ci.yml

# Copyright (c) 2023-present The Bitcoin Core developers
# Distributed under the MIT software license, see the accompanying
# file COPYING or https://opensource.org/license/mit.

name: CI
on:
  # See: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#pull_request.
  pull_request:
  # See: https://docs.github.com/en/actions/writing-workflows/choosing-when-your-workflow-runs/events-that-trigger-workflows#push.
  push:
    branches:
      - '**'
    tags-ignore:
      - '**'

concurrency:
  group: ${{ github.event_name != 'pull_request' && github.run_id || github.ref }}
  cancel-in-progress: true

env:
  CI_FAILFAST_TEST_LEAVE_DANGLING: 1  # GHA does not care about dangling processes and setting this variable avoids killing the CI script itself on error
  CIRRUS_CACHE_HOST: http://127.0.0.1:12321/ # When using Cirrus Runners this host can be used by the docker `gha` build cache type.
  REPO_USE_CIRRUS_RUNNERS: 'bitcoin/bitcoin' # Use cirrus runners and cache for this repo, instead of falling back to the slow GHA runners

defaults:
  run:
    # Enforce fail-fast behavior for all platforms.
    # See: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#exit-codes-and-error-action-preference
    shell: bash

jobs:
  runners:
    name: 'determine runners'
    runs-on: ubuntu-latest
    outputs:
      provider: ${{ steps.runners.outputs.provider }}
    steps:
      - id: runners
        run: |
          if [[ "${REPO_USE_CIRRUS_RUNNERS}" == "${{ github.repository }}" ]]; then
            echo "provider=cirrus" >> "$GITHUB_OUTPUT"
            echo "::notice title=Runner Selection::Using Cirrus Runners"
          else
            echo "provider=gha" >> "$GITHUB_OUTPUT"
            echo "::notice title=Runner Selection::Using GitHub-hosted runners"
          fi

  test-each-commit:
    name: 'test each commit'
    runs-on: ubuntu-24.04
    if: github.event_name == 'pull_request' && github.event.pull_request.commits != 1
    timeout-minutes: 360  # Use maximum time, see https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#jobsjob_idtimeout-minutes. Assuming a worst case time of 1 hour per commit, this leads to a --max-count=6 below.
    env:
      MAX_COUNT: 6
    steps:
      - name: Determine fetch depth
        run: echo "FETCH_DEPTH=$((${{ github.event.pull_request.commits }} + 2))" >> "$GITHUB_ENV"
      - uses: actions/checkout@v5
        with:
          ref: ${{ github.event.pull_request.head.sha }}
          fetch-depth: ${{ env.FETCH_DEPTH }}
      - name: Determine commit range
        run: |
          # Checkout HEAD~ and find the test base commit
          # Checkout HEAD~ because it would be wasteful to rerun tests on the PR
          # head commit that are already run by other jobs.
          git checkout HEAD~
          # Figure out test base commit by listing ancestors of HEAD, excluding
          # ancestors of the most recent merge commit, limiting the list to the
          # newest MAX_COUNT ancestors, ordering it from oldest to newest, and
          # taking the first one.
          #
          # If the branch contains up to MAX_COUNT ancestor commits after the
          # most recent merge commit, all of those commits will be tested. If it
          # contains more, only the most recent MAX_COUNT commits will be
          # tested.
          #
          # In the command below, the ^@ suffix is used to refer to all parents
          # of the merge commit as described in:
          # https://git-scm.com/docs/git-rev-parse#_other_rev_parent_shorthand_notations
          # and the ^ prefix is used to exclude these parents and all their
          # ancestors from the rev-list output as described in:
          # https://git-scm.com/docs/git-rev-list
          MERGE_BASE=$(git rev-list -n1 --merges HEAD)
          EXCLUDE_MERGE_BASE_ANCESTORS=
          # MERGE_BASE can be empty due to limited fetch-depth
          if test -n "$MERGE_BASE"; then
            EXCLUDE_MERGE_BASE_ANCESTORS=^${MERGE_BASE}^@
          fi
          echo "TEST_BASE=$(git rev-list -n$((${{ env.MAX_COUNT }} + 1)) --reverse HEAD $EXCLUDE_MERGE_BASE_ANCESTORS | head -1)" >> "$GITHUB_ENV"
      - run: |
          git fetch origin "${GITHUB_BASE_REF}"
          git config user.email "ci@example.com"
          git config user.name "CI"
      - run: |
          sudo apt-get update
          sudo apt-get install clang mold ccache build-essential cmake ninja-build pkgconf libboost-dev systemtap-sdt-dev capnproto libcapnp-dev -y
      - name: Compile and run tests
        run: |
          # Run tests on commits after the last merge commit and before the PR head commit
          git rebase --exec "git merge --no-commit origin/${GITHUB_BASE_REF} && python3 ./.github/ci-test-each-commit-exec.py && git reset --hard" ${{ env.TEST_BASE }}

  stratum-v2-regtest:
    name: 'SRI integration test'
    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
    uses: ./.github/workflows/sri-integration-test.yml

  macos-native-arm64:
    name: ${{ matrix.job-name }}
    # Use any image to support the xcode-select below, but hardcode version to avoid silent upgrades (and breaks).
    # See: https://github.com/actions/runner-images#available-images.
    runs-on: macos-15

    # When a contributor maintains a fork of the repo, any pull request they make
    # to their own fork, or to the main repository, will trigger two CI runs:
    # one for the branch push and one for the pull request.
    # This can be avoided by setting SKIP_BRANCH_PUSH=true as a custom env variable
    # in Github repository settings.
    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}

    timeout-minutes: 120

    strategy:
      fail-fast: false
      matrix:
        job-type: [standard, fuzz]
        include:
          - job-type: standard
            file-env: './ci/test/00_setup_env_mac_native.sh'
            job-name: 'macOS native, no depends'
          - job-type: fuzz
            file-env: './ci/test/00_setup_env_mac_native_fuzz.sh'
            job-name: 'macOS native, fuzz'

    env:
      DANGER_RUN_CI_ON_HOST: 1
      BASE_ROOT_DIR: ${{ github.workspace }}

    steps:
      - &CHECKOUT
        name: Checkout
        uses: actions/checkout@v5
        with:
          # Ensure the latest merged pull request state is used, even on re-runs.
          ref: &CHECKOUT_REF_TMPL ${{ github.event_name == 'pull_request' && github.ref || '' }}

      - name: Clang version
        run: |
          # Use the earliest Xcode supported by the version of macOS denoted in
          # doc/release-notes-empty-template.md and providing at least the
          # minimum clang version denoted in doc/dependencies.md.
          # See: https://developer.apple.com/documentation/xcode-release-notes/xcode-16-release-notes
          sudo xcode-select --switch /Applications/Xcode_16.0.app
          clang --version

      - name: Install Homebrew packages
        env:
          HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: 1
        run: |
          # A workaround for "The `brew link` step did not complete successfully" error.
          brew install --quiet python@3 || brew link --overwrite python@3
          brew install --quiet coreutils ninja pkgconf gnu-getopt ccache boost capnp

      - name: Set Ccache directory
        run: echo "CCACHE_DIR=${RUNNER_TEMP}/ccache_dir" >> "$GITHUB_ENV"

      - name: Restore Ccache cache
        id: ccache-cache
        uses: actions/cache/restore@v4
        with:
          path: ${{ env.CCACHE_DIR }}
          key: ${{ github.job }}-${{ matrix.job-type }}-ccache-${{ github.run_id }}
          restore-keys: ${{ github.job }}-${{ matrix.job-type }}-ccache-

      - name: CI script
        run: ./ci/test_run_all.sh
        env:
          FILE_ENV: ${{ matrix.file-env }}

      - name: Save Ccache cache
        uses: actions/cache/save@v4
        if: github.event_name != 'pull_request' && steps.ccache-cache.outputs.cache-hit != 'true'
        with:
          path: ${{ env.CCACHE_DIR }}
          # https://github.com/actions/cache/blob/main/tips-and-workarounds.md#update-a-cache
          key: ${{ github.job }}-${{ matrix.job-type }}-ccache-${{ github.run_id }}

  ci-matrix:
    name: ${{ matrix.name }}
    needs: runners
    runs-on: ${{ needs.runners.outputs.provider == 'cirrus' && matrix.cirrus-runner || matrix.fallback-runner }}
    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
    timeout-minutes: ${{ matrix.timeout-minutes }}

    env:
      DANGER_CI_ON_HOST_FOLDERS: 1
      FILE_ENV: ${{ matrix.file-env }}

    strategy:
      fail-fast: false
      matrix:
        include:
          - name: '32 bit ARM, unit tests, no functional tests'
            cirrus-runner: 'ubuntu-24.04-arm' # Cirrus' Arm runners are Apple (with virtual Linux aarch64), which doesn't support 32-bit mode
            fallback-runner: 'ubuntu-24.04-arm'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_arm.sh'
            provider: 'gha'

          - name: 'ASan + LSan + UBSan + integer, no depends'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_native_asan.sh'

          - name: 'macOS-cross to arm64, no tests'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_mac_cross.sh'

          - name: 'macOS-cross to x86_64, no tests'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_mac_cross_intel.sh'

          - name: 'i686, DEBUG'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_i686.sh'

          - name: 'fuzzer,address,undefined,integer, no depends'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 240
            file-env: './ci/test/00_setup_env_native_fuzz.sh'

          - name: 'depends DEBUG'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_native.sh'

          - name: 'CentOS, depends'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_native_centos.sh'

          - name: 'tidy'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-md'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_native_tidy.sh'

          - name: 'TSan, depends'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_native_tsan.sh'

          - name: 'MSan, depends'
            cirrus-runner: 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-lg'
            fallback-runner: 'ubuntu-24.04'
            timeout-minutes: 120
            file-env: './ci/test/00_setup_env_native_msan.sh'

    steps:
      - *CHECKOUT

      - name: Configure environment
        uses: ./.github/actions/configure-environment

      - name: Restore caches
        id: restore-cache
        uses: ./.github/actions/restore-caches

      - name: Configure Docker
        uses: ./.github/actions/configure-docker
        with:
          cache-provider: ${{ matrix.provider || needs.runners.outputs.provider }}

      - name: Set mmap_rnd_bits
        if: ${{ env.CONTAINER_NAME == 'ci_native_tsan' || env.CONTAINER_NAME == 'ci_native_msan' }}
        # Prevents crashes due to high ASLR entropy
        run: sudo sysctl -w vm.mmap_rnd_bits=28

      - name: CI script
        run: ./ci/test_run_all.sh

      - name: Save caches
        uses: ./.github/actions/save-caches

  lint:
    name: 'lint'
    needs: runners
    runs-on: ${{ needs.runners.outputs.use-cirrus-runners == 'true' && 'ghcr.io/cirruslabs/ubuntu-runner-amd64:24.04-sm' || 'ubuntu-24.04' }}
    if: ${{ vars.SKIP_BRANCH_PUSH != 'true' || github.event_name == 'pull_request' }}
    timeout-minutes: 20
    env:
      CONTAINER_NAME: "bitcoin-linter"
    steps:
      - name: Checkout
        uses: actions/checkout@v5
        with:
          ref: *CHECKOUT_REF_TMPL
          fetch-depth: 0

      - name: Configure Docker
        uses: ./.github/actions/configure-docker
        with:
          cache-provider: ${{ needs.runners.outputs.provider }}

      - name: CI script
        run: |
          set -o xtrace
          docker buildx build -t "$CONTAINER_NAME" $DOCKER_BUILD_CACHE_ARG --file "./ci/lint_imagefile" .
          CIRRUS_PR_FLAG=""
          if [ "${{ github.event_name }}" = "pull_request" ]; then
            CIRRUS_PR_FLAG="-e CIRRUS_PR=1"
          fi
          docker run --rm $CIRRUS_PR_FLAG -v "$(pwd)":/bitcoin "$CONTAINER_NAME"