stages: - lint - check - test - build - publish variables: GIT_STRATEGY: fetch GIT_DEPTH: 100 CARGO_INCREMENTAL: 0 ARCH: "x86_64" CI_IMAGE: "paritytech/bridges-ci:production" BUILDAH_IMAGE: "quay.io/buildah/stable:v1.27" RUST_BACKTRACE: full default: cache: {} interruptible: true retry: max: 2 when: - runner_system_failure - unknown_failure - api_failure .collect-artifacts: &collect-artifacts artifacts: name: "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}" when: on_success expire_in: 7 days paths: - artifacts/ .kubernetes-build: &kubernetes-build tags: - kubernetes-parity-build .docker-env: &docker-env image: "${CI_IMAGE}" before_script: - rustup show - cargo --version - rustup +nightly show - cargo +nightly --version tags: - linux-docker-vm-c2 .test-refs: &test-refs rules: # FIXME: This is the cause why pipelines wouldn't start. The problem might be in our custom # mirroring. This should be investigated further, but for now let's have the working # pipeline. # - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH # changes: # - '**.md' # - diagrams/* # - docs/* # when: never - if: $CI_PIPELINE_SOURCE == "pipeline" - if: $CI_PIPELINE_SOURCE == "web" - if: $CI_PIPELINE_SOURCE == "schedule" - if: $CI_COMMIT_REF_NAME == "master" - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1 .build-refs: &build-refs rules: # won't run on the CI image update pipeline - if: $CI_PIPELINE_SOURCE == "pipeline" when: never - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1 - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]{4}-[0-9]{2}-[0-9]{2}.*$/ # i.e. v2021-09-27, v2021-09-27-1 # there are two types of nightly pipelines: # 1. this one is triggered by the schedule with $PIPELINE == "nightly", it's for releasing. # this job runs only on nightly pipeline with the mentioned variable, against `master` branch - if: $CI_PIPELINE_SOURCE == "schedule" && $PIPELINE == "nightly" .nightly-test: &nightly-test rules: # 2. another is triggered by scripts repo $CI_PIPELINE_SOURCE == "pipeline" it's for the CI image # update, it also runs all the nightly checks. - if: $CI_PIPELINE_SOURCE == "pipeline" #### stage: lint clippy-nightly: stage: lint <<: *docker-env <<: *test-refs variables: RUSTFLAGS: "-D warnings" script: # clippy currently is raising `derive-partial-eq-without-eq` warning even if `Eq` is actually derived - SKIP_WASM_BUILD=1 cargo +nightly clippy --all-targets -- -A clippy::redundant_closure -A clippy::derive-partial-eq-without-eq -A clippy::or_fun_call fmt: stage: lint <<: *docker-env <<: *test-refs script: - cargo +nightly fmt --all -- --check spellcheck: stage: lint <<: *docker-env <<: *test-refs script: - cargo spellcheck check --cfg=.config/spellcheck.toml --checkers hunspell -m 1 #### stage: check check: stage: check <<: *docker-env <<: *test-refs script: &check-script - SKIP_WASM_BUILD=1 time cargo check --locked --verbose --workspace # Check Rialto benchmarks runtime - SKIP_WASM_BUILD=1 time cargo check -p rialto-runtime --locked --features runtime-benchmarks --verbose # Check Millau benchmarks runtime - SKIP_WASM_BUILD=1 time cargo check -p millau-runtime --locked --features runtime-benchmarks --verbose check-nightly: stage: check <<: *docker-env <<: *nightly-test script: - rustup default nightly - *check-script #### stage: test test: stage: test <<: *docker-env <<: *test-refs # variables: # RUSTFLAGS: "-D warnings" script: &test-script - time cargo fetch - time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-runtime\").manifest_path"` - time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"kusama-runtime\").manifest_path"` - CARGO_NET_OFFLINE=true SKIP_POLKADOT_RUNTIME_WASM_BUILD=1 SKIP_KUSAMA_RUNTIME_WASM_BUILD=1 SKIP_POLKADOT_TEST_RUNTIME_WASM_BUILD=1 time cargo test --verbose --workspace test-nightly: stage: test <<: *docker-env <<: *nightly-test script: - rustup default nightly - *test-script deny: stage: test <<: *docker-env <<: *nightly-test <<: *collect-artifacts script: - cargo deny check advisories --hide-inclusion-graph - cargo deny check bans sources --hide-inclusion-graph after_script: - mkdir -p ./artifacts - echo "___Complete logs can be found in the artifacts___" - cargo deny check advisories 2> advisories.log - cargo deny check bans sources 2> bans_sources.log # this job is allowed to fail, only licenses check is important allow_failure: true deny-licenses: stage: test <<: *docker-env <<: *test-refs <<: *collect-artifacts script: - cargo deny check licenses --hide-inclusion-graph after_script: - mkdir -p ./artifacts - echo "___Complete logs can be found in the artifacts___" - cargo deny check licenses 2> licenses.log benchmarks-test: stage: test <<: *docker-env <<: *nightly-test script: - time cargo run --release -p millau-bridge-node --features=runtime-benchmarks -- benchmark pallet --chain=dev --steps=2 --repeat=1 --pallet=pallet_bridge_messages --extrinsic=* --execution=wasm --wasm-execution=Compiled --heap-pages=4096 - time cargo run --release -p millau-bridge-node --features=runtime-benchmarks -- benchmark pallet --chain=dev --steps=2 --repeat=1 --pallet=pallet_bridge_grandpa --extrinsic=* --execution=wasm --wasm-execution=Compiled --heap-pages=4096 - time cargo run --release -p millau-bridge-node --features=runtime-benchmarks -- benchmark pallet --chain=dev --steps=2 --repeat=1 --pallet=pallet_bridge_parachains --extrinsic=* --execution=wasm --wasm-execution=Compiled --heap-pages=4096 - time cargo run --release -p millau-bridge-node --features=runtime-benchmarks -- benchmark pallet --chain=dev --steps=2 --repeat=1 --pallet=pallet_bridge_relayers --extrinsic=* --execution=wasm --wasm-execution=Compiled --heap-pages=4096 # we may live with failing benchmarks, it is just a signal for us allow_failure: true partial-repo-build-test: stage: test <<: *docker-env <<: *nightly-test script: - ./scripts/verify-pallets-build.sh --no-revert # we may live with failing partial repo build, it is just a signal for us allow_failure: true #### stage: build build: stage: build <<: *docker-env <<: *build-refs <<: *collect-artifacts # master script: &build-script - time cargo fetch - time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"polkadot-runtime\").manifest_path"` - time cargo fetch --manifest-path=`cargo metadata --format-version=1 | jq --compact-output --raw-output ".packages[] | select(.name == \"kusama-runtime\").manifest_path"` - CARGO_NET_OFFLINE=true SKIP_POLKADOT_RUNTIME_WASM_BUILD=1 SKIP_KUSAMA_RUNTIME_WASM_BUILD=1 SKIP_POLKADOT_TEST_RUNTIME_WASM_BUILD=1 time cargo build --release --verbose --workspace after_script: # Prepare artifacts - mkdir -p ./artifacts - strip ./target/release/rialto-bridge-node - mv -v ./target/release/rialto-bridge-node ./artifacts/ - strip ./target/release/rialto-parachain-collator - mv -v ./target/release/rialto-parachain-collator ./artifacts/ - strip ./target/release/millau-bridge-node - mv -v ./target/release/millau-bridge-node ./artifacts/ - strip ./target/release/substrate-relay - mv -v ./target/release/substrate-relay ./artifacts/ - mv -v ./deployments/local-scripts/bridge-entrypoint.sh ./artifacts/ - mv -v ./ci.Dockerfile ./artifacts/ build-nightly: stage: build <<: *docker-env <<: *collect-artifacts <<: *nightly-test script: - rustup default nightly - *build-script #### stage: publish .build-push-image: &build-push-image <<: *kubernetes-build image: $BUILDAH_IMAGE <<: *build-refs variables: &image-variables GIT_STRATEGY: none DOCKERFILE: ci.Dockerfile BRIDGES_PROJECT: "${CI_JOB_NAME}" DOCKER_IMAGE_NAME: "${CI_JOB_NAME}" IMAGE_NAME: docker.io/paritytech/$DOCKER_IMAGE_NAME needs: - job: build artifacts: true before_script: - echo "Starting docker image build/push with name '${IMAGE_NAME}' for '${BRIDGES_PROJECT}' with Dockerfile = '${DOCKERFILE}'" - if [[ "${CI_COMMIT_TAG}" ]]; then VERSION=${CI_COMMIT_TAG}; elif [[ "${CI_COMMIT_REF_NAME}" ]]; then VERSION=$(echo ${CI_COMMIT_REF_NAME} | sed -r 's#/+#-#g'); fi # When building from version tags (v1.0, v2.1rc1, ...) we'll use "production" to tag # docker image. In all other cases, it'll be "latest". - if [[ $CI_COMMIT_REF_NAME =~ ^v[0-9]+\.[0-9]+.*$ ]]; then FLOATING_TAG="production"; else FLOATING_TAG="latest"; fi - echo "Effective tags = ${VERSION} sha-${CI_COMMIT_SHORT_SHA} ${FLOATING_TAG}" - echo "Full docker image name = ${IMAGE_NAME}" script: - test "${Docker_Hub_User_Parity}" -a "${Docker_Hub_Pass_Parity}" || ( echo "no docker credentials provided"; exit 1 ) - cd ./artifacts - buildah bud --format=docker --build-arg VCS_REF="${CI_COMMIT_SHORT_SHA}" --build-arg BUILD_DATE="$(date +%d-%m-%Y)" --build-arg PROJECT="${BRIDGES_PROJECT}" --build-arg VERSION="${VERSION}" --tag "${IMAGE_NAME}:${VERSION}" --tag "${IMAGE_NAME}:sha-${CI_COMMIT_SHORT_SHA}" --tag "${IMAGE_NAME}:${FLOATING_TAG}" --file "${DOCKERFILE}" . # The job will success only on the protected branch - echo "${Docker_Hub_Pass_Parity}" | buildah login --username "${Docker_Hub_User_Parity}" --password-stdin docker.io - buildah info - buildah push --format=v2s2 "${IMAGE_NAME}:${VERSION}" - buildah push --format=v2s2 "${IMAGE_NAME}:sha-${CI_COMMIT_SHORT_SHA}" - buildah push --format=v2s2 "${IMAGE_NAME}:${FLOATING_TAG}" after_script: - env REGISTRY_AUTH_FILE= buildah logout --all rialto-bridge-node: stage: publish <<: *build-push-image rialto-parachain-collator: stage: publish <<: *build-push-image millau-bridge-node: stage: publish <<: *build-push-image substrate-relay: stage: publish <<: *build-push-image bridges-common-relay: stage: publish <<: *build-push-image variables: <<: *image-variables BRIDGES_PROJECT: substrate-relay DOCKER_IMAGE_NAME: bridges-common-relay # FIXME: publish binaries