mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
40aba05742
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/checkout/releases">actions/checkout's releases</a>.</em></p> <blockquote> <h2>v5.0.0</h2> <h2>What's Changed</h2> <ul> <li>Update actions checkout to use node 24 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2226">actions/checkout#2226</a></li> <li>Prepare v5.0.0 release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2238">actions/checkout#2238</a></li> </ul> <h2>⚠️ Minimum Compatible Runner Version</h2> <p><strong>v2.327.1</strong><br /> <a href="https://github.com/actions/runner/releases/tag/v2.327.1">Release Notes</a></p> <p>Make sure your runner is updated to this version or newer to use this release.</p> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v5.0.0">https://github.com/actions/checkout/compare/v4...v5.0.0</a></p> <h2>v4.3.0</h2> <h2>What's Changed</h2> <ul> <li>docs: update README.md by <a href="https://github.com/motss"><code>@motss</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li>Add internal repos for checking out multiple repositories by <a href="https://github.com/mouismail"><code>@mouismail</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li>Documentation update - add recommended permissions to Readme by <a href="https://github.com/benwells"><code>@benwells</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li>Adjust positioning of user email note and permissions heading by <a href="https://github.com/joshmgross"><code>@joshmgross</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2044">actions/checkout#2044</a></li> <li>Update README.md by <a href="https://github.com/nebuk89"><code>@nebuk89</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li>Update CODEOWNERS for actions by <a href="https://github.com/TingluoHuang"><code>@TingluoHuang</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2224">actions/checkout#2224</a></li> <li>Update package dependencies by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> <li>Prepare release v4.3.0 by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/2237">actions/checkout#2237</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/motss"><code>@motss</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1971">actions/checkout#1971</a></li> <li><a href="https://github.com/mouismail"><code>@mouismail</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1977">actions/checkout#1977</a></li> <li><a href="https://github.com/benwells"><code>@benwells</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2043">actions/checkout#2043</a></li> <li><a href="https://github.com/nebuk89"><code>@nebuk89</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2194">actions/checkout#2194</a></li> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/2236">actions/checkout#2236</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4...v4.3.0">https://github.com/actions/checkout/compare/v4...v4.3.0</a></p> <h2>v4.2.2</h2> <h2>What's Changed</h2> <ul> <li><code>url-helper.ts</code> now leverages well-known environment variables by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1941">actions/checkout#1941</a></li> <li>Expand unit test coverage for <code>isGhes</code> by <a href="https://github.com/jww3"><code>@jww3</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1946">actions/checkout#1946</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.1...v4.2.2">https://github.com/actions/checkout/compare/v4.2.1...v4.2.2</a></p> <h2>v4.2.1</h2> <h2>What's Changed</h2> <ul> <li>Check out other refs/* by commit if provided, fall back to ref by <a href="https://github.com/orhantoy"><code>@orhantoy</code></a> in <a href="https://redirect.github.com/actions/checkout/pull/1924">actions/checkout#1924</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Jcambass"><code>@Jcambass</code></a> made their first contribution in <a href="https://redirect.github.com/actions/checkout/pull/1919">actions/checkout#1919</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/checkout/compare/v4.2.0...v4.2.1">https://github.com/actions/checkout/compare/v4.2.0...v4.2.1</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="08c6903cd8"><code>08c6903</code></a> Prepare v5.0.0 release (<a href="https://redirect.github.com/actions/checkout/issues/2238">#2238</a>)</li> <li><a href="9f265659d3"><code>9f26565</code></a> Update actions checkout to use node 24 (<a href="https://redirect.github.com/actions/checkout/issues/2226">#2226</a>)</li> <li>See full diff in <a href="https://github.com/actions/checkout/compare/v4...v5">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
431 lines
16 KiB
YAML
431 lines
16 KiB
YAML
name: Continuous Integration
|
|
run-name: Triggered by ${{ github.actor }} on ${{ github.event_name }}
|
|
on:
|
|
pull_request:
|
|
merge_group:
|
|
types: [checks_requested]
|
|
workflow_dispatch:
|
|
workflow_call:
|
|
inputs:
|
|
stage:
|
|
required: true
|
|
type: string
|
|
profile:
|
|
required: true
|
|
type: string
|
|
|
|
# Cancel old workflow runs if new code is pushed
|
|
concurrency:
|
|
group: "ci-${{ github.event_name }}-${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: ${{ github.event_name != 'workflow_call' }}
|
|
|
|
jobs:
|
|
planner:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
jobs_to_run: ${{ steps.plan.outputs.jobs_to_run }}
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Plan jobs to run
|
|
id: plan
|
|
run: |
|
|
set -e
|
|
|
|
jobs="static-analysis,elixir,rust,tauri,kotlin,swift,codeql,build-artifacts,build-perf-artifacts";
|
|
|
|
# For workflow_dispatch or workflow_call, run all jobs
|
|
if [ "${{ github.event_name }}" = "workflow_dispatch" ] || [ "${{ github.event_name }}" = "workflow_call" ]; then
|
|
echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT"
|
|
|
|
exit 0;
|
|
fi
|
|
|
|
# For main branch runs, run all jobs
|
|
if [ "${{ github.event_name }}" = "push" ] && [ "${{ github.ref_name }}" = "main" ]; then
|
|
echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT"
|
|
|
|
exit 0;
|
|
fi
|
|
|
|
# Fetch base ref for PRs
|
|
if [ "${{ github.event_name }}" = "pull_request" ]; then
|
|
git fetch origin ${{ github.base_ref }} --depth=1
|
|
git diff --name-only origin/${{ github.base_ref }} ${{ github.sha }} > changed_files.txt
|
|
|
|
echo "Changed files:"
|
|
cat changed_files.txt
|
|
fi
|
|
|
|
# Fetch base ref for merge_group
|
|
if [ "${{ github.event_name }}" = "merge_group" ]; then
|
|
# Base ref could be a few commits away, so fetch a few commits in case the queue is long
|
|
git fetch origin ${{ github.event.merge_group.base_ref }} --depth=20
|
|
git diff --name-only ${{ github.event.merge_group.base_sha }} ${{ github.sha }} > changed_files.txt
|
|
|
|
echo "Changed files:"
|
|
cat changed_files.txt
|
|
fi
|
|
|
|
# Run all jobs if CI configuration changes
|
|
if grep -q '^\.github/' changed_files.txt; then
|
|
echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT"
|
|
exit 0;
|
|
fi
|
|
|
|
# Run all jobs if tool versions change
|
|
if grep -q '^\.tool-versions' changed_files.txt; then
|
|
echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT"
|
|
exit 0;
|
|
fi
|
|
|
|
# Run all jobs if docker-compose changes
|
|
if grep -q '^docker-compose.yml' changed_files.txt; then
|
|
echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT"
|
|
exit 0;
|
|
fi
|
|
|
|
jobs="static-analysis" # Always run static-analysis
|
|
|
|
if grep -q '^rust/' changed_files.txt; then
|
|
jobs="${jobs},rust,kotlin,swift,build-artifacts,build-perf-artifacts"
|
|
fi
|
|
if grep -q '^rust/gui-client/' changed_files.txt; then
|
|
jobs="${jobs},tauri"
|
|
fi
|
|
if grep -q '^rust/tests/gui-smoke-test/' changed_files.txt; then
|
|
jobs="${jobs},tauri"
|
|
fi
|
|
if grep -q '^elixir/' changed_files.txt; then
|
|
jobs="${jobs},elixir,codeql,build-artifacts"
|
|
fi
|
|
if grep -q '^kotlin/' changed_files.txt; then
|
|
jobs="${jobs},kotlin"
|
|
fi
|
|
if grep -q '^swift/' changed_files.txt; then
|
|
jobs="${jobs},swift"
|
|
fi
|
|
if grep -q '^website/' changed_files.txt; then
|
|
jobs="${jobs},codeql"
|
|
fi
|
|
if grep -q '^scripts/tests/' changed_files.txt; then
|
|
jobs="${jobs},build-artifacts,build-perf-artifacts"
|
|
fi
|
|
|
|
echo "jobs_to_run=$jobs" >> "$GITHUB_OUTPUT"
|
|
|
|
required-check:
|
|
name: required-check
|
|
needs: planner
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v5
|
|
- name: Wait for all jobs to complete
|
|
timeout-minutes: 60
|
|
env:
|
|
GH_TOKEN: ${{ github.token }}
|
|
run: |
|
|
set -e
|
|
|
|
while true; do
|
|
jobs_json=$(gh run view ${{ github.run_id }} --json jobs --jq '.jobs | map(select((.name | contains("required-check") | not) and (.name | contains("upload-bencher") | not)))')
|
|
|
|
total_jobs=$(echo "$jobs_json" | jq 'length')
|
|
failed_jobs=$(echo "$jobs_json" | jq -r '[.[] | select(.conclusion == "failure")] | length')
|
|
completed_jobs=$(echo "$jobs_json" | jq '[.[] | select(.status == "completed")] | length')
|
|
|
|
if [ "$failed_jobs" -gt 0 ]; then
|
|
echo "At least one job has failed."
|
|
exit 1
|
|
fi
|
|
|
|
echo "Completed: $completed_jobs/$total_jobs"
|
|
|
|
if [ "$completed_jobs" -eq "$total_jobs" ]; then
|
|
break
|
|
fi
|
|
|
|
echo "Jobs not yet completed:"
|
|
echo "$jobs_json" | jq -r '.[] | select(.status != "completed") | "- " + .name + " (Status: " + .status + ")" '
|
|
|
|
sleep 10
|
|
done
|
|
|
|
kotlin:
|
|
needs: planner
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'kotlin')
|
|
uses: ./.github/workflows/_kotlin.yml
|
|
secrets: inherit
|
|
swift:
|
|
needs: planner
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'swift')
|
|
uses: ./.github/workflows/_swift.yml
|
|
secrets: inherit
|
|
elixir:
|
|
needs: planner
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'elixir')
|
|
uses: ./.github/workflows/_elixir.yml
|
|
secrets: inherit
|
|
rust:
|
|
needs: planner
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'rust')
|
|
uses: ./.github/workflows/_rust.yml
|
|
secrets: inherit
|
|
tauri:
|
|
needs: planner
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'tauri')
|
|
uses: ./.github/workflows/_tauri.yml
|
|
secrets: inherit
|
|
static-analysis:
|
|
needs: planner
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'static-analysis')
|
|
uses: ./.github/workflows/_static-analysis.yml
|
|
secrets: inherit
|
|
codeql:
|
|
needs: planner
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'codeql')
|
|
uses: ./.github/workflows/_codeql.yml
|
|
secrets: inherit
|
|
|
|
update-release-draft:
|
|
name: update-release-draft-${{ matrix.config_name }}
|
|
runs-on: ubuntu-24.04
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
# mark:next-gateway-version
|
|
- release_name: gateway-1.4.17
|
|
config_name: release-drafter-gateway.yml
|
|
# mark:next-headless-version
|
|
- release_name: headless-client-1.5.4
|
|
config_name: release-drafter-headless-client.yml
|
|
|
|
steps:
|
|
- uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0
|
|
# Only draft releases on merges to main
|
|
if: ${{ github.ref_name == 'main' }}
|
|
id: update-release-draft
|
|
with:
|
|
config-name: ${{ matrix.config_name }}
|
|
tag: ${{ matrix.release_name }}
|
|
version: ${{ matrix.release_name }}
|
|
name: ${{ matrix.release_name }}
|
|
commitish: ${{ github.sha }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
build-artifacts:
|
|
needs: [update-release-draft, planner]
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'build-artifacts')
|
|
uses: ./.github/workflows/_build_artifacts.yml
|
|
secrets: inherit
|
|
with:
|
|
# Build debug/ on PRs and merge group, no prefix for production release images
|
|
image_prefix: ${{ ((github.event_name == 'pull_request' || github.event_name == 'merge_group') && 'debug') || '' }}
|
|
profile: ${{ inputs.profile || 'debug' }}
|
|
stage: ${{ inputs.stage || 'debug' }}
|
|
|
|
build-perf-artifacts:
|
|
needs: [update-release-draft, planner]
|
|
if: contains(needs.planner.outputs.jobs_to_run, 'build-perf-artifacts')
|
|
uses: ./.github/workflows/_build_artifacts.yml
|
|
secrets: inherit
|
|
with:
|
|
sha: ${{ github.sha }}
|
|
image_prefix: "perf"
|
|
profile: "release"
|
|
stage: "debug" # Only the debug images have perf tooling
|
|
|
|
integration-tests:
|
|
uses: ./.github/workflows/_integration_tests.yml
|
|
needs: build-artifacts
|
|
secrets: inherit
|
|
with:
|
|
gateway_image: ${{ needs.build-artifacts.outputs.gateway_image }}
|
|
client_image: ${{ needs.build-artifacts.outputs.client_image }}
|
|
relay_image: ${{ needs.build-artifacts.outputs.relay_image }}
|
|
http_test_server_image: ${{ needs.build-artifacts.outputs.http_test_server_image }}
|
|
|
|
compatibility-tests:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
client:
|
|
- image: "ghcr.io/firezone/client"
|
|
tag: "latest"
|
|
gateway:
|
|
- image: ${{ needs.build-artifacts.outputs.gateway_image }}
|
|
tag: ${{ github.sha }}
|
|
ci-name: sha
|
|
- image: "ghcr.io/firezone/gateway"
|
|
tag: "latest"
|
|
ci-name: latest
|
|
# Don't run compatibility tests when called from hotfix.yml or publish.yml on `main` because
|
|
# it'll be red if there was a breaking change we're trying to publish,
|
|
# and the deploy_production workflow checks for main to be green.
|
|
if: ${{ github.event_name == 'pull_request' || github.event_name == 'merge_group' }}
|
|
name: compatibility-tests-client(${{ matrix.client.tag }})-gateway(${{ matrix.gateway.ci-name }})
|
|
uses: ./.github/workflows/_integration_tests.yml
|
|
needs: build-artifacts
|
|
secrets: inherit
|
|
with:
|
|
gateway_image: ${{ matrix.gateway.image }}
|
|
gateway_tag: ${{ matrix.gateway.tag }}
|
|
client_image: ${{ matrix.client.image }}
|
|
client_tag: ${{ matrix.client.tag }}
|
|
|
|
perf-tests:
|
|
name: perf-tests
|
|
needs: build-perf-artifacts
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
pull-requests: write
|
|
env:
|
|
API_IMAGE: "ghcr.io/firezone/api"
|
|
API_TAG: ${{ github.sha }}
|
|
WEB_IMAGE: "ghcr.io/firezone/web"
|
|
WEB_TAG: ${{ github.sha }}
|
|
ELIXIR_IMAGE: "ghcr.io/firezone/elixir"
|
|
ELIXIR_TAG: ${{ github.sha }}
|
|
GATEWAY_IMAGE: "ghcr.io/firezone/perf/gateway"
|
|
GATEWAY_TAG: ${{ github.sha }}
|
|
CLIENT_IMAGE: "ghcr.io/firezone/perf/client"
|
|
CLIENT_TAG: ${{ github.sha }}
|
|
RELAY_IMAGE: "ghcr.io/firezone/perf/relay"
|
|
RELAY_TAG: ${{ github.sha }}
|
|
FIREZONE_INC_BUF: true
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
test:
|
|
- tcp-client2server
|
|
- tcp-server2client
|
|
- udp-client2server
|
|
- udp-server2client
|
|
flavour:
|
|
- direct
|
|
- relayed
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- uses: ./.github/actions/ghcr-docker-login
|
|
with:
|
|
github_token: ${{ secrets.GITHUB_TOKEN }}
|
|
# We need at least Docker v28.1 which is not yet available on GitHub actions runners
|
|
- uses: docker/setup-docker-action@b60f85385d03ac8acfca6d9996982511d8620a19 # v4.3.0
|
|
- name: Seed database
|
|
run: docker compose run elixir /bin/sh -c 'cd apps/domain && mix ecto.migrate --migrations-path priv/repo/migrations --migrations-path priv/repo/manual_migrations && mix ecto.seed'
|
|
- name: Increase max UDP buffer sizes
|
|
run: |
|
|
sudo sysctl -w net.core.wmem_max=16777216 # 16 MB
|
|
sudo sysctl -w net.core.rmem_max=134217728 # 128 MB
|
|
- name: Start docker compose in the background
|
|
run: |
|
|
if [ "${{ matrix.flavour }}" = "relayed" ]; then
|
|
echo "CLIENT_MASQUERADE=random" >> "$GITHUB_ENV"
|
|
echo "UDP_BITRATE=300M" >> "$GITHUB_ENV"
|
|
fi
|
|
|
|
docker compose build client-router gateway-router relay-1-router relay-2-router api-router
|
|
|
|
# Start services in the same order each time for the tests
|
|
docker compose up -d iperf3
|
|
docker compose up -d api web domain --no-build
|
|
docker compose up -d relay-1 relay-2 --no-build
|
|
docker compose up -d gateway --no-build
|
|
docker compose up -d client --no-build
|
|
docker compose up veth-config
|
|
- name: "Performance test: ${{ matrix.flavour }}-${{ matrix.test }}"
|
|
timeout-minutes: 5
|
|
env:
|
|
TEST_NAME: ${{ matrix.flavour }}-${{ matrix.test }}
|
|
run: |
|
|
./scripts/tests/perf/${{ matrix.test }}.sh
|
|
jq '{ "${{ matrix.flavour }}-${{ matrix.test }}": { "retransmits": { "value": (.end.sum_sent.retransmits // -1) }, "throughput": { "value": .end.sum_received.bits_per_second } } }' ./${{ matrix.flavour }}-${{ matrix.test }}.json > ./${{ matrix.flavour }}-${{ matrix.test }}.bmf.json
|
|
- name: "Save performance test results: ${{ matrix.flavour }}-${{ matrix.test }}"
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
overwrite: true
|
|
name: ${{ matrix.flavour }}-${{ matrix.test }}-${{ github.sha }}-iperf3results
|
|
path: ./${{ matrix.flavour }}-${{ matrix.test }}.bmf.json
|
|
- name: Show Client logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs client
|
|
- name: Show Relay-1 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs relay-1
|
|
- name: Show Relay-2 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs relay-2
|
|
- name: Show Gateway logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs gateway
|
|
- name: Show API logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs api
|
|
- name: Show iperf3 logs
|
|
if: "!cancelled()"
|
|
run: docker compose logs iperf3
|
|
|
|
- name: Ensure no warnings are logged
|
|
if: "!cancelled()"
|
|
run: |
|
|
docker compose logs client |
|
|
grep "WARN" && exit 1 || exit 0
|
|
|
|
docker compose logs gateway |
|
|
grep "WARN" && exit 1 || exit 0
|
|
|
|
# BTF doesn't load for veth interfaces
|
|
docker compose logs relay-1 | \
|
|
grep --invert "Object BTF couldn't be loaded in the kernel: the BPF_BTF_LOAD syscall failed." | \
|
|
grep "WARN" && exit 1 || exit 0
|
|
docker compose logs relay-2 | \
|
|
grep --invert "Object BTF couldn't be loaded in the kernel: the BPF_BTF_LOAD syscall failed." | \
|
|
grep "WARN" && exit 1 || exit 0
|
|
|
|
- name: Ensure no UDP socket errors
|
|
if: "!cancelled() && startsWith(matrix.test, 'tcp')"
|
|
run: |
|
|
docker compose exec client /bin/sh -c 'nstat -s' |
|
|
grep -i "error" && exit 1 || exit 0
|
|
|
|
docker compose exec gateway /bin/sh -c 'nstat -s' |
|
|
grep -i "error" && exit 1 || exit 0
|
|
|
|
upload-bencher:
|
|
continue-on-error: true
|
|
needs: perf-tests
|
|
runs-on: ubuntu-24.04
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
pull-requests: write
|
|
checks: write
|
|
steps:
|
|
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
|
|
- uses: bencherdev/bencher@main
|
|
- name: Download performance test results
|
|
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
|
|
with:
|
|
pattern: "*-${{ github.sha }}-iperf3results"
|
|
merge-multiple: true
|
|
path: ./${{ github.sha }}
|
|
- name: Merge benchmarks results into one report
|
|
run: jq -s 'reduce .[] as $item ({}; . * $item)' ./${{ github.sha }}/*.bmf.json > bmf.json
|
|
- name: Report results to bencher
|
|
run: |
|
|
bencher run \
|
|
--project firezone-1l75jv1z \
|
|
--testbed github-actions \
|
|
--file bmf.json \
|
|
--adapter json \
|
|
--branch "${{ env.BRANCH }}" \
|
|
--branch-start-point "${{ github.base_ref }}" \
|
|
--github-actions ${{ secrets.GITHUB_TOKEN }} \
|
|
--ci-only-on-alert
|
|
env:
|
|
BENCHER_API_TOKEN: ${{ secrets.BENCHER_API_TOKEN }}
|
|
BRANCH: "${{ github.head_ref || github.ref_name }}"
|