ivabus/pantry
1
0
Fork 0
mirror of https://github.com/ivabus/pantry synced 2024-11-10 10:35:17 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
pantry/.github/workflows/pkg-platform.yml

259 lines
8.4 KiB
YAML
Raw Normal View History

use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
name: pkg for platform
use brewkit/id to reduce github API lookups (#4426)
2023-12-15 21:32:55 +03:00
run-name: pkging ${{ fromJSON(inputs.pkg).project }} (${{ inputs.name }})
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
on:
workflow_call:
inputs:
name:
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
description: brewkit platform unique ID
type: string
tinyname:
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
description: >
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
GitHub Actions has a non resizable sidebar so we need a shorter name
or its much harder to differentiate the different jobs.
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
type: string
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
default: ${{ inputs.name }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
os:
type: string
container:
required: false
type: string
pkg:
description: eg. `example.com@1.2.3`
type: string
dry-run:
description: dry runs do not modify bottle storage
type: boolean
default: false
test-os:
description: a JSON array of runner-names
type: string
test-container:
description: >
A JSON array of docker image names or `[null]`.
Indeed! You cannot leave this as `null` or undefined.
Sorry, GHA is not flexible enough to efficiently work around this.
type: string
Only complain for automation driven builds
2023-12-29 14:34:42 +03:00
complain:
type: boolean
default: false
Only invalidate cloudfront once for restock ops
2024-01-06 15:07:56 +03:00
invalidate-cloudfront:
type: boolean
default: true
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
secrets:
APPLE_CERTIFICATE_P12: { required: false }
APPLE_CERTIFICATE_P12_PASSWORD: { required: false }
APPLE_IDENTITY: { required: false }
GPG_KEY_ID: { required: true }
GPG_PRIVATE_KEY: { required: true }
AWS_ACCESS_KEY_ID: { required: false }
AWS_S3_BUCKET: { required: true }
AWS_SECRET_ACCESS_KEY: { required: true }
AWS_CF_DISTRIBUTION_ID: { required: true }
use brewkit/id to reduce github API lookups (#4426)
2023-12-15 21:32:55 +03:00
env:
BREWKIT_PKGJSON: ${{ inputs.pkg }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
jobs:
build:
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
name: build ${{inputs.tinyname}}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
runs-on: ${{ fromJSON(inputs.os) }}
container: ${{ inputs.container }}
Remove GHA permissions where possible (#4812)
2024-01-11 23:05:04 +03:00
permissions: {}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
outputs:
project: ${{ steps.build.outputs.project }}
version: ${{ steps.build.outputs.version }}
platform: ${{ steps.build.outputs.platform }}
arch: ${{ steps.build.outputs.arch }}
env:
PKGX_PANTRY_PATH: ${{ github.workspace }}
steps:
- uses: actions/checkout@v4
- uses: pkgxdev/setup@v2
with:
PKGX_DIR: /opt
- uses: ./.github/actions/setup
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY }}
moment of truth
2024-04-04 00:58:04 +03:00
- uses: pkgxdev/brewkit/build@v1
missing required inputs in actions
2023-12-19 22:25:30 +03:00
with:
pkg: ${{ inputs.pkg }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
id: build
- uses: styfle/cancel-workflow-action@0.12.0
if: steps.build.outputs.noop
moment of truth
2024-04-04 00:58:04 +03:00
- uses: pkgxdev/brewkit/audit@v1
missing required inputs in actions
2023-12-19 22:25:30 +03:00
with:
pkg: ${{ inputs.pkg }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
moment of truth
2024-04-04 00:58:04 +03:00
- uses: pkgxdev/brewkit/upload-build-artifact@v1
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
test:
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
name: test ${{inputs.tinyname}} ${{ matrix.container || ''}} ${{ matrix.container || '' }} ${{ join(matrix.os, '+') }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
needs: build
strategy:
matrix:
os: ${{ fromJSON(inputs.test-os) }}
container: ${{ fromJSON(inputs.test-container) }}
Remove GHA permissions where possible (#4812)
2024-01-11 23:05:04 +03:00
permissions: {}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
env:
PKGX_PANTRY_PATH: ${{ github.workspace }}
steps:
- uses: pkgxdev/setup@v2
- uses: actions/checkout@v4
moment of truth
2024-04-04 00:58:04 +03:00
- uses: pkgxdev/brewkit/download-build-artifact@v1
missing required inputs in actions
2023-12-19 22:25:30 +03:00
with:
pkg: ${{ inputs.pkg }}
moment of truth
2024-04-04 00:58:04 +03:00
- uses: pkgxdev/brewkit/test@v1
missing required inputs in actions
2023-12-19 22:25:30 +03:00
with:
pkg: ${{ inputs.pkg }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
bottle:
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
name: bottle (${{inputs.tinyname}}.${{matrix.compression}})
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
needs: [build, test]
Remove GHA permissions where possible (#4812)
2024-01-11 23:05:04 +03:00
permissions: {}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
strategy:
matrix:
compression: [xz, gz]
runs-on: ubuntu-latest
env:
upload file listing
2024-02-03 00:32:34 +03:00
AWS: ${{ inputs.dry-run && 'echo' || 'aws' }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
PREFIX: ${{ needs.build.outputs.project }}/${{ needs.build.outputs.platform }}/${{ needs.build.outputs.arch }}/v${{ needs.build.outputs.version }}.tar.${{ matrix.compression }}
steps:
- uses: pkgxdev/setup@v2
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: import GPG key
fix publish new packages
2023-12-15 10:40:34 +03:00
run: echo $GPG_PRIVATE_KEY |
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
base64 -d |
pkgx gpg --import --batch --yes
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
moment of truth
2024-04-04 00:58:04 +03:00
- uses: pkgxdev/brewkit/download-build-artifact@v1
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
id: dl
with:
missing required inputs in actions
2023-12-19 22:25:30 +03:00
pkg: ${{ inputs.pkg }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
platform: ${{ inputs.name }}
extract: false
moment of truth
2024-04-04 00:58:04 +03:00
- uses: pkgxdev/brewkit/bottle@v1
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
id: bottle
with:
file: ${{ steps.dl.outputs.filename }}
compression: ${{ matrix.compression }}
- name: gpg
run: pkgx gpg
--detach-sign
--armor
--output ${{ steps.bottle.outputs.filename }}.asc
--local-user ${{ secrets.GPG_KEY_ID }}
${{ steps.bottle.outputs.filename }}
- name: sha
run: pkgx
sha256sum
${{ steps.bottle.outputs.filename }} > ${{ steps.bottle.outputs.filename }}.sha256sum
- name: s3 put
run: |
upload file listing
2024-02-03 00:32:34 +03:00
$AWS s3 cp ${{ steps.bottle.outputs.filename }} $URL
$AWS s3 cp ${{ steps.bottle.outputs.filename }}.asc $URL.asc
$AWS s3 cp ${{ steps.bottle.outputs.filename }}.sha256sum $URL.sha256sum
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
[cd] fix versions.txt invalidation
2023-12-13 13:55:26 +03:00
echo "cf-paths=/$PREFIX /$PREFIX.asc /$PREFIX.sha256sum" >> $GITHUB_OUTPUT
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
env:
URL: s3://${{ secrets.AWS_S3_BUCKET }}/${{ env.PREFIX }}
id: put
upload file listing
2024-02-03 00:32:34 +03:00
- name: s3 put file listing
if: ${{ matrix.compression == 'gz' }}
id: files
run: |
PREFIX=$(dirname $PREFIX)
tar tf ${{ steps.bottle.outputs.filename }} \
| grep -v '/$' \
| grep -v '^venv/' \
> $FILENAME
$AWS s3 cp $FILENAME s3://${{ secrets.AWS_S3_BUCKET }}/$PREFIX/$FILENAME
echo "cf-paths=/$PREFIX/$FILENAME" >> $GITHUB_OUTPUT
env:
FILENAME: v${{ needs.build.outputs.version }}.files.txt
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
fix CF invalidate matrices don't output stable or combined data, so we weren't invalidating everything we think we were.
2023-12-22 18:25:43 +03:00
- name: invalidate cloudfront
upload file listing
2024-02-03 00:32:34 +03:00
run: $AWS cloudfront create-invalidation
fix CF invalidate matrices don't output stable or combined data, so we weren't invalidating everything we think we were.
2023-12-22 18:25:43 +03:00
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths
upload file listing
2024-02-03 00:32:34 +03:00
${{ steps.put.outputs.cf-paths }} ${{ steps.files.outputs.cf-paths }}
if: inputs.invalidate-cloudfront
fix CF invalidate matrices don't output stable or combined data, so we weren't invalidating everything we think we were.
2023-12-22 18:25:43 +03:00
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
publish:
name: publish ${{inputs.tinyname}} ${{ inputs.dry-run && '(dry-run)' }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
runs-on: ubuntu-latest
needs: [bottle, build]
Remove GHA permissions where possible (#4812)
2024-01-11 23:05:04 +03:00
permissions: {}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
env:
upload file listing
2024-02-03 00:32:34 +03:00
AWS: ${{ inputs.dry-run && 'echo' || 'aws' }}
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
DIRNAME: ${{ needs.build.outputs.project }}/${{ needs.build.outputs.platform }}/${{ needs.build.outputs.arch }}
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- uses: pkgxdev/setup@v2
- name: generate versions.txt
run: |
fix publish new packages more
2023-12-15 10:40:34 +03:00
if ! aws s3 cp \
fix CF invalidate matrices don't output stable or combined data, so we weren't invalidating everything we think we were.
2023-12-22 18:25:43 +03:00
s3://${{ secrets.AWS_S3_BUCKET }}/$DIRNAME/versions.txt \
fix publish new packages
2023-12-15 10:40:34 +03:00
./remote-versions.txt; then
touch remote-versions.txt
fi
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
echo "$SCRIPT" > script.ts
pkgx deno run -A script.ts ./remote-versions.txt ${{ needs.build.outputs.version }} > versions.txt
env:
SCRIPT: |
import SemVer, { compare } from "https://raw.githubusercontent.com/pkgxdev/libpkgx/main/src/utils/semver.ts"
fix CF invalidate matrices don't output stable or combined data, so we weren't invalidating everything we think we were.
2023-12-22 18:25:43 +03:00
const versions = new Set(Deno.readTextFileSync(Deno.args[0]).trim().split("\n").filter(x => x))
versions.add(Deno.args[1])
const out = [...versions].map(x => new SemVer(x)).sort(compare).join("\n")
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
await Deno.stdout.write(new TextEncoder().encode(out.trim()))
- name: s3 put
upload file listing
2024-02-03 00:32:34 +03:00
run: $AWS s3 cp versions.txt s3://${{ secrets.AWS_S3_BUCKET }}/$DIRNAME/versions.txt
use brewkit@v1 (#4314)
2023-12-13 13:42:25 +03:00
- name: invalidate cloudfront
upload file listing
2024-02-03 00:32:34 +03:00
run: $AWS cloudfront create-invalidation
fix publish new packages
2023-12-15 10:40:34 +03:00
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths
/$DIRNAME/versions.txt
upload file listing
2024-02-03 00:32:34 +03:00
if: inputs.invalidate-cloudfront
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
complain:
Enable YJIT; Fixes #3538
2023-12-21 11:22:42 +03:00
needs: bottle
Only complain for automation driven builds
2023-12-29 14:34:42 +03:00
if: failure() && !inputs.dry-run && inputs.complain
ci tweaks (#4380)
2023-12-13 19:47:32 +03:00
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/complain
with:
Fix complain titles
2023-12-16 22:09:49 +03:00
pkg: ${{ fromJSON(inputs.pkg).project }}=${{ fromJSON(inputs.pkg).version.value }}
Reference in a new issue Copy permalink