forked from project-oak/oak
-
Notifications
You must be signed in to change notification settings - Fork 0
151 lines (133 loc) · 5.36 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
name: Continuous Integration
on:
push:
branches: [main]
pull_request:
branches: [main]
# See https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
xtask:
runs-on: ubuntu-20.04
timeout-minutes: 120
# We use the same job template, but parametrize the actual command to be passed to the xtask
# binary using the matrix strategy, so that we get the commands running in parallel.
strategy:
fail-fast: false
matrix:
cmd:
# Do not add `run-ci` to these commands. We parse them for `xtask run-ci`.
- check-format
- run-cargo-deny
- run-cargo-udeps
- build-oak-functions-server-variants
- run-cargo-tests
# TODO(#2538): Re-enable when bazel tests run on the main Docker image.
# - run-bazel-tests
- run-oak-functions-examples --application-variant=rust
- run-cargo-fuzz --build-deps -- -max_total_time=2
- completion
- run-cargo-clippy
steps:
- name: Checkout branch
uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Print disk space
run: |
df --human-readable
- name: Docker pull
timeout-minutes: 10
run: |
./scripts/docker_pull
df --human-readable
# Store various common Rust folders to speed up future runs.
#
# The main cache key includes the combined hash of all Cargo.lock files in the repository, but
# falls back on a more generic prefix if an exact match is not found, so that there is at
# least some chance that some of the artifacts will be found there.
#
# We specify the `./cargo-cache` folder (as per `/scripts/docker_run`), as well as various
# `target` folders. This can probably be improved in a variety of ways over time.
#
# See https://doc.rust-lang.org/nightly/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci
- name: Cache Rust artifacts
uses: actions/cache@v2
env:
# Increment this value to invalidate previous cache entries.
CACHE_VERSION: 3
with:
path: |
./cargo-cache/bin
./cargo-cache/registry/index
./cargo-cache/registry/cache
./cargo-cache/git/db
./sccache-cache
./target
key: |
cargo-cache-${{ env.CACHE_VERSION }}-${{ matrix.cmd }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
cargo-cache-${{ env.CACHE_VERSION }}-${{ matrix.cmd }}-
cargo-cache-${{ env.CACHE_VERSION }}-
- name: Run command
run: |
./scripts/docker_run ./scripts/xtask --commands --scope=all ${{ matrix.cmd }}
df --human-readable
- name: Generate root CA certs
run: ./scripts/docker_run ./scripts/generate_root_ca_certs
# Ensure that the previous steps did not modify our source-code and that
# relevant build artifacts are ignored by git.
- name: Git check diff
run: ./scripts/docker_run ./scripts/git_check_diff
android-runner:
runs-on: ubuntu-20.04
strategy:
fail-fast: false
steps:
- name: Checkout branch
uses: actions/checkout@v2
# Copied from https://github.com/jens-maus/RaspberryMatic/blob/ea6b8ce0dd2d53ea88b2766ba8d7f8e1d667281f/.github/workflows/ci.yml#L34-L40
# and https://github.com/actions/virtual-environments/issues/709#issuecomment-612569242
- name: Free disk space
run: |
df --human-readable
sudo apt clean
docker rmi $(docker image ls --all --quiet)
rm --recursive --force "$AGENT_TOOLSDIRECTORY"
df --human-readable
# Build Docker image based for Android SDK.
- name: Android Docker build
timeout-minutes: 30
run: |
docker pull gcr.io/oak-ci/oak-android:latest
docker build --pull --cache-from=gcr.io/oak-ci/oak-android:latest --tag=gcr.io/oak-ci/oak-android:latest --file=android.Dockerfile --build-arg=USER_UID="$DOCKER_UID" --build-arg=USER_GID="$DOCKER_GID" .
# Build Android-based examples.
- name: Build Android Hello-World
run:
docker run --volume=$PWD:/workspace --workdir=/workspace
gcr.io/oak-ci/oak-android:latest ./scripts/build_examples_android
cargo-crev-verify:
runs-on: ubuntu-20.04
steps:
- name: Checkout branch
uses: actions/checkout@v2
# Copied from https://github.com/jens-maus/RaspberryMatic/blob/ea6b8ce0dd2d53ea88b2766ba8d7f8e1d667281f/.github/workflows/ci.yml#L34-L40
# and https://github.com/actions/virtual-environments/issues/709#issuecomment-612569242
- name: Free disk space
run: |
df --human-readable
sudo apt clean
docker rmi $(docker image ls --all --quiet)
rm --recursive --force "$AGENT_TOOLSDIRECTORY"
df --human-readable
- name: Docker pull
timeout-minutes: 10
run: |
./scripts/docker_pull
df --human-readable
- name: Cargo crev verification
run: |
./scripts/docker_run ./scripts/run_cargo_crev
df --human-readable