Minimal set of working Gitea workflows. #138

Merged
telackey merged 20 commits from telackey/f8lint into main 2024-01-23 05:58:14 +00:00
13 changed files with 527 additions and 0 deletions
Showing only changes of commit 4e9ff52729 - Show all commits

View File

@ -0,0 +1,25 @@
name: Build
on:
pull_request:
branches:
- main
jobs:
cleanup-runs:
runs-on: ubuntu-latest
steps:
- uses: rokroskar/workflow-run-cleanup-action@master
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- run: |
make build

View File

@ -0,0 +1,70 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
push:
branches: [ main ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ main ]
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
queries: crypto-com/cosmos-sdk-codeql@main,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl
# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language
#- run: |
# make bootstrap
# make release
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2

View File

@ -0,0 +1,22 @@
name: "Dependency Review"
on: pull_request
permissions:
contents: read
jobs:
dependency-review:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- name: "Checkout Repository"
uses: actions/checkout@v3
- name: "Dependency Review"
uses: actions/dependency-review-action@v3
# TODO: https://git.vdb.to/cerc-io/laconicd/issues/115
# - name: "Go vulnerability check"
# run: make vulncheck
# if: env.GIT_DIFF

View File

@ -0,0 +1,29 @@
name: Deploy Contract
on:
pull_request:
branches:
- main
jobs:
cleanup-runs:
runs-on: ubuntu-latest
steps:
- uses: rokroskar/workflow-run-cleanup-action@master
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
deploy:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: '12.x'
- name: Install dependencies
run: npm install
- name: Test contract
run: |
sudo make contract-tools
sudo make test-contract

View File

@ -0,0 +1,28 @@
name: Publish on release
on:
release:
types: [published]
jobs:
build:
name: Run docker build and publish
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: Run docker build
run: docker build -t cerc-io/laconicd -f Dockerfile .
- name: Get the version
id: vars
run: |
echo ::set-output name=sha::$(echo ${GITHUB_SHA:0:7})
echo ::set-output name=tag::$(echo ${GITHUB_REF#refs/tags/})
- name: Tag docker image
run: docker tag cerc-io/laconicd git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.sha}}
- name: Tag docker image
run: docker tag git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.sha}} git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.tag}}
- name: Docker Login
run: echo ${{ secrets.GITEA_TOKEN }} | docker login https://git.vdb.to -u cerccicd --password-stdin
- name: Docker Push
run: docker push git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.sha}}
- name: Docker Push TAGGED
run: docker push git.vdb.to/cerc-io/laconicd/laconicd:${{steps.vars.outputs.tag}}

View File

@ -0,0 +1,28 @@
name: goreleaser
on:
push:
tags:
- "v*.*.*"
jobs:
goreleaser:
runs-on: ubuntu-latest
environment: release
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Set up Go
uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- name: release dry run
run: make release-dry-run
- name: setup release environment
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |-
echo 'GITHUB_TOKEN=${{secrets.GITHUB_TOKEN}}' > .release-env
- name: release publish
run: make release

View File

@ -0,0 +1,29 @@
name: Notion Sync
on:
workflow_dispatch:
issues:
types:
[
opened,
edited,
labeled,
unlabeled,
assigned,
unassigned,
milestoned,
demilestoned,
reopened,
closed,
]
jobs:
notion_job:
runs-on: ubuntu-latest
name: Add GitHub Issues to Notion
steps:
- name: Add GitHub Issues to Notion
uses: vulcanize/notion-github-action@v1.2.4-issueid
with:
notion-token: ${{ secrets.NOTION_TOKEN }}
notion-db: ${{ secrets.NOTION_DATABASE }}

View File

@ -0,0 +1,14 @@
name: "Pull Request Labeler"
on:
pull_request:
push:
branches:
- main
jobs:
triage:
runs-on: ubuntu-latest
steps:
- uses: actions/labeler@v4
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"

42
.gitea/workflows/lint.yml Normal file
View File

@ -0,0 +1,42 @@
name: Lint
# Lint runs golangci-lint over the entire ethermint repository This workflow is
# run on every pull request and push to main The `golangci` will pass without
# running if no *.{go, mod, sum} files have been changed.
on:
pull_request:
push:
branches:
- main
jobs:
golangci:
name: Run golangci-lint
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
# Required: setup-go, for all versions v3.0.0+ of golangci-lint
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- uses: actions/checkout@v3
- uses: golangci/golangci-lint-action@v3.3.1
with:
# Required: the version of golangci-lint is required and must be specified without patch version: we always use the latest patch version.
version: latest
args: --timeout 10m
github-token: ${{ secrets.github_token }}
python-lint:
# For compatibility with Gitea
env:
USER: root
name: Run flake8 on python integration tests
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: cachix/install-nix-action@v20
- uses: cachix/cachix-action@v12
with:
name: ethermint
- run: |
nix-shell -I nixpkgs=./nix -p test-env --run "make lint-py"

View File

@ -0,0 +1,28 @@
name: Protobuf
# Protobuf runs buf (https://buf.build/) lint and check-breakage
# This workflow is only run when a .proto file has been changed
on:
pull_request:
paths:
- "proto/**"
jobs:
lint:
runs-on: ubuntu-latest
timeout-minutes: 5
steps:
- uses: actions/checkout@v3
- uses: bufbuild/buf-setup-action@v1.9.0
- uses: bufbuild/buf-lint-action@v1
with:
input: "proto"
break-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: bufbuild/buf-setup-action@v1.9.0
- uses: bufbuild/buf-breaking-action@v1
with:
input: "proto"
against: "https://github.com/${{ github.repository }}.git#branch=${{ github.event.pull_request.base.ref }},ref=HEAD~1,subdir=proto"

View File

@ -0,0 +1,28 @@
name: Run Gosec
on:
pull_request:
push:
branches:
- main
jobs:
Gosec:
permissions:
security-events: write
runs-on: ubuntu-latest
env:
GO111MODULE: on
steps:
- name: Checkout Source
uses: actions/checkout@v3
- name: Run Gosec Security Scanner
uses: cosmos/gosec@master
with:
# we let the report trigger content trigger a failure using the GitHub Security features.
args: '-no-fail -fmt sarif -out results.sarif -exclude=G701,G703 ./...'
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
# Path to SARIF file relative to the root of the repository
sarif_file: results.sarif

View File

@ -0,0 +1,33 @@
name: Semgrep
on:
# Scan changed files in PRs, block on new issues only (existing issues ignored)
pull_request: {}
push:
branches:
- main
paths:
- .github/workflows/semgrep.yml
schedule:
- cron: '0 0 * * 0'
jobs:
# Update from: https://semgrep.dev/docs/semgrep-ci/sample-ci-configs/#github-actions
semgrep:
name: Scan
runs-on: ubuntu-latest
container:
image: returntocorp/semgrep
if: (github.actor != 'dependabot[bot]')
steps:
- name: Permission issue fix
run: git config --global --add safe.directory /__w/laconicd/laconicd
- uses: actions/checkout@v3
- uses: actions/checkout@v3
- run: semgrep scan --sarif --output=semgrep.sarif --config auto
env:
# Upload findings to GitHub Advanced Security Dashboard [step 1/2]
SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
# Upload findings to GitHub Advanced Security Dashboard [step 2/2]
- name: Upload SARIF file
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: semgrep.sarif

151
.gitea/workflows/test.yml Normal file
View File

@ -0,0 +1,151 @@
name: Tests
on:
pull_request:
push:
branches:
- main
- release/**
jobs:
cleanup-runs:
runs-on: ubuntu-latest
steps:
- uses: rokroskar/workflow-run-cleanup-action@master
env:
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
if: "!startsWith(github.ref, 'refs/tags/') && github.ref != 'refs/heads/main'"
test-unit-cover:
runs-on: ubuntu-latest
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- uses: actions/checkout@v3
- name: Test and Create Coverage Report
run: |
make test-unit-cover
- uses: codecov/codecov-action@v3
with:
file: ./coverage.txt
fail_ci_if_error: false
test-importer:
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- uses: actions/checkout@v3
- name: test-importer
run: |
make test-import
test-rpc:
runs-on: ubuntu-latest
timeout-minutes: 15
steps:
- uses: actions/setup-go@v3
with:
go-version: 1.19
check-latest: true
- uses: actions/checkout@v3
- name: Test rpc endpoint
run: |
make test-rpc
sdk_tests:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Checkout laconic-sdk
uses: actions/checkout@v3
with:
path: "./laconic-sdk/"
repository: cerc-io/laconic-sdk
fetch-depth: 0
ref: main
- name: Environment
run: ls -tlh && env
- name: Build laconicd container
working-directory: tests/sdk_tests
run: ./build-laconicd-container.sh
- name: Build laconic-sdk container
working-directory: laconic-sdk
run: ./scripts/build-sdk-test-container.sh
- name: Start containers
working-directory: tests/sdk_tests
run: docker compose up -d
- name: Run tests
working-directory: tests/sdk_tests
run: ./run-tests.sh
- name: Start containers (auctions enabled)
working-directory: tests/sdk_tests
env:
TEST_AUCTION_ENABLED: true
run: docker compose up -d
- name: Run auction tests
working-directory: tests/sdk_tests
run: ./run-tests.sh test:auctions
- name: Start containers (expiry enabled)
working-directory: tests/sdk_tests
env:
TEST_REGISTRY_EXPIRY: true
run: docker compose up -d
- name: Run nameservice expiry tests
working-directory: tests/sdk_tests
run: ./run-tests.sh test:nameservice-expiry
# integration_tests:
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v2
# - uses: cachix/install-nix-action@v18
# - uses: cachix/cachix-action@v12
# with:
# name: ethermint
# signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
# - uses: technote-space/get-diff-action@v6.1.2
# with:
# PATTERNS: |
# **/**.sol
# **/**.go
# go.mod
# go.sum
# tests/integration_tests/**
# - name: Run integration tests
# run: make run-integration-tests
# if: env.GIT_DIFF
# - name: 'Tar debug files'
# if: failure()
# run: tar cfz debug_files.tar.gz -C /tmp/pytest-of-runner .
# - uses: actions/upload-artifact@v3
# if: failure()
# with:
# name: debug-files
# path: debug_files.tar.gz
# if-no-files-found: ignore
# upload-cache:
# if: github.event_name == 'push'
# needs: ["integration_tests"]
# strategy:
# matrix:
# os: [macos-latest]
# runs-on: ${{ matrix.os }}
# steps:
# - uses: actions/checkout@v2
# - uses: cachix/install-nix-action@v18
# - uses: cachix/cachix-action@v12
# with:
# name: ethermint
# signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
# - name: 'instantiate integration test env'
# run: nix-store -r "$(nix-instantiate tests/integration_tests/shell.nix)"