diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 9a7c7986c74..dfc26fa4b39 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -1,22 +1,22 @@ version: 2 updates: -- package-ecosystem: cargo - directory: "/" - schedule: - interval: daily - timezone: America/New_York - open-pull-requests-limit: 10 - labels: - - "A-dependencies" - - "A-rust" - - "P-Low :snowflake:" -- package-ecosystem: github-actions - directory: "/" - schedule: - interval: daily - timezone: America/New_York - open-pull-requests-limit: 10 - labels: - - "A-infrastructure" - - "A-dependencies" - - "P-Low :snowflake:" + - package-ecosystem: cargo + directory: '/' + schedule: + interval: daily + timezone: America/New_York + open-pull-requests-limit: 10 + labels: + - 'A-dependencies' + - 'A-rust' + - 'P-Low :snowflake:' + - package-ecosystem: github-actions + directory: '/' + schedule: + interval: daily + timezone: America/New_York + open-pull-requests-limit: 10 + labels: + - 'A-infrastructure' + - 'A-dependencies' + - 'P-Low :snowflake:' diff --git a/.github/mergify.yml b/.github/mergify.yml index ae83f6daa76..0e93f64363a 100644 --- a/.github/mergify.yml +++ b/.github/mergify.yml @@ -10,7 +10,7 @@ queue_rules: - check-success=Test full validation sync from cached state - check-success=Test stable zebra-state with fake activation heights on ubuntu-latest - check-success=Test stable on ubuntu-latest - - check-success=Test stable on macOS-latest + - check-success=Test stable on macos-latest # TODO: Windows was removed for now, see https://github.com/ZcashFoundation/zebra/issues/3801 # - check-success=Test stable on windows-latest - check-success=Clippy @@ -27,7 +27,7 @@ queue_rules: - check-success=Test full validation sync from cached state - check-success=Test stable zebra-state with fake activation heights on ubuntu-latest - check-success=Test stable on ubuntu-latest - - check-success=Test stable on macOS-latest + - check-success=Test stable on macos-latest # - check-success=Test stable on windows-latest - check-success=Clippy - check-success=Rustfmt @@ -43,7 +43,7 @@ queue_rules: - check-success=Test full validation sync from cached state - check-success=Test stable zebra-state with fake activation heights on ubuntu-latest - check-success=Test stable on ubuntu-latest - - check-success=Test stable on macOS-latest + - check-success=Test stable on macos-latest # - check-success=Test stable on windows-latest - check-success=Clippy - check-success=Rustfmt @@ -51,13 +51,13 @@ queue_rules: pull_request_rules: - name: move to urgent queue when CI passes with 1 review and not WIP targeting main conditions: - - "#approved-reviews-by>=1" - - "#review-threads-unresolved=0" + - '#approved-reviews-by>=1' + - '#review-threads-unresolved=0' - -draft - base=main - or: - - "label~=^P-Critical" - - "label~=^P-High" + - 'label~=^P-Critical' + - 'label~=^P-High' - label!=do-not-merge actions: queue: @@ -66,11 +66,11 @@ pull_request_rules: - name: move to medium queue when CI passes with 1 review and not WIP targeting main conditions: - - "#approved-reviews-by>=1" - - "#review-threads-unresolved=0" + - '#approved-reviews-by>=1' + - '#review-threads-unresolved=0' - -draft - base=main - - "label~=^P-Medium" + - 'label~=^P-Medium' - label!=do-not-merge actions: queue: @@ -79,8 +79,8 @@ pull_request_rules: - name: move to low queue when CI passes with 1 review and not WIP targeting main conditions: - - "#approved-reviews-by>=1" - - "#review-threads-unresolved=0" + - '#approved-reviews-by>=1' + - '#review-threads-unresolved=0' - -draft - base=main - label!=do-not-merge diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index fe885fc4b8b..b1c86b32cf6 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -5,8 +5,12 @@ on: inputs: network: default: 'Mainnet' + description: 'Network to deploy: Mainnet or Testnet' + required: true checkpoint_sync: - default: true + default: 'true' + description: 'Use as many checkpoints as possible when syncing' + required: true push: branches: - main @@ -32,93 +36,93 @@ jobs: id-token: 'write' steps: - - uses: actions/checkout@v3.0.0 - with: - persist-credentials: false - - - name: Inject slug/short variables - uses: rlespinasse/github-slug-action@v4 - with: - short-length: 7 - - # Automatic tag management and OCI Image Format Specification for labels - - name: Docker meta - id: meta - uses: docker/metadata-action@v3.7.0 - with: - # list of Docker images to use as base name for tags - images: | - ${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }} - ${{ env.GCR_BASE }}/${{ env.GITHUB_REPOSITORY_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} - # generate Docker tags based on the following events/attributes - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha - - # Setup gcloud CLI - - name: Authenticate to Google Cloud - id: auth - uses: google-github-actions/auth@v0.7.0 - with: - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' - - - name: Set up QEMU - id: qemu - uses: docker/setup-qemu-action@v1 - with: - image: tonistiigi/binfmt:latest - platforms: all - - # Setup Docker Buildx to allow use of docker cache layers from GH - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 - - - name: Login to Google Artifact Registry - uses: docker/login-action@v1.14.1 - with: - registry: us-docker.pkg.dev - username: oauth2accesstoken - password: ${{ steps.auth.outputs.access_token }} - - - name: Login to Google Container Registry - uses: docker/login-action@v1.14.1 - with: - registry: gcr.io - username: oauth2accesstoken - password: ${{ steps.auth.outputs.access_token }} - - # Build and push image to Google Artifact Registry - - name: Build & push - id: docker_build - uses: docker/build-push-action@v2.10.0 - with: - target: runtime - context: . - file: ./docker/Dockerfile - # TODO: building crates is taking too long with arm64 and it's timing out on GHA - # platforms: | - # linux/amd64 - # linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - NETWORK=${{ github.event.inputs.network || env.NETWORK }} - SHORT_SHA=${{ env.GITHUB_SHA_SHORT }} - RUST_BACKTRACE=1 - ZEBRA_SKIP_IPV6_TESTS="1" - CHECKPOINT_SYNC=${{ github.event.inputs.checkpoint_sync || true }} - SENTRY_DSN=${{ secrets.SENTRY_ENDPOINT }} - push: true - cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache - cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache,mode=max + - uses: actions/checkout@v3.0.0 + with: + persist-credentials: false + + - name: Inject slug/short variables + uses: rlespinasse/github-slug-action@v4 + with: + short-length: 7 + + # Automatic tag management and OCI Image Format Specification for labels + - name: Docker meta + id: meta + uses: docker/metadata-action@v3.7.0 + with: + # list of Docker images to use as base name for tags + images: | + ${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }} + ${{ env.GCR_BASE }}/${{ env.GITHUB_REPOSITORY_SLUG_URL }}/${{ env.GITHUB_REF_SLUG_URL }} + # generate Docker tags based on the following events/attributes + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha + + # Setup gcloud CLI + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v0.7.0 + with: + workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' + service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + token_format: 'access_token' + + - name: Set up QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all + + # Setup Docker Buildx to allow use of docker cache layers from GH + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 + + - name: Login to Google Artifact Registry + uses: docker/login-action@v1.14.1 + with: + registry: us-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} + + - name: Login to Google Container Registry + uses: docker/login-action@v1.14.1 + with: + registry: gcr.io + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} + + # Build and push image to Google Artifact Registry + - name: Build & push + id: docker_build + uses: docker/build-push-action@v2.10.0 + with: + target: runtime + context: . + file: ./docker/Dockerfile + # TODO: building crates is taking too long with arm64 and it's timing out on GHA + # platforms: | + # linux/amd64 + # linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + NETWORK=${{ github.event.inputs.network || env.NETWORK }} + SHORT_SHA=${{ env.GITHUB_SHA_SHORT }} + RUST_BACKTRACE=1 + ZEBRA_SKIP_IPV6_TESTS="1" + CHECKPOINT_SYNC=${{ github.event.inputs.checkpoint_sync || true }} + SENTRY_DSN=${{ secrets.SENTRY_ENDPOINT }} + push: true + cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache + cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.GITHUB_REF_SLUG_URL }}:buildcache,mode=max deploy-nodes: name: Deploy Mainnet nodes diff --git a/.github/workflows/ci.patch.yml b/.github/workflows/ci.patch.yml index 5cb04b6d270..51c7b2a01c7 100644 --- a/.github/workflows/ci.patch.yml +++ b/.github/workflows/ci.patch.yml @@ -23,7 +23,7 @@ jobs: fail-fast: false matrix: # TODO: Windows was removed for now, see https://github.com/ZcashFoundation/zebra/issues/3801 - os: [ubuntu-latest, macOS-latest] + os: [ubuntu-latest, macos-latest] rust: [stable] steps: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 265ac70b4bd..294ec222cd9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: fail-fast: false matrix: # TODO: Windows was removed for now, see https://github.com/ZcashFoundation/zebra/issues/3801 - os: [ubuntu-latest, macOS-latest] + os: [ubuntu-latest, macos-latest] rust: [stable] steps: @@ -67,7 +67,7 @@ jobs: # Ubuntu runners don't have reliable network or DNS during test steps. # Windows runners have an unreliable network. shell: bash - if: matrix.os != 'macOS-latest' + if: matrix.os != 'macos-latest' run: echo "ZEBRA_SKIP_NETWORK_TESTS=1" >> $GITHUB_ENV - name: Minimise proptest cases on macOS and Windows @@ -79,8 +79,8 @@ jobs: shell: bash if: matrix.os != 'ubuntu-latest' run: | - echo "PROPTEST_CASES=1" >> $GITHUB_ENV - echo "PROPTEST_MAX_SHRINK_ITERS=1024" >> $GITHUB_ENV + echo "PROPTEST_CASES=1" >> $GITHUB_ENV + echo "PROPTEST_MAX_SHRINK_ITERS=1024" >> $GITHUB_ENV - name: Change target output directory on Windows # Windows doesn't have enough space on the D: drive, so we redirect the build output to the @@ -118,7 +118,7 @@ jobs: - name: Run zebrad large sync tests # Skip the entire step on Ubuntu and Windows, because the test would be skipped anyway due to ZEBRA_SKIP_NETWORK_TESTS - if: matrix.os == 'macOS-latest' + if: matrix.os == 'macos-latest' uses: actions-rs/cargo@v1.0.3 with: command: test @@ -159,7 +159,7 @@ jobs: - name: Run tests with fake activation heights uses: actions-rs/cargo@v1.0.3 env: - TEST_FAKE_ACTIVATION_HEIGHTS: "" + TEST_FAKE_ACTIVATION_HEIGHTS: '' with: command: test # Note: this only runs the zebra-state crate tests, @@ -267,18 +267,18 @@ jobs: continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - - uses: actions/checkout@v2 - with: - persist-credentials: false - - - uses: EmbarkStudios/cargo-deny-action@v1 - with: - command: check ${{ matrix.checks }} - args: --all-features --workspace - - # this check runs with optional features off - # so we expect some warnings about "skip tree root was not found" - - uses: EmbarkStudios/cargo-deny-action@v1 - with: - command: check ${{ matrix.checks }} - args: --workspace + - uses: actions/checkout@v2 + with: + persist-credentials: false + + - uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check ${{ matrix.checks }} + args: --all-features --workspace + + # this check runs with optional features off + # so we expect some warnings about "skip tree root was not found" + - uses: EmbarkStudios/cargo-deny-action@v1 + with: + command: check ${{ matrix.checks }} + args: --workspace diff --git a/.github/workflows/clean.yml b/.github/workflows/clean.yml index 6d9576e6e29..b1cda3dc31a 100644 --- a/.github/workflows/clean.yml +++ b/.github/workflows/clean.yml @@ -5,7 +5,7 @@ on: pull_request: branches: - main - types: [ closed ] + types: [closed] env: NETWORK: Mainnet @@ -39,4 +39,4 @@ jobs: continue-on-error: true run: | TEST_INSTANCES=$(gcloud compute instances list --filter="${{ env.GITHUB_REF_SLUG_URL }}" --format='value(NAME)') - for instance in ${TEST_INSTANCES}; do gcloud compute instances delete $instance --zone "${{ env.ZONE }}" --delete-disks all --quiet; done \ No newline at end of file + for instance in ${TEST_INSTANCES}; do gcloud compute instances delete $instance --zone "${{ env.ZONE }}" --delete-disks all --quiet; done diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 9b67a1ca46b..b0f8c056a17 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -70,8 +70,8 @@ jobs: # Coverage tests are much slower than other tests, particularly in hot loops. shell: bash run: | - echo "PROPTEST_CASES=1" >> $GITHUB_ENV - echo "PROPTEST_MAX_SHRINK_ITERS=0" >> $GITHUB_ENV + echo "PROPTEST_CASES=1" >> $GITHUB_ENV + echo "PROPTEST_MAX_SHRINK_ITERS=0" >> $GITHUB_ENV # Modified from: # https://github.com/zcash/librustzcash/blob/c48bb4def2e122289843ddb3cb2984c325c03ca0/.github/workflows/ci.yml#L20-L33 diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml index df2212949f7..9f3901c19c7 100644 --- a/.github/workflows/docs.yml +++ b/.github/workflows/docs.yml @@ -23,62 +23,62 @@ jobs: timeout-minutes: 30 runs-on: ubuntu-latest steps: - - name: Checkout the source code - uses: actions/checkout@v3.0.0 - with: - persist-credentials: false + - name: Checkout the source code + uses: actions/checkout@v3.0.0 + with: + persist-credentials: false - - name: Install latest beta - uses: actions-rs/toolchain@v1 - with: - toolchain: beta - components: rust-docs - override: true + - name: Install latest beta + uses: actions-rs/toolchain@v1 + with: + toolchain: beta + components: rust-docs + override: true - - uses: Swatinem/rust-cache@v1 + - uses: Swatinem/rust-cache@v1 - - name: Install mdbook - run: | - cargo install mdbook + - name: Install mdbook + run: | + cargo install mdbook - - name: Build Zebra book - run: | - mdbook build book/ + - name: Build Zebra book + run: | + mdbook build book/ - - name: Deploy Zebra book to firebase - uses: w9jds/firebase-action@v2.0.0 - with: - args: deploy - env: - FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} - PROJECT_PATH: book/ - PROJECT_ID: zebra-book-b535f + - name: Deploy Zebra book to firebase + uses: w9jds/firebase-action@v2.0.0 + with: + args: deploy + env: + FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} + PROJECT_PATH: book/ + PROJECT_ID: zebra-book-b535f - - name: Build external docs - run: | - # Exclude zebra-utils, it is not for library or app users - cargo doc --no-deps --workspace --exclude zebra-utils - env: - RUSTDOCFLAGS: "--html-in-header katex-header.html" + - name: Build external docs + run: | + # Exclude zebra-utils, it is not for library or app users + cargo doc --no-deps --workspace --exclude zebra-utils + env: + RUSTDOCFLAGS: '--html-in-header katex-header.html' - - name: Deploy external docs to firebase - uses: w9jds/firebase-action@v2.0.0 - with: - args: deploy - env: - FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} - PROJECT_ID: zebra-doc-external + - name: Deploy external docs to firebase + uses: w9jds/firebase-action@v2.0.0 + with: + args: deploy + env: + FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} + PROJECT_ID: zebra-doc-external - - name: Build internal docs - run: | - cargo doc --no-deps --document-private-items - env: - RUSTDOCFLAGS: "--html-in-header katex-header.html" + - name: Build internal docs + run: | + cargo doc --no-deps --document-private-items + env: + RUSTDOCFLAGS: '--html-in-header katex-header.html' - - name: Deploy internal docs to firebase - uses: w9jds/firebase-action@v2.0.0 - with: - args: deploy - env: - FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} - PROJECT_ID: zebra-doc-internal-e9fd4 + - name: Deploy internal docs to firebase + uses: w9jds/firebase-action@v2.0.0 + with: + args: deploy + env: + FIREBASE_TOKEN: ${{ secrets.FIREBASE_TOKEN }} + PROJECT_ID: zebra-doc-internal-e9fd4 diff --git a/.github/workflows/lint.patch.yml b/.github/workflows/lint.patch.yml index 340423d6f7b..4d06d6bb789 100644 --- a/.github/workflows/lint.patch.yml +++ b/.github/workflows/lint.patch.yml @@ -1,17 +1,16 @@ name: Lint Rust files on: - push: + pull_request: branches: - - "**" - - "!main" + - 'main' paths-ignore: - '**/*.rs' - '**/Cargo.toml' - '**/Cargo.lock' - 'clippy.toml' - '.cargo/config.toml' - - '.github/workflows/lint.yml' + - '.github/workflows/*.yml' jobs: clippy: diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index 7f57dacad54..18d41b3bebc 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -1,10 +1,9 @@ name: Lint Rust files on: - push: + pull_request: branches: - - "**" - - "!main" + - 'main' paths: # code and tests - '**/*.rs' @@ -14,7 +13,8 @@ on: # workflow definitions - 'clippy.toml' - '.cargo/config.toml' - - '.github/workflows/lint.yml' + # TODO: we might want to run this in a separate workflow in the future for the `actionlint` job + - '.github/workflows/*.yml' env: CARGO_INCREMENTAL: 0 @@ -82,3 +82,9 @@ jobs: with: command: fmt args: --all -- --check + + actionlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - uses: reviewdog/action-actionlint@v1.21.0 diff --git a/.github/workflows/test-full-sync.yml b/.github/workflows/test-full-sync.yml index da04c136ca2..8c301c8cbb8 100644 --- a/.github/workflows/test-full-sync.yml +++ b/.github/workflows/test-full-sync.yml @@ -5,6 +5,12 @@ on: inputs: network: default: 'Mainnet' + description: 'Network to deploy: Mainnet or Testnet' + required: true + checkpoint_sync: + default: 'true' + description: 'Configures `zebrad` to use as many checkpoints as possible' + required: true pull_request: branches: - main @@ -24,7 +30,7 @@ on: env: CARGO_INCREMENTAL: '1' - ZEBRA_SKIP_IPV6_TESTS: "1" + ZEBRA_SKIP_IPV6_TESTS: '1' RUST_BACKTRACE: full RUST_LIB_BACKTRACE: full COLORBT_SHOW_HIDDEN: '1' @@ -41,7 +47,7 @@ jobs: build: # only run on Mergify head branches, and on manual dispatch: # https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#running-your-workflow-based-on-the-head-or-base-branch-of-a-pull-request-1 - if: startsWith(github.head_ref, 'mergify/merge-queue/') || github.event_name == 'workflow_dispatch' + if: startsWith(github.head_ref, 'mergify/merge-queue/') || github.event_name == 'workflow_dispatch' name: Build images timeout-minutes: 210 runs-on: ubuntu-latest @@ -132,7 +138,7 @@ jobs: test-full-sync: name: Test full Mainnet sync runs-on: ubuntu-latest - needs: [ build ] + needs: [build] permissions: contents: 'read' id-token: 'write' diff --git a/.github/workflows/test.patch.yml b/.github/workflows/test.patch.yml index 0aebc3efdf1..72a1827067e 100644 --- a/.github/workflows/test.patch.yml +++ b/.github/workflows/test.patch.yml @@ -25,7 +25,6 @@ jobs: name: Test all runs-on: ubuntu-latest needs: build - if: ${{ github.event.inputs.regenerate-disks != 'true' }} steps: - run: 'echo "No build required"' @@ -33,7 +32,6 @@ jobs: name: Test with fake activation heights runs-on: ubuntu-latest needs: build - if: ${{ github.event.inputs.regenerate-disks != 'true' }} steps: - run: 'echo "No build required"' @@ -42,7 +40,6 @@ jobs: name: Test checkpoint sync from empty state runs-on: ubuntu-latest needs: build - if: ${{ github.event.inputs.regenerate-disks != 'true' }} steps: - run: 'echo "No build required"' @@ -57,8 +54,6 @@ jobs: name: Regenerate stateful disks runs-on: ubuntu-latest needs: build - outputs: - disk_short_sha: ${{ steps.disk-short-sha.outputs.disk_short_sha }} steps: - run: 'echo "No build required"' @@ -66,6 +61,6 @@ jobs: test-stateful-sync: name: Test full validation sync from cached state runs-on: ubuntu-latest - needs: [ build, regenerate-stateful-disks] + needs: [build, regenerate-stateful-disks] steps: - run: 'echo "No build required"' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml index b03b4b50a5c..baf23a3f4ca 100644 --- a/.github/workflows/test.yml +++ b/.github/workflows/test.yml @@ -5,10 +5,17 @@ on: inputs: network: default: 'Mainnet' + description: 'Network to deploy: Mainnet or Testnet' + required: true + checkpoint_sync: + default: 'true' + description: 'Configures `zebrad` to use as many checkpoints as possible' + required: true regenerate-disks: type: boolean default: false - description: Just update stateful disks + description: 'Just update stateful disks' + required: true pull_request: branches: - main @@ -358,7 +365,7 @@ jobs: test-stateful-sync: name: Test full validation sync from cached state runs-on: ubuntu-latest - needs: [ build, regenerate-stateful-disks] + needs: [build, regenerate-stateful-disks] permissions: contents: 'read' id-token: 'write' diff --git a/.github/workflows/zcash-lightwalletd.yml b/.github/workflows/zcash-lightwalletd.yml index fc4e99ddb2f..36612e1efbd 100644 --- a/.github/workflows/zcash-lightwalletd.yml +++ b/.github/workflows/zcash-lightwalletd.yml @@ -35,81 +35,81 @@ jobs: id-token: 'write' steps: - - uses: actions/checkout@v3.0.0 - with: - repository: adityapk00/lightwalletd - ref: 'master' - persist-credentials: false + - uses: actions/checkout@v3.0.0 + with: + repository: adityapk00/lightwalletd + ref: 'master' + persist-credentials: false - - uses: actions/checkout@v3.0.0 - with: - path: zebra - persist-credentials: false + - uses: actions/checkout@v3.0.0 + with: + path: zebra + persist-credentials: false - - name: Inject slug/short variables - uses: rlespinasse/github-slug-action@v4 - with: - short-length: 7 + - name: Inject slug/short variables + uses: rlespinasse/github-slug-action@v4 + with: + short-length: 7 # Automatic tag management and OCI Image Format Specification for labels - - name: Docker meta - id: meta - uses: docker/metadata-action@v3.7.0 - with: - # list of Docker images to use as base name for tags - images: | - ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }} - # generate Docker tags based on the following events/attributes - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha + - name: Docker meta + id: meta + uses: docker/metadata-action@v3.7.0 + with: + # list of Docker images to use as base name for tags + images: | + ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }} + # generate Docker tags based on the following events/attributes + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha - - name: Set up QEMU - id: qemu - uses: docker/setup-qemu-action@v1 - with: - image: tonistiigi/binfmt:latest - platforms: all + - name: Set up QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all - # Setup Docker Buildx to allow use of docker cache layers from GH - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 + # Setup Docker Buildx to allow use of docker cache layers from GH + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 - # Setup gcloud CLI - - name: Authenticate to Google Cloud - id: auth - uses: google-github-actions/auth@v0.7.0 - with: - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + # Setup gcloud CLI + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v0.7.0 + with: + workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' + service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + token_format: 'access_token' - - name: Login to Google Artifact Registry - uses: docker/login-action@v1.14.1 - with: - registry: us-docker.pkg.dev - username: oauth2accesstoken - password: ${{ steps.auth.outputs.access_token }} + - name: Login to Google Artifact Registry + uses: docker/login-action@v1.14.1 + with: + registry: us-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} - # Build and push image to Google Artifact Registry - - name: Build & push - id: docker_build - uses: docker/build-push-action@v2.10.0 - with: - target: build - context: . - file: ./zebra/docker/zcash-lightwalletd/Dockerfile - platforms: | - linux/amd64 - linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - push: true - cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache,mode=max + # Build and push image to Google Artifact Registry + - name: Build & push + id: docker_build + uses: docker/build-push-action@v2.10.0 + with: + target: build + context: . + file: ./zebra/docker/zcash-lightwalletd/Dockerfile + platforms: | + linux/amd64 + linux/arm64 + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + push: true + cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache,mode=max diff --git a/.github/workflows/zcash-params.yml b/.github/workflows/zcash-params.yml index ec878363661..350cd8ba87a 100644 --- a/.github/workflows/zcash-params.yml +++ b/.github/workflows/zcash-params.yml @@ -32,80 +32,80 @@ jobs: id-token: 'write' steps: - - uses: actions/checkout@v3.0.0 - with: - persist-credentials: false + - uses: actions/checkout@v3.0.0 + with: + persist-credentials: false - - name: Inject slug/short variables - uses: rlespinasse/github-slug-action@v4 - with: - short-length: 7 + - name: Inject slug/short variables + uses: rlespinasse/github-slug-action@v4 + with: + short-length: 7 # Automatic tag management and OCI Image Format Specification for labels - - name: Docker meta - id: meta - uses: docker/metadata-action@v3.7.0 - with: - # list of Docker images to use as base name for tags - images: | - ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }} - # generate Docker tags based on the following events/attributes - tags: | - type=schedule - type=ref,event=branch - type=ref,event=pr - type=semver,pattern={{version}} - type=semver,pattern={{major}}.{{minor}} - type=semver,pattern={{major}} - type=sha + - name: Docker meta + id: meta + uses: docker/metadata-action@v3.7.0 + with: + # list of Docker images to use as base name for tags + images: | + ${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }} + # generate Docker tags based on the following events/attributes + tags: | + type=schedule + type=ref,event=branch + type=ref,event=pr + type=semver,pattern={{version}} + type=semver,pattern={{major}}.{{minor}} + type=semver,pattern={{major}} + type=sha - - name: Set up QEMU - id: qemu - uses: docker/setup-qemu-action@v1 - with: - image: tonistiigi/binfmt:latest - platforms: all + - name: Set up QEMU + id: qemu + uses: docker/setup-qemu-action@v1 + with: + image: tonistiigi/binfmt:latest + platforms: all - # Setup Docker Buildx to allow use of docker cache layers from GH - - name: Set up Docker Buildx - id: buildx - uses: docker/setup-buildx-action@v1 + # Setup Docker Buildx to allow use of docker cache layers from GH + - name: Set up Docker Buildx + id: buildx + uses: docker/setup-buildx-action@v1 - # Setup gcloud CLI - - name: Authenticate to Google Cloud - id: auth - uses: google-github-actions/auth@v0.7.0 - with: - workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' - service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' - token_format: 'access_token' + # Setup gcloud CLI + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v0.7.0 + with: + workload_identity_provider: 'projects/143793276228/locations/global/workloadIdentityPools/github-actions/providers/github-oidc' + service_account: 'github-service-account@zealous-zebra.iam.gserviceaccount.com' + token_format: 'access_token' - - name: Login to Google Artifact Registry - uses: docker/login-action@v1.14.1 - with: - registry: us-docker.pkg.dev - username: oauth2accesstoken - password: ${{ steps.auth.outputs.access_token }} + - name: Login to Google Artifact Registry + uses: docker/login-action@v1.14.1 + with: + registry: us-docker.pkg.dev + username: oauth2accesstoken + password: ${{ steps.auth.outputs.access_token }} - # Build and push image to Google Artifact Registry - - name: Build & push - id: docker_build - uses: docker/build-push-action@v2.10.0 - with: - target: builder - context: . - file: ./docker/zcash-params/Dockerfile - # TODO: building crates is taking too long with arm64 and it's timing out on GHA - # platforms: | - # linux/amd64 - # linux/arm64 + # Build and push image to Google Artifact Registry + - name: Build & push + id: docker_build + uses: docker/build-push-action@v2.10.0 + with: + target: builder + context: . + file: ./docker/zcash-params/Dockerfile + # TODO: building crates is taking too long with arm64 and it's timing out on GHA + # platforms: | + # linux/amd64 + # linux/arm64 - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} - build-args: | - SHORT_SHA=${{ env.GITHUB_SHA_SHORT }} - ZEBRA_SKIP_IPV6_TESTS="1" - SENTRY_DSN=${{ secrets.SENTRY_ENDPOINT }} - push: true - cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache - cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache,mode=max + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + build-args: | + SHORT_SHA=${{ env.GITHUB_SHA_SHORT }} + ZEBRA_SKIP_IPV6_TESTS="1" + SENTRY_DSN=${{ secrets.SENTRY_ENDPOINT }} + push: true + cache-from: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache + cache-to: type=registry,ref=${{ env.GAR_BASE }}/${{ env.IMAGE_NAME }}:buildcache,mode=max diff --git a/.github/workflows/zcashd-manual-deploy.yml b/.github/workflows/zcashd-manual-deploy.yml index e51eb7d00c6..ca9824c186e 100644 --- a/.github/workflows/zcashd-manual-deploy.yml +++ b/.github/workflows/zcashd-manual-deploy.yml @@ -4,9 +4,13 @@ on: workflow_dispatch: inputs: network: - default: 'Testnet' + default: 'Mainnet' + description: 'Network to deploy: Mainnet or Testnet' + required: true size: - default: 10 + default: '10' + description: 'GCP Managed Instance Group size' + required: true env: PROJECT_ID: zealous-zebra @@ -81,4 +85,4 @@ jobs: gcloud compute instance-groups managed rolling-action start-update \ "zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ github.event.inputs.network }}" \ --version template="zcashd-${{ env.GITHUB_REF_SLUG_URL }}-${{ env.GITHUB_SHA_SHORT }}" \ - --region "${{ env.REGION }}" \ No newline at end of file + --region "${{ env.REGION }}"