name: "Check Mitigation Flags" | ||
run: | | ||
cd build | ||
python3 ../scripts/build-check.py < build.log SNPCC | ||
shell: bash | ||
if: ${{ matrix.platform.name == 'snp' && matrix.platform.os == 'ubuntu' }} | ||
|
||
- name: "Install Extended Testing Tools" | ||
run: | | ||
set -ex | ||
sudo apt-get -y update | ||
sudo apt install ansible -y | ||
cd getting_started/setup_vm | ||
ansible-playbook ccf-extended-testing.yml | ||
shell: bash | ||
if: ${{ matrix.platform.name != 'snp' && matrix.platform.os == 'ubuntu' }} | ||
|
||
# TODO client_protocols + lts | ||
|
||
# - name: "Test ${{ matrix.platform.name }}" | ||
# run: | | ||
# set -ex | ||
# cd build | ||
# rm -rf /github/home/.cache | ||
# mkdir -p /github/home/.cache | ||
# export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) | ||
# # Unit tests | ||
# ./tests.sh --output-on-failure -L unit -j$(nproc --all) | ||
# ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|unit" | ||
# shell: bash | ||
# if: "${{ matrix.platform.name != 'snp' }}" | ||
|
||
# - name: "Upload logs for ${{ matrix.platform.name }}" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: logs-${{ matrix.platform.name }} | ||
# path: | | ||
# build/workspace/*/*.config.json | ||
# build/workspace/*/out | ||
# build/workspace/*/err | ||
# build/workspace/*.ledger/* | ||
# if-no-files-found: ignore | ||
# if: success() || failure() | ||
|
||
- name: "Make .deb Package" | ||
id: make_deb | ||
run: | | ||
set -ex | ||
set -o pipefail | ||
cd build | ||
cmake -L .. 2>/dev/null | grep CMAKE_INSTALL_PREFIX: | cut -d = -f 2 > /tmp/install_prefix | ||
cpack -V -G DEB | ||
INITIAL_PKG=`ls *.deb` | ||
CCF_GITHUB_PKG=${INITIAL_PKG//\~/_} | ||
if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then | ||
mv $INITIAL_PKG $CCF_GITHUB_PKG | ||
fi | ||
echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT | ||
shell: bash | ||
if: "${{ matrix.platform.os == 'ubuntu' }}" | ||
|
||
- name: "Make .rpm Package" | ||
id: make_rpm | ||
run: | | ||
set -ex | ||
set -o pipefail | ||
cd build | ||
cmake -L .. 2>/dev/null | grep CMAKE_INSTALL_PREFIX: | cut -d = -f 2 > /tmp/install_prefix | ||
cpack -V -G RPM | ||
INITIAL_PKG=`ls *.deb` | ||
CCF_GITHUB_PKG=${INITIAL_PKG//\~/_} | ||
if [[ "$INITIAL_PKG" != "$CCF_GITHUB_PKG" ]]; then | ||
mv $INITIAL_PKG $CCF_GITHUB_PKG | ||
fi | ||
echo "name=$CCF_GITHUB_PKG" >> $GITHUB_OUTPUT | ||
shell: bash | ||
if: "${{ matrix.platform.os == 'ubuntu' }}" | ||
|
||
- name: "Install CCF Debian package" | ||
run: | | ||
set -ex | ||
cd build | ||
sudo apt -y install ./${{ steps.make_deb.outputs.name }} | ||
shell: bash | ||
if: "${{ matrix.platform.os == 'ubuntu' }}" | ||
|
||
- name: "Install CCF RPM package" | ||
run: | | ||
set -ex | ||
cd build | ||
tdnf -y install ./${{ steps.make_rpm.outputs.name }} | ||
shell: bash | ||
if: "${{ matrix.platform.os == 'azure-linux' }}" | ||
|
||
- name: "Test Installed CCF" | ||
run: | | ||
set -ex | ||
set -o pipefail | ||
cd build | ||
cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./test_install.sh {}" | ||
shell: bash | ||
if: "${{ matrix.platform.name != 'snp' }}" | ||
|
||
- name: "Recovery Benchmark for Installed CCF" | ||
run: | | ||
set -ex | ||
set -o pipefail | ||
cd build | ||
cat /tmp/install_prefix | xargs -i bash -c "PYTHON_PACKAGE_PATH=../python ./recovery_benchmark.sh {}" | ||
shell: bash | ||
if: "${{ matrix.platform.name != 'snp' }}" | ||
|
||
- name: "Test Building a Sample Against Installed CCF" | ||
run: | | ||
set -ex | ||
./tests/test_install_build.sh -DCOMPILE_TARGET=${{ matrix.platform.name }} | ||
shell: bash | ||
|
||
|
||
# - name: "Upload .deb Package" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: pkg-${{ matrix.platform.name }} | ||
# path: build/${{ steps.make_deb.outputs.name }} | ||
|
||
# - name: "Upload Compatibility Report" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: compatibility | ||
# path: build/compatibility_report.json | ||
# if: "${{ matrix.platform.name == 'virtual' }}" | ||
|
||
# - name: "Upload TLS Report" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: tls | ||
# path: build/tls_report.html | ||
# if: "${{ matrix.platform.name == 'virtual' }}" | ||
|
||
- name: "Build Python Wheel" | ||
id: build_wheel | ||
run: | | ||
set -ex | ||
cd python | ||
python3 -m venv env | ||
source ./env/bin/activate | ||
pip install wheel build | ||
python -m build --wheel | ||
WHL=`ls dist/*.whl` | ||
echo "name=$WHL" >> $GITHUB_OUTPUT | ||
shell: bash | ||
if: "${{ matrix.platform.name == 'virtual' }}" | ||
|
||
# - name: "Upload Python Wheel" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: wheel | ||
# path: python/${{ steps.build_wheel.outputs.name }} | ||
# if: "${{ matrix.platform.name == 'virtual' }}" | ||
|
||
- name: "Build TS Package" | ||
id: build_tstgz | ||
run: | | ||
set -ex | ||
cd js/ccf-app | ||
CCF_VERSION=$(<../../build/VERSION_LONG) | ||
CCF_VERSION=${CCF_VERSION#ccf-} | ||
echo "Setting npm package version to ${CCF_VERSION}" | ||
npm version $CCF_VERSION | ||
npm pack | ||
PKG=`ls *.tgz` | ||
echo "name=$PKG" >> $GITHUB_OUTPUT | ||
shell: bash | ||
if: "${{ matrix.platform.name == 'virtual' }}" | ||
|
||
# - name: "Upload TS Package" | ||
# uses: actions/upload-artifact@v4 | ||
# with: | ||
# name: tstgz | ||
# path: js/ccf-app/${{ steps.build_tstgz.outputs.name }} | ||
# if: "${{ matrix.platform.name == 'virtual' }}" | ||
|
||
|
||
# create_release: | ||
# needs: | ||
# - build_release | ||
# - make_sbom | ||
# name: Create Release | ||
# runs-on: ubuntu-latest | ||
# steps: | ||
# - uses: actions/checkout@v4 | ||
# with: | ||
# fetch-depth: 1 | ||
# - name: Download Packages | ||
# uses: actions/download-artifact@v4 | ||
# with: | ||
# path: pkg | ||
# pattern: pkg-* | ||
# merge-multiple: true | ||
# - name: Download Release Notes | ||
# uses: actions/download-artifact@v4 | ||
# with: | ||
# name: relnotes | ||
# - name: Download Compatibility Report | ||
# uses: actions/download-artifact@v4 | ||
# with: | ||
# name: compatibility | ||
# - name: Download TLS Report | ||
# uses: actions/download-artifact@v4 | ||
# with: | ||
# name: tls | ||
# - name: Download Python Wheel | ||
# uses: actions/download-artifact@v4 | ||
# with: | ||
# path: wheel | ||
# name: wheel | ||
# - name: Download TS Package | ||
# uses: actions/download-artifact@v4 | ||
# with: | ||
# path: tstgz | ||
# name: tstgz | ||
# - name: Download SBOM | ||
# uses: actions/download-artifact@v4 | ||
# with: | ||
# path: sbom | ||
# name: sbom | ||
# - run: | | ||
# echo "Creating release will be done here" | ||
# shell: bash | ||
# env: | ||
# GH_TOKEN: ${{ github.token }} | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
Oops, something went wrong.