Schedule Daily #146
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Schedule Daily | |
| on: | |
| schedule: | |
| - cron: "0 1 * * *" | |
| workflow_dispatch: | |
| env: | |
| AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }} | |
| BAZEL_STARTUP_ARGS: "--output_base=/var/tmp/bazel-output/" | |
| CI_COMMIT_SHA: ${{ github.sha }} | |
| CI_COMMIT_REF_PROTECTED: ${{ github.ref_protected }} | |
| CI_JOB_NAME: ${{ github.job }} | |
| CI_JOB_ID: ${{ github.job }} # github does not expose this variable https://github.com/orgs/community/discussions/8945 | |
| CI_JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| CI_PIPELINE_SOURCE: ${{ github.event_name }} | |
| CI_PROJECT_DIR: ${{ github.workspace }} | |
| CI_MERGE_REQUEST_TARGET_BRANCH_NAME: ${{ github.event.pull_request.base.ref }} | |
| ROOT_PIPELINE_ID: ${{ github.run_id }} | |
| DOCKER_HUB_USER: ${{ secrets.DOCKER_HUB_USER }} | |
| DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }} | |
| BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
| BUILDEVENT_DATASET: "github-ci-dfinity" | |
| jobs: | |
| cut-release-candidate: | |
| name: Cut RC | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| repository: ${{ github.event.pull_request.head.repo.full_name }} | |
| ref: ${{ github.event.pull_request.head.ref }} | |
| - name: Cut Release Candidate | |
| shell: bash | |
| run: | | |
| git config --global user.email "[email protected]" | |
| git config --global user.name "IDX GitLab Automation" | |
| RC_BRANCH_NAME="rc--$(date '+%Y-%m-%d_%H-%M')" | |
| git switch --force-create "$RC_BRANCH_NAME" HEAD | |
| git push --force --set-upstream origin "$RC_BRANCH_NAME" | |
| # rust-benchmarks: | |
| # name: Bazel Run Rust Benchmarks | |
| # <<: *dind-large-setup | |
| # runs-on: | |
| # # see linux-x86-64 runner group | |
| # labels: rust-benchmarks | |
| # container: | |
| # <<: *image | |
| # # running on bare metal machine using ubuntu user | |
| # options: --user ubuntu -v /cache:/cache | |
| # timeout-minutes: 720 # 12 hours | |
| # strategy: | |
| # matrix: | |
| # targets: | |
| # - "//rs/crypto/..." | |
| # - "//rs/state_manager/..." | |
| # - "//rs/certification/..." | |
| # - "//rs/boundary_node/ic_boundary/..." | |
| # steps: | |
| # - <<: *checkout | |
| # - <<: *before-script | |
| # - name: Run Rust Benchmarks | |
| # id: rust-benchmarks | |
| # shell: bash | |
| # run: | | |
| # ./gitlab-ci/src/ci-scripts/rust-benchmarks.sh | |
| # env: | |
| # BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel" | |
| # BAZEL_COMMAND: "run" | |
| # BAZEL_STARTUP_ARGS: "--output_base=/var/tmp/bazel-output/" | |
| # RUSTFLAGS: "--remap-path-prefix=${CI_PROJECT_DIR}=/ic" | |
| # RUST_BACKTRACE: "full" | |
| # TARGETS: ${{ matrix.targets }} | |
| # bazel-test-bare-metal: | |
| # name: Bazel Test Bare Metal | |
| # <<: *dind-large-setup | |
| # timeout-minutes: 120 | |
| # runs-on: | |
| # group: zh1 | |
| # labels: dind-large | |
| # steps: | |
| # - <<: *checkout | |
| # - <<: *before-script | |
| # - name: Run Bazel Launch Bare Metal | |
| # shell: bash | |
| # run: | | |
| # echo "$ZH2_DLL01_CSV_SECRETS" > file1 | |
| # echo "$ZH2_FILE_SHARE_KEY" > file2 && chmod 400 file2 | |
| # # shellcheck disable=SC2046,SC2086 | |
| # bazel ${BAZEL_STARTUP_ARGS} run ${BAZEL_CI_CONFIG} \ | |
| # //ic-os/setupos/envs/dev:launch_bare_metal -- \ | |
| # --config_path "$(realpath ./ic-os/dev-tools/bare_metal_deployment/zh2-dll01.yaml)" \ | |
| # --csv_filename "$(realpath file1)" \ | |
| # --file_share_ssh_key "$(realpath file2)" \ | |
| # --file_share_username ci_interim \ | |
| # --ci_mode | |
| # bazel clean | |
| # env: | |
| # BAZEL_STARTUP_ARGS: "--output_base=/var/tmp/bazel-output/" | |
| # BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel" | |
| # ZH2_DLL01_CSV_SECRETS: "${{ secrets.ZH2_DLL01_CSV_SECRETS }}" | |
| # ZH2_FILE_SHARE_KEY: "${{ secrets.ZH2_FILE_SHARE_KEY }}" | |
| # nns-tests-nightly: | |
| # name: Bazel Test NNS Nightly | |
| # <<: *dind-large-setup | |
| # timeout-minutes: 20 | |
| # steps: | |
| # - <<: *checkout | |
| # - <<: *before-script | |
| # - name: Run NNS Tests Nightly | |
| # id: bazel-test-all | |
| # uses: ./.github/actions/bazel-test-all/ | |
| # with: | |
| # BAZEL_COMMAND: "test" | |
| # BAZEL_TARGETS: "//rs/nns/..." | |
| # BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel" | |
| # BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=nns_tests_nightly --test_env=SSH_AUTH_SOCK --test_env=NNS_CANISTER_UPGRADE_SEQUENCE=all" | |
| # HONEYCOMB_API_TOKEN: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
| # SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| # system-tests-benchmarks-nightly: | |
| # name: Bazel System Test Benchmarks | |
| # <<: *dind-large-setup | |
| # timeout-minutes: 480 | |
| # steps: | |
| # - <<: *checkout | |
| # - <<: *before-script | |
| # - name: Set Benchmark Targets | |
| # shell: bash | |
| # run: | | |
| # set -xeuo pipefail | |
| # echo "BENCHMARK_TARGETS=$(bazel query 'attr(tags, system_test_benchmark, //rs/...)')" >> $GITHUB_ENV | |
| # - name: Test System Test Benchmarks | |
| # id: bazel-system-test-benchmarks | |
| # uses: ./.github/actions/bazel-test-all/ | |
| # with: | |
| # BAZEL_COMMAND: "test" | |
| # BAZEL_TARGETS: ${{ env.BENCHMARK_TARGETS }} | |
| # BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel" | |
| # # note: there's just one performance cluster, so the job can't be parallelized | |
| # BAZEL_EXTRA_ARGS: "--//bazel:enable_upload_perf_systest_results=True --keep_going --jobs 1" | |
| # HONEYCOMB_API_TOKEN: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
| # dependency-scan-nightly: | |
| # name: Dependency Scan Nightly | |
| # <<: *dind-large-setup | |
| # timeout-minutes: 60 | |
| # permissions: | |
| # actions: write | |
| # env: | |
| # SHELL_WRAPPER: "/usr/bin/time" | |
| # CARGO_WASMPACK_VERSION: "0.12.1" | |
| # DEFAULT_NODE_VERSION : "20" | |
| # CI_PROJECT_PATH: ${{ github.repository }} | |
| # CI_PIPELINE_ID: ${{ github.run_id }} | |
| # GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| # JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }} | |
| # SLACK_PSEC_BOT_OAUTH_TOKEN: ${{ secrets.SLACK_PSEC_BOT_OAUTH_TOKEN }} | |
| # steps: | |
| # - <<: *checkout | |
| # - <<: *before-script | |
| # - name: Setup environment deps | |
| # id: setup-environment-deps | |
| # shell: bash | |
| # run: | | |
| # pip3 install --ignore-installed -r requirements.txt | |
| # cargo install wasm-pack --version "${CARGO_WASMPACK_VERSION}" | |
| # source "${NVM_DIR}/nvm.sh" | |
| # nvm use ${DEFAULT_NODE_VERSION} | |
| # node --version | |
| # npm --version | |
| # - name: Run Dependency Scan Nightly | |
| # id: dependency-scan-nightly | |
| # shell: bash | |
| # run: | | |
| # set -euo pipefail | |
| # export PYTHONPATH=$PWD/gitlab-ci/src:$PWD/gitlab-ci/src/dependencies | |
| # cd gitlab-ci/src/dependencies/ | |
| # $SHELL_WRAPPER python3 job/bazel_rust_ic_scanner_periodic_job.py | |
| # $SHELL_WRAPPER python3 job/npm_scanner_periodic_job.py | |
| # $SHELL_WRAPPER python3 job/bazel_trivy_container_ic_scanner_periodic_job.py |