DUMMY PULL REQUEST - testing github action. #4979

Workflow file for this run

	name: Unit, integration tests and sonar

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref }}
	cancel-in-progress: true

	on:
	pull_request:
	# Runs on all PRs
	push:
	branches:
	- develop
	- main
	- release\/*
	jobs:
	phylum-analyze:
	if: ${{ github.event.pull_request }}
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main
	permissions:
	id-token: write
	pull-requests: write
	contents: read
	deployments: write
	secrets:
	phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
	with:
	phylum_pr_number: ${{ github.event.number }}
	phylum_pr_name: ${{ github.head_ref }}
	phylum_group_name: Protocol
	phylum_project_id: 3f5b2c53-46bd-4f68-b050-5898f929002f
	github_repository: ${{ github.repository }}
	add_report_comment_to_pull_request: true
	snyk-scan-deps-licences:
	name: Snyk deps/licences scan
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-node'
	step_name: 'snyk-scan-deps-licenses'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Run Snyk to check for deps vulnerabilities
	uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --severity-threshold=critical
	snyk-scan-code:
	name: Snyk code scan
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-node'
	step_name: 'snyk-scan-code'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Run Snyk to check for code vulnerabilities
	uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master
	continue-on-error: true
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --severity-threshold=high
	command: code test
	snyk-sbom:
	name: Snyk SBOM
	runs-on: ubuntu-latest
	permissions:
	id-token: write
	pull-requests: read
	contents: read
	deployments: write
	steps:
	- uses: RDXWorks-actions/checkout@main
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.AWS_ROLE_NAME_SNYK_SECRET }}
	app_name: 'babylon-node'
	step_name: 'snyk-sbom'
	secret_prefix: 'SNYK'
	secret_name: ${{ secrets.AWS_SECRET_NAME_SNYK }}
	parse_json: true
	- name: Generate SBOM # check SBOM can be generated but nothing is done with it
	uses: RDXWorks-actions/snyk-actions/gradle-jdk17@master
	with:
	args: --all-projects --org=${{ env.SNYK_NETWORK_ORG_ID }} --format=cyclonedx1.4+json > sbom.json
	command: sbom
	build:
	name: Unit tests and sonarqube
	runs-on: selfhosted-ubuntu-22.04-16-cores
	permissions:
	id-token: write
	contents: read
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	# Shallow clones should be disabled for a better relevancy of analysis
	fetch-depth: 0
	- name: Setup environment
	uses: ./.github/actions/setup-env
	- name: Cache SonarCloud packages
	uses: RDXWorks-actions/cache@main
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar
	- name: Cache Gradle packages
	uses: RDXWorks-actions/cache@main
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: ${{ runner.os }}-gradle
	- name: Unit tests
	# Theoretically, the lack of `--info` in the Gradle command below should completely suppress
	# any (application's) output from the tests. However, our current Rust logging infra writes
	# to STDOUT directly (i.e. bypasses the Gradle's hijacked output) and spams the unit test
	# results - luckily, it respects the ENV var, and we can set it high enough.
	env:
	RADIXDLT_LOG_LEVEL: error
	run: ./gradlew clean check jacocoTestReport --stacktrace --refresh-dependencies
	- name: Install cargo-llvm-cov
	uses: RDXWorks-actions/install-action@cargo-llvm-cov
	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: ${{ secrets.COMMON_SECRETS_ROLE_ARN }}
	app_name: "babylon-node"
	step_name: "codecoverage"
	secret_prefix: "CODECOV"
	secret_name: ${{ secrets.AWS_SECRET_NAME_CODECOV }}
	parse_json: true
	- name: Generate Code Coverage
	run: cd core-rust && cargo llvm-cov --lcov --output-path lcov.info && cd ..
	- name: Upload to codecov.io
	uses: RDXWorks-actions/codecov-action@main
	with:
	fail_ci_if_error: true
	file: ./core-rust/lcov.info
	name: codecov-rust
	flags: rust
	- name: DistZip
	run: ./gradlew distZip
	- name: Publish Java distZip
	uses: RDXWorks-actions/upload-artifact@main
	with:
	path: ./core/build/distributions/core-*.zip
	name: distZip
	retention-days: 7
	- uses: ./.github/actions/fetch-secrets
	with:
	role_name: "${{ secrets.COMMON_SECRETS_ROLE_ARN }}"
	app_name: "babylon-node"
	step_name: "build"
	secret_prefix: "SONAR"
	# SonarCloud access token should be generated from https://sonarcloud.io/account/security/
	secret_name: "github-actions/common/sonar-token"
	parse_json: true
	- name: Sonar analysis
	env:
	# Needed to get some information about the pull request, if any
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: ./gradlew sonarqube
	local-dev-sm-docker-build:
	name: Test core-rust docker build for local development
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	# Shallow clones should be disabled for a better relevancy of analysis
	fetch-depth: 0
	- name: Setup environment
	uses: ./.github/actions/setup-env
	- name: Cache Gradle packages
	uses: RDXWorks-actions/cache@main
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: ${{ runner.os }}-gradle
	- name: Run local core-rust docker build
	run: ./gradlew :core-rust:buildRustForDocker
	steadystate-integration:
	name: Steady state integration tests
	runs-on: selfhosted-ubuntu-22.04-16-cores
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	# Shallow clones should be disabled for a better relevancy of analysis
	fetch-depth: 0
	- name: Setup environment
	uses: ./.github/actions/setup-env
	- name: Cache Gradle packages
	uses: RDXWorks-actions/cache@main
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: ${{ runner.os }}-gradle
	- name: Run steady-state integration tests
	env:
	# Might be set to warn for debugging purposes. Warning, log file will be huge.
	RADIXDLT_LOG_LEVEL: error
	run: ./gradlew clean runSteadyStateIntegrationTests --info --refresh-dependencies
	targeted-integration:
	name: Targeted integration tests
	runs-on: selfhosted-ubuntu-22.04-16-cores
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	# Shallow clones should be disabled for a better relevancy of analysis
	fetch-depth: 0
	- name: Setup environment
	uses: ./.github/actions/setup-env
	- name: Cache Gradle packages
	uses: RDXWorks-actions/cache@main
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: ${{ runner.os }}-gradle
	- name: Run targeted integration tests
	env:
	# Might be set to warn for debugging purposes. Warning, log file will be huge.
	RADIXDLT_LOG_LEVEL: error
	run: ./gradlew clean runTargetedIntegrationTests --info --refresh-dependencies --parallel
	mesh-api-test-suite:
	name: Run Mesh API tests
	runs-on: selfhosted-ubuntu-22.04-16-cores
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	# Shallow clones should be disabled for a better relevancy of analysis
	fetch-depth: 0
	- name: Setup environment
	uses: ./.github/actions/setup-env
	- name: Cache Gradle packages
	uses: RDXWorks-actions/cache@main
	with:
	path: ~/.gradle/caches
	key: ${{ runner.os }}-gradle-${{ hashFiles('*/.gradle') }}
	restore-keys: ${{ runner.os }}-gradle
	- name: Build Node
	run: ./gradlew build
	- name: Run Node in the background
	env:
	# This is to skip keygen step
	RADIXDLT_NODE_KEY: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAY=
	run: ./gradlew :core:run --info &
	- name: Wait for 2 minutes
	run: sleep 2m
	- name: Install mesh-cli
	run: curl -sSfL https://raw.githubusercontent.com/coinbase/mesh-cli/master/scripts/install.sh \| sh -s
	- name: Run Data API tests
	run: ./bin/rosetta-cli check:data --configuration-file core-rust/mesh-api-server/mesh-cli-configs/default.json
	- name: Run Construction API tests
	run: ./bin/rosetta-cli check:construction --configuration-file core-rust/mesh-api-server/mesh-cli-configs/default.json
	- name: Run Coinbase-spec tests
	run: ./bin/rosetta-cli check:spec --configuration-file core-rust/mesh-api-server/mesh-cli-configs/default.json
	cross-xwin:
	name: Cross compile to Windows
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main
	with:
	fetch-depth: 1
	- name: Setup environment
	uses: ./.github/actions/setup-env
	with:
	cross-compile-to-windows: "true"
	- name: cross compile to windows
	run: pushd core-rust; cargo xwin build --release --target x86_64-pc-windows-msvc
	- name: Publish corerust.dll
	uses: RDXWorks-actions/upload-artifact@main
	with:
	path: core-rust/target/x86_64-pc-windows-msvc/release/corerust.dll
	name: corerust.dll
	retention-days: 7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

DUMMY PULL REQUEST - testing github action. #4979

Workflow file

DUMMY PULL REQUEST - testing github action. #4979

Jobs

Run details

Workflow file for this run