diff --git a/.github/workflows/acceptance-tests.yml b/.github/workflows/acceptance-tests.yml index b94218e6087..2ac595b63ba 100644 --- a/.github/workflows/acceptance-tests.yml +++ b/.github/workflows/acceptance-tests.yml @@ -1,6 +1,9 @@ name: acceptance-tests on: - pull_request: + pull_request_target: + branches: + - main + - release-* pull_request_review: types: [submitted] @@ -18,7 +21,7 @@ jobs: steps: - name: required check id: shouldRun - uses: actions/github-script@v7.0.1 + uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea env: # fun fact, this changes based on incoming event, it will be different when we run this on pushes to main RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} @@ -59,14 +62,16 @@ jobs: runner_index: [0,1,2,3,4,5,6,7,8,9,10,11,12,13,14,15] steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: get acceptance test report - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d with: branch: main name_is_regexp: true @@ -74,10 +79,10 @@ jobs: path: tmp/junit-xml-reports-downloaded if_no_artifact_found: true - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: Split tests id: split-tests - uses: r7kamura/split-tests-by-timings@v0 + uses: r7kamura/split-tests-by-timings@9322bd292d9423e2bc5a65bec548901801341e3f with: reports: tmp/junit-xml-reports-downloaded glob: 'acceptance-tests/tests/src/test/java/org/hyperledger/besu/tests/acceptance/**/*Test.java' @@ -94,12 +99,12 @@ jobs: - name: cleanup tempfiles run: rm testList.txt gradleArgs.txt - name: Upload Acceptance Test Results - uses: actions/upload-artifact@v3.1.0 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: name: acceptance-node-${{matrix.runner_index}}-test-results path: 'acceptance-tests/tests/build/test-results/acceptanceTest/TEST-*.xml' - name: Publish Test Report - uses: mikepenz/action-junit-report@v4 + uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5 if: (success() || failure()) # always run even if the build step fails with: report_paths: 'acceptance-tests/tests/build/test-results/acceptanceTest/TEST-*.xml' diff --git a/.github/workflows/artifacts.yml b/.github/workflows/artifacts.yml index 3b33f43bce1..5075a6c4f6e 100644 --- a/.github/workflows/artifacts.yml +++ b/.github/workflows/artifacts.yml @@ -13,14 +13,14 @@ jobs: contents: write steps: - name: checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Set up JDK 17 - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: 'temurin' java-version: '17' - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: assemble distributions run: ./gradlew -Prelease.releaseVersion=${{github.ref_name}} assemble -Dorg.gradle.parallel=true -Dorg.gradle.caching=true @@ -31,17 +31,19 @@ jobs: echo "zipSha=$(shasum -a 256 besu*.zip)" >> $GITHUB_OUTPUT echo "tarSha=$(shasum -a 256 besu*.tar.gz)" >> $GITHUB_OUTPUT - name: upload tarball - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: path: 'build/distributions/besu*.tar.gz' name: besu-${{ github.ref_name }}.tar.gz + compression-level: 0 - name: upload zipfile - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: path: 'build/distributions/besu*.zip' name: besu-${{ github.ref_name }}.zip + compression-level: 0 - name: Upload Release assets - uses: softprops/action-gh-release@v1 + uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 with: append_body: true files: | @@ -57,12 +59,12 @@ jobs: if: ${{ github.actor != 'dependabot[bot]' }} steps: - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: adopt java-version: 17 - name: Download zip - uses: actions/download-artifact@v3 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: besu-${{ github.ref_name }}.zip - name: test Besu diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index f8842123330..da937f24257 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -31,15 +31,15 @@ jobs: security-events: write steps: - name: Checkout repository - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: 'temurin' java-version: 17 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@v2 + uses: github/codeql-action/init@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f with: languages: ${{ matrix.language }} # If you wish to specify custom queries, you can do so here or in a config file. @@ -48,9 +48,9 @@ jobs: queries: security-and-quality,security-extended - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: compileJava noscan run: | JAVA_OPTS="-Xmx2048M" ./gradlew --no-scan compileJava - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + uses: github/codeql-action/analyze@2f93e4319b2f04a2efc38fa7f78bd681bc3f7b2f diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index c487ed84b28..dbab691f965 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -11,14 +11,14 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: hadoLint_openj9-jdk_17 run: docker run --rm -i hadolint/hadolint < docker/openj9-jdk-17/Dockerfile - name: hadoLint_openjdk_17 @@ -55,33 +55,33 @@ jobs: echo "ARCH=arm64" >> $GITHUB_OUTPUT fi - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: short sha id: shortSha run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: install goss run: | mkdir -p docker/reports curl -L https://github.com/aelsabbahy/goss/releases/download/v0.4.4/goss-${{ steps.prep.outputs.PLATFORM_PAIR }} -o ./docker/tests/goss-${{ steps.prep.outputs.PLATFORM_PAIR }} - - name: build and test docker - uses: gradle/gradle-build-action@v2.12.0 - env: - architecture: ${{ steps.prep.outputs.ARCH }} - with: - arguments: testDocker -PdockerOrgName=${{ env.registry }}/${{ github.repository_owner }} -Prelease.releaseVersion=${{ github.ref_name }} - name: login to ghcr - uses: docker/login-action@v3.0.0 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: registry: ${{ env.registry }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + - name: build and test docker + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa + env: + architecture: ${{ steps.prep.outputs.ARCH }} + with: + arguments: testDocker -PdockerOrgName=${{ env.registry }}/${{ github.repository_owner }} -Prelease.releaseVersion=${{ github.ref_name }} - name: publish env: architecture: ${{ steps.prep.outputs.ARCH }} @@ -94,16 +94,16 @@ jobs: packages: write steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: login to ghcr - uses: docker/login-action@v3.0.0 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: registry: ${{ env.registry }} username: ${{ github.actor }} diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml index 68115ea40bf..250b9c45d81 100644 --- a/.github/workflows/integration-tests.yml +++ b/.github/workflows/integration-tests.yml @@ -1,6 +1,9 @@ name: integration-tests on: - pull_request: + pull_request_target: + branches: + - main + - release-* pull_request_review: types: - submitted @@ -9,63 +12,36 @@ env: GRADLE_OPTS: "-Xmx6g -Dorg.gradle.daemon=false" jobs: - shouldRun: - name: checks to ensure we should run + authorize: + environment: + ${{ github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository && + 'external' || 'internal' }} runs-on: ubuntu-22.04 - outputs: - shouldRun: ${{steps.shouldRun.outputs.result}} steps: - - name: required check - id: shouldRun - uses: actions/github-script@v7.0.1 - env: - # fun fact, this changes based on incoming event, it will be different when we run this on pushes to main - RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} - with: - script: | - const { RELEVANT_SHA } = process.env; - const { data: { statuses } } = await github.rest.repos.getCombinedStatusForRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: RELEVANT_SHA, - }); - - const intTested = statuses && statuses.filter(({ context }) => context === 'integration-tests'); - const alreadyRun = intTested && intTested.find(({ state }) => state === 'success') > 0; - const { data: reviews } = await github.rest.pulls.listReviews({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number, - }); - const approvingReviews = reviews && reviews.filter(review => review.state === 'APPROVED'); - const shouldRun = !alreadyRun && github.actor != 'dependabot[bot]' && (approvingReviews.length > 0); - - console.log("tests should be run = %j", shouldRun); - console.log("alreadyRun = %j", alreadyRun); - console.log("approvingReviews = %j", approvingReviews.length); - - return shouldRun; + - run: true integration-tests: runs-on: ubuntu-22.04 - needs: shouldRun - if: ${{ needs.shouldRun.outputs.shouldRun == 'true' }} + needs: authorize permissions: statuses: write checks: write steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: run integration tests run: ./gradlew integrationTest compileJmh -Dorg.gradle.parallel=true -Dorg.gradle.caching=true - name: Publish Test Report - uses: mikepenz/action-junit-report@v4 + uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5 if: (success() || failure()) with: report_paths: '**/build/test-results/integrationTest/TEST-*.xml' diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 9d2778fba47..90e43417c46 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -16,14 +16,14 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: hadoLint_openj9-jdk_17 run: docker run --rm -i hadolint/hadolint < docker/openj9-jdk-17/Dockerfile - name: hadoLint_openjdk_17 @@ -59,19 +59,19 @@ jobs: echo "ARCH=arm64" >> $GITHUB_OUTPUT fi - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: short sha id: shortSha run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: build image - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa with: arguments: distDocker -PdockerOrgName=${{ env.registry }}/${{ github.repository_owner }} -Pbranch=main - name: install goss @@ -79,13 +79,13 @@ jobs: mkdir -p docker/reports curl -L https://github.com/aelsabbahy/goss/releases/download/v0.4.4/goss-${{ steps.prep.outputs.PLATFORM_PAIR }} -o ./docker/tests/goss-${{ steps.prep.outputs.PLATFORM_PAIR }} - name: test docker - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa env: architecture: ${{ steps.prep.outputs.ARCH }} with: arguments: testDocker -PdockerOrgName=${{ env.registry }}/${{ github.repository_owner }} -Pbranch=main - name: login to ghcr - uses: docker/login-action@v3.0.0 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: registry: ${{ env.registry }} username: ${{ github.actor }} @@ -102,16 +102,16 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: Login to DockerHub - uses: docker/login-action@v3.0.0 + uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d with: registry: ${{ env.registry }} username: ${{ github.actor }} diff --git a/.github/workflows/parallel-unit-tests.yml b/.github/workflows/parallel-unit-tests.yml deleted file mode 100644 index b12fa43655b..00000000000 --- a/.github/workflows/parallel-unit-tests.yml +++ /dev/null @@ -1,49 +0,0 @@ -name: parallel-unit-tests -#experimental work in progress - trying to figure out how to split tests across multi-modules by runtime -on: - workflow_dispatch: - -env: - GRADLE_OPTS: "-Dorg.gradle.daemon=false" - total-runners: 4 -jobs: - junit: - runs-on: ubuntu-latest - strategy: - fail-fast: false - matrix: - runner_index: - - 0 - - 1 - - 2 - - 3 - steps: - - name: Checkout Repo - uses: actions/checkout@v4.1.1 - - name: Split tests - id: split-tests - uses: chaosaffe/split-tests@v1-alpha.1 - with: - glob: '**/src/test/java/**/*.java' - split-total: ${{ env.total-runners }} - split-index: ${{ matrix.runner_index }} - line-count: true - - name: Set up Java - uses: actions/setup-java@v4.0.0 - with: - distribution: adopt - java-version: 17 - cache: gradle - - name: write out test list - run: echo "${{ steps.split-tests.outputs.test-suite }}" >> testList.txt - - name: debug testfile paths - run: cat testList.txt - - name: format gradle args - # regex means: truncate file paths to align with package name, replacing with tests switch, then drop file extension, - # then swap path delimiter with package delimiter - run: cat testList.txt | sed -e 's/[^ ]*src\/test\/java\//--tests\ /g' -e 's/\.java//g' -e 's/\//\./g' >> gradleArgs.txt - - name: debug test class list - run: cat gradleArgs.txt - - name: run unit tests - run: ./gradlew test `cat gradleArgs.txt` - diff --git a/.github/workflows/pr-checklist-on-open.yml b/.github/workflows/pr-checklist-on-open.yml index 707ce8f173b..8c9aad72c21 100644 --- a/.github/workflows/pr-checklist-on-open.yml +++ b/.github/workflows/pr-checklist-on-open.yml @@ -10,7 +10,7 @@ jobs: permissions: pull-requests: write steps: - - uses: actions/github-script@v7.0.1 + - uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea with: github-token: ${{secrets.GITHUB_TOKEN}} script: | diff --git a/.github/workflows/pre-review.yml b/.github/workflows/pre-review.yml index 5abbcb6d0a3..5be0295daba 100644 --- a/.github/workflows/pre-review.yml +++ b/.github/workflows/pre-review.yml @@ -1,12 +1,10 @@ name: pre-review on: - pull_request: - workflow_dispatch: - -permissions: - statuses: write - checks: write + pull_request_target: + branches: + - main + - release-* jobs: repolint: @@ -15,28 +13,34 @@ jobs: container: ghcr.io/todogroup/repolinter:v0.11.2 steps: - name: Checkout Code - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Lint Repo run: bundle exec /app/bin/repolinter.js --rulesetUrl https://raw.githubusercontent.com/hyperledger-labs/hyperledger-community-management-tools/main/repo_structure/repolint.json --format markdown gradle-wrapper: name: "Gradle Wrapper Validation" runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4.1.1 - - uses: gradle/wrapper-validation-action@v1.1.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} + - uses: gradle/wrapper-validation-action@56b90f209b02bf6d1deae490e9ef18b21a389cd4 spotless: runs-on: ubuntu-22.04 if: ${{ github.actor != 'dependabot[bot]' }} steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: Setup Gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: run spotless run: ./gradlew spotlessCheck -Dorg.gradle.parallel=true -Dorg.gradle.caching=true compile: @@ -45,14 +49,16 @@ jobs: needs: [spotless, gradle-wrapper, repolint] steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: Setup Gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: Gradle Compile run: ./gradlew build -x test -x spotlessCheck -Dorg.gradle.parallel=true -Dorg.gradle.caching=true unitTests: @@ -75,19 +81,21 @@ jobs: - "ethereum:core:test" steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: Setup Gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: run unit tests id: unitTest run: ./gradlew $GRADLEW_UNIT_TEST_ARGS -Dorg.gradle.parallel=true -Dorg.gradle.caching=true - name: Publish Test Report - uses: mikepenz/action-junit-report@v4 + uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5 if: success() || failure() # always run even if the build step fails with: report_paths: '**/test-results/**/TEST-*.xml' diff --git a/.github/workflows/reference-tests.yml b/.github/workflows/reference-tests.yml index 1f2cac7b159..fab7dbf681c 100644 --- a/.github/workflows/reference-tests.yml +++ b/.github/workflows/reference-tests.yml @@ -1,76 +1,44 @@ name: reference-tests on: - pull_request: - pull_request_review: - types: - - submitted + pull_request_target: + branches: + - main + - release-* env: GRADLE_OPTS: "-Xmx6g -Dorg.gradle.daemon=false" total-runners: 6 jobs: - shouldRun: - name: checks to ensure we should run - # necessary because there is no single PR approved event, need to check all comments/approvals/denials - # might also be a job running, and additional approvals + authorize: + environment: + ${{ github.event_name == 'pull_request_target' && + github.event.pull_request.head.repo.full_name != github.repository && + 'external' || 'internal' }} runs-on: ubuntu-22.04 - outputs: - shouldRun: ${{steps.shouldRun.outputs.result}} steps: - - name: required check - id: shouldRun - uses: actions/github-script@v7.0.1 - env: - # fun fact, this changes based on incoming event, it will be different when we run this on pushes to main - RELEVANT_SHA: ${{ github.event.pull_request.head.sha || github.sha }} - with: - script: | - const { RELEVANT_SHA } = process.env; - const { data: { statuses } } = await github.rest.repos.getCombinedStatusForRef({ - owner: context.repo.owner, - repo: context.repo.repo, - ref: RELEVANT_SHA, - }); - - - const refTested = statuses && statuses.filter(({ context }) => context === 'reference-tests'); - const alreadyRun = refTested && refTested.find(({ state }) => state === 'success') > 0; - const { data: reviews } = await github.rest.pulls.listReviews({ - owner: context.repo.owner, - repo: context.repo.repo, - pull_number: context.issue.number, - }); - const approvingReviews = reviews && reviews.filter(review => review.state === 'APPROVED'); - const shouldRun = !alreadyRun && github.actor != 'dependabot[bot]' && (approvingReviews.length > 0); - - console.log("tests should be run = %j", shouldRun); - console.log("alreadyRun = %j", alreadyRun); - console.log("approvingReviews = %j", approvingReviews.length); - - return shouldRun; - + - run: true prepareReferenceTestEthereum: runs-on: ubuntu-22.04 - needs: shouldRun - if: ${{ needs.shouldRun.outputs.shouldRun == 'true' }} + needs: authorize steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} submodules: recursive set-safe-directory: true - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: temurin java-version: 17 - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: execute generate reference tests run: ./gradlew ethereum:referencetests:blockchainReferenceTests ethereum:referencetests:generalstateReferenceTests ethereum:referencetests:generalstateRegressionReferenceTests -Dorg.gradle.parallel=true -Dorg.gradle.caching=true - name: store generated tests - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 with: name: 'reference-tests' path: 'ethereum/referencetests/build/generated/sources/reference-test/**/*.java' @@ -82,28 +50,28 @@ jobs: checks: write needs: - prepareReferenceTestEthereum - if: ${{ needs.shouldRun.outputs.shouldRun == 'true' }} strategy: fail-fast: true matrix: runner_index: [0,1,2,3,4,5] steps: - name: Checkout Repo - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 with: + ref: ${{ github.event.pull_request.head.sha || github.ref }} submodules: recursive - name: Set up Java - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: adopt-openj9 java-version: 17 - name: retrieve generated tests - uses: actions/download-artifact@v3.0.2 + uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a with: name: 'reference-tests' path: 'ethereum/referencetests/build/generated/sources/reference-test/' - name: get reference test report - uses: dawidd6/action-download-artifact@v2 + uses: dawidd6/action-download-artifact@e7466d1a7587ed14867642c2ca74b5bcc1e19a2d with: branch: main name_is_regexp: true @@ -111,10 +79,10 @@ jobs: path: tmp/ref-xml-reports-downloaded if_no_artifact_found: true - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: Split tests id: split-tests - uses: r7kamura/split-tests-by-timings@v0 + uses: r7kamura/split-tests-by-timings@9322bd292d9423e2bc5a65bec548901801341e3f with: reports: tmp/ref-xml-reports-downloaded glob: 'ethereum/referencetests/build/generated/sources/reference-test/**/*.java' @@ -125,13 +93,13 @@ jobs: - name: run reference tests run: ./gradlew ethereum:referenceTests:referenceTests `cat refTestArgs.txt` -Dorg.gradle.parallel=true -Dorg.gradle.caching=true - name: Upload Test Report - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 if: always() # always run even if the previous step fails with: name: reference-test-node-${{matrix.runner_index}}-results path: '**/build/test-results/referenceTests/TEST-*.xml' - name: Publish Test Report - uses: mikepenz/action-junit-report@v4 + uses: mikepenz/action-junit-report@5f47764eec0e1c1f19f40c8e60a5ba47e47015c5 if: success() || failure() # always run even if the build step fails with: report_paths: '**/build/test-results/referenceTest/TEST-*.xml' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index e0c4f0bb298..54c28bea64a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -7,8 +7,8 @@ jobs: dockerPromoteX64: runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v4.1.1 - - uses: actions/setup-java@v4.0.0 + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 + - uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: 'temurin' # See 'Supported distributions' for available options java-version: '17' @@ -16,7 +16,7 @@ jobs: - name: Login to DockerHub run: echo '${{ secrets.DOCKER_PASSWORD_RW }}' | docker login -u '${{ secrets.DOCKER_USER_RW }}' --password-stdin - name: Setup Gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: Docker upload run: ./gradlew "-Prelease.releaseVersion=${{ github.ref_name }}" "-PdockerOrgName=${{ secrets.DOCKER_ORG }}" dockerUploadRelease - name: Docker manifest diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 7c4acee7e40..04bb0405b87 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -16,20 +16,20 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout - uses: actions/checkout@v4.1.1 + uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 - name: Set up JDK 17 - uses: actions/setup-java@v4.0.0 + uses: actions/setup-java@387ac29b308b003ca37ba93a6cab5eb57c8f5f93 with: distribution: 'temurin' java-version: '17' - name: Cache SonarCloud packages - uses: actions/cache@v3 + uses: actions/cache@e12d46a63a90f2fae62d114769bbf2a179198b5c with: path: ~/.sonar/cache key: ${{ runner.os }}-sonar restore-keys: ${{ runner.os }}-sonar - name: setup gradle - uses: gradle/gradle-build-action@v2.12.0 + uses: gradle/gradle-build-action@a8f75513eafdebd8141bd1cd4e30fcd194af8dfa - name: Build and analyze env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any diff --git a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/eth/ExpectSuccessfulEthGetTransactionReceipt.java b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/eth/ExpectSuccessfulEthGetTransactionReceipt.java index efc02f73d44..eb1cfc0c33b 100644 --- a/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/eth/ExpectSuccessfulEthGetTransactionReceipt.java +++ b/acceptance-tests/dsl/src/main/java/org/hyperledger/besu/tests/acceptance/dsl/condition/eth/ExpectSuccessfulEthGetTransactionReceipt.java @@ -32,6 +32,6 @@ public ExpectSuccessfulEthGetTransactionReceipt( @Override public void verify(final Node node) { - WaitUtils.waitFor(60, () -> assertThat(node.execute(transaction)).isPresent()); + WaitUtils.waitFor(60, () -> assertThat(node.execute(transaction)).isNotPresent()); } }