Operator attestation policy #39002
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Integration tests | |
on: | |
# Use the following to explicitly start this workflow. | |
# packages/deployment/scripts/start-github-integration-test.sh <BRANCH-OR-TAG> | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
- 'release-*' | |
- 'dev-*' | |
- beta | |
tags: | |
- '@agoric/sdk@*' | |
pull_request: | |
types: | |
- opened | |
- reopened | |
- synchronize | |
- converted_to_draft | |
- ready_for_review | |
- labeled | |
- unlabeled | |
- auto_merge_enabled | |
- auto_merge_disabled | |
merge_group: | |
schedule: | |
- cron: '17 6 * * *' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
pre_check: | |
uses: ./.github/workflows/pre-check-integration.yml | |
# This job is meant to emulate what developers working with the Agoric | |
# platform will experience. | |
# It should be kept in sync with the "getting started" workflow at | |
# https://docs.agoric.com/guides/getting-started/ | |
getting-started: | |
needs: pre_check | |
if: needs.pre_check.outputs.should_run == 'true' | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
cli: [link-cli/yarn, registry/yarn, registry/npm, registry/npx] | |
timeout-minutes: 40 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Reconfigure git to use HTTP authentication | |
run: git config --global url."https://github.com/".insteadOf ssh://[email protected]/ | |
shell: bash | |
# Prerequisites | |
- uses: ./.github/actions/restore-node | |
with: | |
node-version: 18.18 | |
keep-endo: 'true' | |
# Select a branch of the | |
# [default dapp repository](https://github.com/Agoric/dapp-offer-up) (cf. | |
# packages/agoric-cli/src/main.js) against which to test, defaulting to | |
# 'main' but allowing overrides in the pull request description using | |
# lines like `#getting-started-branch: zoe-release-0.7.0` | |
- name: Get the appropriate dapp branch | |
id: get-branch | |
uses: actions/github-script@v7 | |
with: | |
result-encoding: string | |
script: | | |
let branch = 'main'; | |
if (context.payload.pull_request) { | |
const { body } = context.payload.pull_request; | |
const regex = /^\#getting-started-branch:\s+(\S+)/m; | |
const result = regex.exec(body); | |
if (result) { | |
branch = result[1]; | |
} | |
} | |
console.log('getting-started dapp branch: ' + branch); | |
return branch; | |
- name: Start local NPM registry | |
if: ${{ startsWith(matrix.cli, 'registry') }} | |
run: | | |
set -xe | |
git reset --hard HEAD | |
git clean -f | |
git config user.email "[email protected]" | |
REGISTRY_PUBLISH_WORKSPACES="$HOME/endo" | |
timeout 900 scripts/registry.sh bg-publish ${{ matrix.cli }} | |
- name: run agoric-cli integration-test | |
# These integration tests can be flaky so retry automatically | |
uses: nick-fields/retry@v3 | |
with: | |
# This step usually takes <4 minutes (after 6m setup). The | |
# deployment-test running in parallel takes 35 minutes so 20 minutes | |
# won't increase the time for this workflow to complete. | |
timeout_minutes: 20 | |
command: scripts/registry.sh test ${{ matrix.cli }} ${{steps.get-branch.outputs.result}} | |
on_retry_command: rm -f $HOME/bin/agoric | |
- name: notify on failure | |
if: > | |
failure() && github.event_name != 'pull_request' && | |
github.repository_owner == 'agoric' | |
uses: ./.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} | |
deployment-test: | |
needs: pre_check | |
if: needs.pre_check.outputs.should_run == 'true' | |
runs-on: ubuntu-22.04 # jammy (LTS) | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: 'true' | |
path: ./agoric-sdk | |
- run: sudo packages/deployment/scripts/install-deps.sh | |
working-directory: ./agoric-sdk | |
- uses: ./agoric-sdk/.github/actions/restore-golang | |
with: | |
go-version: '1.20' | |
path: ./agoric-sdk | |
- uses: ./agoric-sdk/.github/actions/restore-node | |
with: | |
# XXX loadgen not compatible with 18.19 https://github.com/Agoric/agoric-sdk/pull/8365#issuecomment-1848003597 | |
node-version: 18.18 | |
path: ./agoric-sdk | |
# Forces xsnap to initialize all memory to random data, which increases | |
# the chances the content of snapshots may deviate between validators | |
xsnap-random-init: '1' | |
# Select a branch of the | |
# [load generator dapp repository](https://github.com/Agoric/testnet-load-generator) | |
# to use, defaulting to 'main' but allowing overrides in the pull request | |
# description using lines like `#loadgen-branch: ceelab` | |
- name: Get the appropriate loadgen branch | |
id: get-loadgen-branch | |
uses: actions/github-script@v7 | |
with: | |
result-encoding: string | |
script: | | |
let branch = 'main'; | |
if (context.payload.pull_request) { | |
const { body } = context.payload.pull_request; | |
const regex = /^\#loadgen-branch:\s+(\S+)/m; | |
const result = regex.exec(body); | |
if (result) { | |
branch = result[1]; | |
} | |
} | |
console.log('loadgen branch: ' + branch); | |
return branch; | |
- name: Check out loadgen | |
uses: actions/checkout@v4 | |
with: | |
repository: Agoric/testnet-load-generator | |
path: ./testnet-load-generator | |
ref: ${{steps.get-loadgen-branch.outputs.result}} | |
- name: Build cosmic-swingset dependencies | |
working-directory: ./agoric-sdk | |
run: | | |
set -e | |
cd packages/cosmic-swingset | |
make install | |
- name: Make networks directory | |
run: | | |
set -e | |
mkdir networks | |
- name: Run integration test | |
working-directory: ./networks | |
run: | | |
set -xe | |
DOCKER_VOLUMES="$PWD/../agoric-sdk:/usr/src/agoric-sdk" \ | |
LOADGEN=1 \ | |
../agoric-sdk/packages/deployment/scripts/integration-test.sh | |
timeout-minutes: 90 | |
env: | |
NETWORK_NAME: chaintest | |
- name: capture results | |
if: always() | |
working-directory: ./networks | |
run: | | |
NOW=$(date -u +%Y%m%dT%H%M%S) | |
echo "NOW=$NOW" >> "$GITHUB_ENV" | |
# Stop the chain from running. | |
../agoric-sdk/packages/deployment/scripts/setup.sh play stop || true | |
# Get the results. | |
../agoric-sdk/packages/deployment/scripts/capture-integration-results.sh "${{ job.status == 'failure' }}" | |
# Tear down the nodes. | |
echo yes | ../agoric-sdk/packages/deployment/scripts/setup.sh destroy || true | |
env: | |
NETWORK_NAME: chaintest | |
- uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: deployment-test-results-${{ env.NOW }} | |
path: ./networks/chaintest/results | |
- name: notify on failure | |
if: failure() && github.event_name != 'pull_request' | |
uses: ./agoric-sdk/.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} | |
test-docker-build: | |
needs: pre_check | |
if: needs.pre_check.outputs.should_run == 'true' | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- name: update job environment | |
run: | | |
if [ ":$HOME" = : ]; then | |
# Keep the first two path components, e.g. /home/runner. | |
HOME="(pwd | sed -E 's#^(/[^/]+/[^/]+).*#\1#')" | |
echo "HOME=$HOME" >> "$GITHUB_ENV" | |
fi | |
echo "SLOGFILE=$HOME/test.slog" >> "$GITHUB_ENV" | |
- name: free up disk space | |
run: | | |
# Workaround to provide additional free space for testing. | |
# https://github.com/actions/runner-images/issues/2840#issuecomment-790492173 | |
# If this turns out not to be enough, maybe look instead at | |
# https://github.com/actions/runner-images/issues/2840#issuecomment-1540506686 | |
df -h | |
sudo rm -rf /usr/share/dotnet | |
sudo rm -rf /opt/ghc | |
sudo rm -rf "/usr/local/share/boost" | |
sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
echo "=== After cleanup:" | |
df -h | |
- uses: actions/checkout@v4 | |
- name: docker build (sdk) | |
# Produces ghcr.io/agoric/agoric-sdk:unreleased used in the following upgrade test. | |
# run: cd packages/deployment && ./scripts/test-docker-build.sh | $TEST_COLLECT | |
# XXX skip TAP test output and collection for now; it hides the output from the logs | |
run: make docker-build-sdk | |
working-directory: packages/deployment | |
- uses: ./.github/actions/restore-node | |
with: | |
node-version: '18.x' | |
# Rebuilding the SDK image with resolved endo packages is not currently supported | |
# and since we can't build core eval submissions from the SDK using a newer endo, | |
# simply ignore any endo branch integration (this means we don't have full coverage) | |
ignore-endo-branch: 'true' | |
id: restore-node | |
- name: setup a3p-integration | |
run: yarn install | |
working-directory: a3p-integration | |
- name: verify SDK image didn't change | |
# In the future when we can rebuild the SDK image with resolved endo packages, it would | |
# be expected that the SDK image previously built has changed | |
if: steps.restore-node.outputs.endo-branch == 'NOPE' | |
run: | | |
original=$(docker inspect --format "{{.ID}}" ghcr.io/agoric/agoric-sdk:unreleased) | |
yarn build:sdk | |
new=$(docker inspect --format "{{.ID}}" ghcr.io/agoric/agoric-sdk:unreleased) | |
if [ "$original" != "$new" ]; then | |
echo "New SDK docker image ($new) changed after restore-node (original $original)" 1>&2 | |
exit 1 | |
fi | |
working-directory: a3p-integration | |
- name: build proposals tests | |
run: yarn build | |
working-directory: a3p-integration | |
- name: run proposals tests | |
run: yarn test | |
working-directory: a3p-integration | |
- name: copy a3p-integration | |
if: (success() || failure()) | |
run: | | |
dir='/tmp/export/a3p-integration' | |
rm -rf "$dir" | |
scripts/ci/export-a3p.sh a3p-integration "$dir" | |
# Artifacts can be found at the bottom of `Summary` page of | |
# `Integration tests` workflow once the workflow is completed. | |
# Ref: https://github.com/actions/upload-artifact?tab=readme-ov-file#where-does-the-upload-go | |
- name: archive a3p-integration | |
if: (success() || failure()) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: a3p-integration | |
path: /tmp/export/a3p-integration | |
- name: archive slogfile | |
if: (success() || failure()) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: slogfile | |
path: ${{ env.SLOGFILE }} | |
retention-days: 10 | |
- name: notify on failure | |
if: failure() && github.event_name != 'pull_request' | |
uses: ./.github/actions/notify-status | |
with: | |
webhook: ${{ secrets.SLACK_WEBHOOK_URL }} | |
from: ${{ secrets.NOTIFY_EMAIL_FROM }} | |
to: ${{ secrets.NOTIFY_EMAIL_TO }} | |
password: ${{ secrets.NOTIFY_EMAIL_PASSWORD }} | |
- uses: ./.github/actions/post-test | |
if: (success() || failure()) | |
continue-on-error: true | |
timeout-minutes: 4 | |
with: | |
datadog-token: ${{ secrets.DATADOG_API_KEY }} | |
test-multichain-e2e: | |
needs: pre_check | |
if: needs.pre_check.outputs.should_run == 'true' | |
uses: ./.github/workflows/multichain-e2e.yml | |
finalize-integration-result: | |
needs: | |
- pre_check | |
- getting-started | |
- deployment-test | |
- test-docker-build | |
- test-multichain-e2e | |
if: >- | |
always() && | |
needs.pre_check.result == 'success' && | |
needs.getting-started.result != 'cancelled' && | |
needs.deployment-test.result != 'cancelled' && | |
needs.test-docker-build.result != 'cancelled' && | |
( | |
needs.pre_check.outputs.should_run == 'true' || | |
needs.pre_check.outputs.previous_success == 'true' | |
) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Final integration-test-result | |
if: always() | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const previousSuccess = ${{ needs.pre_check.outputs.previous_success }}; | |
const gettingStartedTestSuccess = "${{ needs.getting-started.result }}" === "success"; | |
const deploymentTestSuccess = "${{ needs.deployment-test.result }}" === "success"; | |
const testDockerBuildSuccess = "${{ needs.test-docker-build.result }}" === "success"; | |
const conclusion = previousSuccess || (gettingStartedTestSuccess && deploymentTestSuccess && testDockerBuildSuccess) ? | |
'success' : 'failure'; | |
console.log(`Finishing with ${conclusion}`) | |
if (conclusion === 'failure') { | |
core.setFailed('Integration tests failed') | |
} |