chore: refactor ci setup to remove insecure features (tailcallhq#964)

Co-authored-by: meskill <[email protected]> Co-authored-by: Amit Singh <[email protected]>
pi600 · Feb 2, 2024 · 929e1d6 · 929e1d6
1 parent 3e03032
commit 929e1d6
Show file tree

Hide file tree

Showing 7 changed files with 139 additions and 167 deletions.
diff --git a/.github/labels.json b/.github/labels.json
@@ -219,7 +219,7 @@
   {
     "name": "ci: benchmark",
     "color": "F9D0C4",
-    "description": "Runs macro benchmarks",
-    "aliases": ["ci:lint"]
+    "description": "Runs benchmarks",
+    "aliases": ["ci:benchmark"]
   }
 ]
diff --git a/.github/workflows/bot.yml → .github/workflows/benchmark.yml b/.github/workflows/bot.yml → .github/workflows/benchmark.yml
@@ -5,21 +5,12 @@ on:
     paths-ignore: ["docs/**", "**.md"]
     branches:
       - main
-  pull_request_target:
+  pull_request:
     paths-ignore: ["docs/**", "**.md"]
-    types: [opened, synchronize, labeled]
-    branches:
-      - main
-
-  workflow_dispatch:
-    inputs:
-      branch:
-        description: "Branch to run benchmark on"
-        required: true
-        default: "main"
+    types: [opened, reopened, synchronize, labeled]
 
 jobs:
-  benchmark:
+  macro_benchmark:
     name: Macro Benchmarks
     if: "contains(github.event.pull_request.labels.*.name, 'ci: benchmark') || github.event_name == 'push'"
     runs-on: benchmarking-runner
@@ -28,30 +19,11 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
       - name: Install Stable Toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          override: true
-          components: rustfmt, clippy
-
-      - name: Cache Rust Dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
+        uses: actions-rust-lang/setup-rust-toolchain@v1
 
       - name: Run Cargo Build
-        uses: actions-rs/cargo@v1
-        with:
-          command: build
-          args: --release
+        run: cargo build --release
 
       - name: Run Tailcall
         run: |
@@ -80,70 +52,21 @@ jobs:
         name: Convert Output to Markdown
         working-directory: ci-benchmark
         run: |
-          node wrk-output-to-md.js wrk-output.txt > wrk-output.md
-
+          node wrk-output-to-md.js wrk-output.txt > body.md
       - id: cat_md
         name: Cat Markdown
         working-directory: ci-benchmark
         run: |
-          cat wrk-output.md
+          cat body.md
 
-      - id: get_comment_body
-        name: Get Comment Body
-        working-directory: ci-benchmark
-        run: |
-          body="$(cat wrk-output.md)"
-          delimiter="$(openssl rand -hex 8)"
-          echo "body<<$delimiter" >> $GITHUB_OUTPUT
-          echo "$body" >> $GITHUB_OUTPUT
-          echo "$delimiter" >> $GITHUB_OUTPUT
-
-      - name: Create Commit Comment
-        uses: peter-evans/commit-comment@v3
+      - name: "Upload Artifact"
+        uses: actions/upload-artifact@v4
         with:
-          sha: ${{github.event.pull_request.head.sha}}
-          body: ${{steps.get_comment_body.outputs.body}}
-
-  lint:
-    name: CI:Lint
-    if: "contains(github.event.pull_request.labels.*.name, 'ci: lint')"
-    runs-on: ubuntu-latest
-    permissions:
-      pull-requests: write
-      contents: write
-    steps:
-      - name: Install Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "18"
-      - name: Install Prettier
-        run: npm install --global prettier
-      - name: Install Stable Toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: nightly
-          components: rustfmt, clippy
-      - name: Cache Rust Dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - uses: actions/checkout@v4
-        with:
-          ref: ${{ github.event.pull_request.head.sha }}
-
-      - name: Run lint script
-        run: ./lint.sh --mode=fix
-      - name: Commit and push if changed
-        uses: stefanzweifel/git-auto-commit-action@v5
-        with:
-          commit_message: "style: apply lint fixes"
+          name: body
+          path: ci-benchmark/body.md
 
   Cache_Benchmarks:
-    name: Micro Benchmarks
+    name: Cache Micro Benchmarks result
     if: (github.event_name == 'push' && github.ref == 'refs/heads/main')
     permissions:
       pull-requests: write
@@ -154,10 +77,7 @@ jobs:
         uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          override: true
+        uses: actions-rust-lang/setup-rust-toolchain@v1
 
       - name: Run Benchmarks
         run: |
@@ -186,10 +106,7 @@ jobs:
           ref: ${{ github.event.pull_request.head.sha }}
 
       - name: Install Rust
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          override: true
+        uses: actions-rust-lang/setup-rust-toolchain@v1
 
       - name: Run Criterion Benchmarks
         run: |

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -3,14 +3,13 @@ name: Build
 on:
   push:
     branches:
-      - "**"
+      - main
   pull_request:
     branches: [main]
     types: [opened, reopened, synchronize]
-  pull_request_target:
-    types: [opened, reopened, synchronize]
 permissions:
   contents: read
+
 jobs:
   check_if_build:
     name: Check if Build
@@ -29,7 +28,6 @@ jobs:
 
   test_cf:
     name: Run Tests (WASM)
-    if: (github.event_name == 'pull_request') || (github.event_name == 'push' && github.ref == 'refs/heads/main')
     runs-on: ubuntu-latest
     defaults:
       run:
@@ -39,14 +37,13 @@ jobs:
       - uses: actions/checkout@v4
 
       - name: Install Rust
-        uses: actions-rs/toolchain@v1
+        uses: actions-rust-lang/setup-rust-toolchain@v1
         with:
-          toolchain: stable
-          override: true
-
-      - name: Add wasm32 target
-        run: rustup target add wasm32-unknown-unknown
+          target: wasm32-unknown-unknown
 
+      - name: Build WASM
+        run: cargo check --lib --target wasm32-unknown-unknown
+        working-directory: ./cloudflare
       - name: Install Node.js
         uses: actions/setup-node@v4
         with:
@@ -60,33 +57,16 @@ jobs:
 
   test:
     name: Run Tests
-    if: (github.event_name == 'pull_request') || (github.event_name == 'push' && github.ref == 'refs/heads/main')
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
       - uses: taiki-e/install-action@cargo-llvm-cov
 
       - name: Install Stable Toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: stable
-          default: true
-
-      - name: Cache Rust Dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-          restore-keys: ${{ runner.os }}-cargo-
+        uses: actions-rust-lang/setup-rust-toolchain@v1
 
       - name: Run Cargo Test
-        uses: actions-rs/cargo@v1
-        with:
-          command: llvm-cov
-          args: --all-features --lcov --output-path lcov.info
+        run: cargo llvm-cov --all-features --lcov --output-path lcov.info
 
       - name: Upload Coverage to Codecov
         uses: codecov/codecov-action@v4
@@ -95,37 +75,9 @@ jobs:
           files: lcov.info
           fail_ci_if_error: true
 
-  format:
-    name: Run Formatter and Lint Check
-    if: (github.event_name == 'pull_request') || (github.event_name == 'push' && github.ref == 'refs/heads/main')
-    runs-on: ubuntu-latest
-    steps:
-      - name: Install Node.js
-        uses: actions/setup-node@v4
-        with:
-          node-version: "20.11.0"
-      - name: Install Prettier
-        run: npm install --global prettier
-      - name: Install Nightly Toolchain
-        uses: actions-rs/toolchain@v1
-        with:
-          toolchain: nightly
-          components: rustfmt, clippy
-      - name: Cache Rust Dependencies
-        uses: actions/cache@v4
-        with:
-          path: |
-            ~/.cargo/registry
-            ~/.cargo/git
-            target
-          key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
-      - uses: actions/checkout@v4
-      - name: Run Lint Script
-        run: ./lint.sh --mode=check
-
   draft_release:
     name: Draft Release
-    if: (github.event_name == 'pull_request_target') || (github.event_name == 'push' && github.ref == 'refs/heads/main')
+    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
     runs-on: ubuntu-latest
     permissions:
       contents: write
@@ -136,7 +88,6 @@ jobs:
 
       - id: create_release
         uses: release-drafter/release-drafter@v6
-        if: (github.event_name == 'pull_request_target') || (github.event_name == 'push' && github.ref == 'refs/heads/main')
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
@@ -151,9 +102,11 @@ jobs:
       create_release_name: ${{ steps.set_output.outputs.create_release_name }}
       create_release_id: ${{ steps.set_output.outputs.create_release_id }}
 
+  # TODO: move to separate file to separate responsibilities
   release:
     name: Release
-    needs: [test, format, draft_release, check_if_build, test_cf]
+    needs: [test, draft_release, check_if_build, test_cf]
+    # TODO: put a condition to separate job that other will depend on to remove duplication?
     if: github.event_name == 'push' && github.ref == 'refs/heads/main' && (needs.check_if_build.outputs.check_if_build == 'true')
     runs-on: ${{ matrix.os }}
     strategy:
@@ -275,7 +228,7 @@ jobs:
         env:
           APP_VERSION: ${{ needs.draft_release.outputs.create_release_name}}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
-        uses: actions-rs/cargo@v1
+        uses: ClementTsang/cargo[email protected]
         with:
           use-cross: ${{ matrix.cross }}
           command: build
@@ -343,6 +296,7 @@ jobs:
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}
           tag-name: ${{needs.draft_release.outputs.create_release_name }}
+
   publish_npm_root:
     name: Publish NPM main package
     needs: [draft_release, release]
@@ -378,6 +332,7 @@ jobs:
         env:
           APP_VERSION: ${{needs.draft_release.outputs.create_release_name }}
           NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
+
   build-and-push-image:
     env:
       REGISTRY: ghcr.io
@@ -416,6 +371,7 @@ jobs:
           push: true
           tags: ${{ steps.meta.outputs.tags }}
           labels: ${{ steps.meta.outputs.labels }}
+
   homebrew-release:
     name: Homebrew Release
     needs: [draft_release, release, semantic_release]

diff --git a/.github/workflows/comment-commit.yml b/.github/workflows/comment-commit.yml
@@ -0,0 +1,28 @@
+name: Comment on commit
+
+on:
+  workflow_run:
+    workflows: ["Benchmark"]
+    types:
+      - completed
+
+jobs:
+  comment:
+    name: Comment on commit
+    runs-on: ubuntu-latest
+    if: >
+      github.event.workflow_run.event == 'pull_request' &&
+      github.event.workflow_run.conclusion == 'success'
+    steps:
+      - name: Download artifact with body message
+        uses: actions/download-artifact@v4
+        with:
+          name: body
+          github-token: ${{ secrets.GITHUB_TOKEN }}
+          run-id: ${{ github.event.workflow_run.id }}
+
+      - name: Create Commit Comment
+        uses: peter-evans/commit-comment@v3
+        with:
+          sha: ${{ github.event.workflow_run.head_sha }}
+          body-path: body.md