Skip to content

Commit

Permalink
Merge remote-tracking branch 'origin' into franzstefan/CRP-2599-vetkd…
Browse files Browse the repository at this point in the history 
…protocol-impl-tests
  • Loading branch information
@fspreiss
fspreiss committed Jan 31, 2025
2 parents 7aaf67e + cde7071 commit 91d73d0
Show file tree
Hide file tree
Showing 98 changed files with 11,608 additions and 1,852 deletions.
1 change: 1 addition & 0 deletions .github/CODEOWNERS
View file
Original file line number Diff line number Diff line change
Expand Up @@ -250,6 +250,7 @@ go_deps.bzl @dfinity/idx
/rs/tests/execution/ @dfinity/execution
/rs/tests/financial_integrations/ @dfinity/finint
/rs/tests/message_routing/ @dfinity/ic-message-routing-owners
/rs/tests/nested/ @dfinity/node
/rs/tests/networking/ @dfinity/consensus
/rs/tests/nns/ @dfinity/nns-team
/rs/tests/node/ @dfinity/node
Expand Down
16 changes: 12 additions & 4 deletions .github/actions/bazel-test-all/action.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ inputs:
default: '--output_base=/var/tmp/bazel-output/'
BUILDEVENT_APIKEY:
required: false
SSH_PRIVATE_KEY:
SSH_PRIVATE_KEY_BACKUP_POD:
required: false
GPG_PASSPHRASE:
required: false

runs:
Expand All @@ -30,9 +32,9 @@ runs:
run: |
set +e # manual error handling to ensure we can run some post-build commands
if [ -n "$SSH_PRIVATE_KEY" ]; then
if [ -n "$SSH_PRIVATE_KEY_BACKUP_POD" ]; then
# The following adds the SSH private key to the ssh-agent such that CI can SSH into the backup pod.
test -z "${SSH_AUTH_SOCK:-}" && { eval "$(ssh-agent -s)"; ssh-add - <<< "${SSH_PRIVATE_KEY}"; }
test -z "${SSH_AUTH_SOCK:-}" && { eval "$(ssh-agent -s)"; ssh-add - <<< "${SSH_PRIVATE_KEY_BACKUP_POD}"; }
rm -rf ~/.ssh
mkdir -p ~/.ssh
chmod 0700 ~/.ssh
Expand Down Expand Up @@ -60,6 +62,11 @@ runs:
rm "$exportout"
echo "BEP events exported to honeycomb!"
fi
if [ -n "$GPG_PASSPHRASE" ] && [ -f ./bazel-bep.pb ]; then
gpg --symmetric --cipher-algo AES256 -o bazel-bep.pb.gpg \
--passphrase "$GPG_PASSPHRASE" --batch --yes bazel-bep.pb
fi
rm -f bazel-bep.pb
# output node name to gihub step summary
[ -n "${NODE_NAME:-}" ] && echo "Run on node: $NODE_NAME" >>$GITHUB_STEP_SUMMARY
Expand All @@ -77,4 +84,5 @@ runs:
CI_JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
CI_PULL_REQUEST_TARGET_BRANCH_NAME: ${{ github.event.pull_request.base.ref }}
MERGE_BASE_SHA: ${{ github.event.pull_request.base.sha }}
SSH_PRIVATE_KEY: ${{ inputs.SSH_PRIVATE_KEY }}
SSH_PRIVATE_KEY_BACKUP_POD: ${{ inputs.SSH_PRIVATE_KEY_BACKUP_POD }}
GPG_PASSPHRASE: ${{ inputs.GPG_PASSPHRASE }}
23 changes: 17 additions & 6 deletions .github/workflows-source/ci-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand All @@ -97,7 +97,7 @@ jobs:
group: ln1
labels: dind-large
env:
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }}
CLOUD_CREDENTIALS_CONTENT: ${{ secrets.CLOUD_CREDENTIALS_CONTENT }}
# Only run ci/bazel-scripts/diff.sh on PRs that are not labeled with "CI_ALL_BAZEL_TARGETS".
OVERRIDE_DIDC_CHECK: ${{ contains(github.event.pull_request.labels.*.name, 'CI_OVERRIDE_DIDC_CHECK') }}
CI_OVERRIDE_BUF_BREAKING: ${{ contains(github.event.pull_request.labels.*.name, 'CI_OVERRIDE_BUF_BREAKING') }}
Expand Down Expand Up @@ -152,7 +152,9 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
# check if PR title contains release and set timeout filters accordingly
BAZEL_EXTRA_ARGS: ${{ env.BAZEL_EXTRA_ARGS }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
- <<: *bazel-upload

bazel-build-all-config-check:
Expand All @@ -169,6 +171,8 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_CI_CONFIG: "--config=check --config=ci --keep_going"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-test-macos-intel:
name: Bazel Test macOS Intel
Expand All @@ -193,18 +197,21 @@ jobs:
id: bazel-test-darwin-x86-64
uses: ./.github/actions/bazel-test-all/
env:
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }}
CLOUD_CREDENTIALS_CONTENT: ${{ secrets.CLOUD_CREDENTIALS_CONTENT }}
with:
BAZEL_CI_CONFIG: "--config=ci --config macos_ci"
BAZEL_COMMAND: test
BAZEL_EXTRA_ARGS: '--test_tag_filters=test_macos'
BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output/${{ github.run_id }}"
BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output/"
BAZEL_TARGETS: "//rs/... //publish/binaries/..."
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
- name: Purge Bazel Output
if: always()
shell: bash
run: |
sudo rm -rf /private/var/tmp/bazel-output
# Clean up the output base for the next run
sudo rm -rf /var/tmp/bazel-output
bazel-build-fuzzers:
name: Bazel Build Fuzzers
Expand All @@ -218,6 +225,8 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=fuzzing --build_tag_filters=libfuzzer"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-build-fuzzers-afl:
name: Bazel Build Fuzzers AFL
Expand All @@ -231,6 +240,8 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=afl"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

python-ci-tests:
name: Python CI Tests
Expand Down
22 changes: 17 additions & 5 deletions .github/workflows-source/release-testing.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand All @@ -81,7 +81,9 @@ jobs:
BAZEL_TARGETS: "//rs/tests/..."
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_nightly"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-system-test-staging:
name: Bazel System Test Staging
Expand All @@ -97,7 +99,9 @@ jobs:
BAZEL_TARGETS: "//rs/tests/..."
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_staging"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-system-test-hotfix:
name: Bazel System Test Hotfix
Expand All @@ -114,7 +118,9 @@ jobs:
BAZEL_TARGETS: "//rs/tests/..."
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_hotfix"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

dependency-scan-release-cut:
name: Dependency Scan for Release
Expand Down Expand Up @@ -186,4 +192,10 @@ jobs:
BAZEL_TARGETS: "//rs/tests/dre:guest_os_qualification"
BAZEL_CI_CONFIG: "--config=systest --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_timeout=7200 --test_env=OLD_VERSION=${{ matrix.version }}"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
name: Upload bazel bep for version ${{ matrix.version }}
with:
<<: *bazel-bep-with
name: ${{ github.job }}-${{ matrix.version }}-bep
18 changes: 12 additions & 6 deletions .github/workflows-source/schedule-daily.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand Down Expand Up @@ -116,8 +116,10 @@ jobs:
BAZEL_TARGETS: "//rs/ledger_suite/..."
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=fi_tests_nightly --test_env=SSH_AUTH_SOCK --test_timeout=43200"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
SSH_PRIVATE_KEY_BACKUP_POD: ${{ secrets.SSH_PRIVATE_KEY_BACKUP_POD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

nns-tests-nightly:
name: Bazel Test NNS Nightly
Expand All @@ -134,8 +136,10 @@ jobs:
BAZEL_TARGETS: "//rs/nns/..."
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=nns_tests_nightly --test_env=SSH_AUTH_SOCK --test_env=NNS_CANISTER_UPGRADE_SEQUENCE=all"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
SSH_PRIVATE_KEY_BACKUP_POD: ${{ secrets.SSH_PRIVATE_KEY_BACKUP_POD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

system-tests-benchmarks-nightly:
name: Bazel System Test Benchmarks
Expand All @@ -158,7 +162,9 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
# note: there's just one performance cluster, so the job can't be parallelized
BAZEL_EXTRA_ARGS: "--test_tag_filters=system_test_benchmark --//bazel:enable_upload_perf_systest_results=True --keep_going --jobs 1"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
- name: Post Slack Notification
uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
if: failure()
Expand Down
10 changes: 7 additions & 3 deletions .github/workflows-source/schedule-hourly.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand All @@ -61,11 +61,13 @@ jobs:
- name: Run Bazel Build All No Cache
uses: ./.github/actions/bazel-test-all/
env:
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }}
CLOUD_CREDENTIALS_CONTENT: ${{ secrets.CLOUD_CREDENTIALS_CONTENT }}
with:
BAZEL_CI_CONFIG: "--config=ci"
BAZEL_COMMAND: "build"
BAZEL_EXTRA_ARGS: "--repository_cache= --disk_cache= --noremote_accept_cached --remote_instance_name=${CI_COMMIT_SHA} --@rules_rust//rust/settings:pipelined_compilation=True"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-system-test-hourly:
name: Bazel System Tests Hourly
Expand All @@ -84,7 +86,9 @@ jobs:
BAZEL_TARGETS: "//rs/..."
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_hourly"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-run-fuzzers-hourly:
name: Bazel Run Fuzzers Hourly
Expand Down
81 changes: 76 additions & 5 deletions .github/workflows/ci-main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ jobs:
group: ln1
labels: dind-large
env:
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }}
CLOUD_CREDENTIALS_CONTENT: ${{ secrets.CLOUD_CREDENTIALS_CONTENT }}
# Only run ci/bazel-scripts/diff.sh on PRs that are not labeled with "CI_ALL_BAZEL_TARGETS".
OVERRIDE_DIDC_CHECK: ${{ contains(github.event.pull_request.labels.*.name, 'CI_OVERRIDE_DIDC_CHECK') }}
CI_OVERRIDE_BUF_BREAKING: ${{ contains(github.event.pull_request.labels.*.name, 'CI_OVERRIDE_BUF_BREAKING') }}
Expand Down Expand Up @@ -100,7 +100,21 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
# check if PR title contains release and set timeout filters accordingly
BAZEL_EXTRA_ARGS: ${{ env.BAZEL_EXTRA_ARGS }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
- name: Upload bazel-targets
uses: actions/upload-artifact@v4
with:
Expand Down Expand Up @@ -136,6 +150,20 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_CI_CONFIG: "--config=check --config=ci --keep_going"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
bazel-test-macos-intel:
name: Bazel Test macOS Intel
timeout-minutes: 130
Expand All @@ -161,18 +189,33 @@ jobs:
id: bazel-test-darwin-x86-64
uses: ./.github/actions/bazel-test-all/
env:
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }}
CLOUD_CREDENTIALS_CONTENT: ${{ secrets.CLOUD_CREDENTIALS_CONTENT }}
with:
BAZEL_CI_CONFIG: "--config=ci --config macos_ci"
BAZEL_COMMAND: test
BAZEL_EXTRA_ARGS: '--test_tag_filters=test_macos'
BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output/${{ github.run_id }}"
BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output/"
BAZEL_TARGETS: "//rs/... //publish/binaries/..."
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
- name: Purge Bazel Output
if: always()
shell: bash
run: |
sudo rm -rf /private/var/tmp/bazel-output
# Clean up the output base for the next run
sudo rm -rf /var/tmp/bazel-output
bazel-build-fuzzers:
name: Bazel Build Fuzzers
runs-on:
Expand All @@ -194,6 +237,20 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=fuzzing --build_tag_filters=libfuzzer"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
bazel-build-fuzzers-afl:
name: Bazel Build Fuzzers AFL
runs-on:
Expand All @@ -215,6 +272,20 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=afl"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
python-ci-tests:
name: Python CI Tests
runs-on:
Expand Down
Loading

0 comments on commit 91d73d0

Please sign in to comment.