diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f76d4adc6..fc80d524e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -12,6 +12,10 @@ on: release: types: [ published ] +concurrency: + group: ci-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/main' }} + env: CARGO_TERM_COLOR: always RUST_BACKTRACE: 1 @@ -52,12 +56,14 @@ jobs: test-e2e: name: E2E Tests (Playwright) - runs-on: ubuntu-22.04 + runs-on: self-hosted container: image: ghcr.io/hut8/soar-ci:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + volumes: + - /opt/ci-cache:/ci-cache services: postgres: image: ghcr.io/hut8/postgis-timescaledb:latest @@ -86,19 +92,19 @@ jobs: with: fetch-depth: 0 # Fetch all history for git tags (needed for vergen version) + - name: Setup persistent cargo cache + run: | + mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git + echo "CARGO_TARGET_DIR=/ci-cache/${RUNNER_NAME}/target-e2e" >> $GITHUB_ENV + - name: Install unzip (required by setup-bun in container) run: apt-get update -qq && apt-get install -y -qq unzip - name: Setup Bun uses: oven-sh/setup-bun@v2 - - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 - with: - cache-on-failure: true - shared-key: "e2e-debug" - save-if: ${{ github.ref == 'refs/heads/main' }} - - name: Install web dependencies run: bun install --frozen-lockfile @@ -134,7 +140,7 @@ jobs: RUSTFLAGS="--cfg tokio_unstable" cargo build # Seed test data - ./target/debug/soar seed-test-data + $CARGO_TARGET_DIR/debug/soar seed-test-data - name: Start Rust backend server working-directory: . @@ -152,7 +158,7 @@ jobs: BASE_URL: http://localhost:4173 run: | # Start backend server in background - ./target/debug/soar web --port 61225 --interface localhost > backend.log 2>&1 & + $CARGO_TARGET_DIR/debug/soar web --port 61225 --interface localhost > backend.log 2>&1 & BACKEND_PID=$! echo "Backend PID: $BACKEND_PID" echo $BACKEND_PID > backend.pid @@ -205,12 +211,14 @@ jobs: test-rust: name: Test Rust Project - runs-on: ubuntu-22.04 + runs-on: self-hosted container: image: ghcr.io/hut8/soar-ci:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + volumes: + - /opt/ci-cache:/ci-cache services: postgres: image: ghcr.io/hut8/postgis-timescaledb:latest @@ -236,6 +244,13 @@ jobs: with: fetch-depth: 0 # Fetch all history for git tags (needed for vergen version) + - name: Setup persistent cargo cache + run: | + mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git + echo "CARGO_TARGET_DIR=/ci-cache/${RUNNER_NAME}/target-test" >> $GITHUB_ENV + - name: Install unzip (required by setup-bun in container) run: apt-get update -qq && apt-get install -y -qq unzip @@ -246,14 +261,6 @@ jobs: working-directory: ./web run: bun install --frozen-lockfile - - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 - with: - cache-on-failure: true - shared-key: "test-build" - save-if: ${{ github.ref == 'refs/heads/main' }} - cache-all-crates: true - - name: Setup test database env: PGPASSWORD: postgres @@ -298,12 +305,14 @@ jobs: build-release: name: Build Release Binary (Native Static musl) - runs-on: ubuntu-22.04 + runs-on: self-hosted container: image: ghcr.io/hut8/soar-ci:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + volumes: + - /opt/ci-cache:/ci-cache defaults: run: shell: bash @@ -314,6 +323,13 @@ jobs: with: fetch-depth: 0 # Fetch all history for git tags (needed for vergen version) + - name: Setup persistent cargo cache + run: | + mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git + echo "CARGO_TARGET_DIR=/ci-cache/${RUNNER_NAME}/target-release-musl" >> $GITHUB_ENV + - name: Install unzip (required by setup-bun in container) run: apt-get update -qq && apt-get install -y -qq unzip @@ -332,14 +348,6 @@ jobs: SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }} run: bun run build - - name: Setup Rust cache - uses: Swatinem/rust-cache@v2 - with: - cache-on-failure: true - shared-key: "release-build-native-musl" - save-if: ${{ github.ref == 'refs/heads/main' }} - cache-all-crates: true - - name: Build static release binary env: SKIP_WEB_BUILD: "1" # Frontend already built via bun run build above @@ -353,21 +361,21 @@ jobs: - name: Verify static linking run: | echo "Checking if binary is statically linked..." - file target/x86_64-unknown-linux-musl/release/soar + file $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar # Check for dynamic dependencies (should show "statically linked") - if ldd target/x86_64-unknown-linux-musl/release/soar 2>&1 | grep -q "not a dynamic executable"; then + if ldd $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar 2>&1 | grep -q "not a dynamic executable"; then echo "Binary is statically linked (no dynamic dependencies)" else echo "Binary has dynamic dependencies:" - ldd target/x86_64-unknown-linux-musl/release/soar || true + ldd $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar || true fi - name: Create binary archive run: | rm -rf release mkdir -p release - cp target/x86_64-unknown-linux-musl/release/soar release/ + cp $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar release/ cp README.md release/ || echo "No README.md found" tar -czf soar-linux-x64.tar.gz -C release . @@ -381,24 +389,26 @@ jobs: - name: Show binary info run: | echo "Binary size:" - ls -lh target/x86_64-unknown-linux-musl/release/soar + ls -lh $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar echo "" echo "Binary info:" - file target/x86_64-unknown-linux-musl/release/soar + file $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar echo "" echo "Stripped binary size:" - cp target/x86_64-unknown-linux-musl/release/soar /tmp/soar-stripped + cp $CARGO_TARGET_DIR/x86_64-unknown-linux-musl/release/soar /tmp/soar-stripped strip /tmp/soar-stripped ls -lh /tmp/soar-stripped security-audit: name: Security Audit - runs-on: ubuntu-22.04 + runs-on: self-hosted container: image: ghcr.io/hut8/soar-ci:latest credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} + volumes: + - /opt/ci-cache:/ci-cache defaults: run: shell: bash @@ -409,6 +419,12 @@ jobs: with: fetch-depth: 0 # Fetch all history for git tags (needed for vergen version) + - name: Setup persistent cargo cache + run: | + mkdir -p /ci-cache/${RUNNER_NAME}/cargo-registry /ci-cache/${RUNNER_NAME}/cargo-git + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-registry /usr/local/cargo/registry + ln -sfn /ci-cache/${RUNNER_NAME}/cargo-git /usr/local/cargo/git + - name: Run security audit run: cargo audit diff --git a/web/e2e/auth/login.test.ts b/web/e2e/auth/login.test.ts index be214f713..0dd657681 100644 --- a/web/e2e/auth/login.test.ts +++ b/web/e2e/auth/login.test.ts @@ -98,7 +98,7 @@ test.describe('Login', () => { await page.getByPlaceholder('Enter your password').press('Enter'); // Should be redirected to home page - await expect(page).toHaveURL('/'); + await expect(page).toHaveURL('/', { timeout: 15000 }); }); test('should navigate to registration page from login', async ({ page }) => {