ivabus/pantry
1
0
Fork 0
mirror of https://github.com/ivabus/pantry synced 2024-11-23 00:45:07 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Actions Refactor (#336)

Browse source
This commit is contained in:
Max Howell 2023-02-24 15:50:10 -05:00 committed by GitHub
parent b16629a131
commit 6d48c72aca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 383 additions and 259 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
.github/actions/bottle/action.yml vendored Normal file
View file

@ -0,0 +1,26 @@
name: tea/pantry/bottle
description: internal tea.xyz specific at this time
inputs:
gpg-key-id:
description: ''
required: true
gpg-key-passphrase:
description: ''
required: true
built:
description: ''
required: true
compression:
description: ''
required: true
runs:
using: composite
steps:
- run: ${{ github.action_path }}/bottle.ts ${{ inputs.built }}
shell: sh
env:
COMPRESSION: ${{ inputs.compression }}
GPG_KEY_ID: ${{ inputs.gpg-key-id }}
GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}

4
scripts/bottle.ts → .github/actions/bottle/bottle.ts vendored
View file

@ -22,8 +22,8 @@ import { backticks, panic, run } from "utils"
import { crypto } from "deno/crypto/mod.ts" import { crypto } from "deno/crypto/mod.ts"
import { encode } from "deno/encoding/hex.ts" import { encode } from "deno/encoding/hex.ts"
import { encode as base64Encode } from "deno/encoding/base64.ts" import { encode as base64Encode } from "deno/encoding/base64.ts"
import { set_output } from "./utils/gha.ts" import { set_output } from "../../scripts/utils/gha.ts"
import * as ARGV from "./utils/args.ts" import * as ARGV from "../../scripts/utils/args.ts"
import Path from "path" import Path from "path"
const cellar = useCellar() const cellar = useCellar()

28
.github/actions/cache/action.yml vendored Normal file
View file

@ -0,0 +1,28 @@
name: tea.xyz/pantry/actions/cache
description: cache deno deps
inputs:
cache-name:
description: name of the job to use on the cache key
required: true
runs:
using: composite
steps:
- run: |
if test "$RUNNER_OS" = "macOS"; then
echo "cache=~/Library/Caches/deno" >> $GITHUB_OUTPUT
else
echo "cache=~/.cache/deno" >> $GITHUB_OUTPUT
fi
id: os-cache
shell: sh
- uses: actions/cache@v3
with:
path: |
~/.deno
${{ steps.os-cache.outputs.cache }}
# This isn't perfect (can't hash stuff outside github.workspace, and if the there scripts change, the hash won't)
# but it's good enough for now. It's slightly conservative, since it monitors all .ts files, but that's fine.
key: ${{ runner.os }}-deno-${{ inputs.cache-name }}-${{ hashFiles('**/deno.jsonc', '**/*.ts') }}

22
.github/actions/apple-signing/action.yml → .github/actions/codesign/action.yml vendored
View file

@ -1,5 +1,6 @@
name: Apple signing name: Apple Codesigning
description: signs binaries for macOS description: Codesigns macOS binaries
inputs: inputs:
p12-file-base64: p12-file-base64:
description: Base64 encoded p12 file description: Base64 encoded p12 file
@ -11,11 +12,11 @@ inputs:
description: Identity to use for signing description: Identity to use for signing
required: true required: true
paths: paths:
description: Paths to search for files to sign description: paths to sign
required: true required: true
runs: runs:
using: "composite" using: composite
steps: steps:
# Only runs on macOS # Only runs on macOS
- name: Check platform - name: Check platform
@ -37,13 +38,9 @@ runs:
p12-file-base64: ${{ inputs.p12-file-base64 }} p12-file-base64: ${{ inputs.p12-file-base64 }}
p12-password: ${{ inputs.p12-password }} p12-password: ${{ inputs.p12-password }}
- name: Codesign files - name: Codesign files
shell: sh shell: sh
run: | run: find $PATHS -type f -print0 | xargs -0 codesign -s "$IDENTITY" --force -v --timestamp || true
find $PATHS -type f -print0 | \
xargs -0 /usr/bin/codesign -s "$IDENTITY" --force -v \
--timestamp || true
env: env:
PATHS: ${{ inputs.paths }} PATHS: ${{ inputs.paths }}
IDENTITY: ${{ inputs.identity }} IDENTITY: ${{ inputs.identity }}
@ -51,10 +48,9 @@ runs:
# This isn't very informative, but even a no-op is safer than none # This isn't very informative, but even a no-op is safer than none
- name: Check codesigning - name: Check codesigning
shell: sh shell: sh
run: | # FIXME: `deno` compiled binaries don't currently pass validation.
# FIXME: `deno` compiled binaries don't currently pass validation. # https://github.com/denoland/deno/issues/17753
# https://github.com/denoland/deno/issues/17753 run: find $PATHS -type f ! -name tea -print0 | xargs -0 codesign -vvv --strict
find $PATHS -type f ! -name tea -print0 | xargs -0 codesign -vvv --strict
env: env:
PATHS: ${{ inputs.paths }} PATHS: ${{ inputs.paths }}

35
.github/actions/fetch-pr-artifacts/action.yml vendored Normal file
View file

@ -0,0 +1,35 @@
name: tea/pantry/fetch-pr-artifacts
description: internal tea.xyz specific at this time
inputs:
platform:
description: platform+arch to fetch
required: true
token:
description: github token
default: ${{ github.token }}
required: true
AWS_S3_BUCKET:
description: AWS S3 bucket to use for cache
required: true
AWS_ACCESS_KEY_ID:
description: AWS access key id
required: true
AWS_SECRET_ACCESS_KEY:
description: AWS secret access key
required: true
runs:
using: composite
steps:
- run:
${{ github.action_path }}/fetch-pr-artifacts.ts
${{ github.repository }}
${{ github.sha }}
${{ inputs.platform }} >>$GITHUB_ENV
shell: sh
env:
GITHUB_TOKEN: ${{ inputs.token }}
AWS_S3_CACHE: ${{ inputs.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}

0
scripts/fetch-pr-artifacts.ts → .github/actions/fetch-pr-artifacts/fetch-pr-artifacts.ts vendored
View file

39
.github/actions/get-platform/action.yml vendored Normal file
View file

@ -0,0 +1,39 @@
name: tea/pantry/get-platform
description: Outputs the platform spec we need for builds
inputs:
platform:
description: >
The platform+arch to get specs for
required: true
outputs:
os:
description: the OS for general tasks
value: ${{ steps.platform.outputs.os }}
build-os:
description: the OS for build tasks
value: ${{ steps.platform.outputs.build-os }}
container:
description: the container for build tasks
value: ${{ steps.platform.outputs.container }}
test-matrix:
description: the matrix of os/containers for test tasks
value: ${{ steps.platform.outputs.test-matrix }}
runs:
using: composite
steps:
- uses: teaxyz/setup@v0
with:
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: get-platform
- run: ${{github.action_path}}/get-platform.ts
shell: sh
id: platform
env:
PLATFORM: ${{ inputs.platform }}

13
scripts/get-platform.ts → .github/actions/get-platform/get-platform.ts vendored
View file

@ -25,7 +25,6 @@ type Output = {
buildOs: OS, buildOs: OS,
container?: string, container?: string,
testMatrix: { os: OS, container?: string }[] testMatrix: { os: OS, container?: string }[]
cacheSet: string
} }
type OS = string | string[] type OS = string | string[]
@ -33,11 +32,6 @@ type OS = string | string[]
const platform = Deno.env.get("PLATFORM") ?? panic("$PLATFORM not set") const platform = Deno.env.get("PLATFORM") ?? panic("$PLATFORM not set")
const cacheSets = {
"darwin": `~/.deno\n~/Library/Caches/deno/deps/https/`,
"linux": `~/.deno\n~/.cache/deno/deps/https/`
}
const output: Output = (() => { const output: Output = (() => {
switch(platform) { switch(platform) {
case "darwin+x86-64": { case "darwin+x86-64": {
@ -46,7 +40,6 @@ const output: Output = (() => {
os, os,
buildOs: ["self-hosted", "macOS", "X64"], buildOs: ["self-hosted", "macOS", "X64"],
testMatrix: [{ os }], testMatrix: [{ os }],
cacheSet: cacheSets["darwin"]
} }
} }
case "darwin+aarch64": { case "darwin+aarch64": {
@ -55,7 +48,6 @@ const output: Output = (() => {
os, os,
buildOs: os, buildOs: os,
testMatrix: [{ os }], testMatrix: [{ os }],
cacheSet: cacheSets["darwin"]
} }
} }
case "linux+aarch64": { case "linux+aarch64": {
@ -64,7 +56,6 @@ const output: Output = (() => {
os, os,
buildOs: os, buildOs: os,
testMatrix: [{ os }], testMatrix: [{ os }],
cacheSet: cacheSets["linux"]
} }
} }
case "linux+x86-64": { case "linux+x86-64": {
@ -80,7 +71,6 @@ const output: Output = (() => {
{ os, container }, { os, container },
{ os, container: "debian:buster-slim" } { os, container: "debian:buster-slim" }
], ],
cacheSet: cacheSets["linux"]
} }
} }
default: default:
@ -90,8 +80,7 @@ const output: Output = (() => {
const rv = `os=${JSON.stringify(output.os)}\n` + const rv = `os=${JSON.stringify(output.os)}\n` +
`build-os=${JSON.stringify(output.buildOs)}\n` + `build-os=${JSON.stringify(output.buildOs)}\n` +
`container=${JSON.stringify(output.container)}\n` + `container=${JSON.stringify(output.container)}\n` +
`test-matrix=${JSON.stringify(output.testMatrix)}\n` + `test-matrix=${JSON.stringify(output.testMatrix)}\n`
`cache-set<<EOF\n${output.cacheSet}\nEOF\n`
Deno.stdout.write(new TextEncoder().encode(rv)) Deno.stdout.write(new TextEncoder().encode(rv))

39
.github/actions/has-artifacts/action.yml vendored Normal file
View file

@ -0,0 +1,39 @@
name: tea/pantry/has-artifacts
description: Outputs the platform spec we need for builds
inputs:
platform:
description: >
The platform+arch to get specs for
required: true
outputs:
os:
description: the OS for general tasks
value: ${{ steps.platform.outputs.os }}
build-os:
description: the OS for build tasks
value: ${{ steps.platform.outputs.build-os }}
container:
description: the container for build tasks
value: ${{ steps.platform.outputs.container }}
test-matrix:
description: the matrix of os/containers for test tasks
value: ${{ steps.platform.outputs.test-matrix }}
runs:
using: composite
steps:
- uses: teaxyz/setup@v0
with:
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: has-artifacts
- run: ${{github.action_path}}/get-platform.ts
shell: sh
id: platform
env:
PLATFORM: ${{ inputs.platform }}

6
scripts/has-artifacts.ts → .github/actions/has-artifacts/has-artifacts.ts vendored
View file

@ -11,9 +11,9 @@ args:
/// Test /// Test
/// ./scripts/has-artifacts.ts e582b03fe6efedde80f9569403555f4513dbec91 /// ./scripts/has-artifacts.ts e582b03fe6efedde80f9569403555f4513dbec91
import { S3 } from "s3"; import { S3 } from "s3"
import { panic } from "utils"; import { panic } from "utils"
import { find_pr } from "./fetch-pr-artifacts.ts"; import { find_pr } from "../fetch-pr-artifacts/fetch-pr-artifacts.ts"
/// Main /// Main
/// ------------------------------------------------------------------------------- /// -------------------------------------------------------------------------------

39
.github/actions/setup-brewkit/action.yml vendored Normal file
View file

@ -0,0 +1,39 @@
name: +tea.xyz/brewkit
description: sets up tea, tea.xyz/brewkit & caching
# inputs and outputs are `teaxyz/setup` passthrough
inputs:
prefix:
description: >
Where tea stows its packages.
Defaults to `$HOME/.tea`.
required: false
outputs:
version:
description: Your projects version.
value: ${{ steps.tea.outputs.version }}
prefix:
description: The prefix you specified.
value: ${{ steps.tea.outputs.prefix }}
runs:
using: composite
steps:
- uses: teaxyz/setup@v0
id: tea
with:
prefix: ${{ inputs.prefix }}
+: tea.xyz/brewkit
# prevent pantry from reassigning TEA_PREFIX etc.
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: setup
- run: |
# if test -d "{{ github.workspace }}"/projects; then
echo "TEA_PANTRY_PATH=${{ github.workspace }}" >> $GITHUB_ENV
# fi
shell: sh

40
.github/actions/stage-build-artifacts/action.yml vendored Normal file
View file

@ -0,0 +1,40 @@
name: tea/pantry/stage-build-artifacts
description: internal tea.xyz specific at this time
inputs:
platform:
description: ''
required: true
AWS_S3_BUCKET:
description: ''
required: true
AWS_ACCESS_KEY_ID:
description: ''
required: true
AWS_SECRET_ACCESS_KEY:
description: ''
required: true
runs:
using: composite
steps:
- uses: actions/download-artifact@v3
with:
name: ${{ inputs.platform }}
- uses: teaxyz/setup@v0
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: stage
- run: ${{ github.action_path }}/cache-artifacts.ts
${{github.repository}}
${{github.ref}}
${{inputs.platform}}
artifacts.tgz
shell: sh
env:
AWS_S3_BUCKET: ${{ inputs.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}

2
scripts/cache-artifacts.ts → .github/actions/stage-build-artifacts/cache-artifacts.ts vendored
View file

@ -34,7 +34,7 @@ const s3 = new S3({
secretKey: Deno.env.get("AWS_SECRET_ACCESS_KEY")!, secretKey: Deno.env.get("AWS_SECRET_ACCESS_KEY")!,
region: "us-east-1", region: "us-east-1",
}) })
const bucket = s3.getBucket(Deno.env.get("AWS_S3_CACHE")!) const bucket = s3.getBucket(Deno.env.get("AWS_S3_BUCKET")!)
const key = `pull-request/${repo.split("/")[1]}/${pr}/${dest}` const key = `pull-request/${repo.split("/")[1]}/${pr}/${dest}`
const body = await Deno.readFile(file.string) const body = await Deno.readFile(file.string)

47
.github/actions/upload/action.yml vendored Normal file
View file

@ -0,0 +1,47 @@
name: tea/pantry/upload
description: internal tea.xyz specific at this time
inputs:
pkgs:
description: ''
required: true
srcs:
description: ''
required: true
bottles:
description: ''
required: true
checksums:
description: ''
required: true
signatures:
description: ''
required: true
AWS_S3_BUCKET:
description: ''
required: true
AWS_ACCESS_KEY_ID:
description: ''
required: true
AWS_SECRET_ACCESS_KEY:
description: ''
required: true
runs:
using: composite
steps:
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: upload
- run: ${{ github.action_path }}/upload.ts
--pkgs ${{ inputs.pkgs }}
--srcs ${{ inputs.srcs }}
--bottles ${{ inputs.bottles }}
--checksums ${{ inputs.checksums }}
--signatures ${{ inputs.signatures }}
shell: sh
env:
AWS_S3_BUCKET: ${{ inputs.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}

4
scripts/upload.ts → .github/actions/upload/upload.ts vendored
View file

@ -18,8 +18,8 @@ import { basename, dirname } from "deno/path/mod.ts"
import { retry } from "deno/async/retry.ts" import { retry } from "deno/async/retry.ts"
import { decode as base64Decode } from "deno/encoding/base64.ts" import { decode as base64Decode } from "deno/encoding/base64.ts"
import Path from "path" import Path from "path"
import { set_output } from "./utils/gha.ts" import { set_output } from "../../scripts/utils/gha.ts"
import { sha256 } from "./bottle.ts" import { sha256 } from "../bottle/bottle.ts"
//------------------------------------------------------------------------- funcs //------------------------------------------------------------------------- funcs
function args_get(key: string): string[] { function args_get(key: string): string[] {

9
deno.jsonc → .github/deno.jsonc vendored
View file

@ -16,14 +16,7 @@
}, },
"tea": { "tea": {
"dependencies": { "dependencies": {
"deno.land": "^1.30", "deno.land": "^1.30"
"tea.xyz/brewkit": "^0.3"
},
"env": {
// if your primary tea.prefix is somewhere else then youll
// need to `tea --sync` in this dev-env
"TEA_PANTRY_PATH": "{{srcroot}}:{{home}}/.tea/tea.xyz/var/pantry",
"TEA_PREFIX": "{{srcroot}}/tea.out"
} }
}, },
"importMap": "https://raw.githubusercontent.com/teaxyz/cli/v0.23/import-map.json" "importMap": "https://raw.githubusercontent.com/teaxyz/cli/v0.23/import-map.json"

12
scripts/index-packages.ts → .github/scripts/index-packages.ts vendored
View file

@ -1,14 +1,4 @@
#!/usr/bin/env tea #!/usr/bin/env -S tea -E deno run --allow-read --allow-env --allow-net --allow-sys
/*---
args:
- deno
- run
- --allow-read
- --allow-env
- --allow-net
- --allow-sys
---*/
import { usePantry } from "hooks" import { usePantry } from "hooks"
import * as ARGV from "./utils/args.ts" import * as ARGV from "./utils/args.ts"

0
scripts/map-projects-to-githubs.ts → .github/scripts/map-projects-to-githubs.ts vendored
View file

0
scripts/utils/args.ts → .github/scripts/utils/args.ts vendored
View file

1
scripts/utils/gha.ts → .github/scripts/utils/gha.ts vendored
View file

@ -1,4 +1,3 @@
const e = new TextEncoder() const e = new TextEncoder()
const encode = e.encode.bind(e) const encode = e.encode.bind(e)

90
.github/workflows/bottle.yml vendored
View file

@ -22,20 +22,10 @@ jobs:
os: ${{ steps.platform.outputs.os }} os: ${{ steps.platform.outputs.os }}
cache-set: ${{ steps.platform.outputs.cache-set }} cache-set: ${{ steps.platform.outputs.cache-set }}
steps: steps:
- uses: actions/checkout@v3 - uses: teaxyz/pantry.core/.github/actions/get-platform@main
with:
repository: teaxyz/pantry.core
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-get-platform-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- run: scripts/get-platform.ts
id: platform id: platform
env: with:
PLATFORM: ${{ inputs.platform }} platform: ${{ inputs.platform }}
bottle: bottle:
needs: [get-platform] needs: [get-platform]
@ -45,29 +35,17 @@ jobs:
built: ${{ env.built }} built: ${{ env.built }}
pr: ${{ env.PR }} pr: ${{ env.PR }}
steps: steps:
- uses: teaxyz/setup@v0 - uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
id: tea
with:
srcroot: null
prefix: ${{ github.workspace }}
- uses: actions/cache@v3
with:
path: ${{ needs.get-platform.outputs.cache-set }}
key: ${{ runner.os }}-deno-bottle-${{ hashFiles('tea.xyz/var/pantry/deno.jsonc')}}
- name: configure scripts PATH
run: echo "$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: actions/download-artifact@v3 - uses: actions/download-artifact@v3
if: ${{ inputs.new-version }} if: ${{ inputs.new-version }}
with: with:
name: ${{ inputs.platform }} name: ${{ inputs.platform }}
- run: fetch-pr-artifacts.ts ${{ github.repository }} ${{ github.sha }} ${{ inputs.platform }} >>$GITHUB_ENV - uses: teaxyz/pantry.core/.github/actions/fetch-pr-artifacts@main
if: ${{ !inputs.new-version }} if: ${{ !inputs.new-version }}
env: with:
GITHUB_TOKEN: ${{github.token}} token: ${{ github.token }}
AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }} AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -87,19 +65,21 @@ jobs:
env: env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }} GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- run: bottle.ts $built - uses: teaxyz/pantry.core/.github/actions/bottle@main
id: bottle-xz id: bottle-xz
env: with:
COMPRESSION: xz built: ${{ env.built }}
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} compresson: xz
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} gpg-key-id: ${{ secrets.GPG_KEY_ID }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
- run: bottle.ts $built - uses: teaxyz/pantry.core/.github/actions/bottle@main
id: bottle-gz id: bottle-gz
env: with:
COMPRESSION: gz built: ${{ env.built }}
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }} compresson: gz
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }} gpg-key-id: ${{ secrets.GPG_KEY_ID }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
- run: | - run: |
echo ${{ steps.bottle-gz.outputs.bottles }} ${{ steps.bottle-xz.outputs.bottles }} >bottles echo ${{ steps.bottle-gz.outputs.bottles }} ${{ steps.bottle-xz.outputs.bottles }} >bottles
@ -125,22 +105,6 @@ jobs:
needs: [bottle] needs: [bottle]
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: teaxyz/setup@v0
id: tea
with:
srcroot: null
prefix: ${{ github.workspace }}
- name: configure scripts PATH
run: echo "${{ steps.tea.outputs.prefix }}/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-bottle-${{ hashFiles('tea.xyz/var/pantry/deno.jsonc')}}
- uses: actions/download-artifact@v3 - uses: actions/download-artifact@v3
with: with:
name: ${{ inputs.platform }}-bottles name: ${{ inputs.platform }}-bottles
@ -152,15 +116,13 @@ jobs:
echo "$file=$(cat $file)" >>$GITHUB_ENV echo "$file=$(cat $file)" >>$GITHUB_ENV
done done
- name: upload bottles - uses: teaxyz/pantry.core/.github/actions/upload@main
id: upload with:
run: upload.ts pkgs: ${{ needs.bottle.outputs.built }} ${{ needs.bottle.outputs.built }}
--pkgs ${{ needs.bottle.outputs.built }} ${{ needs.bottle.outputs.built }} srcs: ${{ needs.bottle.outputs.srcs }} ${{ needs.bottle.outputs.srcs }}
--srcs ${{ needs.bottle.outputs.srcs }} ${{ needs.bottle.outputs.srcs }} bottles: ${{ env.bottles }}
--bottles $bottles checksums: ${{ env.checksums }}
--checksums $checksums signatures: ${{ env.signatures }}
--signatures $signatures
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

70
.github/workflows/build.yml vendored
View file

@ -24,21 +24,10 @@ jobs:
test-matrix: ${{ steps.platform.outputs.test-matrix }} test-matrix: ${{ steps.platform.outputs.test-matrix }}
cache-set: ${{ steps.platform.outputs.cache-set }} cache-set: ${{ steps.platform.outputs.cache-set }}
steps: steps:
- uses: actions/checkout@v3 - uses: teaxyz/pantry.core/.github/actions/get-platform@main
with:
repository: teaxyz/pantry.core
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-get-platform-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- run: scripts/get-platform.ts ${{ inputs.projects }}
id: platform id: platform
env: with:
PLATFORM: ${{ inputs.platform }} platform: ${{ inputs.platform }}
TEA_PANTRY_PATH: ${{ github.workspace }}
build: build:
runs-on: ${{ fromJson(needs.get-platform.outputs.build-os) }} runs-on: ${{ fromJson(needs.get-platform.outputs.build-os) }}
@ -46,27 +35,17 @@ jobs:
needs: [get-platform] needs: [get-platform]
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: ${{ needs.get-platform.outputs.cache-set }}
key: ${{ runner.os }}-deno-build-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0 - uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
id: tea id: tea
with: with:
srcroot: null
prefix: /opt prefix: /opt
- name: sanitize macOS runners - name: sanitize macOS runners
if: fromJson(needs.get-platform.outputs.build-os) == 'macos-11' if: fromJson(needs.get-platform.outputs.build-os) == 'macos-11'
run: sudo mv /usr/local/bin/* /tmp/ run: sudo mv /usr/local/bin/* /tmp/
- name: configure tea env - run: pkg build ${{ inputs.projects }}
run: |
echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
echo "TEA_PANTRY_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
- run: tea +tea.xyz/brewkit build ${{ inputs.projects }}
id: build id: build
env: env:
GITHUB_TOKEN: ${{ github.token }} GITHUB_TOKEN: ${{ github.token }}
@ -82,7 +61,7 @@ jobs:
TEA_PREFIX: ${{ steps.tea.outputs.prefix }} TEA_PREFIX: ${{ steps.tea.outputs.prefix }}
# sign macOS binaries # sign macOS binaries
- uses: teaxyz/pantry.core/.github/actions/apple-signing@main - uses: teaxyz/pantry.core/.github/actions/codesign@main
if: startsWith(inputs.platform, 'darwin+') && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name if: startsWith(inputs.platform, 'darwin+') && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
with: with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
@ -118,7 +97,6 @@ jobs:
needs: [get-platform, build] needs: [get-platform, build]
runs-on: ${{ matrix.platform.os }} runs-on: ${{ matrix.platform.os }}
strategy: strategy:
fail-fast: false
matrix: matrix:
platform: ${{ fromJson(needs.get-platform.outputs.test-matrix) }} platform: ${{ fromJson(needs.get-platform.outputs.test-matrix) }}
outputs: outputs:
@ -126,11 +104,7 @@ jobs:
container: ${{ matrix.platform.container }} container: ${{ matrix.platform.container }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
- uses: actions/cache@v3
with:
path: ${{ needs.get-platform.outputs.cache-set }}
key: ${{ runner.os }}-deno-test-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0 - uses: teaxyz/setup@v0
with: with:
@ -143,12 +117,11 @@ jobs:
- name: extract bottles - name: extract bottles
run: tar xzvf artifacts.tgz -C $TEA_PREFIX run: tar xzvf artifacts.tgz -C $TEA_PREFIX
- run: tea +tea.xyz/brewkit test ${{ inputs.projects }} - run: pkg test ${{ inputs.projects }}
env: env:
TEA_PANTRY_PATH: ${{ github.workspace }} GITHUB_TOKEN: ${{ github.token }}
GITHUB_TOKEN: ${{github.token}}
- name: post - name: '[post]'
run: run:
echo "HAS_SECRETS=$HAS_SECRETS" >>$GITHUB_ENV echo "HAS_SECRETS=$HAS_SECRETS" >>$GITHUB_ENV
env: env:
@ -178,28 +151,13 @@ jobs:
if: startsWith(github.ref, 'refs/pull/') && startsWith(github.repository, 'teaxyz/pantry.') && needs.test.outputs.HAS_SECRETS == 'true' if: startsWith(github.ref, 'refs/pull/') && startsWith(github.repository, 'teaxyz/pantry.') && needs.test.outputs.HAS_SECRETS == 'true'
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-stage-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- name: configure scripts PATH
run: echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: actions/download-artifact@v3 - uses: actions/download-artifact@v3
with: with:
name: ${{ inputs.platform }} name: ${{ inputs.platform }}
- run: cache-artifacts.ts - uses: teaxyz/pantry.core/.github/actions/stage-build-artifacts@main
${{github.repository}} with:
${{github.ref}} platform: ${{ inputs.platform }}
${{inputs.platform}} AWS_S3_BUCKET: ${{ secrets.AWS_S3_CACHE }}
artifacts.tgz
env:
AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

13
.github/workflows/cd.yml vendored
View file

@ -5,23 +5,22 @@ on:
branches: [main] branches: [main]
jobs: jobs:
cd: # job is named poorly, all I can tell you about it is: its *not* CD cd:
runs-on: ubuntu-latest runs-on: ubuntu-latest
outputs: outputs:
HAS_ARTIFACTS: ${{ env.HAS_ARTIFACTS }} HAS_ARTIFACTS: ${{ env.HAS_ARTIFACTS }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/cache@v3
with: with:
path: | repo: teaxyz/pantry.core
~/.deno
~/.cache/deno - uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
key: ${{ runner.os }}-deno-cd-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- run: scripts/map-projects-to-githubs.ts - run: scripts/map-projects-to-githubs.ts
env: env:
WATCHER_URL: ${{ secrets.WATCHER_URL }} WATCHER_URL: ${{ secrets.WATCHER_URL }}
TEA_API_TOKEN: ${{ secrets.TEA_API_TOKEN }} TEA_API_TOKEN: ${{ secrets.TEA_API_TOKEN }}
- run: scripts/has-artifacts.ts ${{ github.repository }} ${{ github.sha }} >>$GITHUB_ENV - run: scripts/has-artifacts.ts ${{ github.repository }} ${{ github.sha }} >>$GITHUB_ENV
env: env:
GITHUB_TOKEN: ${{github.token}} GITHUB_TOKEN: ${{github.token}}

12
.github/workflows/ci-scripts.yml vendored
View file

@ -3,14 +3,18 @@ name: ci·scripts
on: on:
pull_request: pull_request:
paths: paths:
- scripts/**/*.ts - .github/**.ts
jobs: jobs:
typecheck: typecheck:
runs-on: ubuntu-latest runs-on: ubuntu-latest
env:
TEA_SECRET: ${{ secrets.TEA_SECRET }}
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: teaxyz/setup@v0 - uses: teaxyz/setup@v0
- run: deno check --unstable scripts/*.ts with:
srcroot: .github
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: ci-scripts
- run: deno check --unstable **/*.ts
working-directory: .github

2
.github/workflows/ci.yml vendored
View file

@ -20,7 +20,7 @@ jobs:
RESULT="$RESULT $y" RESULT="$RESULT $y"
done done
echo "diff=$RESULT" >> $GITHUB_OUTPUT echo "diff=$RESULT" >> $GITHUB_OUTPUT
build: ci:
strategy: strategy:
fail-fast: false fail-fast: false
matrix: matrix:

6
.github/workflows/cleanup.yml vendored
View file

@ -1,4 +1,7 @@
name: cleanup # cleans up our S3 staging area if a PR is closed without merge
name: teaxyz s3 cleanup
on: on:
pull_request: pull_request:
types: [closed] types: [closed]
@ -14,6 +17,7 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1 aws-region: us-east-1
- name: remove staged artifacts - name: remove staged artifacts
run: | run: |
REPO=$(echo ${{github.repository}} | sed -e 's_teaxyz/__') REPO=$(echo ${{github.repository}} | sed -e 's_teaxyz/__')

2
.github/workflows/complain.yml vendored
View file

@ -26,8 +26,6 @@ jobs:
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_MESSAGE: new-version:${{ inputs.projects }} (${{ inputs.platform }}) ${{ steps.status.outputs.status }} SLACK_MESSAGE: new-version:${{ inputs.projects }} (${{ inputs.platform }}) ${{ steps.status.outputs.status }}
SLACK_COLOR: ${{ steps.status.outputs.status }} SLACK_COLOR: ${{ steps.status.outputs.status }}
- run: env | grep ^GITHUB
- run: echo "${{ github.ref_name == 'main'}}"
- uses: actions/checkout@v3 - uses: actions/checkout@v3
if: github.ref_name == 'main' if: github.ref_name == 'main'
- uses: JasonEtco/create-an-issue@v2 - uses: JasonEtco/create-an-issue@v2

9
.github/workflows/index-data.yml vendored
View file

@ -12,13 +12,10 @@ jobs:
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- uses: actions/checkout@v3 - uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-queue-detail-ingestion-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0 - uses: teaxyz/setup@v0
with:
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
- run: ./scripts/index-packages.ts ${{ inputs.projects }} - run: ./scripts/index-packages.ts ${{ inputs.projects }}
env: env:
TEA_PANTRY_PATH: ${{ github.workspace }} TEA_PANTRY_PATH: ${{ github.workspace }}

2
.github/workflows/new-version.yml vendored
View file

@ -8,7 +8,6 @@ on:
required: true required: true
type: string type: string
jobs: jobs:
build: build:
strategy: strategy:
@ -25,6 +24,7 @@ jobs:
projects: ${{ inputs.projects }} projects: ${{ inputs.projects }}
platform: ${{ matrix.platform }} platform: ${{ matrix.platform }}
secrets: inherit secrets: inherit
index_data: index_data:
needs: [build] needs: [build]
if: success() if: success()

2
.vscode/settings.json vendored
View file

@ -2,6 +2,6 @@
"deno.enable": true, "deno.enable": true,
"deno.lint": true, "deno.lint": true,
"deno.unstable": true, "deno.unstable": true,
"deno.config": "deno.jsonc", "deno.config": ".github/deno.jsonc",
"deno.importMap": "../cli/import-map.json" "deno.importMap": "../cli/import-map.json"
} }

63
scripts/upload-sync.ts
View file

@ -1,63 +0,0 @@
#!/usr/bin/env tea
/*---
args:
- deno
- run
- --allow-read
- --allow-net
- --allow-env=AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_S3_BUCKET,TEA_PREFIX
---*/
import { readAll, readerFromStreamReader } from "deno/streams/mod.ts"
import { useCache, useOffLicense } from "hooks"
import { Package } from "types"
import { crypto, toHashString } from "deno/crypto/mod.ts";
import { S3 } from "s3"
import Path from "path"
const s3 = new S3({
accessKeyID: Deno.env.get("AWS_ACCESS_KEY_ID")!,
secretKey: Deno.env.get("AWS_SECRET_ACCESS_KEY")!,
region: "us-east-1",
})
const offy = useOffLicense('s3')
const bucket = s3.getBucket(Deno.env.get("AWS_S3_BUCKET")!)
for (const stowed of await useCache().ls()) {
const url = offy.url(stowed)
const key = offy.key(stowed)
console.log({ checking: url })
const inRepo = await bucket.headObject(key)
const repoChecksum = inRepo ? await checksum(`${url}.sha256sum`) : undefined
// path.read() returns a string; this is easier to get a UInt8Array
const contents = await Deno.readFile(stowed.path.string)
const sha256sum = toHashString(await crypto.subtle.digest("SHA-256", contents))
if (!inRepo || repoChecksum !== sha256sum) {
const basename = url.path().basename()
const body = new TextEncoder().encode(`${sha256sum} ${basename}`)
console.log({ uploading: url })
await bucket.putObject(key, contents)
await bucket.putObject(`${key}.sha256sum`, body)
console.log({ uploaded: url })
}
}
async function checksum(url: string) {
const rsp = await fetch(url)
if (!rsp.ok) throw new Error(`404-not-found: ${url}`)
const rdr = rsp.body?.getReader()
if (!rdr) throw new Error(`Couldnt read: ${url}`)
const r = await readAll(readerFromStreamReader(rdr))
return new TextDecoder().decode(r).split(' ')[0]
}
type RV = Package & {bottle: Path}

5
tea.yaml Normal file
View file

@ -0,0 +1,5 @@
dependencies:
tea.xyz/brewkit: ^0.3
env:
TEA_PANTRY_PATH: ${{srcroot}}:{{home}}/.tea/tea.xyz/var/pantry
TEA_PREFIX: ${{srcroot}}/tea.out