Skip to content

Daily aarch64

Daily aarch64 #3

Workflow file for this run

# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
name: Daily aarch64
# Full aarch64 coverage runs here on a schedule rather than on every PR, because
# there are only limited aarch64 runners. PRs run a reduced aarch64
# build-test (build + default Rust tests only) and skip aarch64 examples; this
# workflow restores Miri, the single-driver tests, and the examples once a day.
on:
schedule:
- cron: '0 5 * * *' # Runs at 05:00 UTC every day
workflow_dispatch: # Allow manual triggering
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: full
permissions:
contents: read
defaults:
run:
shell: bash
jobs:
# Build aarch64 guest binaries once and upload them as artifacts for the
# build-test and run-examples jobs to download.
build-guests:
strategy:
fail-fast: false
matrix:
config: [debug, release]
uses: ./.github/workflows/dep_build_guests.yml
secrets: inherit
with:
arch: arm64
config: ${{ matrix.config }}
# Full aarch64 build-and-test. full_aarch64: "true" re-enables the Miri and
# single-driver steps that are skipped on PRs.
build-test:
needs: build-guests
permissions:
# checkout in the called workflow
contents: read
# pull goldens from GHCR in the called workflow
packages: read
strategy:
fail-fast: false
matrix:
config: [debug, release]
uses: ./.github/workflows/dep_build_test.yml
secrets: inherit
with:
hypervisor: kvm
cpu_vendor: apple
arch: arm64
config: ${{ matrix.config }}
full_aarch64: "true"
run-examples:
needs: build-guests
strategy:
fail-fast: false
matrix:
config: [debug, release]
uses: ./.github/workflows/dep_run_examples.yml
secrets: inherit
with:
hypervisor: kvm
cpu_vendor: apple
arch: arm64
config: ${{ matrix.config }}
# Fuzz on aarch64. This coverage was removed from PRs in #1594 to conserve the
# limited arm64 runners, and runs here daily instead. The tracing
# fuzzers (fuzz_guest_trace, fuzz_guest_estimate_trace_event) are x86_64-only
fuzzing:
needs: build-guests
strategy:
fail-fast: false
matrix:
target: ['fuzz_host_print', 'fuzz_guest_call', 'fuzz_host_call']
uses: ./.github/workflows/dep_fuzzing.yml
secrets: inherit
with:
target: ${{ matrix.target }}
arch: arm64
max_total_time: 300 # 5 minutes in seconds
# File (or update) a release-blocking GitHub issue if any job fails. The first
# label (area/ci-periodics-aarch64) is the de-duplication key used by
# notify-ci-failure.sh, so this workflow maintains its own issue lineage and is
# guaranteed to carry release-blocker, instead of commenting on another periodic
# job's issue. NOTE: that label must exist in the repo (Issues -> Labels) or the
# `gh issue create` call will fail.
notify-failure:
runs-on: ubuntu-latest
needs: [build-guests, build-test, run-examples, fuzzing]
if: always() && (needs.build-guests.result == 'failure' || needs.build-test.result == 'failure' || needs.run-examples.result == 'failure' || needs.fuzzing.result == 'failure')
permissions:
# Job-level permissions replace (not merge with) the workflow-level grant,
# so contents:read must be re-declared for actions/checkout to work.
contents: read
issues: write
steps:
- name: Checkout code
uses: actions/checkout@9c091bb21b7c1c1d1991bb908d89e4e9dddfe3e0 # v7.0.0
- name: Notify Daily aarch64 Failure
run: ./dev/notify-ci-failure.sh --title="Daily aarch64 Failure - ${{ github.run_number }}" --labels="area/ci-periodics-aarch64,area/ci-periodics,area/testing,lifecycle/needs-review,release-blocker"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}