feat(authority-claimer): implement AWS KMS sign #2183
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
name: Build and test | |
on: | |
pull_request: | |
push: | |
tags: | |
- v* | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
permissions: | |
packages: write | |
id-token: write | |
contents: write | |
jobs: | |
build-ci-base: | |
runs-on: ubuntu-22.04 | |
outputs: | |
output: ${{ steps.export_tag.outputs.image_tag }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
name=ghcr.io/cartesi/rollups-node-ci | |
tags: | | |
type=semver,pattern={{version}} | |
type=ref,event=branch | |
type=ref,event=pr | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: depot/setup-action@v1 | |
- name: Build and push docker image | |
id: docker_build | |
uses: depot/bake-action@v1 | |
with: | |
files: | | |
./docker-bake.hcl | |
${{ steps.docker_meta.outputs.bake-file }} | |
./docker-bake.platforms.hcl | |
targets: rollups-node-ci | |
push: true | |
project: ${{ vars.DEPOT_PROJECT }} | |
workdir: build | |
- name: Export Image Tag | |
id : export_tag | |
run : echo "image_tag=${{steps.docker_meta.outputs.version}}" >> "$GITHUB_OUTPUT" | |
do-basic-checks: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Check conventional commit | |
uses: cocogitto/cocogitto-action@v3 | |
id: conventional_commit_check | |
with: | |
check-latest-tag-only: true | |
- name: Check license header | |
uses: viperproject/check-license-header@v2 | |
with: | |
path: ./ | |
config: .github/license-check/config.json | |
- name: Lint Markdown docs | |
uses: DavidAnson/markdownlint-cli2-action@v16 | |
with: | |
globs: | | |
*.md | |
docs/*.md | |
check-generated-files: | |
runs-on: ubuntu-22.04 | |
container: | |
image: ghcr.io/cartesi/rollups-node-ci:${{needs.build-ci-base.outputs.output}} | |
needs: | |
- build-ci-base | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
fetch-depth: 0 | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Fix VCS Issue | |
run : git config --global --add safe.directory /__w/rollups-node/rollups-node | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
- name: Check auto generated files | |
run: make check-generate | |
test-rust: | |
runs-on: ubuntu-22.04 | |
env: | |
RUSTFLAGS: -D warnings -C debuginfo=0 | |
defaults: | |
run: | |
working-directory: cmd/authority-claimer | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: depot/setup-action@v1 | |
- name: Build dependency images | |
uses: depot/bake-action@v1 | |
with: | |
files: | | |
./docker-bake.hcl | |
./docker-bake.override.hcl | |
./docker-bake.platforms.hcl | |
targets: | | |
rollups-node-snapshot | |
project: ${{ vars.DEPOT_PROJECT }} | |
workdir: build | |
load: true | |
- uses: actions/cache@v4 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
./cmd/authority-claimer/target/ | |
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: ${{ runner.os }}-cargo- | |
- name: Update Rust | |
run: rustup update | |
- name: Install cargo sweep | |
run: cargo install cargo-sweep | |
continue-on-error: true | |
- name: Install cargo cache | |
run: cargo install cargo-cache | |
continue-on-error: true | |
- name: Install cargo-machete | |
run: cargo install cargo-machete | |
continue-on-error: true | |
- name: Set sweep timestamp | |
run: cargo sweep -s | |
- name: Analyze dependencies | |
run: cargo machete . | |
- name: Check code format | |
run: cargo fmt --all -- --check | |
- name: Run linter | |
run: cargo clippy -- -A clippy::module_inception -A clippy::mixed_attributes_style | |
- name: Build binaries and tests | |
run: cargo build --all-targets | |
- name: Clean old build files | |
run: cargo sweep -f | |
- name: Clean dependencies source files | |
run: cargo cache --autoclean | |
- name: Run tests | |
run: cargo test | |
test-go: | |
runs-on: ubuntu-22.04 | |
container: | |
image: ghcr.io/cartesi/rollups-node-ci:${{needs.build-ci-base.outputs.output}} | |
needs: | |
- build-ci-base | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: depot/setup-action@v1 | |
- name: Build dependency images | |
uses: depot/bake-action@v1 | |
with: | |
files: | | |
./docker-bake.hcl | |
./docker-bake.override.hcl | |
./docker-bake.platforms.hcl | |
targets: | | |
rollups-node-devnet | |
rollups-node-snapshot | |
project: ${{ vars.DEPOT_PROJECT }} | |
workdir: build | |
load: true | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version-file: 'go.mod' | |
- name: Fix VCS Go Linter Issue | |
run : git config --global --add safe.directory /__w/rollups-node/rollups-node | |
- name: Run Go Linter | |
uses: golangci/golangci-lint-action@v6 | |
with: | |
version: v1.58.2 | |
- name: Run Go tests | |
env: | |
TESTCONTAINERS_RYUK_DISABLED: true | |
run: go test ./... | |
build-docker: | |
runs-on: ubuntu-22.04 | |
needs: | |
- do-basic-checks | |
- test-rust | |
- test-go | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Docker meta | |
id: docker_meta | |
uses: docker/metadata-action@v5 | |
with: | |
images: | | |
name=ghcr.io/cartesi/rollups-node | |
name=docker.io/cartesi/rollups-node,enable=${{ startsWith(github.ref, 'refs/tags/v') }} | |
tags: | | |
type=semver,pattern={{version}} | |
type=ref,event=branch | |
type=ref,event=pr | |
- name: Login to Docker Hub | |
uses: docker/login-action@v3 | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- uses: depot/setup-action@v1 | |
- name: Build and push docker image | |
id: docker_build | |
uses: depot/bake-action@v1 | |
with: | |
files: | | |
./docker-bake.hcl | |
${{ steps.docker_meta.outputs.bake-file }} | |
./docker-bake.platforms.hcl | |
targets: rollups-node | |
set: rollups-node.args.ROLLUPS_NODE_VERSION=${{ steps.docker_meta.outputs.version }} | |
push: true | |
project: ${{ vars.DEPOT_PROJECT }} | |
workdir: build | |
release: | |
runs-on: ubuntu-22.04 | |
needs: | |
- build-docker | |
if: startsWith(github.ref, 'refs/tags/v') | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Trim CHANGELOG.md | |
run: sed -e '0,/^##[^#]/d' -e '/^##[^#]/,$d' -i CHANGELOG.md | |
- name: Publish Github release | |
uses: softprops/action-gh-release@v2 | |
with: | |
prerelease: true | |
body_path: CHANGELOG.md | |
files: api/graphql/reader.graphql |