Daily aarch64 #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
| name: Daily aarch64 | |
| # Full aarch64 coverage runs here on a schedule rather than on every PR, because | |
| # there are only limited aarch64 runners. PRs run a reduced aarch64 | |
| # build-test (build + default Rust tests only) and skip aarch64 examples; this | |
| # workflow restores Miri, the single-driver tests, and the examples once a day. | |
| on: | |
| schedule: | |
| - cron: '0 5 * * *' # Runs at 05:00 UTC every day | |
| workflow_dispatch: # Allow manual triggering | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: full | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| # Build aarch64 guest binaries once and upload them as artifacts for the | |
| # build-test and run-examples jobs to download. | |
| build-guests: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| config: [debug, release] | |
| uses: ./.github/workflows/dep_build_guests.yml | |
| secrets: inherit | |
| with: | |
| arch: arm64 | |
| config: ${{ matrix.config }} | |
| # Full aarch64 build-and-test. full_aarch64: "true" re-enables the Miri and | |
| # single-driver steps that are skipped on PRs. | |
| build-test: | |
| needs: build-guests | |
| permissions: | |
| # checkout in the called workflow | |
| contents: read | |
| # pull goldens from GHCR in the called workflow | |
| packages: read | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| config: [debug, release] | |
| uses: ./.github/workflows/dep_build_test.yml | |
| secrets: inherit | |
| with: | |
| hypervisor: kvm | |
| cpu_vendor: apple | |
| arch: arm64 | |
| config: ${{ matrix.config }} | |
| full_aarch64: "true" | |
| run-examples: | |
| needs: build-guests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| config: [debug, release] | |
| uses: ./.github/workflows/dep_run_examples.yml | |
| secrets: inherit | |
| with: | |
| hypervisor: kvm | |
| cpu_vendor: apple | |
| arch: arm64 | |
| config: ${{ matrix.config }} | |
| # Fuzz on aarch64. This coverage was removed from PRs in #1594 to conserve the | |
| # limited arm64 runners, and runs here daily instead. The tracing | |
| # fuzzers (fuzz_guest_trace, fuzz_guest_estimate_trace_event) are x86_64-only | |
| fuzzing: | |
| needs: build-guests | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| target: ['fuzz_host_print', 'fuzz_guest_call', 'fuzz_host_call'] | |
| uses: ./.github/workflows/dep_fuzzing.yml | |
| secrets: inherit | |
| with: | |
| target: ${{ matrix.target }} | |
| arch: arm64 | |
| max_total_time: 300 # 5 minutes in seconds | |
| # File (or update) a release-blocking GitHub issue if any job fails. The first | |
| # label (area/ci-periodics-aarch64) is the de-duplication key used by | |
| # notify-ci-failure.sh, so this workflow maintains its own issue lineage and is | |
| # guaranteed to carry release-blocker, instead of commenting on another periodic | |
| # job's issue. NOTE: that label must exist in the repo (Issues -> Labels) or the | |
| # `gh issue create` call will fail. | |
| notify-failure: | |
| runs-on: ubuntu-latest | |
| needs: [build-guests, build-test, run-examples, fuzzing] | |
| if: always() && (needs.build-guests.result == 'failure' || needs.build-test.result == 'failure' || needs.run-examples.result == 'failure' || needs.fuzzing.result == 'failure') | |
| permissions: | |
| # Job-level permissions replace (not merge with) the workflow-level grant, | |
| # so contents:read must be re-declared for actions/checkout to work. | |
| contents: read | |
| issues: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0 | |
| - name: Notify Daily aarch64 Failure | |
| run: ./dev/notify-ci-failure.sh --title="Daily aarch64 Failure - ${{ github.run_number }}" --labels="area/ci-periodics-aarch64,area/ci-periodics,area/testing,lifecycle/needs-review,release-blocker" | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |