name: PR on: push: branches: - main pull_request: jobs: backend_test_docker_dev: name: backend tests (docker dev container) runs-on: ubuntu-24.04 timeout-minutes: 10 steps: - uses: actions/checkout@v4 - name: Build decompme_backend image run: |- docker build backend -t decompme_backend - name: Run tests run: |- sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 # NOTE: CI does not run as 'ubuntu' user export USER_1000=$(getent passwd 1000 | cut -d: -f1) for dir in backend/.venv sandbox local_files compilers libraries; do mkdir -p "$dir" sudo chown "${USER_1000}:${USER_1000}" "$dir" done docker run \ -v $(pwd):/decomp.me \ -v $(pwd)/local_files:/local_files \ -v $(pwd)/compilers:/compilers \ -v $(pwd)/libraries:/libraries \ --security-opt apparmor=unconfined \ --security-opt seccomp=unconfined \ --cap-drop all \ --cap-add setuid \ --cap-add setgid \ --cap-add setfcap \ --tmpfs /sandbox/tmp:exec,uid=1000,gid=1000,size=64M,mode=0700 \ --entrypoint /bin/bash \ -e COMPILER_BASE_PATH=/compilers \ -e LIBRARY_BASE_PATH=/libraries \ -e WINEPREFIX=/tmp/wine \ -e LOCAL_FILE_DIR=/local_files \ -e USE_SANDBOX_JAIL=on \ -e SANDBOX_DISABLE_PROC=true \ -e TIMEOUT_SCALE_FACTOR=10 \ decompme_backend \ -c 'cd /decomp.me/backend && \ uv sync && \ uv run compilers/download.py --compilers-dir ${COMPILER_BASE_PATH} && \ uv run libraries/download.py --libraries-dir ${LIBRARY_BASE_PATH} && \ for r in wine/*.reg; do regedit $r; done && \ uv run python manage.py test' backend_test_docker_prod: name: backend tests (docker prod container) runs-on: ubuntu-24.04 timeout-minutes: 10 steps: - uses: actions/checkout@v4 - name: Build decompme_backend image run: |- docker build backend --target prod -t decompme_backend - name: Fetch compilers and libraries run: |- python3 -m pip install requests python3 backend/compilers/download.py python3 backend/libraries/download.py export USER_1000=$(getent passwd 1000 | cut -d: -f1) sudo chown -R ${USER_1000}:${USER_1000} backend/compilers sudo chown -R ${USER_1000}:${USER_1000} backend/libraries - name: Run tests run: |- sudo sysctl -w kernel.apparmor_restrict_unprivileged_unconfined=0 sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 export USER_1000=$(getent passwd 1000 | cut -d: -f1) mkdir -p local_files && sudo chown ${USER_1000}:${USER_1000} local_files docker run \ -v $(pwd)/local_files:/local_files \ -v $(pwd)/backend/compilers:/compilers \ -v $(pwd)/backend/libraries:/libraries \ --security-opt apparmor=unconfined \ --security-opt seccomp=unconfined \ --cap-drop all \ --cap-add setuid \ --cap-add setgid \ --cap-add setfcap \ --tmpfs /sandbox/tmp:exec,uid=1000,gid=1000,size=64M,mode=0700 \ --entrypoint /bin/bash \ -e LOCAL_FILE_DIR=/local_files \ -e COMPILER_BASE_PATH=/compilers \ -e LIBRARY_BASE_PATH=/libraries \ -e USE_SANDBOX_JAIL=on \ -e SANDBOX_DISABLE_PROC=true \ -e TIMEOUT_SCALE_FACTOR=10 \ -e DATABASE_URL=sqlite:///:memory: \ -e DUMMY_COMPILER=1 \ -e SECRET_KEY=secret-key-secret-key-secret-key-secret-key-secret-key-secret-key \ decompme_backend \ -c '\ for r in wine/*.reg; do regedit $r; done && \ uv run python manage.py test' docker_compose_test: name: test docker compose runs-on: ubuntu-24.04 timeout-minutes: 10 steps: - uses: actions/checkout@v4 - name: Fetch compilers and libraries run: | python3 -m pip install requests python3 backend/compilers/download.py python3 backend/libraries/download.py export USER_1000=$(getent passwd 1000 | cut -d: -f1) sudo chown -R ${USER_1000}:${USER_1000} backend/compilers sudo chown -R ${USER_1000}:${USER_1000} backend/libraries - name: Setup dummy docker.prod.dev run: | echo 'POSTGRES_USER=decompme' >> docker.prod.env echo 'POSTGRES_PASSWORD=decompme' >> docker.prod.env echo 'SECRET_KEY=secret-key-secret-key-secret-key-secret-key-secret-key-secret-key' >> docker.prod.env echo 'DATABASE_URL=psql://decompme:decompme@postgres:5432/decompme' >> docker.prod.env echo 'CONN_MAX_AGE=60' >> docker.prod.env echo 'CONN_HEALTH_CHECKS="true"' >> docker.prod.env echo 'SANDBOX_DISABLE_PROC="true"' >> docker.prod.env echo 'ALLOWED_HOSTS="backend,localhost,127.0.0.1"' >> docker.prod.env echo 'USE_SANDBOX_JAIL="on"' >> docker.prod.env echo 'CI=true' >> docker.prod.env - name: Comment out SSL server configuration from nginx run: | sed -i '/{{HTTPS_SERVER_BLOCK_START}}/,/{{HTTPS_SERVER_BLOCK_END}}/s/^/#/' nginx/production.conf - name: Bring up postgres and nginx containers run: | docker compose -f docker-compose.prod.yaml up -d postgres nginx timeout 15s docker compose -f docker-compose.prod.yaml logs -f || true docker compose logs nginx | grep "ready for start up" ! docker compose logs nginx | grep -q "nginx-1 exited with code" - name: Build and bring up up backend container run: | docker compose -f docker-compose.prod.yaml build backend docker compose -f docker-compose.prod.yaml up -d backend timeout 15s docker compose -f docker-compose.prod.yaml logs -f || true - name: Build and bring up up frontend container run: | docker compose -f docker-compose.prod.yaml -f docker-compose.build.yaml build frontend docker compose -f docker-compose.prod.yaml up -d frontend timeout 15s docker compose -f docker-compose.prod.yaml logs -f || true - name: Sanity check the endpoints run: | curl --silent http://localhost:8080/ | head -c 256 curl --silent http://localhost:8000/api/ | jq - name: Shut everything down run: | docker compose -f docker-compose.prod.yaml down - name: Print out image sizes run: | docker image ls frontend_lint: name: biome runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Setup Node.js 24 uses: actions/setup-node@v4 with: node-version: 24 cache: yarn cache-dependency-path: frontend/yarn.lock - name: Install frontend dependencies run: | cd frontend yarn --frozen-lockfile - name: Run Biome run: | cd frontend yarn lint mypy: name: mypy runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Install uv uses: astral-sh/setup-uv@v4 with: version: "latest" - name: Setup Python 3.12 uses: actions/setup-python@v5 with: python-version: "3.12" - run: |- cd backend uv sync uv run mypy ruff: name: ruff runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 - name: Install uv uses: astral-sh/setup-uv@v4 with: version: "latest" - name: Setup Python 3.12 uses: actions/setup-python@v5 with: python-version: "3.12" - run: |- cd backend uv sync uv run ruff check . uv run ruff format --check .