pantry/.github/workflows/pkg-platform.yml

223 lines
7.4 KiB
YAML
Raw Normal View History

2023-12-13 13:42:25 +03:00
name: pkg for platform
run-name: pkging ${{ fromJSON(inputs.pkg).project }} (${{ inputs.name }})
2023-12-13 13:42:25 +03:00
on:
workflow_call:
inputs:
name:
2023-12-13 19:47:32 +03:00
description: brewkit platform unique ID
type: string
tinyname:
2023-12-13 13:42:25 +03:00
description: >
2023-12-13 19:47:32 +03:00
GitHub Actions has a non resizable sidebar so we need a shorter name
or its much harder to differentiate the different jobs.
2023-12-13 13:42:25 +03:00
type: string
2023-12-13 19:47:32 +03:00
default: ${{ inputs.name }}
2023-12-13 13:42:25 +03:00
os:
type: string
container:
required: false
type: string
pkg:
description: eg. `example.com@1.2.3`
type: string
dry-run:
description: dry runs do not modify bottle storage
type: boolean
default: false
test-os:
description: a JSON array of runner-names
type: string
test-container:
description: >
A JSON array of docker image names or `[null]`.
Indeed! You cannot leave this as `null` or undefined.
Sorry, GHA is not flexible enough to efficiently work around this.
type: string
secrets:
APPLE_CERTIFICATE_P12: { required: false }
APPLE_CERTIFICATE_P12_PASSWORD: { required: false }
APPLE_IDENTITY: { required: false }
GPG_KEY_ID: { required: true }
GPG_PRIVATE_KEY: { required: true }
AWS_ACCESS_KEY_ID: { required: false }
AWS_S3_BUCKET: { required: true }
AWS_SECRET_ACCESS_KEY: { required: true }
AWS_CF_DISTRIBUTION_ID: { required: true }
env:
BREWKIT_PKGJSON: ${{ inputs.pkg }}
2023-12-13 13:42:25 +03:00
jobs:
build:
2023-12-13 19:47:32 +03:00
name: build ${{inputs.tinyname}}
2023-12-13 13:42:25 +03:00
runs-on: ${{ fromJSON(inputs.os) }}
container: ${{ inputs.container }}
outputs:
project: ${{ steps.build.outputs.project }}
version: ${{ steps.build.outputs.version }}
platform: ${{ steps.build.outputs.platform }}
arch: ${{ steps.build.outputs.arch }}
env:
PKGX_PANTRY_PATH: ${{ github.workspace }}
steps:
- uses: actions/checkout@v4
- uses: pkgxdev/setup@v2
with:
PKGX_DIR: /opt
- uses: ./.github/actions/setup
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }}
APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY }}
- uses: pkgxdev/brewkit/build@v1
id: build
- uses: styfle/cancel-workflow-action@0.12.0
if: steps.build.outputs.noop
- uses: pkgxdev/brewkit/audit@v1
- uses: pkgxdev/brewkit/upload-build-artifact@v1
test:
2023-12-13 19:47:32 +03:00
name: test ${{inputs.tinyname}} ${{ matrix.container || ''}} ${{ matrix.container || '' }} ${{ join(matrix.os, '+') }}
2023-12-13 13:42:25 +03:00
needs: build
strategy:
matrix:
os: ${{ fromJSON(inputs.test-os) }}
container: ${{ fromJSON(inputs.test-container) }}
runs-on: ${{ matrix.os }}
container: ${{ matrix.container }}
env:
PKGX_PANTRY_PATH: ${{ github.workspace }}
steps:
- uses: pkgxdev/setup@v2
- uses: actions/checkout@v4
- uses: pkgxdev/brewkit/download-build-artifact@v1
- uses: pkgxdev/brewkit/test@v1
bottle:
2023-12-13 19:47:32 +03:00
name: bottle (${{inputs.tinyname}}.${{matrix.compression}})
2023-12-13 13:42:25 +03:00
needs: [build, test]
strategy:
matrix:
compression: [xz, gz]
runs-on: ubuntu-latest
outputs:
paths: ${{ steps.put.outputs.cf-paths }}
env:
PREFIX: ${{ needs.build.outputs.project }}/${{ needs.build.outputs.platform }}/${{ needs.build.outputs.arch }}/v${{ needs.build.outputs.version }}.tar.${{ matrix.compression }}
steps:
- uses: pkgxdev/setup@v2
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: import GPG key
2023-12-15 10:40:34 +03:00
run: echo $GPG_PRIVATE_KEY |
2023-12-13 13:42:25 +03:00
base64 -d |
pkgx gpg --import --batch --yes
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- uses: pkgxdev/brewkit/download-build-artifact@v1
id: dl
with:
platform: ${{ inputs.name }}
extract: false
- uses: pkgxdev/brewkit/bottle@v1
id: bottle
with:
file: ${{ steps.dl.outputs.filename }}
compression: ${{ matrix.compression }}
- name: gpg
run: pkgx gpg
--detach-sign
--armor
--output ${{ steps.bottle.outputs.filename }}.asc
--local-user ${{ secrets.GPG_KEY_ID }}
${{ steps.bottle.outputs.filename }}
- name: sha
run: pkgx
sha256sum
${{ steps.bottle.outputs.filename }} > ${{ steps.bottle.outputs.filename }}.sha256sum
- name: s3 put
run: |
aws s3 cp ${{ steps.bottle.outputs.filename }} $URL
aws s3 cp ${{ steps.bottle.outputs.filename }}.asc $URL.asc
aws s3 cp ${{ steps.bottle.outputs.filename }}.sha256sum $URL.sha256sum
2023-12-13 13:55:26 +03:00
echo "cf-paths=/$PREFIX /$PREFIX.asc /$PREFIX.sha256sum" >> $GITHUB_OUTPUT
2023-12-13 13:42:25 +03:00
env:
URL: s3://${{ secrets.AWS_S3_BUCKET }}/${{ env.PREFIX }}
id: put
if: ${{ ! inputs.dry-run }}
2023-12-13 19:47:32 +03:00
publish:
name: publish ${{inputs.tinyname}} ${{ inputs.dry-run && '(dry-run)' }}
2023-12-13 13:42:25 +03:00
runs-on: ubuntu-latest
needs: [bottle, build]
env:
DIRNAME: ${{ needs.build.outputs.project }}/${{ needs.build.outputs.platform }}/${{ needs.build.outputs.arch }}
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- uses: pkgxdev/setup@v2
- name: generate versions.txt
run: |
2023-12-15 10:40:34 +03:00
if ! aws s3 cp \
2023-12-13 13:42:25 +03:00
s3://${{ secrets.AWS_S3_BUCKET }}/${{ needs.build.outputs.project }}/${{ needs.build.outputs.platform }}/${{ needs.build.outputs.arch }}/versions.txt \
2023-12-15 10:40:34 +03:00
./remote-versions.txt; then
touch remote-versions.txt
fi
2023-12-13 13:42:25 +03:00
echo "$SCRIPT" > script.ts
pkgx deno run -A script.ts ./remote-versions.txt ${{ needs.build.outputs.version }} > versions.txt
env:
SCRIPT: |
import SemVer, { compare } from "https://raw.githubusercontent.com/pkgxdev/libpkgx/main/src/utils/semver.ts"
const versions = Deno.readTextFileSync(Deno.args[0]).trim().split("\n").filter(x => x)
versions.push(Deno.args[1])
const out = versions.map(x => new SemVer(x)).sort(compare).join("\n")
await Deno.stdout.write(new TextEncoder().encode(out.trim()))
- name: s3 put
run: aws s3 cp versions.txt s3://${{ secrets.AWS_S3_BUCKET }}/$DIRNAME/versions.txt
if: ${{ ! inputs.dry-run }}
- name: invalidate cloudfront
run: aws cloudfront create-invalidation
2023-12-15 10:40:34 +03:00
--distribution-id ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
--paths
/$DIRNAME/versions.txt
${{ needs.bottle.outputs.paths }}
2023-12-13 13:42:25 +03:00
if: ${{ ! inputs.dry-run }}
2023-12-13 19:47:32 +03:00
complain:
needs: [build, test, bottle]
if: failure() && !inputs.dry-run
runs-on: ubuntu-latest
permissions:
issues: write
steps:
- uses: actions/checkout@v4
- uses: ./.github/actions/complain
with:
2023-12-16 22:09:49 +03:00
pkg: ${{ fromJSON(inputs.pkg).project }}=${{ fromJSON(inputs.pkg).version.value }}
2023-12-13 19:47:32 +03:00
platform: ${{ inputs.name }}