-
Notifications
You must be signed in to change notification settings - Fork 456
370 lines (348 loc) · 14.9 KB
/
build.yml
File metadata and controls
370 lines (348 loc) · 14.9 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
name: Continuous Integration Checks
on:
push:
branches-ignore:
- master
pull_request:
branches-ignore:
- master
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
ext-test:
runs-on: self-hosted
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Rust stable toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain stable
- name: Run externalized tests
run: |
cd ext-functional-test-demo
cargo test --verbose --color always
cargo test --verbose --color always --features test-broken
build-workspace:
uses: ./.github/workflows/ci-build.yml
with:
script: ci/ci-tests-workspace.sh
build-features:
uses: ./.github/workflows/ci-build.yml
with:
script: ci/ci-tests-features.sh
build-bindings:
uses: ./.github/workflows/ci-build.yml
with:
script: ci/ci-tests-bindings.sh
build-nostd:
uses: ./.github/workflows/ci-build.yml
with:
script: ci/ci-tests-nostd.sh
build-cfg-flags:
uses: ./.github/workflows/ci-build.yml
with:
script: ci/ci-tests-cfg-flags.sh
build-sync:
uses: ./.github/workflows/ci-build.yml
with:
script: ci/ci-tests-sync.sh
coverage:
needs: fuzz
strategy:
fail-fast: false
runs-on: self-hosted
steps:
- name: Checkout source code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Rust stable toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal
- name: Run tests with coverage generation
run: |
cargo install cargo-llvm-cov
export RUSTFLAGS="-Coverflow-checks=off"
cargo llvm-cov --features rest-client,rpc-client,tokio,serde --codecov --hide-instantiations --output-path=target/codecov.json
curl --verbose -O https://cli.codecov.io/latest/linux/codecov
chmod +x codecov
# Could you use this to fake the coverage report for your PR? Sure.
# Will anyone be impressed by your amazing coverage? No
# Maybe if codecov wasn't broken we wouldn't need to do this...
./codecov --verbose upload-process --disable-search --fail-on-error -f target/codecov.json -t "f421b687-4dc2-4387-ac3d-dc3b2528af57" -F 'tests'
cargo clean
- name: Download honggfuzz corpus
uses: actions/download-artifact@v4
with:
name: hfuzz-corpus
path: fuzz/hfuzz_workspace
- name: Run fuzz coverage generation
run: |
./contrib/generate_fuzz_coverage.sh --output-dir `pwd` --output-codecov-json
# Could you use this to fake the coverage report for your PR? Sure.
# Will anyone be impressed by your amazing coverage? No
# Maybe if codecov wasn't broken we wouldn't need to do this...
./codecov --verbose upload-process --disable-search --fail-on-error -f fuzz-fake-hashes-codecov.json -t "f421b687-4dc2-4387-ac3d-dc3b2528af57" -F 'fuzzing-fake-hashes'
./codecov --verbose upload-process --disable-search --fail-on-error -f fuzz-real-hashes-codecov.json -t "f421b687-4dc2-4387-ac3d-dc3b2528af57" -F 'fuzzing-real-hashes'
benchmark:
runs-on: ubuntu-latest
env:
TOOLCHAIN: stable
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
- name: Cache routing graph snapshot
id: cache-graph
uses: actions/cache@v4
with:
path: lightning/net_graph-2023-12-10.bin
key: ldk-net_graph-v0.0.118-2023-12-10.bin
- name: Fetch routing graph snapshot
if: steps.cache-graph.outputs.cache-hit != 'true'
run: |
curl --verbose -L -o lightning/net_graph-2023-12-10.bin https://bitcoin.ninja/ldk-net_graph-v0.0.118-2023-12-10.bin
echo "Sha sum: $(sha256sum lightning/net_graph-2023-12-10.bin | awk '{ print $1 }')"
if [ "$(sha256sum lightning/net_graph-2023-12-10.bin | awk '{ print $1 }')" != "${EXPECTED_ROUTING_GRAPH_SNAPSHOT_SHASUM}" ]; then
echo "Bad hash"
exit 1
fi
env:
EXPECTED_ROUTING_GRAPH_SNAPSHOT_SHASUM: e94b38ef4b3ce683893bf6a3ee28d60cb37c73b059403ff77b7e7458157968c2
- name: Cache scorer snapshot
id: cache-scorer
uses: actions/cache@v4
with:
path: lightning/scorer-2023-12-10.bin
key: ldk-scorer-v0.0.118-2023-12-10.bin
- name: Fetch scorer snapshot
if: steps.cache-scorer.outputs.cache-hit != 'true'
run: |
curl --verbose -L -o lightning/scorer-2023-12-10.bin https://bitcoin.ninja/ldk-scorer-v0.0.118-2023-12-10.bin
echo "Sha sum: $(sha256sum lightning/scorer-2023-12-10.bin | awk '{ print $1 }')"
if [ "$(sha256sum lightning/scorer-2023-12-10.bin | awk '{ print $1 }')" != "${EXPECTED_SCORER_SNAPSHOT_SHASUM}" ]; then
echo "Bad hash"
exit 1
fi
env:
EXPECTED_SCORER_SNAPSHOT_SHASUM: 570a26bb28870fe1da7e392cdec9fb794718826b04c43ca053d71a8a9bb9be69
- name: Fetch rapid graph sync reference input
run: |
curl --verbose -L -o lightning-rapid-gossip-sync/res/full_graph.lngossip https://bitcoin.ninja/ldk-compressed_graph-285cb27df79-2022-07-21.bin
echo "Sha sum: $(sha256sum lightning-rapid-gossip-sync/res/full_graph.lngossip | awk '{ print $1 }')"
if [ "$(sha256sum lightning-rapid-gossip-sync/res/full_graph.lngossip | awk '{ print $1 }')" != "${EXPECTED_RAPID_GOSSIP_SHASUM}" ]; then
echo "Bad hash"
exit 1
fi
env:
EXPECTED_RAPID_GOSSIP_SHASUM: e0f5d11641c11896d7af3a2246d3d6c3f1720b7d2d17aab321ecce82e6b7deb8
- name: Test with Network Graph on Rust ${{ matrix.toolchain }}
run: |
cd lightning
RUSTFLAGS="--cfg=require_route_graph_test" cargo test
cd ..
- name: Run benchmarks on Rust ${{ matrix.toolchain }}
run: |
cd bench
RUSTFLAGS="--cfg=ldk_bench --cfg=require_route_graph_test" cargo bench
check_release:
runs-on: ubuntu-latest
env:
TOOLCHAIN: stable
steps:
- name: Checkout source code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
- name: Run cargo check for release build.
run: |
cargo check --release
cargo check --no-default-features --features=std --release
cargo doc --release
- name: Run cargo check for Taproot build.
run: |
cargo check --release
cargo check --no-default-features --release
cargo check --no-default-features --features=std --release
cargo doc --release
cargo doc --no-default-features --release
env:
RUSTFLAGS: '--cfg=taproot'
RUSTDOCFLAGS: '--cfg=taproot'
check_docs:
runs-on: self-hosted
env:
# While docs.rs builds using a nightly compiler (and we use some nightly features),
# nightly ends up randomly breaking builds occasionally, so we instead use beta
# and set RUSTC_BOOTSTRAP in check-docsrs.sh
TOOLCHAIN: beta
steps:
- name: Checkout source code
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
- name: Simulate docs.rs build
run: ci/check-docsrs.sh
fuzz_sanity:
runs-on: self-hosted
env:
TOOLCHAIN: 1.75
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
- name: Sanity check fuzz targets on Rust ${{ env.TOOLCHAIN }}
run: |
cd fuzz
RUSTFLAGS="--cfg=fuzzing --cfg=secp256k1_fuzz --cfg=hashes_fuzz" cargo test --quiet --color always --lib -j8
RUSTFLAGS="--cfg=fuzzing --cfg=secp256k1_fuzz --cfg=hashes_fuzz" cargo test --manifest-path fuzz-fake-hashes/Cargo.toml --quiet --color always --bins -j8
RUSTFLAGS="--cfg=fuzzing --cfg=secp256k1_fuzz" cargo test --manifest-path fuzz-real-hashes/Cargo.toml --quiet --color always --bins -j8
fuzz:
runs-on: self-hosted
env:
TOOLCHAIN: 1.75
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
# This is read-only for PRs. It seeds the fuzzer for a more effective run.
# NOTE: The `key` is unique and will always miss, forcing a fallback to
# the `restore-keys` to find the latest global cache from the `main` branch.
- name: Restore persistent fuzz corpus (PR)
if: ${{ github.ref != 'refs/heads/main' }}
uses: actions/cache/restore@v4
with:
path: fuzz/hfuzz_workspace
key: fuzz-corpus-${{ github.ref }}-${{ github.sha }}
restore-keys: |
fuzz-corpus-refs/heads/main-
# The `restore-keys` performs a prefix search to find the most recent
# cache from a previous `main` run. We then save with a new, unique
# `key` (using the SHA) to ensure the cache is always updated,
# as caches are immutable.
- name: Restore/Save persistent honggfuzz corpus (Main)
if: ${{ github.ref == 'refs/heads/main' }}
uses: actions/cache@v4
with:
path: fuzz/hfuzz_workspace
key: fuzz-corpus-refs/heads/main-${{ github.sha }}
restore-keys: |
fuzz-corpus-refs/heads/main-
- name: Run fuzzers
run: cd fuzz && ./ci-fuzz.sh && cd ..
env:
FUZZ_MINIMIZE: ${{ contains(github.event.pull_request.labels.*.name, 'fuzz-minimize') }}
- name: Upload honggfuzz corpus
uses: actions/upload-artifact@v4
with:
name: hfuzz-corpus
path: fuzz/hfuzz_workspace
compression-level: 0
linting:
runs-on: ubuntu-latest
env:
TOOLCHAIN: stable
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
- name: Install clippy
run: |
rustup component add clippy
- name: shellcheck the CI and `contrib` scripts
run: |
shellcheck ci/*.sh -aP ci
shellcheck contrib/*.sh -aP contrib
- name: Run default clippy linting
run: |
./ci/check-lint.sh
rustfmt:
runs-on: ubuntu-latest
env:
TOOLCHAIN: 1.75.0
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
- name: Install rustfmt
run: |
rustup component add rustfmt
- name: Run rustfmt checks
run: cargo fmt --check
- name: Run rustfmt checks on lightning-tests
run: cd lightning-tests && cargo fmt --check
tor-connect:
runs-on: ubuntu-latest
env:
TOOLCHAIN: 1.75.0
steps:
- name: Checkout source code
uses: actions/checkout@v4
- name: Install tor
run: |
sudo apt install -y tor
- name: Install Rust ${{ env.TOOLCHAIN }} toolchain
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --profile=minimal --default-toolchain ${{ env.TOOLCHAIN }}
- name: Test tor connections using lightning-net-tokio
run: |
TOR_PROXY="127.0.0.1:9050" RUSTFLAGS="--cfg=tor" cargo test --verbose --color always -p lightning-net-tokio
notify-failure:
needs: [build-workspace, build-features, build-bindings, build-nostd, build-cfg-flags, build-sync, fuzz_sanity, fuzz, linting, rustfmt, check_release, check_docs, benchmark, ext-test, tor-connect, coverage]
if: failure() && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- name: Create or update failure issue
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
run: |
LABEL="build failed"
TITLE="Failed build: ${{ github.workflow }}"
RUN_URL="https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}"
REPO_URL="https://github.com/${{ github.repository }}"
COMMITTER="${{ github.event.head_commit.author.username }}"
BODY="GitHub Actions workflow [${{ github.workflow }} #${{ github.run_number }}](${RUN_URL}) failed."
BODY="${BODY}"$'\n\n'"Event: ${{ github.event_name }}"
BRANCH="${{ github.ref_name }}"
BODY="${BODY}"$'\n'"Branch: [${BRANCH}](${REPO_URL}/tree/${BRANCH})"
BODY="${BODY}"$'\n'"Commit: [${{ github.sha }}](${REPO_URL}/commit/${{ github.sha }})"
if [ -n "$COMMITTER" ]; then
BODY="${BODY}"$'\n'"Committer: @${COMMITTER}"
fi
# Ensure label exists
if ! gh label list --search "$LABEL" --json name --jq '.[].name' | grep -qxF "$LABEL"; then
gh label create "$LABEL"
fi
# Find existing open issue with this label
ISSUE_NUMBER=$(gh issue list --label "$LABEL" --state open --json number --jq '.[0].number // empty')
if [ -n "$ISSUE_NUMBER" ]; then
gh issue comment "$ISSUE_NUMBER" --body "$BODY"
else
ISSUE_URL=$(gh issue create --title "$TITLE" --label "$LABEL" --body "$BODY")
ISSUE_NUMBER=$(echo "$ISSUE_URL" | grep -o '[0-9]*$')
fi
# Assign issue to committer if no one is assigned yet
ASSIGNEE_COUNT=$(gh issue view "$ISSUE_NUMBER" --json assignees --jq '.assignees | length')
if [ "$ASSIGNEE_COUNT" = "0" ] && [ -n "$COMMITTER" ]; then
gh issue edit "$ISSUE_NUMBER" --add-assignee "$COMMITTER" || true
fi