Skip to content

Blockscout CI/CD for dhutch/xss_fix #132

Blockscout CI/CD for dhutch/xss_fix

Blockscout CI/CD for dhutch/xss_fix #132

Workflow file for this run

name: Blockscout CI/CD
run-name: Blockscout CI/CD for ${{ github.head_ref || github.ref_name }}
on:
push:
branches:
- master
pull_request:
branches:
- master
concurrency:
group: blockscout-${{ github.ref }}
cancel-in-progress: true
env:
MIX_ENV: test
OTP_VERSION: '25.1.1'
ELIXIR_VERSION: '1.14.1'
ACCOUNT_AUTH0_DOMAIN: 'blockscoutcom.us.auth0.com'
ACCOUNT_AUTH0_LOGOUT_URL: 'https://blockscoutcom.us.auth0.com/v2/logout'
ACCOUNT_AUTH0_LOGOUT_RETURN_URL: 'https://blockscout.com/auth/logout'
CACHE_VERSION: 22
jobs:
build-and-cache:
name: Build and Cache deps
runs-on: [ '8-cpu', 'self-hosted', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: "ELIXIR_VERSION.lock"
run: echo "${ELIXIR_VERSION}" > ELIXIR_VERSION.lock
- name: "OTP_VERSION.lock"
run: echo "${OTP_VERSION}" > OTP_VERSION.lock
- name: Restore Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-
- name: Conditionally build Mix deps cache
if: steps.deps-cache.outputs.cache-hit != 'true'
run: |
mix local.hex --force
mix local.rebar --force
mix deps.get
mix deps.compile
cd deps/libsecp256k1
make
- name: Restore Explorer NPM Cache
uses: actions/cache@v3
id: explorer-npm-cache
with:
path: apps/explorer/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-
- name: Conditionally build Explorer NPM Cache
if: steps.explorer-npm-cache.outputs.cache-hit != 'true'
run: npm install
working-directory: apps/explorer
- name: Restore Blockscout Web NPM Cache
uses: actions/cache@v3
id: blockscoutweb-npm-cache
with:
path: apps/block_scout_web/assets/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-
- name: Conditionally build Blockscout Web NPM Cache
if: steps.blockscoutweb-npm-cache.outputs.cache-hit != 'true'
run: npm install
working-directory: apps/block_scout_web/assets
credo:
name: Credo
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: Restore Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- run: mix credo
check_formatted:
name: Code formatting checks
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: Restore Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- run: mix format --check-formatted
dialyzer:
name: Dialyzer static analysis
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: Restore Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- name: Restore Dialyzer Cache
uses: actions/cache@v3
id: dialyzer-cache
with:
path: priv/plts
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-dialyzer-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-dialyzer-"
- name: Conditionally build Dialyzer Cache
if: steps.dialyzer-cache.outputs.cache-hit != 'true'
run: |
mkdir -p priv/plts
mix dialyzer --plt
- name: Run Dialyzer
run: mix dialyzer
gettext:
name: Missing translation keys check
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: Restore Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- run: |
mix gettext.extract --merge | tee stdout.txt
! grep "Wrote " stdout.txt
working-directory: "apps/block_scout_web"
sobelow:
name: Sobelow security analysis
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- name: Scan explorer for vulnerabilities
run: mix sobelow --config
working-directory: "apps/explorer"
- name: Scan block_scout_web for vulnerabilities
run: mix sobelow --config
working-directory: "apps/block_scout_web"
eslint:
name: ESLint
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- name: Restore Explorer NPM Cache
uses: actions/cache@v3
id: explorer-npm-cache
with:
path: apps/explorer/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-
- name: Restore Blockscout Web NPM Cache
uses: actions/cache@v3
id: blockscoutweb-npm-cache
with:
path: apps/block_scout_web/assets/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-
- name: Build assets
run: node node_modules/webpack/bin/webpack.js --mode development
working-directory: "apps/block_scout_web/assets"
- run: ./node_modules/.bin/eslint --format=junit --output-file="test/eslint/junit.xml" js/**
working-directory: apps/block_scout_web/assets
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: ESLint Test Results
path: apps/block_scout_web/assets/test/eslint/*.xml
jest:
name: JS Tests
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- name: Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- name: Restore Blockscout Web NPM Cache
uses: actions/cache@v3
id: blockscoutweb-npm-cache
with:
path: apps/block_scout_web/assets/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-
- name: Build assets
run: node node_modules/webpack/bin/webpack.js --mode development
working-directory: "apps/block_scout_web/assets"
- run: ./node_modules/.bin/jest --reporters="jest-junit"
working-directory: apps/block_scout_web/assets
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: Jest JUnit Test Results
path: apps/block_scout_web/assets/junit.xml
test_nethermind_mox_ethereum_jsonrpc:
name: EthereumJSONRPC Tests
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
services:
postgres:
image: postgres
env:
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database
POSTGRES_DB: explorer_test
# match PGPASSWORD for elixir image above
POSTGRES_PASSWORD: postgres
# match PGUSER for elixir image above
POSTGRES_USER: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV
- name: Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- run: echo 'export PATH=/usr/local/bin:$PATH' >> $GITHUB_ENV
- name: mix test --exclude no_nethermind
run: |
cd apps/ethereum_jsonrpc
mix compile --warnings-as-errors
mix test --no-start --exclude no_nethermind
env:
MIX_ENV: "test"
# match POSTGRES_PASSWORD for postgres image below
PGPASSWORD: postgres
# match POSTGRES_USER for postgres image below
PGUSER: postgres
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test
DATABASE_HOSTNAME: postgres
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox"
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox"
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: EthereumJSONRPC Test Results
path: _build/test/junit/ethereum_jsonrpc/*.xml
test_nethermind_mox_explorer:
name: Explorer Tests
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
services:
postgres:
image: postgres
env:
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database
POSTGRES_DB: explorer_test
# match PGPASSWORD for elixir image above
POSTGRES_PASSWORD: postgres
# match PGUSER for elixir image above
POSTGRES_USER: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV
- name: Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- name: Restore Explorer NPM Cache
uses: actions/cache@v3
id: explorer-npm-cache
with:
path: apps/explorer/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm
- run: echo 'export PATH=/usr/local/bin:$PATH' >> $GITHUB_ENV
- name: Setup tmate session
uses: mxschmitt/action-tmate@v3
timeout-minutes: 20
if: false
with:
limit-access-to-actor: true
- name: mix test --exclude no_nethermind --exclude smart_contract_compiler
run: |
cd apps/explorer
mix compile --warnings-as-errors
cd ../..
mix ecto.create --quiet
mix ecto.migrate
cd apps/explorer
mix test --no-start --exclude no_nethermind --exclude smart_contract_compiler
env:
MIX_ENV: "test"
# match POSTGRES_PASSWORD for postgres image below
PGPASSWORD: postgres
# match POSTGRES_USER for postgres image below
PGUSER: postgres
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test
DATABASE_HOSTNAME: postgres
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox"
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox"
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: Explorer Test Results
path: _build/test/junit/explorer/*.xml
test_nethermind_mox_indexer:
name: Indexer Tests
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
services:
postgres:
image: postgres
env:
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database
POSTGRES_DB: explorer_test
# match PGPASSWORD for elixir image above
POSTGRES_PASSWORD: postgres
# match PGUSER for elixir image above
POSTGRES_USER: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV
- name: Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- name: mix test --exclude no_nethermind
run: |
cd apps/indexer
mix compile --warnings-as-errors
cd ../..
mix ecto.create --quiet
mix ecto.migrate
cd apps/indexer
mix test --no-start --exclude no_nethermind --exclude celo_exclude
env:
MIX_ENV: "test"
# match POSTGRES_PASSWORD for postgres image below
PGPASSWORD: postgres
# match POSTGRES_USER for postgres image below
PGUSER: postgres
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test
DATABASE_HOSTNAME: postgres
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox"
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox"
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: Indexer Test Results
path: _build/test/junit/indexer/*.xml
test_nethermind_mox_block_scout_web:
name: Blockscout Web Tests
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: build-and-cache
env:
DATABASE_URL: postgres://postgres:postgres@postgres:5432/explorer_test
DATABASE_HOSTNAME: postgres
services:
redis_db:
image: 'redis:alpine'
ports:
- 6379:6379
postgres:
image: postgres
env:
# Match apps/explorer/config/test.exs config :explorer, Explorer.Repo, database
POSTGRES_DB: explorer_test
# match PGPASSWORD for elixir image above
POSTGRES_PASSWORD: postgres
# match PGUSER for elixir image above
POSTGRES_USER: postgres
# Set health checks to wait until postgres has started
options: >-
--health-cmd pg_isready
--health-interval 10s
--health-timeout 5s
--health-retries 5
ports:
# Maps tcp port 5432 on service container to the host
- 5432:5432
steps:
- uses: actions/checkout@v3
- uses: erlef/setup-beam@v1
with:
otp-version: ${{ env.OTP_VERSION }}
elixir-version: ${{ env.ELIXIR_VERSION }}
- run: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
- run: echo 'export PATH=~/.cargo/bin/:$PATH' >> $GITHUB_ENV
- name: Mix Deps Cache
uses: actions/cache@v3
id: deps-cache
with:
path: |
deps
_build
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-mixlockhash_${{ env.CACHE_VERSION }}-${{ hashFiles('mix.lock') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-deps-"
- name: Restore Explorer NPM Cache
uses: actions/cache@v3
id: explorer-npm-cache
with:
path: apps/explorer/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-${{ hashFiles('apps/explorer/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-explorer-npm-
- name: Restore Blockscout Web NPM Cache
uses: actions/cache@v3
id: blockscoutweb-npm-cache
with:
path: apps/block_scout_web/assets/node_modules
key: ${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-${{ hashFiles('apps/block_scout_web/assets/package-lock.json') }}
restore-keys: |
${{ runner.os }}-${{ env.ELIXIR_VERSION }}-${{ env.OTP_VERSION }}-${{ env.MIX_ENV }}-blockscoutweb-npm-
- name: Build assets
run: node node_modules/webpack/bin/webpack.js --mode development
working-directory: "apps/block_scout_web/assets"
- run: echo 'export PATH=/usr/local/bin:$PATH' >> $GITHUB_ENV
- name: mix test --exclude no_nethermind
run: |
cd apps/block_scout_web
mix compile --warnings-as-errors
cd ../..
mix ecto.create --quiet
mix ecto.migrate
cd apps/block_scout_web
mix test --no-start --exclude no_nethermind
env:
# match POSTGRES_PASSWORD for postgres image below
MIX_ENV: "test"
PGPASSWORD: postgres
# match POSTGRES_USER for postgres image below
PGUSER: postgres
ETHEREUM_JSONRPC_CASE: "EthereumJSONRPC.Case.Nethermind.Mox"
ETHEREUM_JSONRPC_WEB_SOCKET_CASE: "EthereumJSONRPC.WebSocket.Case.Mox"
CHAIN_ID: "77"
COIN: "CELO"
ADMIN_PANEL_ENABLED: "true"
ACCOUNT_ENABLED: "true"
ACCOUNT_REDIS_URL: "redis://redis_db:6379"
API_V2_ENABLED: "true"
- name: Upload Unit Test Results
if: always()
uses: actions/upload-artifact@v4
with:
name: Blockscout Web Test Results
path: _build/test/junit/block_scout_web/*.xml
- name: Upload Wallaby screenshots
if: always()
uses: actions/upload-artifact@v4
with:
name: Wallaby screenshots
path: apps/block_scout_web/screenshots/*.png
publish-test-results:
name: "Publish Unit Tests Results"
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
needs:
- test_nethermind_mox_ethereum_jsonrpc
- test_nethermind_mox_explorer
- test_nethermind_mox_indexer
- test_nethermind_mox_block_scout_web
- jest
if: success() || failure()
steps:
- name: Download Artifacts
uses: actions/download-artifact@v2
with:
path: artifacts
- name: Publish Unit Test Results
uses: EnricoMi/publish-unit-test-result-action@v1
with:
files: artifacts/**/*.xml
set-docker-vars:
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
needs: [credo, check_formatted, dialyzer, gettext, sobelow, eslint, jest, test_nethermind_mox_ethereum_jsonrpc, test_nethermind_mox_explorer, test_nethermind_mox_indexer, test_nethermind_mox_block_scout_web]
outputs:
workload-id-provider: ${{ steps.set-docker-vars.outputs.workload-id-provider }}
service-account: ${{ steps.set-docker-vars.outputs.service-account }}
artifact-registry: ${{ steps.set-docker-vars.outputs.artifact-registry }}
tag: ${{ steps.set-docker-vars.outputs.tag }}
sha: ${{ steps.set-docker-vars.outputs.sha }}
steps:
- name: Print inputs passed to the reusable workflow
id: set-docker-vars
run: |
echo "workload-id-provider=${{ github.ref != 'ref/heads/main' && 'projects/1094498259535/locations/global/workloadIdentityPools/gh-blockscout/providers/github-by-repos' || 'projects/1094498259535/locations/global/workloadIdentityPools/gh-blockscout-main/providers/github-by-repos' }}" >> $GITHUB_OUTPUT
echo "service-account=${{ github.ref != 'ref/heads/main' && 'blockscout-images-dev@devopsre.iam.gserviceaccount.com' || 'blockscout-images@devopsre.iam.gserviceaccount.com' }}" >> $GITHUB_OUTPUT
echo "artifact-registry=${{ github.ref != 'ref/heads/main' && vars.DEV_IMAGE_REPO || 'us-west1-docker.pkg.dev/devopsre/blockscout' }}" >> $GITHUB_OUTPUT
echo "tag=${{ github.ref != 'ref/heads/main' && 'testing' || 'latest' }}" >> $GITHUB_OUTPUT
echo "sha=${{ github.ref != 'ref/heads/main' && github.event.pull_request.head.sha || github.sha }}" >> $GITHUB_OUTPUT
build-blockscout-container:
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: [set-docker-vars]
permissions:
contents: read
id-token: write
security-events: write
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: Authenticate to Google Cloud
uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@v2.0.1
with:
workload-id-provider: ${{ needs.set-docker-vars.outputs.workload-id-provider }}
service-account: ${{ needs.set-docker-vars.outputs.service-account }}
access-token-lifetime: "20m"
docker-gcp-registries: "us-west1-docker.pkg.dev"
- name: Build, push and scan the container
uses: celo-org/reusable-workflows/.github/actions/build-container@main
with:
platforms: linux/amd64
registry: "${{ needs.set-docker-vars.outputs.artifact-registry }}/blockscout"
tags: ${{ needs.set-docker-vars.outputs.tag }}
context: .
dockerfile: docker/Dockerfile
build-args: |
"FORCE_MIX_COMPILE_CACHE_MISS=${{ needs.set-docker-vars.outputs.sha }}"
push: true
trivy: true
build-blockscout-api-container:
runs-on: ['self-hosted', '8-cpu', 'blockscout']
container:
image: us-west1-docker.pkg.dev/devopsre/actions-runner-controller/blockscout:latest
options: --user root
needs: [set-docker-vars]
permissions:
contents: read
id-token: write
security-events: write
steps:
- name: 'Checkout'
uses: actions/checkout@v4
- name: Authenticate to Google Cloud
uses: celo-org/reusable-workflows/.github/actions/auth-gcp-artifact-registry@v2.0.1
with:
workload-id-provider: ${{ needs.set-docker-vars.outputs.workload-id-provider }}
service-account: ${{ needs.set-docker-vars.outputs.service-account }}
access-token-lifetime: "20m"
docker-gcp-registries: "us-west1-docker.pkg.dev"
- name: Build, push and scan the container
uses: celo-org/reusable-workflows/.github/actions/build-container@main
with:
platforms: linux/amd64
registry: "${{ needs.set-docker-vars.outputs.artifact-registry }}/blockscout"
tags: ${{ needs.set-docker-vars.outputs.tag }}
context: .
dockerfile: docker/Dockerfile
build-args: |
"FORCE_MIX_COMPILE_CACHE_MISS=${{ needs.set-docker-vars.outputs.sha }}"
"DISABLE_WRITE_API=true",
"DISABLE_INDEXER=true",
"DISABLE_WEBAPP=true",
push: true
trivy: true