Skip to content

[CDN] Rate limiting - DDoS protection #5227

[CDN] Rate limiting - DDoS protection

[CDN] Rate limiting - DDoS protection #5227

name: Build and Test
on:
push:
branches:
- "develop"
- "main"
pull_request:
schedule:
- cron: "0 0 * * 1"
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ (github.ref == 'refs/heads/main' && github.run_number) || github.ref }}
cancel-in-progress: true
jobs:
test:
strategy:
matrix:
test_suites:
- test-ci-1
- test-ci-2
- test-ci-3
- test-ci-4
- test-ci-5
- test-ci-rest
fail-fast: false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
name: Checkout Repository
- name: Install Rust
uses: mkroening/rust-toolchain-toml@main
- uses: Swatinem/rust-cache@v2
name: Enable Rust Caching
with:
shared-key: "test"
cache-on-failure: "true"
save-if: ${{ github.ref == 'refs/heads/main' && matrix.test_suites == 'test-ci-rest' }}
- uses: taiki-e/install-action@just
- uses: taiki-e/install-action@nextest
- name: Unit and integration tests for all crates in workspace
run: |
just ${{ matrix.test_suites }}
timeout-minutes: 60
env:
RUST_BACKTRACE: full
test-examples:
strategy:
fail-fast: false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
name: Checkout Repository
- name: Install Rust
uses: mkroening/rust-toolchain-toml@main
- uses: Swatinem/rust-cache@v2
name: Enable Rust Caching
with:
shared-key: "examples"
cache-on-failure: "true"
save-if: ${{ github.ref == 'refs/heads/main' }}
- uses: taiki-e/install-action@just
- name: Test examples
run: |
just example all-push-cdn -- --config_file ./crates/orchestrator/run-config.toml
timeout-minutes: 20
build-release:
strategy:
fail-fast: false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
name: Checkout Repository
- name: Install Rust
uses: mkroening/rust-toolchain-toml@main
- uses: Swatinem/rust-cache@v2
name: Enable Rust Caching
with:
shared-key: "build-release"
cache-on-failure: "true"
save-if: ${{ github.ref == 'refs/heads/main' }}
- uses: taiki-e/install-action@just
- name: Build examples in release mode
run: just build_release --examples --package hotshot-examples --no-default-features
- name: Upload Binaries
uses: actions/upload-artifact@v4
with:
name: binaries-amd64
path: |
target/release/examples/counter
target/release/examples/multi-validator-libp2p
target/release/examples/validator-libp2p
target/release/examples/validator-combined
target/release/examples/validator-push-cdn
target/release/examples/orchestrator
target/release/examples/cdn-broker
target/release/examples/cdn-marshal
build-arm-release:
strategy:
fail-fast: false
runs-on: buildjet-4vcpu-ubuntu-2204-arm
if: ${{ github.ref == 'refs/heads/main' }}
container: ghcr.io/espressosystems/devops-rust:stable
steps:
- uses: actions/checkout@v4
name: Checkout Repository
- uses: Swatinem/rust-cache@v2
name: Enable Rust Caching
with:
shared-key: "build-arm-release"
cache-on-failure: "true"
save-if: ${{ github.ref == 'refs/heads/main' }}
- name: Build examples in release mode
run: just build_release --examples --package hotshot-examples --no-default-features
- name: Upload Binaries
uses: actions/upload-artifact@v4
with:
name: binaries-aarch64
path: |
target/release/examples/counter
target/release/examples/multi-validator-libp2p
target/release/examples/validator-libp2p
target/release/examples/validator-combined
target/release/examples/validator-push-cdn
target/release/examples/orchestrator
target/release/examples/cdn-broker
target/release/examples/cdn-marshal
build-dockers:
strategy:
fail-fast: false
runs-on: ubuntu-latest
if: ${{ github.ref == 'refs/heads/main' }}
needs: [build-release, build-arm-release, test]
steps:
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup Docker BuildKit (buildx)
uses: docker/setup-buildx-action@v3
- name: Login to Github Container Repo
uses: docker/login-action@v3
if: github.event_name != 'pull_request'
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Download AMD executables
uses: actions/download-artifact@v4
with:
name: binaries-amd64
path: target/amd64/release/examples
- name: Download ARM executables
uses: actions/download-artifact@v4
with:
name: binaries-aarch64
path: target/arm64/release/examples
- name: Generate validator-libp2p docker metadata
uses: docker/metadata-action@v5
id: validator-libp2p
with:
images: ghcr.io/espressosystems/hotshot/validator-libp2p
- name: Generate validator-combined docker metadata
uses: docker/metadata-action@v5
id: validator-combined
with:
images: ghcr.io/espressosystems/hotshot/validator-combined
- name: Generate validator-push-cdn docker metadata
uses: docker/metadata-action@v5
id: validator-push-cdn
with:
images: ghcr.io/espressosystems/hotshot/validator-push-cdn
- name: Generate orchestrator docker metadata
uses: docker/metadata-action@v5
id: orchestrator
with:
images: ghcr.io/espressosystems/hotshot/orchestrator
- name: Generate cdn-broker docker metadata
uses: docker/metadata-action@v5
id: cdn-broker
with:
images: ghcr.io/espressosystems/hotshot/cdn-broker
- name: Generate cdn-marshal docker metadata
uses: docker/metadata-action@v5
id: cdn-marshal
with:
images: ghcr.io/espressosystems/hotshot/cdn-marshal
- name: Build and push validator-libp2p docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/validator-libp2p.Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.validator-libp2p.outputs.tags }}
labels: ${{ steps.validator-libp2p.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push validator-combined docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/validator-combined.Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.validator-combined.outputs.tags }}
labels: ${{ steps.validator-combined.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push validator-push-cdn docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/validator-cdn.Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.validator-push-cdn.outputs.tags }}
labels: ${{ steps.validator-push-cdn.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push orchestrator docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/orchestrator.Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.orchestrator.outputs.tags }}
labels: ${{ steps.orchestrator.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push cdn-broker docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/cdn-broker.Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.cdn-broker.outputs.tags }}
labels: ${{ steps.cdn-broker.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Build and push cdn-marshal docker
uses: docker/build-push-action@v6
with:
context: ./
file: ./docker/cdn-marshal.Dockerfile
platforms: linux/amd64,linux/arm64
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.cdn-marshal.outputs.tags }}
labels: ${{ steps.cdn-marshal.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max