Continuous Forge Tests - Unstable #639
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Continuously run unstable forge tests against the latest main branch, to promote to stable. | |
name: Continuous Forge Tests - Unstable | |
permissions: | |
issues: write | |
pull-requests: write | |
contents: read | |
id-token: write | |
actions: write #required for workflow cancellation via check-aptos-core | |
concurrency: | |
group: forge-unstable-${{ github.ref_name }} | |
cancel-in-progress: true | |
on: | |
# Allow triggering manually | |
workflow_dispatch: | |
inputs: | |
IMAGE_TAG: | |
required: false | |
type: string | |
description: The docker image tag to test. This may be a git SHA1, or a tag like "<branch>_<git SHA1>". If not specified, Forge will find the latest build based on the git history (starting from GIT_SHA input) | |
GIT_SHA: | |
required: false | |
type: string | |
description: The git SHA1 to checkout. This affects the Forge test runner that is used. If not specified, the latest main will be used | |
# NOTE: to support testing different branches on different schedules, you need to specify the cron schedule in the 'determine-test-branch' step as well below | |
# Reference: https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule | |
schedule: | |
- cron: "30 */2 * * *" # Run this on an aggressive cadence to get signal on the tests. They should be fully evaluated (moved to forge stable or removed entirely) after baking | |
pull_request: | |
paths: | |
- ".github/workflows/forge-unstable.yaml" | |
- "testsuite/find_latest_image.py" | |
env: | |
AWS_ACCOUNT_NUM: ${{ secrets.ENV_ECR_AWS_ACCOUNT_NUM }} | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: us-west-2 | |
IMAGE_TAG: ${{ inputs.IMAGE_TAG }} # this is only used for workflow_dispatch, otherwise defaults to empty | |
jobs: | |
# This job determines the image tag and branch to test, and passes them to the other jobs | |
# NOTE: this may be better as a separate workflow as the logic is quite complex but generalizable | |
determine-test-metadata: | |
runs-on: ubuntu-latest | |
outputs: | |
IMAGE_TAG: ${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} | |
IMAGE_TAG_FOR_COMPAT_TEST: ${{ steps.get-last-released-image-tag-for-compat-test.outputs.IMAGE_TAG }} | |
BRANCH: ${{ steps.determine-test-branch.outputs.BRANCH }} | |
BRANCH_HASH: ${{ steps.hash-branch.outputs.BRANCH_HASH }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Determine branch based on cadence | |
id: determine-test-branch | |
# NOTE: the schedule cron MUST match the one in the 'on.schedule.cron' section above | |
run: | | |
if [[ "${{ github.event_name }}" == "schedule" ]]; then | |
echo "Branch: main" | |
echo "BRANCH=main" >> $GITHUB_OUTPUT | |
elif [[ "${{ github.event_name }}" == "push" ]]; then | |
echo "Branch: ${{ github.ref_name }}" | |
echo "BRANCH=${{ github.ref_name }}" >> $GITHUB_OUTPUT | |
else | |
echo "Using GIT_SHA" | |
# on workflow_dispatch, this will simply use the inputs.GIT_SHA given (or the default) | |
# on pull_request, this will default to null and the following "checkout" step will use the PR's base branch | |
echo "BRANCH=${{ inputs.GIT_SHA }}" >> $GITHUB_OUTPUT | |
fi | |
# Use the branch hash instead of the full branch name to stay under kubernetes namespace length limit | |
- name: Hash the branch | |
id: hash-branch | |
run: | | |
# If BRANCH is empty, default to "main" | |
if [[ -z "${{ steps.determine-test-branch.outputs.BRANCH }}" ]]; then | |
BRANCH="main" | |
else | |
BRANCH="${{ steps.determine-test-branch.outputs.BRANCH }}" | |
fi | |
# Hashing the branch name | |
echo "BRANCH_HASH=$(echo -n "$BRANCH" | sha256sum | cut -c1-10)" >> $GITHUB_OUTPUT | |
- uses: aptos-labs/aptos-core/.github/actions/check-aptos-core@main | |
with: | |
cancel-workflow: ${{ github.event_name == 'schedule' }} # Cancel the workflow if it is scheduled on a fork | |
# actions/get-latest-docker-image-tag requires docker utilities and having authenticated to internal docker image registries | |
- uses: aptos-labs/aptos-core/.github/actions/docker-setup@main | |
id: docker-setup | |
with: | |
GCP_WORKLOAD_IDENTITY_PROVIDER: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }} | |
GCP_SERVICE_ACCOUNT_EMAIL: ${{ secrets.GCP_SERVICE_ACCOUNT_EMAIL }} | |
EXPORT_GCP_PROJECT_VARIABLES: "false" | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DOCKER_ARTIFACT_REPO: ${{ secrets.AWS_DOCKER_ARTIFACT_REPO }} | |
GIT_CREDENTIALS: ${{ secrets.GIT_CREDENTIALS }} | |
- uses: aptos-labs/aptos-core/.github/actions/get-latest-docker-image-tag@main | |
id: get-docker-image-tag | |
with: | |
branch: ${{ steps.determine-test-branch.outputs.BRANCH }} | |
variants: "failpoints performance" | |
- name: Write summary | |
run: | | |
IMAGE_TAG=${{ steps.get-docker-image-tag.outputs.IMAGE_TAG }} | |
BRANCH=${{ steps.determine-test-branch.outputs.BRANCH }} | |
if [ -n "${BRANCH}" ]; then | |
echo "BRANCH: [${BRANCH}](https://github.com/${{ github.repository }}/tree/${BRANCH})" >> $GITHUB_STEP_SUMMARY | |
fi | |
echo "IMAGE_TAG: [${IMAGE_TAG}](https://github.com/${{ github.repository }}/commit/${IMAGE_TAG})" >> $GITHUB_STEP_SUMMARY | |
echo "To cancel this job, do `pnpm infra ci cancel-workflow ${{ github.run_id }}` from internal-ops" >> $GITHUB_STEP_SUMMARY | |
# Test definitions start below | |
# To add a new Forge test, add a new job definition below. Copy all fields and change only the: | |
# * job name | |
# * "needs" dependency. You need "determine-test-metadata", and the previous job (jobs are run sequentially) | |
# * with.FORGE_TEST_SUITE, change this to your test s uite | |
# * with.FORGE_*, any features or customizations you need | |
forge-indexer: | |
if: ${{ github.event_name != 'pull_request' }} | |
needs: determine-test-metadata | |
uses: aptos-labs/aptos-core/.github/workflows/workflow-run-forge.yaml@main | |
secrets: inherit | |
with: | |
IMAGE_TAG: ${{ needs.determine-test-metadata.outputs.IMAGE_TAG }} | |
FORGE_NAMESPACE: forge-indexer-test-${{ needs.determine-test-metadata.outputs.BRANCH_HASH }} | |
COMMENT_HEADER: forge-indexer | |
FORGE_TEST_SUITE: indexer_test | |
FORGE_ENABLE_INDEXER: true |