Skip to content

fix(IDX): S3 upload #7252

fix(IDX): S3 upload

fix(IDX): S3 upload #7252

Workflow file for this run

name: CI PR Only
# Jobs that run on PRs, but no other pipelines
on:
pull_request:
types: [opened, synchronize, reopened]
permissions: read-all
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref && github.ref || github.run_id }}
cancel-in-progress: true
env:
CI_PIPELINE_SOURCE: ${{ github.event_name }}
CI_PROJECT_DIR: ${{ github.workspace }}
MERGE_BRANCH: ${{ github.event.pull_request.base.ref }}
ORG: ${{ github.repository_owner }}
jobs:
bazel-build-fuzzers-archives:
name: Bazel Build Fuzzers Archives
timeout-minutes: 90
runs-on:
labels: dind-large
container:
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041
options: >-
-e NODE_NAME
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Before script
id: before-script
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
- name: Filter Relevant Files
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: filter
with:
filters: |
fuzzers:
- '.github/workflows/pr-only.yml'
- 'bin/build-all-fuzzers.sh'
- 'bazel/fuzz_testing.bzl'
- name: Run Bazel Build Fuzzers Archives
id: bazel-build-fuzzers-archives
if: steps.filter.outputs.fuzzers == 'true'
shell: bash
run: |
set -euo pipefail
cd "${GITHUB_WORKSPACE}"/bin
./build-all-fuzzers.sh --zip
- name: Upload bazel-bep
if: always()
uses: actions/upload-artifact@v4
with:
name: ${{ github.job }}-bep
retention-days: 14
if-no-files-found: ignore
compression-level: 9
path: |
bazel-bep.pb
profile.json
lock-generate:
name: Lock Generate
timeout-minutes: 30
runs-on:
labels: dind-small
container:
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041
options: >-
-e NODE_NAME
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.head_ref }}
token: ${{ secrets.IDX_PUSH_TO_PR }}
- name: Before script
id: before-script
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
- name: Filter Relevant Files
uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3
id: filter
with:
filters: |
lock-generate:
- '.github/workflows/pr-only.yml'
- '.bazelrc'
- '.bazelversion'
- '**/*.bazel'
- '**/*.bzl'
- '**/*.lock'
- '**/*.rs'
- '**/*.toml'
- name: Run Lock Generate
id: lock-generate
if: steps.filter.outputs.lock-generate == 'true'
run: ./ci/scripts/lock-generate.sh
pre-commit:
name: Pre Commit Test
timeout-minutes: 30
runs-on:
labels: dind-small
container:
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041
options: >-
-e NODE_NAME
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 256
- name: Pre-Commit
id: pre-commit
shell: bash
run: ./ci/scripts/pre-commit.sh
dependencies-check:
name: Dependency Scan for PR
runs-on:
labels: dind-small
container:
image: ghcr.io/dfinity/ic-build@sha256:2c6fc0aa92ada647e42790cbdac3199b27a1407d9e90ff6e5a97a69acac24041
options: >-
-e NODE_NAME
timeout-minutes: 60
permissions:
contents: read
pull-requests: write
env:
SHELL_WRAPPER: "/usr/bin/time"
CI_MERGE_REQUEST_IID: ${{ github.event.pull_request.number }}
CI_PROJECT_PATH: ${{ github.repository }}
CI_PIPELINE_ID: ${{ github.run_id }}
CI_COMMIT_SHA: ${{ github.sha }}
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
JIRA_API_TOKEN: ${{ secrets.JIRA_API_TOKEN }}
SLACK_PSEC_BOT_OAUTH_TOKEN: ${{ secrets.SLACK_PSEC_BOT_OAUTH_TOKEN }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 256
- name: Before script
id: before-script
shell: bash
run: |
[ -n "${NODE_NAME:-}" ] && echo "Node: $NODE_NAME"
- name: Setup python deps
id: setup-python-deps
shell: bash
run: |
pip3 install --ignore-installed -r requirements.txt
- name: Dependency Scan for Pull Request
id: dependencies-check
shell: bash
run: |
set -euo pipefail
export PYTHONPATH=$PWD/ci/src:$PWD/ci/src/dependencies
cd ci/src/dependencies/
$SHELL_WRAPPER python3 job/bazel_rust_ic_scanner_merge_job.py