Skip to content

Problem: persist-credentials might leak github token unintentionally … #58

Problem: persist-credentials might leak github token unintentionally …

Problem: persist-credentials might leak github token unintentionally … #58

Workflow file for this run

name: nix flow
on:
pull_request:
merge_group:
push:
branches:
- master
- release/**
tags:
- "*"
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v22
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
skipPush: true
- name: lint
run: make lint-ci
test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v22
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
# github don't pass secrets for pull request from fork repos,
# in that case the push is disabled naturally.
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
- name: Run integration tests
run: make nix-integration-test
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests
- name: Tar debug files
if: failure()
run: tar cfz debug_files.tar.gz -C "$TMPDIR/pytest-of-runner" .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files
path: debug_files.tar.gz
if-no-files-found: ignore
upload-cache:
if: github.event_name == 'push'
needs: ["test"]
strategy:
matrix:
os: [macos-latest]
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v22
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
# github don't pass secrets for pull request from fork repos,
# in that case the push is disabled naturally.
signingKey: "${{ secrets.CACHIX_SIGNING_KEY }}"
- name: 'instantiate integration test env'
run: nix-store -r $(nix-instantiate integration_tests/shell.nix)
test-upgrade:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v22
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-upgrade
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_upgrade
- name: Tar debug files
if: failure()
run: tar cfz debug_files_upgrade.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_upgrade
path: debug_files_upgrade.tar.gz
if-no-files-found: ignore
test-ledger:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v18
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-ledger
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_ledger
- name: Tar debug files
if: failure()
run: tar cfz debug_files_ledger.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_ledger
path: debug_files_ledger.tar.gz
if-no-files-found: ignore
test-solomachine:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v18
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-solomachine
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_solomachine
- name: Tar debug files
if: failure()
run: tar cfz debug_files_solomachine.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_solomachine
path: debug_files_solomachine.tar.gz
if-no-files-found: ignore
test-slow:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v18
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-slow
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_slow
- name: Tar debug files
if: failure()
run: tar cfz debug_files_slow.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_slow
path: debug_files_slow.tar.gz
if-no-files-found: ignore
test-ibc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v18
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-ibc
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_ibc
- name: Tar debug files
if: failure()
run: tar cfz debug_files_ibc.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_ibc
path: debug_files_ibc.tar.gz
if-no-files-found: ignore
test-byzantine:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v18
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-byzantine
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_byzantine
- name: Tar debug files
if: failure()
run: tar cfz debug_files_byzantine.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_byzantine
path: debug_files_byzantine.tar.gz
if-no-files-found: ignore
test-gov:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v18
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-gov
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_gov
- name: Tar debug files
if: failure()
run: tar cfz debug_files_gov.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_gov
path: debug_files_gov.tar.gz
if-no-files-found: ignore
test-grpc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: cachix/install-nix-action@v18
with:
# pin to nix-2.13 to workaround compability issue of 2.14,
# see: https://github.com/cachix/install-nix-action/issues/161
install_url: https://releases.nixos.org/nix/nix-2.13.3/install
extra_nix_config: |
access-tokens = github.com=${{ secrets.GITHUB_TOKEN }}
- uses: cachix/cachix-action@v12
with:
name: crypto-com
- name: Run integration tests
run: make nix-integration-test-grpc
- name: Convert coverage data
run: |
nix develop -c go tool covdata textfmt -i=coverage -o profile.txt
- name: Upload coverage report
uses: codecov/codecov-action@v3
with:
token: ${{ secrets.CODECOV_TOKEN }}
file: ./profile.txt
flags: integration_tests_grpc
- name: Tar debug files
if: failure()
run: tar cfz debug_files_grpc.tar.gz -C /tmp/pytest-of-runner .
- uses: actions/upload-artifact@v3
if: failure()
with:
name: debug_files_grpc
path: debug_files_grpc.tar.gz
if-no-files-found: ignore