-
Notifications
You must be signed in to change notification settings - Fork 325
120 lines (120 loc) · 4.58 KB
/
schedule-hourly.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
name: Schedule Hourly
on:
schedule:
- cron: "0 7-23 * * *"
workflow_dispatch:
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
CI_COMMIT_SHA: ${{ github.sha }}
CI_JOB_NAME: ${{ github.job }}
CI_PROJECT_DIR: ${{ github.workspace }}
CI_RUN_ID: ${{ github.run_id }}
RUSTFLAGS: "--remap-path-prefix=${CI_PROJECT_DIR}=/ic"
BUILDEVENT_DATASET: "github-ci-dfinity"
jobs:
bazel-build-all-no-cache:
name: Bazel Build All No Cache
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:4fd13b47285e783c3a6f35aadd9559d097c0de162a1cf221ead66ab1598d5d45
options: >-
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp
timeout-minutes: 120
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Dockerhub
shell: bash
run: ./ci/scripts/docker-login.sh
env:
DOCKER_HUB_USER: ${{ vars.DOCKER_HUB_USER }}
DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }}
- name: Run Bazel Build All No Cache
uses: ./.github/actions/bazel-test-all/
env:
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }}
with:
BAZEL_CI_CONFIG: "--config=ci"
BAZEL_COMMAND: "build"
BAZEL_EXTRA_ARGS: "--repository_cache= --disk_cache= --noremote_accept_cached --remote_instance_name=${CI_COMMIT_SHA} --@rules_rust//rust/settings:pipelined_compilation=True"
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
profile.json
bazel-system-test-hourly:
name: Bazel System Tests Hourly
container:
image: ghcr.io/dfinity/ic-build@sha256:4fd13b47285e783c3a6f35aadd9559d097c0de162a1cf221ead66ab1598d5d45
options: >-
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp
timeout-minutes: 120
runs-on:
group: zh1
labels: dind-large
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to Dockerhub
shell: bash
run: ./ci/scripts/docker-login.sh
env:
DOCKER_HUB_USER: ${{ vars.DOCKER_HUB_USER }}
DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }}
- name: Run Bazel System Test Hourly
id: bazel-test-all
uses: ./.github/actions/bazel-test-all/
with:
BAZEL_COMMAND: "test"
BAZEL_TARGETS: "//rs/..."
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_hourly"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
profile.json
bazel-run-fuzzers-hourly:
name: Bazel Run Fuzzers Hourly
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:4fd13b47285e783c3a6f35aadd9559d097c0de162a1cf221ead66ab1598d5d45
options: >-
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp
timeout-minutes: 120
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Run Libfuzzer targets
shell: bash
run: ./bin/run-all-fuzzers.sh --libfuzzer 100
- name: Run AFL targets
shell: bash
run: ./bin/run-all-fuzzers.sh --afl 100
- name: Post Slack Notification
uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
if: failure()
with:
channel-id: prodsec-fuzzing
slack-message: "${{ github.job }} failed :disappointed: - <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}|Run#${{github.run_id}}>"
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_API_TOKEN }}