mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
1be77d4e2d
Link to latest binaries Generated with `make -f scripts/Makefile`. Just need a rubber-stamp, changes should be GTG
287 lines
9.8 KiB
YAML
287 lines
9.8 KiB
YAML
name: Continuous Integration
|
|
run-name: Triggered by ${{ github.actor }} on ${{ github.event_name }}
|
|
on:
|
|
pull_request:
|
|
merge_group:
|
|
types: [checks_requested]
|
|
workflow_call:
|
|
inputs:
|
|
stage:
|
|
required: true
|
|
type: string
|
|
profile:
|
|
required: true
|
|
type: string
|
|
|
|
env:
|
|
# mark:automatic-version
|
|
VERSION: "1.0.4"
|
|
|
|
# Cancel old workflow runs if new code is pushed
|
|
concurrency:
|
|
group: "ci-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: ${{ github.event_name != 'workflow_call' }}
|
|
|
|
jobs:
|
|
kotlin:
|
|
uses: ./.github/workflows/_kotlin.yml
|
|
secrets: inherit
|
|
swift:
|
|
uses: ./.github/workflows/_swift.yml
|
|
secrets: inherit
|
|
tauri:
|
|
uses: ./.github/workflows/_tauri.yml
|
|
secrets: inherit
|
|
elixir:
|
|
uses: ./.github/workflows/_elixir.yml
|
|
rust:
|
|
uses: ./.github/workflows/_rust.yml
|
|
secrets: inherit
|
|
static-analysis:
|
|
uses: ./.github/workflows/_static-analysis.yml
|
|
terraform:
|
|
uses: ./.github/workflows/_terraform.yml
|
|
secrets: inherit
|
|
codeql:
|
|
uses: ./.github/workflows/_codeql.yml
|
|
secrets: inherit
|
|
|
|
update-release-draft:
|
|
runs-on: ubuntu-22.04
|
|
outputs:
|
|
tag_name: ${{ steps.update-release-draft.outputs.tag_name }}
|
|
steps:
|
|
- uses: release-drafter/release-drafter@v6
|
|
id: update-release-draft
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
build-artifacts:
|
|
needs: update-release-draft
|
|
uses: ./.github/workflows/_build_artifacts.yml
|
|
secrets: inherit
|
|
with:
|
|
# Build debug/ on PRs and merge group, no prefix for production release images
|
|
image_prefix: ${{ ((github.event_name == 'pull_request' || github.event_name == 'merge_group') && 'debug') || '' }}
|
|
profile: ${{ inputs.profile || 'debug' }}
|
|
stage: ${{ inputs.stage || 'debug' }}
|
|
tag_name: ${{ needs.update-release-draft.outputs.tag_name }}
|
|
|
|
build-base-perf-artifacts:
|
|
needs: update-release-draft
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
uses: ./.github/workflows/_build_artifacts.yml
|
|
secrets: inherit
|
|
with:
|
|
sha: ${{ github.event.pull_request.base.sha }}
|
|
image_prefix: 'perf'
|
|
profile: 'release'
|
|
stage: 'debug'
|
|
tag_name: ${{ needs.update-release-draft.outputs.tag_name }}
|
|
|
|
build-head-perf-artifacts:
|
|
needs: update-release-draft
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
uses: ./.github/workflows/_build_artifacts.yml
|
|
secrets: inherit
|
|
with:
|
|
sha: ${{ github.sha }}
|
|
image_prefix: 'perf'
|
|
profile: 'release'
|
|
stage: 'debug'
|
|
tag_name: ${{ needs.update-release-draft.outputs.tag_name }}
|
|
|
|
integration-tests:
|
|
uses: ./.github/workflows/_integration_tests.yml
|
|
needs: build-artifacts
|
|
secrets: inherit
|
|
with:
|
|
gateway_image: ${{ needs.build-artifacts.outputs.gateway_image }}
|
|
client_image: ${{ needs.build-artifacts.outputs.client_image }}
|
|
relay_image: ${{ needs.build-artifacts.outputs.relay_image }}
|
|
|
|
snownet-tests:
|
|
needs: build-artifacts
|
|
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
|
|
name: snownet-tests-${{ matrix.name }}
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
pull-requests: write
|
|
env:
|
|
RELAY_TAG: ${{ github.sha }}
|
|
SNOWNET_TAG: ${{ github.sha }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
name:
|
|
- lan
|
|
- wan-hp
|
|
- wan-relay
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- uses: ./.github/actions/gcp-docker-login
|
|
id: login
|
|
with:
|
|
project: firezone-staging
|
|
- name: Run docker-compose.${{ matrix.name }}.yml test
|
|
run: |
|
|
sudo sysctl -w vm.overcommit_memory=1
|
|
timeout 600 docker compose -f rust/snownet-tests/docker-compose.${{ matrix.name }}.yml up --exit-code-from dialer --abort-on-container-exit
|
|
|
|
compatibility-tests:
|
|
# Don't run compatibility tests when called from hotfix.yml or publish.yml on `main` because
|
|
# it'll be red if there was a breaking change we're tring to publish,
|
|
# and the deploy_production workflow checks for main to be green.
|
|
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
|
|
uses: ./.github/workflows/_integration_tests.yml
|
|
needs: build-artifacts
|
|
secrets: inherit
|
|
with:
|
|
gateway_image: "ghcr.io/firezone/gateway"
|
|
gateway_tag: "latest"
|
|
client_image: "ghcr.io/firezone/client"
|
|
client_tag: "latest"
|
|
|
|
perf-tests:
|
|
# Only the debug images have perf tooling
|
|
if: ${{ github.event_name == 'pull_request' }}
|
|
name: perf-tests-${{ matrix.version.prefix }}-${{ matrix.test_name }}
|
|
needs:
|
|
- build-base-perf-artifacts
|
|
- build-head-perf-artifacts
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
pull-requests: write
|
|
env:
|
|
API_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/api'
|
|
API_TAG: ${{ matrix.version.sha }}
|
|
WEB_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/web'
|
|
WEB_TAG: ${{ matrix.version.sha }}
|
|
ELIXIR_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/elixir'
|
|
ELIXIR_TAG: ${{ matrix.version.sha }}
|
|
GATEWAY_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/perf/gateway'
|
|
GATEWAY_TAG: ${{ matrix.version.sha }}
|
|
CLIENT_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/perf/client'
|
|
CLIENT_TAG: ${{ matrix.version.sha }}
|
|
RELAY_IMAGE: 'us-east1-docker.pkg.dev/firezone-staging/firezone/perf/relay'
|
|
RELAY_TAG: ${{ matrix.version.sha }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
version:
|
|
- sha: ${{ github.sha }}
|
|
prefix: head
|
|
- sha: ${{ github.event.pull_request.base.sha }}
|
|
prefix: base
|
|
test_name:
|
|
- direct-tcp-client2server
|
|
- direct-tcp-server2client
|
|
- direct-udp-client2server
|
|
- direct-udp-server2client
|
|
- relayed-tcp-client2server
|
|
- relayed-tcp-server2client
|
|
- relayed-udp-client2server
|
|
- relayed-udp-server2client
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ matrix.version.sha }}
|
|
- uses: ./.github/actions/gcp-docker-login
|
|
id: login
|
|
with:
|
|
project: firezone-staging
|
|
- name: Seed database
|
|
run:
|
|
docker compose run elixir /bin/sh -c 'cd apps/domain && mix ecto.seed'
|
|
- name: Start docker compose in the background
|
|
run: |
|
|
# We need to increase the log level to make sure that they don't hold off storm of packets
|
|
# generated by UDP tests. Wire is especially chatty.
|
|
sed -i 's/^\(\s*\)RUST_LOG:.*$/\1RUST_LOG: wire=error,info/' docker-compose.yml
|
|
cat docker-compose.yml | grep RUST_LOG
|
|
|
|
# Start services in the same order each time for the tests
|
|
docker compose up -d iperf3
|
|
docker compose up -d api web domain --no-build
|
|
docker compose up -d relay-1 relay-2 --no-build
|
|
docker compose up -d gateway --no-build
|
|
docker compose up -d client --no-build
|
|
- name: 'Performance test: ${{ matrix.test_name }}'
|
|
timeout-minutes: 5
|
|
env:
|
|
TEST_NAME: ${{ matrix.test_name }}
|
|
run: ./scripts/tests/perf/${{ matrix.test_name }}.sh
|
|
- name: 'Save performance test results: ${{ matrix.test_name }}'
|
|
uses: actions/upload-artifact@v4
|
|
with:
|
|
overwrite: true
|
|
name: ${{ matrix.test_name }}-${{ matrix.version.sha }}-iperf3results
|
|
path: ./${{ matrix.test_name }}.json
|
|
- name: Show Client logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs client
|
|
- name: Show Client UDP stats
|
|
if: "!cancelled()"
|
|
run: docker compose exec client cat /proc/net/udp
|
|
- name: Show Relay-1 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs relay-1
|
|
- name: Show Relay-2 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs relay-2
|
|
- name: Show Gateway logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs gateway
|
|
- name: Show Gateway UDP stats
|
|
if: "!cancelled()"
|
|
run: docker compose exec gateway cat /proc/net/udp
|
|
- name: Show API logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs api
|
|
- name: Show iperf3 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs iperf3
|
|
|
|
compare-results:
|
|
if: github.event_name == 'pull_request'
|
|
needs: perf-tests
|
|
runs-on: ubuntu-22.04
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
pull-requests: write
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Download base ref performance test results
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: '*-${{ github.event.pull_request.base.sha }}-iperf3results'
|
|
merge-multiple: true
|
|
path: ./${{ github.event.pull_request.base.sha }}
|
|
- name: Download head ref performance test results
|
|
uses: actions/download-artifact@v4
|
|
with:
|
|
pattern: '*-${{ github.sha }}-iperf3results'
|
|
merge-multiple: true
|
|
path: ./${{ github.sha }}
|
|
- name: Update PR with results
|
|
uses: actions/github-script@v7
|
|
with:
|
|
github-token: ${{ secrets.GITHUB_TOKEN }}
|
|
script: |
|
|
const { script } = require('./scripts/tests/perf/results.js');
|
|
script(github, context, '${{ github.event.pull_request.base.sha }}', '${{ github.sha }}', [
|
|
'direct-tcp-client2server',
|
|
'direct-tcp-server2client',
|
|
'direct-udp-client2server',
|
|
'direct-udp-server2client',
|
|
'relayed-tcp-client2server',
|
|
'relayed-tcp-server2client',
|
|
'relayed-udp-client2server',
|
|
'relayed-udp-server2client'
|
|
]);
|