runtime: Add conditional SGX attestation parsing for rofl.Register txs #3297
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: This name appears in GitHub's Checks API and in workflow's status badge. | |
name: ci-test | |
# Trigger the workflow when: | |
on: | |
# A push occurs to one of the matched branches. | |
push: | |
branches: | |
- main | |
paths-ignore: # Do not trigger if _only_ these files were changed. | |
- .punch_version.py | |
- .changelog/*.md | |
- CHANGELOG.md | |
# Or when a pull request event occurs for a pull request against one of the | |
# matched branches. | |
pull_request: | |
branches: | |
- main | |
paths-ignore: # Do not trigger if _only_ these files were changed. | |
- .punch_version.py | |
- .changelog/*.md | |
- CHANGELOG.md | |
# Cancel in-progress jobs on same branch. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
build-go: | |
runs-on: ubuntu-20.04 | |
services: | |
# Generic postgres server; used only for testing our DB client lib. Not used by nexus. | |
postgres: | |
image: postgres:13 | |
env: | |
POSTGRES_HOST: 127.0.0.1 | |
POSTGRES_PORT: 5432 | |
POSTGRES_DB: postgres | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgres | |
ports: | |
- 5432:5432 | |
env: | |
CI_TEST_CONN_STRING: "postgresql://postgres:[email protected]:5432/postgres?sslmode=disable" | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.23.x | |
- name: Install Go tools | |
run: go install github.com/deepmap/oapi-codegen/cmd/[email protected] | |
- name: Build Go | |
run: | | |
make nexus | |
make test-ci | |
- name: Ensure dependencies are tidied up | |
# NOTE: This should run _after_ the build step, so that oapi-codegen has already run | |
# and generated the Go code that points to some of the dependencies. | |
run: | | |
go mod tidy -v -x -compat=1.23 # goreleaser does the same; can find lingering issues | |
echo TIDY RESULTS START; git diff || true; echo TIDY RESULTS END | |
- name: Upload to codecov.io | |
uses: codecov/[email protected] | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
file: ./coverage.txt | |
validate-openapi: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Install dependencies | |
run: | | |
VERSION=v4.30.5 | |
wget https://github.com/mikefarah/yq/releases/download/${VERSION}/yq_linux_amd64 -q -O ./yq | |
chmod +x ./yq | |
VERSION=0.9.9 | |
wget https://github.com/daveshanley/vacuum/releases/download/v${VERSION}/vacuum_${VERSION}_linux_x86_64.tar.gz -q -O- | tar -xzv | |
- name: Normalize YAML | |
run: | | |
# OpenAPI parser fails to parse YAML templates (*, <<:). Expand them out here. | |
<api/spec/v1.yaml ./yq --output-format json | ./yq --output-format yaml --input-format json >api/spec/v1-normalized.yaml | |
- name: Validate OpenAPI definition | |
run: | | |
./vacuum lint --ruleset .vacuum.yaml --details --snippets --errors api/spec/v1-normalized.yaml | |
validate-migrations: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Validate storage migrations are serial | |
run: scripts/validate_migrations.py --migrations storage/migrations | |
test-e2e-localnet: | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.23.x | |
- name: Autogenerate Go code | |
run: | | |
go install github.com/deepmap/oapi-codegen/cmd/[email protected] | |
make codegen-go | |
- name: Build docker | |
run: make docker | |
- name: Start docker | |
run: make start-docker-e2e | |
- name: Confirm containers | |
run: docker ps -a | |
- name: Test | |
run: docker exec nexus sh -c "cd /nexus && make test-e2e" | |
- name: Dump logs and DB contents | |
run: | | |
docker logs nexus | tee /tmp/nexus.log; | |
docker logs nexus-postgres | tee /tmp/nexus-postgres.log; | |
docker logs oasis-net-runner | tee /tmp/oasis-net-runner.log; | |
docker exec nexus-postgres pg_dump -U indexer --create | tee /tmp/nexus_db.sql; | |
if: success() || failure() # but not if job is manually cancelled | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: nexus_db.sql | |
path: | | |
/tmp/nexus_db.sql | |
/tmp/*.log | |
if: success() || failure() # but not if job is manually cancelled | |
test-e2e-regression: | |
strategy: | |
matrix: | |
suite: | |
- damask | |
- eden | |
- edenfast | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: 1.23.x | |
- name: Autogenerate Go code | |
run: | | |
go install github.com/deepmap/oapi-codegen/cmd/[email protected] | |
make codegen-go | |
- name: Build Go | |
run: | | |
make nexus | |
- name: Start db | |
run: | | |
make postgres | |
- name: Block access to Sourcify | |
# Sourcify should not need to be available in CI; we run everything from caches. | |
# Enforce unavailability to keep tests confidently reproducible, and to catch | |
# any bugs that might cause CI to accidentally use Sourcify. | |
run: | | |
sudo bash -c 'echo 0.0.0.0 sourcify.dev | tee -a /etc/hosts' | |
- name: Run e2e regression tests | |
run : | | |
make E2E_REGRESSION_SUITES=${{ matrix.suite }} test-e2e-regression | |
- uses: actions/upload-artifact@v3 | |
with: | |
name: Actual nexus api responses | |
path: | | |
tests/e2e_regression/${{ matrix.suite }}/actual | |
if: failure() # but not if success or job is manually cancelled |