Skip to content

Harden ledger state invariance: move LCL header, HAS and Soroban config to read-only BucketList snapshot #6501

Harden ledger state invariance: move LCL header, HAS and Soroban config to read-only BucketList snapshot

Harden ledger state invariance: move LCL header, HAS and Soroban config to read-only BucketList snapshot #6501

Workflow file for this run

name: CI
on:
pull_request:
merge_group:
push:
branches:
- master
- prod
- testnet
- acceptance-test-pass
jobs:
complete:
if: always()
needs: [fmt, cargo-deny, rust-check-git-rev-deps, build]
runs-on: ubuntu-22.04
steps:
- if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')
run: exit 1
fmt:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- run: rustup component add rustfmt
- run: rustup update
- run: cargo fmt --all --check
cargo-deny:
runs-on: ubuntu-22.04
strategy:
matrix:
checks:
- advisories
- bans licenses sources
# Prevent sudden announcement of a new advisory from failing ci:
continue-on-error: ${{ matrix.checks == 'advisories' }}
steps:
- uses: actions/checkout@v3
- uses: EmbarkStudios/cargo-deny-action@b01e7a8cfb1f496c52d77361e84c1840d8246393
with:
command: check ${{ matrix.checks }}
# leave arguments empty so we don't test --all-features
# which will see conflicting env versions
arguments:
rust-check-git-rev-deps:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v3
- uses: stellar/actions/rust-check-git-rev-deps@main
build:
runs-on: ubuntu-22.04
env:
CACHED_PATHS: |
~/.ccache
~/.cargo
target
strategy:
fail-fast: false
matrix:
toolchain: [ "gcc", "clang"]
protocol: ["current", "next"]
scenario: ["", "--check-test-tx-meta"]
steps:
- name: Fix kernel mmap rnd bits
# Asan in llvm provided in ubuntu 22.04 is incompatible with
# high-entropy ASLR in much newer kernels that GitHub runners are
# using leading to random crashes: https://reviews.llvm.org/D148280
run: sudo sysctl vm.mmap_rnd_bits=28
# We start with as cheap as possible a cache probe to see if we have an exact hit on this
# git commit ID (for a given OS/toolchain/protocol). If so we can skip all subsequent
# steps: we already tested this exact SHA.
#
# Unfortunately due to the way github actions control flow works, we have to repeat the
# step 'if' condition in each step, and cannot actually "exit early" and skip the job.
# There are a lot of duplicate bug reports filed on this aspect of github actions, don't
# bother filing another.
- name: Probe Cache
id: cache
uses: actions/cache/[email protected]
with:
path: ${{ env.CACHED_PATHS }}
key: ${{ runner.os }}-${{ matrix.toolchain }}-${{ matrix.protocol }}-${{ github.sha }}
lookup-only: true
# When we have a cache miss on the exact commit SHA, we restore from the prefix without it.
# This will restore the most-recently-written cache (github does this date ordering itself).
- name: Restore Cache
if: steps.cache.outputs.cache-hit != 'true'
uses: actions/cache/[email protected]
with:
path: ${{ env.CACHED_PATHS }}
key: ${{ steps.cache.outputs.cache-primary-key }}
restore-keys: |
${{ runner.os }}-${{ matrix.toolchain }}-${{ matrix.protocol }}
- uses: actions/[email protected]
if: steps.cache.outputs.cache-hit != 'true'
with:
fetch-depth: 200
submodules: true
- name: install core packages
if: steps.cache.outputs.cache-hit != 'true'
run: |
sudo apt-get update
sudo apt-get -y install --no-install-recommends apt-utils dialog git iproute2 procps lsb-release
- name: install tool chain
if: steps.cache.outputs.cache-hit != 'true'
run: |
sudo apt-get -y install libstdc++-10-dev clang-format-12 ccache lldb
if test "${{ matrix.toolchain }}" = "gcc" ; then
sudo apt-get -y install cpp-10 gcc-10 g++-10
else
sudo apt-get -y install clang-12 llvm-12
fi
- name: install rustup components
if: steps.cache.outputs.cache-hit != 'true'
run: rustup component add rustfmt
- name: install cargo-cache
if: steps.cache.outputs.cache-hit != 'true'
run: cargo install --locked cargo-cache --version 0.8.3
- name: install cargo-sweep
if: steps.cache.outputs.cache-hit != 'true'
run: cargo install --locked cargo-sweep --version 0.7.0
- name: install dependencies
if: steps.cache.outputs.cache-hit != 'true'
run: sudo apt-get -y install postgresql git build-essential pkg-config autoconf automake libtool bison flex libpq-dev parallel libunwind-dev sed perl
- name: Build
if: steps.cache.outputs.cache-hit != 'true'
run: |
if test "${{ matrix.toolchain }}" = "gcc" ; then
export CC='gcc'
export CXX='g++'
else
export CC='clang'
export CXX='clang++'
fi
echo Build with $CC and $CXX
./ci-build.sh --use-temp-db --protocol ${{ matrix.protocol }} ${{ matrix.scenario }}
# We only _save_ to the cache when we had a cache miss, are running on master, and are the non-txmeta scenario.
- uses: actions/cache/[email protected]
if: ${{ steps.cache.outputs.cache-hit != 'true' && github.ref_name == 'master' && matrix.scenario == ''}}
with:
path: ${{ env.CACHED_PATHS }}
key: ${{ steps.cache.outputs.cache-primary-key }}