try to not run as root? #426
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
pull_request_target: | |
permissions: | |
contents: read | |
packages: write | |
env: | |
DOCKER_DRIVER: overlay2 | |
jobs: | |
build-image: | |
name: Build Image | |
runs-on: ubuntu-20.04 | |
outputs: | |
image-tag: ${{ steps.prepare.outputs.image-tag }} | |
repo-name: ${{ steps.prepare.outputs.repo-name }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Prepare | |
id: prepare | |
run: | | |
BRANCH_NAME=$(echo "${GITHUB_REF##*/}" | tr '[:upper:]' '[:lower:]') | |
REPO_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]') | |
echo "image-tag=${BRANCH_NAME}" >> $GITHUB_OUTPUT | |
echo "repo-name=${REPO_NAME}" >> $GITHUB_OUTPUT | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v6 | |
with: | |
context: ./contrib/containers/ci | |
file: ./contrib/containers/ci/Dockerfile | |
push: true | |
tags: | | |
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-ci-runner:${{ steps.prepare.outputs.image-tag }} | |
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-ci-runner:latest | |
cache-from: type=registry,ref=ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-ci-runner:latest | |
cache-to: type=inline | |
build-depends: | |
name: Build Dependencies | |
needs: build-image | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- build_target: arm-linux | |
host: arm-linux-gnueabihf | |
dep_opts: "" | |
- build_target: win64 | |
host: x86_64-w64-mingw32 | |
dep_opts: "" | |
- build_target: linux64 | |
host: x86_64-pc-linux-gnu | |
dep_opts: "DEBUG=1" | |
- build_target: linux64_tsan | |
host: x86_64-pc-linux-gnu | |
dep_opts: "" | |
- build_target: linux64_ubsan | |
host: x86_64-pc-linux-gnu | |
dep_opts: "" | |
- build_target: linux64_fuzz | |
host: x86_64-pc-linux-gnu | |
dep_opts: "" | |
- build_target: linux64_cxx20 | |
host: x86_64-pc-linux-gnu | |
dep_opts: "" | |
- build_target: linux64_sqlite | |
host: x86_64-pc-linux-gnu | |
dep_opts: "" | |
- build_target: linux64_nowallet | |
host: x86_64-pc-linux-gnu | |
dep_opts: "NO_WALLET=1" | |
- build_target: linux64_multiprocess | |
host: x86_64-pc-linux-gnu | |
dep_opts: "MULTIPROCESS=1" | |
- build_target: mac | |
host: x86_64-apple-darwin | |
dep_opts: "" | |
container: | |
image: ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-ci-runner:${{ needs.build-image.outputs.image-tag }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Prepare MacOS SDK | |
if: matrix.host == 'x86_64-apple-darwin' | |
run: | | |
mkdir -p depends/SDKs | |
mkdir -p depends/sdk-sources | |
OSX_SDK_BASENAME="Xcode-12.2-12B45b-extracted-SDK-with-libcxx-headers.tar.gz" | |
OSX_SDK_PATH="depends/sdk-sources/${OSX_SDK_BASENAME}" | |
if [ ! -f "$OSX_SDK_PATH" ]; then | |
echo "Downloading MacOS SDK" | |
curl --location --fail "https://bitcoincore.org/depends-sources/sdks/${OSX_SDK_BASENAME}" -o "$OSX_SDK_PATH" | |
fi | |
if [ -f "$OSX_SDK_PATH" ]; then | |
echo "Extracting MacOS SDK" | |
tar -C depends/SDKs -xf "$OSX_SDK_PATH" | |
fi | |
- name: Cache depends sources | |
uses: actions/cache@v4 | |
with: | |
path: | | |
depends/sources | |
depends/sdk-sources | |
depends/SDKs | |
key: depends-sources-${{ hashFiles('depends/packages/*') }} | |
restore-keys: | | |
depends-sources- | |
- name: Cache dependencies | |
uses: actions/cache@v4 | |
with: | |
path: | | |
depends/${{ matrix.host }} | |
depends/sdk-sources | |
depends/SDKs | |
key: ${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }}-${{ matrix.dep_opts }} | |
restore-keys: | | |
${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }} | |
${{ runner.os }}-depends-${{ matrix.build_target }} | |
- name: Build dependencies | |
run: make -j$(nproc) -C depends HOST=${{ matrix.host }} ${{ matrix.dep_opts }} | |
build: | |
name: Build | |
needs: [build-image, build-depends] | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- build_target: arm-linux | |
host: arm-linux-gnueabihf | |
- build_target: win64 | |
host: x86_64-w64-mingw32 | |
- build_target: linux64 | |
host: x86_64-pc-linux-gnu | |
- build_target: linux64_tsan | |
host: x86_64-pc-linux-gnu | |
- build_target: linux64_ubsan | |
host: x86_64-pc-linux-gnu | |
- build_target: linux64_fuzz | |
host: x86_64-pc-linux-gnu | |
- build_target: linux64_cxx20 | |
host: x86_64-pc-linux-gnu | |
- build_target: linux64_sqlite | |
host: x86_64-pc-linux-gnu | |
- build_target: linux64_nowallet | |
host: x86_64-pc-linux-gnu | |
- build_target: linux64_multiprocess | |
host: x86_64-pc-linux-gnu | |
- build_target: mac | |
host: x86_64-apple-darwin | |
container: | |
image: ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-ci-runner:${{ needs.build-image.outputs.image-tag }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Restore Cache dependencies | |
uses: actions/cache/restore@v4 | |
with: | |
path: | | |
depends/${{ matrix.host }} | |
depends/sdk-sources | |
depends/SDKs | |
key: ${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }}-${{ matrix.dep_opts }} | |
restore-keys: | | |
${{ runner.os }}-depends-${{ matrix.build_target }}-${{ hashFiles('depends/packages/*') }} | |
${{ runner.os }}-depends-${{ matrix.build_target }} | |
- name: Determine PR Base SHA | |
id: vars | |
run: | | |
echo "PR_BASE_SHA=${{ github.event.pull_request.base.sha || '' }}" >> $GITHUB_OUTPUT | |
- name: CCache | |
uses: actions/cache@v4 | |
with: | |
path: | | |
/cache | |
key: ${{ runner.os }}-${{ matrix.build_target }}-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ matrix.build_target }}-${{ github.sha }} | |
${{ runner.os }}-${{ matrix.build_target }}-${{ steps.vars.outputs.PR_BASE_SHA }} | |
${{ runner.os }}-${{ matrix.build_target }} | |
- name: Build source and run unit tests | |
run: | | |
git config --global --add safe.directory "$PWD" | |
CCACHE_SIZE="400M" | |
CACHE_DIR="/cache" | |
mkdir /output | |
BASE_OUTDIR="/output" | |
BUILD_TARGET="${{ matrix.build_target }}" | |
source ./ci/dash/matrix.sh | |
./ci/dash/build_src.sh | |
./ci/dash/test_unittests.sh | |
shell: bash | |
- name: Upload build artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-artifacts-${{ matrix.build_target }} | |
path: | | |
/output | |
test: | |
name: Test | |
needs: [build] | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- build_target: linux64 | |
- build_target: linux64_sqlite | |
- build_target: linux64_tsan | |
- build_target: linux64_ubsan | |
- build_target: linux64_multiprocess | |
container: | |
image: ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-ci-runner:${{ needs.build-image.outputs.image-tag }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Download build artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-artifacts-${{ matrix.build_target }} | |
path: /output | |
- name: Run Integration Tests | |
run: | | |
git config --global --add safe.directory "$PWD" | |
BUILD_TARGET="${{ matrix.build_target }}" | |
source ./ci/dash/matrix.sh | |
./ci/dash/test_integrationtests.sh --extended --exclude feature_pruning,feature_dbcrash | |
shell: bash | |
- name: Upload Test Logs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: test-logs-${{ matrix.build_target }} | |
path: | | |
testlogs |