This repository has been archived by the owner on Aug 22, 2024. It is now read-only.
Update ci.yml #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
## Only run when: | |
## - manually triggered | |
## - PR's are (re)opened | |
## - push to master (i.e. merge develop -> master) | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
workflow_dispatch: | |
inputs: | |
tag: | |
description: "The tag to create (optional)" | |
required: false | |
concurrency: | |
group: ${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
## rust format: Execute on every run | |
rustfmt: | |
name: Rust Format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout the latest code | |
id: git_checkout | |
uses: actions/checkout@v3 | |
- name: Define Rust Toolchain | |
id: define_rust_toolchain | |
run: echo "RUST_TOOLCHAIN=$(cat ./rust-toolchain)" >> $GITHUB_ENV | |
- name: Setup Rust Toolchain | |
id: setup_rust_toolchain | |
uses: actions-rust-lang/setup-rust-toolchain@v1 | |
with: | |
toolchain: ${{ env.RUST_TOOLCHAIN }} | |
components: rustfmt | |
- name: Rustfmt | |
id: rustfmt | |
uses: actions-rust-lang/rustfmt@v1 | |
## Release tests: Execute on every run | |
release-tests: | |
name: Release Tests | |
uses: stacks-network/stacks-blockchain/.github/workflows/stacks-blockchain-tests.yml@master | |
## Checked for leaked credentials: Execute on every run | |
leaked-cred-test: | |
name: Leaked Credential Test | |
runs-on: ubuntu-latest | |
steps: | |
- name: Extract branch name | |
id: extract_branch | |
if: ${{ github.event_name != 'pull_request' }} | |
run: echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV | |
- name: Extract branch name | |
id: extract_branch_pr | |
if: ${{ github.event_name == 'pull_request' }} | |
run: echo "BRANCH_NAME=$(echo ${GITHUB_HEAD_REF})" >> $GITHUB_ENV | |
- name: Branch name | |
run: echo running on branch ${{ env.BRANCH_NAME }} | |
- name: Checkout the latest code | |
id: git_checkout | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: TruffleHog Scan | |
id: trufflehog_check | |
uses: trufflesecurity/trufflehog@main | |
with: | |
path: ./ | |
base: ${{ env.BRANCH_NAME }} | |
head: HEAD | |
## Mutants testing | |
incremental-mutants: | |
runs-on: ubuntu-latest | |
if: github.event_name == 'pull_request' | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
- name: specific runs | |
- run: cargo install cargo-mutants | |
- name: Mutants | |
run: | | |
cargo mutants --package clarity --output mutants/clarity | |
cargo mutants --package libsigner --output mutants/libsigner | |
############################################### | |
## Build Tagged Release | |
############################################### | |
## Build source binaries | |
## Only run if: | |
## - Tag is provided | |
## - OR | |
## - Not the default branch | |
## - AND | |
## - Not a PR | |
build-source: | |
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }} | |
name: Build Binaries | |
uses: stacks-network/stacks-blockchain/.github/workflows/build-source-binary.yml@master | |
needs: | |
- rustfmt | |
- release-tests | |
- leaked-cred-test | |
with: | |
tag: ${{ inputs.tag }} | |
parallel_jobs: 4 | |
arch: >- | |
["linux-glibc-x64", "linux-musl-x64", "linux-glibc-arm64", "linux-musl-arm64", "macos-x64", "macos-arm64", "windows-x64"] | |
## Create github release with binary archives | |
## Only run if: | |
## - Tag is provided | |
## - OR | |
## - Not the default branch | |
## - AND | |
## - Not a PR | |
github-release: | |
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }} | |
name: Github Release | |
uses: stacks-network/stacks-blockchain/.github/workflows/github-release.yml@master | |
needs: build-source | |
with: | |
tag: ${{ inputs.tag }} | |
arch: >- | |
["linux-glibc-x64", "linux-musl-x64", "linux-glibc-arm64", "linux-musl-arm64", "macos-x64", "macos-arm64", "windows-x64"] | |
secrets: | |
GH_TOKEN: ${{ secrets.GH_TOKEN }} | |
## Create docker alpine images | |
## Only run if: | |
## - Tag is provided | |
## - OR | |
## - Not the default branch | |
## - AND | |
## - Not a PR | |
docker-alpine: | |
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }} | |
name: Docker Alpine (Binary) | |
uses: stacks-network/stacks-blockchain/.github/workflows/image-build-alpine-binary.yml@master | |
needs: github-release | |
with: | |
tag: ${{ inputs.tag }} | |
docker_platforms: linux/arm64, linux/amd64, linux/amd64/v2, linux/amd64/v3 | |
secrets: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} | |
## Create docker debian images | |
## Only run if: | |
## - Tag is provided | |
## - OR | |
## - Not the default branch | |
## - AND | |
## - Not a PR | |
docker-debian: | |
if: ${{ inputs.tag != '' || (github.ref != format('refs/heads/{0}', github.event.repository.default_branch) && !contains(github.ref, 'refs/pull')) }} | |
name: Docker Debian (Binary) | |
uses: stacks-network/stacks-blockchain/.github/workflows/image-build-debian-binary.yml@master | |
needs: github-release | |
with: | |
tag: ${{ inputs.tag }} | |
docker_platforms: linux/amd64, linux/amd64/v2, linux/amd64/v3 | |
linux_version: debian | |
build_type: binary | |
secrets: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} | |
############################################### | |
## Build Branch/PR | |
############################################### | |
## Create docker debian images | |
## Only run if: | |
## - Tag is *not* provided | |
build-branch: | |
if: ${{ inputs.tag == '' }} | |
name: Docker Debian (Source) | |
uses: stacks-network/stacks-blockchain/.github/workflows/image-build-debian-source.yml@master | |
needs: | |
- rustfmt | |
- leaked-cred-test | |
with: | |
docker_platforms: linux/amd64 | |
linux_version: debian | |
build_type: source | |
secrets: | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} |