Skip to content

Bocktree properties #1576

Bocktree properties

Bocktree properties #1576

Workflow file for this run

name: CI
env:
ALLOWED_URIS: "https://github.com https://api.github.com"
TRUSTED_PUBLIC_KEYS: "cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY= hydra.iohk.io:f/Ea+s+dFdN+3Y/G+FDgSq+a5NEWhJGzdjvKNGv0/EQ= thelio:KyHAYh2EtAT5skKWlArHRcLhiq3d13u0Pt9BwDJp7UY="
SUBSTITUTERS: "https://cache.nixos.org/ https://cache.iog.io http://thelio.functionally.dev:5000"
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
on:
pull_request:
push:
branches:
- main
jobs:
typecheck:
name: Build libraries
runs-on: ubuntu-latest # self-hosted
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: actions/checkout@v4
- name: ๐Ÿ’พ Cache Nix store
uses: actions/[email protected]
id: nix-cache
with:
path: /tmp/nixcache
key: ${{ runner.os }}-nix-${{ hashFiles('flake.lock') }}
restore-keys: ${{ runner.os }}-nix-
- name: ๐Ÿ› ๏ธ Install Nix
uses: cachix/install-nix-action@v21
with:
nix_path: nixpkgs=channel:nixos-unstable
install_url: https://releases.nixos.org/nix/nix-2.10.3/install
extra_nix_config: |
allowed-uris = ${{ env.ALLOWED_URIS }}
trusted-public-keys = ${{ env.TRUSTED_PUBLIC_KEYS }}
substituters = ${{ env.SUBSTITUTERS }}
experimental-features = nix-command flakes
accept-flake-config = true
- name: ๐Ÿ’พโžค Import Nix store cache
if: "steps.nix-cache.outputs.cache-hit == 'true'"
run: "nix-store --import < /tmp/nixcache"
- name: ๐Ÿ—๏ธ Typecheck Agda
run: |
nix build --show-trace .#peras
- name: ๐Ÿ—๏ธ Build `peras-simulation`.
run: |
nix build --show-trace .#peras-simulation-test
- name: โžค๐Ÿ’พ Export Nix store cache
if: "steps.nix-cache.outputs.cache-hit != 'true'"
run: "nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"
simulate-hs:
name: Run simulations
runs-on: ubuntu-latest # self-hosted
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: actions/checkout@v4
- name: ๐Ÿ’พ Cache Nix store
uses: actions/[email protected]
id: nix-cache
with:
path: /tmp/nixcache
key: ${{ runner.os }}-nix-${{ hashFiles('flake.lock') }}
restore-keys: ${{ runner.os }}-nix-
- name: ๐Ÿ› ๏ธ Install Nix
uses: cachix/install-nix-action@v21
with:
nix_path: nixpkgs=channel:nixos-unstable
install_url: https://releases.nixos.org/nix/nix-2.10.3/install
extra_nix_config: |
allowed-uris = ${{ env.ALLOWED_URIS }}
trusted-public-keys = ${{ env.TRUSTED_PUBLIC_KEYS }}
substituters = ${{ env.SUBSTITUTERS }}
experimental-features = nix-command flakes
accept-flake-config = true
- name: ๐Ÿ’พโžค Import Nix store cache
if: "steps.nix-cache.outputs.cache-hit == 'true'"
run: "nix-store --import < /tmp/nixcache"
- name: ๐Ÿ—ณ๏ธ Simulate Peras
run: |
nix run .#peras-simulate -- \
--in-file peras-simulation/example-input.yaml \
--out-file peras-simulation/tmp-output.yaml \
--trace-file peras-simulation/tmp-trace.jsonarray
nix run .#peras-visualize -- \
--trace-file peras-simulation/tmp-trace.jsonarray \
--dot-file peras-simulation/tmp.dot
- name: โžค๐Ÿ’พ Export Nix store cache
if: "steps.nix-cache.outputs.cache-hit != 'true'"
run: "nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"
tests:
name: Run tests
runs-on: ubuntu-latest # self-hosted
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: actions/checkout@v4
- name: ๐Ÿ’พ Cache Nix store
uses: actions/[email protected]
id: nix-cache
with:
path: /tmp/nixcache
key: ${{ runner.os }}-nix-${{ hashFiles('flake.lock') }}
restore-keys: ${{ runner.os }}-nix-
- name: ๐Ÿ› ๏ธ Install Nix
uses: cachix/install-nix-action@v21
with:
nix_path: nixpkgs=channel:nixos-unstable
install_url: https://releases.nixos.org/nix/nix-2.10.3/install
extra_nix_config: |
allowed-uris = ${{ env.ALLOWED_URIS }}
trusted-public-keys = ${{ env.TRUSTED_PUBLIC_KEYS }}
substituters = ${{ env.SUBSTITUTERS }}
experimental-features = nix-command flakes
accept-flake-config = true
- name: ๐Ÿ’พโžค Import Nix store cache
if: "steps.nix-cache.outputs.cache-hit == 'true'"
run: "nix-store --import < /tmp/nixcache"
- name: ๐Ÿ”ฌ Test with `peras-simulation-test`
run: |
nix run .#peras-simulation-test
- name: ๐Ÿ”ฌ Test with `peras-markov-test`
run: |
nix run .#peras-markov-test
- name: ๐Ÿ”ฌ Test with `peras-vote-test`
run: |
nix run .#peras-vote-test
- name: โžค๐Ÿ’พ Export Nix store cache
if: "steps.nix-cache.outputs.cache-hit != 'true'"
run: "nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"
build-specification:
name: Build HTML Specification
runs-on: ubuntu-latest # self-hosted
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: actions/checkout@v4
# - name: ๐Ÿ’พ Cache Nix store
# uses: actions/[email protected]
# id: nix-cache
# with:
# path: /tmp/nixcache
# key: ${{ runner.os }}-nix-${{ hashFiles('flake.lock') }}
# restore-keys: ${{ runner.os }}-nix-
- name: ๐Ÿ› ๏ธ Install Nix
uses: cachix/install-nix-action@v21
with:
nix_path: nixpkgs=channel:nixos-unstable
install_url: https://releases.nixos.org/nix/nix-2.10.3/install
extra_nix_config: |
allowed-uris = ${{ env.ALLOWED_URIS }}
trusted-public-keys = ${{ env.TRUSTED_PUBLIC_KEYS }}
substituters = ${{ env.SUBSTITUTERS }}
experimental-features = nix-command flakes
accept-flake-config = true
# - name: ๐Ÿ’พโžค Import Nix store cache
# if: "steps.nix-cache.outputs.cache-hit == 'true'"
# run: "nix-store --import < /tmp/nixcache"
- name: ๐Ÿ—๏ธ Agda-to-HTML
# run: |
# nix develop --command bash -c ".github/workflows/scripts/agda-2-html.sh"
run: |
nix run .#peras-html-spec
- name: Publish Docusaurus build
uses: actions/upload-artifact@v4
with:
name: agda-specification
if-no-files-found: error
path: |
html/*
# - name: โžค๐Ÿ’พ Export Nix store cache
# if: "steps.nix-cache.outputs.cache-hit != 'true'"
# run: "nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nixcache"
build-pdf-report:
runs-on: ubuntu-22.04
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: actions/checkout@v4
- name: ๐Ÿ”ง Massage markdown
run: |
cat site/docs/reports/tech-report-1.md| sed -e 's/\/img/site\/static\/img/g' | sed -e 's/#scale50)/){ width=50% }/g' | sed -e 's/^#//g' > tech-report-1.md
cat site/docs/reports/tech-report-2.md| sed -e 's/\/img/site\/static\/img/g' | sed -e 's/#scale50)/){ width=50% }/g' | sed -e 's/^#//g' > tech-report-2.md
- name: ๐Ÿ““ Build PDF
uses: docker://pandoc/latex:3.2.0
with:
args: >- # allows you to break string into multiple lines
--pdf-engine=xelatex
-N
--standalone
--output=tech-report-1.pdf
tech-report-1.md
- name: ๐Ÿ““ Build PDF
uses: docker://pandoc/latex:3.2.0
with:
args: >- # allows you to break string into multiple lines
--pdf-engine=xelatex
-N
--standalone
--output=tech-report-2.pdf
tech-report-2.md
- name: ๐Ÿ“ค Upload PDF
uses: actions/upload-artifact@v4
with:
name: tech-reports
if-no-files-found: error
path: |
tech-report-*.pdf
build-docusaurus:
runs-on: ubuntu-22.04
needs:
- build-specification
- build-pdf-report
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: actions/checkout@v4
- name: ๐Ÿ› ๏ธ Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20
cache: 'npm'
cache-dependency-path: site/package-lock.json
- name: ๐Ÿ“ฆ Install dependencies
working-directory: site
run: npm ci
- name: ๐Ÿ“ฅ Download Agda specification
uses: actions/download-artifact@v4
with:
name: agda-specification
path: ./site/static/agda_html/
- name: ๐Ÿ“ฅ Download PDF
uses: actions/download-artifact@v4
with:
name: tech-reports
path: ./site/static/
- name: ๐Ÿ—๏ธ Build Docusaurus site
working-directory: site
run: |
npm run build
- name: ๐Ÿš€ Publish Docusaurus build
uses: actions/upload-artifact@v4
with:
name: docusaurus-build
if-no-files-found: error
path: |
site/build/*
publish-docs:
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-22.04
needs:
- build-docusaurus
steps:
- name: ๐Ÿ“ฅ Download Docusaurus build
uses: actions/download-artifact@v4
with:
name: docusaurus-build
path: ./github-pages
- name: ๐Ÿš€ Publish GitHub Pages
uses: peaceiris/actions-gh-pages@v4
with:
github_token: ${{ secrets.GITHUB_TOKEN || github.token }}
publish_dir: ./github-pages
cname: peras.cardano-scaling.org
build-and-push-image:
runs-on: ubuntu-latest
# Sets the permissions granted to the `GITHUB_TOKEN` for the actions in this job.
permissions:
contents: read
packages: write
attestations: write
id-token: write
#
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: actions/checkout@v4
# Uses the `docker/login-action` action to log in to the
# Container registry registry using the account and password
# that will publish the packages. Once published, the packages
# are scoped to the account defined here.
- name: ๐Ÿ› ๏ธ Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: ๐Ÿ‘ฎ Log in to Google Cloud
id: auth
uses: 'google-github-actions/auth@v2'
with:
token_format: access_token
credentials_json: '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}'
access_token_lifetime: 3600s # need to be long enough for docker build to finish
- name: ๐Ÿ‘ฎ Log in to the Container registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
# This step uses
# [docker/metadata-action](https://github.com/docker/metadata-action#about)
# to extract tags and labels that will be applied to the
# specified image. The `id` "meta" allows the output of this
# step to be referenced in a subsequent step. The `images` value
# provides the base name for the tags and labels.
- name: ๐Ÿ›ป Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
# This step uses the `docker/build-push-action` action to build
# the image, based on your repository's `Dockerfile`. If the
# build succeeds, it pushes the image to GitHub Packages. It
# uses the `context` parameter to define the build's context as
# the set of files located in the specified path. For more
# information, see
# "[Usage](https://github.com/docker/build-push-action#usage)"
# in the README of the `docker/build-push-action` repository.
# It uses the `tags` and `labels` parameters to tag and label
# the image with the output from the "meta" step.
- name: ๐Ÿ—๏ธ Build and push image to GHCR
id: push
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:cache
cache-to: type=registry,ref=${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}:cache,mode=max
- name: ๐Ÿ‘ฎ Login to Artifact Registry
uses: docker/login-action@v1
with:
registry: us-east1-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: ๐Ÿ“ฆ Push to GCR
run: |-
docker pull $image_tag
docker tag $image_tag "us-east1-docker.pkg.dev/iog-hydra/peras-docker/${{ env.IMAGE_NAME}}:$GITHUB_SHA"
docker push "us-east1-docker.pkg.dev/iog-hydra/peras-docker/${{ env.IMAGE_NAME}}:$GITHUB_SHA"
env:
image_id: ${{ steps.push.outputs.imageid }}
image_tag: ${{ steps.meta.outputs.tags }}
# TODO: uncomment once the repository is public
#
# This step generates an artifact attestation for the image,
# which is an unforgeable statement about where and how it was
# built. It increases supply chain security for people who
# consume the image. For more information, see
# "[AUTOTITLE](/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds)."
# - name: Generate artifact attestation
# uses: actions/attest-build-provenance@v1
# with:
# subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}}
# subject-digest: ${{ steps.push.outputs.digest }}
# push-to-registry: true
# deploy built server to Gcloud run action when pushing to main
deploy-server:
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
needs:
- build-and-push-image
permissions:
contents: read
packages: read
steps:
- name: ๐Ÿ“ฅ Checkout repository
uses: 'actions/checkout@v4'
- name: ๐Ÿ‘ฎ Log in to Google Cloud
id: auth
uses: 'google-github-actions/auth@v2'
with:
credentials_json: '${{ secrets.GOOGLE_APPLICATION_CREDENTIALS }}'
- name: ๐Ÿš€ Deploy to Cloud Run
id: 'deploy'
uses: 'google-github-actions/deploy-cloudrun@v2'
with:
service: 'peras-server'
image: 'us-east1-docker.pkg.dev/iog-hydra/peras-docker/${{ env.IMAGE_NAME}}:${{ github.sha }}'
region: 'us-east1'
- name: ๐Ÿ”ฌ 'Use output'
run: 'curl -v -L "${{ steps.deploy.outputs.url }}"'