(4) dpdk rte acl (FFI only) #6920
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # The primary point of this workflow is to ensure that the developer experience is good. | |
| # We take a very vanilla ubuntu image, install all necessary dependencies via "normal" means, | |
| # and then run the build and test steps as described in the README.md file. | |
| # The artifacts produced by these builds are not intended to be used for anything other than | |
| # ensuring that the developer experience is good. | |
| # Production artifacts are produced via nix builds (in another CI workflow). | |
| name: "dev.yml" | |
| on: | |
| pull_request: {} | |
| push: | |
| branches: | |
| - "main" | |
| - "release/v*" | |
| tags: | |
| - "v*" | |
| merge_group: | |
| types: ["checks_requested"] | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| type: "boolean" | |
| description: "Run with tmate enabled" | |
| required: false | |
| default: false | |
| debug_justfile: | |
| type: "boolean" | |
| description: "enable to see debug statements from just recipes" | |
| required: false | |
| default: false | |
| skip_vlab_tests: | |
| type: "boolean" | |
| description: "Skip VLAB tests (they run by default)" | |
| required: false | |
| default: false | |
| run_hlab_tests: | |
| type: "boolean" | |
| description: "Run hybrid HLAB tests" | |
| required: false | |
| default: false | |
| enable_release_tests: | |
| type: "boolean" | |
| description: "Enable release tests for VLAB/HLAB tests" | |
| required: false | |
| default: false | |
| concurrency: | |
| group: "${{ github.workflow }}:${{ github.event.pull_request.number || github.event.after || github.event.merge_group && github.run_id }}" | |
| cancel-in-progress: true | |
| permissions: | |
| contents: "read" | |
| packages: "write" | |
| id-token: "write" | |
| jobs: | |
| check_changes: | |
| name: "Deduce required tests from code changes" | |
| permissions: | |
| contents: "read" | |
| pull-requests: "read" | |
| runs-on: "ubuntu-latest" | |
| outputs: | |
| devfiles: "${{ steps.changes.outputs.devfiles }}" | |
| steps: | |
| - name: "Checkout" | |
| if: "${{ !github.event.pull_request }}" | |
| uses: "actions/checkout@v6" | |
| with: | |
| persist-credentials: "false" | |
| fetch-depth: "0" | |
| - name: "Check code changes" | |
| uses: "dorny/paths-filter@v4" | |
| id: "changes" | |
| with: | |
| filters: | | |
| devfiles: | |
| - '!(README.md|LICENSE|NOTICE|.zed/**|.vscode/**|CLAUDE.md|.rules|development/**|testing.md|workspace-deps.svg|codebook.toml|.markdownlint.json|.gitattributes|.gitignore|.github/**)' | |
| - '.github/workflows/dev.yml' | |
| - '.github/actions/**' | |
| version: | |
| runs-on: lab | |
| permissions: | |
| contents: read | |
| outputs: | |
| version: "${{ steps.version-gen.outputs.version }}" | |
| ref: "${{ steps.version-gen.outputs.ref }}" | |
| steps: | |
| - &checkout | |
| name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: Generate temp artifacts version | |
| id: version-gen | |
| env: | |
| commit_sha: ${{ github.event.pull_request.head.sha || github.sha }} | |
| run: | | |
| echo "version=v0-${commit_sha::9}" >> "$GITHUB_OUTPUT" | |
| echo "ref=${commit_sha}" >> "$GITHUB_OUTPUT" | |
| check: | |
| if: >- | |
| ${{ | |
| needs.check_changes.outputs.devfiles == 'true' | |
| || startsWith(github.event.ref, 'refs/tags/v') | |
| || github.event_name == 'workflow_dispatch' | |
| }} | |
| name: "check/${{ matrix.build.name }}/${{ matrix.features || 'default' }}" | |
| runs-on: "lab" | |
| needs: | |
| - check_changes | |
| permissions: &check-perms | |
| checks: "write" | |
| pull-requests: "write" | |
| contents: "read" | |
| packages: "write" | |
| id-token: "write" | |
| env: &check-env | |
| USER: "runner" | |
| JUST_VARS: >- | |
| docker_sock=/run/docker/docker.sock | |
| debug_justfile=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }} | |
| profile=${{ matrix.build.profile }} | |
| sanitize=${{ matrix.build.sanitize }} | |
| instrument=${{ matrix.build.instrument }} | |
| features=${{ matrix.features }} | |
| oci_repo=ghcr.io | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| build: &default-build | |
| - &debug-build | |
| name: "debug" | |
| profile: "debug" | |
| sanitize: "" | |
| instrument: "none" | |
| - name: "release" | |
| profile: "release" | |
| sanitize: "" # TODO: enable cfi and safe-stack when possible | |
| instrument: "none" | |
| steps: | |
| - *checkout | |
| - name: "setup hugepages" | |
| run: | | |
| docker run --rm --privileged busybox sh -c "echo 4096 > /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages" | |
| sudo mkdir -p /dev/dataplane/{1GiB,2MiB} | |
| sudo mount -t hugetlbfs -o pagesize=2M none /dev/dataplane/2MiB | |
| sudo mount -t hugetlbfs -o pagesize=1G none /dev/dataplane/1GiB | |
| - &nix-setup | |
| uses: "./.github/actions/nix-setup" | |
| with: | |
| cachix_signing_key: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| cachix_auth_token: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - &check-dependencies | |
| name: "check-dependencies" | |
| uses: &just "./.github/actions/just" | |
| with: | |
| recipe: "check-dependencies" | |
| - name: "test" | |
| uses: *just | |
| with: | |
| recipe: "test" | |
| - name: "lint" | |
| uses: *just | |
| with: | |
| recipe: "lint" | |
| - name: "doctest" | |
| uses: *just | |
| with: | |
| recipe: "doctest" | |
| - &tmate | |
| name: "Setup tmate session for debug" | |
| if: "${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}" | |
| uses: "mxschmitt/action-tmate@v3" | |
| timeout-minutes: 60 | |
| with: | |
| limit-access-to-actor: true | |
| build: | |
| if: >- | |
| ${{ | |
| needs.check_changes.outputs.devfiles == 'true' | |
| || startsWith(github.event.ref, 'refs/tags/v') | |
| || github.event_name == 'workflow_dispatch' | |
| }} | |
| name: "${{matrix.nix-target}}/${{matrix.build.name}}" | |
| runs-on: lab | |
| needs: | |
| - check_changes | |
| - version | |
| permissions: | |
| checks: "write" | |
| pull-requests: "write" | |
| contents: "read" | |
| packages: "write" | |
| id-token: "write" | |
| env: | |
| USER: "runner" | |
| JUST_VARS: >- | |
| debug_justfile=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| nix-target: | |
| - frr.dataplane | |
| - dataplane | |
| - validator | |
| build: *default-build | |
| exclude: | |
| - nix-target: validator | |
| build: | |
| name: "debug" | |
| steps: | |
| - *checkout | |
| - *nix-setup | |
| - *check-dependencies | |
| - name: "push container" | |
| env: | |
| VERSION: "${{ needs.version.outputs.version }}" | |
| PROFILE: "${{ matrix.build.profile }}" | |
| NIX_TARGET: "${{ matrix.nix-target }}" | |
| SANITIZE: "${{ matrix.build.sanitize }}" | |
| INSTRUMENT: "${{ matrix.build.instrument }}" | |
| DEBUG_JUSTFILE: "${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }}" | |
| run: | | |
| set -euo pipefail | |
| if [ "${NIX_TARGET}" = "validator" ]; then | |
| platform="wasm32-wasip1" | |
| else | |
| platform="x86-64-v3" | |
| fi | |
| base_args=( | |
| docker_sock=/run/docker/docker.sock | |
| debug_justfile="${DEBUG_JUSTFILE}" | |
| profile="${PROFILE}" | |
| platform="${platform}" | |
| sanitize="${SANITIZE}" | |
| instrument="${INSTRUMENT}" | |
| oci_repo=ghcr.io | |
| ) | |
| just "${base_args[@]}" push-container "${NIX_TARGET}" | |
| just "${base_args[@]}" "version=${VERSION}-${PROFILE}" push-container "${NIX_TARGET}" | |
| - *tmate | |
| sanitize: | |
| if: >- | |
| ${{ | |
| needs.check_changes.outputs.devfiles == 'true' | |
| || startsWith(github.event.ref, 'refs/tags/v') | |
| || github.event_name == 'workflow_dispatch' | |
| }} | |
| name: "sanitize/${{ matrix.build.profile }}/${{ matrix.build.sanitize }}" | |
| runs-on: "lab" | |
| needs: | |
| - check_changes | |
| - check | |
| permissions: *check-perms | |
| env: *check-env | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: | |
| build: | |
| - name: "address" | |
| profile: "debug" | |
| sanitize: "address" | |
| instrument: "none" | |
| - name: "thread" | |
| profile: "fuzz" | |
| sanitize: "thread" | |
| instrument: "none" | |
| steps: | |
| - *checkout | |
| - *nix-setup | |
| - name: "test" | |
| uses: *just | |
| with: | |
| recipe: "test" | |
| - *tmate | |
| test_each: | |
| if: >- | |
| ${{ | |
| needs.check_changes.outputs.devfiles == 'true' | |
| || startsWith(github.event.ref, 'refs/tags/v') | |
| || github.event_name == 'workflow_dispatch' | |
| }} | |
| name: "test_each" | |
| runs-on: "lab" | |
| needs: | |
| - check_changes | |
| - check | |
| permissions: *check-perms | |
| env: *check-env | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: | |
| build: | |
| - *debug-build | |
| steps: | |
| - *checkout | |
| - *nix-setup | |
| - name: "test-each" | |
| uses: *just | |
| with: | |
| recipe: "test-each" | |
| - *tmate | |
| # miri: | |
| # if: >- | |
| # ${{ | |
| # needs.check_changes.outputs.devfiles == 'true' | |
| # || startsWith(github.event.ref, 'refs/tags/v') | |
| # || github.event_name == 'workflow_dispatch' | |
| # }} | |
| # name: "check/miri/${{ matrix.cpu }}" | |
| # runs-on: "lab" | |
| # needs: | |
| # - check_changes | |
| # permissions: | |
| # checks: "write" | |
| # pull-requests: "read" | |
| # contents: "read" | |
| # packages: "read" | |
| # id-token: "write" | |
| # env: | |
| # USER: "runner" | |
| # strategy: | |
| # fail-fast: false | |
| # max-parallel: 1 | |
| # matrix: | |
| # include: | |
| # - cpu: "powerpc64" # ideal for testing concurrency due to very weak memory model (and is big endian) | |
| # # Disabled to save time in CI. Enable if you are debugging memory issues and wish to bisect | |
| # # why something might pass on one CPU model but fail on another. | |
| # # Otherwise there is little benefit to enabling these CPUs in spite of their objectively more important | |
| # # support story. They just don't really stress test endianness or memory model issues, and they don't | |
| # # meaningfully improve borrow check violation detection either. | |
| # # - cpu: "aarch64" | |
| # # - cpu: "x86_64" | |
| # # - cpu: "s390x" # this is miri's big endian CPU of choice, but it has a stronger memory model than powerpc64 | |
| # steps: | |
| # - *checkout | |
| # - *nix-setup | |
| # - name: "all packages" | |
| # uses: *just | |
| # env: | |
| # JUST_VARS: >- | |
| # miri::cpu=${{ matrix.cpu }} | |
| # with: | |
| # recipe: "miri::test" | |
| # # The quiescent code is especially sensitive to concurrency violations | |
| # # and memory-model issues so we run it again with and without strict | |
| # # provenance enabled and on many different random schedules. The | |
| # # permissive-provenance build runs with real arc-swap and could | |
| # # therefore catch issues which the strict run can't. We run under | |
| # # extra schedules to make that effect stand out as much as possible | |
| # # (shuttle/loom can't test with arc-swap in place either, so this is | |
| # # the closest we can get to fixing that coverage gap). | |
| # - name: "concurrency/permissive" | |
| # uses: *just | |
| # env: | |
| # JUST_VARS: >- | |
| # miri::seeds=8 | |
| # miri::cpu=${{ matrix.cpu }} | |
| # miri::provenance=permissive | |
| # with: | |
| # recipe: "miri::test" | |
| # recipe_args: "--package=dataplane-concurrency" | |
| # - name: "concurrency/strict" | |
| # uses: *just | |
| # env: | |
| # JUST_VARS: >- | |
| # miri::cpu=${{ matrix.cpu }} | |
| # miri::provenance=strict | |
| # with: | |
| # recipe: "miri::test" | |
| # recipe_args: "--package=dataplane-concurrency --features=_strict_provenance" | |
| # - *tmate | |
| wasm: | |
| if: >- | |
| ${{ | |
| needs.check_changes.outputs.devfiles == 'true' | |
| || startsWith(github.event.ref, 'refs/tags/v') | |
| || github.event_name == 'workflow_dispatch' | |
| }} | |
| name: "${{ matrix.platform }}/${{ matrix.libc }}/${{ matrix.profile }}" | |
| runs-on: "lab" | |
| needs: | |
| - check_changes | |
| permissions: | |
| checks: "write" | |
| pull-requests: "read" | |
| contents: "read" | |
| packages: "read" | |
| id-token: "write" | |
| env: | |
| USER: "runner" | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: | |
| include: | |
| - platform: "wasm32-wasip1" | |
| profile: "release" | |
| libc: "none" | |
| recipe: | |
| name: "check" | |
| args: "" | |
| steps: | |
| - *checkout | |
| - *nix-setup | |
| - name: "${{ matrix.platform }}/${{ matrix.libc }}/${{ matrix.profile }}" | |
| uses: *just | |
| env: | |
| JUST_VARS: >- | |
| platform=${{ matrix.platform }} | |
| profile=${{ matrix.profile }} | |
| libc=${{ matrix.libc }} | |
| with: | |
| recipe: "${{ matrix.recipe.name }}" | |
| recipe_args: "${{ matrix.recipe.args }}" | |
| - *tmate | |
| cross: | |
| if: >- | |
| ${{ | |
| github.event_name == 'pull_request' | |
| && ( | |
| contains(github.event.pull_request.labels.*.name, 'ci:+cross') | |
| ) | |
| || (github.event_name == 'push' || github.event_name == 'merge_group') | |
| }} | |
| name: "${{ matrix.recipe.name }}/${{ matrix.recipe.args }}/${{ matrix.platform }}/${{ matrix.libc }}" | |
| runs-on: "lab" | |
| # Cross is advisory: leg failures show red on the job badge but the | |
| # workflow run as a whole still passes. `needs.cross.result` reports | |
| # `success` to dependents regardless of outcome, so don't gate on it. | |
| continue-on-error: true | |
| needs: | |
| - check_changes | |
| - check | |
| # - miri | |
| - wasm | |
| permissions: | |
| checks: "write" | |
| pull-requests: "read" | |
| contents: "read" | |
| packages: "read" | |
| id-token: "write" | |
| env: | |
| USER: "runner" | |
| strategy: | |
| fail-fast: false | |
| max-parallel: 1 | |
| matrix: | |
| platform: | |
| - "aarch64" | |
| - "bluefield3" | |
| libc: | |
| - "gnu" | |
| - "musl" | |
| profile: | |
| - "debug" | |
| recipe: | |
| - name: "build-container" | |
| args: "dataplane" | |
| - name: "build-container" | |
| args: "frr.dataplane" | |
| steps: | |
| - *checkout | |
| - *nix-setup | |
| - name: "${{ matrix.platform }}/${{ matrix.libc }}/${{ matrix.profile }}/${{ matrix.recipe.args }}" | |
| uses: *just | |
| env: | |
| JUST_VARS: >- | |
| platform=${{ matrix.platform }} | |
| profile=${{ matrix.profile }} | |
| libc=${{ matrix.libc }} | |
| with: | |
| recipe: "${{ matrix.recipe.name }}" | |
| recipe_args: "${{ matrix.recipe.args }}" | |
| - *tmate | |
| concurrency: | |
| if: >- | |
| ${{ | |
| needs.check_changes.outputs.devfiles == 'true' | |
| || startsWith(github.event.ref, 'refs/tags/v') | |
| || github.event_name == 'workflow_dispatch' | |
| }} | |
| name: "concurrency" | |
| runs-on: "lab" | |
| needs: | |
| - check_changes | |
| - check | |
| permissions: *check-perms | |
| # This job doesn't use the `*check-env` anchor: that anchor's | |
| # `JUST_VARS` references `matrix.build.*`, and this job has no | |
| # matrix. Each step below sets `JUST_VARS` itself, inlining the | |
| # docker_sock / debug_justfile / oci_repo settings that the | |
| # anchor would have provided. | |
| env: | |
| USER: "runner" | |
| steps: | |
| - *checkout | |
| - *nix-setup | |
| - name: "shuttle" | |
| env: | |
| JUST_VARS: >- | |
| docker_sock=/run/docker/docker.sock | |
| debug_justfile=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }} | |
| profile=release | |
| features=shuttle | |
| oci_repo=ghcr.io | |
| uses: *just | |
| with: | |
| recipe: "test" | |
| - name: "shuttle_pct" | |
| env: | |
| JUST_VARS: >- | |
| docker_sock=/run/docker/docker.sock | |
| debug_justfile=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }} | |
| profile=release | |
| features=shuttle_pct | |
| oci_repo=ghcr.io | |
| uses: *just | |
| with: | |
| recipe: "test" | |
| # The `loom` feature flips `concurrency::sync` to loom's | |
| # primitives workspace-wide, which breaks crates that rely on | |
| # `Weak`, `Arc::downgrade`, etc. (those aren't in | |
| # `loom::sync`). Scope the loom build to only the concurrency | |
| # package (which hosts the core concurrency tests) so workspace | |
| # feature unification doesn't poison unrelated crates. | |
| # | |
| # TODO: gate tests which can't be used with loom | |
| - name: "loom" | |
| env: | |
| JUST_VARS: >- | |
| docker_sock=/run/docker/docker.sock | |
| debug_justfile=${{ github.event_name == 'workflow_dispatch' && github.event.inputs.debug_justfile || false }} | |
| profile=release | |
| features=loom | |
| oci_repo=ghcr.io | |
| uses: *just | |
| with: | |
| recipe: "test" | |
| recipe_args: "concurrency" | |
| - *tmate | |
| vlab: | |
| if: "${{ needs.check_changes.outputs.devfiles == 'true' || (startsWith(github.event.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/v')) && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') }}" | |
| needs: | |
| - version | |
| - build | |
| - check_changes | |
| name: "${{ matrix.hybrid && 'h' || 'v' }}-${{ matrix.upgradefrom && 'up' || '' }}${{ matrix.upgradefrom }}${{ matrix.upgradefrom && '-' || '' }}${{ matrix.mesh && 'mesh-' || '' }}${{ matrix.gateway && 'gw-' || '' }}${{ matrix.includeonie && 'onie-' || '' }}${{ matrix.buildmode }}-${{ matrix.vpcmode }}" | |
| uses: githedgehog/fabricator/.github/workflows/run-vlab.yaml@master | |
| with: | |
| # ci:+hlab is required to enable hybrid lab tests on PR | |
| # ci:+vlab is required to enable virtual lab tests on PR | |
| # ci:-upgrade disables upgrade tests on PR | |
| # hlab is disabled for main and merge_queue till we have gateway tests for it | |
| skip: >- | |
| ${{ | |
| github.event_name == 'pull_request' | |
| && ( | |
| matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+hlab') | |
| || !matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+vlab') | |
| || matrix.upgradefrom != '' && contains(github.event.pull_request.labels.*.name, 'ci:-upgrade') | |
| ) | |
| || github.event_name == 'workflow_dispatch' | |
| && ( | |
| matrix.hybrid && inputs.run_hlab_tests != true | |
| || !matrix.hybrid && inputs.skip_vlab_tests == true | |
| ) | |
| || (github.event_name == 'push' || github.event_name == 'merge_group') | |
| && matrix.hybrid | |
| }} | |
| fabricatorref: master | |
| prebuild: | | |
| just bump dataplane ${{ needs.version.outputs.version }}-release | |
| just bump frr ${{ needs.version.outputs.version }}-release | |
| fabricmode: ${{ matrix.fabricmode }} | |
| gateway: ${{ matrix.gateway }} | |
| includeonie: ${{ matrix.includeonie }} | |
| buildmode: ${{ matrix.buildmode }} | |
| vpcmode: ${{ matrix.vpcmode }} | |
| releasetest: ${{ contains(github.event.pull_request.labels.*.name, 'ci:+release') || inputs.enable_release_tests == true }} | |
| hybrid: ${{ matrix.hybrid }} | |
| upgradefrom: ${{ matrix.upgradefrom }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| fabricmode: | |
| - spine-leaf | |
| gateway: | |
| - true | |
| includeonie: | |
| - false | |
| buildmode: | |
| - iso | |
| vpcmode: | |
| - l2vni | |
| hybrid: | |
| - false | |
| upgradefrom: | |
| - "" | |
| - "26.01" | |
| - "26.02" | |
| include: | |
| # gateway l3vni | |
| - fabricmode: spine-leaf | |
| gateway: true | |
| includeonie: false | |
| buildmode: iso | |
| vpcmode: l3vni | |
| hybrid: false | |
| upgradefrom: "" | |
| # hlab gateway l2vni | |
| - fabricmode: spine-leaf | |
| gateway: true | |
| includeonie: false | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: true | |
| upgradefrom: "" | |
| summary: | |
| name: "Summary" | |
| runs-on: "ubuntu-latest" | |
| needs: | |
| - check | |
| - sanitize | |
| - concurrency | |
| - build | |
| - vlab | |
| - test_each | |
| # - miri | |
| - wasm | |
| - cross | |
| # Run always so this job can aggregate results even when one of its | |
| # dependencies failed or was skipped. | |
| # | |
| # Skipped dependency jobs are handled explicitly by the step-level | |
| # conditions below, so a skipped "build" or "check" job does not cause | |
| # "summary" itself to be skipped. | |
| if: ${{ always() }} | |
| steps: | |
| - name: "Flag any check matrix failures" | |
| if: ${{ needs.check.result != 'success' && needs.check.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some check job(s) failed' | |
| exit 1 | |
| - name: "Flag any concurrency job failures" | |
| if: ${{ needs.concurrency.result != 'success' && needs.concurrency.result != 'skipped' }} | |
| run: | | |
| echo '::error:: concurrency job failed' | |
| exit 1 | |
| - name: "Flag any test_each matrix failures" | |
| if: ${{ needs.test_each.result != 'success' && needs.test_each.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some test_each job(s) failed' | |
| exit 1 | |
| - name: "Flag any sanitize matrix failures" | |
| if: ${{ needs.sanitize.result != 'success' && needs.sanitize.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some sanitize job(s) failed' | |
| exit 1 | |
| # - name: "Flag any miri matrix failures" | |
| # if: ${{ needs.miri.result != 'success' && needs.miri.result != 'skipped' }} | |
| # run: | | |
| # echo '::error:: Some miri job(s) failed' | |
| # exit 1 | |
| - name: "Flag any build matrix failures" | |
| if: ${{ needs.build.result != 'success' && needs.build.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some build job(s) failed' | |
| exit 1 | |
| - name: "Flag any wasm failures" | |
| if: ${{ needs.wasm.result != 'success' && needs.wasm.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some wasm job(s) failed' | |
| exit 1 | |
| - name: "Flag any vlab matrix failures" | |
| if: ${{ needs.vlab.result != 'success' && needs.vlab.result != 'skipped' }} | |
| run: | | |
| echo '::error:: Some vlab job(s) failed' | |
| exit 1 | |
| publish: | |
| runs-on: lab | |
| if: startsWith(github.event.ref, 'refs/tags/v') && github.event_name == 'push' | |
| needs: | |
| - build | |
| - sanitize | |
| - vlab | |
| permissions: | |
| packages: write | |
| contents: read | |
| env: | |
| USER: "runner" | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v6 | |
| with: | |
| fetch-depth: 0 | |
| # used to run go fmt after patching dp/frr versions in the fabricator | |
| - name: Setup Go | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: stable | |
| cache: false | |
| - name: Login to ghcr.io | |
| uses: docker/login-action@v4 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: "./.github/actions/nix-shell" | |
| with: | |
| cachix_signing_key: "${{ secrets.CACHIX_SIGNING_KEY }}" | |
| cachix_auth_token: "${{ secrets.CACHIX_AUTH_TOKEN }}" | |
| - name: "push containers" | |
| env: | |
| ref_name: ${{ github.ref_name }} | |
| run: | | |
| set -euo pipefail; | |
| just \ | |
| docker_sock=/run/docker/docker.sock \ | |
| oci_repo=ghcr.io \ | |
| version="${ref_name}" \ | |
| push | |
| # Bump dataplane in the fabricator repository | |
| - name: Checkout fabricator repository | |
| uses: actions/checkout@v6 | |
| with: | |
| repository: githedgehog/fabricator | |
| path: fab-repo | |
| persist-credentials: false | |
| - name: Bump dataplane+frr in fabricator | |
| working-directory: fab-repo | |
| env: | |
| ref_name: ${{ github.ref_name }} | |
| run: | | |
| set -euo pipefail; | |
| sed -i "s/^\tDataplaneVersion.*/\tDataplaneVersion=meta.Version(\"${ref_name}\")/" pkg/fab/versions.go | |
| sed -i "s/^\tFRRVersion.*/\tFRRVersion=meta.Version(\"${ref_name}\")/" pkg/fab/versions.go | |
| go fmt pkg/fab/versions.go | |
| - name: Generate token for the fabricator repository | |
| uses: actions/create-github-app-token@v3 | |
| id: fab-app-token | |
| with: | |
| app-id: ${{ secrets.FAB_APP_ID }} | |
| private-key: ${{ secrets.FAB_PRIVATE_KEY }} | |
| repositories: | | |
| fabricator | |
| - name: Create Pull Request for fabricator | |
| uses: peter-evans/create-pull-request@v8 | |
| id: fab-pr | |
| with: | |
| token: ${{ steps.fab-app-token.outputs.token }} | |
| path: fab-repo | |
| branch: pr/auto/dataplane-bump | |
| commit-message: | | |
| bump: dataplane/frr to ${{ github.ref_name }} | |
| This is an automated commit created by GitHub Actions workflow, | |
| in the dataplane repository. | |
| signoff: true | |
| title: "bump: dataplane/frr to ${{ github.ref_name }}" | |
| body: | | |
| This is an automated Pull Request created by GitHub Actions workflow, | |
| in the dataplane repository. |