Skip to content

Commit

Permalink
Add metadata and spec version CI checks (#681)
Browse files Browse the repository at this point in the history 
# Goal
The goal of this PR is to add metadata check with the following  rules

1. The freshly built metadata on PR branch will be compared against the
latest metadata from the main branch.
1. Assigns `metadata-mismatch` label if metadata doesn't match between 2
binaries
1. Removes `metadata-mismatch` label if metadata matches between 2
binaries and the label exists
1. Fail CI if encoded metadata is different and the `spec_version` value
has not been incremented.

Part of #624
  • Loading branch information
@demisx
demisx committed Dec 13, 2022
1 parent 9e000ff commit 2c39942
Show file tree
Hide file tree
Showing 4 changed files with 119 additions and 93 deletions.
59 changes: 0 additions & 59 deletions .github/workflows/merge-pr.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -116,62 +116,3 @@ jobs:
with:
fail_ci_if_error: false # optional (default = false)
verbose: true # optional (default = false)

save-binary-and-encoded-metadata:
name: Save Binary and Encoded Metadata
runs-on: [self-hosted, Linux, X64]
env:
NETWORK: mainnet
steps:
- name: Set Env Vars
run: |
echo "HOME=/root" >> $GITHUB_ENV
echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV
echo "BUILT_BIN_FILENAME=frequency" >> $GITHUB_ENV
export SAVED_BIN_FILENAME=frequency-${{env.NETWORK}}-${{github.ref_name}}.amd64; echo "SAVED_BIN_FILENAME=$SAVED_BIN_FILENAME" >> $GITHUB_ENV
echo "SAVED_METADATA_FILENAME=$SAVED_BIN_FILENAME.encoded-metadata.txt" >> $GITHUB_ENV
- name: Check Out Repo
uses: actions/checkout@v3
# # XXX Keep this step as it lets us skip full binary builds during development/testing
# - name: Cache Binary for Testing
# id: cache-binary
# uses: actions/cache@v3
# with:
# path: ${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}}
# key: ${{runner.os}}-${{env.NETWORK}}-${{github.ref_name}}
- name: Save/Restore Dependencies from Cache
if: steps.cache-binary.outputs.cache-hit != 'true'
uses: Swatinem/rust-cache@v2
with:
shared-key: ${{env.RUST_TOOLCHAIN}}
- name: Install Rust Toolchain
if: steps.cache-binary.outputs.cache-hit != 'true'
uses: actions-rs/toolchain@v1
with:
default: true
profile: minimal
target: wasm32-unknown-unknown
toolchain: stable
- name: Compile Mainnet Binary
if: steps.cache-binary.outputs.cache-hit != 'true'
run: |
CARGO_INCREMENTAL=0 RUSTFLAGS="-D warnings" cargo build --locked --release \
--features frequency
- name: Rename Binary
working-directory: ${{env.BIN_DIR}}
run: |
ls -la
cp -p ${{env.BUILT_BIN_FILENAME}} ${{env.SAVED_BIN_FILENAME}}
- name: Extract Encoded Metadata
working-directory: ${{env.BIN_DIR}}
run: |
./${{env.BUILT_BIN_FILENAME}} export-metadata metadata.json
cat metadata.json | jq -r .result > ${{env.SAVED_METADATA_FILENAME}}
- name: Upload Binary with Metadata
uses: actions/upload-artifact@v3
with:
if-no-files-found: error
name: binary-with-encoded-metadata-latest-main
path: |
${{env.BIN_DIR}}/${{env.SAVED_BIN_FILENAME}}
${{env.BIN_DIR}}/${{env.SAVED_METADATA_FILENAME}}
149 changes: 116 additions & 33 deletions .github/workflows/verify-pr-commit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ on:
env:
BUILD_PROFILE: release
RUST_TOOLCHAIN: nightly-2022-09-22 # Update this when updating the Rust toolchain

jobs:
changes:
name: Determine Changed Files
Expand Down Expand Up @@ -43,28 +42,39 @@ jobs:
- '**/Cargo.toml'
- '**/Cargo.lock'
build-binary:
build-binaries:
needs: changes
if: needs.changes.outputs.build-binary == 'true'
name: Compile Frequency Project
name: Build Binary on ${{matrix.branch_name}} Branch
strategy:
matrix:
git_branch: ["${{github.head_ref}}", main]
include:
- git_branch: ${{github.head_ref}}
branch_name: PR
- git_branch: main
branch_name: Main
runs-on: [self-hosted, Linux, X64]
env:
NETWORK: mainnet
steps:
- name: Set Env Vars
run: |
echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV
echo "BUILT_BIN_FILENAME=frequency" >> $GITHUB_ENV
export BUILT_BIN_FILENAME=frequency; echo "BUILT_BIN_FILENAME=$BUILT_BIN_FILENAME" >> $GITHUB_ENV
echo "REF_BIN_FILENAME=$BUILT_BIN_FILENAME-ref" >> $GITHUB_ENV
echo "HOME=/root" >> $GITHUB_ENV
- name: Check Out Repo
uses: actions/checkout@v3
with:
ref: ${{matrix.git_branch}}
# # XXX Keep this step as it lets us skip full binary builds during development/testing
# - name: Cache Binary for Testing
# id: cache-binary
# uses: actions/cache@v3
# with:
# path: ${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}}
# key: ${{runner.os}}-${{env.NETWORK}}-${{github.ref_name}}
# key: ${{runner.os}}-${{env.NETWORK}}-${{github.head_ref}}
- name: Install Rust Toolchain
if: steps.cache-binary.outputs.cache-hit != 'true'
uses: actions-rs/toolchain@v1
Expand All @@ -88,15 +98,15 @@ jobs:
run: |
file ${{env.BUILT_BIN_FILENAME}} && \
./${{env.BUILT_BIN_FILENAME}} --version
- name: Archive Artifact
run: |
tar -cvf frequency-binary-${{env.NETWORK}}-${{github.sha}}.amd64.tar \
${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}}
- name: Rename Reference Binary
if: matrix.git_branch == 'main'
working-directory: ${{env.BIN_DIR}}
run: mv ${{env.BUILT_BIN_FILENAME}} ${{env.REF_BIN_FILENAME}}
- name: Upload Artifact
uses: actions/upload-artifact@v3
with:
name: artifacts-${{github.run_id}}
path: frequency-binary-${{env.NETWORK}}-${{github.sha}}.amd64.tar
path: ${{env.BIN_DIR}}/${{env.BUILT_BIN_FILENAME}}*
if-no-files-found: error

check-for-vulnerable-crates:
Expand Down Expand Up @@ -339,11 +349,13 @@ jobs:
--root
verify-js-api-augment:
needs:
- build-binary
needs: build-binaries
name: Verify JS API Augment
runs-on: ubuntu-20.04
steps:
- name: Set Env Vars
run: |
echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV
- name: Check Out Repo
uses: actions/checkout@v3
- name: Set up NodeJs
Expand All @@ -358,17 +370,18 @@ jobs:
- name: Lint
run: npm run lint
working-directory: js/api-augment
- name: Download Binary Artifacts
id: download
- name: Download Binary
uses: actions/download-artifact@v3
with:
name: artifacts-${{github.run_id}}
path: .
- name: Extract Binary
path: ${{env.BIN_DIR}}
- name: Set Binary Permissions
working-directory: ${{env.BIN_DIR}}
run: |
tar -xvf frequency-binary-mainnet-${{github.sha}}.amd64.tar
set -x
chmod 755 frequency
- name: Output Metadata
run: target/${{env.BUILD_PROFILE}}/frequency export-metadata ./js/api-augment/metadata.json
run: ${{env.BIN_DIR}}/frequency export-metadata ./js/api-augment/metadata.json
- name: Build
run: npm run build
working-directory: js/api-augment
Expand All @@ -380,10 +393,13 @@ jobs:
working-directory: js/api-augment/dist

verify-docker-images:
needs: build-binary
needs: build-binaries
name: Verify Docker Images
runs-on: ubuntu-20.04
steps:
- name: Set Env Vars
run: |
echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV
- name: Check Out Repo
uses: actions/checkout@v3
- name: Install Rust Toolchain
Expand All @@ -396,16 +412,16 @@ jobs:
uses: Swatinem/rust-cache@v2
with:
shared-key: ${{env.RUST_TOOLCHAIN}}
- name: Download Binary Artifacts
id: download
- name: Download Binary
uses: actions/download-artifact@v3
with:
name: artifacts-${{github.run_id}}
path: .
- name: Extract Binary
path: ${{env.BIN_DIR}}
- name: Set Binary Permissions
working-directory: ${{env.BIN_DIR}}
run: |
ls -la
tar -xvf frequency-binary-mainnet-${{github.sha}}.amd64.tar
set -x
chmod 755 frequency
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
with:
Expand All @@ -430,10 +446,13 @@ jobs:
file: docker/${{env.IMAGE_NAME}}.dockerfile

execute-binary-checks:
needs: build-binary
needs: build-binaries
name: Execute Binary Checks
runs-on: ubuntu-20.04
steps:
- name: Set Env Vars
run: |
echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV
- name: Check Out Repo
uses: actions/checkout@v3
- name: Install Rust Toolchain
Expand All @@ -442,16 +461,80 @@ jobs:
default: true
profile: minimal
toolchain: stable
- name: Download Binary Artifacts
id: download
- name: Download Binary
uses: actions/download-artifact@v3
with:
name: artifacts-${{github.run_id}}
path: .
- name: Extract Binary
path: ${{env.BIN_DIR}}
- name: Set Binary Permissions
working-directory: ${{env.BIN_DIR}}
run: |
tar -xvf frequency-binary-mainnet-${{github.sha}}.amd64.tar
set -x
chmod 755 frequency
- name: Output Binary Version
working-directory: ${{env.BIN_DIR}}
run: |
file ./target/${{env.BUILD_PROFILE}}/frequency && \
./target/${{env.BUILD_PROFILE}}/frequency --version
file ./frequency && ./frequency --version
check-metadata-and-spec-version:
needs: build-binaries
name: Check Metadata and Spec Version
runs-on: ubuntu-20.04
env:
REF_TAG: latest # tag to obtain reference binary to test against
NETWORK: mainnet
GITHUB_PR_LABEL: metadata-mismatch
steps:
- name: Set Env Vars
run: |
echo "BIN_DIR=target/$BUILD_PROFILE" >> $GITHUB_ENV
export TEST_BIN_FILENAME=frequency; echo "TEST_BIN_FILENAME=$TEST_BIN_FILENAME" >> $GITHUB_ENV
echo "REF_BIN_FILENAME=$TEST_BIN_FILENAME-ref" >> $GITHUB_ENV
- name: Check Out Repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download Test Binary
uses: actions/download-artifact@v3
with:
name: artifacts-${{github.run_id}}
path: ${{env.BIN_DIR}}
- name: Set Binary Permissions
working-directory: ${{env.BIN_DIR}}
run: |
set -x
chmod 755 $TEST_BIN_FILENAME
chmod 755 $REF_BIN_FILENAME
- name: Compare Metadata
id: compare-metadata
working-directory: ${{env.BIN_DIR}}
run: |
./$REF_BIN_FILENAME export-metadata metadata-ref.json
metadata_ref=$(cat metadata-ref.json | jq -r .result)
./$TEST_BIN_FILENAME export-metadata metadata.json
metadata=$(cat metadata.json | jq -r .result)
match=$([[ $metadata == $metadata_ref ]] && echo 'true' || echo 'false')
echo "Metadata matches?: $match"
echo "metadata_match=$match" >> $GITHUB_OUTPUT
- name: Assign Metadata Mismatch Label
if: steps.compare-metadata.outputs.metadata_match != 'true'
uses: actions-ecosystem/action-add-labels@v1
with:
labels: ${{env.GITHUB_PR_LABEL}}
- name: Check Spec Version
if: steps.compare-metadata.outputs.metadata_match != 'true'
working-directory: ${{env.BIN_DIR}}
run: |
set -x
spec_version_ref=$(./$REF_BIN_FILENAME export-runtime-version | jq -r .specVersion)
spec_version=$(./$TEST_BIN_FILENAME export-runtime-version | jq -r .specVersion)
[[ $spec_version -gt $spec_version_ref ]] || \
(echo "ERROR: When metadata is updated, the new spec version \($spec_version\) \
must be greater than the latest version on main \($spec_version_ref\)" && exit 10)
- name: Remove Metadata Mismatch Label
if: |
(steps.compare-metadata.outputs.metadata_match == 'true') &&
contains(github.event.pull_request.labels.*.name, env.GITHUB_PR_LABEL)
uses: actions-ecosystem/action-remove-labels@v1
with:
labels: ${{env.GITHUB_PR_LABEL}}
4 changes: 3 additions & 1 deletion .vscode/settings.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,8 @@
}
},
"cSpell.ignoreWords": [
"Swatinem"
"Swatinem",
"jacogr",
"pkill"
]
}
Empty file added runtime/624-delete-me.rs
View file
Empty file.

0 comments on commit 2c39942

Please sign in to comment.