From 97284bfff2f9d8bc469b6e2809b0fb7587d0aef4 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Mon, 26 Aug 2024 09:06:43 -0400 Subject: [PATCH 01/11] update e2e image tag for devnet --- .github/workflows/e2e-docker-build-push.yml | 2 +- .github/workflows/tangle-e2e-docker-build-push.yml | 4 ++-- Dockerfile_tangle_standalone_e2e | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/e2e-docker-build-push.yml b/.github/workflows/e2e-docker-build-push.yml index bb58ca8..e053c54 100644 --- a/.github/workflows/e2e-docker-build-push.yml +++ b/.github/workflows/e2e-docker-build-push.yml @@ -1,7 +1,7 @@ # The Licensed Work is (c) 2022 Sygma # SPDX-License-Identifier: LGPL-3.0-only -name: Build and publish E2E Docker image +name: Build and publish E2E Docker image with Sygma standalone chain node on: push: diff --git a/.github/workflows/tangle-e2e-docker-build-push.yml b/.github/workflows/tangle-e2e-docker-build-push.yml index 53065f0..1565937 100644 --- a/.github/workflows/tangle-e2e-docker-build-push.yml +++ b/.github/workflows/tangle-e2e-docker-build-push.yml @@ -31,7 +31,7 @@ jobs: COMMIT_HASH=$(echo $GITHUB_SHA | head -c7) # creates local variable to hold docker images - TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${COMMIT_HASH},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:e2e-latest" + TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${COMMIT_HASH},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:e2e-tangle-latest" # check if branch/tag that triggered workflow was from tags if [[ $GITHUB_REF == refs/tags/* ]]; then @@ -40,7 +40,7 @@ jobs: VERSION=${GITHUB_REF#refs/tags/} # append version and e2e testing name to tags - TAGS="${TAGS},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:e2e-${VERSION}" + TAGS="${TAGS},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:e2e-tangle-${VERSION}" fi diff --git a/Dockerfile_tangle_standalone_e2e b/Dockerfile_tangle_standalone_e2e index b491845..e264be7 100644 --- a/Dockerfile_tangle_standalone_e2e +++ b/Dockerfile_tangle_standalone_e2e @@ -10,7 +10,7 @@ COPY ./scripts/tangle . # build RUN git clone https://github.com/webb-tools/tangle.git ./tangle WORKDIR /code/tangle -RUN git checkout sygma/polkadot-version-upgrade +RUN git checkout main RUN cargo build --release --features testnet FROM --platform=linux/amd64 node:18.14.2 From 223e5f3bf201bd770b45866dd821adf028a809a9 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Mon, 26 Aug 2024 09:15:42 -0400 Subject: [PATCH 02/11] update deny.toml and removed unused fields --- deny.toml | 21 --------------------- 1 file changed, 21 deletions(-) diff --git a/deny.toml b/deny.toml index fe8bd42..797693a 100644 --- a/deny.toml +++ b/deny.toml @@ -68,16 +68,8 @@ feature-depth = 1 db-path = "~/.cargo/advisory-db" # The url(s) of the advisory databases to use db-urls = ["https://github.com/rustsec/advisory-db"] -# The lint level for security vulnerabilities -vulnerability = "deny" -# The lint level for unmaintained crates -unmaintained = "warn" # The lint level for crates that have been yanked from their source registry yanked = "warn" -# The lint level for crates with security notices. Note that as of -# 2019-12-17 there are no security notice advisories in -# https://github.com/rustsec/advisory-db -notice = "warn" # A list of advisory IDs to ignore. Note that ignored advisories will still # output a note when they are encountered. ignore = [ @@ -122,19 +114,6 @@ allow = [ "Apache-2.0 WITH LLVM-exception", "Zlib" ] -# List of explicitly disallowed licenses -# See https://spdx.org/licenses/ for list of possible licenses -# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. -deny = [] -# Lint level for licenses considered copyleft -copyleft = "warn" -# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses -# * both - The license will be approved if it is both OSI-approved *AND* FSF -# * either - The license will be approved if it is either OSI-approved *OR* FSF -# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF -# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved -# * neither - This predicate is ignored and the default lint level is used -allow-osi-fsf-free = "neither" # Lint level used when no other predicates are matched # 1. License isn't in the allow or deny lists # 2. License isn't copyleft From 4727037a96407d9d6148bda736af1f28f387f8e1 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Mon, 26 Aug 2024 09:58:54 -0400 Subject: [PATCH 03/11] fix the deny ci issue --- deny.toml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/deny.toml b/deny.toml index 797693a..789963b 100644 --- a/deny.toml +++ b/deny.toml @@ -95,8 +95,6 @@ ignore = [ # More documentation for the licenses section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html [licenses] -# The lint level for crates which do not have a detectable license -unlicensed = "deny" # List of explicitly allowed licenses # See https://spdx.org/licenses/ for list of possible licenses # [possible values: any SPDX 3.11 short identifier (+ optional exception)]. @@ -114,11 +112,6 @@ allow = [ "Apache-2.0 WITH LLVM-exception", "Zlib" ] -# Lint level used when no other predicates are matched -# 1. License isn't in the allow or deny lists -# 2. License isn't copyleft -# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither" -default = "deny" # The confidence threshold for detecting a license from license text. # The higher the value, the more closely the license text must be to the # canonical license text of a valid SPDX license file. From bf86e28d817433aa4b33ee8b5ed710156681ca4c Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Mon, 26 Aug 2024 10:06:49 -0400 Subject: [PATCH 04/11] add supported license --- deny.toml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deny.toml b/deny.toml index 789963b..57acb1b 100644 --- a/deny.toml +++ b/deny.toml @@ -110,7 +110,8 @@ allow = [ "CC0-1.0", "BSD-2-Clause", "Apache-2.0 WITH LLVM-exception", - "Zlib" + "Zlib", + "MPL-2.0" ] # The confidence threshold for detecting a license from license text. # The higher the value, the more closely the license text must be to the From 725f47d08cbc26a319389632a79251427771f729 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Mon, 26 Aug 2024 10:38:41 -0400 Subject: [PATCH 05/11] lock the cargo deny version --- .github/workflows/check.yml | 2 +- deny.toml | 33 ++++++++++++++++++++++++++++++--- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 29e0bac..c6107f4 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -50,7 +50,7 @@ jobs: submodules: "true" - uses: ./.github/actions/install_toolchain - name: Install cargo deny - run: cargo install --locked cargo-deny + run: cargo install --locked cargo-deny --version 0.14.24 - name: Run cargo deny checks for pallets run: cargo-deny check licenses diff --git a/deny.toml b/deny.toml index 57acb1b..eea6dc1 100644 --- a/deny.toml +++ b/deny.toml @@ -68,8 +68,16 @@ feature-depth = 1 db-path = "~/.cargo/advisory-db" # The url(s) of the advisory databases to use db-urls = ["https://github.com/rustsec/advisory-db"] +# The lint level for security vulnerabilities +vulnerability = "deny" +# The lint level for unmaintained crates +unmaintained = "warn" # The lint level for crates that have been yanked from their source registry yanked = "warn" +# The lint level for crates with security notices. Note that as of +# 2019-12-17 there are no security notice advisories in +# https://github.com/rustsec/advisory-db +notice = "warn" # A list of advisory IDs to ignore. Note that ignored advisories will still # output a note when they are encountered. ignore = [ @@ -95,6 +103,8 @@ ignore = [ # More documentation for the licenses section can be found here: # https://embarkstudios.github.io/cargo-deny/checks/licenses/cfg.html [licenses] +# The lint level for crates which do not have a detectable license +unlicensed = "deny" # List of explicitly allowed licenses # See https://spdx.org/licenses/ for list of possible licenses # [possible values: any SPDX 3.11 short identifier (+ optional exception)]. @@ -110,9 +120,26 @@ allow = [ "CC0-1.0", "BSD-2-Clause", "Apache-2.0 WITH LLVM-exception", - "Zlib", - "MPL-2.0" + "Zlib" ] +# List of explicitly disallowed licenses +# See https://spdx.org/licenses/ for list of possible licenses +# [possible values: any SPDX 3.11 short identifier (+ optional exception)]. +deny = [] +# Lint level for licenses considered copyleft +copyleft = "warn" +# Blanket approval or denial for OSI-approved or FSF Free/Libre licenses +# * both - The license will be approved if it is both OSI-approved *AND* FSF +# * either - The license will be approved if it is either OSI-approved *OR* FSF +# * osi-only - The license will be approved if is OSI-approved *AND NOT* FSF +# * fsf-only - The license will be approved if is FSF *AND NOT* OSI-approved +# * neither - This predicate is ignored and the default lint level is used +allow-osi-fsf-free = "neither" +# Lint level used when no other predicates are matched +# 1. License isn't in the allow or deny lists +# 2. License isn't copyleft +# 3. License isn't OSI/FSF, or allow-osi-fsf-free = "neither" +default = "deny" # The confidence threshold for detecting a license from license text. # The higher the value, the more closely the license text must be to the # canonical license text of a valid SPDX license file. @@ -252,4 +279,4 @@ github = [""] # 1 or more gitlab.com organizations to allow git sources for gitlab = [""] # 1 or more bitbucket.org organizations to allow git sources for -bitbucket = [""] +bitbucket = [""] \ No newline at end of file From 5679b406baf1945457bbabc0ff7cd6bd94e89640 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Mon, 26 Aug 2024 11:34:41 -0400 Subject: [PATCH 06/11] checkout the latest tage of tangle --- Dockerfile_tangle_standalone_e2e | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/Dockerfile_tangle_standalone_e2e b/Dockerfile_tangle_standalone_e2e index e264be7..3852ece 100644 --- a/Dockerfile_tangle_standalone_e2e +++ b/Dockerfile_tangle_standalone_e2e @@ -10,7 +10,8 @@ COPY ./scripts/tangle . # build RUN git clone https://github.com/webb-tools/tangle.git ./tangle WORKDIR /code/tangle -RUN git checkout main +# checkout to the latest release tag +RUN git checkout v$(git tag --sort=committerdate | grep -E '[0-9]' | tail -1 | cut -b 2-7) RUN cargo build --release --features testnet FROM --platform=linux/amd64 node:18.14.2 From da21b993959e8450d072f3b435e68f32e141d15e Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Tue, 10 Sep 2024 10:28:03 -0400 Subject: [PATCH 07/11] refactor phala e2e image for CI --- .../workflows/phala-e2e-docker-build-push.yml | 65 +++++++++++++++++++ ...idge_e2e => Dockerfile_phala_parachain_e2e | 0 2 files changed, 65 insertions(+) create mode 100644 .github/workflows/phala-e2e-docker-build-push.yml rename Dockerfile_subbridge_e2e => Dockerfile_phala_parachain_e2e (100%) diff --git a/.github/workflows/phala-e2e-docker-build-push.yml b/.github/workflows/phala-e2e-docker-build-push.yml new file mode 100644 index 0000000..f061183 --- /dev/null +++ b/.github/workflows/phala-e2e-docker-build-push.yml @@ -0,0 +1,65 @@ +# The Licensed Work is (c) 2022 Sygma +# SPDX-License-Identifier: LGPL-3.0-only + +name: Build and publish E2E Docker image with Phala Subbridge parachain node + +on: + pull_request: + types: [opened, synchronize, reopened] + +env: + REGISTRY: ghcr.io + IMAGE_NAME: ${{ github.repository }} + +jobs: + push_e2e_to_registry: + name: Push Phala subbridge integrated E2E Docker image to GitHub Container Registry + runs-on: ubuntu-latest + steps: + - name: Check out the repo + uses: actions/checkout@v3 + with: + submodules: "true" + - uses: ./.github/actions/install_toolchain + + - name: Prepare + id: prep + run: | + # creates local variable of docker image + # creates local variable of commit hash that triggered workflow + COMMIT_HASH=$(echo $GITHUB_SHA | head -c7) + # creates local variable to hold docker images + TAGS="${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${COMMIT_HASH},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:e2e-phala-latest" + # check if branch/tag that triggered workflow was from tags + if [[ $GITHUB_REF == refs/tags/* ]]; then + # set version + VERSION=${GITHUB_REF#refs/tags/} + # append version and e2e testing name to tags + TAGS="${TAGS},${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:e2e-phala-${VERSION}" + fi + # sets output of step + echo ::set-output name=tags::${TAGS} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + registry: ${{ env.REGISTRY }} + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push + id: docker_build + uses: docker/build-push-action@v3 + with: + context: . + push: true + file: ./Dockerfile_phala_parachain_e2e + tags: ${{ steps.prep.outputs.tags }} + + - name: Image digest + run: echo ${{ steps.docker_build.outputs.digest }} diff --git a/Dockerfile_subbridge_e2e b/Dockerfile_phala_parachain_e2e similarity index 100% rename from Dockerfile_subbridge_e2e rename to Dockerfile_phala_parachain_e2e From 1183263a145d88a0b60b7c8cdc43b207ca96dbd4 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Tue, 10 Sep 2024 15:11:59 -0400 Subject: [PATCH 08/11] max the build space --- .github/workflows/phala-e2e-docker-build-push.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/phala-e2e-docker-build-push.yml b/.github/workflows/phala-e2e-docker-build-push.yml index f061183..6d6b7f3 100644 --- a/.github/workflows/phala-e2e-docker-build-push.yml +++ b/.github/workflows/phala-e2e-docker-build-push.yml @@ -52,6 +52,16 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: Maximize build space + uses: easimon/maximize-build-space@master # https://github.com/easimon/maximize-build-space + with: + root-reserve-mb: 4096 + temp-reserve-mb: 1024 + swap-size-mb: 8192 + remove-dotnet: "true" + remove-android: "true" + remove-haskell: "true" + - name: Build and push id: docker_build uses: docker/build-push-action@v3 From 5f6a9c4145727dd3a717d98fdc5b3ef93492ec7d Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Wed, 11 Sep 2024 09:46:12 -0400 Subject: [PATCH 09/11] update the phala image build process --- .../workflows/phala-e2e-docker-build-push.yml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/phala-e2e-docker-build-push.yml b/.github/workflows/phala-e2e-docker-build-push.yml index 6d6b7f3..7659fd9 100644 --- a/.github/workflows/phala-e2e-docker-build-push.yml +++ b/.github/workflows/phala-e2e-docker-build-push.yml @@ -16,6 +16,16 @@ jobs: name: Push Phala subbridge integrated E2E Docker image to GitHub Container Registry runs-on: ubuntu-latest steps: + - name: Maximize build space + uses: easimon/maximize-build-space@master # https://github.com/easimon/maximize-build-space + with: + root-reserve-mb: 4096 + temp-reserve-mb: 1024 + swap-size-mb: 8192 + remove-dotnet: "true" + remove-android: "true" + remove-haskell: "true" + - name: Check out the repo uses: actions/checkout@v3 with: @@ -52,16 +62,6 @@ jobs: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - - name: Maximize build space - uses: easimon/maximize-build-space@master # https://github.com/easimon/maximize-build-space - with: - root-reserve-mb: 4096 - temp-reserve-mb: 1024 - swap-size-mb: 8192 - remove-dotnet: "true" - remove-android: "true" - remove-haskell: "true" - - name: Build and push id: docker_build uses: docker/build-push-action@v3 From f82a7dfcbffec77f586aae562943038ad09c9185 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Wed, 11 Sep 2024 10:06:01 -0400 Subject: [PATCH 10/11] remove max space step --- .github/workflows/phala-e2e-docker-build-push.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/phala-e2e-docker-build-push.yml b/.github/workflows/phala-e2e-docker-build-push.yml index 7659fd9..f061183 100644 --- a/.github/workflows/phala-e2e-docker-build-push.yml +++ b/.github/workflows/phala-e2e-docker-build-push.yml @@ -16,16 +16,6 @@ jobs: name: Push Phala subbridge integrated E2E Docker image to GitHub Container Registry runs-on: ubuntu-latest steps: - - name: Maximize build space - uses: easimon/maximize-build-space@master # https://github.com/easimon/maximize-build-space - with: - root-reserve-mb: 4096 - temp-reserve-mb: 1024 - swap-size-mb: 8192 - remove-dotnet: "true" - remove-android: "true" - remove-haskell: "true" - - name: Check out the repo uses: actions/checkout@v3 with: From 2f4059f15d7b697f630d90f8102af9e0b31774e2 Mon Sep 17 00:00:00 2001 From: Freddy Li Date: Wed, 11 Sep 2024 11:59:07 -0400 Subject: [PATCH 11/11] add remove disk space step --- .../workflows/phala-e2e-docker-build-push.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/.github/workflows/phala-e2e-docker-build-push.yml b/.github/workflows/phala-e2e-docker-build-push.yml index f061183..1fd48df 100644 --- a/.github/workflows/phala-e2e-docker-build-push.yml +++ b/.github/workflows/phala-e2e-docker-build-push.yml @@ -16,6 +16,22 @@ jobs: name: Push Phala subbridge integrated E2E Docker image to GitHub Container Registry runs-on: ubuntu-latest steps: + - name: Free Disk Space (Ubuntu) + uses: jlumbroso/free-disk-space@main + with: + # this might remove tools that are actually needed, + # if set to "true" but frees about 6 GB + tool-cache: false + + # all of these default to true, but feel free to set to + # "false" if necessary for your workflow + android: true + dotnet: true + haskell: true + large-packages: true + docker-images: false + swap-storage: true + - name: Check out the repo uses: actions/checkout@v3 with: