-
Notifications
You must be signed in to change notification settings - Fork 17
140 lines (117 loc) · 4.43 KB
/
build_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Cargo Build & Test
on:
push:
branches:
pull_request:
env:
CARGO_TERM_COLOR: always
SCCACHE_GHA_ENABLED: true
RUSTC_WRAPPER: sccache
SCCACHE_CACHE_SIZE: "1G"
SOLANA_VERSION: '1.18.8'
jobs:
build_and_test:
name: Router full build
runs-on: ubuntu-latest
steps:
- name: Install Linux Packages
run: |
sudo apt-get update -y
sudo apt-get install libssl-dev openssl -y
- name: Checkout
uses: actions/checkout@v4
# The toolchain action should definitely be run before the cache action
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
cache: true
# avoid the default "-D warnings" which thrashes cache
rustflags: ""
- name: Run sccache-cache
uses: mozilla-actions/[email protected]
# https://github.com/actions/cache/blob/main/examples.md#rust---cargo
# https://blog.arriven.wtf/posts/rust-ci-cache/
- uses: Swatinem/rust-cache@v2
with:
# will be covered by sscache
cache-targets: false
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Install Solana
run: |
sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_VERSION }}/install)"
echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
export PATH="/home/runner/.local/share/solana/install/active_release/bin:$PATH"
solana --version
echo "Generating keypair..."
solana-keygen new -o "$HOME/.config/solana/id.json" --no-passphrase --silent
echo Installing sbf toolchain...
(cd /home/runner/.local/share/solana/install/active_release/bin/sdk/sbf/scripts; ./install.sh)
- name: Build All Targets
run: cargo build --locked --workspace --all-targets
- name: Test autobahn-router
run: cargo test --locked --workspace --package autobahn-router --bin autobahn-router
- name: Build sbf programs
run: cargo build-sbf
- name: Test Executor
run: cargo test-sbf --package autobahn-executor
coverage:
name: Coverage
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
# The toolchain action should definitely be run before the cache action
- uses: actions-rust-lang/setup-rust-toolchain@v1
with:
cache: true
# avoid the default "-D warnings" which thrashes cache
rustflags: ""
- name: Run sccache-cache
uses: mozilla-actions/[email protected]
# https://github.com/actions/cache/blob/main/examples.md#rust---cargo
# https://blog.arriven.wtf/posts/rust-ci-cache/
- uses: Swatinem/rust-cache@v2
with:
# will be covered by sscache
cache-targets: false
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Install Solana
run: |
sh -c "$(curl -sSfL https://release.solana.com/v${{ env.SOLANA_VERSION }}/install)"
echo "$HOME/.local/share/solana/install/active_release/bin" >> $GITHUB_PATH
export PATH="/home/runner/.local/share/solana/install/active_release/bin:$PATH"
solana --version
echo "Generating keypair..."
solana-keygen new -o "$HOME/.config/solana/id.json" --no-passphrase --silent
- name: Install cargo-llvm-cov
uses: taiki-e/install-action@cargo-llvm-cov
- name: Build all deps
run: |
cargo build-sbf --verbose
- name: Generate code coverage
run: cargo llvm-cov --package autobahn-executor --lcov --output-path lcov.info -- --nocapture
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
files: lcov.info
verbose: true
fail_ci_if_error: false
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
sca:
name: Dependency Scan
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
# Fail the job on critical vulnerabilities with fix available
- name: Fail on critical vulnerabilities
uses: aquasecurity/trivy-action@master
with:
scan-type: 'fs'
scan-ref: 'Cargo.lock'
ignore-unfixed: true
hide-progress: true
format: 'table'
severity: 'CRITICAL'
exit-code: '1'