From 5ef46dbb0307ba9b61e473d42d7a56d6137489f7 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 00:54:16 -0500 Subject: [PATCH 01/56] Create CI pipeline to build TrustEVM contract(s) --- .github/workflows/contract-build.sh | 27 +++++++++++++++++++++ .github/workflows/contract.yml | 37 +++++++++++++++++++++++++++++ 2 files changed, 64 insertions(+) create mode 100755 .github/workflows/contract-build.sh create mode 100644 .github/workflows/contract.yml diff --git a/.github/workflows/contract-build.sh b/.github/workflows/contract-build.sh new file mode 100755 index 00000000..3a7eef8b --- /dev/null +++ b/.github/workflows/contract-build.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -eo pipefail + +# print and run a command +function ee() +{ + echo "$ $*" + eval "$@" +} + +# debug code +ee cdt-cc --version +ee cmake --version + +# build +ee mkdir -p contract/build +ee pushd contract +ee pushd build +ee cmake -DCMAKE_BUILD_TYPE=Release -DWITH_TEST_ACTIONS=On .. +ee make -j "$(nproc)" + +# pack +ee popd +ee 'tar -czf ../build.tar.gz build/*' +ee popd + +echo 'Done! - contract-build.sh' diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml new file mode 100644 index 00000000..5bf1c3e5 --- /dev/null +++ b/.github/workflows/contract.yml @@ -0,0 +1,37 @@ +name: TrustEVM Contract CI + +on: [push, workflow_dispatch] + +jobs: + build: + name: TrustEVM Contract Build + runs-on: ubuntu-20.04 + + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + with: + fetch-depth: 0 + submodules: 'true' + + - name: Download CDT + uses: AntelopeIO/asset-artifact-download-action@v2 + with: + owner: AntelopeIO + repo: cdt + target: 'v3.1.0' + prereleases: false + file: 'cdt_.*amd64.deb' + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Install CDT + run: sudo apt-get install -y ./cdt_.*amd64.deb + + - name: TrustEVM Contract Build + run: .github/workflows/contract-build.sh + + - name: Upload Artifacts + uses: actions/upload-artifact@v3 + with: + name: build.tar.gz + path: build.tar.gz From a983ca92704201d327b0091b123daa7cdf07126e Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 00:55:44 -0500 Subject: [PATCH 02/56] Rename "build.tar.gz" to "contract.tar.gz" to all build assets from all pipelines can coexist in a folder without name conflicts --- .github/workflows/contract-build.sh | 2 +- .github/workflows/contract.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/contract-build.sh b/.github/workflows/contract-build.sh index 3a7eef8b..c71b06c7 100755 --- a/.github/workflows/contract-build.sh +++ b/.github/workflows/contract-build.sh @@ -21,7 +21,7 @@ ee make -j "$(nproc)" # pack ee popd -ee 'tar -czf ../build.tar.gz build/*' +ee 'tar -czf ../contract.tar.gz build/*' ee popd echo 'Done! - contract-build.sh' diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 5bf1c3e5..57e9e22d 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -33,5 +33,5 @@ jobs: - name: Upload Artifacts uses: actions/upload-artifact@v3 with: - name: build.tar.gz - path: build.tar.gz + name: contract.tar.gz + path: contract.tar.gz From 9cf20e056854c3bdddc2350cce13d2cd430333ed Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 00:58:11 -0500 Subject: [PATCH 03/56] Disable submodule checkout, for testing --- .github/workflows/contract.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 57e9e22d..acddd4b6 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -12,7 +12,6 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 - submodules: 'true' - name: Download CDT uses: AntelopeIO/asset-artifact-download-action@v2 From 319053e943764a361b55380d833a04b4ca671dd4 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 01:00:14 -0500 Subject: [PATCH 04/56] Fix shell globbing --- .github/workflows/contract.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index acddd4b6..c016700c 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -24,7 +24,7 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Install CDT - run: sudo apt-get install -y ./cdt_.*amd64.deb + run: sudo apt-get install -y ./cdt*.deb - name: TrustEVM Contract Build run: .github/workflows/contract-build.sh From 9c668bccc0850fdd9808e38240cd5660c16c9f06 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 01:06:29 -0500 Subject: [PATCH 05/56] Download and install Leap dev package --- .github/workflows/contract.yml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index c016700c..6e88232a 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -34,3 +34,17 @@ jobs: with: name: contract.tar.gz path: contract.tar.gz + + - name: Download Leap - dev binary + uses: AntelopeIO/asset-artifact-download-action@v2 + with: + owner: AntelopeIO + repo: leap + target: 'v3.1.3' + prereleases: false + file: 'leap-dev.*(x86_64|amd64).deb' + container-package: experimental-binaries + token: ${{ secrets.GITHUB_TOKEN }} + + - name: Install Leap + run: sudo apt-get install -y ./leap*.deb From e3024b86ef6da8beec07b1bedd2592febbe5977f Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 01:12:11 -0500 Subject: [PATCH 06/56] Put verb first in job step name --- .github/workflows/contract.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 6e88232a..0784ac47 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -26,7 +26,7 @@ jobs: - name: Install CDT run: sudo apt-get install -y ./cdt*.deb - - name: TrustEVM Contract Build + - name: Build TrustEVM Contract run: .github/workflows/contract-build.sh - name: Upload Artifacts From 4a9e78d4ec1c678b5eb040a0341ef1eab29e55ee Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 01:14:16 -0500 Subject: [PATCH 07/56] Rename script to match job step name --- .github/workflows/{contract-build.sh => build-contract.sh} | 2 +- .github/workflows/contract.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) rename .github/workflows/{contract-build.sh => build-contract.sh} (91%) diff --git a/.github/workflows/contract-build.sh b/.github/workflows/build-contract.sh similarity index 91% rename from .github/workflows/contract-build.sh rename to .github/workflows/build-contract.sh index c71b06c7..39183886 100755 --- a/.github/workflows/contract-build.sh +++ b/.github/workflows/build-contract.sh @@ -24,4 +24,4 @@ ee popd ee 'tar -czf ../contract.tar.gz build/*' ee popd -echo 'Done! - contract-build.sh' +echo 'Done! - build-contract.sh' diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 0784ac47..ea5d8a5f 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -27,7 +27,7 @@ jobs: run: sudo apt-get install -y ./cdt*.deb - name: Build TrustEVM Contract - run: .github/workflows/contract-build.sh + run: .github/workflows/build-contract.sh - name: Upload Artifacts uses: actions/upload-artifact@v3 From 725692ab6cca78fb1a7b8bcf6ed1dac6b0b0708a Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 01:24:20 -0500 Subject: [PATCH 08/56] Pull script name from BASH instead of hard-coding it --- .github/workflows/build-contract.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-contract.sh b/.github/workflows/build-contract.sh index 39183886..3e0b6e4f 100755 --- a/.github/workflows/build-contract.sh +++ b/.github/workflows/build-contract.sh @@ -24,4 +24,4 @@ ee popd ee 'tar -czf ../contract.tar.gz build/*' ee popd -echo 'Done! - build-contract.sh' +echo "Done! - ${0##*/}" From 2704bb3d5b75ccb53015dfe94cac561975b0f4c7 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 01:31:39 -0500 Subject: [PATCH 09/56] Build and upload contract unit test(s) --- .github/workflows/build-contract-test.sh | 27 ++++++++++++++++++++++++ .github/workflows/contract.yml | 9 ++++++++ 2 files changed, 36 insertions(+) create mode 100755 .github/workflows/build-contract-test.sh diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh new file mode 100755 index 00000000..f4112cef --- /dev/null +++ b/.github/workflows/build-contract-test.sh @@ -0,0 +1,27 @@ +#!/bin/bash +set -eo pipefail + +# print and run a command +function ee() +{ + echo "$ $*" + eval "$@" +} + +# debug code +ee nodeos --full-version +ee cmake --version + +# build +ee mkdir -p contract/tests/build +ee pushd contract/tests +ee pushd build +ee cmake .. +ee make -j "$(nproc)" unit_test + +# pack +ee popd +ee 'tar -czf ../../contract-unit-test.tar.gz build/*' +ee popd + +echo "Done! - ${0##*/}" diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index ea5d8a5f..4cac8660 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -48,3 +48,12 @@ jobs: - name: Install Leap run: sudo apt-get install -y ./leap*.deb + + - name: Build TrustEVM Contract Tests + run: .github/workflows/build-contract-test.sh + + - name: Upload Artifacts + uses: actions/upload-artifact@v3 + with: + name: contract-test.tar.gz + path: contract-test.tar.gz From 1f54dde0a0dc518e9b390528bd6c4944393a1c3c Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 25 Jan 2023 01:40:42 -0500 Subject: [PATCH 10/56] Use a GitHub app to obtain an ephemeral token with permissions to private repos, then use it to clone private submodules --- .github/workflows/contract.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 4cac8660..9eca86ad 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -8,10 +8,18 @@ jobs: runs-on: ubuntu-20.04 steps: + - name: Authenticate + id: auth + uses: AntelopeIO/github-app-token-action@v1 + with: + app_id: ${{ secrets.TRUSTEVM_CI_APP_ID }} + private_key: ${{ secrets.TRUSTEVM_CI_APP_KEY }} + - name: Checkout Repo uses: actions/checkout@v3 with: fetch-depth: 0 + token: ${{ steps.auth.outputs.token }} - name: Download CDT uses: AntelopeIO/asset-artifact-download-action@v2 From 4d0f25992050eaed78dfacafad631bc08370b2a1 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 25 Jan 2023 01:42:53 -0500 Subject: [PATCH 11/56] Clone top-level submodules --- .github/workflows/contract.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 9eca86ad..268ed94a 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -19,6 +19,7 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 + submodules: 'true' token: ${{ steps.auth.outputs.token }} - name: Download CDT From 542baf00fbbc8d02482bf6444e1af0840a118344 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 18 Jan 2023 01:32:13 -0500 Subject: [PATCH 12/56] Skip some steps, for testing leap download --- .github/workflows/contract.yml | 36 +++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 268ed94a..d9fc0f5f 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -22,27 +22,27 @@ jobs: submodules: 'true' token: ${{ steps.auth.outputs.token }} - - name: Download CDT - uses: AntelopeIO/asset-artifact-download-action@v2 - with: - owner: AntelopeIO - repo: cdt - target: 'v3.1.0' - prereleases: false - file: 'cdt_.*amd64.deb' - token: ${{ secrets.GITHUB_TOKEN }} + # - name: Download CDT + # uses: AntelopeIO/asset-artifact-download-action@v2 + # with: + # owner: AntelopeIO + # repo: cdt + # target: 'v3.1.0' + # prereleases: false + # file: 'cdt_.*amd64.deb' + # token: ${{ secrets.GITHUB_TOKEN }} - - name: Install CDT - run: sudo apt-get install -y ./cdt*.deb + # - name: Install CDT + # run: sudo apt-get install -y ./cdt*.deb - - name: Build TrustEVM Contract - run: .github/workflows/build-contract.sh + # - name: Build TrustEVM Contract + # run: .github/workflows/build-contract.sh - - name: Upload Artifacts - uses: actions/upload-artifact@v3 - with: - name: contract.tar.gz - path: contract.tar.gz + # - name: Upload Artifacts + # uses: actions/upload-artifact@v3 + # with: + # name: contract.tar.gz + # path: contract.tar.gz - name: Download Leap - dev binary uses: AntelopeIO/asset-artifact-download-action@v2 From 847aada49feb770df1b8b7d248045d4a237e61b3 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 25 Jan 2023 01:49:34 -0500 Subject: [PATCH 13/56] Attach the leap-dev*.deb binary as an artifact, for debugging --- .github/workflows/contract.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index d9fc0f5f..8c31e3b6 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -55,6 +55,12 @@ jobs: container-package: experimental-binaries token: ${{ secrets.GITHUB_TOKEN }} + - name: Attach Leap dev Binary as an Artifact + uses: actions/upload-artifact@v3 + with: + name: leap-dev.deb + path: leap-dev-3.1.3-ubuntu20.04-x86_64.deb + - name: Install Leap run: sudo apt-get install -y ./leap*.deb From 6c983ed975537f47b2c320bea011de9fcde446c1 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 25 Jan 2023 02:37:23 -0500 Subject: [PATCH 14/56] Revert "Attach the leap-dev*.deb binary as an artifact, for debugging" This reverts commit 539e41cd9771687ae322bb00d68233eb7cb5f306. --- .github/workflows/contract.yml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 8c31e3b6..d9fc0f5f 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -55,12 +55,6 @@ jobs: container-package: experimental-binaries token: ${{ secrets.GITHUB_TOKEN }} - - name: Attach Leap dev Binary as an Artifact - uses: actions/upload-artifact@v3 - with: - name: leap-dev.deb - path: leap-dev-3.1.3-ubuntu20.04-x86_64.deb - - name: Install Leap run: sudo apt-get install -y ./leap*.deb From af86cf42f2f4d4e92be9a66e75738ba57352fbc1 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 25 Jan 2023 02:47:33 -0500 Subject: [PATCH 15/56] Point to EOSIO CMake files from leap-dev bin --- .github/workflows/build-contract-test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index f4112cef..f94e57f4 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -8,6 +8,7 @@ function ee() eval "$@" } +export Deosio_DIR='/usr/lib/x86_64-linux-gnu/cmake/eosio' # debug code ee nodeos --full-version ee cmake --version @@ -16,7 +17,7 @@ ee cmake --version ee mkdir -p contract/tests/build ee pushd contract/tests ee pushd build -ee cmake .. +ee "cmake -Deosio_DIR=$Deosio_DIR .." ee make -j "$(nproc)" unit_test # pack From fe4393f0f7c93c3c417778a44adc9af6e451b8b9 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 25 Jan 2023 02:49:24 -0500 Subject: [PATCH 16/56] Print version of Leap found --- .github/workflows/build-contract-test.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index f94e57f4..1c7b0c6c 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -10,8 +10,9 @@ function ee() export Deosio_DIR='/usr/lib/x86_64-linux-gnu/cmake/eosio' # debug code -ee nodeos --full-version ee cmake --version +echo 'Leap version:' +cat "$Deosio_DIR/EosioTester.cmake" | grep 'EOSIO_VERSION' | grep -oP "['\"].*['\"]" | tr -d "'\"" || : # build ee mkdir -p contract/tests/build From e4653d6c10d6cd020757e79c2ad9ca71e407bcc7 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 01:35:33 -0500 Subject: [PATCH 17/56] I don't remember why this wasn't already set to "recursive"... --- .github/workflows/contract.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index d9fc0f5f..196e108d 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -19,7 +19,7 @@ jobs: uses: actions/checkout@v3 with: fetch-depth: 0 - submodules: 'true' + submodules: 'recursive' token: ${{ steps.auth.outputs.token }} # - name: Download CDT From f33007b8edddaeb1c9a197d99c0dad020c8c0008 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 01:42:20 -0500 Subject: [PATCH 18/56] Example building contract tests without building contracts or node From 16f8456963f113d05494a35c2356ed7c65227033 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 01:46:58 -0500 Subject: [PATCH 19/56] Build with contracts & contract unit test(s) --- .github/workflows/contract.yml | 36 +++++++++++++++++----------------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 196e108d..d5f651de 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -22,27 +22,27 @@ jobs: submodules: 'recursive' token: ${{ steps.auth.outputs.token }} - # - name: Download CDT - # uses: AntelopeIO/asset-artifact-download-action@v2 - # with: - # owner: AntelopeIO - # repo: cdt - # target: 'v3.1.0' - # prereleases: false - # file: 'cdt_.*amd64.deb' - # token: ${{ secrets.GITHUB_TOKEN }} + - name: Download CDT + uses: AntelopeIO/asset-artifact-download-action@v2 + with: + owner: AntelopeIO + repo: cdt + target: 'v3.1.0' + prereleases: false + file: 'cdt_.*amd64.deb' + token: ${{ secrets.GITHUB_TOKEN }} - # - name: Install CDT - # run: sudo apt-get install -y ./cdt*.deb + - name: Install CDT + run: sudo apt-get install -y ./cdt*.deb - # - name: Build TrustEVM Contract - # run: .github/workflows/build-contract.sh + - name: Build TrustEVM Contract + run: .github/workflows/build-contract.sh - # - name: Upload Artifacts - # uses: actions/upload-artifact@v3 - # with: - # name: contract.tar.gz - # path: contract.tar.gz + - name: Upload Artifacts + uses: actions/upload-artifact@v3 + with: + name: contract.tar.gz + path: contract.tar.gz - name: Download Leap - dev binary uses: AntelopeIO/asset-artifact-download-action@v2 From 666015b068a83389ec662ff5a13e5a488394d010 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 03:25:07 -0500 Subject: [PATCH 20/56] Use GCC 10 to be in parity with the node build --- .github/workflows/contract.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index d5f651de..c7f7c391 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -6,6 +6,9 @@ jobs: build: name: TrustEVM Contract Build runs-on: ubuntu-20.04 + env: + CC: gcc-10 + CXX: g++-10 steps: - name: Authenticate From 6cd472e2cfeecb9236bdb607299f33ac3705995b Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 03:43:58 -0500 Subject: [PATCH 21/56] Document TrustEVM Contracts CI system --- .github/workflows/README.md | 61 +++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/README.md diff --git a/.github/workflows/README.md b/.github/workflows/README.md new file mode 100644 index 00000000..3278b685 --- /dev/null +++ b/.github/workflows/README.md @@ -0,0 +1,61 @@ +# GitHub Actions Workflows +This repo contains the following GitHub Actions workflows for CI: +- [TrustEVM Contract CI](https://github.com/eosnetworkfoundation/TrustEVM/actions/workflows/contract.yml) - build the TrustEVM contract and its associated tests + +### Index +1. [TrustEVM Contract CI](#trustevm-contract-ci) + 1. [Triggers](#triggers) + 1. [Inputs](#inputs) + 1. [Steps](#steps) + 1. [Outputs](#outputs) +1. [See Also](#see-also) + +## TrustEVM Contract CI +This GitHub Actions workflow automates the building of the TrustEVM contract and its associated tests. + +### Triggers +This GitHub action will run on the following events: +1. Push event, which is triggered every time changes are pushed to the repository. +1. Workflow dispatch event, which is triggered manually using the "Workflow Dispatch" button in the Actions tab of the GitHub repository. + +### Inputs +The inputs for this GitHub action are: +1. `TRUSTEVM_CI_APP_ID` - the app ID of the `trustevm-ci-submodule-checkout` GitHub App. +1. `TRUSTEVM_CI_APP_KEY` - the private key to the `trustevm-ci-submodule-checkout` GitHub App. +1. `GITHUB_TOKEN` - a GitHub Actions intrinsic used to access the repository and other public resources. + +These inputs are used in various steps of the workflow to perform actions such as authentication, downloading artifacts, and uploading artifacts. + +### Steps +This workflow performs the following steps: +1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action. +1. Checkout the repo and submodules. +1. Download the CDT binary using the [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. +1. Install the CDT binary. +1. Build the TrustEVM contract using `make` and `cmake`. +1. Upload the contract build folder to GitHub Actions. +1. Download the `leap-dev` binary using [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. +1. Install the `leap-dev` binary. +1. Build the TrustEVM contract tests using `make` and `cmake`. +1. Upload the build folder for the contract test code to GitHub Actions. + +### Outputs +This workflow produces the following outputs: +1. Contract Build Artifacts: A `contract.tar.gz` file that contains the built contract. +1. Contract Test Artifacts: A `contract-test.tar.gz` file that contains the built contract test artifacts. + +Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years_ and counting, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for GitHub. + +## See Also +- [asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) GitHub Action +- [github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) GitHub action +- [TrustEVM Documentation](../../README.md) + +For assistance with the CI system, please open an issue in this repo or reach out in the #help-automation channel via IM. + +*** +**_Legal notice_:** +This document was generated in collaboration with ChatGPT from OpenAI, a machine learning algorithm or weak artificial intelligence (AI). At the time of this writing, the [OpenAI terms of service agreement](https://openai.com/terms) §3.a states: +> Your Content. You may provide input to the Services (“Input”), and receive output generated and returned by the Services based on the Input (“Output”). Input and Output are collectively “Content.” As between the parties and to the extent permitted by applicable law, you own all Input, and subject to your compliance with these Terms, OpenAI hereby assigns to you all its right, title and interest in and to Output. + +This notice is required in some countries. From 2967aa7a9b227674c7dce7c54907c4bc2858e3c7 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 03:45:01 -0500 Subject: [PATCH 22/56] Link to CI system and to CI documentation from root README.md --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index 6a182ba1..fd414ca4 100644 --- a/README.md +++ b/README.md @@ -115,3 +115,9 @@ https://github.com/eosnetworkfoundation/TrustEVM/blob/main/docs/local_testnet_de For public testnet deployment, please refer to https://github.com/eosnetworkfoundation/TrustEVM/blob/main/docs/public_testnet_deployment_plan.md + +## CI +This repo contains the following GitHub Actions workflows for CI: +- [TrustEVM Contract CI](https://github.com/eosnetworkfoundation/TrustEVM/actions/workflows/contract.yml) - build the TrustEVM contract and its associated tests + +See the [CI documentation](./github/workflows/README.md) for more information. From 553ef037292e7c630662ef1200f00d728b3162f9 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 03:57:05 -0500 Subject: [PATCH 23/56] Try pushing CI documentation to GitHub step summary --- .github/workflows/README.md | 1 + .github/workflows/contract.yml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 3278b685..1dc847ed 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -30,6 +30,7 @@ These inputs are used in various steps of the workflow to perform actions such a This workflow performs the following steps: 1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action. 1. Checkout the repo and submodules. +1. Attach an annotation to the build with CI documentation. 1. Download the CDT binary using the [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. 1. Install the CDT binary. 1. Build the TrustEVM contract using `make` and `cmake`. diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index c7f7c391..5680a9d9 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -25,6 +25,9 @@ jobs: submodules: 'recursive' token: ${{ steps.auth.outputs.token }} + - name: Attach Documentation + run: cat .github/workflows/README.md > $GITHUB_STEP_SUMMARY + - name: Download CDT uses: AntelopeIO/asset-artifact-download-action@v2 with: From f0d6bbecf97c19499d5c2d76482b619adcde4ecd Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:09:15 -0500 Subject: [PATCH 24/56] Separate document for each pipeline --- .github/workflows/{README.md => contract.md} | 0 README.md | 6 ++++-- 2 files changed, 4 insertions(+), 2 deletions(-) rename .github/workflows/{README.md => contract.md} (100%) diff --git a/.github/workflows/README.md b/.github/workflows/contract.md similarity index 100% rename from .github/workflows/README.md rename to .github/workflows/contract.md diff --git a/README.md b/README.md index fd414ca4..bfd8e750 100644 --- a/README.md +++ b/README.md @@ -118,6 +118,8 @@ https://github.com/eosnetworkfoundation/TrustEVM/blob/main/docs/public_testnet_d ## CI This repo contains the following GitHub Actions workflows for CI: -- [TrustEVM Contract CI](https://github.com/eosnetworkfoundation/TrustEVM/actions/workflows/contract.yml) - build the TrustEVM contract and its associated tests +- TrustEVM Contract CI - build the TrustEVM contract and its associated tests + - [Pipeline](https://github.com/eosnetworkfoundation/TrustEVM/actions/workflows/contract.yml) + - [Documentation](./.github/workflows/contract.md) -See the [CI documentation](./github/workflows/README.md) for more information. +See the pipeline documentation for more information. From 2cb3f3f1050c764abb1e9c9e319a4736cfbbf1c3 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:10:56 -0500 Subject: [PATCH 25/56] Reformat pipeline documentation to stand alone --- .github/workflows/contract.md | 25 ++++++++++--------------- 1 file changed, 10 insertions(+), 15 deletions(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 1dc847ed..6b17d4b2 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -1,24 +1,19 @@ -# GitHub Actions Workflows -This repo contains the following GitHub Actions workflows for CI: -- [TrustEVM Contract CI](https://github.com/eosnetworkfoundation/TrustEVM/actions/workflows/contract.yml) - build the TrustEVM contract and its associated tests +# TrustEVM Contract CI +This GitHub Actions workflow builds the TrustEVM contract and its associated tests. ### Index -1. [TrustEVM Contract CI](#trustevm-contract-ci) - 1. [Triggers](#triggers) - 1. [Inputs](#inputs) - 1. [Steps](#steps) - 1. [Outputs](#outputs) +1. [Triggers](#triggers) +1. [Inputs](#inputs) +1. [Steps](#steps) +1. [Outputs](#outputs) 1. [See Also](#see-also) -## TrustEVM Contract CI -This GitHub Actions workflow automates the building of the TrustEVM contract and its associated tests. - -### Triggers +## Triggers This GitHub action will run on the following events: 1. Push event, which is triggered every time changes are pushed to the repository. 1. Workflow dispatch event, which is triggered manually using the "Workflow Dispatch" button in the Actions tab of the GitHub repository. -### Inputs +## Inputs The inputs for this GitHub action are: 1. `TRUSTEVM_CI_APP_ID` - the app ID of the `trustevm-ci-submodule-checkout` GitHub App. 1. `TRUSTEVM_CI_APP_KEY` - the private key to the `trustevm-ci-submodule-checkout` GitHub App. @@ -26,7 +21,7 @@ The inputs for this GitHub action are: These inputs are used in various steps of the workflow to perform actions such as authentication, downloading artifacts, and uploading artifacts. -### Steps +## Steps This workflow performs the following steps: 1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action. 1. Checkout the repo and submodules. @@ -40,7 +35,7 @@ This workflow performs the following steps: 1. Build the TrustEVM contract tests using `make` and `cmake`. 1. Upload the build folder for the contract test code to GitHub Actions. -### Outputs +## Outputs This workflow produces the following outputs: 1. Contract Build Artifacts: A `contract.tar.gz` file that contains the built contract. 1. Contract Test Artifacts: A `contract-test.tar.gz` file that contains the built contract test artifacts. From ac647933fd51e69eb602718604c14179a4f680fc Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:16:46 -0500 Subject: [PATCH 26/56] Formatting --- .github/workflows/contract.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 6b17d4b2..d023d4bd 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -47,7 +47,7 @@ Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/ - [github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) GitHub action - [TrustEVM Documentation](../../README.md) -For assistance with the CI system, please open an issue in this repo or reach out in the #help-automation channel via IM. +For assistance with the CI system, please open an issue in this repo or reach out in the `#help-automation` channel via IM. *** **_Legal notice_:** From 9d58dd085d13ff438f3c93214b291df9350338ae Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:18:54 -0500 Subject: [PATCH 27/56] Fail if the expected artifacts are not present --- .github/workflows/contract.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 5680a9d9..fc5254a6 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -49,6 +49,7 @@ jobs: with: name: contract.tar.gz path: contract.tar.gz + if-no-files-found: error - name: Download Leap - dev binary uses: AntelopeIO/asset-artifact-download-action@v2 @@ -72,3 +73,4 @@ jobs: with: name: contract-test.tar.gz path: contract-test.tar.gz + if-no-files-found: error From 8296ef9b3ee1db79db8a27ca25b67499f99f8cfb Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:19:10 -0500 Subject: [PATCH 28/56] Add debugging code --- .github/workflows/build-contract-test.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index 1c7b0c6c..6f5987c3 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -23,7 +23,11 @@ ee make -j "$(nproc)" unit_test # pack ee popd -ee 'tar -czf ../../contract-unit-test.tar.gz build/*' +ee pwd +ee 'tar -czvf ../../contract-unit-test.tar.gz build/*' +ee ls -la ee popd +ee ls -la +ee ls -la .. echo "Done! - ${0##*/}" From c711f7262275fa20bb134f5a5b475ad42489bd9c Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:22:08 -0500 Subject: [PATCH 29/56] Fix path issue for docs --- .github/workflows/contract.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index fc5254a6..8f09da40 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -26,7 +26,7 @@ jobs: token: ${{ steps.auth.outputs.token }} - name: Attach Documentation - run: cat .github/workflows/README.md > $GITHUB_STEP_SUMMARY + run: cat .github/workflows/contract.md > $GITHUB_STEP_SUMMARY - name: Download CDT uses: AntelopeIO/asset-artifact-download-action@v2 From 1977b19bf31ef2727e8e987d548918019740e0a6 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:24:57 -0500 Subject: [PATCH 30/56] Append instead of overwriting in case this code gets copied around --- .github/workflows/contract.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 8f09da40..92decca2 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -26,7 +26,7 @@ jobs: token: ${{ steps.auth.outputs.token }} - name: Attach Documentation - run: cat .github/workflows/contract.md > $GITHUB_STEP_SUMMARY + run: cat .github/workflows/contract.md >> $GITHUB_STEP_SUMMARY - name: Download CDT uses: AntelopeIO/asset-artifact-download-action@v2 From 5d06610b0f7e61cdbf6fbefd793aabd210b744d4 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:28:09 -0500 Subject: [PATCH 31/56] Revert "Add debugging code" This reverts commit 8296ef9b3ee1db79db8a27ca25b67499f99f8cfb. --- .github/workflows/build-contract-test.sh | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index 6f5987c3..1c7b0c6c 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -23,11 +23,7 @@ ee make -j "$(nproc)" unit_test # pack ee popd -ee pwd -ee 'tar -czvf ../../contract-unit-test.tar.gz build/*' -ee ls -la +ee 'tar -czf ../../contract-unit-test.tar.gz build/*' ee popd -ee ls -la -ee ls -la .. echo "Done! - ${0##*/}" From 9d5f728f369362d5dcd8ee61bfc887e4de20ed29 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:28:50 -0500 Subject: [PATCH 32/56] Fix path issue for test artifact --- .github/workflows/build-contract-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index 1c7b0c6c..ad1be442 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -23,7 +23,7 @@ ee make -j "$(nproc)" unit_test # pack ee popd -ee 'tar -czf ../../contract-unit-test.tar.gz build/*' +ee 'tar -czf ../../contract-test.tar.gz build/*' ee popd echo "Done! - ${0##*/}" From 63f70301e918dd88425b58be248445dd93296669 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:31:30 -0500 Subject: [PATCH 33/56] Clarify relationship between "Authenticate" step and checkout step --- .github/workflows/contract.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index d023d4bd..ce34cf7c 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -23,8 +23,8 @@ These inputs are used in various steps of the workflow to perform actions such a ## Steps This workflow performs the following steps: -1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action. -1. Checkout the repo and submodules. +1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action to obtain an ephemeral token. +1. Checkout the repo and submodules using the ephemeral token. 1. Attach an annotation to the build with CI documentation. 1. Download the CDT binary using the [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. 1. Install the CDT binary. From dd5c51a328db7da23928b58c4022601e2ad8784f Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:32:20 -0500 Subject: [PATCH 34/56] Formatting --- .github/workflows/contract.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index ce34cf7c..043241ba 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -50,7 +50,7 @@ Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/ For assistance with the CI system, please open an issue in this repo or reach out in the `#help-automation` channel via IM. *** -**_Legal notice_:** +**_Legal notice_** This document was generated in collaboration with ChatGPT from OpenAI, a machine learning algorithm or weak artificial intelligence (AI). At the time of this writing, the [OpenAI terms of service agreement](https://openai.com/terms) §3.a states: > Your Content. You may provide input to the Services (“Input”), and receive output generated and returned by the Services based on the Input (“Output”). Input and Output are collectively “Content.” As between the parties and to the extent permitted by applicable law, you own all Input, and subject to your compliance with these Terms, OpenAI hereby assigns to you all its right, title and interest in and to Output. From 2f4e2980f8596747f5f5d7bda8d376751699ed90 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:38:25 -0500 Subject: [PATCH 35/56] Write about the implementation, benefits, and drawbacks of GitHub app integration --- .github/workflows/contract.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 043241ba..7f476e96 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -6,6 +6,7 @@ This GitHub Actions workflow builds the TrustEVM contract and its associated tes 1. [Inputs](#inputs) 1. [Steps](#steps) 1. [Outputs](#outputs) +1. [GitHub App Integration](#github-app-integration) 1. [See Also](#see-also) ## Triggers @@ -42,6 +43,11 @@ This workflow produces the following outputs: Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years_ and counting, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for GitHub. +## GitHub App Integration +This workflow uses the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) GitHub action to assume the role of a GitHub application installed to the AntelopeIO organization to clone the private submodules. It requests a token from the GitHub app, clones everything using this token under the identity of the app, then the token expires. This is advantageous over a persistent API key from a GitHub service account because this does not consume a paid user seat, the "account" associated with the app cannot be logged into in the GitHub web UI, the app is scoped to exactly the permissions it needs to perform the clones for this repo _and nothing more_, and the API key expires very quickly so a bad actor who exfiltrates this key from the CI system should find it is not useful. + +**The downside is that if TrustEVM adds additional private submodules, the GitHub app must be granted permissions to these new submodules.** The CI system will not work until this happens. + ## See Also - [asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) GitHub Action - [github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) GitHub action From f82e153fbb3477860380a5a4a1c96233f364c936 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:41:32 -0500 Subject: [PATCH 36/56] Be more specific about the source of the build outputs --- .github/workflows/contract.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 7f476e96..9ce26367 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -38,8 +38,8 @@ This workflow performs the following steps: ## Outputs This workflow produces the following outputs: -1. Contract Build Artifacts: A `contract.tar.gz` file that contains the built contract. -1. Contract Test Artifacts: A `contract-test.tar.gz` file that contains the built contract test artifacts. +1. Contract Build Artifacts - A `contract.tar.gz` file that contains the built contract from the `contract/build` folder. +1. Contract Test Artifacts - A `contract-test.tar.gz` file that contains the built contract test artifacts from the `contract/tests/build` folder. Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years_ and counting, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for GitHub. From fc5d8c89695e2c6829ad1e1319568c240593c741 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:51:16 -0500 Subject: [PATCH 37/56] Change trigger conditions to meet ticket requirements --- .github/workflows/contract.md | 5 +++-- .github/workflows/contract.yml | 8 +++++++- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 9ce26367..097c52fb 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -10,8 +10,9 @@ This GitHub Actions workflow builds the TrustEVM contract and its associated tes 1. [See Also](#see-also) ## Triggers -This GitHub action will run on the following events: -1. Push event, which is triggered every time changes are pushed to the repository. +This GitHub action will run under the following circumstances: +1. When code is pushed to the `main` branch. +1. When code is pushed to any branch with a name starting with `release/`. 1. Workflow dispatch event, which is triggered manually using the "Workflow Dispatch" button in the Actions tab of the GitHub repository. ## Inputs diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 92decca2..6d0ca546 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -1,6 +1,12 @@ name: TrustEVM Contract CI -on: [push, workflow_dispatch] +on: + push: + branches: + - main + - release/* + pull_request: + workflow_dispatch: jobs: build: From 51590e92c758f3c12101f22254b54731ccce739c Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Thu, 2 Feb 2023 04:58:20 -0500 Subject: [PATCH 38/56] Reword output description --- .github/workflows/contract.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 097c52fb..10405fdc 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -39,8 +39,8 @@ This workflow performs the following steps: ## Outputs This workflow produces the following outputs: -1. Contract Build Artifacts - A `contract.tar.gz` file that contains the built contract from the `contract/build` folder. -1. Contract Test Artifacts - A `contract-test.tar.gz` file that contains the built contract test artifacts from the `contract/tests/build` folder. +1. Contract Build Artifacts - `contract.tar.gz` containing the built contract from the `contract/build` folder. +1. Contract Test Artifacts - `contract-test.tar.gz` containing the built contract test artifacts from the `contract/tests/build` folder. Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years_ and counting, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for GitHub. From 7d4ae3a44bae794e176de5b80a16ee47c65837d1 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 01:42:07 -0500 Subject: [PATCH 39/56] Remove "-Deosio_DIR" cmake flag from contract tests --- .github/workflows/build-contract-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index ad1be442..229ba188 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -18,7 +18,7 @@ cat "$Deosio_DIR/EosioTester.cmake" | grep 'EOSIO_VERSION' | grep -oP "['\"].*[' ee mkdir -p contract/tests/build ee pushd contract/tests ee pushd build -ee "cmake -Deosio_DIR=$Deosio_DIR .." +ee "cmake .." ee make -j "$(nproc)" unit_test # pack From 2d3ecc9f0c28114476d4844f165f473a3eb61918 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 01:59:44 -0500 Subject: [PATCH 40/56] Specify release build type for contract tests --- .github/workflows/build-contract-test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index 229ba188..4f2c6d3c 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -18,7 +18,7 @@ cat "$Deosio_DIR/EosioTester.cmake" | grep 'EOSIO_VERSION' | grep -oP "['\"].*[' ee mkdir -p contract/tests/build ee pushd contract/tests ee pushd build -ee "cmake .." +ee "cmake -DCMAKE_BUILD_TYPE=Release .." ee make -j "$(nproc)" unit_test # pack From 4d3f8e93aad71f3ddb184154af5dbed079d35c68 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:18:27 -0500 Subject: [PATCH 41/56] Pull DWITH_TEST_ACTIONS definition out of script and into action YAML --- .github/workflows/build-contract.sh | 2 +- .github/workflows/contract.yml | 2 ++ 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build-contract.sh b/.github/workflows/build-contract.sh index 3e0b6e4f..564eb87e 100755 --- a/.github/workflows/build-contract.sh +++ b/.github/workflows/build-contract.sh @@ -16,7 +16,7 @@ ee cmake --version ee mkdir -p contract/build ee pushd contract ee pushd build -ee cmake -DCMAKE_BUILD_TYPE=Release -DWITH_TEST_ACTIONS=On .. +ee cmake -DCMAKE_BUILD_TYPE=Release -DWITH_TEST_ACTIONS .. ee make -j "$(nproc)" # pack diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 6d0ca546..81462bdf 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -49,6 +49,8 @@ jobs: - name: Build TrustEVM Contract run: .github/workflows/build-contract.sh + env: + DWITH_TEST_ACTIONS: 'On' - name: Upload Artifacts uses: actions/upload-artifact@v3 From b276a7d07f1dfe98a9cf2593a7d410141189a041 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:20:08 -0500 Subject: [PATCH 42/56] Pull DCMAKE_BUILD_TYPE out of scripts into action YAML, as well --- .github/workflows/build-contract-test.sh | 2 +- .github/workflows/build-contract.sh | 2 +- .github/workflows/contract.yml | 1 + 3 files changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index 4f2c6d3c..16ec8fd6 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -18,7 +18,7 @@ cat "$Deosio_DIR/EosioTester.cmake" | grep 'EOSIO_VERSION' | grep -oP "['\"].*[' ee mkdir -p contract/tests/build ee pushd contract/tests ee pushd build -ee "cmake -DCMAKE_BUILD_TYPE=Release .." +ee "cmake -DCMAKE_BUILD_TYPE .." ee make -j "$(nproc)" unit_test # pack diff --git a/.github/workflows/build-contract.sh b/.github/workflows/build-contract.sh index 564eb87e..fdd2020e 100755 --- a/.github/workflows/build-contract.sh +++ b/.github/workflows/build-contract.sh @@ -16,7 +16,7 @@ ee cmake --version ee mkdir -p contract/build ee pushd contract ee pushd build -ee cmake -DCMAKE_BUILD_TYPE=Release -DWITH_TEST_ACTIONS .. +ee cmake -DCMAKE_BUILD_TYPE -DWITH_TEST_ACTIONS .. ee make -j "$(nproc)" # pack diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 81462bdf..124055f7 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -15,6 +15,7 @@ jobs: env: CC: gcc-10 CXX: g++-10 + DCMAKE_BUILD_TYPE: 'Release' steps: - name: Authenticate From 2314df657a4edf91d39668b3ad6d2cb5eca233af Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:22:37 -0500 Subject: [PATCH 43/56] Include value of cmake vars from action YAML in cmake command printed to CI logs so devs don't have to go searching for them --- .github/workflows/build-contract-test.sh | 2 +- .github/workflows/build-contract.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build-contract-test.sh b/.github/workflows/build-contract-test.sh index 16ec8fd6..c4d20f40 100755 --- a/.github/workflows/build-contract-test.sh +++ b/.github/workflows/build-contract-test.sh @@ -18,7 +18,7 @@ cat "$Deosio_DIR/EosioTester.cmake" | grep 'EOSIO_VERSION' | grep -oP "['\"].*[' ee mkdir -p contract/tests/build ee pushd contract/tests ee pushd build -ee "cmake -DCMAKE_BUILD_TYPE .." +ee "cmake -DCMAKE_BUILD_TYPE=$DCMAKE_BUILD_TYPE .." ee make -j "$(nproc)" unit_test # pack diff --git a/.github/workflows/build-contract.sh b/.github/workflows/build-contract.sh index fdd2020e..87cdc17a 100755 --- a/.github/workflows/build-contract.sh +++ b/.github/workflows/build-contract.sh @@ -16,7 +16,7 @@ ee cmake --version ee mkdir -p contract/build ee pushd contract ee pushd build -ee cmake -DCMAKE_BUILD_TYPE -DWITH_TEST_ACTIONS .. +ee "cmake -DCMAKE_BUILD_TYPE=$DCMAKE_BUILD_TYPE -DWITH_TEST_ACTIONS=$DWITH_TEST_ACTIONS .." ee make -j "$(nproc)" # pack From bfa6f685794d71c2290596dca083fcadf0500874 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:26:40 -0500 Subject: [PATCH 44/56] Use build matrix to provide CI with and without test actions enabled --- .github/workflows/contract.yml | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 124055f7..8a661a17 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -10,8 +10,11 @@ on: jobs: build: - name: TrustEVM Contract Build runs-on: ubuntu-20.04 + strategy: + matrix: + DWITH_TEST_ACTIONS: ['On', 'Off'] + name: TrustEVM Contract Build - Tests ${{ matrix.DWITH_TEST_ACTIONS }} env: CC: gcc-10 CXX: g++-10 @@ -51,7 +54,7 @@ jobs: - name: Build TrustEVM Contract run: .github/workflows/build-contract.sh env: - DWITH_TEST_ACTIONS: 'On' + DWITH_TEST_ACTIONS: ${{ matrix.DWITH_TEST_ACTIONS }} - name: Upload Artifacts uses: actions/upload-artifact@v3 @@ -61,6 +64,7 @@ jobs: if-no-files-found: error - name: Download Leap - dev binary + if: matrix.DWITH_TEST_ACTIONS == 'On' uses: AntelopeIO/asset-artifact-download-action@v2 with: owner: AntelopeIO @@ -72,12 +76,15 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Install Leap + if: matrix.DWITH_TEST_ACTIONS == 'On' run: sudo apt-get install -y ./leap*.deb - name: Build TrustEVM Contract Tests + if: matrix.DWITH_TEST_ACTIONS == 'On' run: .github/workflows/build-contract-test.sh - name: Upload Artifacts + if: matrix.DWITH_TEST_ACTIONS == 'On' uses: actions/upload-artifact@v3 with: name: contract-test.tar.gz From 53a7dd0180adcf4dd5c57247cd985a05df3974ca Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:31:59 -0500 Subject: [PATCH 45/56] Lowercase test action flag --- .github/workflows/contract.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 8a661a17..370a981f 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-20.04 strategy: matrix: - DWITH_TEST_ACTIONS: ['On', 'Off'] + DWITH_TEST_ACTIONS: ['on', 'off'] name: TrustEVM Contract Build - Tests ${{ matrix.DWITH_TEST_ACTIONS }} env: CC: gcc-10 From a06d4ed6d4a9984be67836184ac740533b3becb6 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:33:00 -0500 Subject: [PATCH 46/56] De-duplicate contract.tar.gz filename in matrix --- .github/workflows/contract.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 370a981f..04a31828 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -59,7 +59,7 @@ jobs: - name: Upload Artifacts uses: actions/upload-artifact@v3 with: - name: contract.tar.gz + name: contract.test-actions-${{ matrix.DWITH_TEST_ACTIONS }}.tar.gz path: contract.tar.gz if-no-files-found: error From 13059449d48f1b85257cf8c64a44349a8f9a9dab Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:38:02 -0500 Subject: [PATCH 47/56] De-duplicate documentation upload step from matrix --- .github/workflows/contract.yml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 04a31828..212cf1f2 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -9,6 +9,19 @@ on: workflow_dispatch: jobs: + documentation: + name: Attach Documentation + runs-on: ubuntu-latest + steps: + - name: Checkout Repo + uses: actions/checkout@v3 + with: + fetch-depth: 1 + submodules: 'false' + + - name: Attach Documentation + run: cat .github/workflows/contract.md >> $GITHUB_STEP_SUMMARY + build: runs-on: ubuntu-20.04 strategy: @@ -35,9 +48,6 @@ jobs: submodules: 'recursive' token: ${{ steps.auth.outputs.token }} - - name: Attach Documentation - run: cat .github/workflows/contract.md >> $GITHUB_STEP_SUMMARY - - name: Download CDT uses: AntelopeIO/asset-artifact-download-action@v2 with: From 5752dd36c8d734c4e2e59e474a38cb52c0c25e08 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:40:23 -0500 Subject: [PATCH 48/56] Lowercase if statement test, as well --- .github/workflows/contract.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 212cf1f2..34a3d03f 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -74,7 +74,7 @@ jobs: if-no-files-found: error - name: Download Leap - dev binary - if: matrix.DWITH_TEST_ACTIONS == 'On' + if: matrix.DWITH_TEST_ACTIONS == 'on' uses: AntelopeIO/asset-artifact-download-action@v2 with: owner: AntelopeIO @@ -86,15 +86,15 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Install Leap - if: matrix.DWITH_TEST_ACTIONS == 'On' + if: matrix.DWITH_TEST_ACTIONS == 'on' run: sudo apt-get install -y ./leap*.deb - name: Build TrustEVM Contract Tests - if: matrix.DWITH_TEST_ACTIONS == 'On' + if: matrix.DWITH_TEST_ACTIONS == 'on' run: .github/workflows/build-contract-test.sh - name: Upload Artifacts - if: matrix.DWITH_TEST_ACTIONS == 'On' + if: matrix.DWITH_TEST_ACTIONS == 'on' uses: actions/upload-artifact@v3 with: name: contract-test.tar.gz From 5cbe3b59103a62b406d98d1e81bff227733e16f0 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:40:56 -0500 Subject: [PATCH 49/56] Support boolean flags in addition to on/off strings --- .github/workflows/contract.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/contract.yml b/.github/workflows/contract.yml index 34a3d03f..bd977b64 100644 --- a/.github/workflows/contract.yml +++ b/.github/workflows/contract.yml @@ -74,7 +74,7 @@ jobs: if-no-files-found: error - name: Download Leap - dev binary - if: matrix.DWITH_TEST_ACTIONS == 'on' + if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' uses: AntelopeIO/asset-artifact-download-action@v2 with: owner: AntelopeIO @@ -86,15 +86,15 @@ jobs: token: ${{ secrets.GITHUB_TOKEN }} - name: Install Leap - if: matrix.DWITH_TEST_ACTIONS == 'on' + if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' run: sudo apt-get install -y ./leap*.deb - name: Build TrustEVM Contract Tests - if: matrix.DWITH_TEST_ACTIONS == 'on' + if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' run: .github/workflows/build-contract-test.sh - name: Upload Artifacts - if: matrix.DWITH_TEST_ACTIONS == 'on' + if: matrix.DWITH_TEST_ACTIONS == 'on' || matrix.DWITH_TEST_ACTIONS == 'true' uses: actions/upload-artifact@v3 with: name: contract-test.tar.gz From 7239da9c2b3d6aa08a9abeaa9f7ba2deff09dcaf Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:47:39 -0500 Subject: [PATCH 50/56] Docs - sort GH actions inputs --- .github/workflows/contract.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 10405fdc..53e20015 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -17,9 +17,9 @@ This GitHub action will run under the following circumstances: ## Inputs The inputs for this GitHub action are: +1. `GITHUB_TOKEN` - a GitHub Actions intrinsic used to access the repository and other public resources. 1. `TRUSTEVM_CI_APP_ID` - the app ID of the `trustevm-ci-submodule-checkout` GitHub App. 1. `TRUSTEVM_CI_APP_KEY` - the private key to the `trustevm-ci-submodule-checkout` GitHub App. -1. `GITHUB_TOKEN` - a GitHub Actions intrinsic used to access the repository and other public resources. These inputs are used in various steps of the workflow to perform actions such as authentication, downloading artifacts, and uploading artifacts. From 582dcef094cd6838ab51c13739d20ac6c3bccbe2 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:53:06 -0500 Subject: [PATCH 51/56] Add DCMAKE_BUILD_TYPE to CI docs --- .github/workflows/contract.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 53e20015..3e8b902d 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -17,6 +17,7 @@ This GitHub action will run under the following circumstances: ## Inputs The inputs for this GitHub action are: +1. `DCMAKE_BUILD_TYPE` - defined in the GitHub Action YAML, this sets the build type and determines the level of optimization, debugging information, and other flags; one of `Debug`, `Release`, `RelWithDebInfo`, or `MinSizeRel`. 1. `GITHUB_TOKEN` - a GitHub Actions intrinsic used to access the repository and other public resources. 1. `TRUSTEVM_CI_APP_ID` - the app ID of the `trustevm-ci-submodule-checkout` GitHub App. 1. `TRUSTEVM_CI_APP_KEY` - the private key to the `trustevm-ci-submodule-checkout` GitHub App. From d89596be4b33f09079f577884b3ca9d3837c18f6 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:54:36 -0500 Subject: [PATCH 52/56] Document DWITH_TEST_ACTIONS --- .github/workflows/contract.md | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 3e8b902d..cf203efe 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -18,6 +18,7 @@ This GitHub action will run under the following circumstances: ## Inputs The inputs for this GitHub action are: 1. `DCMAKE_BUILD_TYPE` - defined in the GitHub Action YAML, this sets the build type and determines the level of optimization, debugging information, and other flags; one of `Debug`, `Release`, `RelWithDebInfo`, or `MinSizeRel`. +1. `DWITH_TEST_ACTIONS` - defined in the GitHub Action YAML, build with or without code paths intended to be excercised exclusively by tests. 1. `GITHUB_TOKEN` - a GitHub Actions intrinsic used to access the repository and other public resources. 1. `TRUSTEVM_CI_APP_ID` - the app ID of the `trustevm-ci-submodule-checkout` GitHub App. 1. `TRUSTEVM_CI_APP_KEY` - the private key to the `trustevm-ci-submodule-checkout` GitHub App. From f782e440ecdedd87afc9e9b1bda9dd630913adb4 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:55:07 -0500 Subject: [PATCH 53/56] Expand input summary --- .github/workflows/contract.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index cf203efe..42624b15 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -23,7 +23,7 @@ The inputs for this GitHub action are: 1. `TRUSTEVM_CI_APP_ID` - the app ID of the `trustevm-ci-submodule-checkout` GitHub App. 1. `TRUSTEVM_CI_APP_KEY` - the private key to the `trustevm-ci-submodule-checkout` GitHub App. -These inputs are used in various steps of the workflow to perform actions such as authentication, downloading artifacts, and uploading artifacts. +These inputs are used in various steps of the workflow to perform actions such as authentication, downloading artifacts, configuring the build, and uploading artifacts. ## Steps This workflow performs the following steps: From 08bad50078bf61d4255f7132524fafb0ef97c518 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 02:59:29 -0500 Subject: [PATCH 54/56] Update CI steps in documentation based on my changes --- .github/workflows/contract.md | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index 42624b15..c880c4a8 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -27,17 +27,21 @@ These inputs are used in various steps of the workflow to perform actions such a ## Steps This workflow performs the following steps: -1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action to obtain an ephemeral token. -1. Checkout the repo and submodules using the ephemeral token. -1. Attach an annotation to the build with CI documentation. -1. Download the CDT binary using the [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. -1. Install the CDT binary. -1. Build the TrustEVM contract using `make` and `cmake`. -1. Upload the contract build folder to GitHub Actions. -1. Download the `leap-dev` binary using [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. -1. Install the `leap-dev` binary. -1. Build the TrustEVM contract tests using `make` and `cmake`. -1. Upload the build folder for the contract test code to GitHub Actions. +1. Attach Documentation + 1. Checkout the repo with no submodules. + 1. Attach an annotation to the GitHub Actions build summary page containing CI documentation. +1. TrustEVM Contract Build + > This is a build matrix with and without tests enabled. + 1. Authenticate to the `trustevm-ci-submodule-checkout` GitHub app using the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) action to obtain an ephemeral token. + 1. Checkout the repo and submodules using the ephemeral token. + 1. Download the CDT binary using the [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. + 1. Install the CDT binary. + 1. Build the TrustEVM contract using `make` and `cmake`. + 1. Upload the contract build folder to GitHub Actions. + 1. If tests are enabled, download the `leap-dev` binary using [AntelopeIO/asset-artifact-download-action](https://github.com/AntelopeIO/asset-artifact-download-action) action. + 1. If tests are enabled, install the `leap-dev` binary. + 1. If tests are enabled, build the TrustEVM contract tests using `make` and `cmake`. + 1. If tests are enabled, upload the build folder for the contract test code to GitHub Actions. ## Outputs This workflow produces the following outputs: From 68474bcb5836f3f0956af1072b925ce6d09928f7 Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 03:00:46 -0500 Subject: [PATCH 55/56] Update CI outputs documentation for matrix build --- .github/workflows/contract.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index c880c4a8..b9335c94 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -45,7 +45,8 @@ This workflow performs the following steps: ## Outputs This workflow produces the following outputs: -1. Contract Build Artifacts - `contract.tar.gz` containing the built contract from the `contract/build` folder. +1. Contract Build Artifacts - `contract.test-actions-off.tar.gz` containing the built contract from the `contract/build` folder with `DWITH_TEST_ACTIONS=off`. +1. Contract Build Artifacts - `contract.test-actions-on.tar.gz` containing the built contract from the `contract/build` folder with `DWITH_TEST_ACTIONS=on`. 1. Contract Test Artifacts - `contract-test.tar.gz` containing the built contract test artifacts from the `contract/tests/build` folder. Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years_ and counting, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for GitHub. From abf0a467777395e9f795fc161b8fc313f387aafa Mon Sep 17 00:00:00 2001 From: Zach Butler Date: Wed, 8 Feb 2023 03:20:11 -0500 Subject: [PATCH 56/56] Format note about GitHub Actions "archive in archive" bug --- .github/workflows/contract.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/contract.md b/.github/workflows/contract.md index b9335c94..2556625e 100644 --- a/.github/workflows/contract.md +++ b/.github/workflows/contract.md @@ -49,7 +49,7 @@ This workflow produces the following outputs: 1. Contract Build Artifacts - `contract.test-actions-on.tar.gz` containing the built contract from the `contract/build` folder with `DWITH_TEST_ACTIONS=on`. 1. Contract Test Artifacts - `contract-test.tar.gz` containing the built contract test artifacts from the `contract/tests/build` folder. -Note that, due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years_ and counting, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for GitHub. +> 📁 Due to actions/upload-artifact [issue 39](https://github.com/actions/upload-artifact/issues/39) which has been open for over _three years and counting_, the archives attached as artifacts will be zipped by GitHub when you download them such that you get a `*.zip` containing the `*.tar.gz`. There is nothing anyone can do about this except for Microsoft/GitHub. ## GitHub App Integration This workflow uses the [AntelopeIO/github-app-token-action](https://github.com/AntelopeIO/github-app-token-action) GitHub action to assume the role of a GitHub application installed to the AntelopeIO organization to clone the private submodules. It requests a token from the GitHub app, clones everything using this token under the identity of the app, then the token expires. This is advantageous over a persistent API key from a GitHub service account because this does not consume a paid user seat, the "account" associated with the app cannot be logged into in the GitHub web UI, the app is scoped to exactly the permissions it needs to perform the clones for this repo _and nothing more_, and the API key expires very quickly so a bad actor who exfiltrates this key from the CI system should find it is not useful.