-
Notifications
You must be signed in to change notification settings - Fork 39
99 lines (82 loc) · 2.84 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
name: Mono CI
on:
push:
branches:
- main
# Pattern matched against refs/tags
tags:
# Push events to every git tag not containing /
# NOTE: '**' would match tags with / in them, e.g. "foo/bar",
# but we want to use the tag as a docker tag as well, so it's best avoided.
- '*'
pull_request:
branches:
- '**'
# To add ready_for_review as a trigger we need to list all the defaults.
types:
- opened
- reopened
- synchronize
- ready_for_review
jobs:
license:
uses: ./.github/workflows/license.yaml
contracts-prettier:
uses: ./.github/workflows/contracts-prettier.yaml
contracts-deployment-test:
uses: ./.github/workflows/contracts-deployment-test.yaml
needs: [contracts-prettier]
contracts-test:
uses: ./.github/workflows/contracts-test.yaml
needs: [contracts-prettier]
contracts-storage:
uses: ./.github/workflows/contracts-storage.yaml
needs: [contracts-prettier]
## This causes too much unpredictable noise, turning our builds red whenever a new vulnerability is found.
## It's better to have a separate workflow for auditing, and have it run on a schedule.
## However, given this code is purely used for tooling and not for production, it's not a big deal.
# contracts-pnpm-audit:
# uses: ./.github/workflows/contracts-pnpm-audit.yaml
# needs: [contracts-prettier]
contracts-sast:
uses: ./.github/workflows/contracts-sast.yaml
needs: [contracts-prettier]
extras:
uses: ./.github/workflows/extras.yaml
needs: [contracts-prettier]
build:
uses: ./.github/workflows/build.yaml
needs: [license]
unit-tests:
uses: ./.github/workflows/tests-unit.yaml
secrets: inherit
needs:
- build
e2e-tests:
uses: ./.github/workflows/tests-e2e.yaml
secrets: inherit
needs:
- build
fevm-contract-tests:
uses: ./.github/workflows/fevm-contract-tests.yaml
secrets: inherit
needs:
- build
if: >-
github.ref == 'refs/heads/main' ||
github.ref_type == 'tag'
docker-publish:
uses: ./.github/workflows/docker-publish.yaml
secrets: inherit
# Dependencies are not strictly necessary, but if fendermint tests pass they publish docker too, so they better work.
# It is because of these needs that all the filters are allowed to run on `main` too, otherwise this would be disabled.
# It could be done in a more granular approach inside the workflows to allow the job to pass but opt-out of testing,
# but I guess it doesn't hurt to run a final round of unconditional tests, even though it takes longer to publish.
if: >-
github.ref == 'refs/heads/main' ||
github.ref_type == 'tag'
needs:
- contracts-test # generates the ABI artifacts (although fendermint can do on its own too)
- build
- unit-tests
- e2e-tests