Add Security documentation to ensure finality #1240
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci-test | |
on: | |
push: | |
branches: | |
- main | |
- stable/* | |
- rc/* | |
pull_request: | |
branches: | |
- main | |
- stable/* | |
- rc/* | |
env: | |
OASIS_UNSAFE_SKIP_AVR_VERIFY: "1" | |
OASIS_UNSAFE_KM_POLICY_KEYS: "1" | |
OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES: "1" | |
jobs: | |
test-rust: | |
name: test-rust | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./runtime | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Rust | |
run: rustup show | |
- name: Install protoc | |
run: sudo apt install -y protobuf-compiler | |
- name: Build | |
run: cargo build --release --locked | |
test-rust-sgx: | |
name: test-rust-sgx | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./runtime | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# gcc-multilib is required for bindgen to work for SGX. | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install gcc-multilib | |
- name: Set up Rust | |
run: rustup show | |
- name: Check SGX buildability | |
run: cargo check --locked --release --target x86_64-fortanix-unknown-sgx | |
test-client-js: | |
name: test-client-js | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./clients/js | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- uses: pnpm/[email protected] | |
name: Install pnpm | |
id: pnpm-install | |
with: | |
version: 8 | |
run_install: false | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v4 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: pnpm --filter @oasisprotocol/sapphire-paratime install | |
- name: Build JS client | |
run: pnpm build | |
- name: Build typedoc | |
run: pnpm typedoc | |
- name: Upload client-js build | |
uses: actions/upload-artifact@v4 | |
with: | |
name: client-js | |
retention-days: 1 | |
if-no-files-found: error | |
path: | | |
clients/js/lib | |
- name: Test JS client | |
env: | |
NODE_OPTIONS: "--no-experimental-fetch" # https://github.com/nock/nock/issues/2397 | |
run: pnpm test | |
test-integration-hardhat: | |
name: test-integration-hardhat | |
runs-on: ubuntu-latest | |
needs: [test-client-js] | |
defaults: | |
run: | |
working-directory: ./integrations/hardhat | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- uses: pnpm/[email protected] | |
name: Install pnpm | |
id: pnpm-install | |
with: | |
version: 8 | |
run_install: false | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v4 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Download client-js build | |
uses: actions/download-artifact@v4 | |
with: | |
name: client-js | |
path: clients/js/lib | |
- name: Install dependencies | |
run: | | |
pnpm install | |
- name: Build Integration Hardhat | |
run: pnpm build | |
- name: Upload integration-hardhat build | |
uses: actions/upload-artifact@v4 | |
with: | |
name: integration-hardhat | |
retention-days: 1 | |
if-no-files-found: error | |
path: | | |
integrations/hardhat/dist | |
test-client-go: | |
name: test-client-go | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
working-directory: ./clients/go | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.20.x" | |
- name: Test | |
run: go test -v ./... | |
test-examples: | |
name: test-examples | |
runs-on: ubuntu-latest | |
needs: [test-client-js, test-integration-hardhat] | |
strategy: | |
matrix: | |
example: [hardhat, hardhat-boilerplate, onchain-signer] | |
defaults: | |
run: | |
working-directory: examples/${{ matrix.example }} | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Install Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 18 | |
- uses: pnpm/[email protected] | |
name: Install pnpm | |
id: pnpm-install | |
with: | |
version: 8 | |
run_install: false | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v4 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('**/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Download client-js build | |
uses: actions/download-artifact@v4 | |
with: | |
name: client-js | |
path: clients/js/lib | |
- name: Download integration-hardhat build | |
uses: actions/download-artifact@v4 | |
with: | |
name: integration-hardhat | |
path: integrations/hardhat/dist | |
- name: Install dependencies | |
run: | | |
pnpm install | |
- name: Build | |
run: | | |
! grep -q '"build":' package.json || pnpm run build | |
- name: Test | |
run: | | |
! grep -q '"test":' package.json || pnpm test | |
- name: Test Frontend | |
if: matrix.example == 'hardhat-boilerplate' | |
run: | | |
npx hardhat run scripts/deploy.js | |
cd frontend | |
pnpm build |