-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
18 changed files
with
610 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,79 @@ | ||
| name: "Build and publish 'latest' Images" | ||
|
|
||
| # This workflow uses actions that are not certified by GitHub. | ||
| # They are provided by a third-party and are governed by | ||
| # separate terms of service, privacy policy, and support | ||
| # documentation. | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| push: | ||
| branches: [ "main" ] | ||
|
|
||
| env: | ||
| # REGISTRY_URL: ${{ secrets.ANTITHESIS_REGISTRY_URL }} | ||
| # REGISTRY_REPOSITORY: ${{ secrets.ANTITHESIS_REPOSITORY }} | ||
| # REGISTRY_LOGIN: ${{ secrets.ANTITHESIS_REGISTRY_LOGIN }} | ||
| SUT_IMAGE: raft_sut | ||
| WORKLOAD_IMAGE: raft_workload | ||
| CONFIG_IMAGE: raft_config | ||
| IMAGES_TAG: latest | ||
| NATS_UPSTREAM_IMAGE: nats | ||
| NATS_UPSTREAM_TAG: latest | ||
| NATS_IMAGE: nats_server | ||
| NATS_TAG: latest | ||
| GIT_TAG: antithesis/latest | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| # Allow this workflow to push | ||
| permissions: | ||
| contents: write | ||
|
|
||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Login to Antithesis Docker Registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ secrets.ANTITHESIS_REGISTRY_URL }} | ||
| username: _json_key | ||
| password: ${{ secrets.ANTITHESIS_REGISTRY_LOGIN }} | ||
|
|
||
| - name: Populate buildinfo and version files | ||
| run: ./antithesis/scripts/buildinfo.sh | ||
|
|
||
| - name: Build, tag SUT image | ||
| timeout-minutes: 100 | ||
| run: | | ||
| docker build -f ./antithesis/system-under-test/Dockerfile -t ${SUT_IMAGE}:${IMAGES_TAG} . | ||
| docker tag ${SUT_IMAGE}:${IMAGES_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${SUT_IMAGE}:${IMAGES_TAG} | ||
| - name: Build, tag workload image | ||
| run: | | ||
| docker build -f ./antithesis/workload/Dockerfile -t ${WORKLOAD_IMAGE}:${IMAGES_TAG} . | ||
| docker tag ${WORKLOAD_IMAGE}:${IMAGES_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${WORKLOAD_IMAGE}:${IMAGES_TAG} | ||
| - name: Build tag config image | ||
| run: | | ||
| docker build -f ./antithesis/config/Dockerfile -t ${CONFIG_IMAGE}:${IMAGES_TAG} . | ||
| docker tag ${CONFIG_IMAGE}:${IMAGES_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${CONFIG_IMAGE}:${IMAGES_TAG} | ||
| - name: Pull and tag upstream nats-server image | ||
| run: | | ||
| docker pull ${NATS_UPSTREAM_IMAGE}:${NATS_UPSTREAM_TAG} | ||
| docker tag ${NATS_UPSTREAM_IMAGE}:${NATS_UPSTREAM_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${NATS_IMAGE}:${NATS_TAG} | ||
| - name: Publish images | ||
| run: | | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${SUT_IMAGE}:${IMAGES_TAG} | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${WORKLOAD_IMAGE}:${IMAGES_TAG} | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${CONFIG_IMAGE}:${IMAGES_TAG} | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${NATS_IMAGE}:${NATS_TAG} | ||
| - name: Update git tag tracking the latest images | ||
| run: | | ||
| git tag -f ${{ env.GIT_TAG }} | ||
| git push -f origin ${{ env.GIT_TAG }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,80 @@ | ||
| name: "Experiment with custom-branch images" | ||
|
|
||
| env: | ||
| ANTITHESIS_WEBOOK_TOKEN: ${{ secrets.ANTITHESIS_WEBOOK_TOKEN }} | ||
| ANTITHESIS_WEBOOK_URL: ${{ secrets.ANTITHESIS_WEBOOK_URL }} | ||
| ANTITHESIS_WEBOOK_USERNAME: ${{ secrets.ANTITHESIS_WEBOOK_USERNAME }} | ||
| SUT_IMAGE: raft_sut | ||
| WORKLOAD_IMAGE: raft_workload | ||
| CONFIG_IMAGE: raft_config | ||
| IMAGES_TAG: custom_${{ github.triggering_actor }}_${{ github.run_number }} | ||
| NATS_UPSTREAM_IMAGE: nats | ||
| NATS_UPSTREAM_TAG: latest | ||
| NATS_IMAGE: nats_server | ||
| NATS_TAG: latest | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| duration: | ||
| description: 'Duration (fuzzing hours)' | ||
| required: true | ||
| type: string | ||
| default: "1.0" | ||
| description: | ||
| description: 'Experiment description (avoid quotes, please!)' | ||
| required: true | ||
| type: string | ||
| default: "No description provided" | ||
| email: | ||
| description: 'Additional email notification recipient (separate with ;)' | ||
| required: false | ||
| type: string | ||
| default: "" | ||
|
|
||
| jobs: | ||
| build-publish-and-trigger-experiment: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: Populate buildinfo and version files | ||
| run: ./antithesis/scripts/buildinfo.sh | ||
|
|
||
| - name: Login to Antithesis Docker Registry | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: ${{ secrets.ANTITHESIS_REGISTRY_URL }} | ||
| username: _json_key | ||
| password: ${{ secrets.ANTITHESIS_REGISTRY_LOGIN }} | ||
|
|
||
| - name: Build, tag SUT image | ||
| run: | | ||
| docker build -f ./antithesis/system-under-test/Dockerfile -t ${SUT_IMAGE}:${IMAGES_TAG} . | ||
| docker tag ${SUT_IMAGE}:${IMAGES_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${SUT_IMAGE}:${IMAGES_TAG} | ||
| - name: Build, tag workload image | ||
| run: | | ||
| docker build -f ./antithesis/workload/Dockerfile -t ${WORKLOAD_IMAGE}:${IMAGES_TAG} . | ||
| docker tag ${WORKLOAD_IMAGE}:${IMAGES_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${WORKLOAD_IMAGE}:${IMAGES_TAG} | ||
| - name: Build tag config image | ||
| run: | | ||
| docker build -f ./antithesis/config/Dockerfile -t ${CONFIG_IMAGE}:${IMAGES_TAG} . | ||
| docker tag ${CONFIG_IMAGE}:${IMAGES_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${CONFIG_IMAGE}:${IMAGES_TAG} | ||
| - name: Pull and tag upstream nats-server image | ||
| run: | | ||
| docker pull ${NATS_UPSTREAM_IMAGE}:${NATS_UPSTREAM_TAG} | ||
| docker tag ${NATS_UPSTREAM_IMAGE}:${NATS_UPSTREAM_TAG} ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${NATS_IMAGE}:${NATS_TAG} | ||
| - name: Publish images | ||
| run: | | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${SUT_IMAGE}:${IMAGES_TAG} | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${WORKLOAD_IMAGE}:${IMAGES_TAG} | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${CONFIG_IMAGE}:${IMAGES_TAG} | ||
| docker push ${{ secrets.ANTITHESIS_REGISTRY_URL }}/${{ secrets.ANTITHESIS_REPOSITORY }}/${NATS_IMAGE}:${NATS_TAG} | ||
| - name: "Launch single experiment" | ||
| run: ./antithesis/scripts/launch_experiment.sh 'default' '${{ inputs.duration }}' '${{ env.IMAGES_TAG }}' '${{ inputs.description }}' '${{ inputs.email }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: "Experiment with existing images" | ||
|
|
||
| env: | ||
| ANTITHESIS_WEBOOK_TOKEN: ${{ secrets.ANTITHESIS_WEBOOK_TOKEN }} | ||
| ANTITHESIS_WEBOOK_URL: ${{ secrets.ANTITHESIS_WEBOOK_URL }} | ||
| ANTITHESIS_WEBOOK_USERNAME: ${{ secrets.ANTITHESIS_WEBOOK_USERNAME }} | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| duration: | ||
| description: 'Duration (fuzzing hours)' | ||
| required: true | ||
| type: string | ||
| default: "1.0" | ||
| imgtag: | ||
| description: 'Image' | ||
| required: true | ||
| type: string | ||
| default: "latest" | ||
| description: | ||
| description: 'Experiment description (avoid quotes, please!)' | ||
| required: true | ||
| type: string | ||
| default: "No description provided" | ||
| email: | ||
| description: 'Additional email notification recipient (separate with ;)' | ||
| required: false | ||
| type: string | ||
| default: "" | ||
|
|
||
| jobs: | ||
| parametrized-experiment: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout repository (without submodules) | ||
| uses: actions/checkout@v4 | ||
|
|
||
| - name: "Launch single experiment" | ||
| run: ./antithesis/scripts/launch_experiment.sh 'default' '${{ inputs.duration }}' '${{ inputs.imgtag }}' '${{ inputs.description }}' '${{ inputs.email }}' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,22 @@ | ||
| name: "Pull Request: Build Antithesis Images" | ||
|
|
||
| on: [pull_request] | ||
|
|
||
| env: | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: ubuntu-latest | ||
| # Explicitly enable selected permissions (disables the rest by default) | ||
| permissions: | ||
| contents: read | ||
|
|
||
| steps: | ||
| - name: Checkout repository (without submodules) | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| submodules: false | ||
|
|
||
| - name: Build Antithesis images | ||
| run: | | ||
| make -C ./antithesis build |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,33 @@ | ||
| # This Makefile locally builds the images and stands up the system as described | ||
| # in the config image docker-compose. | ||
|
|
||
| # Uncomment if needed to debug build: | ||
| # DOCKER_BUILD_FLAGS = --no-cache | ||
|
|
||
| .PHONY: run | ||
| run: clean build pull_nats_server ./config/docker-compose.yml | ||
| docker-compose -f ./config/docker-compose.yml --env-file ./config/environment up | ||
|
|
||
| .PHONY: build | ||
| build: build_workload build_sut build_config | ||
|
|
||
| .PHONY: build_sut | ||
| build_sut: ./system-under-test/Dockerfile | ||
| docker build $(DOCKER_BUILD_FLAGS) -f ./system-under-test/Dockerfile -t raft_sut:latest .. | ||
|
|
||
| .PHONY: build_workload | ||
| build_workload: ./workload/Dockerfile | ||
| docker build $(DOCKER_BUILD_FLAGS) -f ./workload/Dockerfile -t raft_workload:latest .. | ||
|
|
||
| .PHONY: build_config | ||
| build_config: ./config/Dockerfile | ||
| docker build $(DOCKER_BUILD_FLAGS) -f ./config/Dockerfile -t raft_config:latest .. | ||
|
|
||
| .PHONY: pull_nats_server | ||
| pull_nats_server: | ||
| docker pull nats:latest | ||
| docker tag nats:latest nats_server:latest | ||
|
|
||
| .PHONY: clean | ||
| clean: | ||
| docker-compose -f ./config/docker-compose.yml --env-file ./config/environment down |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| FROM scratch | ||
| COPY ./antithesis/config/docker-compose.yml docker-compose.yaml | ||
| COPY ./antithesis/config/environment .env | ||
|
|
||
| # Install version and buildinfo files | ||
| COPY ./antithesis/config/version /opt/antithesis/version | ||
| COPY ./antithesis/config/buildinfo /opt/antithesis/buildinfo |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| This file is populated by GH workflows via /scripts/buildinfo.sh | ||
|
|
||
| If you can read this, the step was skipped... |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| services: | ||
| replica-A: | ||
| container_name: replica-A | ||
| hostname: replica-A | ||
| image: raft_sut:latest | ||
| entrypoint: /bin/raft-replica | ||
| command: -replica-id replica-A -group-id "test-raft" -nats-url nats://nats-server:4222 -peers replica-A,replica-B,replica-C | ||
| networks: | ||
| antithesis-net: | ||
| ipv4_address: 10.20.20.2 | ||
| deploy: | ||
| resources: | ||
| limits: | ||
| cpus: ${CPU_LIMIT} | ||
| memory: ${MEM_LIMIT} | ||
| depends_on: | ||
| nats-server: | ||
| condition: service_started | ||
| restart: false | ||
| replica-B: | ||
| container_name: replica-B | ||
| hostname: replica-B | ||
| image: raft_sut:latest | ||
| entrypoint: /bin/raft-replica | ||
| command: -replica-id replica-B -group-id "test-raft" -nats-url nats://nats-server:4222 -peers replica-A,replica-B,replica-C | ||
| networks: | ||
| antithesis-net: | ||
| ipv4_address: 10.20.20.3 | ||
| deploy: | ||
| resources: | ||
| limits: | ||
| cpus: ${CPU_LIMIT} | ||
| memory: ${MEM_LIMIT} | ||
| depends_on: | ||
| nats-server: | ||
| condition: service_started | ||
| restart: false | ||
| replica-C: | ||
| container_name: replica-C | ||
| hostname: replica-C | ||
| image: raft_sut:latest | ||
| entrypoint: /bin/raft-replica | ||
| command: -replica-id replica-C -group-id "test-raft" -nats-url nats://nats-server:4222 -peers replica-A,replica-B,replica-C | ||
| networks: | ||
| antithesis-net: | ||
| ipv4_address: 10.20.20.4 | ||
| deploy: | ||
| resources: | ||
| limits: | ||
| cpus: ${CPU_LIMIT} | ||
| memory: ${MEM_LIMIT} | ||
| depends_on: | ||
| nats-server: | ||
| condition: service_started | ||
| restart: false | ||
|
|
||
| workload: | ||
| container_name: workload | ||
| hostname: workload | ||
| image: raft_workload:latest | ||
| entrypoint: /bin/workload | ||
| command: -group-id "test-raft" -nats-url nats://nats-server:4222 | ||
| networks: | ||
| antithesis-net: | ||
| ipv4_address: 10.20.20.130 | ||
| depends_on: | ||
| nats-server: | ||
| condition: service_started | ||
| restart: false | ||
|
|
||
| nats-server: | ||
| container_name: nats-server | ||
| hostname: nats-server | ||
| image: nats_server:latest | ||
| command: --port 4222 | ||
| ports: | ||
| - "4222:4222" | ||
| networks: | ||
| antithesis-net: | ||
| ipv4_address: 10.20.20.150 | ||
|
|
||
| networks: | ||
| antithesis-net: | ||
| driver: bridge | ||
| ipam: | ||
| config: | ||
| - subnet: 10.20.20.0/24 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,6 @@ | ||
| # Soft-limit Go runtime memory | ||
| GOMEMLIMIT=512MiB | ||
|
|
||
| # Hard limits on server containers resources | ||
| MEM_LIMIT=2G | ||
| CPU_LIMIT=1.0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| This file is populated by GH workflows via /scripts/buildinfo.sh | ||
|
|
||
| If you can read this, the step was skipped... |
Oops, something went wrong.