From 38a979aecfebbcce28c5583f5ad354954c4a49b6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Vincent?= <28714795+leovct@users.noreply.github.com> Date: Tue, 22 Oct 2024 15:46:35 +0200 Subject: [PATCH 1/3] ci: log in to the docker hub when possible (#312) * ci: docker hub login * test * fix: docker secrets issues * fix: security build * chore: disable steps if secrets are not defined * chore: clean up * chore: merge latest changes --- .github/workflows/deploy.yml | 60 ++++++++++++++++++++++++++++ .github/workflows/nightly.yml | 18 ++++++++- .github/workflows/security-build.yml | 6 ++- 3 files changed, 82 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index b4c6bbd1..e5e8491e 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -22,6 +22,18 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Install Kurtosis CDK tools uses: ./.github/actions/setup-kurtosis-cdk @@ -81,6 +93,18 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Install Kurtosis CDK tools uses: ./.github/actions/setup-kurtosis-cdk @@ -149,6 +173,18 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Install Kurtosis CDK tools uses: ./.github/actions/setup-kurtosis-cdk @@ -240,6 +276,18 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Install Kurtosis CDK tools uses: ./.github/actions/setup-kurtosis-cdk @@ -297,6 +345,18 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Install Kurtosis CDK tools uses: ./.github/actions/setup-kurtosis-cdk diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 84502fdc..eda80c3a 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -16,12 +16,23 @@ env: jobs: # Deploy a standalone zkevm permisionless node against Cardona Sepolia Tesnet. cardona-sepolia-testnet-pless-zkevm-node: - #if: github.repository == '0xPolygon/kurtosis-cdk' # Prevent this job to run on forks. runs-on: ubuntu-latest timeout-minutes: 20 steps: - uses: actions/checkout@v4 + - name: Login to Docker Hub + uses: docker/login-action@v3 + with: + username: ${{ secrets.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.DOCKERHUB_USERNAME && env.DOCKERHUB_TOKEN }} + env: + DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} + DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} + - name: Install Kurtosis CDK tools uses: ./.github/actions/setup-kurtosis-cdk @@ -29,6 +40,11 @@ jobs: run: | yq -Y --in-place '.args.l1_rpc_url = "${{ secrets.ALCHEMY_SEPOLIA_RPC_URL }}"' ./.github/tests/pless-zkevm-node/cardona-sepolia-testnet-pless-zkevm-node.yml kurtosis run --enclave=${{ env.ENCLAVE_NAME }} --args-file=./.github/tests/pless-zkevm-node/cardona-sepolia-testnet-pless-zkevm-node.yml --show-enclave-inspect=false . + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.ALCHEMY_SEPOLIA_RPC_URL}} + env: + ALCHEMY_SEPOLIA_RPC_URL: ${{ secrets.ALCHEMY_SEPOLIA_RPC_URL }} - name: Inspect enclave run: kurtosis enclave inspect ${{ env.ENCLAVE_NAME }} diff --git a/.github/workflows/security-build.yml b/.github/workflows/security-build.yml index 0a9c8298..7edc5250 100644 --- a/.github/workflows/security-build.yml +++ b/.github/workflows/security-build.yml @@ -10,7 +10,6 @@ jobs: sonarcloud: runs-on: ubuntu-latest timeout-minutes: 5 - if: github.repository == '0xPolygon/kurtosis-cdk' # Prevent this job to run on forks. steps: - uses: actions/checkout@v4 with: @@ -21,3 +20,8 @@ jobs: env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + # This step will only execute if the necessary secrets are available, preventing failures + # on pull requests from forked repositories. + if: ${{ env.SONAR_TOKEN}} + env: + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From ad85a6460403d9f59e010b6217f98f5ccb2b1ed1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Vincent?= <28714795+leovct@users.noreply.github.com> Date: Tue, 22 Oct 2024 18:34:26 +0200 Subject: [PATCH 2/3] ci: fix security build job (#328) * ci: fix security build job * chore: run job on PRs --- .github/workflows/security-build.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/security-build.yml b/.github/workflows/security-build.yml index 7edc5250..60550880 100644 --- a/.github/workflows/security-build.yml +++ b/.github/workflows/security-build.yml @@ -3,7 +3,7 @@ name: Security Build on: push: branches: [main] - #pull_request: + pull_request: workflow_dispatch: jobs: @@ -17,11 +17,9 @@ jobs: fetch-depth: 0 - uses: sonarsource/sonarcloud-github-action@master - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} # This step will only execute if the necessary secrets are available, preventing failures # on pull requests from forked repositories. if: ${{ env.SONAR_TOKEN}} env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} From cecf43b53441f760fe0cd0fc7046e354f3948f8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Vincent?= <28714795+leovct@users.noreply.github.com> Date: Wed, 23 Oct 2024 12:44:14 +0200 Subject: [PATCH 3/3] ci: test combinations check (#330) * ci: test combinations check * fix: typo * ci: rename jobs * chore: update test combinations * fix: install yq * test * Revert "test" This reverts commit 15a39e78e8ebb5197ec86ceaeef0b79972391b3f. --- .../fork11-legacy-zkevm-stack-rollup.yml | 6 ++--- .../fork11-new-cdk-stack-cdk-validium.yml | 6 ++--- .../fork11-new-cdk-stack-rollup.yml | 6 ++--- .../fork12-new-cdk-stack-cdk-validium.yml | 4 +-- .../fork12-new-cdk-stack-rollup.yml | 4 +-- .../fork9-legacy-zkevm-stack-cdk-validium.yml | 6 ++--- .../fork9-legacy-zkevm-stack-rollup.yml | 6 ++--- .../fork9-new-cdk-stack-cdk-validium.yml | 6 ++--- .../fork9-new-cdk-stack-rollup.yml | 6 ++--- .github/workflows/lint.yml | 27 ++++++++++++++++++- 10 files changed, 51 insertions(+), 26 deletions(-) diff --git a/.github/tests/combinations/fork11-legacy-zkevm-stack-rollup.yml b/.github/tests/combinations/fork11-legacy-zkevm-stack-rollup.yml index bacc089c..1e53ce40 100644 --- a/.github/tests/combinations/fork11-legacy-zkevm-stack-rollup.yml +++ b/.github/tests/combinations/fork11-legacy-zkevm-stack-rollup.yml @@ -1,8 +1,8 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v7.0.0-rc.2-fork.11 - zkevm_prover_image: hermeznetwork/zkevm-prover:v7.0.2-fork.11 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:acceptance-2.0.0-beta26-0f01107 - zkevm_node_image: hermeznetwork/zkevm-node:v0.7.0-fork11-RC1 + zkevm_prover_image: hermeznetwork/zkevm-prover:v7.0.3-fork.11 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d + zkevm_node_image: hermeznetwork/zkevm-node:v0.7.0-fork11 additional_services: - tx_spammer data_availability_mode: rollup diff --git a/.github/tests/combinations/fork11-new-cdk-stack-cdk-validium.yml b/.github/tests/combinations/fork11-new-cdk-stack-cdk-validium.yml index 3f82861b..b8f1e5f1 100644 --- a/.github/tests/combinations/fork11-new-cdk-stack-cdk-validium.yml +++ b/.github/tests/combinations/fork11-new-cdk-stack-cdk-validium.yml @@ -1,8 +1,8 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v7.0.0-rc.2-fork.11 - zkevm_prover_image: hermeznetwork/zkevm-prover:v7.0.2-fork.11 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:acceptance-2.0.0-beta26-0f01107 - zkevm_node_image: hermeznetwork/zkevm-node:v0.7.0-fork11-RC1 + zkevm_prover_image: hermeznetwork/zkevm-prover:v7.0.3-fork.11 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d + zkevm_node_image: hermeznetwork/zkevm-node:v0.7.0-fork11 additional_services: - tx_spammer data_availability_mode: cdk-validium diff --git a/.github/tests/combinations/fork11-new-cdk-stack-rollup.yml b/.github/tests/combinations/fork11-new-cdk-stack-rollup.yml index bb8d502a..fcfeb95b 100644 --- a/.github/tests/combinations/fork11-new-cdk-stack-rollup.yml +++ b/.github/tests/combinations/fork11-new-cdk-stack-rollup.yml @@ -1,8 +1,8 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v7.0.0-rc.2-fork.11 - zkevm_prover_image: hermeznetwork/zkevm-prover:v7.0.2-fork.11 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:acceptance-2.0.0-beta26-0f01107 - zkevm_node_image: hermeznetwork/zkevm-node:v0.7.0-fork11-RC1 + zkevm_prover_image: hermeznetwork/zkevm-prover:v7.0.3-fork.11 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d + zkevm_node_image: hermeznetwork/zkevm-node:v0.7.0-fork11 additional_services: - tx_spammer data_availability_mode: rollup diff --git a/.github/tests/combinations/fork12-new-cdk-stack-cdk-validium.yml b/.github/tests/combinations/fork12-new-cdk-stack-cdk-validium.yml index a994e010..6631dc08 100644 --- a/.github/tests/combinations/fork12-new-cdk-stack-cdk-validium.yml +++ b/.github/tests/combinations/fork12-new-cdk-stack-cdk-validium.yml @@ -1,7 +1,7 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v8.0.0-rc.4-fork.12 - zkevm_prover_image: hermeznetwork/zkevm-prover:v8.0.0-RC12-fork.12 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:0948e33 + zkevm_prover_image: hermeznetwork/zkevm-prover:v8.0.0-RC13-fork.12 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d additional_services: - tx_spammer data_availability_mode: cdk-validium diff --git a/.github/tests/combinations/fork12-new-cdk-stack-rollup.yml b/.github/tests/combinations/fork12-new-cdk-stack-rollup.yml index 07ac0e67..ba5382bc 100644 --- a/.github/tests/combinations/fork12-new-cdk-stack-rollup.yml +++ b/.github/tests/combinations/fork12-new-cdk-stack-rollup.yml @@ -1,7 +1,7 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v8.0.0-rc.4-fork.12 - zkevm_prover_image: hermeznetwork/zkevm-prover:v8.0.0-RC12-fork.12 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:0948e33 + zkevm_prover_image: hermeznetwork/zkevm-prover:v8.0.0-RC13-fork.12 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d additional_services: - tx_spammer data_availability_mode: rollup diff --git a/.github/tests/combinations/fork9-legacy-zkevm-stack-cdk-validium.yml b/.github/tests/combinations/fork9-legacy-zkevm-stack-cdk-validium.yml index 0cebb44c..1328e659 100644 --- a/.github/tests/combinations/fork9-legacy-zkevm-stack-cdk-validium.yml +++ b/.github/tests/combinations/fork9-legacy-zkevm-stack-cdk-validium.yml @@ -1,8 +1,8 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v6.0.0-rc.1-fork.9 - zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.6 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:0948e33 - zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3-RC1 + zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.7 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d + zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3 cdk_validium_node_image: 0xpolygon/cdk-validium-node:0.7.0-cdk additional_services: - pless_zkevm_node diff --git a/.github/tests/combinations/fork9-legacy-zkevm-stack-rollup.yml b/.github/tests/combinations/fork9-legacy-zkevm-stack-rollup.yml index e78fb3a4..9796eed0 100644 --- a/.github/tests/combinations/fork9-legacy-zkevm-stack-rollup.yml +++ b/.github/tests/combinations/fork9-legacy-zkevm-stack-rollup.yml @@ -1,8 +1,8 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v6.0.0-rc.1-fork.9 - zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.6 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:0948e33 - zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3-RC1 + zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.7 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d + zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3 cdk_validium_node_image: 0xpolygon/cdk-validium-node:0.7.0-cdk additional_services: - pless_zkevm_node diff --git a/.github/tests/combinations/fork9-new-cdk-stack-cdk-validium.yml b/.github/tests/combinations/fork9-new-cdk-stack-cdk-validium.yml index 43905b8d..4cef7c1c 100644 --- a/.github/tests/combinations/fork9-new-cdk-stack-cdk-validium.yml +++ b/.github/tests/combinations/fork9-new-cdk-stack-cdk-validium.yml @@ -1,8 +1,8 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v6.0.0-rc.1-fork.9 - zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.6 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:0948e33 - zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3-RC1 + zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.7 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d + zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3 cdk_validium_node_image: 0xpolygon/cdk-validium-node:0.7.0-cdk additional_services: - pless_zkevm_node diff --git a/.github/tests/combinations/fork9-new-cdk-stack-rollup.yml b/.github/tests/combinations/fork9-new-cdk-stack-rollup.yml index d469af88..c01592f0 100644 --- a/.github/tests/combinations/fork9-new-cdk-stack-rollup.yml +++ b/.github/tests/combinations/fork9-new-cdk-stack-rollup.yml @@ -1,8 +1,8 @@ args: zkevm_contracts_image: leovct/zkevm-contracts:v6.0.0-rc.1-fork.9 - zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.6 - cdk_erigon_node_image: hermeznetwork/cdk-erigon:0948e33 - zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3-RC1 + zkevm_prover_image: hermeznetwork/zkevm-prover:v6.0.7 + cdk_erigon_node_image: hermeznetwork/cdk-erigon:ab3013d + zkevm_node_image: hermeznetwork/zkevm-node:v0.7.3 cdk_validium_node_image: 0xpolygon/cdk-validium-node:0.7.0-cdk additional_services: - pless_zkevm_node diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e616040b..e4e782eb 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -14,7 +14,7 @@ env: KURTOSIS_VERSION: 0.90.1 jobs: - check: + lint: runs-on: ubuntu-latest timeout-minutes: 5 steps: @@ -51,3 +51,28 @@ jobs: - name: Run shellcheck run: find . -type f -name '*.sh' | sort | xargs -I {} shellcheck {} + + check-test-combinations: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Install yq + run: | + pip3 install yq + yq --version + + - name: Generate test combinations + working-directory: .github/tests + run: ./combine-ymls.sh + + - name: Check if test combinations are up to date + run: | + if [[ -n $(git status --porcelain) ]]; then + echo "❌ Error: Test combinations are not up to date. Please run \`./combine-ymls.sh\`." + git status --porcelain + git diff + exit 1 + else + echo "✅ Test combinations are up to date." + fi