Blockscout CI/CD for dhutch/xss_fix #132
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Blockscout CI/CD | |
run-name: Blockscout CI/CD for ${{ github.head_ref || github.ref_name }} | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
branches: | |
- master | |
concurrency: | |
group: blockscout-${{ github.ref }} | |
cancel-in-progress: true | |
env: | |
MIX_ENV: test | |
OTP_VERSION: '25.1.1' | |
ELIXIR_VERSION: '1.14.1' | |
ACCOUNT_AUTH0_DOMAIN: 'blockscoutcom.us.auth0.com' | |
ACCOUNT_AUTH0_LOGOUT_URL: 'https://blockscoutcom.us.auth0.com/v2/logout' | |
ACCOUNT_AUTH0_LOGOUT_RETURN_URL: 'https://blockscout.com/auth/logout' | |
CACHE_VERSION: 22 | |
jobs: | |
build-and-cache: | |
name: Build and Cache deps | |
runs-on: [ '8-cpu', 'self-hosted', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: "ELIXIR_VERSION.lock" | |
run: echo "${ELIXIR_VERSION}" > ELIXIR_VERSION.lock | |
- name: "OTP_VERSION.lock" | |
run: echo "${OTP_VERSION}" > OTP_VERSION.lock | |
- name: Restore Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps- | |
- name: Conditionally build Mix deps cache | |
if: steps.deps-cache.outputs.cache-hit != 'true' | |
run: | | |
mix local.hex --force | |
mix local.rebar --force | |
mix deps.get | |
mix deps.compile | |
cd deps/libsecp256k1 | |
make | |
- name: Restore Explorer NPM Cache | |
uses: actions/cache@v3 | |
id: explorer-npm-cache | |
with: | |
path: apps/explorer/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm- | |
- name: Conditionally build Explorer NPM Cache | |
if: steps.explorer-npm-cache.outputs.cache-hit != 'true' | |
run: npm install | |
working-directory: apps/explorer | |
- name: Restore Blockscout Web NPM Cache | |
uses: actions/cache@v3 | |
id: blockscoutweb-npm-cache | |
with: | |
path: apps/block_scout_web/assets/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm- | |
- name: Conditionally build Blockscout Web NPM Cache | |
if: steps.blockscoutweb-npm-cache.outputs.cache-hit != 'true' | |
run: npm install | |
working-directory: apps/block_scout_web/assets | |
credo: | |
name: Credo | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: Restore Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- run: mix credo | |
check_formatted: | |
name: Code formatting checks | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: Restore Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- run: mix format --check-formatted | |
dialyzer: | |
name: Dialyzer static analysis | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: Restore Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- name: Restore Dialyzer Cache | |
uses: actions/cache@v3 | |
id: dialyzer-cache | |
with: | |
path: priv/plts | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-dialyzer-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-dialyzer-" | |
- name: Conditionally build Dialyzer Cache | |
if: steps.dialyzer-cache.outputs.cache-hit != 'true' | |
run: | | |
mkdir -p priv/plts | |
mix dialyzer --plt | |
- name: Run Dialyzer | |
run: mix dialyzer | |
gettext: | |
name: Missing translation keys check | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: Restore Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- run: | | |
mix gettext.extract --merge | tee stdout.txt | |
! grep "Wrote " stdout.txt | |
working-directory: "apps/block_scout_web" | |
sobelow: | |
name: Sobelow security analysis | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- name: Scan explorer for vulnerabilities | |
run: mix sobelow --config | |
working-directory: "apps/explorer" | |
- name: Scan block_scout_web for vulnerabilities | |
run: mix sobelow --config | |
working-directory: "apps/block_scout_web" | |
eslint: | |
name: ESLint | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- name: Restore Explorer NPM Cache | |
uses: actions/cache@v3 | |
id: explorer-npm-cache | |
with: | |
path: apps/explorer/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm- | |
- name: Restore Blockscout Web NPM Cache | |
uses: actions/cache@v3 | |
id: blockscoutweb-npm-cache | |
with: | |
path: apps/block_scout_web/assets/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm- | |
- name: Build assets | |
run: node node_modules/webpack/bin/webpack.js --mode development | |
working-directory: "apps/block_scout_web/assets" | |
- run: ./node_modules/.bin/eslint --format=junit --output-file="test/eslint/junit.xml" js/** | |
working-directory: apps/block_scout_web/assets | |
- name: Upload Unit Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ESLint Test Results | |
path: apps/block_scout_web/assets/test/eslint/*.xml | |
jest: | |
name: JS Tests | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- name: Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- name: Restore Blockscout Web NPM Cache | |
uses: actions/cache@v3 | |
id: blockscoutweb-npm-cache | |
with: | |
path: apps/block_scout_web/assets/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm- | |
- name: Build assets | |
run: node node_modules/webpack/bin/webpack.js --mode development | |
working-directory: "apps/block_scout_web/assets" | |
- run: ./node_modules/.bin/jest --reporters="jest-junit" | |
working-directory: apps/block_scout_web/assets | |
- name: Upload Unit Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Jest JUnit Test Results | |
path: apps/block_scout_web/assets/junit.xml | |
test_nethermind_mox_ethereum_jsonrpc: | |
name: EthereumJSONRPC Tests | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
services: | |
postgres: | |
image: postgres | |
env: | |
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database | |
POSTGRES_DB: explorer_test | |
# match PGPASSWORD for elixir image above | |
POSTGRES_PASSWORD: postgres | |
# match PGUSER for elixir image above | |
POSTGRES_USER: postgres | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps tcp port 5432 on service container to the host | |
- 5432:5432 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV | |
- name: Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- run: echo 'export PATH=/usr/local/bin:$PATH' >> $GITHUB_ENV | |
- name: mix test --exclude no_nethermind | |
run: | | |
cd apps/ethereum_jsonrpc | |
mix compile --warnings-as-errors | |
mix test --no-start --exclude no_nethermind | |
env: | |
MIX_ENV: "test" | |
# match POSTGRES_PASSWORD for postgres image below | |
PGPASSWORD: postgres | |
# match POSTGRES_USER for postgres image below | |
PGUSER: postgres | |
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test | |
DATABASE_HOSTNAME: postgres | |
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox" | |
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox" | |
- name: Upload Unit Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: EthereumJSONRPC Test Results | |
path: _build/test/junit/ethereum_jsonrpc/*.xml | |
test_nethermind_mox_explorer: | |
name: Explorer Tests | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
services: | |
postgres: | |
image: postgres | |
env: | |
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database | |
POSTGRES_DB: explorer_test | |
# match PGPASSWORD for elixir image above | |
POSTGRES_PASSWORD: postgres | |
# match PGUSER for elixir image above | |
POSTGRES_USER: postgres | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps tcp port 5432 on service container to the host | |
- 5432:5432 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV | |
- name: Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- name: Restore Explorer NPM Cache | |
uses: actions/cache@v3 | |
id: explorer-npm-cache | |
with: | |
path: apps/explorer/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm | |
- run: echo 'export PATH=/usr/local/bin:$PATH' >> $GITHUB_ENV | |
- name: Setup tmate session | |
uses: mxschmitt/action-tmate@v3 | |
timeout-minutes: 20 | |
if: false | |
with: | |
limit-access-to-actor: true | |
- name: mix test --exclude no_nethermind --exclude smart_contract_compiler | |
run: | | |
cd apps/explorer | |
mix compile --warnings-as-errors | |
cd ../.. | |
mix ecto.create --quiet | |
mix ecto.migrate | |
cd apps/explorer | |
mix test --no-start --exclude no_nethermind --exclude smart_contract_compiler | |
env: | |
MIX_ENV: "test" | |
# match POSTGRES_PASSWORD for postgres image below | |
PGPASSWORD: postgres | |
# match POSTGRES_USER for postgres image below | |
PGUSER: postgres | |
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test | |
DATABASE_HOSTNAME: postgres | |
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox" | |
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox" | |
- name: Upload Unit Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Explorer Test Results | |
path: _build/test/junit/explorer/*.xml | |
test_nethermind_mox_indexer: | |
name: Indexer Tests | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
services: | |
postgres: | |
image: postgres | |
env: | |
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database | |
POSTGRES_DB: explorer_test | |
# match PGPASSWORD for elixir image above | |
POSTGRES_PASSWORD: postgres | |
# match PGUSER for elixir image above | |
POSTGRES_USER: postgres | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps tcp port 5432 on service container to the host | |
- 5432:5432 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV | |
- name: Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- name: mix test --exclude no_nethermind | |
run: | | |
cd apps/indexer | |
mix compile --warnings-as-errors | |
cd ../.. | |
mix ecto.create --quiet | |
mix ecto.migrate | |
cd apps/indexer | |
mix test --no-start --exclude no_nethermind --exclude celo_exclude | |
env: | |
MIX_ENV: "test" | |
# match POSTGRES_PASSWORD for postgres image below | |
PGPASSWORD: postgres | |
# match POSTGRES_USER for postgres image below | |
PGUSER: postgres | |
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test | |
DATABASE_HOSTNAME: postgres | |
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox" | |
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox" | |
- name: Upload Unit Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Indexer Test Results | |
path: _build/test/junit/indexer/*.xml | |
test_nethermind_mox_block_scout_web: | |
name: Blockscout Web Tests | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: build-and-cache | |
env: | |
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test | |
DATABASE_HOSTNAME: postgres | |
services: | |
redis_db: | |
image: 'redis:alpine' | |
ports: | |
- 6379:6379 | |
postgres: | |
image: postgres | |
env: | |
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database | |
POSTGRES_DB: explorer_test | |
# match PGPASSWORD for elixir image above | |
POSTGRES_PASSWORD: postgres | |
# match PGUSER for elixir image above | |
POSTGRES_USER: postgres | |
# Set health checks to wait until postgres has started | |
options: >- | |
--health-cmd pg_isready | |
--health-interval 10s | |
--health-timeout 5s | |
--health-retries 5 | |
ports: | |
# Maps tcp port 5432 on service container to the host | |
- 5432:5432 | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: erlef/setup-beam@v1 | |
with: | |
otp-version: ${{ env.OTP_VERSION }} | |
elixir-version: ${{ env.ELIXIR_VERSION }} | |
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y | |
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV | |
- name: Mix Deps Cache | |
uses: actions/cache@v3 | |
id: deps-cache | |
with: | |
path: | | |
deps | |
_build | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-" | |
- name: Restore Explorer NPM Cache | |
uses: actions/cache@v3 | |
id: explorer-npm-cache | |
with: | |
path: apps/explorer/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm- | |
- name: Restore Blockscout Web NPM Cache | |
uses: actions/cache@v3 | |
id: blockscoutweb-npm-cache | |
with: | |
path: apps/block_scout_web/assets/node_modules | |
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm- | |
- name: Build assets | |
run: node node_modules/webpack/bin/webpack.js --mode development | |
working-directory: "apps/block_scout_web/assets" | |
- run: echo 'export PATH=/usr/local/bin:$PATH' >> $GITHUB_ENV | |
- name: mix test --exclude no_nethermind | |
run: | | |
cd apps/block_scout_web | |
mix compile --warnings-as-errors | |
cd ../.. | |
mix ecto.create --quiet | |
mix ecto.migrate | |
cd apps/block_scout_web | |
mix test --no-start --exclude no_nethermind | |
env: | |
# match POSTGRES_PASSWORD for postgres image below | |
MIX_ENV: "test" | |
PGPASSWORD: postgres | |
# match POSTGRES_USER for postgres image below | |
PGUSER: postgres | |
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox" | |
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox" | |
CHAIN_ID: "77" | |
COIN: "CELO" | |
ADMIN_PANEL_ENABLED: "true" | |
ACCOUNT_ENABLED: "true" | |
ACCOUNT_REDIS_URL: "redis://redis_db:6379" | |
API_V2_ENABLED: "true" | |
- name: Upload Unit Test Results | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Blockscout Web Test Results | |
path: _build/test/junit/block_scout_web/*.xml | |
- name: Upload Wallaby screenshots | |
if: always() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: Wallaby screenshots | |
path: apps/block_scout_web/screenshots/*.png | |
publish-test-results: | |
name: "Publish Unit Tests Results" | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
needs: | |
- test_nethermind_mox_ethereum_jsonrpc | |
- test_nethermind_mox_explorer | |
- test_nethermind_mox_indexer | |
- test_nethermind_mox_block_scout_web | |
- jest | |
if: success() || failure() | |
steps: | |
- name: Download Artifacts | |
uses: actions/download-artifact@v2 | |
with: | |
path: artifacts | |
- name: Publish Unit Test Results | |
uses: EnricoMi/publish-unit-test-result-action@v1 | |
with: | |
files: artifacts/**/*.xml | |
set-docker-vars: | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
needs: [credo, check_formatted, dialyzer, gettext, sobelow, eslint, jest, test_nethermind_mox_ethereum_jsonrpc, test_nethermind_mox_explorer, test_nethermind_mox_indexer, test_nethermind_mox_block_scout_web] | |
outputs: | |
workload-id-provider: ${{ steps.set-docker-vars.outputs.workload-id-provider }} | |
service-account: ${{ steps.set-docker-vars.outputs.service-account }} | |
artifact-registry: ${{ steps.set-docker-vars.outputs.artifact-registry }} | |
tag: ${{ steps.set-docker-vars.outputs.tag }} | |
sha: ${{ steps.set-docker-vars.outputs.sha }} | |
steps: | |
- name: Print inputs passed to the reusable workflow | |
id: set-docker-vars | |
run: | | |
echo "workload-id-provider=${{ github.ref != 'ref/heads/main' && 'projects/1094498259535/locations/global/workloadIdentityPools/gh-blockscout/providers/github-by-repos' || 'projects/1094498259535/locations/global/workloadIdentityPools/gh-blockscout-main/providers/github-by-repos' }}" >> $GITHUB_OUTPUT | |
echo "service-account=${{ github.ref != 'ref/heads/main' && 'blockscout-images-dev@devopsre.iam.gserviceaccount.com' || 'blockscout-images@devopsre.iam.gserviceaccount.com' }}" >> $GITHUB_OUTPUT | |
echo "artifact-registry=${{ github.ref != 'ref/heads/main' && vars.DEV_IMAGE_REPO || 'us-west1-docker.pkg.dev/devopsre/blockscout' }}" >> $GITHUB_OUTPUT | |
echo "tag=${{ github.ref != 'ref/heads/main' && 'testing' || 'latest' }}" >> $GITHUB_OUTPUT | |
echo "sha=${{ github.ref != 'ref/heads/main' && github.event.pull_request.head.sha || github.sha }}" >> $GITHUB_OUTPUT | |
build-blockscout-container: | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: [set-docker-vars] | |
permissions: | |
contents: read | |
id-token: write | |
security-events: write | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
- name: Authenticate to Google Cloud | |
uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@v2.0.1 | |
with: | |
workload-id-provider: ${{ needs.set-docker-vars.outputs.workload-id-provider }} | |
service-account: ${{ needs.set-docker-vars.outputs.service-account }} | |
access-token-lifetime: "20m" | |
docker-gcp-registries: "us-west1-docker.pkg.dev" | |
- name: Build, push and scan the container | |
uses: celo-org/reusable-workflows/.github/actions/build-container@main | |
with: | |
platforms: linux/amd64 | |
registry: "${{ needs.set-docker-vars.outputs.artifact-registry }}/blockscout" | |
tags: ${{ needs.set-docker-vars.outputs.tag }} | |
context: . | |
dockerfile: docker/Dockerfile | |
build-args: | | |
"FORCE_MIX_COMPILE_CACHE_MISS=${{ needs.set-docker-vars.outputs.sha }}" | |
push: true | |
trivy: true | |
build-blockscout-api-container: | |
runs-on: ['self-hosted', '8-cpu', 'blockscout'] | |
container: | |
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest | |
options: --user root | |
needs: [set-docker-vars] | |
permissions: | |
contents: read | |
id-token: write | |
security-events: write | |
steps: | |
- name: 'Checkout' | |
uses: actions/checkout@v4 | |
- name: Authenticate to Google Cloud | |
uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@v2.0.1 | |
with: | |
workload-id-provider: ${{ needs.set-docker-vars.outputs.workload-id-provider }} | |
service-account: ${{ needs.set-docker-vars.outputs.service-account }} | |
access-token-lifetime: "20m" | |
docker-gcp-registries: "us-west1-docker.pkg.dev" | |
- name: Build, push and scan the container | |
uses: celo-org/reusable-workflows/.github/actions/build-container@main | |
with: | |
platforms: linux/amd64 | |
registry: "${{ needs.set-docker-vars.outputs.artifact-registry }}/blockscout" | |
tags: ${{ needs.set-docker-vars.outputs.tag }} | |
context: . | |
dockerfile: docker/Dockerfile | |
build-args: | | |
"FORCE_MIX_COMPILE_CACHE_MISS=${{ needs.set-docker-vars.outputs.sha }}" | |
"DISABLE_WRITE_API=true", | |
"DISABLE_INDEXER=true", | |
"DISABLE_WEBAPP=true", | |
push: true | |
trivy: true |