From 2c399425f9ce1deeb646877b9091365161550da5 Mon Sep 17 00:00:00 2001 From: Dmitri <4452412+demisx@users.noreply.github.com> Date: Mon, 12 Dec 2022 21:08:04 -0800 Subject: [PATCH] Add metadata and spec version CI checks (#681) # Goal The goal of this PR is to add metadata check with the following rules 1. The freshly built metadata on PR branch will be compared against the latest metadata from the main branch. 1. Assigns `metadata-mismatch` label if metadata doesn't match between 2 binaries 1. Removes `metadata-mismatch` label if metadata matches between 2 binaries and the label exists 1. Fail CI if encoded metadata is different and the `spec_version` value has not been incremented. Part of #624 --- .github/workflows/merge-pr.yml | 59 ---------- .github/workflows/verify-pr-commit.yml | 149 +++++++++++++++++++------ .vscode/settings.json | 4 +- runtime/624-delete-me.rs | 0 4 files changed, 119 insertions(+), 93 deletions(-) create mode 100644 runtime/624-delete-me.rs diff --git a/.github/workflows/merge-pr.yml b/.github/workflows/merge-pr.yml index 41e02661d0..d3c5f64c37 100644 --- a/.github/workflows/merge-pr.yml +++ b/.github/workflows/merge-pr.yml @@ -116,62 +116,3 @@ jobs: with: fail_ci_if_error: false # optional (default = false) verbose: true # optional (default = false) - - save-binary-and-encoded-metadata: - name: Save Binary and Encoded Metadata - runs-on: [self-hosted, Linux, X64] - env: - NETWORK: mainnet - steps: - - name: Set Env Vars - run: | - echo "HOME=/root" >> $GITHUB_ENV - echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV - echo "BUILT_BIN_FILENAME=frequency" >> $GITHUB_ENV - export SAVED_BIN_FILENAME=frequency-${{env.NETWORK}}-${{github.ref_name}}.amd64; echo "SAVED_BIN_FILENAME=$SAVED_BIN_FILENAME" >> $GITHUB_ENV - echo "SAVED_METADATA_FILENAME=$SAVED_BIN_FILENAME.encoded-metadata.txt" >> $GITHUB_ENV - - name: Check Out Repo - uses: actions/checkout@v3 - # # XXX Keep this step as it lets us skip full binary builds during development/testing - # - name: Cache Binary for Testing - # id: cache-binary - # uses: actions/cache@v3 - # with: - # path: ${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}} - # key: ${{runner.os}}-${{env.NETWORK}}-${{github.ref_name}} - - name: Save/Restore Dependencies from Cache - if: steps.cache-binary.outputs.cache-hit != 'true' - uses: Swatinem/rust-cache@v2 - with: - shared-key: ${{env.RUST_TOOLCHAIN}} - - name: Install Rust Toolchain - if: steps.cache-binary.outputs.cache-hit != 'true' - uses: actions-rs/toolchain@v1 - with: - default: true - profile: minimal - target: wasm32-unknown-unknown - toolchain: stable - - name: Compile Mainnet Binary - if: steps.cache-binary.outputs.cache-hit != 'true' - run: | - CARGO_INCREMENTAL=0 RUSTFLAGS="-D warnings" cargo build --locked --release \ - --features frequency - - name: Rename Binary - working-directory: ${{env.BIN_DIR}} - run: | - ls -la - cp -p ${{env.BUILT_BIN_FILENAME}} ${{env.SAVED_BIN_FILENAME}} - - name: Extract Encoded Metadata - working-directory: ${{env.BIN_DIR}} - run: | - ./${{env.BUILT_BIN_FILENAME}} export-metadata metadata.json - cat metadata.json | jq -r .result > ${{env.SAVED_METADATA_FILENAME}} - - name: Upload Binary with Metadata - uses: actions/upload-artifact@v3 - with: - if-no-files-found: error - name: binary-with-encoded-metadata-latest-main - path: | - ${{env.BIN_DIR}}/${{env.SAVED_BIN_FILENAME}} - ${{env.BIN_DIR}}/${{env.SAVED_METADATA_FILENAME}} diff --git a/.github/workflows/verify-pr-commit.yml b/.github/workflows/verify-pr-commit.yml index 707b795975..0f4ceea117 100644 --- a/.github/workflows/verify-pr-commit.yml +++ b/.github/workflows/verify-pr-commit.yml @@ -9,7 +9,6 @@ on: env: BUILD_PROFILE: release RUST_TOOLCHAIN: nightly-2022-09-22 # Update this when updating the Rust toolchain - jobs: changes: name: Determine Changed Files @@ -43,10 +42,18 @@ jobs: - '**/Cargo.toml' - '**/Cargo.lock' - build-binary: + build-binaries: needs: changes if: needs.changes.outputs.build-binary == 'true' - name: Compile Frequency Project + name: Build Binary on ${{matrix.branch_name}} Branch + strategy: + matrix: + git_branch: ["${{github.head_ref}}", main] + include: + - git_branch: ${{github.head_ref}} + branch_name: PR + - git_branch: main + branch_name: Main runs-on: [self-hosted, Linux, X64] env: NETWORK: mainnet @@ -54,17 +61,20 @@ jobs: - name: Set Env Vars run: | echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV - echo "BUILT_BIN_FILENAME=frequency" >> $GITHUB_ENV + export BUILT_BIN_FILENAME=frequency; echo "BUILT_BIN_FILENAME=$BUILT_BIN_FILENAME" >> $GITHUB_ENV + echo "REF_BIN_FILENAME=$BUILT_BIN_FILENAME-ref" >> $GITHUB_ENV echo "HOME=/root" >> $GITHUB_ENV - name: Check Out Repo uses: actions/checkout@v3 + with: + ref: ${{matrix.git_branch}} # # XXX Keep this step as it lets us skip full binary builds during development/testing # - name: Cache Binary for Testing # id: cache-binary # uses: actions/cache@v3 # with: # path: ${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}} - # key: ${{runner.os}}-${{env.NETWORK}}-${{github.ref_name}} + # key: ${{runner.os}}-${{env.NETWORK}}-${{github.head_ref}} - name: Install Rust Toolchain if: steps.cache-binary.outputs.cache-hit != 'true' uses: actions-rs/toolchain@v1 @@ -88,15 +98,15 @@ jobs: run: | file ${{env.BUILT_BIN_FILENAME}} && \ ./${{env.BUILT_BIN_FILENAME}} --version - - name: Archive Artifact - run: | - tar -cvf frequency-binary-${{env.NETWORK}}-${{github.sha}}.amd64.tar \ - ${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}} + - name: Rename Reference Binary + if: matrix.git_branch == 'main' + working-directory: ${{env.BIN_DIR}} + run: mv ${{env.BUILT_BIN_FILENAME}} ${{env.REF_BIN_FILENAME}} - name: Upload Artifact uses: actions/upload-artifact@v3 with: name: artifacts-${{github.run_id}} - path: frequency-binary-${{env.NETWORK}}-${{github.sha}}.amd64.tar + path: ${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}}* if-no-files-found: error check-for-vulnerable-crates: @@ -339,11 +349,13 @@ jobs: --root verify-js-api-augment: - needs: - - build-binary + needs: build-binaries name: Verify JS API Augment runs-on: ubuntu-20.04 steps: + - name: Set Env Vars + run: | + echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV - name: Check Out Repo uses: actions/checkout@v3 - name: Set up NodeJs @@ -358,17 +370,18 @@ jobs: - name: Lint run: npm run lint working-directory: js/api-augment - - name: Download Binary Artifacts - id: download + - name: Download Binary uses: actions/download-artifact@v3 with: name: artifacts-${{github.run_id}} - path: . - - name: Extract Binary + path: ${{env.BIN_DIR}} + - name: Set Binary Permissions + working-directory: ${{env.BIN_DIR}} run: | - tar -xvf frequency-binary-mainnet-${{github.sha}}.amd64.tar + set -x + chmod 755 frequency - name: Output Metadata - run: target/${{env.BUILD_PROFILE}}/frequency export-metadata ./js/api-augment/metadata.json + run: ${{env.BIN_DIR}}/frequency export-metadata ./js/api-augment/metadata.json - name: Build run: npm run build working-directory: js/api-augment @@ -380,10 +393,13 @@ jobs: working-directory: js/api-augment/dist verify-docker-images: - needs: build-binary + needs: build-binaries name: Verify Docker Images runs-on: ubuntu-20.04 steps: + - name: Set Env Vars + run: | + echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV - name: Check Out Repo uses: actions/checkout@v3 - name: Install Rust Toolchain @@ -396,16 +412,16 @@ jobs: uses: Swatinem/rust-cache@v2 with: shared-key: ${{env.RUST_TOOLCHAIN}} - - name: Download Binary Artifacts - id: download + - name: Download Binary uses: actions/download-artifact@v3 with: name: artifacts-${{github.run_id}} - path: . - - name: Extract Binary + path: ${{env.BIN_DIR}} + - name: Set Binary Permissions + working-directory: ${{env.BIN_DIR}} run: | - ls -la - tar -xvf frequency-binary-mainnet-${{github.sha}}.amd64.tar + set -x + chmod 755 frequency - name: Set up QEMU uses: docker/setup-qemu-action@v2 with: @@ -430,10 +446,13 @@ jobs: file: docker/${{env.IMAGE_NAME}}.dockerfile execute-binary-checks: - needs: build-binary + needs: build-binaries name: Execute Binary Checks runs-on: ubuntu-20.04 steps: + - name: Set Env Vars + run: | + echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV - name: Check Out Repo uses: actions/checkout@v3 - name: Install Rust Toolchain @@ -442,16 +461,80 @@ jobs: default: true profile: minimal toolchain: stable - - name: Download Binary Artifacts - id: download + - name: Download Binary uses: actions/download-artifact@v3 with: name: artifacts-${{github.run_id}} - path: . - - name: Extract Binary + path: ${{env.BIN_DIR}} + - name: Set Binary Permissions + working-directory: ${{env.BIN_DIR}} run: | - tar -xvf frequency-binary-mainnet-${{github.sha}}.amd64.tar + set -x + chmod 755 frequency - name: Output Binary Version + working-directory: ${{env.BIN_DIR}} run: | - file ./target/${{env.BUILD_PROFILE}}/frequency && \ - ./target/${{env.BUILD_PROFILE}}/frequency --version + file ./frequency && ./frequency --version + + check-metadata-and-spec-version: + needs: build-binaries + name: Check Metadata and Spec Version + runs-on: ubuntu-20.04 + env: + REF_TAG: latest # tag to obtain reference binary to test against + NETWORK: mainnet + GITHUB_PR_LABEL: metadata-mismatch + steps: + - name: Set Env Vars + run: | + echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV + export TEST_BIN_FILENAME=frequency; echo "TEST_BIN_FILENAME=$TEST_BIN_FILENAME" >> $GITHUB_ENV + echo "REF_BIN_FILENAME=$TEST_BIN_FILENAME-ref" >> $GITHUB_ENV + - name: Check Out Repo + uses: actions/checkout@v3 + with: + fetch-depth: 0 + - name: Download Test Binary + uses: actions/download-artifact@v3 + with: + name: artifacts-${{github.run_id}} + path: ${{env.BIN_DIR}} + - name: Set Binary Permissions + working-directory: ${{env.BIN_DIR}} + run: | + set -x + chmod 755 $TEST_BIN_FILENAME + chmod 755 $REF_BIN_FILENAME + - name: Compare Metadata + id: compare-metadata + working-directory: ${{env.BIN_DIR}} + run: | + ./$REF_BIN_FILENAME export-metadata metadata-ref.json + metadata_ref=$(cat metadata-ref.json | jq -r .result) + ./$TEST_BIN_FILENAME export-metadata metadata.json + metadata=$(cat metadata.json | jq -r .result) + match=$([[ $metadata == $metadata_ref ]] && echo 'true' || echo 'false') + echo "Metadata matches?: $match" + echo "metadata_match=$match" >> $GITHUB_OUTPUT + - name: Assign Metadata Mismatch Label + if: steps.compare-metadata.outputs.metadata_match != 'true' + uses: actions-ecosystem/action-add-labels@v1 + with: + labels: ${{env.GITHUB_PR_LABEL}} + - name: Check Spec Version + if: steps.compare-metadata.outputs.metadata_match != 'true' + working-directory: ${{env.BIN_DIR}} + run: | + set -x + spec_version_ref=$(./$REF_BIN_FILENAME export-runtime-version | jq -r .specVersion) + spec_version=$(./$TEST_BIN_FILENAME export-runtime-version | jq -r .specVersion) + [[ $spec_version -gt $spec_version_ref ]] || \ + (echo "ERROR: When metadata is updated, the new spec version \($spec_version\) \ + must be greater than the latest version on main \($spec_version_ref\)" && exit 10) + - name: Remove Metadata Mismatch Label + if: | + (steps.compare-metadata.outputs.metadata_match == 'true') && + contains(github.event.pull_request.labels.*.name, env.GITHUB_PR_LABEL) + uses: actions-ecosystem/action-remove-labels@v1 + with: + labels: ${{env.GITHUB_PR_LABEL}} diff --git a/.vscode/settings.json b/.vscode/settings.json index 19c5ebeefa..4c029f684c 100644 --- a/.vscode/settings.json +++ b/.vscode/settings.json @@ -8,6 +8,8 @@ } }, "cSpell.ignoreWords": [ - "Swatinem" + "Swatinem", + "jacogr", + "pkill" ] } diff --git a/runtime/624-delete-me.rs b/runtime/624-delete-me.rs new file mode 100644 index 0000000000..e69de29bb2