Minimal set of working Gitea workflows. #138
25
.gitea/workflows/build.yml
Normal file
25
.gitea/workflows/build.yml
Normal file
@ -0,0 +1,25 @@
|
||||
name: Build
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
cleanup-runs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: rokroskar/workflow-run-cleanup-action@master
|
||||
env:
|
||||
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||
if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
|
||||
|
||||
build:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- run: |
|
||||
make build
|
70
.gitea/workflows/codeql-analysis.yml
Normal file
70
.gitea/workflows/codeql-analysis.yml
Normal file
@ -0,0 +1,70 @@
|
||||
# For most projects, this workflow file will not need changing; you simply need
|
||||
# to commit it to your repository.
|
||||
#
|
||||
# You may wish to alter this file to override the set of languages analyzed,
|
||||
# or to provide custom queries or build logic.
|
||||
#
|
||||
# ******** NOTE ********
|
||||
# We have attempted to detect the languages in your repository. Please check
|
||||
# the `language` matrix defined below to confirm you have the correct set of
|
||||
# supported CodeQL languages.
|
||||
#
|
||||
name: "CodeQL"
|
||||
|
||||
on:
|
||||
push:
|
||||
branches: [ main ]
|
||||
pull_request:
|
||||
# The branches below must be a subset of the branches above
|
||||
branches: [ main ]
|
||||
|
||||
jobs:
|
||||
analyze:
|
||||
name: Analyze
|
||||
runs-on: ubuntu-latest
|
||||
permissions:
|
||||
actions: read
|
||||
contents: read
|
||||
security-events: write
|
||||
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
language: [ 'go' ]
|
||||
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
|
||||
# Learn more:
|
||||
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
|
||||
|
||||
steps:
|
||||
- name: Checkout repository
|
||||
uses: actions/checkout@v3
|
||||
|
||||
# Initializes the CodeQL tools for scanning.
|
||||
- name: Initialize CodeQL
|
||||
uses: github/codeql-action/init@v2
|
||||
with:
|
||||
languages: ${{ matrix.language }}
|
||||
# If you wish to specify custom queries, you can do so here or in a config file.
|
||||
# By default, queries listed here will override any specified in a config file.
|
||||
# Prefix the list here with "+" to use these queries and those in the config file.
|
||||
# queries: ./path/to/local/query, your-org/your-repo/queries@main
|
||||
queries: crypto-com/cosmos-sdk-codeql@main,security-and-quality
|
||||
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
|
||||
# If this step fails, then you should remove it and run the build manually (see below)
|
||||
|
||||
- name: Autobuild
|
||||
uses: github/codeql-action/autobuild@v2
|
||||
|
||||
# ℹ️ Command-line programs to run using the OS shell.
|
||||
# 📚 https://git.io/JvXDl
|
||||
|
||||
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
|
||||
# and modify them (or add more) to build your code if your project
|
||||
# uses a compiled language
|
||||
|
||||
#- run: |
|
||||
# make bootstrap
|
||||
# make release
|
||||
|
||||
- name: Perform CodeQL Analysis
|
||||
uses: github/codeql-action/analyze@v2
|
22
.gitea/workflows/dependencies.yml
Normal file
22
.gitea/workflows/dependencies.yml
Normal file
@ -0,0 +1,22 @@
|
||||
name: "Dependency Review"
|
||||
on: pull_request
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
dependency-review:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- name: "Checkout Repository"
|
||||
uses: actions/checkout@v3
|
||||
- name: "Dependency Review"
|
||||
uses: actions/dependency-review-action@v3
|
||||
# TODO: https://git.vdb.to/cerc-io/laconicd/issues/115
|
||||
# - name: "Go vulnerability check"
|
||||
# run: make vulncheck
|
||||
# if: env.GIT_DIFF
|
29
.gitea/workflows/deploy-contract.yml
Normal file
29
.gitea/workflows/deploy-contract.yml
Normal file
@ -0,0 +1,29 @@
|
||||
name: Deploy Contract
|
||||
on:
|
||||
pull_request:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
cleanup-runs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: rokroskar/workflow-run-cleanup-action@master
|
||||
env:
|
||||
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||
if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
|
||||
|
||||
deploy:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Use Node.js
|
||||
uses: actions/setup-node@v3
|
||||
with:
|
||||
node-version: '12.x'
|
||||
- name: Install dependencies
|
||||
run: npm install
|
||||
- name: Test contract
|
||||
run: |
|
||||
sudo make contract-tools
|
||||
sudo make test-contract
|
28
.gitea/workflows/docker-image.yml
Normal file
28
.gitea/workflows/docker-image.yml
Normal file
@ -0,0 +1,28 @@
|
||||
name: Publish on release
|
||||
on:
|
||||
release:
|
||||
types: [published]
|
||||
jobs:
|
||||
build:
|
||||
name: Run docker build and publish
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- name: Run docker build
|
||||
run: docker build -t cerc-io/laconicd -f Dockerfile .
|
||||
- name: Get the version
|
||||
id: vars
|
||||
run: |
|
||||
echo ::set-output name=sha::$(echo ${GITHUB_SHA:0:7})
|
||||
echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})
|
||||
- name: Tag docker image
|
||||
run: docker tag cerc-io/laconicd git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.sha}}
|
||||
- name: Tag docker image
|
||||
run: docker tag git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.sha}} git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.tag}}
|
||||
- name: Docker Login
|
||||
run: echo ${{ secrets.GITEA_TOKEN }} | docker login https://git.vdb.to -u cerccicd --password-stdin
|
||||
- name: Docker Push
|
||||
run: docker push git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.sha}}
|
||||
- name: Docker Push TAGGED
|
||||
run: docker push git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.tag}}
|
||||
|
28
.gitea/workflows/goreleaser.yml
Normal file
28
.gitea/workflows/goreleaser.yml
Normal file
@ -0,0 +1,28 @@
|
||||
name: goreleaser
|
||||
|
||||
on:
|
||||
push:
|
||||
tags:
|
||||
- "v*.*.*"
|
||||
jobs:
|
||||
goreleaser:
|
||||
runs-on: ubuntu-latest
|
||||
environment: release
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
with:
|
||||
submodules: true
|
||||
- name: Set up Go
|
||||
uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- name: release dry run
|
||||
run: make release-dry-run
|
||||
- name: setup release environment
|
||||
env:
|
||||
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
||||
run: |-
|
||||
echo 'GITHUB_TOKEN=${{secrets.GITHUB_TOKEN}}' > .release-env
|
||||
- name: release publish
|
||||
run: make release
|
29
.gitea/workflows/issues-notion-sync.yml
Normal file
29
.gitea/workflows/issues-notion-sync.yml
Normal file
@ -0,0 +1,29 @@
|
||||
name: Notion Sync
|
||||
|
||||
on:
|
||||
workflow_dispatch:
|
||||
issues:
|
||||
types:
|
||||
[
|
||||
opened,
|
||||
edited,
|
||||
labeled,
|
||||
unlabeled,
|
||||
assigned,
|
||||
unassigned,
|
||||
milestoned,
|
||||
demilestoned,
|
||||
reopened,
|
||||
closed,
|
||||
]
|
||||
|
||||
jobs:
|
||||
notion_job:
|
||||
runs-on: ubuntu-latest
|
||||
name: Add GitHub Issues to Notion
|
||||
steps:
|
||||
- name: Add GitHub Issues to Notion
|
||||
uses: vulcanize/notion-github-action@v1.2.4-issueid
|
||||
with:
|
||||
notion-token: ${{ secrets.NOTION_TOKEN }}
|
||||
notion-db: ${{ secrets.NOTION_DATABASE }}
|
14
.gitea/workflows/labeler.yml
Normal file
14
.gitea/workflows/labeler.yml
Normal file
@ -0,0 +1,14 @@
|
||||
name: "Pull Request Labeler"
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
triage:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/labeler@v4
|
||||
with:
|
||||
repo-token: "${{ secrets.GITHUB_TOKEN }}"
|
42
.gitea/workflows/lint.yml
Normal file
42
.gitea/workflows/lint.yml
Normal file
@ -0,0 +1,42 @@
|
||||
name: Lint
|
||||
# Lint runs golangci-lint over the entire ethermint repository This workflow is
|
||||
# run on every pull request and push to main The `golangci` will pass without
|
||||
# running if no *.{go, mod, sum} files have been changed.
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
jobs:
|
||||
golangci:
|
||||
name: Run golangci-lint
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 10
|
||||
steps:
|
||||
# Required: setup-go, for all versions v3.0.0+ of golangci-lint
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- uses: actions/checkout@v3
|
||||
- uses: golangci/golangci-lint-action@v3.3.1
|
||||
with:
|
||||
# Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
|
||||
version: latest
|
||||
args: --timeout 10m
|
||||
github-token: ${{ secrets.github_token }}
|
||||
|
||||
python-lint:
|
||||
# For compatibility with Gitea
|
||||
env:
|
||||
USER: root
|
||||
name: Run flake8 on python integration tests
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v2
|
||||
- uses: cachix/install-nix-action@v20
|
||||
- uses: cachix/cachix-action@v12
|
||||
with:
|
||||
name: ethermint
|
||||
- run: |
|
||||
nix-shell -I nixpkgs=./nix -p test-env --run "make lint-py"
|
28
.gitea/workflows/proto.yml
Normal file
28
.gitea/workflows/proto.yml
Normal file
@ -0,0 +1,28 @@
|
||||
name: Protobuf
|
||||
# Protobuf runs buf (https://buf.build/) lint and check-breakage
|
||||
# This workflow is only run when a .proto file has been changed
|
||||
on:
|
||||
pull_request:
|
||||
paths:
|
||||
- "proto/**"
|
||||
|
||||
jobs:
|
||||
lint:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 5
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: bufbuild/buf-setup-action@v1.9.0
|
||||
- uses: bufbuild/buf-lint-action@v1
|
||||
with:
|
||||
input: "proto"
|
||||
|
||||
break-check:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- uses: bufbuild/buf-setup-action@v1.9.0
|
||||
- uses: bufbuild/buf-breaking-action@v1
|
||||
with:
|
||||
input: "proto"
|
||||
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto"
|
28
.gitea/workflows/security.yml
Normal file
28
.gitea/workflows/security.yml
Normal file
@ -0,0 +1,28 @@
|
||||
name: Run Gosec
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
|
||||
jobs:
|
||||
Gosec:
|
||||
permissions:
|
||||
security-events: write
|
||||
|
||||
runs-on: ubuntu-latest
|
||||
env:
|
||||
GO111MODULE: on
|
||||
steps:
|
||||
- name: Checkout Source
|
||||
uses: actions/checkout@v3
|
||||
- name: Run Gosec Security Scanner
|
||||
uses: cosmos/gosec@master
|
||||
with:
|
||||
# we let the report trigger content trigger a failure using the GitHub Security features.
|
||||
args: '-no-fail -fmt sarif -out results.sarif -exclude=G701,G703 ./...'
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
# Path to SARIF file relative to the root of the repository
|
||||
sarif_file: results.sarif
|
33
.gitea/workflows/semgrep.yml
Normal file
33
.gitea/workflows/semgrep.yml
Normal file
@ -0,0 +1,33 @@
|
||||
name: Semgrep
|
||||
on:
|
||||
# Scan changed files in PRs, block on new issues only (existing issues ignored)
|
||||
pull_request: {}
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
paths:
|
||||
- .github/workflows/semgrep.yml
|
||||
schedule:
|
||||
- cron: '0 0 * * 0'
|
||||
jobs:
|
||||
# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
|
||||
semgrep:
|
||||
name: Scan
|
||||
runs-on: ubuntu-latest
|
||||
container:
|
||||
image: returntocorp/semgrep
|
||||
if: (github.actor != 'dependabot[bot]')
|
||||
steps:
|
||||
- name: Permission issue fix
|
||||
run: git config --global --add safe.directory /__w/laconicd/laconicd
|
||||
- uses: actions/checkout@v3
|
||||
- uses: actions/checkout@v3
|
||||
- run: semgrep scan --sarif --output=semgrep.sarif --config auto
|
||||
env:
|
||||
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
|
||||
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
|
||||
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
|
||||
- name: Upload SARIF file
|
||||
uses: github/codeql-action/upload-sarif@v2
|
||||
with:
|
||||
sarif_file: semgrep.sarif
|
151
.gitea/workflows/test.yml
Normal file
151
.gitea/workflows/test.yml
Normal file
@ -0,0 +1,151 @@
|
||||
name: Tests
|
||||
on:
|
||||
pull_request:
|
||||
push:
|
||||
branches:
|
||||
- main
|
||||
- release/**
|
||||
|
||||
jobs:
|
||||
cleanup-runs:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: rokroskar/workflow-run-cleanup-action@master
|
||||
env:
|
||||
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
|
||||
if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
|
||||
|
||||
test-unit-cover:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- uses: actions/checkout@v3
|
||||
- name: Test and Create Coverage Report
|
||||
run: |
|
||||
make test-unit-cover
|
||||
- uses: codecov/codecov-action@v3
|
||||
with:
|
||||
file: ./coverage.txt
|
||||
fail_ci_if_error: false
|
||||
|
||||
test-importer:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 10
|
||||
steps:
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- uses: actions/checkout@v3
|
||||
- name: test-importer
|
||||
run: |
|
||||
make test-import
|
||||
|
||||
test-rpc:
|
||||
runs-on: ubuntu-latest
|
||||
timeout-minutes: 15
|
||||
steps:
|
||||
- uses: actions/setup-go@v3
|
||||
with:
|
||||
go-version: 1.19
|
||||
check-latest: true
|
||||
- uses: actions/checkout@v3
|
||||
- name: Test rpc endpoint
|
||||
run: |
|
||||
make test-rpc
|
||||
|
||||
sdk_tests:
|
||||
runs-on: ubuntu-latest
|
||||
steps:
|
||||
- uses: actions/checkout@v3
|
||||
- name: Checkout laconic-sdk
|
||||
uses: actions/checkout@v3
|
||||
with:
|
||||
path: "./laconic-sdk/"
|
||||
repository: cerc-io/laconic-sdk
|
||||
fetch-depth: 0
|
||||
ref: main
|
||||
- name: Environment
|
||||
run: ls -tlh && env
|
||||
|
||||
- name: Build laconicd container
|
||||
working-directory: tests/sdk_tests
|
||||
run: ./build-laconicd-container.sh
|
||||
- name: Build laconic-sdk container
|
||||
working-directory: laconic-sdk
|
||||
run: ./scripts/build-sdk-test-container.sh
|
||||
|
||||
- name: Start containers
|
||||
working-directory: tests/sdk_tests
|
||||
run: docker compose up -d
|
||||
- name: Run tests
|
||||
working-directory: tests/sdk_tests
|
||||
run: ./run-tests.sh
|
||||
|
||||
- name: Start containers (auctions enabled)
|
||||
working-directory: tests/sdk_tests
|
||||
env:
|
||||
TEST_AUCTION_ENABLED: true
|
||||
run: docker compose up -d
|
||||
- name: Run auction tests
|
||||
working-directory: tests/sdk_tests
|
||||
run: ./run-tests.sh test:auctions
|
||||
|
||||
- name: Start containers (expiry enabled)
|
||||
working-directory: tests/sdk_tests
|
||||
env:
|
||||
TEST_REGISTRY_EXPIRY: true
|
||||
run: docker compose up -d
|
||||
- name: Run nameservice expiry tests
|
||||
working-directory: tests/sdk_tests
|
||||
run: ./run-tests.sh test:nameservice-expiry
|
||||
|
||||
# integration_tests:
|
||||
# runs-on: ubuntu-latest
|
||||
# steps:
|
||||
# - uses: actions/checkout@v2
|
||||
# - uses: cachix/install-nix-action@v18
|
||||
# - uses: cachix/cachix-action@v12
|
||||
# with:
|
||||
# name: ethermint
|
||||
# signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
|
||||
# - uses: technote-space/get-diff-action@v6.1.2
|
||||
# with:
|
||||
# PATTERNS: |
|
||||
# **/**.sol
|
||||
# **/**.go
|
||||
# go.mod
|
||||
# go.sum
|
||||
# tests/integration_tests/**
|
||||
# - name: Run integration tests
|
||||
# run: make run-integration-tests
|
||||
# if: env.GIT_DIFF
|
||||
# - name: 'Tar debug files'
|
||||
# if: failure()
|
||||
# run: tar cfz debug_files.tar.gz -C /tmp/pytest-of-runner .
|
||||
# - uses: actions/upload-artifact@v3
|
||||
# if: failure()
|
||||
# with:
|
||||
# name: debug-files
|
||||
# path: debug_files.tar.gz
|
||||
# if-no-files-found: ignore
|
||||
|
||||
# upload-cache:
|
||||
# if: github.event_name == 'push'
|
||||
# needs: ["integration_tests"]
|
||||
# strategy:
|
||||
# matrix:
|
||||
# os: [macos-latest]
|
||||
# runs-on: ${{ matrix.os }}
|
||||
# steps:
|
||||
# - uses: actions/checkout@v2
|
||||
# - uses: cachix/install-nix-action@v18
|
||||
# - uses: cachix/cachix-action@v12
|
||||
# with:
|
||||
# name: ethermint
|
||||
# signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
|
||||
# - name: 'instantiate integration test env'
|
||||
# run: nix-store -r "$(nix-instantiate tests/integration_tests/shell.nix)"
|
Loading…
Reference in New Issue
Block a user