Fix open-ended ledger file corruption during recovery on followers #2609
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration | |
| on: | |
| schedule: | |
| - cron: "0 0 * * 0" | |
| pull_request: | |
| workflow_dispatch: | |
| merge_group: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ !contains(github.ref, 'main')}} | |
| permissions: | |
| contents: read | |
| actions: read | |
| checks: write | |
| jobs: | |
| checks: | |
| name: "Format and License Checks" | |
| runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] | |
| container: | |
| image: mcr.microsoft.com/azurelinux/base/core:3.0 | |
| options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE | |
| steps: | |
| - name: "Checkout dependencies" | |
| shell: bash | |
| run: | | |
| gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY | |
| tdnf -y update | |
| tdnf -y install ca-certificates git | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Run CI checks | |
| run: | | |
| set -ex | |
| git config --global --add safe.directory /__w/CCF/CCF | |
| tdnf -y install tar npm build-essential | |
| ./scripts/setup-dev.sh | |
| ./scripts/ci-checks.sh | |
| shell: bash | |
| build_with_tidy: | |
| name: "Build with clang-tidy" | |
| runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] | |
| container: | |
| image: mcr.microsoft.com/azurelinux/base/core:3.0 | |
| options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE | |
| steps: | |
| - name: "Checkout dependencies" | |
| shell: bash | |
| run: | | |
| set -ex | |
| gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY | |
| tdnf -y update | |
| tdnf -y install ca-certificates git | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: "Install dependencies" | |
| shell: bash | |
| run: | | |
| set -ex | |
| ./scripts/setup-ci.sh | |
| - name: "Build Debug" | |
| run: | | |
| set -ex | |
| git config --global --add safe.directory /__w/CCF/CCF | |
| mkdir build | |
| cd build | |
| cmake -GNinja -DCOMPILE_TARGET=virtual -DCMAKE_BUILD_TYPE=Debug -DCLANG_TIDY=ON .. | |
| ninja | |
| shell: bash | |
| build_and_test: | |
| name: "CI" | |
| needs: checks | |
| strategy: | |
| matrix: | |
| platform: | |
| - name: virtual | |
| - name: snp | |
| runs-on: [self-hosted, 1ES.Pool=gha-virtual-ccf-sub] | |
| container: | |
| image: mcr.microsoft.com/azurelinux/base/core:3.0 | |
| options: --user root --publish-all --cap-add NET_ADMIN --cap-add NET_RAW --cap-add SYS_PTRACE | |
| steps: | |
| - name: "Checkout dependencies" | |
| shell: bash | |
| run: | | |
| gpg --import /etc/pki/rpm-gpg/MICROSOFT-RPM-GPG-KEY | |
| tdnf -y update | |
| tdnf -y install ca-certificates git | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: "Install dependencies" | |
| shell: bash | |
| run: | | |
| set -ex | |
| ./scripts/setup-ci.sh | |
| - name: "Build Debug" | |
| run: | | |
| set -ex | |
| git config --global --add safe.directory /__w/CCF/CCF | |
| mkdir build | |
| cd build | |
| cmake -GNinja -DCOMPILE_TARGET=${{ matrix.platform.name }} -DCMAKE_BUILD_TYPE=Debug .. | |
| ninja | |
| shell: bash | |
| - name: "Test ${{ matrix.platform.name }}" | |
| if: "${{ matrix.platform.name != 'snp' }}" # Needs 1ES Pool support | |
| run: | | |
| set -ex | |
| cd build | |
| rm -rf /github/home/.cache | |
| mkdir -p /github/home/.cache | |
| export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) | |
| # Unit tests | |
| ./tests.sh --output-on-failure -L unit -j$(nproc --all) | |
| # All other acceptably fast tests, which are now supported on Azure Linux. | |
| ./tests.sh --timeout 360 --output-on-failure -LE "benchmark|suite|unit" | |
| # Partitions tests | |
| ./tests.sh --timeout 360 --output-on-failure -L partitions -C partitions | |
| shell: bash | |
| - name: "Upload logs for ${{ matrix.platform.name }}" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: logs-azurelinux-${{ matrix.platform.name }} | |
| path: | | |
| build/workspace/*/*.config.json | |
| build/workspace/*/out | |
| build/workspace/*/err | |
| build/workspace/*/*.ledger/* | |
| if-no-files-found: ignore | |
| if: success() || failure() | |
| build_and_test_caci: | |
| name: "Confidential Container (ACI) CI" | |
| runs-on: [self-hosted, 1ES.Pool=gha-caci-ne] | |
| needs: checks | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: "Build Debug" | |
| run: | | |
| set -ex | |
| git config --global --add safe.directory /__w/CCF/CCF | |
| mkdir build | |
| cd build | |
| cmake -GNinja -DCOMPILE_TARGET=snp -DCMAKE_BUILD_TYPE=Debug .. | |
| ninja | |
| shell: bash | |
| - name: "Tests" | |
| run: | | |
| set -ex | |
| cd build | |
| rm -rf /github/home/.cache | |
| mkdir -p /github/home/.cache | |
| export ASAN_SYMBOLIZER_PATH=$(realpath /usr/bin/llvm-symbolizer-15) | |
| # Unit tests, minus indexing that is sometimes timing out with this few cores | |
| ./tests.sh --output-on-failure -L unit -j$(nproc --all) -E indexing | |
| # Minimal end to end test that exercises SNP attestation verification | |
| # but works within the current 4 core budget | |
| ./tests.sh --timeout 360 --output-on-failure -R code_update | |
| shell: bash | |
| - name: "Upload logs" | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: logs-caci-snp | |
| path: | | |
| build/workspace/*/*.config.json | |
| build/workspace/*/out | |
| build/workspace/*/err | |
| build/workspace/*/*.ledger/* | |
| if-no-files-found: ignore | |
| if: success() || failure() |