Skip to content

Commit

Permalink
Merge branch 'master' into chore/master-to-develop
Browse files Browse the repository at this point in the history
  • Loading branch information
kantai committed Jul 24, 2023
2 parents 143bf2b + d15a822 commit b13350e
Show file tree
Hide file tree
Showing 58 changed files with 2,059 additions and 1,474 deletions.
2 changes: 1 addition & 1 deletion .github/actions/bitcoin-int-tests/Dockerfile.bitcoin-tests
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM stacks-node:integrations AS test
FROM stacks-blockchain:integrations AS test

ARG test_name
ENV BITCOIND_TEST 1
Expand Down
23 changes: 23 additions & 0 deletions .github/actions/dockerfiles/Dockerfile.alpine-binary
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
FROM --platform=${TARGETPLATFORM} alpine as builder
# Use a small image to download and extract the release archive

ARG TAG
ARG BIN_ARCH
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG TARGETARCH
ARG TARGETVARIANT
ARG REPO=stacks-network/stacks-blockchain

RUN case ${TARGETARCH} in \
"amd64") BIN_ARCH=linux-musl-x64 ;; \
"arm64") BIN_ARCH=linux-musl-arm64 ;; \
"*") exit 1 ;; \
esac \
&& echo "wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip" \
&& wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip \
&& unzip ${BIN_ARCH}.zip -d /out

FROM --platform=${TARGETPLATFORM} alpine
COPY --from=builder /out/stacks-node /bin/
CMD ["stacks-node", "mainnet"]
23 changes: 23 additions & 0 deletions .github/actions/dockerfiles/Dockerfile.debian-binary
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
FROM --platform=${TARGETPLATFORM} alpine as builder
# Use a small image to download and extract the release archive

ARG TAG
ARG BIN_ARCH
ARG TARGETPLATFORM
ARG BUILDPLATFORM
ARG TARGETARCH
ARG TARGETVARIANT
ARG REPO=stacks-network/stacks-blockchain

RUN case ${TARGETARCH} in \
"amd64") BIN_ARCH=linux-musl-x64 ;; \
"arm64") BIN_ARCH=linux-musl-arm64 ;; \
"*") exit 1 ;; \
esac \
&& echo "wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip" \
&& wget -q https://github.com/${REPO}/releases/download/${TAG}/${BIN_ARCH}.zip -O /${BIN_ARCH}.zip \
&& unzip ${BIN_ARCH}.zip -d /out

FROM --platform=${TARGETPLATFORM} debian:bullseye
COPY --from=builder /out/stacks-node /bin/
CMD ["stacks-node", "mainnet"]
24 changes: 24 additions & 0 deletions .github/actions/dockerfiles/Dockerfile.debian-source
Original file line number Diff line number Diff line change
@@ -0,0 +1,24 @@
FROM rust:bullseye as build

ARG STACKS_NODE_VERSION="No Version Info"
ARG GIT_BRANCH='No Branch Info'
ARG GIT_COMMIT='No Commit Info'
ARG BUILD_DIR=/build
ARG TARGET=x86_64-unknown-linux-gnu
WORKDIR /src

COPY . .

RUN apt-get update && apt-get install -y git

# Run all the build steps in ramdisk in an attempt to speed things up
RUN --mount=type=tmpfs,target=${BUILD_DIR} cp -R /src/. ${BUILD_DIR}/ \
&& cd ${BUILD_DIR} \
&& rustup target add ${TARGET} \
&& cargo build --features monitoring_prom,slog_json --release --workspace --target ${TARGET} \
&& mkdir -p /out \
&& cp -R ${BUILD_DIR}/target/${TARGET}/release/. /out

FROM --platform=${TARGETPLATFORM} debian:bullseye
COPY --from=build /out/stacks-node /bin/
CMD ["stacks-node", "mainnet"]
2 changes: 1 addition & 1 deletion .github/actions/docsgen/Dockerfile.docsgen
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
FROM rust:stretch as build
FROM rust:bullseye as build

WORKDIR /src

Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/audit.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
##
## Performs an audit for crate advisories against cargo dependencies
##

name: Security Audit

# Only run when:
# - workflow is manually triggered
# - Cargo.toml/lock is changed
# - Daily at 0330 UTC
# Note: this will create issues for any crate advisories unless they already exist

on:
workflow_dispatch:
push:
paths:
- "**/Cargo.toml"
- "**/Cargo.lock"
schedule:
- cron: 30 03 * * *

jobs:
security_audit:
if: ${{ false }}
name: Crate Vulnerability Check
runs-on: ubuntu-latest
steps:
- name: Checkout the latest code
id: git_checkout
uses: actions/checkout@v3
- name: Rust Dependency Check
id: rust_dep_check
uses: actions-rs/audit-check@v1
with:
token: ${{ secrets.GITHUB_TOKEN }}
61 changes: 47 additions & 14 deletions .github/workflows/bitcoin-tests.yml
Original file line number Diff line number Diff line change
@@ -1,36 +1,53 @@
name: stacks-bitcoin-integration-tests
##
## Bitcoin Integration Tests
##

name: Bitcoin Integration Tests

# Only run when:
# - PRs are opened
# - PRs are (re)opened against master branch

on:
pull_request:
types:
- opened
- reopened

concurrency:
group: stacks-bitcoin-integration-tests-${{ github.ref }}
# Only cancel in progress if this is for a PR
cancel-in-progress: ${{ github.event_name == 'pull_request' }}

jobs:
# Create bitcoin image used for later tests
build-integration-image:
name: Build Image
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Checkout the latest code
id: git_checkout
uses: actions/checkout@v3
- name: Build bitcoin integration testing image
id: build_docker_image
env:
DOCKER_BUILDKIT: 1
# Remove .dockerignore file so codecov has access to git info
# Remove .dockerignore file so codecov has access to git info and build the image
run: |
rm .dockerignore
docker build -f ./.github/actions/bitcoin-int-tests/Dockerfile.generic.bitcoin-tests -t stacks-node:integrations .
docker build -f ./.github/actions/bitcoin-int-tests/Dockerfile.generic.bitcoin-tests -t stacks-blockchain:integrations .
- name: Export docker image as tarball
run: docker save -o integration-image.tar stacks-node:integrations
id: export_docker_image
run: docker save -o integration-image.tar stacks-blockchain:integrations
- name: Upload built docker image
uses: actions/upload-artifact@v2
id: upload_docker_image
uses: actions/upload-artifact@v3
with:
name: integration-image.tar
path: integration-image.tar

# Run integration tests using sampled genesis block
sampled-genesis:
name: Sampled Genesis
runs-on: ubuntu-latest
needs:
- build-integration-image
Expand Down Expand Up @@ -106,26 +123,35 @@ jobs:
- tests::epoch_24::fix_to_pox_contract
- tests::epoch_24::verify_auto_unlock_behavior
steps:
- uses: actions/checkout@v2
- name: Checkout the latest code
id: git_checkout
uses: actions/checkout@v3
- name: Download docker image
uses: actions/download-artifact@v2
id: download_docker_image
uses: actions/download-artifact@v3
with:
name: integration-image.tar
- name: Load docker image
id: load_docker_image
run: docker load -i integration-image.tar && rm integration-image.tar
- name: All integration tests with sampled genesis
id: bitcoin_integration_tests
timeout-minutes: 30
env:
DOCKER_BUILDKIT: 1
TEST_NAME: ${{ matrix.test-name }}
run: docker build -o coverage-output --build-arg test_name=${{ matrix.test-name }} -f ./.github/actions/bitcoin-int-tests/Dockerfile.bitcoin-tests .
- uses: codecov/codecov-action@v2
- name: Code Coverage
id: code_coverage
uses: codecov/codecov-action@v3
with:
files: ./coverage-output/lcov.info
name: ${{ matrix.test-name }}
fail_ci_if_error: false

# Run atlas integration tests
atlas-test:
if: ${{ true }}
name: Atlas Test
runs-on: ubuntu-latest
needs:
- build-integration-image
Expand All @@ -136,20 +162,27 @@ jobs:
- tests::neon_integrations::atlas_integration_test
- tests::neon_integrations::atlas_stress_integration_test
steps:
- uses: actions/checkout@v2
- name: Checkout the latest code
id: git_checkout
uses: actions/checkout@v3
- name: Download docker image
uses: actions/download-artifact@v2
id: download_docker_image
uses: actions/download-artifact@v3
with:
name: integration-image.tar
- name: Load docker image
id: load_docker_image
run: docker load -i integration-image.tar && rm integration-image.tar
- name: Atlas integration tests
id: atlas_integration_tests
timeout-minutes: 40
env:
DOCKER_BUILDKIT: 1
TEST_NAME: ${{ matrix.test-name }}
run: docker build -o coverage-output --build-arg test_name=${{ matrix.test-name }} -f ./.github/actions/bitcoin-int-tests/Dockerfile.bitcoin-tests .
- uses: codecov/codecov-action@v2
- name: Code Coverage
id: code_coverage
uses: codecov/codecov-action@v3
with:
files: ./coverage-output/lcov.info
name: ${{ matrix.test-name }}
Expand Down
65 changes: 65 additions & 0 deletions .github/workflows/build-source-binary.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
##
## Builds binary assets of stacks-blockchain and creates a named tag github (draft) release
##

name: Build Distributable Assets

# Only run when:
# - manually triggered via the ci.yml workflow with a provided input tag

on:
workflow_call:
inputs:
tag:
description: "Tag name of this release (x.y.z)"
required: true
type: string
parallel_jobs:
description: "Number of parallel binary builds"
required: false
type: number
default: 4
arch:
description: "Stringified JSON object listing of platform matrix"
required: true
type: string

jobs:
artifact:
if: ${{ inputs.tag != '' }}
name: Create Artifacts
runs-on: ubuntu-latest
strategy:
max-parallel: ${{ inputs.parallel_jobs }}
matrix:
platform: ${{ fromJson(inputs.arch) }}
steps:
- name: Checkout the latest code
id: git_checkout
uses: actions/checkout@v3
- name: Set Vars
id: set_vars
run: |
echo "GITHUB_SHA_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV
echo "GITHUB_REF_SHORT=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
- name: Set up Docker Buildx
id: setup_buildx
uses: docker/setup-buildx-action@v2
- name: Build Binaries
id: build_binaries
uses: docker/build-push-action@v3
with:
file: build-scripts/Dockerfile.${{ matrix.platform }}
outputs: type=local,dest=./release/${{ matrix.platform }}
build-args: |
OS_ARCH=${{ matrix.platform }}
GIT_BRANCH=${{ env.GITHUB_REF_SHORT }}
GIT_COMMIT=${{ env.GITHUB_SHA_SHORT }}
- name: Compress artifact
id: compress_artifact
run: zip --junk-paths ${{ matrix.platform }} ./release/${{ matrix.platform }}/*
- name: Upload artifact
id: upload_artifact
uses: actions/upload-artifact@v3
with:
path: ${{ matrix.platform }}.zip
Loading

0 comments on commit b13350e

Please sign in to comment.