feat(sns): Data migration that retrofits Swap.{direct_participation_i… #14379
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI Main | |
on: | |
merge_group: | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
push: | |
branches: | |
- master | |
- 'dev-gh-*' | |
pull_request: | |
branches-ignore: | |
- hotfix-* # This is to ensure that this workflow is not triggered twice on ic-private, as it's already triggered from release-testing | |
# Used as reusable workflow within release-testing workflow | |
workflow_call: | |
# runs for the same workflow are cancelled on PRs but not on master | |
# explanation: on push to master head_ref is not set, so we want it to fall back to run_id so it is not cancelled | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
permissions: read-all | |
env: | |
CI_COMMIT_SHA: ${{ github.sha }} | |
CI_JOB_NAME: ${{ github.job }} | |
CI_JOB_URL: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
CI_PIPELINE_SOURCE: ${{ github.event_name }} | |
CI_PROJECT_DIR: ${{ github.workspace }} | |
BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
CI_RUN_ID: ${{ github.run_id }} | |
RUSTFLAGS: "--remap-path-prefix=${CI_PROJECT_DIR}=/ic" | |
BUILDEVENT_DATASET: "github-ci-dfinity" | |
jobs: | |
bazel-test-all: | |
name: Bazel Test All | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
runs-on: | |
group: zh1 | |
labels: dind-large | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Before script | |
id: before-script | |
shell: bash | |
run: | | |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME" | |
- name: Login to Dockerhub | |
shell: bash | |
run: ./ci/scripts/docker-login.sh | |
env: | |
DOCKER_HUB_USER: ${{ vars.DOCKER_HUB_USER }} | |
DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }} | |
- name: Set BAZEL_EXTRA_ARGS | |
shell: bash | |
run: | | |
set -xeuo pipefail | |
if [[ "${{ github.event_name }}" == 'merge_group' ]]; then | |
echo "BAZEL_EXTRA_ARGS=--test_timeout_filters=short,moderate --flaky_test_attempts=3" >> $GITHUB_ENV | |
elif [[ $BRANCH_NAME =~ ^hotfix-.* ]]; then | |
echo "BAZEL_EXTRA_ARGS=--test_timeout_filters=short,moderate" >> $GITHUB_ENV | |
else | |
echo "BAZEL_EXTRA_ARGS=--keep_going" >> $GITHUB_ENV | |
fi | |
- name: Run Bazel Test All | |
id: bazel-test-all | |
uses: ./.github/actions/bazel-test-all/ | |
env: | |
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }} | |
# Only run ci/bazel-scripts/diff.sh on PRs that are not labeled with "CI_ALL_BAZEL_TARGETS". | |
RUN_ON_DIFF_ONLY: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'CI_ALL_BAZEL_TARGETS') }} | |
OVERRIDE_DIDC_CHECK: ${{ contains(github.event.pull_request.labels.*.name, 'CI_OVERRIDE_DIDC_CHECK') }} | |
with: | |
BAZEL_COMMAND: "test" | |
BAZEL_TARGETS: "//..." | |
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel" | |
# check if PR title contains release and set timeout filters accordingly | |
BAZEL_EXTRA_ARGS: ${{ env.BAZEL_EXTRA_ARGS }} | |
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
- name: Upload bazel-bep | |
# runs only if previous step succeeded or failed; | |
# we avoid collecting artifacts of jobs that were cancelled | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ github.job }}-bep | |
retention-days: 14 | |
if-no-files-found: ignore | |
compression-level: 9 | |
path: | | |
bazel-bep.pb | |
profile.json | |
- name: Upload bazel-targets | |
uses: actions/upload-artifact@v4 | |
with: | |
name: bazel-targets | |
retention-days: 14 | |
if-no-files-found: error | |
path: | | |
bazel-targets | |
bazel-build-all-config-check: | |
runs-on: | |
labels: dind-large | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
name: Bazel Build All Config Check | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Before script | |
id: before-script | |
shell: bash | |
run: | | |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME" | |
- name: Login to Dockerhub | |
shell: bash | |
run: ./ci/scripts/docker-login.sh | |
env: | |
DOCKER_HUB_USER: ${{ vars.DOCKER_HUB_USER }} | |
DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }} | |
- name: Run bazel build --config=check //rs/... | |
id: bazel-build-config-check | |
uses: ./.github/actions/bazel-test-all/ | |
with: | |
BAZEL_COMMAND: "build" | |
BAZEL_TARGETS: "//rs/..." | |
BAZEL_CI_CONFIG: "--config=check --config=ci --keep_going" | |
- name: Upload bazel-bep | |
# runs only if previous step succeeded or failed; | |
# we avoid collecting artifacts of jobs that were cancelled | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ github.job }}-bep | |
retention-days: 14 | |
if-no-files-found: ignore | |
compression-level: 9 | |
path: | | |
bazel-bep.pb | |
profile.json | |
bazel-test-macos-intel: | |
name: Bazel Test macOS Intel | |
timeout-minutes: 130 | |
runs-on: | |
labels: macOS | |
# Run on protected branches, but only on public repo | |
if: ${{ github.ref_protected && github.repository == 'dfinity/ic' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Set PATH | |
run: | | |
echo "/usr/local/bin" >> $GITHUB_PATH | |
echo "$HOME/.cargo/bin:" >> $GITHUB_PATH | |
- name: Login to Dockerhub | |
shell: bash | |
run: ./ci/scripts/docker-login.sh | |
env: | |
DOCKER_HUB_USER: ${{ vars.DOCKER_HUB_USER }} | |
DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }} | |
- name: Run Bazel Test Darwin x86-64 | |
id: bazel-test-darwin-x86-64 | |
uses: ./.github/actions/bazel-test-all/ | |
env: | |
AWS_SHARED_CREDENTIALS_CONTENT: ${{ secrets.AWS_SHARED_CREDENTIALS_FILE }} | |
with: | |
BAZEL_CI_CONFIG: "--config=ci --config macos_ci" | |
BAZEL_COMMAND: test | |
BAZEL_EXTRA_ARGS: '--test_tag_filters=test_macos' | |
BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output/${CI_RUN_ID}" | |
BAZEL_TARGETS: "//rs/... //publish/binaries/..." | |
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
- name: Upload bazel-bep | |
# runs only if previous step succeeded or failed; | |
# we avoid collecting artifacts of jobs that were cancelled | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ github.job }}-bep | |
retention-days: 14 | |
if-no-files-found: ignore | |
compression-level: 9 | |
path: | | |
bazel-bep.pb | |
profile.json | |
- name: Purge Bazel Output | |
if: always() | |
shell: bash | |
run: | | |
sudo rm -rf /private/var/tmp/bazel-output | |
bazel-build-fuzzers: | |
name: Bazel Build Fuzzers | |
runs-on: | |
labels: dind-large | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Before script | |
id: before-script | |
shell: bash | |
run: | | |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME" | |
- name: Run Bazel Build Fuzzers | |
id: bazel-build-fuzzers | |
uses: ./.github/actions/bazel-test-all/ | |
with: | |
BAZEL_COMMAND: "build" | |
BAZEL_TARGETS: "//rs/..." | |
BAZEL_EXTRA_ARGS: "--keep_going --config=fuzzing --build_tag_filters=libfuzzer" | |
BUILDEVENT_APIKEY: ${{ secrets. HONEYCOMB_API_TOKEN }} | |
- name: Upload bazel-bep | |
# runs only if previous step succeeded or failed; | |
# we avoid collecting artifacts of jobs that were cancelled | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ github.job }}-bep | |
retention-days: 14 | |
if-no-files-found: ignore | |
compression-level: 9 | |
path: | | |
bazel-bep.pb | |
profile.json | |
bazel-build-fuzzers-afl: | |
name: Bazel Build Fuzzers AFL | |
runs-on: | |
labels: dind-large | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Before script | |
id: before-script | |
shell: bash | |
run: | | |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME" | |
- name: Run Bazel Build Fuzzers AFL | |
id: bazel-build-fuzzers-afl | |
uses: ./.github/actions/bazel-test-all/ | |
with: | |
BAZEL_COMMAND: "build" | |
BAZEL_TARGETS: "//rs/..." | |
BAZEL_EXTRA_ARGS: "--keep_going --config=afl" | |
BUILDEVENT_APIKEY: ${{ secrets. HONEYCOMB_API_TOKEN }} | |
- name: Upload bazel-bep | |
# runs only if previous step succeeded or failed; | |
# we avoid collecting artifacts of jobs that were cancelled | |
if: success() || failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ github.job }}-bep | |
retention-days: 14 | |
if-no-files-found: ignore | |
compression-level: 9 | |
path: | | |
bazel-bep.pb | |
profile.json | |
python-ci-tests: | |
name: Python CI Tests | |
runs-on: | |
labels: dind-small | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
timeout-minutes: 30 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Set up Python | |
uses: actions/setup-python@v5 | |
with: | |
python-version: '3.12' | |
- name: Run Python CI Tests | |
id: python-ci-tests | |
shell: bash | |
run: | | |
set -xeuo pipefail | |
export PYTHONPATH=$PWD/ci/src:$PWD/ci/src/dependencies | |
pip3 install --ignore-installed -r requirements.txt | |
cd ci/src | |
pytest -m "not fails_on_merge_train" -v -o junit_family=xunit1 \ | |
--junitxml=../../test_report.xml --cov=. --cov-report=term \ | |
--cov-report=term-missing --cov-report=html --cov-branch | |
env: | |
CI_COMMIT_REF_PROTECTED: ${{ github.ref_protected }} | |
CI_DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} | |
REPO_NAME: ${{ github.repository }} | |
build-ic: | |
name: Build IC | |
runs-on: | |
labels: dind-large | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
if: ${{ github.event_name != 'merge_group' }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Before script | |
id: before-script | |
shell: bash | |
run: | | |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME" | |
- name: Login to Dockerhub | |
shell: bash | |
run: ./ci/scripts/docker-login.sh | |
env: | |
DOCKER_HUB_USER: ${{ vars.DOCKER_HUB_USER }} | |
DOCKER_HUB_PASSWORD_RO: ${{ secrets.DOCKER_HUB_PASSWORD_RO }} | |
- name: Run Build IC | |
id: build-ic | |
shell: bash | |
run: | | |
set -eExuo pipefail | |
REPO_NAME="${GITHUB_REPOSITORY##*/}" | |
rm -rf "/cache/job/${CI_JOB_NAME}/${CI_RUN_ID}" | |
mkdir -p "/cache/job/${CI_JOB_NAME}/${CI_RUN_ID}/artifacts" | |
ln -s "/cache/job/${CI_JOB_NAME}/${CI_RUN_ID}/artifacts" /__w/$REPO_NAME/$REPO_NAME/artifacts | |
buildevents cmd "$CI_RUN_ID" "$CI_JOB_NAME" build-command -- \ | |
"$CI_PROJECT_DIR"/ci/scripts/run-build-ic.sh | |
rm -rf "/cache/job/${CI_JOB_NAME}/${CI_RUN_ID}" | |
env: | |
BAZEL_COMMAND: "build" | |
RUN_ON_DIFF_ONLY: ${{ github.event_name == 'pull_request' && !contains(github.event.pull_request.labels.*.name, 'CI_ALL_BAZEL_TARGETS') }} | |
MERGE_BASE_SHA: ${{ github.event.pull_request.base.sha }} | |
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_API_TOKEN }} | |
BRANCH_HEAD_SHA: ${{ github.event.pull_request.head.sha }} | |
- name: Upload build-ic.tar | |
uses: actions/upload-artifact@v4 | |
with: | |
name: build-ic | |
retention-days: 1 | |
if-no-files-found: error | |
path: | | |
build-ic.tar | |
build-determinism: | |
name: Build Determinism | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
needs: [build-ic, bazel-test-all] | |
strategy: | |
matrix: | |
include: | |
- TARGET: "//publish/binaries:upload" | |
PATH0: "release" | |
PATH1: "build-ic/release" | |
SETUPOS_FLAG: "false" | |
- TARGET: "//publish/canisters:upload" | |
PATH0: "canisters" | |
PATH1: "build-ic/canisters" | |
SETUPOS_FLAG: "false" | |
- TARGET: "//ic-os/guestos/envs/prod:upload_disk-img" | |
PATH0: "guest-os/update-img" | |
PATH1: "build-ic/icos/guestos" | |
SETUPOS_FLAG: "false" | |
- TARGET: "//ic-os/hostos/envs/prod:upload_update-img" | |
PATH0: "host-os/update-img" | |
PATH1: "build-ic/icos/hostos" | |
SETUPOS_FLAG: "false" | |
- TARGET: "//ic-os/setupos/envs/prod:upload_disk-img" | |
PATH0: "setup-os/disk-img" | |
PATH1: "build-ic/icos/setupos" | |
SETUPOS_FLAG: "true" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Download bazel-targets [bazel-test-all] | |
uses: actions/download-artifact@v4 | |
with: | |
name: bazel-targets | |
- name: Download build-ic.tar [build-ic] | |
uses: actions/download-artifact@v4 | |
with: | |
name: build-ic | |
- name: Build Determinism Test | |
id: build-determinism | |
shell: bash | |
run: | | |
set -eExuo pipefail | |
sudo apt update && sudo apt install -y curl | |
"$CI_PROJECT_DIR"/ci/scripts/build-determinism.sh | |
env: | |
TARGET: ${{ matrix.TARGET }} | |
PATH0: ${{ matrix.PATH0 }} | |
PATH1: ${{ matrix.PATH1 }} | |
SETUPOS_FLAG: ${{ matrix.SETUPOS_FLAG }} | |
cargo-clippy-linux: | |
name: Cargo Clippy Linux | |
runs-on: | |
labels: dind-large | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Filter Rust Files [*.{rs,toml,lock}] | |
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 | |
id: filter | |
if: | | |
github.event_name == 'pull_request' || | |
github.event_name == 'merge_group' | |
with: | |
filters: | | |
cargo: | |
- "**/*.rs" | |
- "**/*.toml" | |
- "**/*.lock" | |
- name: Run Cargo Clippy Linux | |
id: cargo-clippy-linux | |
if: | | |
steps.filter.outputs.cargo == 'true' || | |
github.event_name == 'schedule' || | |
github.event_name == 'workflow_dispatch' | |
shell: bash | |
env: | |
BUILDEVENT_APIKEY: ${{ secrets. HONEYCOMB_API_TOKEN }} | |
run: | | |
set -eExuo pipefail | |
buildevents cmd "$CI_RUN_ID" "$CI_JOB_NAME" build-command -- \ | |
"$CI_PROJECT_DIR"/ci/scripts/rust-lint.sh | |
cargo-build-release-linux: | |
name: Cargo Build Release Linux | |
runs-on: | |
labels: dind-large | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Filter Rust Files [*.{rs,toml,lock}] | |
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3 | |
id: filter | |
if: | | |
github.event_name == 'pull_request' || | |
github.event_name == 'merge_group' | |
with: | |
filters: | | |
cargo: | |
- "**/*.rs" | |
- "**/*.toml" | |
- "**/*.lock" | |
- name: Run Cargo Build Release Linux | |
id: cargo-build-release-linux | |
if: | | |
steps.filter.outputs.cargo == 'true' || | |
github.event_name == 'schedule' || | |
github.event_name == 'workflow_dispatch' | |
shell: bash | |
env: | |
BUILDEVENT_APIKEY: ${{ secrets. HONEYCOMB_API_TOKEN }} | |
run: | | |
set -eExuo pipefail | |
buildevents cmd "$CI_RUN_ID" "$CI_JOB_NAME" build-command -- \ | |
cargo build --release --locked | |
# CI job is also executed in Schedule Hourly | |
bazel-test-coverage: | |
name: Bazel Test Coverage | |
runs-on: | |
labels: dind-large | |
container: | |
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041 | |
options: >- | |
-e NODE_NAME --privileged --cgroupns host -v /cache:/cache -v /var/sysimage:/var/sysimage -v /var/tmp:/var/tmp -v /ceph-s3-info:/ceph-s3-info | |
timeout-minutes: 90 | |
if: | | |
github.event_name == 'pull_request' && | |
contains(github.event.pull_request.labels.*.name, 'CI_COVERAGE') | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: ${{ github.event_name == 'pull_request' && 256 || 0 }} | |
- name: Before script | |
id: before-script | |
shell: bash | |
run: | | |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME" | |
- name: Run Bazel Test Coverage | |
shell: bash | |
run: | | |
./ci/scripts/bazel-coverage.sh | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |