Schedule Daily #1038
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Schedule Daily | |
| on: | |
| schedule: | |
| # Note that we would like there to be no overlap between the system-tests-benchmarks-nightly job below | |
| # and the Release Testing workflow triggered by the Schedule RC workflow. | |
| - cron: "0 1 * * *" | |
| workflow_dispatch: | |
| env: | |
| BRANCH_NAME: ${{ github.head_ref || github.ref_name }} | |
| CI_COMMIT_SHA: ${{ github.sha }} | |
| CI_JOB_NAME: ${{ github.job }} | |
| CI_PROJECT_DIR: ${{ github.workspace }} | |
| CI_RUN_ID: ${{ github.run_id }} | |
| jobs: | |
| fi-tests-nightly: | |
| name: Bazel Test FI Nightly | |
| runs-on: &dind-large-setup | |
| labels: dind-large | |
| container: &container-setup | |
| image: ghcr.io/dfinity/ic-build@sha256:15e6eca52d696697a681916c92ab3623ebff1fcff70156220b0270c2985a6b2b | |
| options: >- | |
| -e NODE_NAME --privileged --cgroupns host --mount type=tmpfs,target="/tmp/containers" | |
| timeout-minutes: 720 # 12 hours | |
| environment: Nightly Tests | |
| steps: | |
| - &checkout | |
| name: Checkout | |
| uses: actions/checkout@v4 | |
| - &backup-pod-access | |
| name: Set up backup pod access | |
| run: | | |
| # The following adds the SSH private key to the ssh-agent such that CI can SSH into the backup pod. | |
| if [ -z "${SSH_AUTH_SOCK:-}" ]; then | |
| eval "$(ssh-agent -s)" | |
| ssh-add - <<'EOF' | |
| ${{ secrets.SSH_PRIVATE_KEY_BACKUP_POD }} | |
| EOF | |
| echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> "$GITHUB_ENV" | |
| fi | |
| rm -rf ~/.ssh | |
| mkdir -p ~/.ssh | |
| chmod 0700 ~/.ssh | |
| echo -e "Host *\nUser github-runner\n" > ~/.ssh/config | |
| - name: Run FI Tests Nightly | |
| uses: ./.github/actions/bazel | |
| with: | |
| run: | | |
| bazel test \ | |
| --config=stamped \ | |
| --test_tag_filters=fi_tests_nightly \ | |
| //rs/ledger_suite/... \ | |
| --test_env=SSH_AUTH_SOCK \ | |
| --keep_going --test_timeout=43200 | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| bazel-test-bare-metal: | |
| name: Bazel Test Bare Metal | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| environment: Nightly Tests | |
| steps: | |
| - *checkout | |
| - name: Run Bazel Launch Bare Metal | |
| shell: bash | |
| run: | | |
| echo "$ZH2_DLL01_INI_SECRET" > file1 | |
| echo "$ZH2_FILE_SHARE_KEY" > file2 && chmod 400 file2 | |
| launch_bare_metal() { | |
| # shellcheck disable=SC2046,SC2086 | |
| bazel --output_base=/var/tmp/bazel-output run \ | |
| //ic-os/setupos/envs/dev:launch_bare_metal -- \ | |
| --config_path "$(realpath ./ic-os/dev-tools/bare_metal_deployment/zh2-dll01.yaml)" \ | |
| --ini_filename "$(realpath file1)" \ | |
| --file_share_ssh_key "$(realpath file2)" \ | |
| --inject_image_pub_key "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK3gjE/2K5nxIBbk3ohgs8J5LW+XiObwA+kGtSaF5+4c" \ | |
| --file_share_username ci_interim \ | |
| --ci_mode \ | |
| $@ | |
| } | |
| # Run bare metal installation test | |
| launch_bare_metal --hsm | |
| # Run bare metal node performance benchmarks | |
| launch_bare_metal --benchmark | |
| # Run bare metal node hostOS metrics check | |
| launch_bare_metal --check_hostos_metrics | |
| bazel clean | |
| env: | |
| ZH2_DLL01_INI_SECRET: "${{ secrets.ZH2_DLL01_INI_SECRET }}" | |
| ZH2_FILE_SHARE_KEY: "${{ secrets.ZH2_FILE_SHARE_KEY }}" | |
| nns-tests-nightly: | |
| name: Bazel Test NNS Nightly | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| timeout-minutes: 30 | |
| environment: Nightly Tests | |
| steps: | |
| - *checkout | |
| - *backup-pod-access | |
| - name: Run NNS Tests Nightly | |
| uses: ./.github/actions/bazel | |
| with: | |
| run: | | |
| bazel test \ | |
| --config=stamped \ | |
| --test_tag_filters=nns_tests_nightly \ | |
| //... \ | |
| --test_env=SSH_AUTH_SOCK --test_env=NNS_CANISTER_UPGRADE_SEQUENCE=all \ | |
| --keep_going | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Post Slack Notification | |
| uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 | |
| if: failure() | |
| with: | |
| channel-id: eng-nns | |
| slack-message: "${{ github.job }} failed :disappointed: - <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}|Run#${{github.run_id}}>" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_API_TOKEN }} | |
| pocketic-tests-nightly: | |
| name: Bazel Test PocketIC Nightly | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| timeout-minutes: 30 | |
| steps: | |
| - *checkout | |
| - name: Run PocketIC Tests Nightly | |
| uses: ./.github/actions/bazel | |
| with: | |
| run: | | |
| bazel test \ | |
| --config=stamped \ | |
| --test_tag_filters=pocketic_tests_nightly \ | |
| //rs/pocket_ic_server/... \ | |
| --test_env=SSH_AUTH_SOCK \ | |
| --keep_going | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Post Slack Notification | |
| uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 | |
| if: failure() | |
| with: | |
| channel-id: pocket-ic | |
| slack-message: "${{ github.job }} failed :disappointed: - <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}|Run#${{github.run_id}}>" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_API_TOKEN }} | |
| system-tests-benchmarks-nightly: | |
| name: Bazel System Test Benchmarks | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| timeout-minutes: 480 | |
| steps: | |
| - *checkout | |
| - name: Test System Test Benchmarks | |
| id: bazel-system-test-benchmarks | |
| uses: ./.github/actions/bazel | |
| with: | |
| run: | | |
| set -euo pipefail | |
| # NOTE: we use `bazel query` to list the targets explicitly because (at the | |
| # time of writing) benchmark targets are labeled as manual and would not be | |
| # picked up by e.g. `bazel test //...` | |
| target_pattern_file=$(mktemp) | |
| bazel query 'attr(tags, system_test_benchmark, //rs/...)' | grep -v head_nns > "$target_pattern_file" | |
| echo "inferred system test benchmark targets:" | |
| cat "$target_pattern_file" | |
| # note: there's just one performance cluster, so the job can't be parallelized (hence --jobs=1) | |
| bazel test \ | |
| --config=stamped \ | |
| --test_tag_filters=system_test_benchmark \ | |
| --//bazel:enable_upload_perf_systest_results=True \ | |
| --target_pattern_file="$target_pattern_file" \ | |
| --test_env=SSH_AUTH_SOCK --test_env=NNS_CANISTER_UPGRADE_SEQUENCE=all \ | |
| --keep_going --jobs=1 | |
| GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} | |
| - name: Post Slack Notification | |
| uses: slackapi/slack-github-action@6c661ce58804a1a20f6dc5fbee7f0381b469e001 # v1.25.0 | |
| if: failure() | |
| with: | |
| channel-id: eng-ic-benchmark-alerts | |
| slack-message: "${{ github.job }} failed :disappointed: - <${{github.server_url}}/${{github.repository}}/actions/runs/${{github.run_id}}|Run#${{github.run_id}}>" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_API_TOKEN }} | |
| # CI job is also executed in PR on use of 'CI_COVERAGE' label | |
| bazel-test-coverage: | |
| name: Bazel Test Coverage | |
| runs-on: *dind-large-setup | |
| container: *container-setup | |
| if: false | |
| steps: | |
| - *checkout | |
| - name: Run Bazel Test Coverage | |
| shell: bash | |
| # TODO: enable when bazel coverage is fixed | |
| #run: ./ci/scripts/bazel-coverage.sh | |
| run: echo "Disabled until fixed" | |
| - name: Upload bazel-coverage | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bazel-coverage | |
| retention-days: 1 | |
| if-no-files-found: ignore | |
| compression-level: 9 | |
| path: | | |
| cov_html.zip | |
| pocket-ic-tests-windows: | |
| uses: ./.github/workflows/pocket-ic-tests-windows.yml | |
| with: | |
| commit-sha: ${{ github.sha }} |