diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7767eb1c5..8394411ac 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -1,24 +1,25 @@ name: Continuous Integration - on: push: branches: [main] pull_request: - types: [opened, synchronize, reopened] + branches: [main] + +permissions: + contents: read env: CARGO_TERM_COLOR: always RUST_BACKTRACE: full + RUSTFLAGS: "-D warnings" jobs: unit-tests: name: Unit tests runs-on: nscloud-ubuntu-22.04-amd64-16x32 timeout-minutes: 10 - env: - RUSTFLAGS: "-D warnings" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Install deps run: sudo apt-get install -y protobuf-compiler - name: Unit tests @@ -28,23 +29,23 @@ jobs: name: Integration tests runs-on: nscloud-ubuntu-22.04-amd64-16x32 timeout-minutes: 10 - env: - RUSTFLAGS: "-D warnings" - FIREHOSE_ETH_MAINNET_URL: ${{ secrets.FIREHOSE_ETH_MAINNET_URL }} - FIREHOSE_ETH_MAINNET_TOKEN: ${{ secrets.FIREHOSE_ETH_MAINNET_TOKEN }} - RPC_ETH_MAINNET_URL: ${{ secrets.RPC_ETH_MAINNET_URL }} steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Install deps run: sudo apt-get install -y protobuf-compiler - name: Copy firehose provider file run: | envsubst < tests/config/providers/COPY_ME_firehose_eth_mainnet.toml \ > tests/config/providers/firehose_eth_mainnet.toml + env: + FIREHOSE_ETH_MAINNET_URL: ${{ secrets.FIREHOSE_ETH_MAINNET_URL }} + FIREHOSE_ETH_MAINNET_TOKEN: ${{ secrets.FIREHOSE_ETH_MAINNET_TOKEN }} - name: Copy rpc provider file run: | envsubst < tests/config/providers/COPY_ME_rpc_eth_mainnet.toml \ > tests/config/providers/rpc_eth_mainnet.toml + env: + RPC_ETH_MAINNET_URL: ${{ secrets.RPC_ETH_MAINNET_URL }} - name: Integration tests run: cargo test --verbose -p tests -- --nocapture @@ -53,7 +54,7 @@ jobs: runs-on: namespace-profile-default timeout-minutes: 10 steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Check formatting run: cargo fmt --all -- --check @@ -61,11 +62,46 @@ jobs: name: Build in release mode runs-on: nscloud-ubuntu-22.04-amd64-16x32 timeout-minutes: 60 - env: - RUSTFLAGS: "-D warnings" steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - name: Install deps run: sudo apt-get install -y protobuf-compiler - name: Cargo check (release) run: cargo check --release + + coverage: + name: Coverage + runs-on: nscloud-ubuntu-22.04-amd64-8x16 + container: + # TODO: Can we lock this image to a specific sha? + image: xd009642/tarpaulin:develop-nightly + options: --security-opt seccomp=unconfined + steps: + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 + - name: Install deps + run: | + apt-get update + apt-get install -y protobuf-compiler cmake gettext + - name: Copy firehose provider file + run: | + envsubst < tests/config/providers/COPY_ME_firehose_eth_mainnet.toml \ + > tests/config/providers/firehose_eth_mainnet.toml + env: + FIREHOSE_ETH_MAINNET_URL: ${{ secrets.FIREHOSE_ETH_MAINNET_URL }} + FIREHOSE_ETH_MAINNET_TOKEN: ${{ secrets.FIREHOSE_ETH_MAINNET_TOKEN }} + - name: Copy rpc provider file + run: | + envsubst < tests/config/providers/COPY_ME_rpc_eth_mainnet.toml \ + > tests/config/providers/rpc_eth_mainnet.toml + env: + RPC_ETH_MAINNET_URL: ${{ secrets.RPC_ETH_MAINNET_URL }} + - name: Install cargo-llvm-cov + uses: taiki-e/install-action@305d37bb81325225cb9a77b3fcd7c23ff808afe1 # cargo-llvm-cov + - name: Generate code coverage + run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info + - name: Upload to codecov.io + uses: codecov/codecov-action@0565863a31f2c772f9f0395002a31e3f06189574 # v5 + with: + token: ${{ secrets.CODECOV_TOKEN }} + files: lcov.info + fail_ci_if_error: true diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml deleted file mode 100644 index 6567fe44f..000000000 --- a/.github/workflows/coverage.yml +++ /dev/null @@ -1,40 +0,0 @@ -name: coverage - -on: [push] -jobs: - test: - name: coverage - runs-on: nscloud-ubuntu-22.04-amd64-8x16 - container: - image: xd009642/tarpaulin:develop-nightly - options: --security-opt seccomp=unconfined - env: - RUSTFLAGS: "-D warnings" - FIREHOSE_ETH_MAINNET_URL: ${{ secrets.FIREHOSE_ETH_MAINNET_URL }} - FIREHOSE_ETH_MAINNET_TOKEN: ${{ secrets.FIREHOSE_ETH_MAINNET_TOKEN }} - RPC_ETH_MAINNET_URL: ${{ secrets.RPC_ETH_MAINNET_URL }} - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Install deps - run: | - apt-get update - apt-get install -y protobuf-compiler cmake gettext - - name: Copy firehose provider file - run: | - envsubst < tests/config/providers/COPY_ME_firehose_eth_mainnet.toml \ - > tests/config/providers/firehose_eth_mainnet.toml - - name: Copy rpc provider file - run: | - envsubst < tests/config/providers/COPY_ME_rpc_eth_mainnet.toml \ - > tests/config/providers/rpc_eth_mainnet.toml - - name: Install cargo-llvm-cov - uses: taiki-e/install-action@cargo-llvm-cov - - name: Generate code coverage - run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info - - name: Upload to codecov.io - uses: codecov/codecov-action@v5 - with: - token: ${{secrets.CODECOV_TOKEN}} - files: lcov.info - fail_ci_if_error: true diff --git a/.github/workflows/docker-image.yml b/.github/workflows/docker-image.yml index 0eef389b9..de637dbd5 100644 --- a/.github/workflows/docker-image.yml +++ b/.github/workflows/docker-image.yml @@ -1,39 +1,54 @@ name: Docker Image - on: workflow_dispatch: push: branches: ["main"] tags: ["v*"] +permissions: + contents: read + jobs: build: + name: Build and push runs-on: nscloud-ubuntu-22.04-amd64-32x32 + permissions: + contents: read + packages: write + attestations: write + id-token: write steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 - + - name: Login to GitHub Container Registry + uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3 - name: Docker meta - id: docker_meta uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5 + id: metadata with: images: ghcr.io/edgeandnode/nozzle tags: | type=ref,event=tag type=sha - - - name: login to GitHub Container Registry - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3 - with: - registry: ghcr.io - username: ${{ github.repository_owner }} - password: ${{ secrets.GITHUB_TOKEN }} - - - name: build and push Docker image + - name: Build and push Docker image uses: docker/build-push-action@471d1dc4e07e5cdedd4c2171150001c434f0b7a4 # v6 + id: push with: context: . - file: Dockerfile pull: true - push: ${{ github.event_name != 'pull_request' }} - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} + push: true + tags: ${{ steps.metadata.outputs.tags }} + labels: ${{ steps.metadata.outputs.labels }} + - name: Generate artifact attestation + uses: actions/attest-build-provenance@c074443f1aee8d4aeeae555aebba3282517141b2 # v2 + with: + subject-name: ghcr.io/${{ github.repository }} + subject-digest: ${{ steps.push.outputs.digest }} + push-to-registry: true