mirror of
https://github.com/matrix-org/dendrite.git
synced 2024-11-29 09:41:57 -06:00
c876790f08
Bumps [github.com/docker/docker](https://github.com/docker/docker) from 24.0.9+incompatible to 25.0.6+incompatible. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/docker/docker/releases">github.com/docker/docker's releases</a>.</em></p> <blockquote> <h2>v25.0.6</h2> <h2>25.0.6</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.6">docker/cli, 25.0.6 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.6">moby/moby, 25.0.6 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v25.0.6/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v25.0.6/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a fix for <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-41110">CVE-2024-41110</a> / <a href="https://github.com/moby/moby/security/advisories/GHSA-v23v-6jw2-98fq">GHSA-v23v-6jw2-98fq</a> that impacted setups using <a href="https://docs.docker.com/engine/extend/plugins_authorization/">authorization plugins (AuthZ)</a> for access control.</p> <h3>Bug fixes and enhancements</h3> <ul> <li>[25.0] remove erroneous <code>platform</code> from image <code>config</code> OCI descriptor in <code>docker save</code> output. <a href="https://redirect.github.com/moby/moby/pull/47695">moby/moby#47695</a></li> <li>[25.0 backport] Fix a nil dereference when getting image history for images having layers without the <code>Created</code> value set. <a href="https://redirect.github.com/moby/moby/pull/47759">moby/moby#47759</a></li> <li>[25.0 backport] apparmor: Allow confined runc to kill containers. <a href="https://redirect.github.com/moby/moby/pull/47830">moby/moby#47830</a></li> <li>[25.0 backport] Fix an issue where rapidly promoting a Swarm node after another node was demoted could cause the promoted node to fail its promotion. <a href="https://redirect.github.com/moby/moby/pull/47869">moby/moby#47869</a></li> <li>[25.0 backport] don't depend on containerd platform.Parse to return a typed error. <a href="https://redirect.github.com/moby/moby/pull/47890">moby/moby#47890</a></li> <li>[25.0 backport] builder/mobyexporter: Add missing nil check <a href="https://redirect.github.com/moby/moby/pull/47987">moby/moby#47987</a></li> </ul> <h3>Packaging updates</h3> <ul> <li>Update AWS SDK Go v2 to v1.24.1 for AWS CloudWatch logging driver. <a href="https://redirect.github.com/moby/moby/pull/47724">moby/moby#47724</a></li> <li>Update Go runtime to 1.21.12, which contains security fixes for <a href="https://github.com/advisories/GHSA-hw49-2p59-3mhj">CVE-2024-24791</a> <a href="https://redirect.github.com/moby/moby/pull/48146">moby/moby#48146</a></li> <li>Update Containerd (static binaries only) to <a href="https://github.com/containerd/containerd/releases/tag/v1.7.20">v1.7.20</a>. <a href="https://redirect.github.com/moby/moby/pull/48199">moby/moby#48199</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/moby/moby/compare/v25.0.5...v25.0.6">https://github.com/moby/moby/compare/v25.0.5...v25.0.6</a></p> <h2>v25.0.5</h2> <h2>25.0.5</h2> <p>For a full list of pull requests and changes in this release, refer to the relevant GitHub milestones:</p> <ul> <li><a href="https://github.com/docker/cli/issues?q=is%3Aclosed+milestone%3A25.0.5">docker/cli, 25.0.5 milestone</a></li> <li><a href="https://github.com/moby/moby/issues?q=is%3Aclosed+milestone%3A25.0.5">moby/moby, 25.0.5 milestone</a></li> <li>Deprecated and removed features, see <a href="https://github.com/docker/cli/blob/v25.0.5/docs/deprecated.md">Deprecated Features</a>.</li> <li>Changes to the Engine API, see <a href="https://github.com/moby/moby/blob/v25.0.5/docs/api/version-history.md">API version history</a>.</li> </ul> <h3>Security</h3> <p>This release contains a security fix for <a href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>, a potential data exfiltration from 'internal' networks via authoritative DNS servers.</p> <h3>Bug fixes and enhancements</h3> <ul> <li> <p><a href="https://github.com/moby/moby/security/advisories/GHSA-mq39-4gv4-mvpx">CVE-2024-29018</a>: Do not forward requests to external DNS servers for a container that is only connected to an 'internal' network. Previously, requests were forwarded if the host's DNS server was running on a loopback address, like systemd's 127.0.0.53. <a href="https://redirect.github.com/moby/moby/pull/47589">moby/moby#47589</a></p> </li> <li> <p>plugin: fix mounting /etc/hosts when running in UserNS. <a href="https://redirect.github.com/moby/moby/pull/47588">moby/moby#47588</a></p> </li> <li> <p>rootless: fix <code>open /etc/docker/plugins: permission denied</code>. <a href="https://redirect.github.com/moby/moby/pull/47587">moby/moby#47587</a></p> </li> <li> <p>Fix multiple parallel <code>docker build</code> runs leaking disk space. <a href="https://redirect.github.com/moby/moby/pull/47527">moby/moby#47527</a></p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="b08a51fe16
"><code>b08a51f</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48231">#48231</a> from austinvazquez/backport-vendor-otel-v0.46.1-to-...</li> <li><a href="d151b0f87f
"><code>d151b0f</code></a> vendor: OTEL v0.46.1 / v1.21.0</li> <li><a href="c6ba9a5124
"><code>c6ba9a5</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48225">#48225</a> from austinvazquez/backport-workflow-artifact-reten...</li> <li><a href="4673a3ca2c
"><code>4673a3c</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48227">#48227</a> from austinvazquez/backport-backport-branch-check-t...</li> <li><a href="30f8908102
"><code>30f8908</code></a> github/ci: Check if backport is opened against the expected branch</li> <li><a href="7454d6a2e6
"><code>7454d6a</code></a> ci: update workflow artifacts retention</li> <li><a href="65cc597cea
"><code>65cc597</code></a> Merge commit from fork</li> <li><a href="b722836927
"><code>b722836</code></a> Merge pull request <a href="https://redirect.github.com/docker/docker/issues/48199">#48199</a> from austinvazquez/update-containerd-binary-to-1.7.20</li> <li><a href="e8ecb9c76d
"><code>e8ecb9c</code></a> update containerd binary to v1.7.20</li> <li><a href="e6cae1f237
"><code>e6cae1f</code></a> update containerd binary to v1.7.19</li> <li>Additional commits viewable in <a href="https://github.com/docker/docker/compare/v24.0.9...v25.0.6">compare view</a></li> </ul> </details> <br /> [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=github.com/docker/docker&package-manager=go_modules&previous-version=24.0.9+incompatible&new-version=25.0.6+incompatible)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/matrix-org/dendrite/network/alerts). </details> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Till Faelligen <2353100+S7evinK@users.noreply.github.com>
498 lines
16 KiB
YAML
498 lines
16 KiB
YAML
name: Dendrite
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
paths:
|
|
- '**.go' # only execute on changes to go files
|
|
- 'go.sum' # or dependency updates
|
|
- '.github/workflows/**' # or workflow changes
|
|
pull_request:
|
|
paths:
|
|
- '**.go'
|
|
- 'go.sum' # or dependency updates
|
|
- '.github/workflows/**'
|
|
release:
|
|
types: [published]
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
wasm:
|
|
name: WASM build test
|
|
timeout-minutes: 5
|
|
runs-on: ubuntu-latest
|
|
if: ${{ false }} # disable for now
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: Install Go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
cache: true
|
|
|
|
- name: Install Node
|
|
uses: actions/setup-node@v2
|
|
with:
|
|
node-version: 14
|
|
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: ~/.npm
|
|
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-node-
|
|
|
|
- name: Reconfigure Git to use HTTPS auth for repo packages
|
|
run: >
|
|
git config --global url."https://github.com/".insteadOf
|
|
ssh://git@github.com/
|
|
|
|
- name: Install test dependencies
|
|
working-directory: ./test/wasm
|
|
run: npm ci
|
|
|
|
- name: Test
|
|
run: ./test-dendritejs.sh
|
|
|
|
# Run golangci-lint
|
|
lint:
|
|
timeout-minutes: 5
|
|
name: Linting
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install libolm
|
|
run: sudo apt-get install libolm-dev libolm3
|
|
- name: Install Go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
- name: golangci-lint
|
|
uses: golangci/golangci-lint-action@v3
|
|
|
|
# run go test with different go versions
|
|
test:
|
|
timeout-minutes: 10
|
|
name: Unit tests
|
|
runs-on: ubuntu-latest
|
|
# Service containers to run with `container-job`
|
|
services:
|
|
# Label used to access the service container
|
|
postgres:
|
|
# Docker Hub image
|
|
image: postgres:13-alpine
|
|
# Provide the password for postgres
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: dendrite
|
|
ports:
|
|
# Maps tcp port 5432 on service container to the host
|
|
- 5432:5432
|
|
# Set health checks to wait until postgres has started
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install libolm
|
|
run: sudo apt-get install libolm-dev libolm3
|
|
- name: Setup go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
- uses: actions/cache@v4
|
|
# manually set up caches, as they otherwise clash with different steps using setup-go with cache=true
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-stable-unit-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-stable-unit-
|
|
- name: Set up gotestfmt
|
|
uses: gotesttools/gotestfmt-action@v2
|
|
with:
|
|
# Optional: pass GITHUB_TOKEN to avoid rate limiting.
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
- run: go test -json -v ./... 2>&1 | gotestfmt -hide all
|
|
env:
|
|
POSTGRES_HOST: localhost
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: dendrite
|
|
|
|
# build Dendrite for linux with different architectures and go versions
|
|
build:
|
|
name: Build for Linux
|
|
timeout-minutes: 10
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
goos: ["linux"]
|
|
goarch: ["amd64", "386"]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-stable-${{ matrix.goos }}-${{ matrix.goarch }}-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
key: ${{ runner.os }}-go-stable-${{ matrix.goos }}-${{ matrix.goarch }}-
|
|
- name: Install dependencies x86
|
|
if: ${{ matrix.goarch == '386' }}
|
|
run: sudo apt update && sudo apt-get install -y gcc-multilib
|
|
- env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
CGO_ENABLED: 1
|
|
CGO_CFLAGS: -fno-stack-protector
|
|
run: go build -trimpath -v -o "bin/" ./cmd/...
|
|
|
|
# build for Windows 64-bit
|
|
build_windows:
|
|
name: Build for Windows
|
|
timeout-minutes: 10
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
goos: ["windows"]
|
|
goarch: ["amd64"]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup Go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-stable-${{ matrix.goos }}-${{ matrix.goarch }}-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
key: ${{ runner.os }}-go-stable-${{ matrix.goos }}-${{ matrix.goarch }}-
|
|
- name: Install dependencies
|
|
run: sudo apt update && sudo apt install -y gcc-mingw-w64-x86-64 # install required gcc
|
|
- env:
|
|
GOOS: ${{ matrix.goos }}
|
|
GOARCH: ${{ matrix.goarch }}
|
|
CGO_ENABLED: 1
|
|
CC: "/usr/bin/x86_64-w64-mingw32-gcc"
|
|
run: go build -trimpath -v -o "bin/" ./cmd/...
|
|
|
|
# Dummy step to gate other tests on without repeating the whole list
|
|
initial-tests-done:
|
|
name: Initial tests passed
|
|
needs: [lint, test, build, build_windows]
|
|
runs-on: ubuntu-latest
|
|
if: ${{ !cancelled() }} # Run this even if prior jobs were skipped
|
|
steps:
|
|
- name: Check initial tests passed
|
|
uses: re-actors/alls-green@release/v1
|
|
with:
|
|
jobs: ${{ toJSON(needs) }}
|
|
|
|
# run go test with different go versions
|
|
integration:
|
|
timeout-minutes: 20
|
|
needs: initial-tests-done
|
|
name: Integration tests
|
|
runs-on: ubuntu-latest
|
|
# Service containers to run with `container-job`
|
|
services:
|
|
# Label used to access the service container
|
|
postgres:
|
|
# Docker Hub image
|
|
image: postgres:13-alpine
|
|
# Provide the password for postgres
|
|
env:
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: dendrite
|
|
ports:
|
|
# Maps tcp port 5432 on service container to the host
|
|
- 5432:5432
|
|
# Set health checks to wait until postgres has started
|
|
options: >-
|
|
--health-cmd pg_isready
|
|
--health-interval 10s
|
|
--health-timeout 5s
|
|
--health-retries 5
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Install libolm
|
|
run: sudo apt-get install libolm-dev libolm3
|
|
- name: Setup go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
- name: Set up gotestfmt
|
|
uses: gotesttools/gotestfmt-action@v2
|
|
with:
|
|
# Optional: pass GITHUB_TOKEN to avoid rate limiting.
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-stable-test-race-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-stable-test-race-
|
|
- run: go test -race -json -v -coverpkg=./... -coverprofile=cover.out $(go list ./... | grep -v /cmd/dendrite*) 2>&1 | gotestfmt -hide all
|
|
env:
|
|
POSTGRES_HOST: localhost
|
|
POSTGRES_USER: postgres
|
|
POSTGRES_PASSWORD: postgres
|
|
POSTGRES_DB: dendrite
|
|
- name: Upload coverage to Codecov
|
|
uses: codecov/codecov-action@v4
|
|
with:
|
|
flags: unittests
|
|
fail_ci_if_error: true
|
|
token: ${{ secrets.CODECOV_TOKEN }}
|
|
|
|
# run database upgrade tests
|
|
upgrade_test:
|
|
name: Upgrade tests
|
|
timeout-minutes: 20
|
|
needs: initial-tests-done
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
cache: true
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-upgrade-test-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-upgrade-test-
|
|
- name: Docker version
|
|
run: docker version
|
|
- name: Build upgrade-tests
|
|
run: go build ./cmd/dendrite-upgrade-tests
|
|
- name: Test upgrade (PostgreSQL)
|
|
run: ./dendrite-upgrade-tests --head .
|
|
- name: Test upgrade (SQLite)
|
|
run: ./dendrite-upgrade-tests --sqlite --head .
|
|
|
|
# run database upgrade tests, skipping over one version
|
|
upgrade_test_direct:
|
|
name: Upgrade tests from HEAD-2
|
|
timeout-minutes: 20
|
|
needs: initial-tests-done
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Setup go
|
|
uses: actions/setup-go@v4
|
|
with:
|
|
go-version-file: 'go.mod'
|
|
cache: true
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
~/go/pkg/mod
|
|
key: ${{ runner.os }}-go-upgrade-direct-test-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-upgrade-direct-test-
|
|
- name: Docker version
|
|
run: docker version
|
|
- name: Build upgrade-tests
|
|
run: go build ./cmd/dendrite-upgrade-tests
|
|
- name: Test upgrade (PostgreSQL)
|
|
run: ./dendrite-upgrade-tests -direct -from HEAD-2 --head .
|
|
- name: Test upgrade (SQLite)
|
|
run: ./dendrite-upgrade-tests -direct -from HEAD-2 --head .
|
|
|
|
# run Sytest in different variations
|
|
sytest:
|
|
timeout-minutes: 20
|
|
needs: initial-tests-done
|
|
name: "Sytest (${{ matrix.label }})"
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- label: SQLite native
|
|
|
|
- label: SQLite Cgo
|
|
cgo: 1
|
|
|
|
- label: PostgreSQL
|
|
postgres: postgres
|
|
|
|
container:
|
|
image: matrixdotorg/sytest-dendrite
|
|
volumes:
|
|
- ${{ github.workspace }}:/src
|
|
- /root/.cache/go-build:/github/home/.cache/go-build
|
|
- /root/.cache/go-mod:/gopath/pkg/mod
|
|
env:
|
|
POSTGRES: ${{ matrix.postgres && 1}}
|
|
SYTEST_BRANCH: ${{ github.head_ref }}
|
|
CGO_ENABLED: ${{ matrix.cgo && 1 }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
~/.cache/go-build
|
|
/gopath/pkg/mod
|
|
key: ${{ runner.os }}-go-sytest-${{ hashFiles('**/go.sum') }}
|
|
restore-keys: |
|
|
${{ runner.os }}-go-sytest-
|
|
- name: Run Sytest
|
|
run: /bootstrap.sh dendrite
|
|
working-directory: /src
|
|
- name: Summarise results.tap
|
|
if: ${{ always() }}
|
|
run: /sytest/scripts/tap_to_gha.pl /logs/results.tap
|
|
- name: Sytest List Maintenance
|
|
if: ${{ always() }}
|
|
run: /src/show-expected-fail-tests.sh /logs/results.tap /src/sytest-whitelist /src/sytest-blacklist
|
|
continue-on-error: true # not fatal
|
|
- name: Are We Synapse Yet?
|
|
if: ${{ always() }}
|
|
run: /src/are-we-synapse-yet.py /logs/results.tap -v
|
|
continue-on-error: true # not fatal
|
|
- name: Upload Sytest logs
|
|
uses: actions/upload-artifact@v4
|
|
if: ${{ always() }}
|
|
with:
|
|
name: Sytest Logs - ${{ job.status }} - (Dendrite, ${{ join(matrix.*, ', ') }})
|
|
path: |
|
|
/logs/results.tap
|
|
/logs/**/*.log*
|
|
|
|
# run Complement
|
|
complement:
|
|
name: "Complement (${{ matrix.label }})"
|
|
timeout-minutes: 20
|
|
needs: initial-tests-done
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- label: SQLite native
|
|
cgo: 0
|
|
|
|
- label: SQLite Cgo
|
|
cgo: 1
|
|
|
|
- label: PostgreSQL
|
|
postgres: Postgres
|
|
cgo: 0
|
|
steps:
|
|
# Env vars are set file a file given by $GITHUB_PATH. We need both Go 1.17 and GOPATH on env to run Complement.
|
|
# See https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#adding-a-system-path
|
|
- name: "Set Go Version"
|
|
run: |
|
|
echo "$GOROOT_1_17_X64/bin" >> $GITHUB_PATH
|
|
echo "~/go/bin" >> $GITHUB_PATH
|
|
- name: "Install Complement Dependencies"
|
|
# We don't need to install Go because it is included on the Ubuntu 20.04 image:
|
|
# See https://github.com/actions/virtual-environments/blob/main/images/linux/Ubuntu2004-Readme.md specifically GOROOT_1_17_X64
|
|
run: |
|
|
sudo apt-get update && sudo apt-get install -y libolm3 libolm-dev
|
|
go install github.com/gotesttools/gotestfmt/v2/cmd/gotestfmt@latest
|
|
- name: Run actions/checkout@v4 for dendrite
|
|
uses: actions/checkout@v4
|
|
with:
|
|
path: dendrite
|
|
|
|
# Attempt to check out the same branch of Complement as the PR. If it
|
|
# doesn't exist, fallback to main.
|
|
- name: Checkout complement
|
|
shell: bash
|
|
run: |
|
|
mkdir -p complement
|
|
# Attempt to use the version of complement which best matches the current
|
|
# build. Depending on whether this is a PR or release, etc. we need to
|
|
# use different fallbacks.
|
|
#
|
|
# 1. First check if there's a similarly named branch (GITHUB_HEAD_REF
|
|
# for pull requests, otherwise GITHUB_REF).
|
|
# 2. Attempt to use the base branch, e.g. when merging into release-vX.Y
|
|
# (GITHUB_BASE_REF for pull requests).
|
|
# 3. Use the default complement branch ("master").
|
|
for BRANCH_NAME in "$GITHUB_HEAD_REF" "$GITHUB_BASE_REF" "${GITHUB_REF#refs/heads/}" "master"; do
|
|
# Skip empty branch names and merge commits.
|
|
if [[ -z "$BRANCH_NAME" || $BRANCH_NAME =~ ^refs/pull/.* ]]; then
|
|
continue
|
|
fi
|
|
(wget -O - "https://github.com/matrix-org/complement/archive/$BRANCH_NAME.tar.gz" | tar -xz --strip-components=1 -C complement) && break
|
|
done
|
|
# Build initial Dendrite image
|
|
- run: docker build --build-arg=CGO=${{ matrix.cgo }} -t complement-dendrite:${{ matrix.postgres }}${{ matrix.cgo }} -f build/scripts/Complement${{ matrix.postgres }}.Dockerfile .
|
|
working-directory: dendrite
|
|
env:
|
|
DOCKER_BUILDKIT: 1
|
|
|
|
# Run Complement
|
|
- run: |
|
|
set -o pipefail &&
|
|
go test -v -json -tags dendrite_blacklist ./tests ./tests/csapi 2>&1 | gotestfmt -hide all
|
|
shell: bash
|
|
name: Run Complement Tests
|
|
env:
|
|
COMPLEMENT_BASE_IMAGE: complement-dendrite:${{ matrix.postgres }}${{ matrix.cgo }}
|
|
COMPLEMENT_SHARE_ENV_PREFIX: COMPLEMENT_DENDRITE_
|
|
working-directory: complement
|
|
|
|
integration-tests-done:
|
|
name: Integration tests passed
|
|
needs:
|
|
[
|
|
initial-tests-done,
|
|
upgrade_test,
|
|
upgrade_test_direct,
|
|
sytest,
|
|
complement,
|
|
integration
|
|
]
|
|
runs-on: ubuntu-latest
|
|
if: ${{ !cancelled() }} # Run this even if prior jobs were skipped
|
|
steps:
|
|
- name: Check integration tests passed
|
|
uses: re-actors/alls-green@release/v1
|
|
with:
|
|
jobs: ${{ toJSON(needs) }}
|
|
|
|
update-docker-images:
|
|
name: Update Docker images
|
|
permissions:
|
|
packages: write
|
|
contents: read
|
|
security-events: write # To upload Trivy sarif files
|
|
if: github.repository == 'matrix-org/dendrite' && github.ref_name == 'main'
|
|
needs: [integration-tests-done]
|
|
uses: matrix-org/dendrite/.github/workflows/docker.yml@main
|
|
secrets:
|
|
DOCKER_TOKEN: ${{ secrets.DOCKER_TOKEN }}
|