Skip to content

Implement access control for AccountStore members (#3204) #9028

Implement access control for AccountStore members (#3204)

Implement access control for AccountStore members (#3204) #9028

Workflow file for this run

name: General CI
# This file is a joint CI of parachain and tee-worker, it contains:
# - build (of docker images)
# - format check
# - unit tests
# - integration tests
# Some notes:
#
# [1] the tee-worker part is a modified version of tee-worker/.github/workflows/build_and_test.yml
# with extra triggering control.
#
# [2] the original file (`tee-worker/.github/workflows/build_and_test.yml`) is kept to sync
# upstream changes, therefore we need to manually apply the changes to this file.
# [3] please beware that if a job in `needs` is skipped, its dependent job will also be skipped,
# see https://github.com/actions/runner/issues/491
#
# jobs that will always be executed:
# - fmt
# - set-condition
# - parachain-build-dev
# - identity-build
#
# [4] please note that job-level if `env` is not supported:
# https://github.com/actions/runner/issues/1189
# as a workaround, we need to put it in a step-level or use `needs.outputs`
#
on:
push:
branches:
- dev
paths-ignore:
- "**/dependabot.yml"
- "**/README.md"
pull_request:
branches:
- dev
types:
- opened
- reopened
- synchronize
- ready_for_review
workflow_dispatch:
inputs:
rebuild-parachain:
type: boolean
description: rebuild-parachain
required: true
default: true
rebuild-identity:
type: boolean
description: rebuild-identity
required: true
default: true
rebuild-omni-executor:
type: boolean
description: rebuild-omni-executor
required: true
default: true
run-multi-worker-test:
type: boolean
description: run-multi-worker-test
required: true
default: false
push-docker:
type: boolean
description: push-docker
required: true
default: false
env:
CARGO_TERM_COLOR: always
DOCKER_BUILDKIT: 1
# the branch or tag on which this workflow is triggered
# `head_ref` will only be set if the triggering event is `pull_request`
REF_VERSION: ${{ github.head_ref || github.ref_name }}
concurrency:
# see https://stackoverflow.com/questions/74117321/if-condition-in-concurrency-in-gha
# along with the `sequentialise` job below, it guarantees:
# - for push in dev: all triggered CIs will be run sequentially, none is cancelled
# - for PR: later triggered CIs will cancel previous runs, maximum one CI will be run
group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }}
cancel-in-progress: true
jobs:
set-condition:
runs-on: ubuntu-22.04
# see https://github.com/orgs/community/discussions/25722
if: ${{ github.event_name == 'push' || !github.event.pull_request.draft }}
outputs:
rebuild_parachain: ${{ steps.env.outputs.rebuild_parachain }}
rebuild_identity: ${{ steps.env.outputs.rebuild_identity }}
rebuild_omni_executor: ${{ steps.env.outputs.rebuild_omni_executor }}
push_docker: ${{ steps.env.outputs.push_docker }}
run_parachain_test: ${{ steps.env.outputs.run_parachain_test }}
run_identity_test: ${{ steps.env.outputs.run_identity_test }}
run_omni_executor_test: ${{ steps.env.outputs.run_omni_executor_test }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
# Checks to see if any files in the PR/commit match one of the listed file types.
# We can use this filter to decide whether or not to build docker images
- uses: dorny/paths-filter@v3
id: filter
with:
filters: .github/file-filter.yml
list-files: shell
- name: Set condition
id: env
run: |
rebuild_parachain=false
rebuild_identity=false
rebuild_omni_executor=false
push_docker=false
run_parachain_test=false
run_identity_test=false
run_omni_executor_test=false
if [ "${{ github.event.inputs.rebuild-parachain }}" = "true" ] || [ "${{ steps.filter.outputs.parachain_src }}" = "true" ]; then
rebuild_parachain=true
fi
if [ "${{ github.event.inputs.rebuild-identity }}" = "true" ] || [ "${{ steps.filter.outputs.identity_src }}" = "true" ]; then
rebuild_identity=true
fi
if [ "${{ github.event.inputs.rebuild-omni-executor }}" = "true" ] || [ "${{ steps.filter.outputs.omni_executor_src }}" = "true" ]; then
rebuild_omni_executor=true
fi
if [ "${{ github.event.inputs.push-docker }}" = "true" ]; then
push_docker=true
elif [ "${{ github.event_name }}" = 'push' ] && [ "${{ github.ref }}" = 'refs/heads/dev' ]; then
push_docker=true
fi
if [ "${{ steps.filter.outputs.parachain_test }}" = "true" ] || [ "$rebuild_parachain" = "true" ]; then
run_parachain_test=true
fi
if [ "${{ steps.filter.outputs.identity_test }}" = "true" ] || [ "$rebuild_parachain" = "true" ] || [ "$rebuild_identity" = "true" ]; then
run_identity_test=true
fi
if [ "${{ steps.filter.outputs.omni_executor_test }}" = "true" ] || [ "$rebuild_parachain" = "true" ] || [ "$rebuild_omni_executor" = "true" ]; then
run_omni_executor_test=true
fi
echo "rebuild_parachain=$rebuild_parachain" | tee -a $GITHUB_OUTPUT
echo "rebuild_identity=$rebuild_identity" | tee -a $GITHUB_OUTPUT
echo "rebuild_omni_executor=$rebuild_omni_executor" | tee -a $GITHUB_OUTPUT
echo "push_docker=$push_docker" | tee -a $GITHUB_OUTPUT
echo "run_parachain_test=$run_parachain_test" | tee -a $GITHUB_OUTPUT
echo "run_identity_test=$run_identity_test" | tee -a $GITHUB_OUTPUT
echo "run_omni_executor_test=$run_omni_executor_test" | tee -a $GITHUB_OUTPUT
fmt:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- name: Install rust toolchain
run: rustup show
- name: Install pre-built taplo
run: |
mkdir -p $HOME/.local/bin
wget -q https://github.com/tamasfe/taplo/releases/download/0.8.1/taplo-linux-x86_64.gz
gzip -d taplo-linux-x86_64.gz
cp taplo-linux-x86_64 $HOME/.local/bin/taplo
chmod a+x $HOME/.local/bin/taplo
echo "$HOME/.local/bin" >> $GITHUB_PATH
- name: Parachain fmt check
working-directory: ./parachain
run: |
cargo fmt --all -- --check
taplo fmt --check
- name: tee-worker fmt check
working-directory: ./tee-worker
run: |
cargo fmt --all -- --check
taplo fmt --check
- name: identity-worker enclave-runtime fmt check
working-directory: ./tee-worker/identity/enclave-runtime
run: |
cargo fmt --all -- --check
- name: omni-executor fmt check
working-directory: ./tee-worker/omni-executor
run: |
cargo fmt --all -- --check
- name: Enable corepack and pnpm
run: corepack enable && corepack enable pnpm
- name: identity-worker ts-tests install npm deps
working-directory: ./tee-worker/identity/ts-tests
# We can't update the lockfile here because the client-api hasn't been generated yet.
run: pnpm install --frozen-lockfile
- name: identity-worker check ts code format
working-directory: ./tee-worker/identity/ts-tests
run: pnpm run check-format
- name: Fail early
if: failure()
uses: andymckay/[email protected]
# sequentialise the workflow runs on `dev` branch
# the if condition is applied in step level to make this job always `successful`
sequentialise:
runs-on: ubuntu-22.04
steps:
- name: Wait for previous run
if: ${{ !failure() && (github.event_name == 'push') && (github.ref == 'refs/heads/dev') }}
uses: litentry/consecutive-workflow-action@main
with:
token: ${{ secrets.GITHUB_TOKEN }}
interval: 300
branch: dev
parachain-clippy:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
if: needs.set-condition.outputs.rebuild_parachain == 'true'
steps:
- uses: actions/checkout@v4
- name: Install rust toolchain
run: rustup show
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -yq openssl clang libclang-dev cmake protobuf-compiler
- name: Run cargo clippy check
run: make clippy
- name: Fail early
if: failure()
uses: andymckay/[email protected]
tee-check:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
container: "litentry/litentry-tee-dev:latest"
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update && \
sudo apt-get install -yq openssl clang libclang-dev cmake protobuf-compiler
- name: Cargo test
working-directory: ./tee-worker
run: |
cargo test --release
- name: Check clippy
working-directory: ./tee-worker
shell: bash
run: |
for d in . identity/enclave-runtime; do
pushd "$d"
echo "::group::cargo clippy all"
cargo clippy --release -- -D warnings
echo "::endgroup::"
echo "::group::cargo clippy development"
cargo clippy --release --features development -- -D warnings
echo "::endgroup::"
echo "::group::cargo clippy offchain-worker"
cargo clippy --release --features offchain-worker -- -D warnings
echo "::group::cargo clippy offchain-worker,development"
cargo clippy --release --features offchain-worker,development -- -D warnings
echo "::endgroup::"
popd
done
- name: Identity-worker specific clippy
working-directory: ./tee-worker/identity/enclave-runtime
shell: bash
run: |
echo "::group::cargo clippy sidechain"
cargo clippy --release --features sidechain -- -D warnings
echo "::endgroup::"
echo "::group::cargo clippy evm"
cargo clippy --release --features evm -- -D warnings
echo "::endgroup::"
echo "::group::cargo clippy sidechain development"
cargo clippy --release --features sidechain,development -- -D warnings
echo "::endgroup::"
echo "::group::cargo clippy evm development"
cargo clippy --release --features evm,development -- -D warnings
echo "::endgroup::"
- name: Fail early
if: failure()
uses: andymckay/[email protected]
omni-executor-check:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
if: needs.set-condition.outputs.rebuild_omni_executor == 'true'
container: "litentry/litentry-tee-dev:latest"
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update && \
sudo apt-get install -yq openssl clang libclang-dev cmake protobuf-compiler
- name: Clippy
working-directory: ./tee-worker/omni-executor
run: cargo clippy --release -- -D warnings
- name: Tests
working-directory: ./tee-worker/omni-executor
run: cargo test
parachain-build-dev:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
steps:
- uses: actions/checkout@v4
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: ./.github/actions/disk-cleanup
- name: Build docker image
working-directory: ./parachain
if: needs.set-condition.outputs.rebuild_parachain == 'true'
run: |
echo "::group::build docker image"
./scripts/build-docker.sh release latest --features=fast-runtime
echo "::endgroup::"
echo "::group::docker images"
docker images --all
echo "::endgroup::"
- name: Pull docker image optionally
if: needs.set-condition.outputs.rebuild_parachain == 'false'
run: |
docker pull litentry/litentry-parachain:latest
docker pull litentry/litentry-chain-aio:latest
- name: Save docker image
run: |
docker save litentry/litentry-parachain:latest litentry/litentry-chain-aio:latest | gzip > litentry-parachain-dev.tar.gz
- name: Upload parachain docker image
uses: actions/upload-artifact@v4
with:
name: litentry-parachain-dev
path: litentry-parachain-dev.tar.gz
if-no-files-found: error
- name: Fail early
if: failure()
uses: andymckay/[email protected]
identity-build:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
steps:
- uses: actions/checkout@v4
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: ./.github/actions/disk-cleanup
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# use the docker driver to access the local image
# we don't need external caches or multi platforms here
# see https://docs.docker.com/build/drivers/
driver: docker
- name: Cache worker-cache
if: needs.set-condition.outputs.rebuild_identity == 'true'
uses: actions/cache@v4
with:
path: |
worker-cache
key: worker-cache-${{ env.REF_VERSION }}-${{ hashFiles('tee-worker/identity/**/Cargo.lock', 'tee-worker/identity/**/Cargo.toml') }}
restore-keys: |
worker-cache-${{ env.REF_VERSION }}-
worker-cache-
- name: Create cache folder if not exist
if: needs.set-condition.outputs.rebuild_identity == 'true'
run: |
for i in 'git/db' 'registry/cache' 'registry/index' 'sccache'; do
[ ! -d "worker-cache/$i" ] && mkdir -p "worker-cache/$i" || true
echo "hello" > worker-cache/$i/nix
done
echo "::group::List worker-cache size"
du -sh worker-cache/*
echo "::endgroup::"
echo "::group::Show disk usage"
df -h .
echo "::endgroup::"
# cache mount in buildkit won't be exported as image layers, so it doesn't work well with GHA cache, see
# https://github.com/moby/buildkit/issues/1512
# https://www.reddit.com/r/rust/comments/126xeyx/exploring_the_problem_of_faster_cargo_docker/
# https://hackmd.io/@kobzol/S17NS71bh (a great summary)
#
# the `reproducible-containers/buildkit-cache-dance` seems to be unstable too in my test
# sometimes it works, sometimes it results in empty cache, root cause unclear
#
# thus the persistence of rust cache (w/ sccache) is maintained manually
#
# there's no cache-from/to as the docker image layer is too large and it takes too long to sync
# moreoever, we are not so eager to have layer caches, as the most critical operation(cargo build)
# is "atomic" and can't be broken into layers.
- name: Build local builder
if: needs.set-condition.outputs.rebuild_identity == 'true'
uses: docker/build-push-action@v6
with:
context: .
file: tee-worker/identity/build.Dockerfile
tags: local-builder:latest
target: builder
build-args: |
WORKER_MODE_ARG=sidechain
WORKER_ENV_DATA_PROVIDERS_CONFIG=1
WORKER_MOCK_SERVER=1
ADDITIONAL_FEATURES_ARG=
- name: Copy caches from the built image
if: needs.set-condition.outputs.rebuild_identity == 'true'
run: |
echo "::group::Show disk usage"
df -h .
echo "::endgroup::"
echo "::group::docker images"
docker images --all
echo "::endgroup::"
echo "::group::copy cache out"
for i in 'git/db' 'registry/cache' 'registry/index'; do
b="${i%/*}"
rm -rf worker-cache/$i
docker cp "$(docker create --rm local-builder:latest):/opt/rust/$i" worker-cache/$b
done
rm -rf worker-cache/sccache
docker cp "$(docker create --rm local-builder:latest):/opt/rust/sccache" worker-cache
du -sh worker-cache/*
echo "::endgroup::"
echo "::group::df -h ."
df -h .
echo "::endgroup::"
- name: Build worker
if: needs.set-condition.outputs.rebuild_identity == 'true'
uses: docker/build-push-action@v6
with:
context: .
file: tee-worker/identity/build.Dockerfile
tags: litentry/identity-worker:latest
target: deployed-worker
- name: Build cli
if: needs.set-condition.outputs.rebuild_identity == 'true'
uses: docker/build-push-action@v6
with:
context: .
file: tee-worker/identity/build.Dockerfile
tags: litentry/identity-cli:latest
target: deployed-client
- name: Pull and tag worker and cli image optionally
if: needs.set-condition.outputs.rebuild_identity == 'false'
run: |
docker pull litentry/identity-worker:latest
docker pull litentry/identity-cli:latest
- run: docker images --all
- name: Test enclave
if: needs.set-condition.outputs.rebuild_identity == 'true'
# cargo test is not supported in the enclave
# see https://github.com/apache/incubator-teaclave-sgx-sdk/issues/232
run: docker run litentry/identity-worker:latest test --all
- name: Save docker images
run: docker save litentry/identity-worker:latest litentry/identity-cli:latest | gzip > litentry-identity.tar.gz
- name: Upload docker images
uses: actions/upload-artifact@v4
with:
name: litentry-identity
path: litentry-identity.tar.gz
if-no-files-found: error
- name: Fail early
if: failure()
uses: andymckay/[email protected]
omni-executor-build:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
steps:
- uses: actions/checkout@v4
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: ./.github/actions/disk-cleanup
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
# use the docker driver to access the local image
# we don't need external caches or multi platforms here
# see https://docs.docker.com/build/drivers/
driver: docker
- name: Build omni-executor image
if: needs.set-condition.outputs.rebuild_omni_executor == 'true'
uses: docker/build-push-action@v6
with:
context: tee-worker/omni-executor/
file: tee-worker/omni-executor/Dockerfile
tags: litentry/omni-executor:latest
target: executor-worker
- name: Pull omni-executor image optionally
if: needs.set-condition.outputs.rebuild_omni_executor == 'false'
run: |
docker pull litentry/omni-executor:latest
- run: docker images --all
- name: Save docker image
run: |
docker save litentry/omni-executor:latest | gzip > litentry-omni.tar.gz
- name: Upload docker image
uses: actions/upload-artifact@v4
with:
name: litentry-omni
path: litentry-omni.tar.gz
if-no-files-found: error
parachain-ts-test:
runs-on: ubuntu-22.04
needs:
- set-condition
- parachain-build-dev
strategy:
matrix:
chain:
- litentry
- paseo
name: ${{ matrix.chain }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: litentry-parachain-dev
- name: Load docker image
run: |
docker load < litentry-parachain-dev.tar.gz
- name: Enable corepack and pnpm
run: corepack enable && corepack enable pnpm
- name: Run ts tests for ${{ matrix.chain }}
if: needs.set-condition.outputs.run_parachain_test == 'true'
timeout-minutes: 35
run: |
make test-ts-${{ matrix.chain }}
- name: Collect docker logs if test fails
continue-on-error: true
uses: jwalton/gh-docker-logs@v2
if: failure()
with:
tail: all
dest: docker-logs
- name: Upload docker logs if test fails
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.chain }}-ts-tests-docker-logs
path: docker-logs
if-no-files-found: ignore
retention-days: 3
- name: Archive logs if test fails
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.chain }}-ts-tests-artifact
path: /tmp/parachain_dev/
if-no-files-found: ignore
retention-days: 3
- name: Fail early
if: failure()
uses: andymckay/[email protected]
parachain-unit-test:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
# run_parachain_test is related to ts-tests only
if: needs.set-condition.outputs.rebuild_parachain == 'true'
steps:
- uses: actions/checkout@v4
- name: Run all unittests
working-directory: ./parachain
run: |
echo "::group::core-primitives unittest"
cargo test --locked -p core-primitives --lib
echo "::endgroup::"
echo "::group::all pallets unittest"
cargo test --locked -p pallet-* --lib
echo "::endgroup::"
echo "::group::all pallets unittest with runtime-benchmarks feature"
cargo test --locked -p pallet-* --lib --features=runtime-benchmarks
echo "::endgroup::"
- name: Fail early
if: failure()
uses: andymckay/[email protected]
parachain-runtime-test:
runs-on: ubuntu-22.04
needs:
- fmt
- set-condition
- sequentialise
if: needs.set-condition.outputs.rebuild_parachain == 'true'
steps:
- uses: actions/checkout@v4
- name: Free up disk space
if: startsWith(runner.name, 'GitHub Actions')
uses: ./.github/actions/disk-cleanup
- name: Install toolchain
working-directory: ./parachain
run: rustup show
- name: Install dependencies
run: |
sudo apt-get update && \
sudo apt-get install -yq openssl clang libclang-dev cmake protobuf-compiler
# We could have used matrix but the runtime tests are executed sequentially for a cleaner GHA visualisation graph.
# It won't take much longer as we run them back to back.
- name: Run runtime tests
working-directory: ./parachain
run: |
echo "::group::paseo runtime test"
cargo test --locked -p paseo-parachain-runtime --lib
echo "::endgroup::"
echo "::group::litentry runtime test"
cargo test --locked -p litentry-parachain-runtime --lib
echo "::endgroup::"
- name: Fail early
if: failure()
uses: andymckay/[email protected]
identity-single-worker-test:
runs-on: ubuntu-22.04
needs:
- set-condition
- parachain-build-dev
- identity-build
strategy:
fail-fast: false
matrix:
include:
- test_name: lit-di-identity-test
- test_name: lit-dr-vc-test
- test_name: lit-parentchain-nonce
- test_name: lit-test-failed-parentchain-extrinsic
- test_name: lit-omni-account-test
- test_name: lit-native-request-vc-test
name: ${{ matrix.test_name }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: litentry-parachain-dev
- uses: actions/download-artifact@v4
with:
name: litentry-identity
- name: Load docker image
run: |
docker load < litentry-parachain-dev.tar.gz
docker load < litentry-identity.tar.gz
docker images
- name: Enable corepack and pnpm
run: corepack enable && corepack enable pnpm
- name: Launch parachain network
run: |
make launch-network-litentry
- name: Integration single worker test ${{ matrix.test_name }}
working-directory: ./tee-worker/identity/docker
if: needs.set-condition.outputs.run_identity_test == 'true'
timeout-minutes: 40
run: |
docker compose -f docker-compose.yml -f ${{ matrix.test_name }}.yml up --no-build --exit-code-from ${{ matrix.test_name }} ${{ matrix.test_name }}
- name: Stop integration single worker docker containers
working-directory: ./tee-worker/identity/docker
if: needs.set-condition.outputs.run_identity_test == 'true'
run: |
docker compose -f docker-compose.yml -f ${{ matrix.test_name }}.yml stop
- name: Upload zombienet logs if test fails
continue-on-error: true
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.test_name }}-zombienet-logs
path: |
/tmp/parachain_dev
!/tmp/parachain_dev/polkadot*
!/tmp/parachain_dev/zombienet*
!/tmp/parachain_dev/litentry-collator
if-no-files-found: ignore
retention-days: 3
- name: Collect docker logs if test fails
continue-on-error: true
uses: jwalton/gh-docker-logs@v2
if: failure()
with:
tail: all
dest: docker-logs
- name: Upload docker logs if test fails
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.test_name }}-docker-logs
path: docker-logs
if-no-files-found: ignore
retention-days: 3
identity-multi-worker-test:
runs-on: ubuntu-22.04
continue-on-error: true
if: ${{ github.event.inputs.run-multi-worker-test == 'true' }} # only if triggered manually
needs:
- set-condition
- parachain-build-dev
- identity-build
strategy:
fail-fast: false
matrix:
include:
- test_name: lit-di-identity-multiworker-test
- test_name: lit-dr-vc-multiworker-test
- test_name: lit-resume-worker
- test_name: lit-omni-account-multiworker-test
- test_name: lit-native-request-vc-multiworker-test
name: ${{ matrix.test_name }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: litentry-parachain-dev
- uses: actions/download-artifact@v4
with:
name: litentry-identity
- name: Load docker image
run: |
docker load < litentry-parachain-dev.tar.gz
docker load < litentry-identity.tar.gz
docker images
- name: Enable corepack and pnpm
run: corepack enable && corepack enable pnpm
- name: Launch parachain network
run: |
make launch-network-litentry
- name: Integration multi worker test ${{ matrix.test_name }}
working-directory: ./tee-worker/identity/docker
if: needs.set-condition.outputs.run_identity_test == 'true'
timeout-minutes: 40
run: |
docker compose -f multiworker-docker-compose.yml -f ${{ matrix.test_name }}.yml up --no-build --exit-code-from ${{ matrix.test_name }} ${{ matrix.test_name }}
- name: Stop integration multi worker docker containers
working-directory: ./tee-worker/identity/docker
if: needs.set-condition.outputs.run_identity_test == 'true'
run: |
docker compose -f multiworker-docker-compose.yml -f ${{ matrix.test_name }}.yml stop
- name: Upload zombienet logs if test fails
continue-on-error: true
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.test_name }}-zombienet-logs
path: |
/tmp/parachain_dev
!/tmp/parachain_dev/polkadot*
!/tmp/parachain_dev/zombienet*
!/tmp/parachain_dev/litentry-collator
if-no-files-found: ignore
retention-days: 3
- name: Collect docker logs if test fails
continue-on-error: true
uses: jwalton/gh-docker-logs@v2
if: failure()
with:
tail: all
dest: docker-logs
- name: Upload docker logs if test fails
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.test_name }}-docker-logs
path: docker-logs
if-no-files-found: ignore
retention-days: 3
omni-executor-test:
runs-on: ubuntu-22.04
needs:
- set-condition
- parachain-build-dev
- omni-executor-build
strategy:
fail-fast: false
matrix:
include:
- test_name: omni-test
name: ${{ matrix.test_name }}
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: litentry-parachain-dev
- uses: actions/download-artifact@v4
with:
name: litentry-omni
- name: Load docker image
run: |
docker load < litentry-parachain-dev.tar.gz
docker load < litentry-omni.tar.gz
docker images
# - name: Integration omni executor test ${{ matrix.test_name }}
# working-directory: ./tee-worker/omni-executor/docker
# if: needs.set-condition.outputs.run_omni_executor_test == 'true'
# timeout-minutes: 40
# run: |
# docker compose -f docker-compose.yml -f ${{ matrix.test_name }}.yml up --no-build --exit-code-from ${{ matrix.test_name }} ${{ matrix.test_name }}
- name: Collect docker logs if test fails
continue-on-error: true
uses: jwalton/gh-docker-logs@v2
if: failure()
with:
tail: all
dest: docker-logs
- name: Upload docker logs if test fails
uses: actions/upload-artifact@v4
if: failure()
with:
name: ${{ matrix.test_name }}-docker-logs
path: docker-logs
if-no-files-found: ignore
retention-days: 3
# Secrets are not passed to the runner when a workflow is triggered from a forked repository,
# see https://docs.github.com/en/actions/security-guides/encrypted-secrets#using-encrypted-secrets-in-a-workflow
#
# Only try to push docker image when
# - parachain-ts-test passes
# - identity-single-worker-test passes
# - set-condition.outputs.push_docker is `true`
# Whether the parachain or tee-worker image will actually be pushed still depends on if a new image was built/rebuilt.
# This is important not to overwrite any other jobs where a rebuild **was** triggered.
#
# We don't have to depend on jobs like `parachain-unit-test` as they have the same trigger condition `rebuild_parachain`,
# so there must be no new image if `parachain-unit-test` is skipped.
#
# `!failure()` needs to be used to cover skipped jobs
push-docker:
runs-on: ubuntu-22.04
needs:
- set-condition
- parachain-ts-test
- identity-single-worker-test
- omni-executor-test
if: ${{ !failure() && needs.set-condition.outputs.push_docker == 'true' }}
steps:
- uses: actions/download-artifact@v4
with:
name: litentry-parachain-dev
- uses: actions/download-artifact@v4
with:
name: litentry-identity
- uses: actions/download-artifact@v4
with:
name: litentry-omni
- name: Dockerhub login
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
- name: Push parachain image
if: needs.set-condition.outputs.rebuild_parachain == 'true'
run: |
docker load < litentry-parachain-dev.tar.gz
docker push litentry/litentry-parachain
docker push litentry/litentry-chain-aio
- name: Push tee-worker image
if: needs.set-condition.outputs.rebuild_identity == 'true'
run: |
docker load < litentry-identity.tar.gz
docker push litentry/identity-worker
docker push litentry/identity-cli
- name: Push omni-executor image
if: needs.set-condition.outputs.rebuild_omni_executor == 'true'
run: |
docker load < litentry-omni.tar.gz
docker push litentry/omni-executor