From a1d3baa79f8b2b2990e615d5ae5e59d340d134e4 Mon Sep 17 00:00:00 2001 From: Mikhail Zabaluev Date: Wed, 7 Aug 2024 19:46:50 +0300 Subject: [PATCH] chore: clean up .github/workflows Remove all upstream GitHub workflows, save the one we're going to use with adaptations. --- .github/workflows/adhoc-forge.yaml | 68 --- .github/workflows/aptos-node-release.yaml | 42 -- .github/workflows/cargo-metadata-upload.yaml | 26 -- .github/workflows/check-minimum-revision.yaml | 51 --- .github/workflows/check-protos.yaml | 74 ---- .github/workflows/check-sdk-examples.yaml | 46 --- .github/workflows/cli-e2e-tests.yaml | 87 ---- .github/workflows/cli-external-deps.yaml | 20 - .github/workflows/close-stale-issues.yaml | 24 -- .github/workflows/codeql-analysis.yaml | 49 --- .../copy-images-to-dockerhub-nightly.yaml | 27 -- .../copy-images-to-dockerhub-release.yaml | 29 -- .../workflows/copy-images-to-dockerhub.yaml | 64 --- .github/workflows/coverage-move-only.yaml | 70 ---- .github/workflows/coverage.yaml | 109 ----- .github/workflows/cut-release-branch.yaml | 50 --- .github/workflows/docker-build-rosetta.yaml | 27 -- .github/workflows/docker-build-test.yaml | 391 ------------------ .../workflows/docker-indexer-grpc-test.yaml | 54 --- .github/workflows/docker-update-images.yaml | 46 --- .github/workflows/execution-performance.yaml | 28 -- .github/workflows/faucet-tests-main.yaml | 74 ---- .github/workflows/faucet-tests-prod.yaml | 77 ---- ...-with-undeclared-feature-dependencies.yaml | 11 - .github/workflows/forge-pfn.yaml | 170 -------- .github/workflows/forge-stable.yaml | 303 -------------- .github/workflows/forge-state-sync.yaml | 142 ------- .github/workflows/forge-unstable.yaml | 173 -------- .../fullnode-execute-devnet-main.yaml | 34 -- .../fullnode-execute-devnet-stable.yaml | 34 -- .../workflows/fullnode-fast-mainnet-main.yaml | 34 -- .../fullnode-fast-mainnet-stable.yaml | 34 -- .../workflows/fullnode-fast-testnet-main.yaml | 34 -- .../fullnode-fast-testnet-stable.yaml | 34 -- .../fullnode-intelligent-devnet-main.yaml | 35 -- .../fullnode-intelligent-mainnet-main.yaml | 35 -- .../fullnode-intelligent-mainnet-stable.yaml | 35 -- .../fullnode-intelligent-testnet-main.yaml | 35 -- .github/workflows/fuzzer-test.yaml | 26 -- ...ndexer-grpc-in-memory-cache-benchmark.yaml | 22 - .../indexer-grpc-integration-tests.yaml | 84 ---- .../workflows/keyless-circuit-daily-test.yaml | 32 -- .github/workflows/links.yml | 35 -- .github/workflows/lint-test.yaml | 205 --------- .github/workflows/module-verify.yaml | 69 ---- .github/workflows/move-test-compiler-v2.yaml | 35 -- .../node-api-compatibility-tests.yaml | 128 ------ .github/workflows/prover-daily-test.yaml | 35 -- .../workflows/prune-old-workflow-runs.yaml | 28 -- .github/workflows/replay-verify.yaml | 99 ----- .github/workflows/run-fullnode-sync.yaml | 110 ----- .github/workflows/run-gas-calibration.yaml | 39 -- .github/workflows/rust-client-tests.yaml | 86 ---- .github/workflows/semgrep.yaml | 27 -- .github/workflows/terraform-freeze.yaml | 15 - .../test-copy-images-to-dockerhub.yaml | 28 -- .github/workflows/ts-sdk-e2e-tests.yaml | 77 ---- .github/workflows/windows-build.yaml | 64 --- .../workflow-run-docker-rust-build.yaml | 98 ----- .../workflow-run-execution-performance.yaml | 90 ---- .github/workflows/workflow-run-forge.yaml | 218 ---------- .../workflows/workflow-run-module-verify.yaml | 71 ---- .../workflows/workflow-run-replay-verify.yaml | 116 ------ 63 files changed, 4513 deletions(-) delete mode 100644 .github/workflows/adhoc-forge.yaml delete mode 100644 .github/workflows/aptos-node-release.yaml delete mode 100644 .github/workflows/cargo-metadata-upload.yaml delete mode 100644 .github/workflows/check-minimum-revision.yaml delete mode 100644 .github/workflows/check-protos.yaml delete mode 100644 .github/workflows/check-sdk-examples.yaml delete mode 100644 .github/workflows/cli-e2e-tests.yaml delete mode 100644 .github/workflows/cli-external-deps.yaml delete mode 100644 .github/workflows/close-stale-issues.yaml delete mode 100644 .github/workflows/codeql-analysis.yaml delete mode 100644 .github/workflows/copy-images-to-dockerhub-nightly.yaml delete mode 100644 .github/workflows/copy-images-to-dockerhub-release.yaml delete mode 100644 .github/workflows/copy-images-to-dockerhub.yaml delete mode 100644 .github/workflows/coverage-move-only.yaml delete mode 100644 .github/workflows/coverage.yaml delete mode 100644 .github/workflows/cut-release-branch.yaml delete mode 100644 .github/workflows/docker-build-rosetta.yaml delete mode 100644 .github/workflows/docker-build-test.yaml delete mode 100644 .github/workflows/docker-indexer-grpc-test.yaml delete mode 100644 .github/workflows/docker-update-images.yaml delete mode 100644 .github/workflows/execution-performance.yaml delete mode 100644 .github/workflows/faucet-tests-main.yaml delete mode 100644 .github/workflows/faucet-tests-prod.yaml delete mode 100644 .github/workflows/find-packages-with-undeclared-feature-dependencies.yaml delete mode 100644 .github/workflows/forge-pfn.yaml delete mode 100644 .github/workflows/forge-stable.yaml delete mode 100644 .github/workflows/forge-state-sync.yaml delete mode 100644 .github/workflows/forge-unstable.yaml delete mode 100644 .github/workflows/fullnode-execute-devnet-main.yaml delete mode 100644 .github/workflows/fullnode-execute-devnet-stable.yaml delete mode 100644 .github/workflows/fullnode-fast-mainnet-main.yaml delete mode 100644 .github/workflows/fullnode-fast-mainnet-stable.yaml delete mode 100644 .github/workflows/fullnode-fast-testnet-main.yaml delete mode 100644 .github/workflows/fullnode-fast-testnet-stable.yaml delete mode 100644 .github/workflows/fullnode-intelligent-devnet-main.yaml delete mode 100644 .github/workflows/fullnode-intelligent-mainnet-main.yaml delete mode 100644 .github/workflows/fullnode-intelligent-mainnet-stable.yaml delete mode 100644 .github/workflows/fullnode-intelligent-testnet-main.yaml delete mode 100644 .github/workflows/fuzzer-test.yaml delete mode 100644 .github/workflows/indexer-grpc-in-memory-cache-benchmark.yaml delete mode 100644 .github/workflows/indexer-grpc-integration-tests.yaml delete mode 100644 .github/workflows/keyless-circuit-daily-test.yaml delete mode 100644 .github/workflows/links.yml delete mode 100644 .github/workflows/lint-test.yaml delete mode 100644 .github/workflows/module-verify.yaml delete mode 100644 .github/workflows/move-test-compiler-v2.yaml delete mode 100644 .github/workflows/node-api-compatibility-tests.yaml delete mode 100644 .github/workflows/prover-daily-test.yaml delete mode 100644 .github/workflows/prune-old-workflow-runs.yaml delete mode 100644 .github/workflows/replay-verify.yaml delete mode 100644 .github/workflows/run-fullnode-sync.yaml delete mode 100644 .github/workflows/run-gas-calibration.yaml delete mode 100644 .github/workflows/rust-client-tests.yaml delete mode 100644 .github/workflows/semgrep.yaml delete mode 100644 .github/workflows/terraform-freeze.yaml delete mode 100644 .github/workflows/test-copy-images-to-dockerhub.yaml delete mode 100644 .github/workflows/ts-sdk-e2e-tests.yaml delete mode 100644 .github/workflows/windows-build.yaml delete mode 100644 .github/workflows/workflow-run-docker-rust-build.yaml delete mode 100644 .github/workflows/workflow-run-execution-performance.yaml delete mode 100644 .github/workflows/workflow-run-forge.yaml delete mode 100644 .github/workflows/workflow-run-module-verify.yaml delete mode 100644 .github/workflows/workflow-run-replay-verify.yaml diff --git a/.github/workflows/adhoc-forge.yaml b/.github/workflows/adhoc-forge.yaml deleted file mode 100644 index 3a3b0bd184000..0000000000000 --- a/.github/workflows/adhoc-forge.yaml +++ /dev/null @@ -1,68 +0,0 @@ -name: "Ad-hoc Forge Run" -on: - workflow_dispatch: - inputs: - GIT_SHA: - required: true - type: string - description: The git SHA1 to checkout and test - IMAGE_TAG: - required: false - type: string - description: The docker image tag to test. If not specified, falls back on GIT_SHA - FORGE_IMAGE_TAG: - required: false - type: string - description: The docker image tag to use for forge runner. If not specified, falls back on GIT_SHA - FORGE_RUNNER_DURATION_SECS: - required: false - type: string - default: "480" - description: Duration of the forge test run - FORGE_TEST_SUITE: - required: false - type: string - default: land_blocking - description: Test suite to run - FORGE_CLUSTER_NAME: - required: false - type: string - description: The Forge k8s cluster to be used for test - -permissions: - contents: read - id-token: write #required for GCP Workload Identity federation which we use to login into Google Artifact Registry - issues: write - pull-requests: write - -jobs: - determine-forge-run-metadata: - runs-on: ubuntu-latest - steps: - - name: collect metadata - run: | - echo "GIT_SHA: ${{ inputs.GIT_SHA }}" - echo "IMAGE_TAG: ${{ inputs.IMAGE_TAG }}" - echo "FORGE_IMAGE_TAG: ${{ inputs.FORGE_IMAGE_TAG }}" - echo "FORGE_RUNNER_DURATION_SECS: ${{ inputs.FORGE_RUNNER_DURATION_SECS }}" - echo "FORGE_TEST_SUITE: ${{ inputs.FORGE_TEST_SUITE }}" - echo "FORGE_CLUSTER_NAME: ${{ inputs.FORGE_CLUSTER_NAME }}" - outputs: - gitSha: ${{ inputs.GIT_SHA }} - imageTag: ${{ inputs.IMAGE_TAG }} - forgeImageTag: ${{ inputs.FORGE_IMAGE_TAG }} - forgeRunnerDurationSecs: ${{ inputs.FORGE_RUNNER_DURATION_SECS }} - forgeTestSuite: ${{ inputs.FORGE_TEST_SUITE }} - forgeClusterName: ${{ inputs.FORGE_CLUSTER_NAME }} - - adhoc-forge-test: - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - needs: [determine-forge-run-metadata] - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-forge-run-metadata.outputs.gitSha }} - IMAGE_TAG: ${{ needs.determine-forge-run-metadata.outputs.imageTag }} - FORGE_IMAGE_TAG: ${{ needs.determine-forge-run-metadata.outputs.forgeImageTag }} - FORGE_TEST_SUITE: ${{ needs.determine-forge-run-metadata.outputs.forgeTestSuite }} - FORGE_RUNNER_DURATION_SECS: ${{ fromJSON(needs.determine-forge-run-metadata.outputs.forgeRunnerDurationSecs) }} # fromJSON converts to integer - FORGE_CLUSTER_NAME: ${{ needs.determine-forge-run-metadata.outputs.forgeClusterName }} diff --git a/.github/workflows/aptos-node-release.yaml b/.github/workflows/aptos-node-release.yaml deleted file mode 100644 index b665ace3f1c68..0000000000000 --- a/.github/workflows/aptos-node-release.yaml +++ /dev/null @@ -1,42 +0,0 @@ -name: "Release aptos-node" -on: - workflow_dispatch: - inputs: - release_tag: - type: string - required: true - description: "The release tag to create. E.g. `aptos-node-v0.2.3`:" - branch: - type: string - required: true - description: "The branch to cut the release from" - release_title: - type: string - required: false - description: 'Name of the release, e.g. "Aptos Node Release v1.2.3":' - -jobs: - release-aptos-node: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ inputs.branch }} - - - uses: actions/setup-python@v4 - - - name: Bump aptos-node version - uses: aptos-labs/aptos-core/.github/actions/release-aptos-node@main - with: - release_tag: ${{ inputs.release_tag }} - aptos_node_cargo_toml: aptos-node/Cargo.toml - - - name: Create Pull Request - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # pin@v6.0.1 - with: - add-paths: aptos-node - title: "[aptos-node] update release version" - body: Automated release bump for ${{ inputs.release_tag }}. Change the PR base accordingly - commit-message: "[aptos-node] update release version" - branch: auto-release-${{ inputs.release_tag }} - delete-branch: true diff --git a/.github/workflows/cargo-metadata-upload.yaml b/.github/workflows/cargo-metadata-upload.yaml deleted file mode 100644 index f6654df475540..0000000000000 --- a/.github/workflows/cargo-metadata-upload.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: Target Determinator Cargo Metadata Uploader -on: - push: - branches: - - "main" - pull_request: - paths: - - ".github/workflows/cargo-metadata-upload.yaml" -permissions: - contents: read - id-token: write -jobs: - cargo-metadata: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - - uses: dsherret/rust-toolchain-file@v1 - - id: auth - uses: "google-github-actions/auth@v2" - with: - workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - service_account: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - - uses: "google-github-actions/setup-gcloud@v2" - - shell: bash - run: | - cargo metadata --all-features | gsutil cp - gs://aptos-core-cargo-metadata-public/metadata-${{ github.sha }}.json diff --git a/.github/workflows/check-minimum-revision.yaml b/.github/workflows/check-minimum-revision.yaml deleted file mode 100644 index a8ff5b694a043..0000000000000 --- a/.github/workflows/check-minimum-revision.yaml +++ /dev/null @@ -1,51 +0,0 @@ -name: "Check Minimum Revision" - -on: - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - workflow_dispatch: - inputs: - GIT_SHA: - required: true - type: string - -env: - GIT_SHA: ${{ inputs.GIT_SHA }} - MINIMUM_REVISION: ${{ secrets.MINIMUM_REVISION }} - -jobs: - check-minimum-revision: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ env.GIT_SHA }} - fetch-depth: 1000 - - name: Check merge base is new enough - id: check-merge-base - run: | - set -ex - - if [ -z "$MINIMUM_REVISION" ]; then - echo "Skipping check" - exit 0 - fi - - git fetch origin main - - set +e - git merge-base \ - --is-ancestor "$MINIMUM_REVISION" "${{ env.GIT_SHA }}" - FAILED=$? - set -e - - echo "FAIL_MERGE_BASE=${FAILED}" >> $GITHUB_OUTPUT - MERGE_BASE="$(git merge-base origin/main ${{ env.GIT_SHA }})" - - if [[ $FAILED == 1 ]]; then - echo "Your merge base $MERGE_BASE is too old" | tee fail-merge-base.txt - echo "Please rebase on or past $MINIMUM_REVISION" | tee -a fail-merge-base.txt - fi diff --git a/.github/workflows/check-protos.yaml b/.github/workflows/check-protos.yaml deleted file mode 100644 index acb4a5016a654..0000000000000 --- a/.github/workflows/check-protos.yaml +++ /dev/null @@ -1,74 +0,0 @@ -# This workflow exists to make sure that we know when the protos and the generated code -# are out of sync. In this workflow we generate code from the protos and make sure it -# matches what is checked in. - -# To make this much faster we don't use our own rust setup script. There is no need -# right now because the packages we're installing work fine with the latest version -# of Rust, at least at the time of writing. Famous last words of course, it's possible -# that the preinstalled version of the toolchain will break this at some point, but -# that probably won't happen for quite a while. - -name: "Check Protos" -on: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - -# Cancel redundant builds. -concurrency: - # For push and workflow_dispatch events we use `github.sha` in the concurrency group and don't really cancel each other out/limit concurrency. - # For pull_request events newer jobs cancel earlier jobs to save on CI etc. - group: ${{ github.workflow }}-${{ github.event_name }}-${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.sha || github.head_ref || github.ref }} - cancel-in-progress: true - -jobs: - check: - runs-on: ubuntu-latest - if: | # Only run on each PR once an appropriate event occurs - ( - github.event_name == 'workflow_dispatch' || - github.event_name == 'push' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - github.event.pull_request.auto_merge != null - ) - steps: - - uses: actions/checkout@v3 - - # Install buf, which we use to generate code from the protos for Rust and TS. - - name: Install buf - uses: bufbuild/buf-setup-action@v1.24.0 - with: - version: 1.28.1 - - - uses: pre-commit/action@v3.0.0 - - # Install protoc itself. - - name: Install Protoc - uses: arduino/setup-protoc@v2 - with: - version: "25.x" - - # Set up pnpm. - - uses: pnpm/action-setup@v2 - with: - version: 8.6.2 - - # Set up Poetry. - - name: Install Python deps for generating code from protos - uses: ./.github/actions/python-setup - with: - pyproject_directory: ./protos/python - - # Install the Rust, TS, and Python codegen deps. - - name: Install deps for generating code from protos - run: cd protos && ./scripts/install_deps.sh - - # Finally, generate code based on the protos. - - name: Generate code - run: cd protos && ./scripts/build_protos.sh - - # Confirm that nothing has changed. - - name: Confirm that nothing has changed - run: git diff --exit-code diff --git a/.github/workflows/check-sdk-examples.yaml b/.github/workflows/check-sdk-examples.yaml deleted file mode 100644 index 6e3c5221f9984..0000000000000 --- a/.github/workflows/check-sdk-examples.yaml +++ /dev/null @@ -1,46 +0,0 @@ -name: "Check SDK examples" -on: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - devnet - -jobs: - # Run the TS SDK examples. Note: There are small windows where these examples - # might be able to fail. For example, if we released a new devnet and SDK with - # an incompatible change, but haven't updated the examples to use the new SDK. - # That's why this is a separate job, because there are times when it could fail, - # whereas there is no reason why the test-sdk-confirm-client-generated-publish - # job should fail. These could also fail because we run them against devnet, - # whereas we run the test-sdk-confirm-client-generated-publish against a node - # built from the same commit and run as part of that CI job. - run-examples: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - runs-on: ubuntu-latest - env: - APTOS_NODE_URL: https://fullnode.devnet.aptoslabs.com - APTOS_FAUCET_URL: https://faucet.devnet.aptoslabs.com - FAUCET_AUTH_TOKEN: ${{ secrets.DEVNET_TAP_AUTH_TOKEN }} - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version-file: .node-version - - uses: pnpm/action-setup@v2 - - # Run example code in typescript. - - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2 - name: ts-example-test - with: - max_attempts: 5 - timeout_minutes: 20 - command: cd ./ecosystem/typescript/sdk/examples/typescript && pnpm install && pnpm test - - # Run example code in javascript. - - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2 - name: js-example-test - with: - max_attempts: 5 - timeout_minutes: 20 - command: cd ./ecosystem/typescript/sdk/examples/javascript && pnpm install && pnpm test diff --git a/.github/workflows/cli-e2e-tests.yaml b/.github/workflows/cli-e2e-tests.yaml deleted file mode 100644 index 70a1415ba9708..0000000000000 --- a/.github/workflows/cli-e2e-tests.yaml +++ /dev/null @@ -1,87 +0,0 @@ -name: "Run Aptos CLI E2E tests" -on: - # This is called from within the docker-build-test.yaml workflow since we depend - # on the build of the image of the CLI we're testing having been built before this - # workflow runs. You can see in the invocation of the test suite that we pass in - # the image repo we just built and pushed the tools image to and the git SHA1 of - # the commit / PR that triggered this workflow. - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - description: Use this to override the git SHA1, branch name (e.g. devnet) or tag - SKIP_JOB: - required: false - default: false - type: boolean - description: Set to true to skip this job. Useful for PRs that don't require this workflow. - -# TODO: should we migrate this to a composite action, so that we can skip it -# at the call site, and don't need to wrap each step in an if statement? -jobs: - # Run the Aptos CLI examples. We run the CLI on this commit / PR against a - # local testnet using the devnet, testnet, and mainnet branches. This way - # we ensure that the Aptos CLI works with all 3 prod networks, at least - # based on the tests in the test suite. - run-cli-tests: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@v3 - if: ${{ !inputs.SKIP_JOB }} - with: - ref: ${{ inputs.GIT_SHA }} - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - if: ${{ !inputs.SKIP_JOB }} - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: ./.github/actions/python-setup - if: ${{ !inputs.SKIP_JOB }} - with: - pyproject_directory: crates/aptos/e2e - - # Run CLI tests against local testnet built from devnet branch. - - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2 - if: ${{ !inputs.SKIP_JOB }} - name: devnet-tests - with: - max_attempts: 5 - timeout_minutes: 20 - command: cd ./crates/aptos/e2e && poetry run python main.py -d --base-network devnet --image-repo-with-project ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} --test-cli-tag ${{ inputs.GIT_SHA }} --working-directory ${{ runner.temp }}/aptos-e2e-tests-devnet - - # Run CLI tests against local testnet built from testnet branch. - - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2 - if: ${{ !inputs.SKIP_JOB }} - name: testnet-tests - with: - max_attempts: 5 - timeout_minutes: 20 - command: cd ./crates/aptos/e2e && poetry run python main.py -d --base-network testnet --image-repo-with-project ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} --test-cli-tag ${{ inputs.GIT_SHA }} --working-directory ${{ runner.temp }}/aptos-e2e-tests-testnet - - # Run CLI tests against local testnet built from mainnet branch. - - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2 - if: ${{ !inputs.SKIP_JOB }} - name: mainnet-tests - with: - max_attempts: 5 - timeout_minutes: 20 - command: cd ./crates/aptos/e2e && poetry run python main.py -d --base-network mainnet --image-repo-with-project ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} --test-cli-tag ${{ inputs.GIT_SHA }} --working-directory ${{ runner.temp }}/aptos-e2e-tests-mainnet - - - name: Print local testnet logs on failure - if: ${{ !inputs.SKIP_JOB && failure() }} - working-directory: docker/compose/validator-testnet - run: docker logs aptos-tools-devnet && docker logs aptos-tools-testnet && docker logs aptos-tools-mainnet - - # Print out whether the job was skipped. - - run: echo "Skipping CLI E2E tests!" - if: ${{ inputs.SKIP_JOB }} diff --git a/.github/workflows/cli-external-deps.yaml b/.github/workflows/cli-external-deps.yaml deleted file mode 100644 index edb70583557aa..0000000000000 --- a/.github/workflows/cli-external-deps.yaml +++ /dev/null @@ -1,20 +0,0 @@ -name: "Check banned CLI dynamic deps" -on: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - workflow_dispatch: - -jobs: - check-dynamic-deps: - runs-on: macos-latest - steps: - - uses: actions/checkout@v3 - if: ${{ !inputs.SKIP_JOB }} - with: - ref: ${{ inputs.GIT_SHA }} - - # This will exit with failure if any of the banned dynamic deps are found. - - run: ./crates/aptos/scripts/check_dynamic_deps.sh diff --git a/.github/workflows/close-stale-issues.yaml b/.github/workflows/close-stale-issues.yaml deleted file mode 100644 index 28ace31ba5d61..0000000000000 --- a/.github/workflows/close-stale-issues.yaml +++ /dev/null @@ -1,24 +0,0 @@ -name: "Close stale issues and PRs" -on: - schedule: - - cron: "30 1 * * *" - workflow_dispatch: - -permissions: - # contents: write # only for delete-branch option - issues: write - pull-requests: write - -jobs: - stale: - runs-on: ubuntu-latest - steps: - - uses: actions/stale@v6 - with: - days-before-stale: 45 - days-before-close: 15 - operations-per-run: 500 - stale-issue-message: "This issue is stale because it has been open 45 days with no activity. Remove the `stale` label or comment - otherwise this will be closed in 15 days." - stale-pr-message: "This issue is stale because it has been open 45 days with no activity. Remove the `stale` label, comment or push a commit - otherwise this will be closed in 15 days." - exempt-issue-labels: stale-exempt - exempt-pr-labels: stale-exempt diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml deleted file mode 100644 index 7591c4c3577d6..0000000000000 --- a/.github/workflows/codeql-analysis.yaml +++ /dev/null @@ -1,49 +0,0 @@ -name: "CodeQL" - -on: - # Allow triggering manually - workflow_dispatch: - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ "javascript", "python", "ruby" ] - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@807578363a7869ca324a79039e6db9c843e0e100 # pin@v2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). - # If this step fails, then you should remove it and run the build manually (see below) - - name: Autobuild - uses: github/codeql-action/autobuild@807578363a7869ca324a79039e6db9c843e0e100 # pin@v2 - - # ℹī¸ Command-line programs to run using the OS shell. - # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun - # If the Autobuild fails above, remove it and uncomment the following three lines. - # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance. - # - run: | - # echo "Run, Build Application using script" - # ./location_of_script_within_repo/buildscript.sh - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@807578363a7869ca324a79039e6db9c843e0e100 # pin@v2 diff --git a/.github/workflows/copy-images-to-dockerhub-nightly.yaml b/.github/workflows/copy-images-to-dockerhub-nightly.yaml deleted file mode 100644 index a38aad9e0d11b..0000000000000 --- a/.github/workflows/copy-images-to-dockerhub-nightly.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Copy images to dockerhub nightly -on: - schedule: - # 9am PST (16:00 UTC). - - cron: "0 16 * * *" - -permissions: - contents: read - id-token: write #required for GCP Workload Identity federation - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - copy-images-to-dockerhub: - needs: check-repo - if: github.repository == 'aptos-labs/aptos-core' - uses: ./.github/workflows/copy-images-to-dockerhub.yaml - with: - image_tag_prefix: nightly - secrets: inherit diff --git a/.github/workflows/copy-images-to-dockerhub-release.yaml b/.github/workflows/copy-images-to-dockerhub-release.yaml deleted file mode 100644 index b6a5a59592241..0000000000000 --- a/.github/workflows/copy-images-to-dockerhub-release.yaml +++ /dev/null @@ -1,29 +0,0 @@ -name: Copy images to dockerhub on release -on: - push: - branches: - # aptos-node network-specific release branches - - devnet - - testnet - - mainnet - # preview branches - - preview - - preview-networking - # aptos-indexer-grpc network-specific release branches - - aptos-indexer-grpc-devnet - - aptos-indexer-grpc-testnet - - aptos-indexer-grpc-mainnet - tags: - - aptos-node-v* - - aptos-indexer-grpc-v* - -permissions: - contents: read - id-token: write #required for GCP Workload Identity federation - -jobs: - copy-images-to-docker-hub: - uses: ./.github/workflows/copy-images-to-dockerhub.yaml - with: - image_tag_prefix: ${{ github.ref_name }} - secrets: inherit diff --git a/.github/workflows/copy-images-to-dockerhub.yaml b/.github/workflows/copy-images-to-dockerhub.yaml deleted file mode 100644 index b2c11a156c6e1..0000000000000 --- a/.github/workflows/copy-images-to-dockerhub.yaml +++ /dev/null @@ -1,64 +0,0 @@ -name: Release Images -on: - workflow_call: - inputs: - image_tag_prefix: - required: true - type: string - description: a prefix to use for image tags. E.g. `devnet`. It results in an image tag like `:devnet_` - GIT_SHA: - required: false - type: string - description: the git sha to use for the image tag. If not provided, the git sha of the triggering branch will be used - workflow_dispatch: - inputs: - image_tag_prefix: - required: true - type: string - default: adhoc - description: a prefix to use for image tags. E.g. `devnet`. It results in an image tag like `:devnet_` - GIT_SHA: - required: false - type: string - description: the git sha to use for the image tag. If not provided, the git sha of the triggering branch will be used - -permissions: - contents: read - id-token: write #required for GCP Workload Identity federation - -jobs: - copy-images: - # Run on a machine with more local storage for large docker images - runs-on: medium-perf-docker-with-local-ssd - steps: - - uses: actions/checkout@v4 - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.ENV_DOCKERHUB_USERNAME }} - password: ${{ secrets.ENV_DOCKERHUB_PASSWORD }} - - - uses: actions/setup-node@v3 - with: - node-version-file: .node-version - - - uses: pnpm/action-setup@v2 - - - name: Release Images - env: - FORCE_COLOR: 3 # Force color output as per https://github.com/google/zx#using-github-actions - GIT_SHA: ${{ inputs.GIT_SHA || github.sha }} # If GIT_SHA is not provided, use the sha of the triggering branch - AWS_ACCOUNT_ID: ${{ secrets.AWS_ECR_ACCOUNT_NUM }} - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} - IMAGE_TAG_PREFIX: ${{ inputs.image_tag_prefix }} - run: ./docker/release-images.mjs --wait-for-image-seconds=3600 diff --git a/.github/workflows/coverage-move-only.yaml b/.github/workflows/coverage-move-only.yaml deleted file mode 100644 index e0b35b9671762..0000000000000 --- a/.github/workflows/coverage-move-only.yaml +++ /dev/null @@ -1,70 +0,0 @@ -name: "Test Coverage For Move" -on: - # Trigger if any of the conditions - # Any changes to the directory `third_party/move/` - push: - branches: - - 'main' - paths: - - 'third_party/move/**' - - 'aptos-move/e2e-move-tests/**' - - 'aptos-move/framework/**' - - '.github/workflows/coverage-move-only.yaml' - pull_request: - paths: - - 'third_party/move/**' - - 'aptos-move/e2e-move-tests/**' - - 'aptos-move/framework/**' - - '.github/workflows/coverage-move-only.yaml' - -env: - CARGO_INCREMENTAL: "0" - CARGO_TERM_COLOR: always - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - rust-move-unit-coverage: - timeout-minutes: 60 - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - - name: prepare move lang prover tooling. - shell: bash - run: | - echo 'Z3_EXE='/home/runner/bin/z3 | tee -a $GITHUB_ENV - echo 'CVC5_EXE='/home/runner/bin/cvc5 | tee -a $GITHUB_ENV - echo 'DOTNET_ROOT='/home/runner/.dotnet/ | tee -a $GITHUB_ENV - echo 'BOOGIE_EXE='/home/runner/.dotnet/tools/boogie | tee -a $GITHUB_ENV - echo 'MVP_TEST_ON_CI'='1' | tee -a $GITHUB_ENV - echo "/home/runner/bin" | tee -a $GITHUB_PATH - echo "/home/runner/.dotnet" | tee -a $GITHUB_PATH - echo "/home/runner/.dotnet/tools" | tee -a $GITHUB_PATH - - run: rustup component add llvm-tools-preview - - uses: taiki-e/install-action@4fedbddde88aab767a45a011661f832d68202716 # pin@v2.33.28 - with: - tool: nextest,cargo-llvm-cov - - run: docker run --detach -p 5432:5432 cimg/postgres:14.2 - - run: cargo llvm-cov nextest --lcov --output-path lcov_unit.info --ignore-run-fail -p aptos-framework -p "move*" - env: - INDEXER_DATABASE_URL: postgresql://postgres@localhost/postgres - - uses: actions/upload-artifact@v3 - with: - name: lcov_unit - path: lcov_unit.info - - uses: actions/download-artifact@v3 - with: - name: lcov_unit - - name: Upload coverage to Codecov - continue-on-error: true # Don't fail if the codecov upload fails - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # pin@v3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: lcov_unit.info - fail_ci_if_error: true diff --git a/.github/workflows/coverage.yaml b/.github/workflows/coverage.yaml deleted file mode 100644 index c599f3ef023dd..0000000000000 --- a/.github/workflows/coverage.yaml +++ /dev/null @@ -1,109 +0,0 @@ -name: "Test_Coverage" -on: - # Trigger if any of the conditions - # 1. Daily at 12am UTC from the main branch, or - # 2. PR with a specific label (see below) - schedule: - - cron: "0 0 * * *" - pull_request: - types: [labeled] - workflow_dispatch: - workflow_call: - -env: - CARGO_INCREMENTAL: "0" - CARGO_TERM_COLOR: always - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - rust-unit-coverage: - if: | - contains(github.event.pull_request.labels.*.name, 'CICD:run-coverage') || - (github.event_name == 'schedule' && github.ref_name == 'main') - # Note the tests run slowly due to instrutmentation. It takes CI 10 hrs - timeout-minutes: 720 - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # get all the history because cargo xtest --change-since origin/main requires it. - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - - run: rustup component add llvm-tools-preview - - uses: taiki-e/install-action@4fedbddde88aab767a45a011661f832d68202716 # pin@v2.33.28 - with: - tool: nextest,cargo-llvm-cov - - run: docker run --detach -p 5432:5432 cimg/postgres:14.2 - - run: cargo llvm-cov nextest --lcov --output-path lcov_unit.info -vv --ignore-run-fail --workspace --exclude smoke-test --exclude aptos-testcases - env: - INDEXER_DATABASE_URL: postgresql://postgres@localhost/postgres - RUST_MIN_STACK: 33554432 # 32 MB of stack - MVP_TEST_ON_CI: true - SOLC_EXE: /home/runner/bin/solc - Z3_EXE: /home/runner/bin/z3 - CVC5_EXE: /home/runner/bin/cvc5 - DOTNET_ROOT: /home/runner/.dotnet - BOOGIE_EXE: /home/runner/.dotnet/tools/boogie - - uses: actions/upload-artifact@v3 - with: - name: lcov_unit - path: lcov_unit.info - - rust-smoke-coverage: - if: | - contains(github.event.pull_request.labels.*.name, 'CICD:run-coverage') || - (github.event_name == 'schedule' && github.ref_name == 'main') - timeout-minutes: 720 # incremented from 240 due to execution time limit hit in cron - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # get all the history because cargo xtest --change-since origin/main requires it. - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - - run: rustup component add llvm-tools-preview - - uses: taiki-e/install-action@4fedbddde88aab767a45a011661f832d68202716 # pin@v2.33.28 - with: - tool: nextest,cargo-llvm-cov - - run: docker run --detach -p 5432:5432 cimg/postgres:14.2 - - run: cargo build --locked --package=aptos-node --features=failpoints,indexer --release && LLVM_PROFDATA_FLAGS="--failure-mode=all" LOCAL_SWARM_NODE_RELEASE=1 cargo llvm-cov nextest --lcov --output-path lcov_smoke.info -vv --ignore-run-fail --profile smoke-test -p smoke-test - env: - INDEXER_DATABASE_URL: postgresql://postgres@localhost/postgres - RUST_MIN_STACK: 33554432 - MVP_TEST_ON_CI: true - SOLC_EXE: /home/runner/bin/solc - Z3_EXE: /home/runner/bin/z3 - CVC5_EXE: /home/runner/bin/cvc5 - DOTNET_ROOT: /home/runner/.dotnet - BOOGIE_EXE: /home/runner/.dotnet/tools/boogie - - uses: actions/upload-artifact@v3 - with: - name: lcov_smoke - path: lcov_smoke.info - - upload-to-codecov: - if: | - contains(github.event.pull_request.labels.*.name, 'CICD:run-coverage') || - (github.event_name == 'schedule' && github.ref_name == 'main') - && !cancelled() - needs: [ rust-unit-coverage, rust-smoke-coverage ] - runs-on: ubuntu-latest - continue-on-error: true # Don't fail if the codecov upload fails - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - steps: - - uses: actions/checkout@v3 - - uses: actions/download-artifact@v3 - with: - name: lcov_unit - - uses: actions/download-artifact@v3 - with: - name: lcov_smoke - - name: Upload coverage to Codecov - uses: codecov/codecov-action@d9f34f8cd5cb3b3eb79b3e4b5dae3a16df499a70 # pin@v3 - with: - files: lcov_unit.info,lcov_smoke.info - fail_ci_if_error: true diff --git a/.github/workflows/cut-release-branch.yaml b/.github/workflows/cut-release-branch.yaml deleted file mode 100644 index 46021d7b780f9..0000000000000 --- a/.github/workflows/cut-release-branch.yaml +++ /dev/null @@ -1,50 +0,0 @@ -name: "Cut Release Branch" -on: - workflow_dispatch: - inputs: - NEW_VERSION: - required: true - type: string - description: The branch version to cut i.e. 1.4 - GIT_HASH: - required: true - type: string - description: The git hash to use for the base of the new branch - BRANCH_PREFIX: - required: false - type: string - default: aptos-release-v - description: The prefix to use for the branch name - BRANCH_SUFFIX: - required: false - type: string - default: - description: The suffix to use for the branch name if any - -permissions: - contents: read - id-token: write - issues: write - pull-requests: write - -jobs: - cut-release-branch: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - token: ${{ secrets.CUT_RELEASE_BRANCH_CREDENTIALS }} - fetch-depth: 0 - - name: Cut Release Branch - run: | - set -ex - - BRANCH_NAME="${{ inputs.BRANCH_PREFIX }}${{ inputs.NEW_VERSION }}${{ inputs.BRANCH_SUFFIX }}" - git branch - - git checkout ${{ inputs.GIT_HASH }} - git checkout -b "$BRANCH_NAME" - - perl -i -pe 's/version\s*=\s*"[^"]*"/version = "${{ inputs.NEW_VERSION }}.0"/g' aptos-node/Cargo.toml - - git push origin "$BRANCH_NAME" diff --git a/.github/workflows/docker-build-rosetta.yaml b/.github/workflows/docker-build-rosetta.yaml deleted file mode 100644 index 6139c8d8ed194..0000000000000 --- a/.github/workflows/docker-build-rosetta.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# Continuously build Rosetta -name: Docker Build Rosetta - -on: - schedule: - - cron: "0 9 * * 1" # once a week - pull_request: - paths: - - ".github/workflows/docker-build-rosetta.yaml" - # build on changes to dockerfile and build script - - "docker/rosetta/docker-build-rosetta.sh" - - "docker/rosetta/rosetta.Dockerfile" - -permissions: - contents: read - id-token: write #required for GCP Workload Identity federation - -jobs: - build: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - - uses: aptos-labs/aptos-core/.github/actions/buildx-setup@main - - - name: Build rosetta - run: GIT_REF=main docker/rosetta/docker-build-rosetta.sh diff --git a/.github/workflows/docker-build-test.yaml b/.github/workflows/docker-build-test.yaml deleted file mode 100644 index bed1625f8697e..0000000000000 --- a/.github/workflows/docker-build-test.yaml +++ /dev/null @@ -1,391 +0,0 @@ -## IMPORTANT NOTE TO EDITORS OF THIS FILE ## - -## Note that when you create a PR the jobs in this file are triggered off the -## `pull_request_target` event instead of `pull_request` event. This is because -## the `pull_request` event makes secrets only available to PRs from branches, -## not from forks, and some of these jobs require secrets. So with `pull_request_target` -## we're making secrets available to fork-based PRs too. Using `pull_request_target" -## has a side effect, which is that the workflow execution will be driven by the -## state of the .yaml on the `main` (=target) branch, even if you edited -## the .yaml in your PR. So when you for example add a new job here, you -## won't see that job appear in the PR itself. It will only become effective once -## you merge the PR to main. Therefore, if you want to add a new job here and want -## to test it's functionality prior to a merge to main, you have to to _temporarily_ -## change the trigger event from `pull_request_target` to `pull_request`. - -## Additionally, because `pull_request_target` gets secrets injected for forked PRs -## we use `https://github.com/sushichop/action-repository-permission` to ensure these -## jobs are only executed when a repo member with "write" permission has triggered -## the workflow (directly through a push or indirectly by applying a label or enabling -## auto_merge). - -name: "Build+Test Docker Images" -on: # build on main branch OR when a PR is labeled with `CICD:build-images` - # Allow us to run this specific workflow without a PR - workflow_dispatch: - pull_request_target: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - # release branches - - devnet - - testnet - - mainnet - - aptos-node-v* - - aptos-release-v* - # experimental branches - - performance_benchmark - - preview - - preview-networking - # grpc release branches - - aptos-indexer-grpc-devnet - - aptos-indexer-grpc-testnet - - aptos-indexer-grpc-mainnet - - aptos-indexer-grpc-v* - -# cancel redundant builds -concurrency: - # for push and workflow_dispatch events we use `github.sha` in the concurrency group and don't really cancel each other out/limit concurrency - # for pull_request events newer jobs cancel earlier jobs to save on CI etc. - group: ${{ github.workflow }}-${{ github.event_name }}-${{ (github.event_name == 'push' || github.event_name == 'workflow_dispatch') && github.sha || github.head_ref || github.ref }} - cancel-in-progress: true - -env: - AWS_ECR_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} - # In case of pull_request events by default github actions merges main into the PR branch and then runs the tests etc - # on the prospective merge result instead of only on the tip of the PR. - # For more info also see https://github.com/actions/checkout#checkout-pull-request-head-commit-instead-of-merge-commit - GIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} - - # TARGET_CACHE_ID is used as part of the docker tag / cache key inside our bake.hcl docker bake files. - # The goal here is to have a branch or PR-local cache such that consecutive pushes to a shared branch or a specific PR can - # reuse layers from a previous docker build/commit. - # We use `pr-` as cache-id for PRs and simply otherwise. - TARGET_CACHE_ID: ${{ github.event.number && format('pr-{0}', github.event.number) || github.ref_name }} - - # On PRs, only build and push to GCP - # On push, build and push to all remote registries - TARGET_REGISTRY: ${{ github.event_name == 'pull_request_target' && 'remote' || 'remote-all' }} - -permissions: - contents: read - id-token: write #required for GCP Workload Identity federation which we use to login into Google Artifact Registry - issues: write - pull-requests: write - -# Note on the job-level `if` conditions: -# This workflow is designed such that: -# 1. Run ALL jobs when a 'push', 'workflow_dispatch' triggered the workflow or on 'pull_request's which have set auto_merge=true or have the label "CICD:run-e2e-tests". -# 2. Run ONLY the docker image building jobs on PRs with the "CICD:build[-]-images" label. -# 3. Run ONLY the forge-e2e-test job on PRs with the "CICD:run-forge-e2e-perf" label. -# 4. Run NOTHING when neither 1. or 2. or 3. conditions are satisfied. -jobs: - permission-check: - if: | - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(join(github.event.pull_request.labels.*.name, ','), 'CICD:build-') || - contains(join(github.event.pull_request.labels.*.name, ','), 'CICD:run-') || - github.event.pull_request.auto_merge != null || - contains(github.event.pull_request.body, '#e2e') - runs-on: ubuntu-latest - steps: - - name: Check repository permission for user which triggered workflow - uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c - with: - required-permission: write - comment-not-permitted: Sorry, you don't have permission to trigger this workflow. - - # Because the docker build happens in a reusable workflow, have a separate job that collects the right metadata - # for the subsequent docker builds. Reusable workflows do not currently have the "env" context: https://github.com/orgs/community/discussions/26671 - determine-docker-build-metadata: - needs: [permission-check] - runs-on: ubuntu-latest - steps: - - name: collect metadata - run: | - echo "GIT_SHA: ${GIT_SHA}" - echo "TARGET_CACHE_ID: ${TARGET_CACHE_ID}" - echo "TARGET_REGISTRY: ${TARGET_REGISTRY}" - outputs: - gitSha: ${{ env.GIT_SHA }} - targetCacheId: ${{ env.TARGET_CACHE_ID }} - targetRegistry: ${{ env.TARGET_REGISTRY }} - - # This job determines which files were changed - file_change_determinator: - needs: [permission-check] - runs-on: ubuntu-latest - outputs: - only_docs_changed: ${{ steps.determine_file_changes.outputs.only_docs_changed }} - steps: - - uses: actions/checkout@v3 - - name: Run the file change determinator - id: determine_file_changes - uses: ./.github/actions/file-change-determinator - - # This job determines which tests to run - test-target-determinator: - needs: [permission-check] - runs-on: ubuntu-latest - outputs: - run_framework_upgrade_test: ${{ steps.determine_test_targets.outputs.run_framework_upgrade_test }} - steps: - - uses: actions/checkout@v3 - - name: Run the test target determinator - id: determine_test_targets - uses: ./.github/actions/test-target-determinator - - # This is a PR required job. - rust-images: - needs: [permission-check, determine-docker-build-metadata] - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-docker-rust-build.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - TARGET_CACHE_ID: ${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - PROFILE: release - BUILD_ADDL_TESTING_IMAGES: true - TARGET_REGISTRY: ${{ needs.determine-docker-build-metadata.outputs.targetRegistry }} - - rust-images-failpoints: - needs: [permission-check, determine-docker-build-metadata] - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-docker-rust-build.yaml@main - if: | - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:build-failpoints-images') - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - TARGET_CACHE_ID: ${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - PROFILE: release - FEATURES: failpoints - BUILD_ADDL_TESTING_IMAGES: true - TARGET_REGISTRY: ${{ needs.determine-docker-build-metadata.outputs.targetRegistry }} - - rust-images-performance: - needs: [permission-check, determine-docker-build-metadata] - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-docker-rust-build.yaml@main - if: | - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:build-performance-images') - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - TARGET_CACHE_ID: ${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - PROFILE: performance - BUILD_ADDL_TESTING_IMAGES: true - TARGET_REGISTRY: ${{ needs.determine-docker-build-metadata.outputs.targetRegistry }} - - rust-images-consensus-only-perf-test: - needs: [permission-check, determine-docker-build-metadata] - if: | - contains(github.event.pull_request.labels.*.name, 'CICD:build-consensus-only-image') || - contains(github.event.pull_request.labels.*.name, 'CICD:run-consensus-only-perf-test') - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-docker-rust-build.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - TARGET_CACHE_ID: ${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - PROFILE: release - FEATURES: consensus-only-perf-test - BUILD_ADDL_TESTING_IMAGES: true - TARGET_REGISTRY: ${{ needs.determine-docker-build-metadata.outputs.targetRegistry }} - - # This is a PR required job. - node-api-compatibility-tests: - needs: [permission-check, rust-images, determine-docker-build-metadata, file_change_determinator] # runs with the default release docker build variant "rust-images" - if: | - ( - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - github.event.pull_request.auto_merge != null) || - contains(github.event.pull_request.body, '#e2e' - ) - uses: ./.github/workflows/node-api-compatibility-tests.yaml - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - SKIP_JOB: ${{ needs.file_change_determinator.outputs.only_docs_changed == 'true' }} - - # This is a PR required job. - cli-e2e-tests: - needs: [permission-check, rust-images, determine-docker-build-metadata, file_change_determinator] # runs with the default release docker build variant "rust-images" - if: | - ( - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - github.event.pull_request.auto_merge != null) || - contains(github.event.pull_request.body, '#e2e' - ) - uses: aptos-labs/aptos-core/.github/workflows/cli-e2e-tests.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - SKIP_JOB: ${{ needs.file_change_determinator.outputs.only_docs_changed == 'true' }} - - faucet-tests-main: - needs: [permission-check, rust-images, determine-docker-build-metadata, file_change_determinator] # runs with the default release docker build variant "rust-images" - if: | - ( - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - github.event.pull_request.auto_merge != null) || - contains(github.event.pull_request.body, '#e2e' - ) - uses: ./.github/workflows/faucet-tests-main.yaml - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - SKIP_JOB: ${{ needs.file_change_determinator.outputs.only_docs_changed == 'true' }} - - indexer-grpc-e2e-tests: - needs: [permission-check, rust-images, determine-docker-build-metadata] # runs with the default release docker build variant "rust-images" - if: | - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - contains(github.event.pull_request.body, '#e2e') - uses: aptos-labs/aptos-core/.github/workflows/docker-indexer-grpc-test.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - - # This is a PR required job. - forge-e2e-test: - needs: - - permission-check - - determine-docker-build-metadata - - rust-images - - rust-images-failpoints - - rust-images-performance - - rust-images-consensus-only-perf-test - - file_change_determinator - if: | - !failure() && !cancelled() && needs.permission-check.result == 'success' && ( - (github.event_name == 'push' && github.ref_name != 'main') || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - contains(github.event.pull_request.labels.*.name, 'CICD:run-forge-e2e-perf') || - github.event.pull_request.auto_merge != null || - contains(github.event.pull_request.body, '#e2e') - ) - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_TEST_SUITE: realistic_env_max_load - IMAGE_TAG: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_RUNNER_DURATION_SECS: 480 - COMMENT_HEADER: forge-e2e - # Use the cache ID as the Forge namespace so we can limit Forge test concurrency on k8s, since Forge - # test lifecycle is separate from that of GHA. This protects us from the case where many Forge tests are triggered - # by this GHA. If there is a Forge namespace collision, Forge will pre-empt the existing test running in the namespace. - FORGE_NAMESPACE: forge-e2e-${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - SKIP_JOB: ${{ needs.file_change_determinator.outputs.only_docs_changed == 'true' }} - - # Run e2e compat test against testnet branch. This is a PR required job. - forge-compat-test: - needs: - - permission-check - - determine-docker-build-metadata - - rust-images - - rust-images-failpoints - - rust-images-performance - - rust-images-consensus-only-perf-test - - file_change_determinator - if: | - !failure() && !cancelled() && needs.permission-check.result == 'success' && ( - (github.event_name == 'push' && github.ref_name != 'main') || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - github.event.pull_request.auto_merge != null || - contains(github.event.pull_request.body, '#e2e') - ) - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_TEST_SUITE: compat - IMAGE_TAG: 1c2ee7082d6eff8c811ee25d6f5a7d00860a75d5 #aptos-node-v1.16.0 - FORGE_RUNNER_DURATION_SECS: 300 - COMMENT_HEADER: forge-compat - FORGE_NAMESPACE: forge-compat-${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - SKIP_JOB: ${{ needs.file_change_determinator.outputs.only_docs_changed == 'true' }} - - # Run forge framework upgradability test. This is a PR required job. - forge-framework-upgrade-test: - needs: - - permission-check - - determine-docker-build-metadata - - rust-images - - rust-images-failpoints - - rust-images-performance - - rust-images-consensus-only-perf-test - - test-target-determinator - if: | - !failure() && !cancelled() && needs.permission-check.result == 'success' && ( - (github.event_name == 'push' && github.ref_name != 'main') || - github.event_name == 'workflow_dispatch' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-framework-upgrade-test') || - github.event.pull_request.auto_merge != null - ) - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_TEST_SUITE: framework_upgrade - IMAGE_TAG: 1c2ee7082d6eff8c811ee25d6f5a7d00860a75d5 #aptos-node-v1.16.0 - FORGE_RUNNER_DURATION_SECS: 3600 - COMMENT_HEADER: forge-framework-upgrade - FORGE_NAMESPACE: forge-framework-upgrade-${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - SKIP_JOB: ${{ !contains(github.event.pull_request.labels.*.name, 'CICD:run-framework-upgrade-test') && (needs.test-target-determinator.outputs.run_framework_upgrade_test == 'false') }} - - forge-consensus-only-perf-test: - needs: - - permission-check - - determine-docker-build-metadata - - rust-images - - rust-images-failpoints - - rust-images-performance - - rust-images-consensus-only-perf-test - if: | - !failure() && !cancelled() && needs.permission-check.result == 'success' && - contains(github.event.pull_request.labels.*.name, 'CICD:run-consensus-only-perf-test') - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_TEST_SUITE: consensus_only_realistic_env_max_tps - IMAGE_TAG: consensus_only_perf_test_${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_RUNNER_DURATION_SECS: 300 - COMMENT_HEADER: consensus-only-realistic-env-max-tps - FORGE_NAMESPACE: forge-consensus-only-realistic-env-max-tps-${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - - # Run forge multiregion test. This test uses the multiregion forge cluster that deploys pods in three GCP regions. - forge-multiregion-test: - needs: - - permission-check - - determine-docker-build-metadata - - rust-images - - rust-images-failpoints - - rust-images-performance - - rust-images-consensus-only-perf-test - if: | - !failure() && !cancelled() && needs.permission-check.result == 'success' && - contains(github.event.pull_request.labels.*.name, 'CICD:run-multiregion-test') - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_TEST_SUITE: multiregion_benchmark_test - IMAGE_TAG: ${{ needs.determine-docker-build-metadata.outputs.gitSha }} - FORGE_RUNNER_DURATION_SECS: 300 - COMMENT_HEADER: forge-multiregion-test - FORGE_NAMESPACE: forge-multiregion-test-${{ needs.determine-docker-build-metadata.outputs.targetCacheId }} - FORGE_CLUSTER_NAME: forge-multiregion diff --git a/.github/workflows/docker-indexer-grpc-test.yaml b/.github/workflows/docker-indexer-grpc-test.yaml deleted file mode 100644 index dc78a9dc7697e..0000000000000 --- a/.github/workflows/docker-indexer-grpc-test.yaml +++ /dev/null @@ -1,54 +0,0 @@ -name: "Docker Indexer gRPC test" -on: - pull_request: - paths: - - "docker/compose/indexer-grpc/*.yaml" - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - description: Use this to override the git SHA1, branch name (e.g. devnet) or tag to pull docker images with - -jobs: - test-indexer-grpc-docker-compose: - runs-on: ubuntu-latest - permissions: - contents: read - id-token: write - env: - VALIDATOR_IMAGE_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/validator - FAUCET_IMAGE_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/faucet - INDEXER_GRPC_IMAGE_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/indexer-grpc - IMAGE_TAG: ${{ inputs.GIT_SHA || 'devnet' }} # hardcode to a known good build when not running on workflow_call - - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ inputs.GIT_SHA || github.event.pull_request.head.sha || github.sha }} - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - name: Install grpcurl - uses: aptos-labs/aptos-core/.github/actions/install-grpcurl@main - - - name: Set up and verify indexer GRPC local docker - shell: bash - run: ./testsuite/indexer_grpc_local.py --verbose start - - - name: Print docker-compose validator-testnet logs on failure - if: ${{ failure() }} - working-directory: docker/compose/validator-testnet - run: docker-compose logs - - - name: Print docker-compose indexer-grpc logs on failure - if: ${{ failure() }} - working-directory: docker/compose/indexer-grpc - run: docker-compose logs diff --git a/.github/workflows/docker-update-images.yaml b/.github/workflows/docker-update-images.yaml deleted file mode 100644 index 1e93f2cf4c029..0000000000000 --- a/.github/workflows/docker-update-images.yaml +++ /dev/null @@ -1,46 +0,0 @@ -name: Docker Update Images - -permissions: - pull-requests: write - contents: write - -on: - workflow_dispatch: - - schedule: - - cron: "0 9 * * 1" # once a week - - pull_request: - paths: - - scripts/update_docker_images.py - - .github/workflows/docker-update-images.yaml - -jobs: - update: - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Login to Docker Hub - uses: docker/login-action@v2 - with: - username: ${{ secrets.ENV_DOCKERHUB_USERNAME }} - password: ${{ secrets.ENV_DOCKERHUB_PASSWORD }} - - - name: Check and pin updates (if any) - id: check_update - run: python3 scripts/update_docker_images.py - - - name: Create Pull Request - if: ${{ steps.check_update.outputs.NEED_UPDATE == 'True' }} - uses: peter-evans/create-pull-request@a4f52f8033a6168103c2538976c07b467e8163bc # pin@v6.0.1 - with: - commit-message: "Update Docker images" - title: "Update Docker images" - body: "Update Docker images. Generated by the Docker Update Images workflow." - base: main - branch: "docker-update-images" - delete-branch: true - labels: | - CICD:run-e2e-tests diff --git a/.github/workflows/execution-performance.yaml b/.github/workflows/execution-performance.yaml deleted file mode 100644 index 37064dfba35ca..0000000000000 --- a/.github/workflows/execution-performance.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: "execution-performance" -on: - workflow_dispatch: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - schedule: - - cron: "0 */4 * * *" # This runs every four hours - -jobs: - execution-performance: - if: | # Only run on each PR once an appropriate event occurs - ( - github.event_name == 'workflow_dispatch' || - github.event_name == 'schedule' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - contains(github.event.pull_request.labels.*.name, 'CICD:run-execution-performance-test') || - contains(github.event.pull_request.labels.*.name, 'CICD:run-execution-performance-full-test') || - github.event.pull_request.auto_merge != null - ) - uses: ./.github/workflows/workflow-run-execution-performance.yaml - secrets: inherit - with: - GIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} - RUNNER_NAME: executor-benchmark-runner - # Run all tests only on the scheduled cadence, or explicitly requested - IS_FULL_RUN: ${{ github.event_name == 'schedule' || contains(github.event.pull_request.labels.*.name, 'CICD:run-execution-performance-full-test') }} - # Ignore target determination if on the scheduled cadence, or explicitly requested - IGNORE_TARGET_DETERMINATION: ${{ github.event_name == 'schedule' || contains(github.event.pull_request.labels.*.name, 'CICD:run-execution-performance-test') || contains(github.event.pull_request.labels.*.name, 'CICD:run-execution-performance-full-test') }} diff --git a/.github/workflows/faucet-tests-main.yaml b/.github/workflows/faucet-tests-main.yaml deleted file mode 100644 index 0ca51a2f84708..0000000000000 --- a/.github/workflows/faucet-tests-main.yaml +++ /dev/null @@ -1,74 +0,0 @@ -## IMPORTANT NOTE TO EDITORS OF THIS FILE ## - -## If you are trying to change how this CI works, you MUST go read the important -## note at the top of docker-build-test.yaml. In short, to test this, you must temporarily -## change docker-build-test to use the pull_request trigger instead of pull_request_target. - -## Make sure to add the CICD:CICD:build-images and CICD:run-e2e-tests labels to test -## this within an in-review PR. - -## If the above approach is too slow (since you have to wait for the rust images -## to build), you can cut the iteration time dramatically by changing the envs -## - Replace env.IMAGE_TAG for a known image tag -## - env.GIT_SHA will resolve to that of your PR branch - -# These tests ensure that changes to the node don't break compatibility with the faucet. -# -# For tests that prevent changes to the faucet breaking compatibility with the production -# networks, see faucet-tests-prod. -# -# This test uses the node image built from the previous step, hence the workflow_call -# trigger. - -name: "Faucet Integration Tests: Main" -on: - # This is called from within the docker-build-test.yaml workflow since we depend - # on the images having been built before this workflow runs. - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - description: Use this to override the git SHA1, branch name (e.g. devnet) or tag to release the SDK from - SKIP_JOB: - required: false - default: false - type: boolean - description: Set to true to skip this job. Useful for PRs that don't require this workflow. - -env: - # This is the docker image tag that will be used for the SDK release. - # It is also used to pull the docker images for the CI. - IMAGE_TAG: ${{ inputs.GIT_SHA }} - GIT_SHA: ${{ inputs.GIT_SHA || github.event.pull_request.head.sha || github.sha }} # default to PR branch sha when not running on workflow_call - -jobs: - # These tests ensure that the faucet works with a node built from main. If we only - # upgrade devnet if this job is green and we always update the faucet image alongside - # the image for the faucet private fullnode, the faucet and fullnode should always - # be compatible in production. - run-tests-main: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - if: ${{ !inputs.SKIP_JOB }} - with: - ref: ${{ env.GIT_SHA }} - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - if: ${{ !inputs.SKIP_JOB }} - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: ./.github/actions/run-faucet-tests - if: ${{ !inputs.SKIP_JOB }} - with: - NETWORK: custom - IMAGE_TAG: ${{ env.IMAGE_TAG }} - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} diff --git a/.github/workflows/faucet-tests-prod.yaml b/.github/workflows/faucet-tests-prod.yaml deleted file mode 100644 index 940ef883a1e20..0000000000000 --- a/.github/workflows/faucet-tests-prod.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# These tests ensure that changes to the faucet itself or its code dependencies don't -# cause the faucet to stop working with the production (devnet and testnet) networks. -# -# For tests that prevent the node from breaking compatibility with the faucet, see -# faucet-tests-main. -# -# These tests use node images built from devnet / testnet so we don't need to use -# workflow_call to wait for the image build to finish. - -name: "Faucet Integration Tests: Prod" -on: - pull_request_target: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - -permissions: - contents: read - id-token: write # Required for GCP Workload Identity federation which we use to login into Google Artifact Registry - -jobs: - # Note on the job-level `if` conditions: - # This workflow is designed such that we run subsequent jobs only when a 'push' - # triggered the workflow or on 'pull_request's which have set auto_merge=true - # or have the label "CICD:run-e2e-tests". - permission-check: - runs-on: ubuntu-latest - steps: - - name: Check repository permission for user which triggered workflow - uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c - with: - required-permission: write - comment-not-permitted: Sorry, you don't have permission to trigger this workflow. - - # These tests ensure that the faucet works with the nodes running on devnet. - run-tests-devnet: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - needs: [permission-check] - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: ./.github/actions/run-faucet-tests - with: - NETWORK: devnet - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} - - # These tests ensure that the faucet works with the nodes running on testnet. - run-tests-testnet: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - needs: [permission-check] - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: ./.github/actions/run-faucet-tests - with: - NETWORK: testnet - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} diff --git a/.github/workflows/find-packages-with-undeclared-feature-dependencies.yaml b/.github/workflows/find-packages-with-undeclared-feature-dependencies.yaml deleted file mode 100644 index 45dfe907189b5..0000000000000 --- a/.github/workflows/find-packages-with-undeclared-feature-dependencies.yaml +++ /dev/null @@ -1,11 +0,0 @@ -name: "Find Packages with undeclared feature dependencies" -on: - workflow_dispatch: - -jobs: - find-packages-with-undeclared-feature-dependencies: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - - run: scripts/find-packages-with-undeclared-feature-dependencies.sh diff --git a/.github/workflows/forge-pfn.yaml b/.github/workflows/forge-pfn.yaml deleted file mode 100644 index 7db14dd04ab1d..0000000000000 --- a/.github/workflows/forge-pfn.yaml +++ /dev/null @@ -1,170 +0,0 @@ -# Continuously run PFN forge tests against the latest main branch -name: Continuous Forge Tests - Public Fullnodes - -permissions: - issues: write - pull-requests: write - contents: read - id-token: write - actions: write # Required for workflow cancellation via check-aptos-core - -on: - # Allow triggering manually - workflow_dispatch: - inputs: - IMAGE_TAG: - required: false - type: string - description: The docker image tag to test. This may be a git SHA1, or a tag like "_". If not specified, Forge will find the latest build based on the git history (starting from GIT_SHA input) - GIT_SHA: - required: false - type: string - description: The git SHA1 to checkout. This affects the Forge test runner that is used. If not specified, the latest main will be used - pull_request: - paths: - - ".github/workflows/forge-pfn.yaml" - -env: - AWS_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - IMAGE_TAG: ${{ inputs.IMAGE_TAG }} # This is only used for workflow_dispatch, otherwise defaults to empty - AWS_REGION: us-west-2 - -jobs: - # This job determines the image tag and branch to test, and passes them to the other jobs. - # NOTE: this may be better as a separate workflow as the logic is quite complex but generalizable. - determine-test-metadata: - runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH: ${{ steps.determine-test-branch.outputs.BRANCH }} - steps: - - uses: actions/checkout@v3 - - - name: Determine branch based on cadence - id: determine-test-branch - run: | - if [[ "${{ github.event_name }}" == "schedule" ]]; then - echo "Unknown schedule: ${{ github.event.schedule }}" - exit 1 - elif [[ "${{ github.event_name }}" == "push" ]]; then - echo "Branch: ${{ github.ref_name }}" - echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT - else - echo "Using GIT_SHA" - # on workflow_dispatch, this will simply use the inputs.GIT_SHA given (or the default) - # on pull_request, this will default to null and the following "checkout" step will use the PR's base branch - echo "BRANCH=${{ inputs.GIT_SHA }}" >> $GITHUB_OUTPUT - fi - - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - # actions/get-latest-docker-image-tag requires docker utilities and having authenticated to internal docker image registries - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - id: docker-setup - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - EXPORT_GCP_PROJECT_VARIABLES: "false" - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: aptos-labs/aptos-core/.github/actions/get-latest-docker-image-tag@main - id: get-docker-image-tag - with: - branch: ${{ steps.determine-test-branch.outputs.BRANCH }} - variants: "failpoints performance" - - - name: Write summary - run: | - IMAGE_TAG=${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH=${{ steps.determine-test-branch.outputs.BRANCH }} - if [ -n "${BRANCH}" ]; then - echo "BRANCH: [${BRANCH}](https://github.com/${{ github.repository }}/tree/${BRANCH})" >> $GITHUB_STEP_SUMMARY - fi - echo "IMAGE_TAG: [${IMAGE_TAG}](https://github.com/${{ github.repository }}/commit/${IMAGE_TAG})" >> $GITHUB_STEP_SUMMARY - - ### Public fullnode tests - - # Measures PFN latencies with a constant TPS - run-forge-pfn-const-tps: - if: ${{ github.event_name != 'pull_request' }} - needs: determine-test-metadata - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-pfn-const-tps-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: pfn_const_tps - POST_TO_SLACK: true - - # Measures PFN latencies with a constant TPS (with network chaos) - run-forge-pfn-const-tps-network-chaos: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-pfn-const-tps] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-pfn-const-tps-with-network-chaos-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: pfn_const_tps_with_network_chaos - POST_TO_SLACK: true - - # Measures PFN latencies with a constant TPS (with a realistic environment) - run-forge-pfn-const-tps-realistic-env: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-pfn-const-tps-network-chaos] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-pfn-const-tps-with-realistic-env-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: pfn_const_tps_with_realistic_env - POST_TO_SLACK: true - - # Measures max PFN throughput and latencies under load - run-forge-pfn-performance: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-pfn-const-tps-realistic-env] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-pfn-performance-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: pfn_performance - POST_TO_SLACK: true - - # Measures max PFN throughput and latencies under load (with network chaos) - run-forge-pfn-performance-network-chaos: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-pfn-performance] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-pfn-performance-with-network-chaos-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: pfn_performance_with_network_chaos - POST_TO_SLACK: true - - # Measures max PFN throughput and latencies under load (with a realistic environment) - run-forge-pfn-performance-realistic-env: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-pfn-performance-network-chaos] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-pfn-performance-with-realistic-env-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: pfn_performance_with_realistic_env - POST_TO_SLACK: true diff --git a/.github/workflows/forge-stable.yaml b/.github/workflows/forge-stable.yaml deleted file mode 100644 index 2315e959a68d7..0000000000000 --- a/.github/workflows/forge-stable.yaml +++ /dev/null @@ -1,303 +0,0 @@ -# Continuously run stable forge tests against the latest main branch. -name: Continuous Forge Tests - Stable - -permissions: - issues: write - pull-requests: write - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -concurrency: - group: forge-stable-${{ github.ref_name }} - cancel-in-progress: true - -on: - # Allow triggering manually - workflow_dispatch: - inputs: - IMAGE_TAG: - required: false - type: string - description: The docker image tag to test. This may be a git SHA1, or a tag like "_". If not specified, Forge will find the latest build based on the git history (starting from GIT_SHA input) - GIT_SHA: - required: false - type: string - description: The git SHA1 to checkout. This affects the Forge test runner that is used. If not specified, the latest main will be used - # NOTE: to support testing different branches on different schedules, you need to specify the cron schedule in the 'determine-test-branch' step as well below - # Reference: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule - schedule: - - cron: "0 22 * * 0,2,4" # The main branch cadence. This runs every Sun,Tues,Thurs - pull_request: - paths: - - ".github/workflows/forge-stable.yaml" - - "testsuite/find_latest_image.py" - -env: - AWS_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - IMAGE_TAG: ${{ inputs.IMAGE_TAG }} # this is only used for workflow_dispatch, otherwise defaults to empty - AWS_REGION: us-west-2 - -jobs: - # This job determines the image tag and branch to test, and passes them to the other jobs - # NOTE: this may be better as a separate workflow as the logic is quite complex but generalizable - determine-test-metadata: - runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH: ${{ steps.determine-test-branch.outputs.BRANCH }} - BRANCH_HASH: ${{ steps.hash-branch.outputs.BRANCH_HASH }} - steps: - - uses: actions/checkout@v3 - - - name: Determine branch based on cadence - id: determine-test-branch - # NOTE: the schedule cron MUST match the one in the 'on.schedule.cron' section above - run: | - if [[ "${{ github.event_name }}" == "schedule" ]]; then - if [[ "${{ github.event.schedule }}" == "0 22 * * 0,2,4" ]]; then - echo "Branch: main" - echo "BRANCH=main" >> $GITHUB_OUTPUT - else - echo "Unknown schedule: ${{ github.event.schedule }}" - exit 1 - fi - elif [[ "${{ github.event_name }}" == "push" ]]; then - echo "Branch: ${{ github.ref_name }}" - echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT - else - echo "Using GIT_SHA" - # on workflow_dispatch, this will simply use the inputs.GIT_SHA given (or the default) - # on pull_request, this will default to null and the following "checkout" step will use the PR's base branch - echo "BRANCH=${{ inputs.GIT_SHA }}" >> $GITHUB_OUTPUT - fi - - # Use the branch hash instead of the full branch name to stay under kubernetes namespace length limit - - name: Hash the branch - id: hash-branch - run: | - # If BRANCH is empty, default to "main" - if [ -z "${{ steps.determine-test-branch.outputs.BRANCH }}" ]; then - BRANCH="main" - else - BRANCH="${{ steps.determine-test-branch.outputs.BRANCH }}" - fi - - # Hashing the branch name - echo "BRANCH_HASH=$(echo -n "$BRANCH" | sha256sum | cut -c1-10)" >> $GITHUB_OUTPUT - - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - # actions/get-latest-docker-image-tag requires docker utilities and having authenticated to internal docker image registries - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - id: docker-setup - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - EXPORT_GCP_PROJECT_VARIABLES: "false" - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: aptos-labs/aptos-core/.github/actions/get-latest-docker-image-tag@main - id: get-docker-image-tag - with: - branch: ${{ steps.determine-test-branch.outputs.BRANCH }} - variants: "failpoints performance" - - - name: Write summary - run: | - IMAGE_TAG=${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH=${{ steps.determine-test-branch.outputs.BRANCH }} - if [ -n "${BRANCH}" ]; then - echo "BRANCH: [${BRANCH}](https://github.com/${{ github.repository }}/tree/${BRANCH})" >> $GITHUB_STEP_SUMMARY - fi - echo "IMAGE_TAG: [${IMAGE_TAG}](https://github.com/${{ github.repository }}/commit/${IMAGE_TAG})" >> $GITHUB_STEP_SUMMARY - - ### Real-world-network tests. - # Run forge framework upgradability test. This is a PR required job. - run-forge-framework-upgrade-test: - if: ${{ github.event_name != 'pull_request' }} - needs: - - determine-test-metadata - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: 1c2ee7082d6eff8c811ee25d6f5a7d00860a75d5 #aptos-node-v1.16.0 - FORGE_NAMESPACE: forge-framework-upgrade-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 7200 # Run for 2 hours - FORGE_TEST_SUITE: framework_upgrade - POST_TO_SLACK: true - - run-forge-realistic-env-max-load-long: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-framework-upgrade-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-realistic-env-max-load-long-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 7200 # Run for 2 hours - FORGE_TEST_SUITE: realistic_env_max_load_large - POST_TO_SLACK: true - - run-forge-realistic-env-load-sweep: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-realistic-env-max-load-long] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-realistic-env-load-sweep-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 1500 # Run for 25 minutes (5 tests, each for 300 seconds) - FORGE_TEST_SUITE: realistic_env_load_sweep - POST_TO_SLACK: true - - run-forge-realistic-env-workload-sweep: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-realistic-env-load-sweep] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-realistic-env-workload-sweep-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 1600 # Run for 26 minutes (4 tests, each for 400 seconds) - FORGE_TEST_SUITE: realistic_env_workload_sweep - POST_TO_SLACK: true - - run-forge-realistic-env-graceful-overload: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-realistic-env-workload-sweep] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-realistic-env-graceful-overload-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 1200 # Run for 20 minutes - FORGE_TEST_SUITE: realistic_env_graceful_overload - POST_TO_SLACK: true - - run-forge-realistic-network-tuned-for-throughput: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-realistic-env-graceful-overload] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-realistic-network-tuned-for-throughput-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 900 # Run for 15 minutes - FORGE_TEST_SUITE: realistic_network_tuned_for_throughput - FORGE_ENABLE_PERFORMANCE: true - POST_TO_SLACK: true - - ### Forge Correctness/Componenet/Stress tests - - run-forge-consensus-stress-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-realistic-network-tuned-for-throughput] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-consensus-stress-test-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 2400 # Run for 40 minutes - FORGE_TEST_SUITE: consensus_stress_test - POST_TO_SLACK: true - - run-forge-workload-mix-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-consensus-stress-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-workload-mix-test-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 900 # Run for 15 minutes - FORGE_TEST_SUITE: workload_mix - POST_TO_SLACK: true - - run-forge-single-vfn-perf: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-workload-mix-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-continuous-e2e-single-vfn-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 480 # Run for 8 minutes - FORGE_TEST_SUITE: single_vfn_perf - POST_TO_SLACK: true - - run-forge-fullnode-reboot-stress-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-single-vfn-perf] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-fullnode-reboot-stress-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: fullnode_reboot_stress_test - POST_TO_SLACK: true - - ### Compatibility Forge tests - - run-forge-compat: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-fullnode-reboot-stress-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - FORGE_NAMESPACE: forge-compat-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 300 # Run for 5 minutes - # This will upgrade from testnet branch to the latest main - FORGE_TEST_SUITE: compat - IMAGE_TAG: 1c2ee7082d6eff8c811ee25d6f5a7d00860a75d5 #aptos-node-v1.16.0 - GIT_SHA: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} # this is the git ref to checkout - POST_TO_SLACK: true - - ### Changing working quorum Forge tests - - run-forge-changing-working-quorum-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-compat] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-changing-working-quorum-test-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 1200 # Run for 20 minutes - FORGE_TEST_SUITE: changing_working_quorum_test - POST_TO_SLACK: true - FORGE_ENABLE_FAILPOINTS: true - - run-forge-changing-working-quorum-test-high-load: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-changing-working-quorum-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-changing-working-quorum-test-high-load-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 900 # Run for 15 minutes - FORGE_TEST_SUITE: changing_working_quorum_test_high_load - POST_TO_SLACK: true - FORGE_ENABLE_FAILPOINTS: true - - # Measures PFN latencies with a constant TPS (with a realistic environment) - run-forge-pfn-const-tps-realistic-env: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-changing-working-quorum-test-high-load] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-pfn-const-tps-with-realistic-env-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 900 # Run for 15 minutes - FORGE_TEST_SUITE: pfn_const_tps_with_realistic_env - POST_TO_SLACK: true diff --git a/.github/workflows/forge-state-sync.yaml b/.github/workflows/forge-state-sync.yaml deleted file mode 100644 index c9b6e2afc72b5..0000000000000 --- a/.github/workflows/forge-state-sync.yaml +++ /dev/null @@ -1,142 +0,0 @@ -# Continuously run state sync forge tests against the latest main branch -name: Continuous Forge Tests - State Sync - -permissions: - issues: write - pull-requests: write - contents: read - id-token: write - actions: write # Required for workflow cancellation via check-aptos-core - -on: - # Allow triggering manually - workflow_dispatch: - inputs: - IMAGE_TAG: - required: false - type: string - description: The docker image tag to test. This may be a git SHA1, or a tag like "_". If not specified, Forge will find the latest build based on the git history (starting from GIT_SHA input) - GIT_SHA: - required: false - type: string - description: The git SHA1 to checkout. This affects the Forge test runner that is used. If not specified, the latest main will be used - pull_request: - paths: - - ".github/workflows/forge-state-sync.yaml" - -env: - AWS_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - IMAGE_TAG: ${{ inputs.IMAGE_TAG }} # This is only used for workflow_dispatch, otherwise defaults to empty - AWS_REGION: us-west-2 - -jobs: - # This job determines the image tag and branch to test, and passes them to the other jobs. - # NOTE: this may be better as a separate workflow as the logic is quite complex but generalizable. - determine-test-metadata: - runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH: ${{ steps.determine-test-branch.outputs.BRANCH }} - steps: - - name: Determine branch based on cadence - id: determine-test-branch - run: | - if [[ "${{ github.event_name }}" == "schedule" ]]; then - echo "Unknown schedule: ${{ github.event.schedule }}" - exit 1 - elif [[ "${{ github.event_name }}" == "push" ]]; then - echo "Branch: ${{ github.ref_name }}" - echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT - else - echo "Using GIT_SHA" - # on workflow_dispatch, this will simply use the inputs.GIT_SHA given (or the default) - # on pull_request, this will default to null and the following "checkout" step will use the PR's base branch - echo "BRANCH=${{ inputs.GIT_SHA }}" >> $GITHUB_OUTPUT - fi - - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - # actions/get-latest-docker-image-tag requires docker utilities and having authenticated to internal docker image registries - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - id: docker-setup - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - EXPORT_GCP_PROJECT_VARIABLES: "false" - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: aptos-labs/aptos-core/.github/actions/get-latest-docker-image-tag@main - id: get-docker-image-tag - with: - branch: ${{ steps.determine-test-branch.outputs.BRANCH }} - variants: "failpoints performance" - - - name: Write summary - run: | - IMAGE_TAG=${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH=${{ steps.determine-test-branch.outputs.BRANCH }} - if [ -n "${BRANCH}" ]; then - echo "BRANCH: [${BRANCH}](https://github.com/${{ github.repository }}/tree/${BRANCH})" >> $GITHUB_STEP_SUMMARY - fi - echo "IMAGE_TAG: [${IMAGE_TAG}](https://github.com/${{ github.repository }}/commit/${IMAGE_TAG})" >> $GITHUB_STEP_SUMMARY - - ### State sync tests - - # Measures state sync performance for validators (output syncing) - run-forge-state-sync-perf-validator-test: - if: ${{ github.event_name != 'pull_request' }} - needs: determine-test-metadata - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-state-sync-perf-validator-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: state_sync_perf_validators - POST_TO_SLACK: true - - # Measures state sync performance for validator fullnodes (execution syncing) - run-forge-state-sync-perf-fullnode-execute-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-state-sync-perf-validator-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-state-sync-perf-fullnode-execute-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: state_sync_perf_fullnodes_execute_transactions - POST_TO_SLACK: true - - # Measures state sync performance for validator fullnodes (fast syncing) - run-forge-state-sync-perf-fullnode-fast-sync-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-state-sync-perf-fullnode-execute-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-state-sync-perf-fullnode-fast-sync-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: state_sync_perf_fullnodes_fast_sync - POST_TO_SLACK: true - - # Measures state sync performance for validator fullnodes (output syncing) - run-forge-state-sync-perf-fullnode-apply-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [determine-test-metadata, run-forge-state-sync-perf-fullnode-fast-sync-test] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-state-sync-perf-fullnode-apply-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 1800 # Run for 30 minutes - FORGE_TEST_SUITE: state_sync_perf_fullnodes_apply_outputs - POST_TO_SLACK: true diff --git a/.github/workflows/forge-unstable.yaml b/.github/workflows/forge-unstable.yaml deleted file mode 100644 index bfc926007220e..0000000000000 --- a/.github/workflows/forge-unstable.yaml +++ /dev/null @@ -1,173 +0,0 @@ -# Continuously run unstable forge tests against the latest main branch, to promote to stable. -name: Continuous Forge Tests - Unstable - -permissions: - issues: write - pull-requests: write - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -on: - # Allow triggering manually - workflow_dispatch: - inputs: - IMAGE_TAG: - required: false - type: string - description: The docker image tag to test. This may be a git SHA1, or a tag like "_". If not specified, Forge will find the latest build based on the git history (starting from GIT_SHA input) - GIT_SHA: - required: false - type: string - description: The git SHA1 to checkout. This affects the Forge test runner that is used. If not specified, the latest main will be used - pull_request: - paths: - - ".github/workflows/forge-unstable.yaml" - -env: - AWS_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_REGION: us-west-2 - IMAGE_TAG: ${{ inputs.IMAGE_TAG }} # this is only used for workflow_dispatch, otherwise defaults to empty - -jobs: - # This job determines the image tag and branch to test, and passes them to the other jobs - # NOTE: this may be better as a separate workflow as the logic is quite complex but generalizable - determine-test-metadata: - runs-on: ubuntu-latest - outputs: - IMAGE_TAG: ${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH: ${{ steps.determine-test-branch.outputs.BRANCH }} - steps: - - uses: actions/checkout@v3 - - - name: Determine branch based on cadence - id: determine-test-branch - run: | - if [[ "${{ github.event_name }}" == "schedule" ]]; then - echo "Unknown schedule: ${{ github.event.schedule }}" - exit 1 - else - echo "Using GIT_SHA" - # on workflow_dispatch, this will simply use the inputs.GIT_SHA given (or the default) - # on pull_request, this will default to null and the following "checkout" step will use the PR's base branch - echo "BRANCH=${{ inputs.GIT_SHA }}" >> $GITHUB_OUTPUT - fi - - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - # actions/get-latest-docker-image-tag requires docker utilities and having authenticated to internal docker image registries - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - id: docker-setup - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - EXPORT_GCP_PROJECT_VARIABLES: "false" - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: aptos-labs/aptos-core/.github/actions/get-latest-docker-image-tag@main - id: get-docker-image-tag - with: - branch: ${{ steps.determine-test-branch.outputs.BRANCH }} - variants: "failpoints performance" - - - name: Write summary - run: | - IMAGE_TAG=${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} - BRANCH=${{ steps.determine-test-branch.outputs.BRANCH }} - if [ -n "${BRANCH}" ]; then - echo "BRANCH: [${BRANCH}](https://github.com/${{ github.repository }}/tree/${BRANCH})" >> $GITHUB_STEP_SUMMARY - fi - echo "IMAGE_TAG: [${IMAGE_TAG}](https://github.com/${{ github.repository }}/commit/${IMAGE_TAG})" >> $GITHUB_STEP_SUMMARY - - forge-continuous: - if: ${{ github.event_name != 'pull_request' }} - needs: determine-test-metadata - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - # GCP cluster - FORGE_CLUSTER_NAME: aptos-forge-1 - COMMENT_HEADER: forge-continuous - # This test suite is configured using the forge.py config test command - FORGE_TEST_SUITE: continuous - - run-forge-state-sync-slow-processing-catching-up-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [ determine-test-metadata, forge-continuous ] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - # GCP cluster - FORGE_CLUSTER_NAME: aptos-forge-1 - FORGE_NAMESPACE: forge-state-sync-slow-processing-catching-up-test-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 900 # Run for 15 minutes - FORGE_TEST_SUITE: state_sync_slow_processing_catching_up - POST_TO_SLACK: true - FORGE_ENABLE_FAILPOINTS: true - - run-forge-twin-validator-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [ determine-test-metadata, run-forge-state-sync-slow-processing-catching-up-test ] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - # GCP cluster - FORGE_CLUSTER_NAME: aptos-forge-1 - FORGE_NAMESPACE: forge-twin-validator-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 900 # Run for 15 minutes - FORGE_TEST_SUITE: twin_validator_test - POST_TO_SLACK: true - - run-forge-state-sync-failures-catching-up-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [ determine-test-metadata, run-forge-twin-validator-test ] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_NAMESPACE: forge-state-sync-failures-catching-up-test-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - # GCP cluster - FORGE_CLUSTER_NAME: aptos-forge-1 - FORGE_RUNNER_DURATION_SECS: 900 # Run for 15 minutes - FORGE_TEST_SUITE: state_sync_failures_catching_up - FORGE_ENABLE_FAILPOINTS: true - POST_TO_SLACK: ${{ needs.determine-test-metadata.outputs.BRANCH == 'main' }} # only post to slack on main branch - - run-forge-validator-reboot-stress-test: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [ determine-test-metadata, run-forge-state-sync-failures-catching-up-test ] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - # GCP cluster - FORGE_CLUSTER_NAME: aptos-forge-1 - FORGE_NAMESPACE: forge-validator-reboot-stress-${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - FORGE_RUNNER_DURATION_SECS: 2400 # Run for 40 minutes - FORGE_TEST_SUITE: validator_reboot_stress_test - POST_TO_SLACK: true - - run-forge-haproxy: - if: ${{ github.event_name != 'pull_request' && always() }} - needs: [ determine-test-metadata, run-forge-validator-reboot-stress-test ] # Only run after the previous job completes - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main - secrets: inherit - with: - IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} - # GCP cluster - FORGE_CLUSTER_NAME: aptos-forge-1 - FORGE_NAMESPACE: forge-haproxy-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} - FORGE_RUNNER_DURATION_SECS: 600 # Run for 10 minutes - FORGE_ENABLE_HAPROXY: true - FORGE_TEST_SUITE: realistic_env_max_load - POST_TO_SLACK: true diff --git a/.github/workflows/fullnode-execute-devnet-main.yaml b/.github/workflows/fullnode-execute-devnet-main.yaml deleted file mode 100644 index b800d1f6f1074..0000000000000 --- a/.github/workflows/fullnode-execute-devnet-main.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This workflow runs a public fullnode using the `main` branch, -# connects the public fullnode to `devnet` and synchronizes the -# node using execution syncing to verify that nothing has been broken. - -name: "fullnode-execute-devnet-main" -on: - workflow_dispatch: - schedule: - - cron: "0 1 * * *" # Once a day, at 01:00 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-execute-devnet-main: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-execute-devnet-main - GIT_REF: main - NETWORK: devnet - BOOTSTRAPPING_MODE: ExecuteTransactionsFromGenesis - CONTINUOUS_SYNCING_MODE: ExecuteTransactions diff --git a/.github/workflows/fullnode-execute-devnet-stable.yaml b/.github/workflows/fullnode-execute-devnet-stable.yaml deleted file mode 100644 index e0d013b119335..0000000000000 --- a/.github/workflows/fullnode-execute-devnet-stable.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This workflow runs a public fullnode using the `devnet` branch, -# connects the public fullnode to `devnet` and synchronizes the -# node using execution syncing to verify that nothing has been broken. - -name: "fullnode-execute-devnet-stable" -on: - workflow_dispatch: - schedule: - - cron: "30 1 */3 * *" # Once every three days, at 01:30 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-execute-devnet-stable: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-execute-devnet-stable - GIT_REF: devnet - NETWORK: devnet - BOOTSTRAPPING_MODE: ExecuteTransactionsFromGenesis - CONTINUOUS_SYNCING_MODE: ExecuteTransactions diff --git a/.github/workflows/fullnode-fast-mainnet-main.yaml b/.github/workflows/fullnode-fast-mainnet-main.yaml deleted file mode 100644 index 2fe43beb8017a..0000000000000 --- a/.github/workflows/fullnode-fast-mainnet-main.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This workflow runs a public fullnode using the `main` branch, -# connects the public fullnode to `mainnet` and synchronizes the -# node using fast syncing to verify that nothing has been broken. - -name: "fullnode-fast-mainnet-main" -on: - workflow_dispatch: - schedule: - - cron: "0 2 * * *" # Once a day, at 02:00 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-fast-mainnet-main: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-fast-mainnet-main - GIT_REF: main - NETWORK: mainnet - BOOTSTRAPPING_MODE: DownloadLatestStates - CONTINUOUS_SYNCING_MODE: ExecuteTransactions diff --git a/.github/workflows/fullnode-fast-mainnet-stable.yaml b/.github/workflows/fullnode-fast-mainnet-stable.yaml deleted file mode 100644 index 53afaa9d55439..0000000000000 --- a/.github/workflows/fullnode-fast-mainnet-stable.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This workflow runs a public fullnode using the `mainnet` branch, -# connects the public fullnode to `mainnet` and synchronizes the -# node using fast syncing to verify that nothing has been broken. - -name: "fullnode-fast-mainnet-stable" -on: - workflow_dispatch: - schedule: - - cron: "30 2 */3 * *" # Once every three days, at 02:30 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-fast-mainnet-stable: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-fast-mainnet-stable - GIT_REF: mainnet - NETWORK: mainnet - BOOTSTRAPPING_MODE: DownloadLatestStates - CONTINUOUS_SYNCING_MODE: ExecuteTransactions diff --git a/.github/workflows/fullnode-fast-testnet-main.yaml b/.github/workflows/fullnode-fast-testnet-main.yaml deleted file mode 100644 index 56dbeefa84afd..0000000000000 --- a/.github/workflows/fullnode-fast-testnet-main.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This workflow runs a public fullnode using the `main` branch, -# connects the public fullnode to `testnet` and synchronizes the -# node using fast syncing to verify that nothing has been broken. - -name: "fullnode-fast-testnet-main" -on: - workflow_dispatch: - schedule: - - cron: "0 3 * * *" # Once a day, at 03:00 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-fast-testnet-main: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-fast-testnet-main - GIT_REF: main - NETWORK: testnet - BOOTSTRAPPING_MODE: DownloadLatestStates - CONTINUOUS_SYNCING_MODE: ExecuteTransactions diff --git a/.github/workflows/fullnode-fast-testnet-stable.yaml b/.github/workflows/fullnode-fast-testnet-stable.yaml deleted file mode 100644 index 924ef153d5b10..0000000000000 --- a/.github/workflows/fullnode-fast-testnet-stable.yaml +++ /dev/null @@ -1,34 +0,0 @@ -# This workflow runs a public fullnode using the `testnet` branch, -# connects the public fullnode to `testnet` and synchronizes the -# node using fast syncing to verify that nothing has been broken. - -name: "fullnode-fast-testnet-stable" -on: - workflow_dispatch: - schedule: - - cron: "30 3 */3 * *" # Once every three days, at 03:30 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-fast-testnet-stable: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-fast-testnet-stable - GIT_REF: testnet - NETWORK: testnet - BOOTSTRAPPING_MODE: DownloadLatestStates - CONTINUOUS_SYNCING_MODE: ExecuteTransactions diff --git a/.github/workflows/fullnode-intelligent-devnet-main.yaml b/.github/workflows/fullnode-intelligent-devnet-main.yaml deleted file mode 100644 index 465ce361276d9..0000000000000 --- a/.github/workflows/fullnode-intelligent-devnet-main.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This workflow runs a public fullnode using the `main` branch, -# connects the public fullnode to `devnet` and synchronizes the -# node using execution or output syncing to verify that nothing -# has been broken. - -name: "fullnode-intelligent-devnet-main" -on: - workflow_dispatch: - schedule: - - cron: "* 4 */3 * *" # Once every three days, at 04:00 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-intelligent-devnet-main: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-intelligent-devnet-main - GIT_REF: main - NETWORK: devnet - BOOTSTRAPPING_MODE: ExecuteOrApplyFromGenesis - CONTINUOUS_SYNCING_MODE: ExecuteTransactionsOrApplyOutputs diff --git a/.github/workflows/fullnode-intelligent-mainnet-main.yaml b/.github/workflows/fullnode-intelligent-mainnet-main.yaml deleted file mode 100644 index 4475d6dc60a7d..0000000000000 --- a/.github/workflows/fullnode-intelligent-mainnet-main.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This workflow runs a public fullnode using the `main` branch, -# connects the public fullnode to `mainnet` and synchronizes the -# node using execution or output syncing to verify that nothing -# has been broken. - -name: "fullnode-intelligent-mainnet-main" -on: - workflow_dispatch: - schedule: - - cron: "30 4 */3 * *" # Once every three days, at 04:30 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-intelligent-mainnet-main: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-intelligent-mainnet-main - GIT_REF: main - NETWORK: mainnet - BOOTSTRAPPING_MODE: DownloadLatestStates - CONTINUOUS_SYNCING_MODE: ExecuteTransactionsOrApplyOutputs diff --git a/.github/workflows/fullnode-intelligent-mainnet-stable.yaml b/.github/workflows/fullnode-intelligent-mainnet-stable.yaml deleted file mode 100644 index 34a16ed2833d5..0000000000000 --- a/.github/workflows/fullnode-intelligent-mainnet-stable.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This workflow runs a public fullnode using the `mainnet` branch, -# connects the public fullnode to `mainnet` and synchronizes the -# node using execution or output syncing to verify that nothing -# has been broken. - -name: "fullnode-intelligent-mainnet-stable" -on: - workflow_dispatch: - schedule: - - cron: "0 5 * * *" # Once a day, at 05:00 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-intelligent-mainnet-stable: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-intelligent-mainnet-stable - GIT_REF: mainnet - NETWORK: mainnet - BOOTSTRAPPING_MODE: DownloadLatestStates - CONTINUOUS_SYNCING_MODE: ExecuteTransactionsOrApplyOutputs diff --git a/.github/workflows/fullnode-intelligent-testnet-main.yaml b/.github/workflows/fullnode-intelligent-testnet-main.yaml deleted file mode 100644 index 407bec2f47a3f..0000000000000 --- a/.github/workflows/fullnode-intelligent-testnet-main.yaml +++ /dev/null @@ -1,35 +0,0 @@ -# This workflow runs a public fullnode using the `main` branch, -# connects the public fullnode to `testnet` and synchronizes the -# node using execution or output syncing to verify that nothing -# has been broken. - -name: "fullnode-intelligent-testnet-main" -on: - workflow_dispatch: - schedule: - - cron: "30 5 */3 * *" # Once every three days, at 05:30 (UTC) - -permissions: - contents: read - id-token: write - actions: write #required for workflow cancellation via check-aptos-core - -jobs: - check-repo: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - fullnode-intelligent-testnet-main: - needs: check-repo - uses: ./.github/workflows/run-fullnode-sync.yaml - secrets: inherit - with: - TEST_NAME: fullnode-intelligent-testnet-main - GIT_REF: main - NETWORK: testnet - BOOTSTRAPPING_MODE: DownloadLatestStates - CONTINUOUS_SYNCING_MODE: ExecuteTransactionsOrApplyOutputs diff --git a/.github/workflows/fuzzer-test.yaml b/.github/workflows/fuzzer-test.yaml deleted file mode 100644 index c8e94ef8a52ee..0000000000000 --- a/.github/workflows/fuzzer-test.yaml +++ /dev/null @@ -1,26 +0,0 @@ -name: "Fuzzers test" - -on: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - workflow_dispatch: - -jobs: - test-fuzzers: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Install Dependencies - shell: bash - run: | - scripts/dev_setup.sh -b - - - name: Test Fuzzers - shell: bash - run: | - cd testsuite/fuzzer && ./fuzz.sh test \ No newline at end of file diff --git a/.github/workflows/indexer-grpc-in-memory-cache-benchmark.yaml b/.github/workflows/indexer-grpc-in-memory-cache-benchmark.yaml deleted file mode 100644 index c3548c30b085c..0000000000000 --- a/.github/workflows/indexer-grpc-in-memory-cache-benchmark.yaml +++ /dev/null @@ -1,22 +0,0 @@ -name: Indexer gRPC in-memory cache benchmark -on: - workflow_dispatch: - schedule: - - cron: "0 0 * * *" - -jobs: - run-indexer-grpc-in-memory-cache-benchmark: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Install grpcurl - run: curl -sSL "https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz" | sudo tar -xz -C /usr/local/bin - - name: Rust setup - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - name: build and run the benchmark - run: | - set -ex - cargo build --release --bin aptos-indexer-grpc-in-memory-cache-benchmark - ./target/release/indexer-grpc-in-memory-cache-benchmark \ No newline at end of file diff --git a/.github/workflows/indexer-grpc-integration-tests.yaml b/.github/workflows/indexer-grpc-integration-tests.yaml deleted file mode 100644 index 4a1c2aa93b181..0000000000000 --- a/.github/workflows/indexer-grpc-integration-tests.yaml +++ /dev/null @@ -1,84 +0,0 @@ -name: "Indexer gRPC Integration Tests" -on: - pull_request_target: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - -permissions: - contents: read - id-token: write # Required for GCP Workload Identity federation which we use to login into Google Artifact Registry - -# cancel redundant builds -concurrency: - # for push events we use `github.sha` in the concurrency group and don't really cancel each other out/limit concurrency - # for pull_request events newer jobs cancel earlier jobs to save on CI etc. - group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event_name == 'push' && github.sha || github.head_ref || github.ref }} - cancel-in-progress: true - -jobs: - permission-check: - runs-on: ubuntu-latest - steps: - - name: Check repository permission for user which triggered workflow - uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c - with: - required-permission: write - comment-not-permitted: Sorry, you don't have permission to trigger this workflow. - - run-tests-local-testnet: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - needs: [permission-check] - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - env: - # spin up the local testnet using the latest devnet image - VALIDATOR_IMAGE_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/validator - FAUCET_IMAGE_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/faucet - INDEXER_GRPC_IMAGE_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/indexer-grpc - IMAGE_TAG: devnet - - steps: - - uses: actions/checkout@v3 - - - name: Install grpcurl - run: curl -sSL "https://github.com/fullstorydev/grpcurl/releases/download/v1.8.7/grpcurl_1.8.7_linux_x86_64.tar.gz" | sudo tar -xz -C /usr/local/bin - - - name: Set up Rust - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: ./.github/actions/python-setup - with: - pyproject_directory: ./testsuite - - - name: Run indexer gRPC dependencies locally (devnet) - shell: bash - working-directory: ./testsuite - run: poetry run python indexer_grpc_local.py --verbose start --no-indexer-grpc - - - name: Run indexer gRPC integration tests - shell: bash - run: cargo nextest run --features integration-tests --package aptos-indexer-grpc-integration-tests - - - name: Print docker-compose indexer-grpc deps logs on failure - if: ${{ failure() }} - working-directory: docker/compose/indexer-grpc - run: docker-compose logs - - - name: Print docker-compose validator-testnet logs on failure - if: ${{ failure() }} - working-directory: docker/compose/validator-testnet - run: docker-compose logs - -# validator-testnet-validator-1 diff --git a/.github/workflows/keyless-circuit-daily-test.yaml b/.github/workflows/keyless-circuit-daily-test.yaml deleted file mode 100644 index 8fecb6df2c516..0000000000000 --- a/.github/workflows/keyless-circuit-daily-test.yaml +++ /dev/null @@ -1,32 +0,0 @@ -name: "Keyless Circuit Daily Test" -on: - # Allow us to manually run this specific workflow without a PR - workflow_dispatch: - schedule: - - cron: "12 12 * * *" # at 12:12 UTC every day - pull_request: - paths: - - ".github/workflows/keyless-circuit-daily-test.yaml" - - "keyless/circuit/**" -env: - CARGO_INCREMENTAL: "0" - CARGO_TERM_COLOR: always - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - run-all-circuit-tests: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - timeout-minutes: 30 - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # get all the history because cargo xtest --change-since origin/main requires it. - - uses: ./.github/actions/rust-setup - - run: | - . keyless/circuit/tools/install-deps.sh - cargo test -p aptos-keyless-circuit -- --nocapture diff --git a/.github/workflows/links.yml b/.github/workflows/links.yml deleted file mode 100644 index a556b8731c4cc..0000000000000 --- a/.github/workflows/links.yml +++ /dev/null @@ -1,35 +0,0 @@ -## Implementation of: https://github.com/marketplace/actions/lychee-broken-link-checker - -name: Aptos GitHub Links Checker - -on: - repository_dispatch: - workflow_dispatch: - schedule: - - cron: "00 18 * * *" - -permissions: - # contents: write # only for delete-branch option - issues: write - pull-requests: write - -jobs: - linkChecker: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - - name: Link Checker - id: lychee - uses: lycheeverse/lychee-action@v1.5.4 - env: - GITHUB_TOKEN: ${{secrets.GITHUB_TOKEN}} - - - name: Create Issue From File - if: env.lychee_exit_code != 0 - uses: peter-evans/create-issue-from-file@v4 - with: - title: Link Checker Report - content-filepath: ./lychee/out.md - labels: report, automated issue - assignees: clay-aptos \ No newline at end of file diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml deleted file mode 100644 index 17ab25e7326d2..0000000000000 --- a/.github/workflows/lint-test.yaml +++ /dev/null @@ -1,205 +0,0 @@ -name: "Lint+Test" -on: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - - devnet - - testnet - - mainnet - - aptos-node-v* - - aptos-release-v* - workflow_dispatch: - -env: - HAS_BUILDPULSE_SECRETS: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID != '' && secrets.BUILDPULSE_SECRET_ACCESS_KEY != '' }} - HAS_DATADOG_SECRETS: ${{ secrets.DD_API_KEY != '' }} - CARGO_INCREMENTAL: "0" - CARGO_TERM_COLOR: always - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - # This job determines which files were changed - file_change_determinator: - runs-on: ubuntu-latest - outputs: - only_docs_changed: ${{ steps.determine_file_changes.outputs.only_docs_changed }} - steps: - - uses: actions/checkout@v4 - - name: Run the file change determinator - id: determine_file_changes - uses: ./.github/actions/file-change-determinator - - # Run all general lints (i.e., non-rust and docs lints). This is a PR required job. - general-lints: - needs: file_change_determinator - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - fetch-depth: 0 # get all the history because python-lint-tests requires it. - - name: Run general lints - uses: ./.github/actions/general-lints - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - run: echo "Skipping general lints! Unrelated changes detected." - if: needs.file_change_determinator.outputs.only_docs_changed == 'true' - - # Run the crypto hasher domain separation checks - rust-cryptohasher-domain-separation-check: - needs: file_change_determinator - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - steps: - - uses: actions/checkout@v4 - - uses: actions/setup-python@v4 - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - run: python3 scripts/check-cryptohasher-symbols.py - - # Run all rust lints. This is a PR required job. - rust-lints: - needs: file_change_determinator - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v4 - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - fetch-depth: 0 # get all the history because cargo xtest --change-since origin/main requires it. - - name: Run rust lints - uses: ./.github/actions/rust-lints - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - run: echo "Skipping rust lints! Unrelated changes detected." - if: needs.file_change_determinator.outputs.only_docs_changed == 'true' - - # Run all rust smoke tests. This is a PR required job. - rust-smoke-tests: - needs: file_change_determinator - if: | # Only run on each PR once an appropriate event occurs - ( - github.event_name == 'workflow_dispatch' || - github.event_name == 'push' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - github.event.pull_request.auto_merge != null) || - contains(github.event.pull_request.body, '#e2e' - ) - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v4 - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - - name: Run rust smoke tests - uses: ./.github/actions/rust-smoke-tests - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - run: echo "Skipping rust smoke tests! Unrelated changes detected." - if: needs.file_change_determinator.outputs.only_docs_changed == 'true' - - # Run only the targeted rust unit tests. This is a PR required job. - rust-targeted-unit-tests: - needs: file_change_determinator - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 # Fetch all git history for accurate target determination - - name: Run targeted rust unit tests - uses: ./.github/actions/rust-targeted-unit-tests - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - # Run all rust unit tests. This is not a PR required job. - rust-unit-tests: - if: | # Only run when an appropriate event occurs - ( - github.event_name == 'workflow_dispatch' || - github.event_name == 'push' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-all-unit-tests') - ) - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v4 - - name: Run rust unit tests - uses: ./.github/actions/rust-unit-tests - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - BUILDKITE_ANALYTICS_TOKEN: ${{ secrets.BUILDKITE_ANALYTICS_TOKEN }} - - # Run the cached packages build. This is a PR required job. - rust-build-cached-packages: - needs: file_change_determinator - if: | # Only run on each PR once an appropriate event occurs - ( - github.event_name == 'workflow_dispatch' || - github.event_name == 'push' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-e2e-tests') || - github.event.pull_request.auto_merge != null - ) - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v4 - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - name: Run aptos cached packages build test - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - run: scripts/cargo_build_aptos_cached_packages.sh --check - - run: echo "Skipping cached packages test! Unrelated changes detected." - if: needs.file_change_determinator.outputs.only_docs_changed == 'true' - - # Run the consensus only unit tests - rust-consensus-only-unit-test: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - if: contains(github.event.pull_request.labels.*.name, 'CICD:build-consensus-only-image') - steps: - - uses: actions/checkout@v4 - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: taiki-e/install-action@v1.5.6 - with: - tool: nextest - - run: cargo nextest run --locked --workspace --exclude smoke-test --exclude aptos-testcases --exclude aptos-api --exclude aptos-executor-benchmark --exclude aptos-backup-cli --retries 3 --no-fail-fast -F consensus-only-perf-test - env: - RUST_MIN_STACK: 4297152 - - # Run the consensus only smoke test - rust-consensus-only-smoke-test: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - if: contains(github.event.pull_request.labels.*.name, 'CICD:build-consensus-only-image') - steps: - - uses: actions/checkout@v4 - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: taiki-e/install-action@v1.5.6 - with: - tool: nextest - # prebuild aptos-node binary, so that tests don't start before node is built. - # also prebuild aptos-node binary as a separate step to avoid feature unification issues - - run: cargo build --locked --package=aptos-node -F consensus-only-perf-test --release && LOCAL_SWARM_NODE_RELEASE=1 CONSENSUS_ONLY_PERF_TEST=1 cargo nextest run --release --package smoke-test -E "test(test_consensus_only_with_txn_emitter)" --run-ignored all - - # We always try to create the artifact, but it only creates on flaky or failed smoke tests -- when the directories are empty. - - name: Upload smoke test logs for failed and flaky tests - uses: actions/upload-artifact@v3 - if: ${{ failure() || success() }} - with: - name: failed-consensus-only-smoke-test-logs - # Retain all smoke test data except for the db (which may be large). - path: | - /tmp/.tmp* - !/tmp/.tmp*/**/db/ - retention-days: 14 diff --git a/.github/workflows/module-verify.yaml b/.github/workflows/module-verify.yaml deleted file mode 100644 index 17b99be413f9d..0000000000000 --- a/.github/workflows/module-verify.yaml +++ /dev/null @@ -1,69 +0,0 @@ -# This defines a workflow to verify all modules that have been published on chain with the latest aptos node software. -# In order to trigger it go to the Actions Tab of the Repo, click "module-verify" and then "Run Workflow". -# -# On PR, a single test case will run. On workflow_dispatch, you may specify the CHAIN_NAME to verify. - -name: "module-verify" -on: - # Allow triggering manually - workflow_dispatch: - inputs: - GIT_SHA: - required: false - type: string - description: The git SHA1 to test. If not specified, it will use the latest commit on main. - CHAIN_NAME: - required: false - type: choice - options: [testnet, mainnet, all] - default: all - description: The chain name to test. If not specified, it will test both testnet and mainnet. - pull_request: - paths: - - ".github/workflows/module-verify.yaml" - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - verify-modules-testnet: - if: ${{ github.event_name == 'workflow_dispatch' && (inputs.CHAIN_NAME == 'testnet' || inputs.CHAIN_NAME == 'all') }} - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-module-verify.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ inputs.GIT_SHA }} - BUCKET: aptos-testnet-backup-2223d95b - SUB_DIR: e1 - BACKUP_CONFIG_TEMPLATE_PATH: terraform/helm/fullnode/files/backup/s3-public.yaml - # workflow config - RUNS_ON: high-perf-docker-with-local-ssd - TIMEOUT_MINUTES: 20 - - verify-modules-mainnet: - if: ${{ github.event_name == 'workflow_dispatch' && (inputs.CHAIN_NAME == 'mainnet' || inputs.CHAIN_NAME == 'all') }} - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-module-verify.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ inputs.GIT_SHA }} - BUCKET: aptos-mainnet-backup-backup-831a69a8 - SUB_DIR: e1 - BACKUP_CONFIG_TEMPLATE_PATH: terraform/helm/fullnode/files/backup/s3-public.yaml - # workflow config - RUNS_ON: high-perf-docker-with-local-ssd - TIMEOUT_MINUTES: 20 - - test-verify-modules: - if: ${{ github.event_name == 'pull_request' }} - uses: aptos-labs/aptos-core/.github/workflows/workflow-run-module-verify.yaml@main - secrets: inherit - with: - GIT_SHA: ${{ github.event.pull_request.head.sha }} - BUCKET: aptos-testnet-backup-2223d95b - SUB_DIR: e1 - BACKUP_CONFIG_TEMPLATE_PATH: terraform/helm/fullnode/files/backup/s3-public.yaml - # workflow config - RUNS_ON: "high-perf-docker-with-local-ssd" - TIMEOUT_MINUTES: 20 diff --git a/.github/workflows/move-test-compiler-v2.yaml b/.github/workflows/move-test-compiler-v2.yaml deleted file mode 100644 index 449892ab72f59..0000000000000 --- a/.github/workflows/move-test-compiler-v2.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: "Aptos Move Test for Compiler V2" -on: - workflow_dispatch: - push: - branches: - - 'main' - paths: - - 'aptos-move/e2e-move-tests/**' - - 'aptos-move/framework/**' - - 'third_party/move/**' - - '.github/workflows/move-test-compiler-v2.yaml' - - '.github/actions/move-tests-compiler-v2/**' - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - -env: - CARGO_INCREMENTAL: "0" - CARGO_TERM_COLOR: always - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - # Run Aptos Move Compiler v2 tests. This is a PR required job. - rust-move-tests: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - name: Run Aptos Move tests with compiler V2 - uses: ./.github/actions/move-tests-compiler-v2 - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} diff --git a/.github/workflows/node-api-compatibility-tests.yaml b/.github/workflows/node-api-compatibility-tests.yaml deleted file mode 100644 index 8feef3eff7533..0000000000000 --- a/.github/workflows/node-api-compatibility-tests.yaml +++ /dev/null @@ -1,128 +0,0 @@ -## IMPORTANT NOTE TO EDITORS OF THIS FILE ## - -## If you are trying to change how this CI works, you MUST go read the important -## note at the top of docker-build-test.yaml. In short, to test this, you must temporarily -## change docker-build-test to use the pull_request trigger instead of pull_request_target. - -## Make sure to add the CICD:CICD:build-images and CICD:run-e2e-tests labels to test -## this within an in-review PR. - -## If the above approach is too slow (since you have to wait for the rust images -## to build), you can cut the iteration time dramatically by changing the envs -## - Replace env.IMAGE_TAG for a known image tag -## - env.GIT_SHA will resolve to that of your PR branch - -# These tests ensure that the Node API, the OpenAPI spec that is generated from it, -# and the TS SDK inner client that is generated from that, all match up. -name: "Node API Compatibility Tests" -on: - # This is called from within the docker-build-test.yaml workflow since we depend - # on the images having been built before this workflow runs. - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - description: Use this to override the git SHA1, branch name (e.g. devnet) or tag to release the SDK from - SKIP_JOB: - required: false - default: false - type: boolean - description: Set to true to skip this job. Useful for PRs that don't require this workflow. - -env: - # This is the docker image tag that will be used for the SDK release. - # It is also used to pull the docker images for the CI. - IMAGE_TAG: ${{ inputs.GIT_SHA || 'devnet' }} # default to "devnet" tag when not running on workflow_call - GIT_SHA: ${{ inputs.GIT_SHA || github.event.pull_request.head.sha || github.sha }} # default to PR branch sha when not running on workflow_call - -# TODO: should we migrate this to a composite action, so that we can skip it -# at the call site, and don't need to wrap each step in an if statement? -jobs: - # Confirm that the generated client within the TS SDK has been re-generated - # if there are any changes that would affect it within the PR / commit. If - # everything is checked in, run tests, build the SDK, and upload it to npmjs. - node-api-compatibility-tests: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - permissions: - contents: read - id-token: write - steps: - - uses: actions/checkout@v3 - if: ${{ !inputs.SKIP_JOB }} - with: - ref: ${{ env.GIT_SHA }} - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - if: ${{ !inputs.SKIP_JOB }} - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - uses: actions/setup-node@v3 - if: ${{ !inputs.SKIP_JOB }} - with: - node-version-file: .node-version - registry-url: "https://registry.npmjs.org" - - # Self hosted runners don't have pnpm preinstalled. - # https://github.com/actions/setup-node/issues/182 - - uses: pnpm/action-setup@v2 - if: ${{ !inputs.SKIP_JOB }} - - # When using high-perf-docker, the CI is actually run with two containers - # in a k8s pod, one for docker commands run in the CI steps (docker), and - # one for everything else (runner). These containers share some volume - # mounts, ${{ runner.temp }} is one of them. Writing the specs here ensures - # the docker run step writes to a same place that the runner can read from. - - run: mkdir -p ${{ runner.temp }}/specs - if: ${{ !inputs.SKIP_JOB }} - - # Build the API specs. - - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2 - if: ${{ !inputs.SKIP_JOB }} - name: generate-yaml-spec - with: - max_attempts: 3 - timeout_minutes: 20 - command: docker run --rm --mount=type=bind,source=${{ runner.temp }}/specs,target=/specs ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/tools:${IMAGE_TAG} aptos-openapi-spec-generator -f yaml -o /specs/spec.yaml - - - uses: nick-fields/retry@7f8f3d9f0f62fe5925341be21c2e8314fd4f7c7c # pin@v2 - if: ${{ !inputs.SKIP_JOB }} - name: generate-json-spec - with: - max_attempts: 3 - timeout_minutes: 20 - command: docker run --rm --mount=type=bind,source=${{ runner.temp }}/specs,target=/specs ${{ vars.GCP_DOCKER_ARTIFACT_REPO }}/tools:${IMAGE_TAG} aptos-openapi-spec-generator -f json -o /specs/spec.json - - # Confirm that the specs we built here are the same as those checked in. - - run: | - echo "If this step fails, run the following commands locally to fix it:" - echo "cargo run -p aptos-openapi-spec-generator -- -f yaml -o api/doc/spec.yaml" - echo "cargo run -p aptos-openapi-spec-generator -- -f json -o api/doc/spec.json" - git diff --no-index --ignore-space-at-eol --ignore-blank-lines ${{ runner.temp }}/specs/spec.yaml api/doc/spec.yaml - git diff --no-index --ignore-space-at-eol --ignore-blank-lines ${{ runner.temp }}/specs/spec.json api/doc/spec.json - if: ${{ !inputs.SKIP_JOB }} - - # Run package install. If install fails, it probably means the lockfile - # was not included in the commit. - - run: cd ./ecosystem/typescript/sdk && pnpm install --frozen-lockfile - if: ${{ !inputs.SKIP_JOB }} - - # Ensure any changes to the generated client were checked in. - - run: cd ./ecosystem/typescript/sdk && pnpm generate-client -o /tmp/generated_client - if: ${{ !inputs.SKIP_JOB }} - - - run: - echo "If this step fails, run the following command locally to fix it:" - echo "cd ecosystem/typescript/sdk && pnpm generate-client" - git diff --no-index --ignore-space-at-eol --ignore-blank-lines ./ecosystem/typescript/sdk/src/generated/ /tmp/generated_client/ - if: ${{ !inputs.SKIP_JOB }} - - # Print out whether the job was skipped. - - run: echo "Skipping node API compatibility tests!" - if: ${{ inputs.SKIP_JOB }} diff --git a/.github/workflows/prover-daily-test.yaml b/.github/workflows/prover-daily-test.yaml deleted file mode 100644 index 5ed59ec538937..0000000000000 --- a/.github/workflows/prover-daily-test.yaml +++ /dev/null @@ -1,35 +0,0 @@ -name: "Prover Daily Test" -on: - # Allow us to manually run this specific workflow without a PR - workflow_dispatch: - # Until enabled on all PRs, run twice a week - schedule: - - cron: "14 14 */3 * *" - pull_request: - paths: - - ".github/workflows/prover-daily-test.yaml" - - ".github/actions/move-prover-setup/**" - -env: - CARGO_INCREMENTAL: "0" - CARGO_TERM_COLOR: always - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - prover-inconsistency-test: - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - timeout-minutes: ${{ github.event_name == 'pull_request' && 10 || 480}} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # get all the history because cargo xtest --change-since origin/main requires it. - - uses: ./.github/actions/move-prover-setup - - run: MVP_TEST_DISALLOW_TIMEOUT_OVERWRITE=1 MVP_TEST_VC_TIMEOUT=1200 cargo test -p aptos-move-examples --release -- --include-ignored prover - - run: MVP_TEST_DISALLOW_TIMEOUT_OVERWRITE=1 MVP_TEST_VC_TIMEOUT=7200 cargo test -p aptos-framework --release -- --include-ignored prover - - run: MVP_TEST_DISALLOW_TIMEOUT_OVERWRITE=1 MVP_TEST_VC_TIMEOUT=1200 MVP_TEST_INCONSISTENCY=1 cargo test -p aptos-move-examples --release -- --include-ignored prover - - run: MVP_TEST_DISALLOW_TIMEOUT_OVERWRITE=1 MVP_TEST_VC_TIMEOUT=7200 MVP_TEST_INCONSISTENCY=1 cargo test -p aptos-framework --release -- --include-ignored prover diff --git a/.github/workflows/prune-old-workflow-runs.yaml b/.github/workflows/prune-old-workflow-runs.yaml deleted file mode 100644 index 65271424432e2..0000000000000 --- a/.github/workflows/prune-old-workflow-runs.yaml +++ /dev/null @@ -1,28 +0,0 @@ -# This workflow runs periodically to delete obsolete workflow runs of workflows that don't exist anymore in the repo. -# This is the keep the Workflow list on the left here https://github.com/aptos-labs/aptos-core/actions tidy. -# The only way to remove a workflow from that list is to delete _all_ runs of a workflow. -name: Prune old workflow runs -on: - workflow_dispatch: - schedule: - # every day at 3am PST - - cron: "0 10 * * *" - -permissions: - actions: write - -jobs: - prune: - if: github.repository == 'aptos-labs/aptos-core' - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version-file: .node-version - - uses: pnpm/action-setup@v2 - - - run: pnpm i && pnpm pruneGithubWorkflowRuns - env: - GITHUB_TOKEN: ${{ github.token }} - working-directory: .github/ts-tasks diff --git a/.github/workflows/replay-verify.yaml b/.github/workflows/replay-verify.yaml deleted file mode 100644 index d0e91d30a3723..0000000000000 --- a/.github/workflows/replay-verify.yaml +++ /dev/null @@ -1,99 +0,0 @@ -# This defines a workflow to replay transactions on the given chain with the latest aptos node software. -# In order to trigger it go to the Actions Tab of the Repo, click "replay-verify" and then "Run Workflow". -# -# On PR, a single test case will run. On workflow_dispatch, you may specify the CHAIN_NAME to verify. - -name: "replay-verify" -on: - # Allow triggering manually - workflow_dispatch: - inputs: - GIT_SHA: - required: false - type: string - description: The git SHA1 to test. If not specified, it will use the latest commit on main. - CHAIN_NAME: - required: false - type: choice - options: [testnet, mainnet, all] - default: all - description: The chain name to test. If not specified, it will test both testnet and mainnet. - pull_request: - paths: - - ".github/workflows/replay-verify.yaml" - - "testsuite/replay_verify.py" - schedule: - - cron: "0 22 * * 0,2,4" # The main branch cadence. This runs every Sun,Tues,Thurs - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - determine-test-metadata: - runs-on: ubuntu-latest - steps: - # checkout the repo first, so check-aptos-core can use it and cancel the workflow if necessary - - uses: actions/checkout@v3 - - uses: ./.github/actions/check-aptos-core - with: - cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork - - replay-testnet: - if: | - github.event_name == 'schedule' || - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' && (inputs.CHAIN_NAME == 'testnet' || inputs.CHAIN_NAME == 'all') - needs: determine-test-metadata - uses: ./.github/workflows/workflow-run-replay-verify.yaml - secrets: inherit - with: - GIT_SHA: ${{ inputs.GIT_SHA }} - # replay-verify config - BUCKET: aptos-testnet-backup-b7b1ad7a - SUB_DIR: e1 - HISTORY_START: 250000000 # TODO: We need an exhaustive list of txns_to_skip before we can set this toterraform/helm/fullnode/files/backup/gcs.yaml - # workflow config - RUNS_ON: "high-perf-docker-with-local-ssd" - TIMEOUT_MINUTES: 480 - - replay-mainnet: - if: | - github.event_name == 'schedule' || - github.event_name == 'push' || - github.event_name == 'workflow_dispatch' && (inputs.CHAIN_NAME == 'mainnet' || inputs.CHAIN_NAME == 'all' ) - needs: determine-test-metadata - uses: ./.github/workflows/workflow-run-replay-verify.yaml - secrets: inherit - with: - GIT_SHA: ${{ inputs.GIT_SHA }} - # replay-verify config - BUCKET: aptos-mainnet-backup-backup-e098483d - SUB_DIR: e1 - HISTORY_START: 0 - TXNS_TO_SKIP: 12253479 12277499 148358668 - BACKUP_CONFIG_TEMPLATE_PATH: terraform/helm/fullnode/files/backup/gcs.yaml - # workflow config - RUNS_ON: "high-perf-docker-with-local-ssd" - TIMEOUT_MINUTES: 480 - - test-replay: - if: ${{ (github.event_name == 'pull_request') && contains(github.event.pull_request.labels.*.name, 'CICD:test-replay')}} - needs: determine-test-metadata - uses: ./.github/workflows/workflow-run-replay-verify.yaml - secrets: inherit - with: - GIT_SHA: ${{ github.event.pull_request.head.sha }} - # replay-verify config - BUCKET: aptos-testnet-backup-b7b1ad7a - SUB_DIR: e1 - HISTORY_START: 250000000 # TODO: We need an exhaustive list of txns_to_skip before we can set this to 0. - TXNS_TO_SKIP: 46874937 151020059 409163615 409163669 409163708 409163774 409163845 409163955 409164059 409164191 414625832 - BACKUP_CONFIG_TEMPLATE_PATH: terraform/helm/fullnode/files/backup/gcs.yaml - # workflow config - RUNS_ON: "high-perf-docker-with-local-ssd" - TIMEOUT_MINUTES: 120 # increase test replay timeout to capture more flaky errors diff --git a/.github/workflows/run-fullnode-sync.yaml b/.github/workflows/run-fullnode-sync.yaml deleted file mode 100644 index 4e08def639f84..0000000000000 --- a/.github/workflows/run-fullnode-sync.yaml +++ /dev/null @@ -1,110 +0,0 @@ -# This workflow is a simple wrapper around the fullnode-sync github -# action. It invokes the action with all the neccessary configurations -# required by the specific fullnode sync test instance. - -name: "Run Fullnode Sync" - -on: - workflow_call: - inputs: - TEST_NAME: - description: "The unique name of the fullnode test." - type: string - required: true - GIT_REF: - description: "The aptos-core git ref (GIT_REF or commit hash) to switch to before running the fullnode." - type: string - required: true - NETWORK: - description: "The network to connect the fullnode to: devnet, testnet, or mainnet." - type: string - required: true - BOOTSTRAPPING_MODE: - description: "The state sync bootstrapping mode for the fullnode." - type: string - required: true - CONTINUOUS_SYNCING_MODE: - description: "The state sync continuous syncing mode for the fullnode." - type: string - required: true - TIMEOUT_MINUTES: - description: "The number of minutes to wait for fullnode sync to finish." - type: number - required: false - default: 300 # Run for at most 5 hours - workflow_dispatch: - inputs: - TEST_NAME: - description: "The unique name of the fullnode test." - type: string - required: true - GIT_REF: - description: "The aptos-core GIT_REF (or ref) to switch to before running the fullnode." - type: string - required: true - NETWORK: - description: "The network to connect the fullnode to: devnet, testnet, or mainnet." - type: string - required: true - BOOTSTRAPPING_MODE: - description: "The state sync bootstrapping mode for the fullnode." - type: string - required: true - CONTINUOUS_SYNCING_MODE: - description: "The state sync continuous syncing mode for the fullnode." - type: string - required: true - -jobs: - fullnode-sync: - runs-on: medium-perf-docker-with-local-ssd - timeout-minutes: ${{ inputs.TIMEOUT_MINUTES || 300 }} # the default run is 300 minutes (5 hours). Specified here because workflow_dispatch uses string rather than number - steps: - - uses: actions/checkout@v3 - - - uses: ./.github/actions/fullnode-sync - with: - GIT_REF: ${{ inputs.GIT_REF }} - NETWORK: ${{ inputs.NETWORK }} - BOOTSTRAPPING_MODE: ${{ inputs.BOOTSTRAPPING_MODE }} - CONTINUOUS_SYNCING_MODE: ${{ inputs.CONTINUOUS_SYNCING_MODE }} - DATA_DIR_FILE_PATH: /tmp/ - NODE_LOG_FILE_PATH: /tmp/node_log - METRICS_DUMP_FILE_PATH: /tmp/metrics - - - name: Upload node logs as an artifact - uses: actions/upload-artifact@v3 - if: ${{ always() }} - with: - name: node_log - path: | - /tmp/node_log - retention-days: 14 - - - name: Upload the metrics dump as an artifact - uses: actions/upload-artifact@v3 - if: ${{ always() }} - with: - name: metrics - path: | - /tmp/metrics - retention-days: 14 - - - name: Post to a Slack channel on failure - if: failure() - id: slack - uses: slackapi/slack-github-action@936158bbe252e9a6062e793ea4609642c966e302 # pin@v1.21.0 - with: - payload: | - { - "text": "${{ ':x:' }} `${{ inputs.TEST_NAME }}`: <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|link>" - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.FORGE_SLACK_WEBHOOK_URL }} - - # Because we have to checkout the actions and then check out a different - # git ref, it's possible the actions directory will be modified. So, we - # need to check it out again for the Post Run actions/checkout to succeed. - - uses: actions/checkout@v3 - with: - path: actions diff --git a/.github/workflows/run-gas-calibration.yaml b/.github/workflows/run-gas-calibration.yaml deleted file mode 100644 index 1f91062a4f633..0000000000000 --- a/.github/workflows/run-gas-calibration.yaml +++ /dev/null @@ -1,39 +0,0 @@ -name: "Gas Calibration" -on: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - - devnet - - testnet - - auto - - canary - -env: - HAS_BUILDPULSE_SECRETS: ${{ secrets.BUILDPULSE_ACCESS_KEY_ID != '' && secrets.BUILDPULSE_SECRET_ACCESS_KEY != '' }} - HAS_DATADOG_SECRETS: ${{ secrets.DD_API_KEY != '' }} - CARGO_INCREMENTAL: "0" - CARGO_TERM_COLOR: always - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request' && github.ref) || github.sha }} - cancel-in-progress: true - -jobs: - run-gas-calibration: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - with: - fetch-depth: 0 # get all the history because cargo xtest --change-since origin/main requires it. - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - name: install Valgrind - shell: bash - run: sudo apt-get -y install valgrind - - run: cargo run -p aptos-vm-profiling -- -r diff --git a/.github/workflows/rust-client-tests.yaml b/.github/workflows/rust-client-tests.yaml deleted file mode 100644 index 0b5ce8e5a9c9a..0000000000000 --- a/.github/workflows/rust-client-tests.yaml +++ /dev/null @@ -1,86 +0,0 @@ -# Each of these jobs runs the Rust SDK client tests from this commit against a local -# testnet built from one of the production release branches. In other words, we run the -# tests against a local devnet, testnet, and mainnet. - -name: "Rust SDK Client Tests" -on: - pull_request_target: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - -permissions: - contents: read - id-token: write # Required for GCP Workload Identity federation which we use to login into Google Artifact Registry - -jobs: - # Note on the job-level `if` conditions: - # This workflow is designed such that we run subsequent jobs only when a 'push' - # triggered the workflow or on 'pull_request's which have set auto_merge=true - # or have the label "CICD:run-e2e-tests". - permission-check: - runs-on: ubuntu-latest - steps: - - name: Check repository permission for user which triggered workflow - uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c - with: - required-permission: write - comment-not-permitted: Sorry, you don't have permission to trigger this workflow. - - run-tests-devnet: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - needs: [permission-check] - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: ./.github/actions/run-rust-client-tests - with: - NETWORK: devnet - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} - - run-tests-testnet: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - needs: [permission-check] - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: ./.github/actions/run-rust-client-tests - with: - NETWORK: testnet - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} - - run-tests-mainnet: - if: contains(github.event.pull_request.labels.*.name, 'CICD:non-required-tests') - needs: [permission-check] - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: ./.github/actions/run-rust-client-tests - with: - NETWORK: mainnet - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} diff --git a/.github/workflows/semgrep.yaml b/.github/workflows/semgrep.yaml deleted file mode 100644 index 19e8577fb383f..0000000000000 --- a/.github/workflows/semgrep.yaml +++ /dev/null @@ -1,27 +0,0 @@ -name: Semgrep - -on: - workflow_dispatch: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - schedule: - - cron: '0 * * * *' - -jobs: - semgrep: - name: semgrep/ci - runs-on: ubuntu-latest - - container: - image: returntocorp/semgrep - options: --user root - - # Skip any PR created by dependabot to avoid permission issues: - if: (github.actor != 'dependabot[bot]') - - steps: - - uses: actions/checkout@v3 - - run: semgrep ci - env: - SEMGREP_RULES: >- - ./.github/linters/semgrep/pull-request-target-code-checkout.yaml diff --git a/.github/workflows/terraform-freeze.yaml b/.github/workflows/terraform-freeze.yaml deleted file mode 100644 index 3b254053acffd..0000000000000 --- a/.github/workflows/terraform-freeze.yaml +++ /dev/null @@ -1,15 +0,0 @@ -name: "Terraform Freeze checker" - -on: - pull_request: - paths: - - "terraform/**" - -jobs: - check-terraform-modifications: - runs-on: ubuntu-latest - steps: - - run: | - echo "Terraform modifications in this repository are not allowed." - echo "The Source of Truth for Terraform is the internal-ops repository." - exit 1 diff --git a/.github/workflows/test-copy-images-to-dockerhub.yaml b/.github/workflows/test-copy-images-to-dockerhub.yaml deleted file mode 100644 index 4f01de7814f18..0000000000000 --- a/.github/workflows/test-copy-images-to-dockerhub.yaml +++ /dev/null @@ -1,28 +0,0 @@ -name: Test Release Images -on: - pull_request: - paths: - - "docker/release-images.mjs" - - "docker/__tests__/**" - push: - branches: - - main - paths: - - "docker/release-images.mjs" - - "docker/__tests__/**" - -permissions: - contents: read - -jobs: - test-copy-images: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - uses: actions/setup-node@v3 - with: - node-version-file: .node-version - - uses: pnpm/action-setup@v2 - - run: pnpm install - - name: Test Release Images - run: ./docker/test.sh diff --git a/.github/workflows/ts-sdk-e2e-tests.yaml b/.github/workflows/ts-sdk-e2e-tests.yaml deleted file mode 100644 index c906451abd78b..0000000000000 --- a/.github/workflows/ts-sdk-e2e-tests.yaml +++ /dev/null @@ -1,77 +0,0 @@ -# Each of these jobs runs the TS SDK E2E tests from this commit against a local testnet -# built from one of the aptos-core branches. Currently we only test against a local -# testnet in a CLI built from main. - -env: - GIT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} - -name: "TS SDK E2E Tests" -on: - pull_request_target: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - push: - branches: - - main - -permissions: - contents: read - id-token: write # Required for GCP Workload Identity federation which we use to login into Google Artifact Registry - -# cancel redundant builds -concurrency: - # cancel redundant builds on PRs (only on PR, not on branches) - group: ${{ github.workflow }}-${{ (github.event_name == 'pull_request_target' && github.event.pull_request.head.sha) || github.sha }} - cancel-in-progress: true - -jobs: - # Note on the job-level `if` conditions: - # This workflow is designed such that we run subsequent jobs only when a 'push' - # triggered the workflow or on 'pull_request's which have set auto_merge=true - # or have the label "CICD:run-e2e-tests". - permission-check: - runs-on: ubuntu-latest - steps: - - name: Check repository permission for user which triggered workflow - uses: sushichop/action-repository-permission@13d208f5ae7a6a3fc0e5a7c2502c214983f0241c - with: - required-permission: write - comment-not-permitted: Sorry, you don't have permission to trigger this workflow. - - # This job determines which files were changed - file_change_determinator: - needs: [permission-check] - runs-on: ubuntu-latest - outputs: - only_docs_changed: ${{ steps.determine_file_changes.outputs.only_docs_changed }} - steps: - - uses: actions/checkout@v3 - - name: Run the file change determinator - id: determine_file_changes - uses: ./.github/actions/file-change-determinator - - # This is a PR required job. This runs both the non-indexer and indexer TS SDK tests. - # Now that the latter runs against the local testnet too we make these land blocking. - run-tests-main-branch: - needs: [permission-check, file_change_determinator] - runs-on: runs-on,cpu=64,family=c7,hdd=500,image=aptos-ubuntu-x64,run-id=${{ github.run_id }} - steps: - - uses: actions/checkout@v3 - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - ref: ${{ env.GIT_SHA }} - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - uses: ./.github/actions/run-ts-sdk-e2e-tests - if: needs.file_change_determinator.outputs.only_docs_changed != 'true' - with: - BRANCH: main - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} - - run: echo "Skipping the tests on the main branch! Unrelated changes detected." - if: needs.file_change_determinator.outputs.only_docs_changed == 'true' diff --git a/.github/workflows/windows-build.yaml b/.github/workflows/windows-build.yaml deleted file mode 100644 index 2b4ae24767328..0000000000000 --- a/.github/workflows/windows-build.yaml +++ /dev/null @@ -1,64 +0,0 @@ -# This workflow tests that the Aptos CLI can be compiled on Windows -name: "Windows CLI Build" - -on: - workflow_dispatch: - pull_request: - types: [labeled, opened, synchronize, reopened, auto_merge_enabled] - schedule: - # Run twice a day at 12PM PT and 8PM PT Monday through Friday - - cron: "0 19,3 * * 1-5" - # Run once a day at 12PM PT on Saturday and Sunday - - cron: "0 19 * * 6,0" - -jobs: - windows-build: - runs-on: windows-latest - if: | # Only run on each PR once an appropriate event occurs - ( - github.event_name == 'workflow_dispatch' || - github.event_name == 'schedule' || - contains(github.event.pull_request.labels.*.name, 'CICD:run-windows-tests') - ) - defaults: - run: - shell: pwsh - steps: - - uses: actions/checkout@v4 - with: - ref: ${{ github.event.pull_request.head.sha }} - fetch-depth: 0 # Fetch all git history for accurate target determination - - # This action will cache ~/.cargo and ./target (or the equivalent on Windows in - # this case). See more here: - # https://github.com/Swatinem/rust-cache#cache-details - - name: Run cargo cache - uses: Swatinem/rust-cache@359a70e43a0bb8a13953b04a90f76428b4959bb6 # pin@v2.2.0 - - - name: Set up WinGet - run: Set-Variable ProgressPreference SilentlyContinue ; PowerShell -ExecutionPolicy Bypass -File scripts/windows_dev_setup.ps1 - - - name: Install the Developer Tools - run: Set-Variable ProgressPreference SilentlyContinue ; PowerShell -ExecutionPolicy Bypass -File scripts/windows_dev_setup.ps1 -t - - # This is required for the openssl-sys crate to build. - # See: https://github.com/sfackler/rust-openssl/issues/1542#issuecomment-1399358351 - - name: Update the VCPKG root - run: echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append - - name: Install OpenSSL - run: vcpkg install openssl:x64-windows-static-md --clean-after-build - - # Output the changed files - - name: Output the changed files - run: cargo x changed-files -vv - shell: bash - - # Output the affected packages - - name: Output the affected packages - run: cargo x affected-packages -vv - shell: bash - - # Build and test the Aptos CLI (if it has changed) - - name: Build and test the CLI - run: cargo x targeted-cli-tests -vv - shell: bash diff --git a/.github/workflows/workflow-run-docker-rust-build.yaml b/.github/workflows/workflow-run-docker-rust-build.yaml deleted file mode 100644 index eb39e8a60438b..0000000000000 --- a/.github/workflows/workflow-run-docker-rust-build.yaml +++ /dev/null @@ -1,98 +0,0 @@ -name: "*run Docker rust build reusable workflow" - -on: - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - description: The git SHA1 to build. If not specified, the latest commit on the triggering branch will be built - TARGET_CACHE_ID: - required: true - type: string - description: ID of the docker cache to use for the build - FEATURES: - required: false - type: string - description: The cargo features to build. If not specified, none will be built other than those specified in cargo config - PROFILE: - default: release - required: false - type: string - description: The cargo profile to build. If not specified, the default release profile will be used - BUILD_ADDL_TESTING_IMAGES: - default: false - required: false - type: boolean - description: Whether to build additional testing images. If not specified, only the base release images will be built - TARGET_REGISTRY: - default: gcp - required: false - type: string - description: The target docker registry to push to - - workflow_dispatch: - inputs: - GIT_SHA: - required: true - type: string - description: The git SHA1 to build. If not specified, the latest commit on the triggering branch will be built - FEATURES: - required: false - type: string - description: The cargo features to build. If not specified, none will be built other than those specified in cargo config - PROFILE: - default: release - required: false - type: string - description: The cargo profile to build. If not specified, the default release profile will be used - BUILD_ADDL_TESTING_IMAGES: - default: false - required: false - type: boolean - description: Whether to build additional testing images. If not specified, only the base release images will be built - TARGET_REGISTRY: - default: gcp - required: false - type: string - description: The target docker registry to push to - -env: - GIT_SHA: ${{ inputs.GIT_SHA }} - TARGET_CACHE_ID: ${{ inputs.TARGET_CACHE_ID || inputs.GIT_SHA }} # on workflow_dispatch, the build is one-off, so use the git sha as the cache id instead of another key - PROFILE: ${{ inputs.PROFILE }} - FEATURES: ${{ inputs.FEATURES }} - BUILD_ADDL_TESTING_IMAGES: ${{ inputs.BUILD_ADDL_TESTING_IMAGES }} - AWS_ECR_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} - GCP_DOCKER_ARTIFACT_REPO: ${{ vars.GCP_DOCKER_ARTIFACT_REPO }} - TARGET_REGISTRY: ${{ inputs.TARGET_REGISTRY }} - -permissions: - contents: read - id-token: write #required for GCP Workload Identity federation which we use to login into Google Artifact Registry - -jobs: - rust-all: - runs-on: experimental-docker - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ env.GIT_SHA }} - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - name: Build and Push Rust images - run: docker/builder/docker-bake-rust-all.sh - env: - PROFILE: ${{ env.PROFILE }} - FEATURES: ${{ env.FEATURES }} - BUILD_ADDL_TESTING_IMAGES: ${{ env.BUILD_ADDL_TESTING_IMAGES }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - TARGET_REGISTRY: ${{ env.TARGET_REGISTRY }} diff --git a/.github/workflows/workflow-run-execution-performance.yaml b/.github/workflows/workflow-run-execution-performance.yaml deleted file mode 100644 index 48c5c1ee6ff6b..0000000000000 --- a/.github/workflows/workflow-run-execution-performance.yaml +++ /dev/null @@ -1,90 +0,0 @@ -name: "*run execution-performance reusable workflow" - -on: - # This allows the workflow to be triggered from another workflow - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - description: The git SHA1 to test. - RUNNER_NAME: - required: false - default: executor-benchmark-runner - type: string - IS_FULL_RUN: - required: false - default: false - type: boolean - description: Run complete version of the tests - IGNORE_TARGET_DETERMINATION: - required: false - default: false - type: boolean - description: Ignore target determination and run the tests - # This allows the workflow to be triggered manually from the Github UI or CLI - # NOTE: because the "number" type is not supported, we default to 720 minute timeout - workflow_dispatch: - inputs: - GIT_SHA: - required: true - type: string - description: The git SHA1 to test. - RUNNER_NAME: - required: false - default: executor-benchmark-runner - type: choice - options: - - executor-benchmark-runner - description: The name of the runner to use for the test. - IS_FULL_RUN: - required: false - default: false - type: boolean - description: Run complete version of the tests - IGNORE_TARGET_DETERMINATION: - required: false - default: false - type: boolean - description: Ignore target determination and run the tests - -jobs: - # This job determines which tests to run - test-target-determinator: - runs-on: ubuntu-latest - outputs: - run_execution_performance_test: ${{ steps.determine_test_targets.outputs.run_execution_performance_test }} - steps: - - uses: actions/checkout@v3 - - name: Run the test target determinator - id: determine_test_targets - uses: ./.github/actions/test-target-determinator - - # Run single node execution performance tests - single-node-performance: - needs: test-target-determinator - timeout-minutes: 60 - runs-on: ${{ inputs.RUNNER_NAME }} - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ inputs.GIT_SHA }} - if: ${{ inputs.IGNORE_TARGET_DETERMINATION || needs.test-target-determinator.outputs.run_execution_performance_test == 'true' }} - - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - if: ${{ inputs.IGNORE_TARGET_DETERMINATION || needs.test-target-determinator.outputs.run_execution_performance_test == 'true' }} - - - name: Run single node execution benchmark in performance build mode - shell: bash - run: TABULATE_INSTALL=lib-only pip install tabulate && testsuite/single_node_performance.py - if: ${{ !inputs.IS_FULL_RUN && (inputs.IGNORE_TARGET_DETERMINATION || needs.test-target-determinator.outputs.run_execution_performance_test == 'true') }} - - - name: Run full version of the single node execution benchmark in performance build mode - shell: bash - run: TABULATE_INSTALL=lib-only pip install tabulate && FLOW=CONTINUOUS testsuite/single_node_performance.py - if: ${{ inputs.IS_FULL_RUN && (inputs.IGNORE_TARGET_DETERMINATION || needs.test-target-determinator.outputs.run_execution_performance_test == 'true') }} - - - run: echo "Skipping single node execution performance! Unrelated changes detected." - if: ${{ !inputs.IGNORE_TARGET_DETERMINATION && needs.test-target-determinator.outputs.run_execution_performance_test != 'true' }} diff --git a/.github/workflows/workflow-run-forge.yaml b/.github/workflows/workflow-run-forge.yaml deleted file mode 100644 index 5de05cc005469..0000000000000 --- a/.github/workflows/workflow-run-forge.yaml +++ /dev/null @@ -1,218 +0,0 @@ -name: "*run Forge reusable workflow" - -on: - # this is called from within the build-images.yaml workflow since we depend on the images having been built before - workflow_call: - inputs: - GIT_SHA: - required: false - type: string - description: The git SHA1 to test. If not specified, Forge will check the latest commits on the current branch - IMAGE_TAG: - required: false - type: string - description: The docker image tag to test. If not specified, falls back on GIT_SHA, and then to the latest commits on the current branch - FORGE_IMAGE_TAG: - required: false - type: string - description: The docker image tag to use for forge runner. If not specified, falls back on GIT_SHA, and then to the latest commits on the current branch - FORGE_NAMESPACE: - required: false - type: string - description: The Forge k8s namespace to be used for test. This value should manage Forge test concurrency. It may be truncated. - FORGE_CLUSTER_NAME: - required: false - type: string - description: The Forge k8s cluster to be used for test - FORGE_RUNNER_DURATION_SECS: - required: false - type: number - default: 480 - description: Duration of the forge test run - FORGE_TEST_SUITE: - required: false - type: string - default: land_blocking - description: Test suite to run - POST_TO_SLACK: - required: false - type: boolean - default: false - description: Whether to post the test results comment to Slack - COMMENT_ON_PR: - required: false - type: boolean - default: true - description: Whether to post the test results comment to the PR - TIMEOUT_MINUTES: - required: false - type: number - default: 360 - description: Github job timeout in minutes - FORGE_ENABLE_FAILPOINTS: - required: false - type: string - description: Whether to use failpoints images - FORGE_ENABLE_HAPROXY: - required: false - type: string - description: Whether to use HAPRoxy - FORGE_ENABLE_PERFORMANCE: - required: false - type: string - description: Whether to use performance images - COMMENT_HEADER: - required: false - type: string - default: forge - description: A unique ID for Forge sticky comment on your PR. See - https://github.com/marocchino/sticky-pull-request-comment#keep-more-than-one-comment - SKIP_JOB: - required: false - default: false - type: boolean - description: Set to true to skip this job. Useful for PRs that don't require this workflow. - -env: - AWS_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - AWS_REGION: us-west-2 - IMAGE_TAG: ${{ inputs.IMAGE_TAG }} - FORGE_IMAGE_TAG: ${{ inputs.FORGE_IMAGE_TAG }} - FORGE_BLOCKING: ${{ secrets.FORGE_BLOCKING }} - FORGE_CLUSTER_NAME: ${{ inputs.FORGE_CLUSTER_NAME }} - FORGE_OUTPUT: forge_output.txt - FORGE_REPORT: forge_report.json - FORGE_COMMENT: forge_comment.txt - FORGE_PRE_COMMENT: forge_pre_comment.txt - FORGE_RUNNER_MODE: k8s - FORGE_RUNNER_DURATION_SECS: ${{ inputs.FORGE_RUNNER_DURATION_SECS }} - FORGE_NAMESPACE: ${{ inputs.FORGE_NAMESPACE }} - FORGE_ENABLE_HAPROXY: ${{ inputs.FORGE_ENABLE_HAPROXY }} - FORGE_TEST_SUITE: ${{ inputs.FORGE_TEST_SUITE }} - POST_TO_SLACK: ${{ inputs.POST_TO_SLACK }} - FORGE_ENABLE_FAILPOINTS: ${{ inputs.FORGE_ENABLE_FAILPOINTS }} - FORGE_ENABLE_PERFORMANCE: ${{ inputs.FORGE_ENABLE_PERFORMANCE }} - COMMENT_HEADER: ${{ inputs.COMMENT_HEADER }} - VERBOSE: true - COMMENT_ON_PR: ${{ inputs.COMMENT_ON_PR }} - -# TODO: should we migrate this to a composite action, so that we can skip it -# at the call site, and don't need to wrap each step in an if statement? -jobs: - forge: - runs-on: ubuntu-latest - timeout-minutes: ${{ inputs.TIMEOUT_MINUTES }} - steps: - - uses: actions/checkout@v4 - if: ${{ !inputs.SKIP_JOB }} - with: - ref: ${{ inputs.GIT_SHA }} - # get the last 10 commits if GIT_SHA is not specified - fetch-depth: inputs.GIT_SHA != null && 0 || 10 - - - uses: actions/setup-python@v4 - if: ${{ !inputs.SKIP_JOB }} - - - name: Install python deps - run: pip3 install click==8.1.3 psutil==5.9.1 - if: ${{ !inputs.SKIP_JOB }} - - # Calculate the auth duration based on the test duration - # If the test duration is less than the default 90 minutes, use the default - # otherwise add 30 minutes to the length of the Forge test run - - name: Calculate Forge Auth Duration - if: ${{ !inputs.SKIP_JOB }} - id: calculate-auth-duration - run: | - auth_duration=$(( $FORGE_RUNNER_DURATION_SECS > 5400 ? $FORGE_RUNNER_DURATION_SECS + 30 * 60 : 5400 )) - echo "auth_duration=${auth_duration}" >> $GITHUB_OUTPUT - - - uses: aptos-labs/aptos-core/.github/actions/docker-setup@main - if: ${{ !inputs.SKIP_JOB }} - id: docker-setup - with: - GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} - GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} - # action/docker-setup logs in to GCP under project "aptos-ci", but this workflow - # runs kubectl under project "aptos-forge-gcp-0", to which the service account - # of "aptos-ci" has delegated access. The exported environment variables will - # still refer to "aptos-ci", which confuses the gcloud CLI, so we need to keep - # them out of the environment. That's ok, because gcloud will take configuration - # from the file-system anyway. - EXPORT_GCP_PROJECT_VARIABLES: "false" - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - GCP_AUTH_DURATION: ${{ steps.calculate-auth-duration.outputs.auth_duration }} - - - name: "Install GCloud SDK" - if: ${{ !inputs.SKIP_JOB }} - uses: "google-github-actions/setup-gcloud@v2" - with: - version: ">= 418.0.0" - install_components: "kubectl,gke-gcloud-auth-plugin" - - - name: "Export GCloud auth token" - if: ${{ !inputs.SKIP_JOB }} - id: gcloud-auth - run: echo "CLOUDSDK_AUTH_ACCESS_TOKEN=${{ steps.docker-setup.outputs.CLOUDSDK_AUTH_ACCESS_TOKEN }}" >> $GITHUB_ENV - shell: bash - - - name: "Setup GCloud project" - if: ${{ !inputs.SKIP_JOB }} - shell: bash - run: gcloud config set project aptos-forge-gcp-0 - - - name: Run pre-Forge checks - if: ${{ !inputs.SKIP_JOB }} - shell: bash - env: - FORGE_RUNNER_MODE: pre-forge - run: testsuite/run_forge.sh - - - name: Post pre-Forge comment - if: ${{ !inputs.SKIP_JOB && env.COMMENT_ON_PR == 'true' && github.event.number != null }} - uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443 # pin@39c5b5dc7717447d0cba270cd115037d32d2844 - with: - header: ${{ env.COMMENT_HEADER }} - hide_and_recreate: true # Hide the previous comment and add a comment at the end - hide_classify: "OUTDATED" - path: ${{ env.FORGE_PRE_COMMENT }} - - - name: Run Forge - if: ${{ !inputs.SKIP_JOB }} - shell: bash - run: testsuite/run_forge.sh - - - name: Post forge result comment - # Post a Github comment if the run has not been cancelled and if we're running on a PR - if: ${{ !inputs.SKIP_JOB && env.COMMENT_ON_PR == 'true' && github.event.number != null && !cancelled() }} - uses: marocchino/sticky-pull-request-comment@39c5b5dc7717447d0cba270cd115037d32d28443 # pin@39c5b5dc7717447d0cba270cd115037d32d2844 - with: - header: ${{ env.COMMENT_HEADER }} - hide_and_recreate: true - hide_classify: "OUTDATED" - path: ${{ env.FORGE_COMMENT }} - - - name: Post to a Slack channel on failure - # Post a Slack comment if the run has not been cancelled and the envs are set - if: ${{ !inputs.SKIP_JOB && env.POST_TO_SLACK == 'true' && failure() }} - id: slack - uses: slackapi/slack-github-action@936158bbe252e9a6062e793ea4609642c966e302 # pin@v1.21.0 - with: - # For posting a rich message using Block Kit - payload: | - { - "text": "${{ job.status == 'success' && ':white_check_mark:' || ':x:' }} ${{ github.job }}(suite: `${{ inputs.FORGE_TEST_SUITE }}`, namespace: `${{ inputs.FORGE_NAMESPACE }}`): <${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|link>" - } - env: - SLACK_WEBHOOK_URL: ${{ secrets.FORGE_SLACK_WEBHOOK_URL }} - - # Print out whether the job was skipped. - - run: echo "Skipping forge test!" - if: ${{ inputs.SKIP_JOB }} diff --git a/.github/workflows/workflow-run-module-verify.yaml b/.github/workflows/workflow-run-module-verify.yaml deleted file mode 100644 index 2dd3a9ac7b0f4..0000000000000 --- a/.github/workflows/workflow-run-module-verify.yaml +++ /dev/null @@ -1,71 +0,0 @@ -name: "*run module-verify reusable workflow" -on: - # This allows the workflow to be triggered from another workflow - workflow_call: - inputs: - GIT_SHA: - required: false - type: string - description: The git SHA1 to test. If not specified, it will use the latest commit on main. - # module-verify config - BUCKET: - required: true - type: string - description: The bucket to use for the backup. If not specified, it will use the default bucket. - SUB_DIR: - required: true - type: string - description: The subdirectory to use for the backup. If not specified, it will use the default subdirectory. - BACKUP_CONFIG_TEMPLATE_PATH: - description: "The path to the backup config template to use." - type: string - required: true - # GHA job config - RUNS_ON: - description: "The runner to use for the job." - type: string - required: true - default: "high-perf-docker-with-local-ssd" - TIMEOUT_MINUTES: - description: "Github job timeout in minutes" - type: number - required: true - default: 720 - -jobs: - module-verify: - # if we're running on a PR, it's only for testing purposes, so we can set a shorter timeout - timeout-minutes: ${{ inputs.TIMEOUT_MINUTES }} - runs-on: ${{ inputs.RUNS_ON }} - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ inputs.GIT_SHA }} - - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - name: Install AWS CLI - shell: bash - run: | - scripts/dev_setup.sh -b -i awscli - echo "${HOME}/bin/" >> $GITHUB_PATH # default INSTALL_DIR to path - - - name: Install s5cmd - shell: bash - run: | - scripts/dev_setup.sh -b -i s5cmd - echo "${HOME}/bin/" >> $GITHUB_PATH # default INSTALL_DIR to path - - - name: Build CLI binaries in release mode - shell: bash - run: cargo build --release -p aptos-debugger - - - name: Run module-verify in parallel - shell: bash - run: testsuite/module_verify.py - env: - BUCKET: ${{ inputs.BUCKET }} - SUB_DIR: ${{ inputs.SUB_DIR }} - BACKUP_CONFIG_TEMPLATE_PATH: ${{ inputs.BACKUP_CONFIG_TEMPLATE_PATH }} diff --git a/.github/workflows/workflow-run-replay-verify.yaml b/.github/workflows/workflow-run-replay-verify.yaml deleted file mode 100644 index 29dbdf1c88c13..0000000000000 --- a/.github/workflows/workflow-run-replay-verify.yaml +++ /dev/null @@ -1,116 +0,0 @@ -name: "*run replay-verify reusable workflow" - -on: - # This allows the workflow to be triggered from another workflow - workflow_call: - inputs: - GIT_SHA: - required: true - type: string - description: The git SHA1 to test. - # replay-verify config - BUCKET: - required: true - type: string - description: The bucket to use for the backup. If not specified, it will use the default bucket. - SUB_DIR: - required: true - type: string - description: The subdirectory to use for the backup. If not specified, it will use the default subdirectory. - HISTORY_START: - required: true - type: string - description: The history start to use for the backup. If not specified, it will use the default history start. - TXNS_TO_SKIP: - required: false - type: string - description: The list of transaction versions to skip. If not specified, it will use the default list. - BACKUP_CONFIG_TEMPLATE_PATH: - description: "The path to the backup config template to use." - type: string - required: true - # GHA job config - RUNS_ON: - description: "The runner to use for the job." - type: string - required: true - default: "high-perf-docker-with-local-ssd" - TIMEOUT_MINUTES: - description: "Github job timeout in minutes" - type: number - required: true - default: 720 - # This allows the workflow to be triggered manually from the Github UI or CLI - # NOTE: because the "number" type is not supported, we default to 720 minute timeout - workflow_dispatch: - inputs: - GIT_SHA: - required: true - type: string - description: The git SHA1 to test. - # replay-verify config - BUCKET: - required: true - type: string - description: The bucket to use for the backup. If not specified, it will use the default bucket. - SUB_DIR: - required: true - type: string - description: The subdirectory to use for the backup. If not specified, it will use the default subdirectory. - HISTORY_START: - required: true - type: string - description: The history start to use for the backup. If not specified, it will use the default history start. - TXNS_TO_SKIP: - required: false - type: string - description: The list of transaction versions to skip. If not specified, it will use the default list. - BACKUP_CONFIG_TEMPLATE_PATH: - description: "The path to the backup config template to use." - type: string - required: true - # GHA job config - RUNS_ON: - description: "The runner to use for the job." - type: string - required: true - default: "high-perf-docker-with-local-ssd" - -jobs: - replay-verify: - timeout-minutes: ${{ inputs.TIMEOUT_MINUTES || 720 }} - runs-on: ${{ inputs.RUNS_ON }} - strategy: - fail-fast: false - matrix: - number: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18] # runner number - steps: - - name: Echo Runner Number - run: echo "Runner is ${{ matrix.number }}" - - uses: actions/checkout@v4 - with: - ref: ${{ inputs.GIT_SHA }} - - - uses: aptos-labs/aptos-core/.github/actions/rust-setup@main - with: - GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} - - - name: Install GCloud SDK - uses: "google-github-actions/setup-gcloud@v2" - with: - version: ">= 418.0.0" - install_components: "kubectl,gke-gcloud-auth-plugin" - - - name: Build CLI binaries in release mode - shell: bash - run: cargo build --release -p aptos-debugger - - - name: Run replay-verify in parallel - shell: bash - run: testsuite/replay_verify.py ${{ matrix.number }} 19 # first argument is the runner number, second argument is the total number of runners - env: - BUCKET: ${{ inputs.BUCKET }} - SUB_DIR: ${{ inputs.SUB_DIR }} - HISTORY_START: ${{ inputs.HISTORY_START }} - TXNS_TO_SKIP: ${{ inputs.TXNS_TO_SKIP }} - BACKUP_CONFIG_TEMPLATE_PATH: ${{ inputs.BACKUP_CONFIG_TEMPLATE_PATH }}