SCRATCH PR: wasm ci test, don't review #5886
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The primary point of this workflow is to ensure that the developer experience is good. | |
| # We take a very vanilla ubuntu image, install all necessary dependencies via "normal" means, | |
| # and then run the build and test steps as described in the README.md file. | |
| # The artifacts produced by these builds are not intended to be used for anything other than | |
| # ensuring that the developer experience is good. | |
| # Production artifacts are produced via nix builds (in another CI workflow). | |
| name: "dev.yml" | |
| on: | |
| pull_request: {} | |
| push: | |
| branches: | |
| - "main" | |
| tags: | |
| - "v*" | |
| merge_group: | |
| types: ["checks_requested"] | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| type: "boolean" | |
| description: "Run with tmate enabled" | |
| required: false | |
| default: false | |
| debug_justfile: | |
| type: "boolean" | |
| description: "enable to see debug statements from just recipes" | |
| required: false | |
| default: false | |
| skip_vlab_tests: | |
| type: "boolean" | |
| description: "Skip VLAB tests (they run by default)" | |
| required: false | |
| default: false | |
| run_hlab_tests: | |
| type: "boolean" | |
| description: "Run hybrid HLAB tests" | |
| required: false | |
| default: false | |
| enable_release_tests: | |
| type: "boolean" | |
| description: "Enable release tests for VLAB/HLAB tests" | |
| required: false | |
| default: false | |
| concurrency: | |
| group: "${{ github.workflow }}:${{ github.event.pull_request.number || github.event.after || github.event.merge_group && github.run_id }}" | |
| cancel-in-progress: true | |
| permissions: | |
| contents: "read" | |
| packages: "write" | |
| id-token: "write" | |
| jobs: | |
| check_changes: | |
| name: "Deduce required tests from code changes" | |
| permissions: | |
| contents: "read" | |
| pull-requests: "read" | |
| runs-on: "ubuntu-latest" | |
| outputs: | |
| devfiles: "${{ steps.changes.outputs.devfiles }}" | |
| steps: | |
| - name: "Checkout" | |
| if: "${{ !github.event.pull_request }}" | |
| uses: "actions/checkout@v6" | |
| with: | |
| persist-credentials: "false" | |
| fetch-depth: "0" | |
| - name: "Check code changes" | |
| uses: "dorny/paths-filter@v4" | |
| id: "changes" | |
| with: | |
| filters: | | |
| devfiles: | |
| - '!(README.md|LICENSE|NOTICE|.zed/**|.vscode/**|CLAUDE.md|.rules|development/**|testing.md|workspace-deps.svg|codebook.toml|.markdownlint.json|.gitattributes|.gitignore|.github/**)' | |
| - '.github/workflows/dev.yml' | |
| version: | |
| runs-on: lab | |
| permissions: | |
| contents: read | |
| outputs: | |
| version: "${{ steps.version-gen.outputs.version }}" | |
| ref: "${{ steps.version-gen.outputs.ref }}" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Generate temp artifacts version | |
| id: version-gen | |
| env: | |
| commit_sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: | | |
| echo "version=v0-${commit_sha::9}" >> "$GITHUB_OUTPUT" | |
| echo "ref=${commit_sha}" >> "$GITHUB_OUTPUT" | |
| build: | |
| if: >- | |
| ${{ | |
| needs.check_changes.outputs.devfiles == 'true' | |
| || startsWith(github.event.ref, 'refs/tags/v') | |
| || github.event_name == 'workflow_dispatch' | |
| }} | |
| name: "${{matrix.nix-target}}/${{matrix.build.name}}" | |
| continue-on-error: ${{ matrix.build.optional || false }} | |
| runs-on: lab | |
| needs: | |
| - check_changes | |
| - version | |
| permissions: | |
| checks: "write" | |
| pull-requests: "write" | |
| contents: "read" | |
| packages: "write" | |
| id-token: "write" | |
| env: | |
| USER: "runner" | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| nix-target: | |
| - tests.all | |
| - frr.dataplane | |
| - dataplane | |
| - validator | |
| build: | |
| - name: "debug" | |
| profile: "debug" | |
| sanitize: "" | |
| instrument: "none" | |
| - name: "release" | |
| profile: "release" | |
| sanitize: "" # TODO: enable cfi and safe-stack when possible | |
| instrument: "none" | |
| debug_justfile: | |
| - "${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }}" | |
| steps: | |
| - name: "login to ghcr.io" | |
| uses: "docker/login-action@v4" | |
| with: | |
| registry: ghcr.io | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - name: "Install nix" | |
| uses: cachix/install-nix-action@v31 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_path: nixpkgs=channel:nixpkgs-unstable | |
| - name: "Checkout" | |
| uses: "actions/checkout@v6" | |
| with: | |
| persist-credentials: "false" | |
| fetch-depth: "0" | |
| - uses: "cachix/cachix-action@v17" | |
| with: | |
| name: "hedgehog" | |
| # prettier-ignore | |
| signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' | |
| # prettier-ignore | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| # this step exists to avoid attributing the amount of time it takes to fetch the nix-shell dependencies to | |
| # whatever step happens to access the nix-shell first. | |
| - name: "setup nix shell" | |
| run: | | |
| nix-shell --run "echo nix shell env cached" | |
| - name: "login to image cache" | |
| run: | | |
| docker login -u "$REGISTRY_USERNAME" --password-stdin "$REGISTRY_URL" <<<"${REGISTRY_PASSWORD}" | |
| nix-shell --run "oras login -u \"$REGISTRY_USERNAME\" --password-stdin \"$REGISTRY_URL\" <<<\"${REGISTRY_PASSWORD}\"" | |
| - name: "run pre-flight checks" | |
| if: ${{ matrix.nix-target == 'tests.all' }} | |
| run: | | |
| nix-shell --run ' | |
| for features in "" "shuttle"; do | |
| just \ | |
| docker_sock=/run/docker/docker.sock \ | |
| debug_justfile=${{matrix.debug_justfile}} \ | |
| profile="${{matrix.build.profile}}" \ | |
| sanitize="${{matrix.build.sanitize}}" \ | |
| instrument="${{matrix.build.instrument}}" \ | |
| features="${features}" \ | |
| oci_repo="ghcr.io" \ | |
| pre-flight | |
| done | |
| ' | |
| - name: "push container" | |
| if: ${{ matrix.nix-target != 'tests.all' }} | |
| run: | | |
| nix-shell --run ' | |
| just \ | |
| debug_justfile=${{matrix.debug_justfile}} \ | |
| check-dependencies | |
| for v in "" "version=${{ needs.version.outputs.version }}-${{ matrix.build.profile }}"; do | |
| if [ "${{ matrix.nix-target }}" = "validator" ]; then | |
| platform="wasm32-wasip1" | |
| else | |
| platform="x86-64-v3" | |
| fi | |
| just \ | |
| docker_sock=/run/docker/docker.sock \ | |
| debug_justfile=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }} \ | |
| profile=${{ matrix.build.profile }} \ | |
| platform=${platform} \ | |
| sanitize=${{ matrix.build.sanitize }} \ | |
| instrument=${{ matrix.build.instrument }} \ | |
| oci_repo=ghcr.io \ | |
| $v \ | |
| push-container ${{ matrix.nix-target }} | |
| done | |
| ' | |
| - name: "Setup tmate session for debug" | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: "mxschmitt/action-tmate@v3" | |
| timeout-minutes: 60 | |
| with: | |
| limit-access-to-actor: true | |
| vlab: | |
| if: "${{ needs.check_changes.outputs.devfiles == 'true' || (startsWith(github.event.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/v')) && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}" | |
| needs: | |
| - check_changes | |
| - build | |
| - version | |
| name: "${{ matrix.hybrid && 'h' || 'v' }}-${{ matrix.upgradefrom && 'up' || '' }}${{ matrix.upgradefrom }}${{ matrix.upgradefrom && '-' || '' }}${{ matrix.mesh && 'mesh-' || '' }}${{ matrix.gateway && 'gw-' || '' }}${{ matrix.includeonie && 'onie-' || '' }}${{ matrix.buildmode }}-${{ matrix.vpcmode }}" | |
| uses: githedgehog/fabricator/.github/workflows/run-vlab.yaml@master | |
| with: | |
| # ci:+hlab is required to enable hybrid lab tests on PR | |
| # ci:+vlab is required to enable virtual lab tests on PR | |
| # ci:-upgrade disables upgrade tests on PR | |
| # hlab is disabled for main and merge_queue till we have gateway tests for it | |
| skip: >- | |
| ${{ | |
| github.event_name == 'pull_request' | |
| && ( | |
| matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+hlab') | |
| || !matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+vlab') | |
| || matrix.upgradefrom != '' && contains(github.event.pull_request.labels.*.name, 'ci:-upgrade') | |
| ) | |
| || github.event_name == 'workflow_dispatch' | |
| && ( | |
| matrix.hybrid && inputs.run_hlab_tests != true | |
| || !matrix.hybrid && inputs.skip_vlab_tests == true | |
| ) | |
| || (github.event_name == 'push' || github.event_name == 'merge_group') | |
| && matrix.hybrid | |
| }} | |
| fabricatorref: master | |
| prebuild: | | |
| just bump dataplane ${{ needs.version.outputs.version }}-release | |
| just bump frr ${{ needs.version.outputs.version }}-release | |
| fabricmode: ${{ matrix.fabricmode }} | |
| gateway: ${{ matrix.gateway }} | |
| includeonie: ${{ matrix.includeonie }} | |
| buildmode: ${{ matrix.buildmode }} | |
| vpcmode: ${{ matrix.vpcmode }} | |
| releasetest: ${{ contains(github.event.pull_request.labels.*.name, 'ci:+release') || inputs.enable_release_tests == true }} | |
| hybrid: ${{ matrix.hybrid }} | |
| upgradefrom: ${{ matrix.upgradefrom }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| fabricmode: | |
| - spine-leaf | |
| gateway: | |
| - true | |
| includeonie: | |
| - false | |
| buildmode: | |
| - iso | |
| vpcmode: | |
| - l2vni | |
| hybrid: | |
| - false | |
| upgradefrom: | |
| - "" | |
| include: | |
| # gateway l3vni | |
| - fabricmode: spine-leaf | |
| gateway: true | |
| includeonie: false | |
| buildmode: iso | |
| vpcmode: l3vni | |
| hybrid: false | |
| upgradefrom: "" | |
| # hlab gateway l2vni | |
| - fabricmode: spine-leaf | |
| gateway: true | |
| includeonie: false | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: true | |
| upgradefrom: "" | |
| summary: | |
| name: "Summary" | |
| runs-on: "ubuntu-latest" | |
| needs: | |
| - build | |
| - vlab | |
| # Run always, except when the "build" job was skipped. | |
| # | |
| # When the build job is skipped, summary will be marked as skipped, and | |
| # it's OK for CI (it's not a failure). | |
| # Why don't we do the same for build jobs? Because their names depend on | |
| # matrix values, and if we skip them the names won't be generated and | |
| # GitHub won't be able to find skipped jobs for required status checks. | |
| if: ${{ always() }} | |
| steps: | |
| - name: "Flag any build matrix failures" | |
| if: ${{ needs.build.result != 'success' && needs.build.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some build job(s) failed' | |
| exit 1 | |
| - name: "Flag any vlab matrix failures" | |
| if: ${{ needs.vlab.result != 'success' && needs.vlab.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some vlab job(s) failed' | |
| exit 1 | |
| publish: | |
| runs-on: lab | |
| if: startsWith(github.event.ref, 'refs/tags/v') && github.event_name == 'push' | |
| needs: | |
| - build | |
| - vlab | |
| permissions: | |
| packages: write | |
| contents: read | |
| env: | |
| USER: "runner" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: stable | |
| cache: true | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Install nix" | |
| uses: cachix/install-nix-action@v31 | |
| with: | |
| github_access_token: ${{ secrets.GITHUB_TOKEN }} | |
| nix_path: nixpkgs=channel:nixpkgs-unstable | |
| - uses: "cachix/cachix-action@v17" | |
| with: | |
| name: "hedgehog" | |
| # prettier-ignore | |
| signingKey: '${{ secrets.CACHIX_SIGNING_KEY }}' | |
| # prettier-ignore | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - name: "push containers" | |
| run: | | |
| nix-shell --run " | |
| just \ | |
| docker_sock=/run/docker/docker.sock \ | |
| oci_repo=ghcr.io \ | |
| version=${{ github.ref_name }} \ | |
| push | |
| " | |
| # Bump dataplane in the fabricator repository | |
| - name: Checkout fabricator repository | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: githedgehog/fabricator | |
| path: fab-repo | |
| persist-credentials: false | |
| - name: Bump dataplane+frr in fabricator | |
| working-directory: fab-repo | |
| run: | | |
| sed -i "s/^\tDataplaneVersion.*/\tDataplaneVersion=meta.Version(\"${{ github.ref_name }}\")/" pkg/fab/versions.go | |
| sed -i "s/^\tFRRVersion.*/\tFRRVersion=meta.Version(\"${{ github.ref_name }}\")/" pkg/fab/versions.go | |
| go fmt pkg/fab/versions.go | |
| - name: Generate token for the fabricator repository | |
| uses: actions/create-github-app-token@v3 | |
| id: fab-app-token | |
| with: | |
| app-id: ${{ secrets.FAB_APP_ID }} | |
| private-key: ${{ secrets.FAB_PRIVATE_KEY }} | |
| repositories: | | |
| fabricator | |
| - name: Create Pull Request for fabricator | |
| uses: peter-evans/create-pull-request@v8 | |
| id: fab-pr | |
| with: | |
| token: ${{ steps.fab-app-token.outputs.token }} | |
| path: fab-repo | |
| branch: pr/auto/dataplane-bump | |
| commit-message: | | |
| bump: dataplane/frr to ${{ github.ref_name }} | |
| This is an automated commit created by GitHub Actions workflow, | |
| in the dataplane repository. | |
| signoff: true | |
| title: "bump: dataplane/frr to ${{ github.ref_name }}" | |
| body: | | |
| This is an automated Pull Request created by GitHub Actions workflow, | |
| in the dataplane repository. |