fix(CI): Fix cargo deny #4709
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Rust tests | |
on: | |
push: | |
branches: | |
- "develop" | |
- "devnet" | |
- "testnet" | |
- "mainnet" | |
- "releases/iota-*-release" | |
pull_request: | |
types: [opened, synchronize, reopened, ready_for_review] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: ${{ github.ref != 'refs/heads/develop' }} | |
env: | |
CARGO_TERM_COLOR: always | |
# Disable incremental compilation. | |
# | |
# Incremental compilation is useful as part of an edit-build-test-edit cycle, | |
# as it lets the compiler avoid recompiling code that hasn't changed. However, | |
# on CI, we're not making small edits; we're almost always building the entire | |
# project from scratch. Thus, incremental compilation on CI actually | |
# introduces *additional* overhead to support making future builds | |
# faster...but no future builds will ever occur in any given CI environment. | |
# | |
# See https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow | |
# for details. | |
CARGO_INCREMENTAL: 0 | |
# Allow more retries for network requests in cargo (downloading crates) and | |
# rustup (installing toolchains). This should help to reduce flaky CI failures | |
# from transient network timeouts or other issues. | |
CARGO_NET_RETRY: 10 | |
RUSTUP_MAX_RETRIES: 10 | |
# Don't emit giant backtraces in the CI logs. | |
RUST_BACKTRACE: short | |
# RUSTFLAGS: -D warnings | |
RUSTDOCFLAGS: -D warnings | |
jobs: | |
changes: | |
runs-on: [self-hosted-rust] | |
outputs: | |
components: ${{ steps.filter.outputs.changes }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
list-files: "json" | |
filters: .github/crates-filters.yml | |
test: | |
name: Test ${{ matrix.components }} | |
env: | |
# Tests written with #[sim_test] are often flaky if run as #[tokio::test] - this var | |
# causes #[sim_test] to only run under the deterministic `simtest` job, and not the | |
# non-deterministic `test` job. | |
IOTA_SKIP_SIMTESTS: 1 | |
strategy: | |
matrix: | |
components: ${{ fromJson(needs.changes.outputs.components) }} | |
fail-fast: false | |
runs-on: [self-hosted-rust] | |
needs: changes | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: taiki-e/install-action@nextest | |
- name: cargo test | |
run: cargo nextest run --profile ci -E 'rdeps(${{matrix.components}})' -p ${{matrix.components}} | |
iota-sdk-changes: | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
iota-sdk: | |
- 'crates/iota-sdk/**' | |
test-iota-sdk: | |
name: Test iota-sdk | |
if: needs.iota-sdk-changes.outputs.iota-sdk == 'true' | |
env: | |
# Tests written with #[sim_test] are often flaky if run as #[tokio::test] - this var | |
# causes #[sim_test] to only run under the deterministic `simtest` job, and not the | |
# non-deterministic `test` job. | |
IOTA_SKIP_SIMTESTS: 1 | |
runs-on: [self-hosted-rust] | |
needs: iota-sdk-changes | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: taiki-e/install-action@nextest | |
- name: cargo test | |
run: cargo nextest run --profile ci -E 'rdeps(iota-sdk)' -p [email protected] | |
diff: | |
runs-on: [self-hosted-rust] | |
outputs: | |
isRust: ${{ steps.diff.outputs.isRust }} | |
isMove: ${{ steps.diff.outputs.isMove }} | |
isReleaseNotesEligible: ${{ steps.diff.outputs.isReleaseNotesEligible }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- name: Detect Changes | |
uses: "./.github/actions/diffs" | |
id: diff | |
license-check: | |
name: license-check | |
if: needs.diff.outputs.isRust == 'true' | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- uses: bmwill/rust-cache@v1 # Fork of 'Swatinem/rust-cache' which allows caching additional paths | |
- name: Install cargo-license-template | |
run: cargo install --force cargo-license-template | |
- name: Run cargo-license-template | |
run: cargo ci-license | |
release-notes-description-check: | |
name: release-notes-check | |
needs: diff | |
if: needs.diff.outputs.isReleaseNotesEligible == 'true' | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- name: Check Pull Request Description | |
shell: bash | |
run: | | |
export PR_NUMBER=$(jq --raw-output .pull_request.number "$GITHUB_EVENT_PATH") | |
export DESCRIPTION=$(curl -s -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
"https://api.github.com/repos/iotaledger/iota/pulls/${PR_NUMBER}" \ | |
| jq --raw-output .body) | |
if [[ "${DESCRIPTION}" == *"[x]"* ]]; then | |
if [[ "${DESCRIPTION}" =~ Release[[:space:]]notes[[:space:]]+.* ]]; then | |
exit 0 | |
else | |
echo "At least one '[x]' was checked under 'Type of Change (Check all that apply)', you need to add a blob under the 'Release Notes' section." | |
exit 1 | |
fi | |
fi | |
test-extra: | |
needs: diff | |
if: needs.diff.outputs.isRust == 'true' | |
env: | |
# Tests written with #[sim_test] are often flaky if run as #[tokio::test] - this var | |
# causes #[sim_test] to only run under the deterministic `simtest` job, and not the | |
# non-deterministic `test` job. | |
IOTA_SKIP_SIMTESTS: 1 | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- [self-hosted-rust] | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- name: benchmark (smoke) | |
run: | | |
cargo run --package iota-benchmark --bin stress -- --log-path /tmp/stress.log --num-client-threads 10 --num-server-threads 24 --num-transfer-accounts 2 bench --target-qps 100 --num-workers 10 --transfer-object 50 --shared-counter 50 --run-duration 10s --stress-stat-collection | |
- name: doctests | |
run: | | |
cargo test --doc | |
- name: rustdoc | |
run: | | |
cargo doc --workspace --no-deps | |
- name: Install cargo-hakari, and cache the binary | |
uses: baptiste0928/cargo-install@1cd874a5478fdca35d868ccc74640c5aabbb8f1b # [email protected] | |
with: | |
crate: cargo-hakari | |
locked: true | |
- name: Install nightly rustfmt | |
run: rustup toolchain install nightly --component rustfmt --allow-downgrade | |
- name: iota-execution | |
run: | | |
./scripts/execution_layer.py generate-lib | |
# Ensure there are no uncommitted changes in the repo after running tests | |
- run: scripts/changed-files.sh | |
shell: bash | |
# TODO: Disabled until we can get an updated fork of msim with tokio 1.38 https://github.com/iotaledger/iota/issues/1212 | |
# simtest: | |
# name: Simtest ${{ matrix.components }} | |
# needs: changes | |
# timeout-minutes: 45 | |
# runs-on: [self-hosted-rust] | |
# strategy: | |
# matrix: | |
# components: ${{ fromJson(needs.changes.outputs.components) }} | |
# fail-fast: false | |
# env: | |
# MSIM_WATCHDOG_TIMEOUT_MS: 60000 | |
# steps: | |
# - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
# - uses: taiki-e/install-action@nextest | |
# - name: cargo simtest | |
# run: | | |
# scripts/simtest/cargo-simtest simtest -E 'rdeps(${{matrix.components}})' -p ${{matrix.components}} | |
# - name: check new tests for flakiness | |
# run: | | |
# scripts/simtest/stress-new-tests.sh -E 'rdeps(${{matrix.components}})' -p ${{matrix.components}} | |
# This job ensures that Move unit tests are run if there are changes | |
# to Move code but not Rust code (If there are Rust changes, they | |
# will be run as part of a larger test iotate). | |
move-test: | |
needs: diff | |
if: needs.diff.outputs.isRust == 'false' && needs.diff.outputs.isMove == 'true' | |
timeout-minutes: 10 | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- uses: taiki-e/install-action@nextest | |
- name: Run move tests | |
run: | | |
cargo nextest run -p iota-framework-tests -- unit_tests:: | |
# # Disabled | |
# rosetta-validation: | |
# needs: diff | |
# if: needs.diff.outputs.isRust == 'true' | |
# timeout-minutes: 45 | |
# runs-on: [self-hosted-rust] | |
# steps: | |
# - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
# - name: Setup environment | |
# run: .github/scripts/rosetta/setup.sh | |
# shell: bash | |
# - name: Start local IOTA network | |
# run: | | |
# iota start --no-full-node & | |
# shell: bash | |
# - name: Start Rosetta servers | |
# run: .github/scripts/rosetta/start_rosetta.sh | |
# shell: bash | |
# - name: Sleep for 20 seconds | |
# run: sleep 20s | |
# shell: bash | |
# - name: Run check:construction test | |
# run: | | |
# ./bin/rosetta-cli --configuration-file rosetta_cli.json check:construction | |
# shell: bash | |
# - name: Run check:data test | |
# run: | | |
# ./bin/rosetta-cli --configuration-file rosetta_cli.json check:data | |
# shell: bash | |
clippy: | |
needs: diff | |
if: needs.diff.outputs.isRust == 'true' | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: arduino/setup-protoc@c65c819552d16ad3c9b72d9dfd5ba5237b9c906b # [email protected] | |
# this avoids rate-limiting | |
with: | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- run: rustup component add clippy | |
# TODO(bradh): debug and re-enable this; the caching is breaking the clippy build | |
# Enable caching of the 'librocksdb-sys' crate by additionally caching the | |
# 'librocksdb-sys' src directory which is managed by cargo | |
# - uses: bmwill/rust-cache@v1 # Fork of 'Swatinem/rust-cache' which allows caching additional paths | |
# with: | |
# path: ~/.cargo/registry/src/**/librocksdb-sys-* | |
# See '.cargo/config' for list of enabled/disabled clippy lints | |
- name: Check Clippy Lints | |
run: cargo +stable ci-clippy | |
rustfmt: | |
needs: diff | |
if: needs.diff.outputs.isRust == 'true' | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- name: Install latest nightly | |
run: rustup toolchain install nightly --component rustfmt --allow-downgrade | |
- name: Check Rust formatting | |
run: cargo +nightly ci-fmt | |
dprint-format: | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- name: Install dprint | |
run: cargo install dprint | |
- name: Check dprint formatting | |
run: dprint check | |
cargo-deny: | |
name: cargo-deny (advisories, licenses, bans, ...) | |
needs: diff | |
if: needs.diff.outputs.isRust == 'true' | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- uses: EmbarkStudios/cargo-deny-action@v1 | |
iota-excution-cut: | |
name: cutting a new execution layer | |
needs: diff | |
if: needs.diff.outputs.isRust == 'true' | |
runs-on: [self-hosted-rust] | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- name: Install cargo-hakari, and cache the binary | |
uses: baptiste0928/cargo-install@1cd874a5478fdca35d868ccc74640c5aabbb8f1b # [email protected] | |
with: | |
crate: cargo-hakari | |
locked: true | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- name: Make cut | |
run: ./scripts/execution_layer.py cut for_ci_test | |
- name: Check execution builds | |
run: cargo build -p iota-execution | |
#indexer: | |
# name: indexer | |
# needs: diff | |
# if: needs.diff.outputs.isRust == 'true' | |
# timeout-minutes: 45 | |
# runs-on: [self-hosted-rust] | |
# services: | |
# postgres: | |
# image: postgres | |
# env: | |
# POSTGRES_PASSWORD: postgrespw | |
# options: >- | |
# --health-cmd pg_isready | |
# --health-interval 10s | |
# --health-timeout 5s | |
# --health-retries 5 | |
# ports: | |
# - 5432:5432 | |
# steps: | |
# - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
# - name: integration-test-with-postgres | |
# #We only have 1 instance of postgres DB, can only run test in single thread | |
# run: | | |
# cargo test --package iota-indexer --test integration_tests --features pg_integration -- --test-threads=1 | |
# env: | |
# POSTGRES_HOST: localhost | |
# POSTGRES_PORT: 5432 | |
graphql-rpc: | |
name: graphql-rpc | |
needs: diff | |
if: needs.diff.outputs.isRust == 'true' | |
timeout-minutes: 45 | |
runs-on: [self-hosted-rust] | |
env: | |
POSTGRES_USER: postgres | |
POSTGRES_PASSWORD: postgrespw | |
POSTGRES_HOST: localhost | |
POSTGRES_PORT: 5432 | |
services: | |
postgres: | |
image: postgres | |
env: | |
POSTGRES_PASSWORD: postgrespw | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
--name postgres_container | |
ports: | |
- 5432:5432 | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # Pin v4.1.1 | |
- uses: taiki-e/install-action@nextest | |
- name: Install postgresql-client | |
run: sudo apt-get install -y postgresql-client | |
- name: Setup db | |
run: | | |
PGPASSWORD=$POSTGRES_PASSWORD psql -h localhost -U $POSTGRES_USER -c 'CREATE DATABASE iota_indexer;' -c 'ALTER SYSTEM SET max_connections = 500;' | |
- run: docker restart --time 0 postgres_container | |
- run: sleep 5 | |
- name: tests-requiring-postgres | |
run: | | |
cargo nextest run --no-fail-fast --test-threads 1 --package iota-graphql-rpc --test e2e_tests --test examples_validation_tests --features pg_integration | |
cargo nextest run --no-fail-fast --test-threads 1 --package iota-graphql-rpc --lib --features pg_integration -- test_query_cost | |
cargo nextest run --no-fail-fast --test-threads 8 --package iota-graphql-e2e-tests --features pg_integration | |
cargo nextest run --no-fail-fast --test-threads 1 --package iota-cluster-test --test local_cluster_test --features pg_integration | |
cargo nextest run --no-fail-fast --test-threads 1 --package iota-indexer --test ingestion_tests --features pg_integration |