examples: Add TDX-based oracle #10040
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# NOTE: This name appears in GitHub's Checks API and in workflow's status badge. | |
name: ci-test | |
# Trigger the workflow when: | |
on: | |
# A push occurs to one of the matched branches. | |
push: | |
branches: | |
- main | |
- stable/* | |
# Or when a pull request event occurs for a pull request against one of the | |
# matched branches. | |
pull_request: | |
branches: | |
- main | |
- stable/* | |
# Cancel in-progress jobs on same branch. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
test-rust: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: test-rust | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Rust | |
run: rustup show | |
- name: Build test contracts | |
working-directory: tests/contracts/hello | |
run: cargo build --target wasm32-unknown-unknown --release | |
- name: Test Rust code | |
uses: ./.github/actions/test-rust | |
- name: Test Hello contract code | |
uses: ./.github/actions/test-rust | |
with: | |
manifest_path: tests/contracts/hello/Cargo.toml | |
- name: Test OAS-20 contract | |
uses: ./.github/actions/test-rust | |
with: | |
manifest_path: contract-sdk/specs/token/oas20/Cargo.toml | |
test-rust-sgx: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: test-rust-sgx | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# gcc-multilib is required for bindgen to work for SGX. | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install gcc-multilib clang-11 | |
- name: Set up Rust | |
run: rustup show | |
- name: Build for SGX | |
run: cargo build --target x86_64-fortanix-unknown-sgx | |
env: | |
CFLAGS_x86_64_fortanix_unknown_sgx: -isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening | |
CC_x86_64_fortanix_unknown_sgx: clang-11 | |
check-core-versions: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: check-core-versions | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Check versions | |
run: ./tests/check-core-versions.sh | |
test-go: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: test-go | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22.x" | |
- name: Unit tests with coverage | |
working-directory: client-sdk/go | |
run: go test -race -coverprofile=coverage.txt -covermode=atomic -v ./... | |
- name: Upload to codecov.io | |
uses: codecov/[email protected] | |
with: | |
directory: client-sdk/go | |
test-go-tools: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: test-tools | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22.x" | |
- name: Test build orc | |
working-directory: tools/orc | |
run: go build | |
- name: Test build gen_runtime_vectors | |
working-directory: tools/gen_runtime_vectors | |
run: go build | |
typecheck: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: typecheck | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js LTS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18.x" | |
cache: npm | |
cache-dependency-path: 'client-sdk/ts-web/package-lock.json' | |
- name: Install dependencies and build | |
working-directory: client-sdk/ts-web | |
run: npm ci --foreground-scripts | |
- name: Check ts-web/core playground | |
working-directory: client-sdk/ts-web/core | |
run: npm run-script check-playground | |
- name: Check ts-web/core typedoc | |
working-directory: client-sdk/ts-web/core | |
run: npx typedoc | |
- name: Check ts-web/signer-ledger playground | |
working-directory: client-sdk/ts-web/signer-ledger | |
run: npm run-script check-playground | |
- name: Check ts-web/signer-ledger typedoc | |
working-directory: client-sdk/ts-web/signer-ledger | |
run: npx typedoc | |
- name: Check ts-web/rt playground | |
working-directory: client-sdk/ts-web/rt | |
run: npm run-script check-playground | |
- name: Check ts-web/rt typedoc | |
working-directory: client-sdk/ts-web/rt | |
run: npx typedoc | |
- name: Check ts-web/ext-utils sample-page | |
working-directory: client-sdk/ts-web/ext-utils | |
run: npm run-script check-sample-page | |
- name: Check ts-web/ext-utils sample-ext | |
working-directory: client-sdk/ts-web/ext-utils | |
run: npm run-script check-sample-ext | |
- name: Check ts-web/ext-utils typedoc | |
working-directory: client-sdk/ts-web/ext-utils | |
run: npx typedoc | |
e2e-ts-web-core: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: e2e-ts-web-core | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js LTS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18.x" | |
cache: npm | |
cache-dependency-path: 'client-sdk/ts-web/package-lock.json' | |
- name: Install dependencies and build | |
working-directory: client-sdk/ts-web | |
run: npm ci --foreground-scripts | |
- name: 'dev-server: Start' | |
working-directory: client-sdk/ts-web/core | |
run: npm run-script playground & | |
- name: 'proxy: Install Envoy' | |
# https://github.com/tetratelabs/archive-envoy | |
run: | | |
curl -sL 'https://github.com/tetratelabs/archive-envoy/releases/download/v1.18.3/envoy-v1.18.3-linux-amd64.tar.xz' | sudo tar -xJC /opt | |
sudo ln -s /opt/envoy-v1.18.3-linux-amd64/bin/envoy /usr/local/bin | |
- name: 'proxy: Start' | |
working-directory: client-sdk/ts-web/core/playground | |
run: ./sample-run-envoy.sh & | |
- name: 'testnet: Download artifacts' | |
working-directory: tests | |
run: ./download-artifacts.sh | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: 'testnet: Start' | |
working-directory: client-sdk/ts-web/core/playground | |
run: ./sample-run-network.sh & | |
- name: 'testnet: Wait for node socket' | |
run: | | |
while [ ! -e /tmp/oasis-net-runner-sdk-core/net-runner/network/client-0/internal.sock ]; do | |
sleep 1 | |
done | |
- name: Cypress run | |
working-directory: client-sdk/ts-web/core | |
run: npm run-script test-e2e-cy | |
- name: Node.js e2e run | |
working-directory: client-sdk/ts-web/core | |
run: npm run-script test-e2e-node | |
- name: Upload screenshot | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: e2e-ts-web-core-screenshots | |
path: client-sdk/ts-web/core/cypress/screenshots | |
- name: Upload logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: e2e-ts-web-core-logs | |
path: | | |
/tmp/oasis-net-runner-sdk-core/**/*.log | |
e2e-ts-web-ext-utils: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: e2e-ts-web-ext-utils | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js LTS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18.x" | |
cache: npm | |
cache-dependency-path: 'client-sdk/ts-web/package-lock.json' | |
- name: Install dependencies and build | |
working-directory: client-sdk/ts-web | |
run: npm ci --foreground-scripts | |
- name: 'dev-server sample-page: Start' | |
working-directory: client-sdk/ts-web/ext-utils | |
run: npm run-script sample-page & | |
- name: 'dev-server fake-sample-ext: Start' | |
working-directory: client-sdk/ts-web/ext-utils | |
run: npm run-script fake-sample-ext & | |
- name: Cypress run | |
working-directory: client-sdk/ts-web/ext-utils | |
run: npm run-script test-e2e-cy | |
- name: Upload screenshot | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: e2e-ts-web-ext-utils-screenshots | |
path: client-sdk/ts-web/ext-utils/cypress/screenshots | |
e2e-ts-web-rt: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: e2e-ts-web-rt | |
runs-on: ubuntu-latest | |
env: | |
# Run all E2E tests in mock SGX. | |
OASIS_UNSAFE_SKIP_AVR_VERIFY: 1 | |
OASIS_UNSAFE_ALLOW_DEBUG_ENCLAVES: 1 | |
OASIS_UNSAFE_MOCK_SGX: 1 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js LTS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18.x" | |
cache: npm | |
cache-dependency-path: 'client-sdk/ts-web/package-lock.json' | |
- name: Install dependencies and build | |
working-directory: client-sdk/ts-web | |
run: npm ci --foreground-scripts | |
- name: 'dev-server: Start' | |
working-directory: client-sdk/ts-web/rt | |
run: npm run-script playground & | |
- name: 'proxy: Install Envoy' | |
# https://github.com/tetratelabs/archive-envoy | |
run: | | |
curl -sL 'https://github.com/tetratelabs/archive-envoy/releases/download/v1.18.3/envoy-v1.18.3-linux-amd64.tar.xz' | sudo tar -xJC /opt | |
sudo ln -s /opt/envoy-v1.18.3-linux-amd64/bin/envoy /usr/local/bin | |
- name: 'proxy: Start' | |
working-directory: client-sdk/ts-web/rt/playground | |
run: ./sample-run-envoy.sh & | |
- name: 'testnet: Install system packages' | |
run: sudo apt-get -y install bubblewrap | |
- name: 'testnet: Download artifacts' | |
working-directory: tests | |
run: ./download-artifacts.sh | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: 'testnet: Build runtime' | |
working-directory: client-sdk/ts-web/rt/playground | |
run: ./build-runtime.sh | |
- name: 'testnet: Start' | |
working-directory: client-sdk/ts-web/rt/playground | |
run: ./sample-run-network.sh & | |
- name: 'testnet: Wait for node socket' | |
run: | | |
while [[ ! -e /tmp/oasis-net-runner-sdk-rt/net-runner/network/client-0/internal.sock && ! -e /tmp/cfg_ready ]]; do | |
sleep 1 | |
done | |
- name: Cypress run | |
working-directory: client-sdk/ts-web/rt | |
run: npm run-script test-e2e-cy | |
- name: Upload screenshot | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: e2e-ts-web-rt-screenshots | |
path: client-sdk/ts-web/rt/cypress/screenshots | |
- name: Upload logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: e2e-ts-web-rt-logs | |
path: | | |
/tmp/oasis-net-runner-sdk-rt/**/*.log | |
/tmp/oasis-net-runner-sdk-rt/**/*.json | |
/tmp/genesis.json | |
/tmp/fixture.json | |
e2e-rt: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: e2e-rt | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Rust | |
run: rustup show | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22.x" | |
- name: Install Oasis dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install bubblewrap build-essential libseccomp-dev libssl-dev protobuf-compiler | |
- name: Download artifacts | |
working-directory: tests | |
run: ./download-artifacts.sh | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Run end-to-end tests | |
run: ./tests/run-e2e.sh | |
- name: Upload logs | |
if: failure() | |
uses: actions/upload-artifact@v4 | |
with: | |
name: e2e-rt-logs | |
path: | | |
/tmp/oasis-test-runner*/**/*.log | |
jest-ts-web-core: | |
name: jest-ts-web-core | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js LTS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18.x" | |
cache: npm | |
cache-dependency-path: 'client-sdk/ts-web/package-lock.json' | |
- name: Install dependencies and build | |
working-directory: client-sdk/ts-web | |
run: npm ci --foreground-scripts | |
- name: Run tests | |
working-directory: client-sdk/ts-web/core | |
run: npm test | |
jest-ts-web-rt: | |
name: jest-ts-web-rt | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Node.js LTS | |
uses: actions/setup-node@v4 | |
with: | |
node-version: "18.x" | |
cache: npm | |
cache-dependency-path: 'client-sdk/ts-web/package-lock.json' | |
- name: Install dependencies and build | |
working-directory: client-sdk/ts-web | |
run: npm ci --foreground-scripts | |
- name: Run tests | |
working-directory: client-sdk/ts-web/rt | |
run: npm test | |
ts-web-core-reflect: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: ts-web-core-reflect | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22.x" | |
- name: Generate | |
working-directory: client-sdk/ts-web/core/reflect-go | |
run: | | |
go run . >/tmp/reflect-out.ts | |
cd .. | |
npx prettier --config .prettierrc.js --write /tmp/reflect-out.ts | |
- name: Diff | |
working-directory: client-sdk/ts-web/core | |
# This is only advisory. Don't fail if there are differences. | |
run: | | |
cat src/types.ts src/client.ts >/tmp/current.ts | |
diff -u --color=always /tmp/current.ts /tmp/reflect-out.ts || true | |
benchmark-rt: | |
# NOTE: This name appears in GitHub's Checks API. | |
name: benchmark-rt | |
runs-on: ubuntu-latest | |
timeout-minutes: 30 | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set up Rust | |
run: rustup show | |
- name: Set up Go | |
uses: actions/setup-go@v5 | |
with: | |
go-version: "1.22.x" | |
- name: Install Oasis dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install bubblewrap build-essential libseccomp-dev libssl-dev protobuf-compiler | |
- name: Run end-to-end benchmarks | |
working-directory: tests/benchmark | |
run: ./run-benchmarks.sh |