Anneal Tests #20
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2026 The Fuchsia Authors | |
| # | |
| # Licensed under a BSD-style license <LICENSE-BSD>, Apache License, Version 2.0 | |
| # <LICENSE-APACHE or https://www.apache.org/licenses/LICENSE-2.0>, or the MIT | |
| # license <LICENSE-MIT or https://opensource.org/licenses/MIT>, at your option. | |
| # This file may not be copied, modified, or distributed except according to | |
| # those terms. | |
| name: Anneal Tests | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| merge_group: | |
| permissions: | |
| contents: read | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUSTFLAGS: -Dwarnings | |
| RUSTDOCFLAGS: -Dwarnings | |
| CARGO_ZEROCOPY_AUTO_INSTALL_TOOLCHAIN: 1 | |
| jobs: | |
| build_docker_env: | |
| name: Build Docker image | |
| runs-on: ubuntu-24.04-64core | |
| permissions: | |
| contents: read | |
| packages: write # required to push docker caches to ghcr.io # required to push docker caches to ghcr.io | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate sanitized Docker tag | |
| id: docker_tag | |
| env: | |
| REF_NAME: ${{ github.ref_name }} | |
| shell: bash | |
| run: | | |
| echo "tag=${REF_NAME//\//-}" >> "$GITHUB_OUTPUT" | |
| - name: Get UID/GID | |
| id: get_uid | |
| run: | | |
| echo "uid=$(id -u)" >> "$GITHUB_OUTPUT" | |
| echo "gid=$(id -g)" >> "$GITHUB_OUTPUT" | |
| - name: Build Docker image (Dry Run) | |
| id: build_dry | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 | |
| with: | |
| context: anneal | |
| file: anneal/Dockerfile | |
| push: false | |
| tags: ghcr.io/google/zerocopy/anneal:${{ steps.docker_tag.outputs.tag }} | |
| provenance: false | |
| # Use zstd compression at level 19 to minimize image size and maximize | |
| # decompression speed on matrix runners. This shifts the heavy compression | |
| # work to the beefy 64-core runner used for building the image, saving | |
| # time in the consumer jobs that pull the image. Level 19 is the practical | |
| # maximum for standard use. | |
| outputs: type=image,compression=zstd,compression-level=19,force-compression=true | |
| build-args: | | |
| UID=${{ steps.get_uid.outputs.uid }} | |
| GID=${{ steps.get_uid.outputs.gid }} | |
| cache-from: | | |
| type=registry,ref=ghcr.io/google/zerocopy/anneal-cache:${{ steps.docker_tag.outputs.tag }} | |
| type=registry,ref=ghcr.io/google/zerocopy/anneal-cache:main | |
| cache-to: type=registry,ref=ghcr.io/google/zerocopy/anneal-cache:${{ steps.docker_tag.outputs.tag }},mode=max | |
| - name: Check if remote image matches | |
| id: check_remote | |
| shell: bash | |
| env: | |
| DOCKER_TAG: ${{ steps.docker_tag.outputs.tag }} | |
| LOCAL_DIGEST: ${{ steps.build_dry.outputs.digest }} | |
| run: | | |
| # Fetch the digest of the remote image | |
| REMOTE_DIGEST=$(docker manifest inspect ghcr.io/google/zerocopy/anneal:$DOCKER_TAG | jq -r '.manifests[0].digest') | |
| echo "Remote digest: $REMOTE_DIGEST" | |
| echo "Local digest: $LOCAL_DIGEST" | |
| if [ "$REMOTE_DIGEST" = "$LOCAL_DIGEST" ]; then | |
| echo "match=true" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "match=false" >> "$GITHUB_OUTPUT" | |
| fi | |
| continue-on-error: true # Handle case where remote tag doesn't exist yet | |
| # The build portion of this step will always be cached thanks to the | |
| # dry-run build above. | |
| - name: Build and push Docker image | |
| if: steps.check_remote.outputs.match != 'true' | |
| uses: docker/build-push-action@d08e5c354a6adb9ed34480a06d141179aa583294 # v7.0.0 | |
| # NOTE: All arguments here must match the dry-run step above exactly | |
| # in order to ensure we hit the cache for the local build! | |
| with: | |
| context: anneal | |
| file: anneal/Dockerfile | |
| push: true | |
| tags: ghcr.io/google/zerocopy/anneal:${{ steps.docker_tag.outputs.tag }} | |
| provenance: false | |
| outputs: type=image,compression=zstd,compression-level=19,force-compression=true | |
| build-args: | | |
| UID=${{ steps.get_uid.outputs.uid }} | |
| GID=${{ steps.get_uid.outputs.gid }} | |
| cache-from: | | |
| type=registry,ref=ghcr.io/google/zerocopy/anneal-cache:${{ steps.docker_tag.outputs.tag }} | |
| type=registry,ref=ghcr.io/google/zerocopy/anneal-cache:main | |
| cache-to: type=registry,ref=ghcr.io/google/zerocopy/anneal-cache:${{ steps.docker_tag.outputs.tag }},mode=max | |
| anneal_tests: | |
| name: Anneal Tests | |
| runs-on: ubuntu-24.04-64core | |
| needs: build_docker_env | |
| permissions: | |
| contents: read | |
| packages: read # required to pull docker caches from ghcr.io | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate sanitized Docker tag | |
| id: docker_tag | |
| env: | |
| REF_NAME: ${{ github.ref_name }} | |
| shell: bash | |
| run: | | |
| echo "tag=${REF_NAME//\//-}" >> "$GITHUB_OUTPUT" | |
| - name: Get UID/GID | |
| id: get_uid | |
| run: | | |
| echo "uid=$(id -u)" >> "$GITHUB_OUTPUT" | |
| echo "gid=$(id -g)" >> "$GITHUB_OUTPUT" | |
| - name: Pull and tag image | |
| run: | | |
| docker pull ghcr.io/google/zerocopy/anneal:${STEPS_DOCKER_TAG_OUTPUTS_TAG} | |
| docker tag ghcr.io/google/zerocopy/anneal:${STEPS_DOCKER_TAG_OUTPUTS_TAG} anneal-ci:local | |
| env: | |
| STEPS_DOCKER_TAG_OUTPUTS_TAG: ${{ steps.docker_tag.outputs.tag }} | |
| # Ensure `llms-full.txt` file is up-to-date. | |
| - name: Check doc generation | |
| run: | | |
| # We intentionally omit the `--rm` flag here. In the GitHub Actions | |
| # environment, Docker's container removal process can take over 5 | |
| # minutes to complete after the tests finish. Since the runner VM is | |
| # destroyed at the end of the job, leaving the container is safe and | |
| # saves time. | |
| docker run -v $GITHUB_WORKSPACE/anneal:/workspace anneal-ci:local cargo run -p doc_gen -- --check | |
| # Run unit tests separately, as they're much less likely to have bugs | |
| # during local development, and this makes the GitHub Actions output | |
| # easier to skim (in particular, it's clear at a glance whether a failure | |
| # is due to unit or integration tests). | |
| - name: Run unit tests | |
| run: | | |
| # We intentionally omit the `--rm` flag here. In the GitHub Actions | |
| # environment, Docker's container removal process can take over 5 | |
| # minutes to complete after the tests finish. Since the runner VM is | |
| # destroyed at the end of the job, leaving the container is safe and | |
| # saves time. | |
| docker run -v $GITHUB_WORKSPACE/anneal:/workspace anneal-ci:local cargo test --verbose --bin cargo-anneal | |
| # We duplicate running unit tests since they're very cheap compared to | |
| # integration tests, and this way it's easier to be sure that we run all | |
| # tests instead of specifically trying to carve out unit tests and risk | |
| # missing test categories. | |
| - name: Run all tests | |
| run: | | |
| # We intentionally omit the `--rm` flag here. In the GitHub Actions | |
| # environment, Docker's container removal process can take over 5 | |
| # minutes to complete after the tests finish. Since the runner VM is | |
| # destroyed at the end of the job, leaving the container is safe and | |
| # saves time. | |
| docker run -v $GITHUB_WORKSPACE/anneal:/workspace anneal-ci:local cargo test --verbose | |
| verify_examples: | |
| name: Verify example (${{ matrix.example }}) | |
| runs-on: ubuntu-latest | |
| needs: build_docker_env | |
| permissions: | |
| contents: read | |
| packages: read # required to pull docker caches from ghcr.io | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| example: | |
| - abs | |
| - anatomy | |
| - checked_add | |
| - const_generics | |
| - design_doc | |
| - linked_list | |
| - namespaces | |
| - never_type | |
| - ptr_concat | |
| - size_of_align_of | |
| - swap | |
| - unchecked_get | |
| - update_max | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| with: | |
| persist-credentials: false | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@4d04d5d9486b7bd6fa91e7baf45bbb4f8b9deedd # v4.0.0 | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Generate sanitized Docker tag | |
| id: docker_tag | |
| env: | |
| REF_NAME: ${{ github.ref_name }} | |
| shell: bash | |
| run: | | |
| echo "tag=${REF_NAME//\//-}" >> "$GITHUB_OUTPUT" | |
| - name: Get UID/GID | |
| id: get_uid | |
| run: | | |
| echo "uid=$(id -u)" >> "$GITHUB_OUTPUT" | |
| echo "gid=$(id -g)" >> "$GITHUB_OUTPUT" | |
| - name: Pull and tag image | |
| run: | | |
| docker pull ghcr.io/google/zerocopy/anneal:${STEPS_DOCKER_TAG_OUTPUTS_TAG} | |
| docker tag ghcr.io/google/zerocopy/anneal:${STEPS_DOCKER_TAG_OUTPUTS_TAG} anneal-ci:local | |
| env: | |
| STEPS_DOCKER_TAG_OUTPUTS_TAG: ${{ steps.docker_tag.outputs.tag }} | |
| - name: Verify example | |
| env: | |
| EXAMPLE: ${{ matrix.example }} | |
| run: | | |
| KNOWN_FAILING=("design_doc" "never_type" "ptr_concat") | |
| example="$EXAMPLE" | |
| expect_failure=0 | |
| for kf in "${KNOWN_FAILING[@]}"; do | |
| if [ "$kf" = "$example" ]; then | |
| expect_failure=1 | |
| break | |
| fi | |
| done | |
| echo "Verifying $example (expect failure: $expect_failure)" | |
| # We intentionally omit the `--rm` flag here. In the GitHub Actions | |
| # environment, Docker's container removal process can take over 5 | |
| # minutes to complete after the tests finish. Since the runner VM is | |
| # destroyed at the end of the job, leaving the container is safe and | |
| # saves time. | |
| if docker run -v $GITHUB_WORKSPACE/anneal:/workspace -e __ZEROCOPY_LOCAL_DEV=1 anneal-ci:local cargo run verify --unsound-allow-is-valid --example "$example"; then | |
| if [ "$expect_failure" -eq 1 ]; then | |
| echo "::error::Example $example succeeded but was expected to fail." | |
| exit 1 | |
| else | |
| echo "Example $example succeeded." | |
| fi | |
| else | |
| if [ "$expect_failure" -eq 1 ]; then | |
| echo "Example $example failed as expected." | |
| else | |
| echo "::error::Example $example failed." | |
| exit 1 | |
| fi | |
| fi | |
| # Used to signal to branch protections that all other jobs have succeeded. | |
| all-jobs-succeed: | |
| # WARNING: This name is load-bearing! It's how GitHub's settings UI configures which jobs | |
| # to block on. DO NOT change this name without updating the settings UI to match. | |
| name: All checks succeeded (anneal.yml) | |
| # On failure, we run and unconditionally exit with a failing status code. | |
| # On success, this job is skipped. Jobs skipped using `if:` are considered | |
| # to have succeeded: | |
| # | |
| # https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/collaborating-on-repositories-with-code-quality-features/troubleshooting-required-status-checks#handling-skipped-but-required-checks | |
| if: failure() | |
| runs-on: ubuntu-latest | |
| needs: [build_docker_env, anneal_tests, verify_examples] | |
| steps: | |
| - name: Mark the job as failed | |
| run: exit 1 |