Skip to content

try to not run as root? #426

try to not run as root?

try to not run as root? #426

Workflow file for this run

name: CI
on:
push:
pull_request_target:
permissions:
contents: read
packages: write
env:
DOCKER_DRIVER: overlay2
jobs:
build-image:
name: Build Image
runs-on: ubuntu-20.04
outputs:
image-tag: ${{ steps.prepare.outputs.image-tag }}
repo-name: ${{ steps.prepare.outputs.repo-name }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Prepare
id: prepare
run: |
BRANCH_NAME=$(echo "${GITHUB_REF##*/}" | tr '[:upper:]' '[:lower:]')
REPO_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
echo "image-tag=${BRANCH_NAME}" >> $GITHUB_OUTPUT
echo "repo-name=${REPO_NAME}" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action@v6
with:
context: ./contrib/containers/ci
file: ./contrib/containers/ci/Dockerfile
push: true
tags: |
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-ci-runner:${{ steps.prepare.outputs.image-tag }}
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-ci-runner:latest
cache-from: type=registry,ref=ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-ci-runner:latest
cache-to: type=inline
build-depends:
name: Build Dependencies
needs: build-image
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
include:
- build_target: arm-linux
host: arm-linux-gnueabihf
dep_opts: ""
- build_target: win64
host: x86_64-w64-mingw32
dep_opts: ""
- build_target: linux64
host: x86_64-pc-linux-gnu
dep_opts: "DEBUG=1"
- build_target: linux64_tsan
host: x86_64-pc-linux-gnu
dep_opts: ""
- build_target: linux64_ubsan
host: x86_64-pc-linux-gnu
dep_opts: ""
- build_target: linux64_fuzz
host: x86_64-pc-linux-gnu
dep_opts: ""
- build_target: linux64_cxx20
host: x86_64-pc-linux-gnu
dep_opts: ""
- build_target: linux64_sqlite
host: x86_64-pc-linux-gnu
dep_opts: ""
- build_target: linux64_nowallet
host: x86_64-pc-linux-gnu
dep_opts: "NO_WALLET=1"
- build_target: linux64_multiprocess
host: x86_64-pc-linux-gnu
dep_opts: "MULTIPROCESS=1"
- build_target: mac
host: x86_64-apple-darwin
dep_opts: ""
container:
image: ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-ci-runner:${{ needs.build-image.outputs.image-tag }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Prepare MacOS SDK
if: matrix.host == 'x86_64-apple-darwin'
run: |
mkdir -p depends/SDKs
mkdir -p depends/sdk-sources
OSX_SDK_BASENAME="Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz"
OSX_SDK_PATH="depends/sdk-sources/${OSX_SDK_BASENAME}"
if [ ! -f "$OSX_SDK_PATH" ]; then
echo "Downloading MacOS SDK"
curl --location --fail "https://bitcoincore.org/depends-sources/sdks/${OSX_SDK_BASENAME}" -o "$OSX_SDK_PATH"
fi
if [ -f "$OSX_SDK_PATH" ]; then
echo "Extracting MacOS SDK"
tar -C depends/SDKs -xf "$OSX_SDK_PATH"
fi
- name: Cache depends sources
uses: actions/cache@v4
with:
path: |
depends/sources
depends/sdk-sources
depends/SDKs
key: depends-sources-${{ hashFiles('depends/packages/*') }}
restore-keys: |
depends-sources-
- name: Cache dependencies
uses: actions/cache@v4
with:
path: |
depends/${{ matrix.host }}
depends/sdk-sources
depends/SDKs
key: ${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }}-${{ matrix.dep_opts }}
restore-keys: |
${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }}
${{ runner.os }}-depends-${{ matrix.build_target }}
- name: Build dependencies
run: make -j$(nproc) -C depends HOST=${{ matrix.host }} ${{ matrix.dep_opts }}
build:
name: Build
needs: [build-image, build-depends]
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
include:
- build_target: arm-linux
host: arm-linux-gnueabihf
- build_target: win64
host: x86_64-w64-mingw32
- build_target: linux64
host: x86_64-pc-linux-gnu
- build_target: linux64_tsan
host: x86_64-pc-linux-gnu
- build_target: linux64_ubsan
host: x86_64-pc-linux-gnu
- build_target: linux64_fuzz
host: x86_64-pc-linux-gnu
- build_target: linux64_cxx20
host: x86_64-pc-linux-gnu
- build_target: linux64_sqlite
host: x86_64-pc-linux-gnu
- build_target: linux64_nowallet
host: x86_64-pc-linux-gnu
- build_target: linux64_multiprocess
host: x86_64-pc-linux-gnu
- build_target: mac
host: x86_64-apple-darwin
container:
image: ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-ci-runner:${{ needs.build-image.outputs.image-tag }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Restore Cache dependencies
uses: actions/cache/restore@v4
with:
path: |
depends/${{ matrix.host }}
depends/sdk-sources
depends/SDKs
key: ${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }}-${{ matrix.dep_opts }}
restore-keys: |
${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }}
${{ runner.os }}-depends-${{ matrix.build_target }}
- name: Determine PR Base SHA
id: vars
run: |
echo "PR_BASE_SHA=${{ github.event.pull_request.base.sha || '' }}" >> $GITHUB_OUTPUT
- name: CCache
uses: actions/cache@v4
with:
path: |
/cache
key: ${{ runner.os }}-${{ matrix.build_target }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-${{ matrix.build_target }}-${{ github.sha }}
${{ runner.os }}-${{ matrix.build_target }}-${{ steps.vars.outputs.PR_BASE_SHA }}
${{ runner.os }}-${{ matrix.build_target }}
- name: Build source and run unit tests
run: |
git config --global --add safe.directory "$PWD"
CCACHE_SIZE="400M"
CACHE_DIR="/cache"
mkdir /output
BASE_OUTDIR="/output"
BUILD_TARGET="${{ matrix.build_target }}"
source ./ci/dash/matrix.sh
./ci/dash/build_src.sh
./ci/dash/test_unittests.sh
shell: bash
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: build-artifacts-${{ matrix.build_target }}
path: |
/output
test:
name: Test
needs: [build]
runs-on: ubuntu-20.04
strategy:
fail-fast: false
matrix:
include:
- build_target: linux64
- build_target: linux64_sqlite
- build_target: linux64_tsan
- build_target: linux64_ubsan
- build_target: linux64_multiprocess
container:
image: ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-ci-runner:${{ needs.build-image.outputs.image-tag }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
- name: Download build artifacts
uses: actions/download-artifact@v4
with:
name: build-artifacts-${{ matrix.build_target }}
path: /output
- name: Run Integration Tests
run: |
git config --global --add safe.directory "$PWD"
BUILD_TARGET="${{ matrix.build_target }}"
source ./ci/dash/matrix.sh
./ci/dash/test_integrationtests.sh --extended --exclude feature_pruning,feature_dbcrash
shell: bash
- name: Upload Test Logs
uses: actions/upload-artifact@v4
with:
name: test-logs-${{ matrix.build_target }}
path: |
testlogs