Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(IDX): encrypt bep #3684

Merged
merged 4 commits into from
Jan 30, 2025
Merged

chore(IDX): encrypt bep #3684

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
0022fb8
chore(IDX): gpg encrypt bep file
marko-k0 Jan 29, 2025
29277ab
rm
marko-k0 Jan 30, 2025
04aa995
Merge branch 'master' into marko-gpg-encrypt
marko-k0 Jan 30, 2025
d527357
IDX GitHub Automation
Jan 30, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .github/actions/bazel-test-all/action.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,8 @@ inputs:
required: false
SSH_PRIVATE_KEY_BACKUP_POD:
required: false
GPG_PASSPHRASE:
required: false

runs:
using: "composite"
Expand Down Expand Up @@ -60,6 +62,11 @@ runs:
rm "$exportout"
echo "BEP events exported to honeycomb!"
fi
if [ -n "$GPG_PASSPHRASE" ] && [ -f ./bazel-bep.pb ]; then
gpg --symmetric --cipher-algo AES256 -o bazel-bep.pb.gpg \
--passphrase "$GPG_PASSPHRASE" --batch --yes bazel-bep.pb
fi
rm -f bazel-bep.pb
# output node name to gihub step summary
[ -n "${NODE_NAME:-}" ] && echo "Run on node: $NODE_NAME" >>$GITHUB_STEP_SUMMARY
Expand All @@ -78,3 +85,4 @@ runs:
CI_PULL_REQUEST_TARGET_BRANCH_NAME: ${{ github.event.pull_request.base.ref }}
MERGE_BASE_SHA: ${{ github.event.pull_request.base.sha }}
SSH_PRIVATE_KEY_BACKUP_POD: ${{ inputs.SSH_PRIVATE_KEY_BACKUP_POD }}
GPG_PASSPHRASE: ${{ inputs.GPG_PASSPHRASE }}
12 changes: 11 additions & 1 deletion .github/workflows-source/ci-main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -86,7 +86,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand Down Expand Up @@ -153,6 +153,8 @@ jobs:
# check if PR title contains release and set timeout filters accordingly
BAZEL_EXTRA_ARGS: ${{ env.BAZEL_EXTRA_ARGS }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
- <<: *bazel-upload

bazel-build-all-config-check:
Expand All @@ -169,6 +171,8 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_CI_CONFIG: "--config=check --config=ci --keep_going"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-test-macos-intel:
name: Bazel Test macOS Intel
Expand Down Expand Up @@ -200,6 +204,8 @@ jobs:
BAZEL_EXTRA_ARGS: '--test_tag_filters=test_macos'
BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output/${{ github.run_id }}"
BAZEL_TARGETS: "//rs/... //publish/binaries/..."
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
- name: Purge Bazel Output
if: always()
shell: bash
Expand All @@ -218,6 +224,8 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=fuzzing --build_tag_filters=libfuzzer"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-build-fuzzers-afl:
name: Bazel Build Fuzzers AFL
Expand All @@ -231,6 +239,8 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=afl"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

python-ci-tests:
name: Python CI Tests
Expand Down
14 changes: 13 additions & 1 deletion .github/workflows-source/release-testing.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand All @@ -82,6 +82,8 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_nightly"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-system-test-staging:
name: Bazel System Test Staging
Expand All @@ -98,6 +100,8 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_staging"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-system-test-hotfix:
name: Bazel System Test Hotfix
Expand All @@ -115,6 +119,8 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_hotfix"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

dependency-scan-release-cut:
name: Dependency Scan for Release
Expand Down Expand Up @@ -187,3 +193,9 @@ jobs:
BAZEL_CI_CONFIG: "--config=systest --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_timeout=7200 --test_env=OLD_VERSION=${{ matrix.version }}"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
name: Upload bazel bep for version ${{ matrix.version }}
with:
<<: *bazel-bep-with
name: ${{ github.job }}-${{ matrix.version }}-bep
8 changes: 7 additions & 1 deletion .github/workflows-source/schedule-daily.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -49,7 +49,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand Down Expand Up @@ -118,6 +118,8 @@ jobs:
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=fi_tests_nightly --test_env=SSH_AUTH_SOCK --test_timeout=43200"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
SSH_PRIVATE_KEY_BACKUP_POD: ${{ secrets.SSH_PRIVATE_KEY_BACKUP_POD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

nns-tests-nightly:
name: Bazel Test NNS Nightly
Expand All @@ -136,6 +138,8 @@ jobs:
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=nns_tests_nightly --test_env=SSH_AUTH_SOCK --test_env=NNS_CANISTER_UPGRADE_SEQUENCE=all"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
SSH_PRIVATE_KEY_BACKUP_POD: ${{ secrets.SSH_PRIVATE_KEY_BACKUP_POD }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

system-tests-benchmarks-nightly:
name: Bazel System Test Benchmarks
Expand All @@ -159,6 +163,8 @@ jobs:
# note: there's just one performance cluster, so the job can't be parallelized
BAZEL_EXTRA_ARGS: "--test_tag_filters=system_test_benchmark --//bazel:enable_upload_perf_systest_results=True --keep_going --jobs 1"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep
- name: Post Slack Notification
uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0
if: failure()
Expand Down
6 changes: 5 additions & 1 deletion .github/workflows-source/schedule-hourly.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ anchors:
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
bazel-bep.pb.gpg
profile.json
jobs:
Expand All @@ -66,6 +66,8 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci"
BAZEL_COMMAND: "build"
BAZEL_EXTRA_ARGS: "--repository_cache= --disk_cache= --noremote_accept_cached --remote_instance_name=${CI_COMMIT_SHA} --@rules_rust//rust/settings:pipelined_compilation=True"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-system-test-hourly:
name: Bazel System Tests Hourly
Expand All @@ -85,6 +87,8 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_hourly"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- <<: *bazel-bep

bazel-run-fuzzers-hourly:
name: Bazel Run Fuzzers Hourly
Expand Down
70 changes: 70 additions & 0 deletions .github/workflows/ci-main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -101,6 +101,20 @@ jobs:
# check if PR title contains release and set timeout filters accordingly
BAZEL_EXTRA_ARGS: ${{ env.BAZEL_EXTRA_ARGS }}
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
- name: Upload bazel-targets
uses: actions/upload-artifact@v4
with:
Expand Down Expand Up @@ -136,6 +150,20 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_CI_CONFIG: "--config=check --config=ci --keep_going"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
bazel-test-macos-intel:
name: Bazel Test macOS Intel
timeout-minutes: 130
Expand Down Expand Up @@ -168,6 +196,20 @@ jobs:
BAZEL_EXTRA_ARGS: '--test_tag_filters=test_macos'
BAZEL_STARTUP_ARGS: "--output_base /var/tmp/bazel-output/${{ github.run_id }}"
BAZEL_TARGETS: "//rs/... //publish/binaries/..."
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
- name: Purge Bazel Output
if: always()
shell: bash
Expand All @@ -194,6 +236,20 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=fuzzing --build_tag_filters=libfuzzer"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
bazel-build-fuzzers-afl:
name: Bazel Build Fuzzers AFL
runs-on:
Expand All @@ -215,6 +271,20 @@ jobs:
BAZEL_COMMAND: "build"
BAZEL_TARGETS: "//rs/..."
BAZEL_EXTRA_ARGS: "--keep_going --config=afl"
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
python-ci-tests:
name: Python CI Tests
runs-on:
Expand Down
56 changes: 56 additions & 0 deletions .github/workflows/release-testing.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,20 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_nightly"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
bazel-system-test-staging:
name: Bazel System Test Staging
runs-on:
Expand Down Expand Up @@ -80,6 +94,20 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_staging"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
bazel-system-test-hotfix:
name: Bazel System Test Hotfix
runs-on:
Expand Down Expand Up @@ -109,6 +137,20 @@ jobs:
BAZEL_CI_CONFIG: "--config=ci --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_tag_filters=system_test_hotfix"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- name: Upload bazel-bep
# runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
dependency-scan-release-cut:
name: Dependency Scan for Release
runs-on:
Expand Down Expand Up @@ -212,3 +254,17 @@ jobs:
BAZEL_CI_CONFIG: "--config=systest --repository_cache=/cache/bazel"
BAZEL_EXTRA_ARGS: "--keep_going --test_timeout=7200 --test_env=OLD_VERSION=${{ matrix.version }}"
BUILDEVENT_APIKEY: ${{ secrets.HONEYCOMB_TOKEN }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
- # runs only if previous step succeeded or failed;
# we avoid collecting artifacts of jobs that were cancelled
if: success() || failure()
uses: actions/upload-artifact@v4
name: Upload bazel bep for version ${{ matrix.version }}
with:
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb.gpg
profile.json
name: ${{ github.job }}-${{ matrix.version }}-bep
Loading