Test

Expose securified security state and expose methods that relied on unsecured entity control on hosts #2885

Workflow file for this run

	# Testing CI - Runs on each PR and Push

	name: Test
	on:
	pull_request:
	push:
	branches:
	- main

	permissions:
	id-token: write
	contents: read
	env:
	CARGO_TERM_COLOR: always
	RUST_TOOLCHAIN: nightly-2024-12-14
	RUST_COMPONENTS: "rust-std"
	SWIFT_CODE_COV_REPORT_PATH: ".build/artifacts/info.lcov" # chosen
	jobs:
	# typos
	check-typos:
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main

	- name: Install Rust Toolchain
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	default: true
	profile: minimal

	- name: Install typos
	uses: RDXWorks-actions/cargo-install@main
	with:
	crate: typos-cli
	version: 1.22.7

	- name: Check typos
	run: typos

	# version bump
	check-version:
	runs-on: ubuntu-latest
	steps:
	- name: Checkout repository
	uses: RDXWorks-actions/checkout@main
	with:
	fetch-depth: 0 # Ensure the full git history is fetched

	- name: Fetch all tags
	run: git fetch --tags

	- name: Get latest tag
	id: get_latest_tag
	run: \|
	latest_tag=$(git describe --tags `git rev-list --tags --max-count=1`)
	echo "Latest tag is $latest_tag"
	echo "latest_tag=$latest_tag" >> $GITHUB_ENV

	- name: Verify Cargo.toml version bump
	run: \|
	# Extract the version from the latest tag
	latest_tag_version=$latest_tag

	# Extract the version from both Cargo.toml in the PR branch
	pr_version_sargon_uniffi=$(grep '^version' crates/uniffi/uniffi_SPLIT_ME/Cargo.toml \| sed 's/version = "$.*$"/\1/')

	echo "Latest tag version: $latest_tag_version"
	echo "PR version sargon-uniffi: $pr_version_sargon_uniffi"

	# Split the versions into major, minor, and patch components
	IFS='.' read -r -a tag_version_parts <<< "$latest_tag_version"
	IFS='.' read -r -a pr_version_parts <<< "$pr_version_sargon_uniffi"

	major_diff=$((pr_version_parts[0] - tag_version_parts[0]))
	minor_diff=$((pr_version_parts[1] - tag_version_parts[1]))
	patch_diff=$((pr_version_parts[2] - tag_version_parts[2]))

	# Check if the PR version is a valid bump
	if [ "$major_diff" -eq 1 ] && [ "${pr_version_parts[1]}" -eq 0 ] && [ "${pr_version_parts[2]}" -eq 0 ]; then
	echo "Major version bump valid!"
	elif [ "$major_diff" -eq 0 ] && [ "$minor_diff" -eq 1 ] && [ "${pr_version_parts[2]}" -eq 0 ]; then
	echo "Minor version bump valid!"
	elif [ "$major_diff" -eq 0 ] && [ "$minor_diff" -eq 0 ] && [ "$patch_diff" -eq 1 ]; then
	echo "Patch version bump valid!"
	else
	echo "Version bump is invalid!"
	exit 1
	fi

	# phylum
	phylum-analyze:
	if: ${{ github.event.pull_request }}
	uses: radixdlt/public-iac-resuable-artifacts/.github/workflows/phylum-analyze.yml@main
	permissions:
	id-token: write
	pull-requests: write
	contents: read
	deployments: write
	secrets:
	phylum_api_key: ${{ secrets.PHYLUM_API_KEY }}
	with:
	phylum_pr_number: ${{ github.event.number }}
	phylum_pr_name: ${{ github.head_ref }}
	phylum_group_name: Wallet
	phylum_project_id: fb999d0c-b260-474e-8c08-2f163aa2c75f
	github_repository: ${{ github.repository }}
	add_report_comment_to_pull_request: true

	# cargo check
	check-cargo-check:
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main

	- name: Install Rust Toolchain
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	default: true
	profile: minimal

	- name: Cargo Check
	run: cargo check --locked --all

	# cargo fmt check
	check-formatting:
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main

	- name: Install Rust Toolchain
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	default: true
	components: rustfmt

	- name: Check formatting
	run: cargo fmt --check --all

	# clippy
	check-clippy:
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main

	- name: Install Rust Toolchain
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	default: true
	components: clippy

	- name: Clippy Check
	run: cargo clippy --locked --all -- -D warnings

	# Rust unit, doc and integration
	test-rust:
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main

	- name: Install cargo nextest
	uses: RDXWorks-actions/cargo-install@v1
	with:
	crate: cargo-nextest
	locked: true

	- name: Install Rust Toolchain
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	default: true

	- name: Run rust tests
	run: cargo nextest run --locked --all

	# Swift formatting
	check-swift-format:
	name: "Swift format"
	if: >
	( github.event.action == 'opened' && github.event.pull_request.draft == false ) \|\|
	( github.event.pull_request.draft == false && github.event.action == 'synchronize' ) \|\|
	( github.event.action == 'ready_for_review' ) \|\|
	( github.event_name == 'push' && github.ref == 'refs/heads/main' )
	runs-on: macos-15-xlarge

	steps:
	- uses: RDXWorks-actions/checkout@main

	- name: "Run Lint"
	run: \|
	brew update
	brew upgrade swiftformat
	swiftformat . --lint

	# Swift testing on macOS (Apple Silicon)
	test-swift:
	runs-on: macos-15-xlarge
	timeout-minutes: 20
	steps:
	- uses: RDXWorks-actions/checkout@main

	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
	app_name: 'sargon'
	step_name: 'sargon-code-cov-token'
	secret_prefix: GH_CODECOV
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/codecov-o1ImFr'
	parse_json: true

	- uses: RDXWorks-actions/setup-xcode@master
	with:
	xcode-version: "16.0.0"

	- name: Install Rust Toolchain for aarch64-apple-darwin
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	target: aarch64-apple-darwin

	- name: Build for macOS target and run swift test
	env:
	GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	rustup target add aarch64-apple-darwin
	sh ./scripts/ios/test.sh --build --codecov ${{ env.SWIFT_CODE_COV_REPORT_PATH }}

	- name: Upload to CodeCov.io
	uses: RDXWorks-actions/codecov-action@main
	with:
	token: ${{ env.GH_CODECOV_TOKEN }}
	fail_ci_if_error: true
	files: ${{ env.SWIFT_CODE_COV_REPORT_PATH }}
	name: codecov-swift
	flags: swift

	# Kotlin test run on JVM on macOS (Apple Silicon)
	test-kotlin:
	runs-on: ubuntu-latest
	steps:
	- uses: RDXWorks-actions/checkout@main

	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
	app_name: 'sargon'
	step_name: 'sargon-code-cov-token'
	secret_prefix: GH_CODECOV
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/codecov-o1ImFr'
	parse_json: true

	- name: Remove unused software
	run: \|
	sudo rm -rf \
	"$AGENT_TOOLSDIRECTORY" \
	/opt/google/chrome \
	/opt/microsoft/msedge \
	/opt/microsoft/powershell \
	/opt/pipx \
	/usr/lib/mono \
	/usr/local/julia* \
	/usr/local/lib/node_modules \
	/usr/local/share/chromium \
	/usr/local/share/powershell \
	/usr/share/dotnet \
	/usr/local/share/boost \
	/opt/ghc

	- name: Install Rust Toolchain for x86_64-unknown-linux-gnu
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	components: ${{ env.RUST_COMPONENTS }}
	target: x86_64-unknown-linux-gnu
	default: 'true'

	- name: Set up JDK 17
	uses: RDXWorks-actions/setup-java@v3
	with:
	distribution: "adopt"
	java-version: "17"

	- name: Setup Android SDK
	uses: RDXWorks-actions/setup-android@v2

	- name: Unit test with coverage
	uses: RDXWorks-actions/gradle-build-action@main
	with:
	arguments: sargon-android:koverXmlReportDebug
	build-root-directory: jvm

	- name: Upload to CodeCov.io
	uses: RDXWorks-actions/codecov-action@main
	with:
	token: ${{ env.GH_CODECOV_TOKEN }}
	fail_ci_if_error: true
	file: ./jvm/sargon-android/build/reports/kover/reportDebug.xml
	name: codecov-jvm
	flags: kotlin

	# Code Coverage uses Tarpaulin and uploads to CodeCov.io
	code-coverage:
	runs-on: macos-15-xlarge
	steps:
	- uses: RDXWorks-actions/checkout@main

	- uses: radixdlt/public-iac-resuable-artifacts/fetch-secrets@main
	with:
	role_name: 'arn:aws:iam::${{ secrets.SECRETS_ACCOUNT_ID }}:role/gh-common-secrets-read-access'
	app_name: 'sargon'
	step_name: 'sargon-code-cov-token'
	secret_prefix: GH_CODECOV
	secret_name: 'arn:aws:secretsmanager:eu-west-2:${{ secrets.SECRETS_ACCOUNT_ID }}:secret:github-actions/common/codecov-o1ImFr'
	parse_json: true

	- uses: RDXWorks-actions/setup-xcode@master
	with:
	# trying to fix https://github.com/rust-lang/rust/issues/113783
	xcode-version: "16.0.0"

	- name: Install Rust Toolchain
	uses: RDXWorks-actions/toolchain@master
	with:
	toolchain: ${{ env.RUST_TOOLCHAIN }}
	default: true

	- name: Install cargo tarpaulin
	uses: RDXWorks-actions/cargo-install@main
	with:
	crate: cargo-tarpaulin
	tag: 0.30.0
	locked: true

	- name: Code Coverage - Generate
	run: cargo tarpaulin --out=Xml --force-clean

	- name: Code Coverage - Upload to CodeCov.io
	uses: RDXWorks-actions/codecov-action@main
	with:
	token: ${{ env.GH_CODECOV_TOKEN }}
	fail_ci_if_error: true
	flags: rust

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Expose securified security state and expose methods that relied on unsecured entity control on hosts #2885

Workflow file

Expose securified security state and expose methods that relied on unsecured entity control on hosts #2885

Jobs

Run details

Workflow file for this run