Skip to content

Fix deploy to app (#3768) #1

Fix deploy to app (#3768)

Fix deploy to app (#3768) #1

Workflow file for this run

name: Build and test
# We use `push` events so that we have the actual commit. In `pull_request`
# events we get a merge commit with main instead. The merge commit can be
# useful to check that the code would pass tests once merged, but here it just
# creates confusion and doesn't add anything since the branch must be up to
# date before merge. It's also nice to have CI running on branches without PRs.
on:
push:
workflow_dispatch:
inputs:
no_cache:
description: 'no-cache'
default: false
type: boolean
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
defaults:
run:
shell: bash -euxlo pipefail {0}
jobs:
build:
runs-on: ubuntu-latest-m
timeout-minutes: 45
env:
GH_TOKEN: ${{ github.token }}
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
- name: Skip build for testing
# Set to true and set a recent `run_id` below to reuse an existing build
# instead of building.
if: false
id: skip_build
run: |
echo "skip_build=true" >> "$GITHUB_OUTPUT"
mkdir out
# The run ID is the number at the end of a URL like this:
# https://github.com/dfinity/nns-dapp/actions/runs/5801187848
run_id=5801187848
gh run download "$run_id" --dir ./out -n out
- name: Build nns-dapp repo
if: steps.skip_build.outputs.skip_build != 'true'
uses: ./.github/actions/build_nns_dapp
with:
token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Upload nns-dapp wasm module'
uses: actions/upload-artifact@v3
with:
name: nns-dapp
path: out/nns-dapp.wasm.gz
retention-days: 3
- name: 'Upload nns-dapp test wasm module'
uses: actions/upload-artifact@v3
with:
name: nns-dapp_test
path: out/nns-dapp_test.wasm.gz
retention-days: 3
- name: 'Upload sns_aggregator wasm module'
uses: actions/upload-artifact@v3
with:
name: sns_aggregator
path: out/sns_aggregator.wasm.gz
retention-days: 3
- name: 'Upload sns_aggregator_dev wasm module'
uses: actions/upload-artifact@v3
with:
name: sns_aggregator_dev
path: out/sns_aggregator_dev.wasm.gz
retention-days: 3
- name: 'Upload whole out directory'
uses: actions/upload-artifact@v3
with:
name: out
path: out
retention-days: 3
test-playwright-e2e-shard-1-of-2:
needs: build
runs-on: ubuntu-latest-m
timeout-minutes: 30
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
- name: Run Playwright e2e test shard 1/2
uses: ./.github/actions/test-e2e
with:
shard_number: 1
shard_count: 2
test-playwright-e2e-shard-2-of-2:
needs: build
runs-on: ubuntu-latest-m
timeout-minutes: 30
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
- name: Run Playwright e2e test shard 2/2
uses: ./.github/actions/test-e2e
with:
shard_number: 2
shard_count: 2
test-downgrade-upgrade:
needs: build
runs-on: ubuntu-20.04
timeout-minutes: 40
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
- name: Get nns-dapp_test
uses: actions/download-artifact@v3
with:
name: nns-dapp_test
- name: Start snapshot environment
uses: ./.github/actions/start_dfx_snapshot
with:
nns_dapp_wasm: 'nns-dapp_test.wasm.gz'
- name: Downgrade nns-dapp to prod and upgrade back again
run: ./scripts/nns-dapp/downgrade-upgrade-test -w nns-dapp_test.wasm.gz
- name: Count upgrade cycles
run: scripts/nns-dapp/estimate-upgrade-cycles | tee -a $GITHUB_STEP_SUMMARY
test-test-account-api:
needs: build
runs-on: ubuntu-20.04
timeout-minutes: 40
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
- name: Get nns-dapp_test
uses: actions/download-artifact@v3
with:
name: nns-dapp_test
- name: Start empty nns-dapp
# As long as the snapshot environment can be installed with no accounts, we can use that.
# The snapshot action also installs idl2json and jq; commands that we will need.
uses: ./.github/actions/start_dfx_snapshot
with:
nns_dapp_wasm: 'nns-dapp_test.wasm.gz'
- name: Check that test accounts can be created and read
run: ./scripts/nns-dapp/test-account.test
test-rest:
needs: build
runs-on: ubuntu-20.04
timeout-minutes: 40
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
- name: Get nns-dapp
uses: actions/download-artifact@v3
with:
name: nns-dapp
- name: Get sns_aggregator
uses: actions/download-artifact@v3
with:
name: sns_aggregator
- name: Get sns_aggregator_dev
uses: actions/download-artifact@v3
with:
name: sns_aggregator_dev
- name: Start snapshot environment
uses: ./.github/actions/start_dfx_snapshot
with:
nns_dapp_wasm: 'nns-dapp.wasm.gz'
sns_aggregator_wasm: 'sns_aggregator_dev.wasm.gz'
- name: Add go and SNS scripts to the path
run: |
echo "$PWD/snsdemo/bin" >> $GITHUB_PATH
echo "$(go env GOPATH)/bin" >> $GITHUB_PATH
- name: Install command line HTML parser
run: |
go install github.com/ericchiang/pup@latest
pup --version
- name: Verify that arguments are set in index.html
run: |
for ((i=5; i>0; i--)); do
(
timeout 60 curl --fail --silent --retry 10 --connect-timeout 5 "http://$(dfx canister id nns-dapp).localhost:8080/" > index.html
file index.html
< index.html gunzip | pup 'head meta[name="nns-dapp-vars"] json{}' | tee nns_dapp_args_in_page.json
) || { echo "Failed. Retrying..." ; sleep 5 ; continue ; }
break
done
echo "Check a few values:"
for key in data-own-canister-id data-fetch-root-key data-identity-service-url ; do
# Verify that the key is non-trivial:
# `jq -e` returns an error code if the value is missing
# `grep ...` fails if the value is implausibly short.
key="$key" jq -re '.[0][env.key]' nns_dapp_args_in_page.json | grep -E ...
done
- name: Determine ic-wasm version
id: ic-wasm-version
run: |
echo "IC_WASM_VERSION=$(jq -r '.defaults.build.config.IC_WASM_VERSION' dfx.json)" >> "$GITHUB_OUTPUT"
echo "IC_WASM_PATH=/home/runner/.cargo/bin/ic-wasm" >> "$GITHUB_OUTPUT"
- name: Cache ic-wasm
id: cache-ic-wasm
uses: actions/cache@v3
with:
path: ${{ steps.ic-wasm-version.outputs.IC_WASM_PATH }}
key: ${{ runner.os }}-${{ steps.ic-wasm-version.outputs.IC_WASM_VERSION }}-ic-wasm
- name: Install cargo binstall
uses: ./.github/actions/install_binstall
- name: Install ic-wasm
if: steps.cache-ic-wasm.outputs.cache-hit != 'true'
run: |
cargo binstall --no-confirm "ic-wasm@${{ steps.ic-wasm-version.outputs.IC_WASM_VERSION }}"
command -v ic-wasm || {
echo "ERROR: Failed to install ic-wasm"
exit 1
}>&2
[[ "$( command -v ic-wasm )" == ${{ steps.ic-wasm-version.outputs.IC_WASM_PATH }} ]] || {
echo "ERROR: ic-wasm was installed at an unexpected location."
echo "EXPECTED: ${{ steps.ic-wasm-version.outputs.IC_WASM_PATH }}"
echo "ACTUAL: $( command -v ic-wasm )"
echo "Please align fact and expectation."
exit 1
} >&2
- name: Check that metadata is present
run: |
scripts/dfx-wasm-metadata-add.test --verbose
- name: Verify that metrics are present
run: scripts/nns-dapp/e2e-test-metrics-present
- name: Release
run: |
for tag in $(git tag --points-at HEAD) ; do
: Creates or updates a release for the tag
if gh release view "$tag"
then gh release upload --repo dfinity/nns-dapp --clobber "$tag" nns-dapp.wasm.gz || true
else gh release create --title "Release for tags/$tag" --draft --notes "Build artefacts from tag: $tag" "$tag" nns-dapp.wasm.gz
fi
: If the tag is for a proposal or nightly, make it public
[[ "$tag" != proposal-* ]] && [[ "$tag" != nightly-* ]] || { echo "Making release public" ; gh release edit "$tag" --draft=false ; }
done
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get the postinstall instruction count
run: |
dfx canister install --upgrade-unchanged nns-dapp --wasm nns-dapp.wasm.gz --mode upgrade --argument "$(cat nns-dapp-arg-local.did)" --yes
postinstall_instructions="$(scripts/backend/get_upgrade_instructions)"
echo "Installation consumed ${postinstall_instructions} instructions."
echo "Cycles consumed are instructions * some factor that depends on subnet. There is no guarantee that that formula will not change."
- name: Stop replica
run: dfx stop
network_independent_wasm:
name: "Same wasms for mainnet and local"
# Note: The dockerfile structure SHOULD guarantee that the network is not used in any Wasm build commands.
# As long as that holds, this test is not needed.
needs: build
runs-on: ubuntu-latest-m
timeout-minutes: 45
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Check dockerfile for changes
id: dockerfile_changed
run: |
common_parent_commit="$(git merge-base HEAD origin/main)"
if git diff "$common_parent_commit" Dockerfile | grep -q .
then echo "dockerfile_changed=true" >> "$GITHUB_OUTPUT"
fi
- name: Set up docker buildx
if: steps.dockerfile_changed.outputs.dockerfile_changed == 'true'
uses: docker/setup-buildx-action@v2
- name: Create a blank global config
run: echo "{}" > global-config.json
- name: Build wasms
if: steps.dockerfile_changed.outputs.dockerfile_changed == 'true'
uses: docker/build-push-action@v3
with:
context: .
file: Dockerfile
build-args: |
DFX_NETWORK=local
COMMIT=${{ github.sha }}
cache-from: type=gha,scope=cached-stage
# Exports the artefacts from the final stage
outputs: ./out-mainnet
- name: Get nns-dapp
if: steps.dockerfile_changed.outputs.dockerfile_changed == 'true'
uses: actions/download-artifact@v3
with:
name: nns-dapp
path: out-local
- name: Get sns_aggregator
if: steps.dockerfile_changed.outputs.dockerfile_changed == 'true'
uses: actions/download-artifact@v3
with:
name: sns_aggregator
path: out-local
- name: Get sns_aggregator_dev
if: steps.dockerfile_changed.outputs.dockerfile_changed == 'true'
uses: actions/download-artifact@v3
with:
name: sns_aggregator_dev
path: out-local
- name: Compare wasms
if: steps.dockerfile_changed.outputs.dockerfile_changed == 'true'
run: |
set -x
ls -l
artefacts="sns_aggregator_dev.wasm.gz sns_aggregator.wasm.gz nns-dapp.wasm.gz"
networks=(mainnet local)
for network in "${networks[@]}" ; do
ls -l "out-$network"
(cd "out-$network" && sha256sum ${artefacts[@]} ; ) > "${network}_hashes.txt"
done
diff local_hashes.txt mainnet_hashes.txt || {
echo "ERROR: wasm hashes differ between mainnet and local."
}
aggregator_test:
needs: build
runs-on: ubuntu-20.04
timeout-minutes: 60
steps:
- name: Checkout nns-dapp
uses: actions/checkout@v3
- name: Get sns_aggregator_dev
uses: actions/download-artifact@v3
with:
name: sns_aggregator_dev
- name: Start snapshot environment
uses: ./.github/actions/start_dfx_snapshot
with:
sns_aggregator_wasm: 'sns_aggregator_dev.wasm.gz'
- name: Get the earliest data from the sns aggregator
run: |
AGGREGATOR_CANISTER_ID="$(dfx canister id sns_aggregator)"
# Wait for the aggregator to be up:
for (( try=300; try>0; try-- )); do
if curl -Lf "http://${AGGREGATOR_CANISTER_ID}.localhost:8080/v1/sns/list/latest/slow.json" | tee aggregate-1.json; then
break
fi
sleep 2
done
expect=10
actual="$(jq length aggregate-1.json)"
# Later we expect 10 SNSs. Make sure that when we do, it's because we
# actually collected the data and it wasn't preloaded from the
# snapshot.
(( actual < expect )) || {
echo ERROR: Should not yet have $expected SNS before collecting.
scripts/sns/aggregator/get_log
}
- name: Verify that configuration is as provided
run: scripts/sns/aggregator/test-config
- name: Make the aggregator collect data quickly
run: dfx canister call sns_aggregator reconfigure '(opt record { update_interval_ms = 100; fast_interval_ms = 1_000_000_000; })'
- name: Wait for the aggregator to get data
run: sleep 120
# sleep time > 12 SNS & 2 block heights each + a few extra calls.
# TODO: The aggregator can be installed and populated in the saved state, so this sleep is not needed.
- name: Get the latest data from the sns aggregator
run: |
AGGREGATOR_CANISTER_ID="$(dfx canister id sns_aggregator)"
curl -Lf "http://${AGGREGATOR_CANISTER_ID}.localhost:8080/v1/sns/list/latest/slow.json" | tee aggregate-1.json
expect=10
actual="$(jq length aggregate-1.json)"
(( expect == actual )) || {
echo ERROR: Expected to have $expect SNS in the aggregator but found $actual.
scripts/sns/aggregator/get_log
}
- name: Test the paginated endpoint
run: scripts/sns/aggregator/test-pagination --num 12
- name: Get logs
run: |
scripts/sns/aggregator/get_log > ,logs
LOG_LINES="$(wc -l <,logs)"
(( LOG_LINES > 10 )) || {
echo "ERROR: Expected a non-trivial number of lines to have been logged by now but found only ${LOG_LINES}"
cat ,logs
exit 1
}
- name: Upgrade the aggregator to self with a slow refresh rate
run: dfx canister install --mode upgrade --wasm sns_aggregator_dev.wasm.gz --upgrade-unchanged sns_aggregator '(opt record { update_interval_ms = 1_000_000_000; fast_interval_ms = 1_000_000_000; })' --yes
- name: Expect the paginated data to be retained over the upgrade
run: scripts/sns/aggregator/test-pagination --num 12
- name: Expect the latest data to be retained over the upgrade
run: |
AGGREGATOR_CANISTER_ID="$(dfx canister id sns_aggregator)"
curl -Lf "http://${AGGREGATOR_CANISTER_ID}.localhost:8080/v1/sns/list/latest/slow.json" | tee aggregate-1.json
expect=10
actual="$(jq length aggregate-1.json)"
(( expect == actual )) || {
echo ERROR: Expected to have $expect SNS in the aggregator but found $actual.
}
- name: Expect the upstream data to be retained over the upgrade
run: |
./scripts/sns/aggregator/get_stable_data
expect=12
actual="$(jq '.sns_cache.upstream_data | length' stable_data.json)"
(( expect == actual )) || {
echo ERROR: Expected to have $expect SNS in the aggregator upstream data but found $actual.
}
- name: Downgrade sns_aggregator to prod and upgrade back again
run: |
set -euxo pipefail
git fetch --depth 1 origin tag aggregator-prod
diff="$(git diff tags/aggregator-prod rs/sns_aggregator .github/workflows/build.yml)"
if test -n "${diff:-}"
then ./scripts/sns/aggregator/downgrade-upgrade-test -w sns_aggregator_dev.wasm.gz --verbose
else echo "Skipping test as there are no relevant code changes"
fi
- name: Verify that fast data is updated fast
run: |
pushd snsdemo
# Install tools such as quill
bin/dfx-sns-demo-install
# Set canister IDs
bin/dfx-nns-import --network local
popd
scripts/sns/aggregator/test-fast
- name: Stop replica
run: dfx stop
assets:
name: "Upload assets"
needs: build
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Get docker build outputs
uses: actions/download-artifact@v3
with:
name: out
path: out
- name: Print the hash of all assets
run: find out -type f | xargs sha256sum
- name: 'Record the git commit and any tags'
run: git log | head -n1 > out/commit.txt
- name: 'Upload ${{ matrix.BUILD_NAME }} nns-dapp wasm module'
uses: actions/upload-artifact@v3
with:
name: nns-dapp for ${{ matrix.BUILD_NAME }}
path: |
out/commit.txt
out/nns-dapp.wasm.gz
out/nns-dapp-arg-${{ matrix.DFX_NETWORK }}.did
out/nns-dapp-arg-${{ matrix.DFX_NETWORK }}.bin
out/frontend-config.sh
out/deployment-config.json
- name: 'Upload sns_aggregator wasm module'
uses: actions/upload-artifact@v3
with:
name: sns_aggregator for ${{ matrix.BUILD_NAME }}
path: |
out/sns_aggregator.wasm.gz
out/sns_aggregator_dev.wasm.gz
- name: Release
uses: ./.github/actions/release_nns_dapp
with:
assets_dir: 'out'
token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Upload frontend assets'
uses: actions/upload-artifact@v3
with:
name: NNS frontend assets
path: |
out/assets.tar.xz
out/sourcemaps.tar.xz
- name: "Link the build sha to this commit"
run: |
: Set up git
git config user.name "GitHub Actions Bot"
git config user.email "<>"
: Make a note of the WASM shasum.
NOTE="refs/notes/mainnet/wasm-sha"
SHA="$(sha256sum < "out/nns-dapp.wasm.gz")"
git fetch origin "+${NOTE}:${NOTE}"
if git notes --ref="wasm-sha" add -m "$SHA"
then git push origin "${NOTE}:${NOTE}" || true
else echo SHA already set
fi
- name: "Verify that the WASM module is small enough to deploy"
run: |
wasm_size="$(wc -c < "out/nns-dapp.wasm.gz")"
max_size=3145728
(
echo "## NNS Dapp WASM stats"
humreadable_size="$(numfmt --to=iec-i --suffix=B --format="%.3f" $wasm_size)"
humreadable_max="$(numfmt --to=iec-i --suffix=B --format="%.3f" $max_size )"
humreadable_ratio="$(( (wasm_size * 100) / max_size ))%"
humreadable_free="$(numfmt --to=iec-i --suffix=B --format="%.3f" $(( max_size - wasm_size )))"
echo "**WASM size:** $humreadable_size / $humreadable_max = $humreadable_ratio ($humreadable_free free)"
) | tee -a $GITHUB_STEP_SUMMARY
(( wasm_size <= max_size )) || { echo "The WASM is too large" ; exit 1 ; }
build-pass:
needs: ["build", "test-playwright-e2e-shard-1-of-2", "test-playwright-e2e-shard-2-of-2", "test-rest", "network_independent_wasm", "aggregator_test", "assets", "test-downgrade-upgrade", "test-test-account-api"]
if: ${{ always() }}
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: ./.github/actions/needs_success
with:
needs: '${{ toJson(needs) }}'