Actions Refactor (#336)

This commit is contained in:
Max Howell 2023-02-24 15:50:10 -05:00 committed by GitHub
parent b16629a131
commit 6d48c72aca
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 383 additions and 259 deletions

26
.github/actions/bottle/action.yml vendored Normal file
View file

@ -0,0 +1,26 @@
name: tea/pantry/bottle
description: internal tea.xyz specific at this time
inputs:
gpg-key-id:
description: ''
required: true
gpg-key-passphrase:
description: ''
required: true
built:
description: ''
required: true
compression:
description: ''
required: true
runs:
using: composite
steps:
- run: ${{ github.action_path }}/bottle.ts ${{ inputs.built }}
shell: sh
env:
COMPRESSION: ${{ inputs.compression }}
GPG_KEY_ID: ${{ inputs.gpg-key-id }}
GPG_PASSPHRASE: ${{ inputs.gpg-passphrase }}

View file

@ -22,8 +22,8 @@ import { backticks, panic, run } from "utils"
import { crypto } from "deno/crypto/mod.ts"
import { encode } from "deno/encoding/hex.ts"
import { encode as base64Encode } from "deno/encoding/base64.ts"
import { set_output } from "./utils/gha.ts"
import * as ARGV from "./utils/args.ts"
import { set_output } from "../../scripts/utils/gha.ts"
import * as ARGV from "../../scripts/utils/args.ts"
import Path from "path"
const cellar = useCellar()

28
.github/actions/cache/action.yml vendored Normal file
View file

@ -0,0 +1,28 @@
name: tea.xyz/pantry/actions/cache
description: cache deno deps
inputs:
cache-name:
description: name of the job to use on the cache key
required: true
runs:
using: composite
steps:
- run: |
if test "$RUNNER_OS" = "macOS"; then
echo "cache=~/Library/Caches/deno" >> $GITHUB_OUTPUT
else
echo "cache=~/.cache/deno" >> $GITHUB_OUTPUT
fi
id: os-cache
shell: sh
- uses: actions/cache@v3
with:
path: |
~/.deno
${{ steps.os-cache.outputs.cache }}
# This isn't perfect (can't hash stuff outside github.workspace, and if the there scripts change, the hash won't)
# but it's good enough for now. It's slightly conservative, since it monitors all .ts files, but that's fine.
key: ${{ runner.os }}-deno-${{ inputs.cache-name }}-${{ hashFiles('**/deno.jsonc', '**/*.ts') }}

View file

@ -1,5 +1,6 @@
name: Apple signing
description: signs binaries for macOS
name: Apple Codesigning
description: Codesigns macOS binaries
inputs:
p12-file-base64:
description: Base64 encoded p12 file
@ -11,11 +12,11 @@ inputs:
description: Identity to use for signing
required: true
paths:
description: Paths to search for files to sign
description: paths to sign
required: true
runs:
using: "composite"
using: composite
steps:
# Only runs on macOS
- name: Check platform
@ -37,13 +38,9 @@ runs:
p12-file-base64: ${{ inputs.p12-file-base64 }}
p12-password: ${{ inputs.p12-password }}
- name: Codesign files
shell: sh
run: |
find $PATHS -type f -print0 | \
xargs -0 /usr/bin/codesign -s "$IDENTITY" --force -v \
--timestamp || true
run: find $PATHS -type f -print0 | xargs -0 codesign -s "$IDENTITY" --force -v --timestamp || true
env:
PATHS: ${{ inputs.paths }}
IDENTITY: ${{ inputs.identity }}
@ -51,10 +48,9 @@ runs:
# This isn't very informative, but even a no-op is safer than none
- name: Check codesigning
shell: sh
run: |
# FIXME: `deno` compiled binaries don't currently pass validation.
# https://github.com/denoland/deno/issues/17753
find $PATHS -type f ! -name tea -print0 | xargs -0 codesign -vvv --strict
run: find $PATHS -type f ! -name tea -print0 | xargs -0 codesign -vvv --strict
env:
PATHS: ${{ inputs.paths }}

View file

@ -0,0 +1,35 @@
name: tea/pantry/fetch-pr-artifacts
description: internal tea.xyz specific at this time
inputs:
platform:
description: platform+arch to fetch
required: true
token:
description: github token
default: ${{ github.token }}
required: true
AWS_S3_BUCKET:
description: AWS S3 bucket to use for cache
required: true
AWS_ACCESS_KEY_ID:
description: AWS access key id
required: true
AWS_SECRET_ACCESS_KEY:
description: AWS secret access key
required: true
runs:
using: composite
steps:
- run:
${{ github.action_path }}/fetch-pr-artifacts.ts
${{ github.repository }}
${{ github.sha }}
${{ inputs.platform }} >>$GITHUB_ENV
shell: sh
env:
GITHUB_TOKEN: ${{ inputs.token }}
AWS_S3_CACHE: ${{ inputs.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}

39
.github/actions/get-platform/action.yml vendored Normal file
View file

@ -0,0 +1,39 @@
name: tea/pantry/get-platform
description: Outputs the platform spec we need for builds
inputs:
platform:
description: >
The platform+arch to get specs for
required: true
outputs:
os:
description: the OS for general tasks
value: ${{ steps.platform.outputs.os }}
build-os:
description: the OS for build tasks
value: ${{ steps.platform.outputs.build-os }}
container:
description: the container for build tasks
value: ${{ steps.platform.outputs.container }}
test-matrix:
description: the matrix of os/containers for test tasks
value: ${{ steps.platform.outputs.test-matrix }}
runs:
using: composite
steps:
- uses: teaxyz/setup@v0
with:
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: get-platform
- run: ${{github.action_path}}/get-platform.ts
shell: sh
id: platform
env:
PLATFORM: ${{ inputs.platform }}

View file

@ -25,7 +25,6 @@ type Output = {
buildOs: OS,
container?: string,
testMatrix: { os: OS, container?: string }[]
cacheSet: string
}
type OS = string | string[]
@ -33,11 +32,6 @@ type OS = string | string[]
const platform = Deno.env.get("PLATFORM") ?? panic("$PLATFORM not set")
const cacheSets = {
"darwin": `~/.deno\n~/Library/Caches/deno/deps/https/`,
"linux": `~/.deno\n~/.cache/deno/deps/https/`
}
const output: Output = (() => {
switch(platform) {
case "darwin+x86-64": {
@ -46,7 +40,6 @@ const output: Output = (() => {
os,
buildOs: ["self-hosted", "macOS", "X64"],
testMatrix: [{ os }],
cacheSet: cacheSets["darwin"]
}
}
case "darwin+aarch64": {
@ -55,7 +48,6 @@ const output: Output = (() => {
os,
buildOs: os,
testMatrix: [{ os }],
cacheSet: cacheSets["darwin"]
}
}
case "linux+aarch64": {
@ -64,7 +56,6 @@ const output: Output = (() => {
os,
buildOs: os,
testMatrix: [{ os }],
cacheSet: cacheSets["linux"]
}
}
case "linux+x86-64": {
@ -80,7 +71,6 @@ const output: Output = (() => {
{ os, container },
{ os, container: "debian:buster-slim" }
],
cacheSet: cacheSets["linux"]
}
}
default:
@ -90,8 +80,7 @@ const output: Output = (() => {
const rv = `os=${JSON.stringify(output.os)}\n` +
`build-os=${JSON.stringify(output.buildOs)}\n` +
`container=${JSON.stringify(output.container)}\n` +
`test-matrix=${JSON.stringify(output.testMatrix)}\n` +
`cache-set<<EOF\n${output.cacheSet}\nEOF\n`
`test-matrix=${JSON.stringify(output.testMatrix)}\n`
Deno.stdout.write(new TextEncoder().encode(rv))

View file

@ -0,0 +1,39 @@
name: tea/pantry/has-artifacts
description: Outputs the platform spec we need for builds
inputs:
platform:
description: >
The platform+arch to get specs for
required: true
outputs:
os:
description: the OS for general tasks
value: ${{ steps.platform.outputs.os }}
build-os:
description: the OS for build tasks
value: ${{ steps.platform.outputs.build-os }}
container:
description: the container for build tasks
value: ${{ steps.platform.outputs.container }}
test-matrix:
description: the matrix of os/containers for test tasks
value: ${{ steps.platform.outputs.test-matrix }}
runs:
using: composite
steps:
- uses: teaxyz/setup@v0
with:
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: has-artifacts
- run: ${{github.action_path}}/get-platform.ts
shell: sh
id: platform
env:
PLATFORM: ${{ inputs.platform }}

View file

@ -11,9 +11,9 @@ args:
/// Test
/// ./scripts/has-artifacts.ts e582b03fe6efedde80f9569403555f4513dbec91
import { S3 } from "s3";
import { panic } from "utils";
import { find_pr } from "./fetch-pr-artifacts.ts";
import { S3 } from "s3"
import { panic } from "utils"
import { find_pr } from "../fetch-pr-artifacts/fetch-pr-artifacts.ts"
/// Main
/// -------------------------------------------------------------------------------

View file

@ -0,0 +1,39 @@
name: +tea.xyz/brewkit
description: sets up tea, tea.xyz/brewkit & caching
# inputs and outputs are `teaxyz/setup` passthrough
inputs:
prefix:
description: >
Where tea stows its packages.
Defaults to `$HOME/.tea`.
required: false
outputs:
version:
description: Your projects version.
value: ${{ steps.tea.outputs.version }}
prefix:
description: The prefix you specified.
value: ${{ steps.tea.outputs.prefix }}
runs:
using: composite
steps:
- uses: teaxyz/setup@v0
id: tea
with:
prefix: ${{ inputs.prefix }}
+: tea.xyz/brewkit
# prevent pantry from reassigning TEA_PREFIX etc.
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: setup
- run: |
# if test -d "{{ github.workspace }}"/projects; then
echo "TEA_PANTRY_PATH=${{ github.workspace }}" >> $GITHUB_ENV
# fi
shell: sh

View file

@ -0,0 +1,40 @@
name: tea/pantry/stage-build-artifacts
description: internal tea.xyz specific at this time
inputs:
platform:
description: ''
required: true
AWS_S3_BUCKET:
description: ''
required: true
AWS_ACCESS_KEY_ID:
description: ''
required: true
AWS_SECRET_ACCESS_KEY:
description: ''
required: true
runs:
using: composite
steps:
- uses: actions/download-artifact@v3
with:
name: ${{ inputs.platform }}
- uses: teaxyz/setup@v0
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: stage
- run: ${{ github.action_path }}/cache-artifacts.ts
${{github.repository}}
${{github.ref}}
${{inputs.platform}}
artifacts.tgz
shell: sh
env:
AWS_S3_BUCKET: ${{ inputs.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}

View file

@ -34,7 +34,7 @@ const s3 = new S3({
secretKey: Deno.env.get("AWS_SECRET_ACCESS_KEY")!,
region: "us-east-1",
})
const bucket = s3.getBucket(Deno.env.get("AWS_S3_CACHE")!)
const bucket = s3.getBucket(Deno.env.get("AWS_S3_BUCKET")!)
const key = `pull-request/${repo.split("/")[1]}/${pr}/${dest}`
const body = await Deno.readFile(file.string)

47
.github/actions/upload/action.yml vendored Normal file
View file

@ -0,0 +1,47 @@
name: tea/pantry/upload
description: internal tea.xyz specific at this time
inputs:
pkgs:
description: ''
required: true
srcs:
description: ''
required: true
bottles:
description: ''
required: true
checksums:
description: ''
required: true
signatures:
description: ''
required: true
AWS_S3_BUCKET:
description: ''
required: true
AWS_ACCESS_KEY_ID:
description: ''
required: true
AWS_SECRET_ACCESS_KEY:
description: ''
required: true
runs:
using: composite
steps:
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: upload
- run: ${{ github.action_path }}/upload.ts
--pkgs ${{ inputs.pkgs }}
--srcs ${{ inputs.srcs }}
--bottles ${{ inputs.bottles }}
--checksums ${{ inputs.checksums }}
--signatures ${{ inputs.signatures }}
shell: sh
env:
AWS_S3_BUCKET: ${{ inputs.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ inputs.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ inputs.AWS_SECRET_ACCESS_KEY }}

View file

@ -18,8 +18,8 @@ import { basename, dirname } from "deno/path/mod.ts"
import { retry } from "deno/async/retry.ts"
import { decode as base64Decode } from "deno/encoding/base64.ts"
import Path from "path"
import { set_output } from "./utils/gha.ts"
import { sha256 } from "./bottle.ts"
import { set_output } from "../../scripts/utils/gha.ts"
import { sha256 } from "../bottle/bottle.ts"
//------------------------------------------------------------------------- funcs
function args_get(key: string): string[] {

View file

@ -16,14 +16,7 @@
},
"tea": {
"dependencies": {
"deno.land": "^1.30",
"tea.xyz/brewkit": "^0.3"
},
"env": {
// if your primary tea.prefix is somewhere else then youll
// need to `tea --sync` in this dev-env
"TEA_PANTRY_PATH": "{{srcroot}}:{{home}}/.tea/tea.xyz/var/pantry",
"TEA_PREFIX": "{{srcroot}}/tea.out"
"deno.land": "^1.30"
}
},
"importMap": "https://raw.githubusercontent.com/teaxyz/cli/v0.23/import-map.json"

View file

@ -1,14 +1,4 @@
#!/usr/bin/env tea
/*---
args:
- deno
- run
- --allow-read
- --allow-env
- --allow-net
- --allow-sys
---*/
#!/usr/bin/env -S tea -E deno run --allow-read --allow-env --allow-net --allow-sys
import { usePantry } from "hooks"
import * as ARGV from "./utils/args.ts"

View file

@ -1,4 +1,3 @@
const e = new TextEncoder()
const encode = e.encode.bind(e)

View file

@ -22,20 +22,10 @@ jobs:
os: ${{ steps.platform.outputs.os }}
cache-set: ${{ steps.platform.outputs.cache-set }}
steps:
- uses: actions/checkout@v3
with:
repository: teaxyz/pantry.core
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-get-platform-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- run: scripts/get-platform.ts
- uses: teaxyz/pantry.core/.github/actions/get-platform@main
id: platform
env:
PLATFORM: ${{ inputs.platform }}
with:
platform: ${{ inputs.platform }}
bottle:
needs: [get-platform]
@ -45,29 +35,17 @@ jobs:
built: ${{ env.built }}
pr: ${{ env.PR }}
steps:
- uses: teaxyz/setup@v0
id: tea
with:
srcroot: null
prefix: ${{ github.workspace }}
- uses: actions/cache@v3
with:
path: ${{ needs.get-platform.outputs.cache-set }}
key: ${{ runner.os }}-deno-bottle-${{ hashFiles('tea.xyz/var/pantry/deno.jsonc')}}
- name: configure scripts PATH
run: echo "$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
- uses: actions/download-artifact@v3
if: ${{ inputs.new-version }}
with:
name: ${{ inputs.platform }}
- run: fetch-pr-artifacts.ts ${{ github.repository }} ${{ github.sha }} ${{ inputs.platform }} >>$GITHUB_ENV
- uses: teaxyz/pantry.core/.github/actions/fetch-pr-artifacts@main
if: ${{ !inputs.new-version }}
env:
GITHUB_TOKEN: ${{github.token}}
with:
token: ${{ github.token }}
AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
@ -87,19 +65,21 @@ jobs:
env:
GPG_PRIVATE_KEY: ${{ secrets.GPG_PRIVATE_KEY }}
- run: bottle.ts $built
- uses: teaxyz/pantry.core/.github/actions/bottle@main
id: bottle-xz
env:
COMPRESSION: xz
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
with:
built: ${{ env.built }}
compresson: xz
gpg-key-id: ${{ secrets.GPG_KEY_ID }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
- run: bottle.ts $built
- uses: teaxyz/pantry.core/.github/actions/bottle@main
id: bottle-gz
env:
COMPRESSION: gz
GPG_KEY_ID: ${{ secrets.GPG_KEY_ID }}
GPG_PASSPHRASE: ${{ secrets.GPG_PASSPHRASE }}
with:
built: ${{ env.built }}
compresson: gz
gpg-key-id: ${{ secrets.GPG_KEY_ID }}
gpg-passphrase: ${{ secrets.GPG_PASSPHRASE }}
- run: |
echo ${{ steps.bottle-gz.outputs.bottles }} ${{ steps.bottle-xz.outputs.bottles }} >bottles
@ -125,22 +105,6 @@ jobs:
needs: [bottle]
runs-on: ubuntu-latest
steps:
- uses: teaxyz/setup@v0
id: tea
with:
srcroot: null
prefix: ${{ github.workspace }}
- name: configure scripts PATH
run: echo "${{ steps.tea.outputs.prefix }}/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-bottle-${{ hashFiles('tea.xyz/var/pantry/deno.jsonc')}}
- uses: actions/download-artifact@v3
with:
name: ${{ inputs.platform }}-bottles
@ -152,15 +116,13 @@ jobs:
echo "$file=$(cat $file)" >>$GITHUB_ENV
done
- name: upload bottles
id: upload
run: upload.ts
--pkgs ${{ needs.bottle.outputs.built }} ${{ needs.bottle.outputs.built }}
--srcs ${{ needs.bottle.outputs.srcs }} ${{ needs.bottle.outputs.srcs }}
--bottles $bottles
--checksums $checksums
--signatures $signatures
env:
- uses: teaxyz/pantry.core/.github/actions/upload@main
with:
pkgs: ${{ needs.bottle.outputs.built }} ${{ needs.bottle.outputs.built }}
srcs: ${{ needs.bottle.outputs.srcs }} ${{ needs.bottle.outputs.srcs }}
bottles: ${{ env.bottles }}
checksums: ${{ env.checksums }}
signatures: ${{ env.signatures }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

View file

@ -24,21 +24,10 @@ jobs:
test-matrix: ${{ steps.platform.outputs.test-matrix }}
cache-set: ${{ steps.platform.outputs.cache-set }}
steps:
- uses: actions/checkout@v3
with:
repository: teaxyz/pantry.core
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-get-platform-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- run: scripts/get-platform.ts ${{ inputs.projects }}
- uses: teaxyz/pantry.core/.github/actions/get-platform@main
id: platform
env:
PLATFORM: ${{ inputs.platform }}
TEA_PANTRY_PATH: ${{ github.workspace }}
with:
platform: ${{ inputs.platform }}
build:
runs-on: ${{ fromJson(needs.get-platform.outputs.build-os) }}
@ -46,27 +35,17 @@ jobs:
needs: [get-platform]
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: ${{ needs.get-platform.outputs.cache-set }}
key: ${{ runner.os }}-deno-build-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
id: tea
with:
srcroot: null
prefix: /opt
- name: sanitize macOS runners
if: fromJson(needs.get-platform.outputs.build-os) == 'macos-11'
run: sudo mv /usr/local/bin/* /tmp/
- name: configure tea env
run: |
echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
echo "TEA_PANTRY_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
- run: tea +tea.xyz/brewkit build ${{ inputs.projects }}
- run: pkg build ${{ inputs.projects }}
id: build
env:
GITHUB_TOKEN: ${{ github.token }}
@ -82,7 +61,7 @@ jobs:
TEA_PREFIX: ${{ steps.tea.outputs.prefix }}
# sign macOS binaries
- uses: teaxyz/pantry.core/.github/actions/apple-signing@main
- uses: teaxyz/pantry.core/.github/actions/codesign@main
if: startsWith(inputs.platform, 'darwin+') && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name
with:
p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }}
@ -118,7 +97,6 @@ jobs:
needs: [get-platform, build]
runs-on: ${{ matrix.platform.os }}
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.get-platform.outputs.test-matrix) }}
outputs:
@ -126,11 +104,7 @@ jobs:
container: ${{ matrix.platform.container }}
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: ${{ needs.get-platform.outputs.cache-set }}
key: ${{ runner.os }}-deno-test-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
- uses: teaxyz/setup@v0
with:
@ -143,12 +117,11 @@ jobs:
- name: extract bottles
run: tar xzvf artifacts.tgz -C $TEA_PREFIX
- run: tea +tea.xyz/brewkit test ${{ inputs.projects }}
- run: pkg test ${{ inputs.projects }}
env:
TEA_PANTRY_PATH: ${{ github.workspace }}
GITHUB_TOKEN: ${{github.token}}
GITHUB_TOKEN: ${{ github.token }}
- name: post
- name: '[post]'
run:
echo "HAS_SECRETS=$HAS_SECRETS" >>$GITHUB_ENV
env:
@ -178,28 +151,13 @@ jobs:
if: startsWith(github.ref, 'refs/pull/') && startsWith(github.repository, 'teaxyz/pantry.') && needs.test.outputs.HAS_SECRETS == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-stage-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
- name: configure scripts PATH
run: echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: actions/download-artifact@v3
with:
name: ${{ inputs.platform }}
- run: cache-artifacts.ts
${{github.repository}}
${{github.ref}}
${{inputs.platform}}
artifacts.tgz
env:
AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }}
- uses: teaxyz/pantry.core/.github/actions/stage-build-artifacts@main
with:
platform: ${{ inputs.platform }}
AWS_S3_BUCKET: ${{ secrets.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

View file

@ -5,23 +5,22 @@ on:
branches: [main]
jobs:
cd: # job is named poorly, all I can tell you about it is: its *not* CD
cd:
runs-on: ubuntu-latest
outputs:
HAS_ARTIFACTS: ${{ env.HAS_ARTIFACTS }}
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-cd-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
repo: teaxyz/pantry.core
- uses: teaxyz/pantry.core/.github/actions/setup-brewkit@main
- run: scripts/map-projects-to-githubs.ts
env:
WATCHER_URL: ${{ secrets.WATCHER_URL }}
TEA_API_TOKEN: ${{ secrets.TEA_API_TOKEN }}
- run: scripts/has-artifacts.ts ${{ github.repository }} ${{ github.sha }} >>$GITHUB_ENV
env:
GITHUB_TOKEN: ${{github.token}}

View file

@ -3,14 +3,18 @@ name: ci·scripts
on:
pull_request:
paths:
- scripts/**/*.ts
- .github/**.ts
jobs:
typecheck:
runs-on: ubuntu-latest
env:
TEA_SECRET: ${{ secrets.TEA_SECRET }}
steps:
- uses: actions/checkout@v3
- uses: teaxyz/setup@v0
- run: deno check --unstable scripts/*.ts
with:
srcroot: .github
- uses: teaxyz/pantry.core/.github/actions/cache@main
with:
cache-name: ci-scripts
- run: deno check --unstable **/*.ts
working-directory: .github

View file

@ -20,7 +20,7 @@ jobs:
RESULT="$RESULT $y"
done
echo "diff=$RESULT" >> $GITHUB_OUTPUT
build:
ci:
strategy:
fail-fast: false
matrix:

View file

@ -1,4 +1,7 @@
name: cleanup
# cleans up our S3 staging area if a PR is closed without merge
name: teaxyz s3 cleanup
on:
pull_request:
types: [closed]
@ -14,6 +17,7 @@ jobs:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-east-1
- name: remove staged artifacts
run: |
REPO=$(echo ${{github.repository}} | sed -e 's_teaxyz/__')

View file

@ -26,8 +26,6 @@ jobs:
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_MESSAGE: new-version:${{ inputs.projects }} (${{ inputs.platform }}) ${{ steps.status.outputs.status }}
SLACK_COLOR: ${{ steps.status.outputs.status }}
- run: env | grep ^GITHUB
- run: echo "${{ github.ref_name == 'main'}}"
- uses: actions/checkout@v3
if: github.ref_name == 'main'
- uses: JasonEtco/create-an-issue@v2

View file

@ -12,13 +12,10 @@ jobs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions/cache@v3
with:
path: |
~/.deno
~/.cache/deno
key: ${{ runner.os }}-deno-queue-detail-ingestion-${{ hashFiles('deno.jsonc')}}
- uses: teaxyz/setup@v0
with:
srcroot: null
- uses: teaxyz/pantry.core/.github/actions/cache@main
- run: ./scripts/index-packages.ts ${{ inputs.projects }}
env:
TEA_PANTRY_PATH: ${{ github.workspace }}

View file

@ -8,7 +8,6 @@ on:
required: true
type: string
jobs:
build:
strategy:
@ -25,6 +24,7 @@ jobs:
projects: ${{ inputs.projects }}
platform: ${{ matrix.platform }}
secrets: inherit
index_data:
needs: [build]
if: success()

View file

@ -2,6 +2,6 @@
"deno.enable": true,
"deno.lint": true,
"deno.unstable": true,
"deno.config": "deno.jsonc",
"deno.config": ".github/deno.jsonc",
"deno.importMap": "../cli/import-map.json"
}

View file

@ -1,63 +0,0 @@
#!/usr/bin/env tea
/*---
args:
- deno
- run
- --allow-read
- --allow-net
- --allow-env=AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_S3_BUCKET,TEA_PREFIX
---*/
import { readAll, readerFromStreamReader } from "deno/streams/mod.ts"
import { useCache, useOffLicense } from "hooks"
import { Package } from "types"
import { crypto, toHashString } from "deno/crypto/mod.ts";
import { S3 } from "s3"
import Path from "path"
const s3 = new S3({
accessKeyID: Deno.env.get("AWS_ACCESS_KEY_ID")!,
secretKey: Deno.env.get("AWS_SECRET_ACCESS_KEY")!,
region: "us-east-1",
})
const offy = useOffLicense('s3')
const bucket = s3.getBucket(Deno.env.get("AWS_S3_BUCKET")!)
for (const stowed of await useCache().ls()) {
const url = offy.url(stowed)
const key = offy.key(stowed)
console.log({ checking: url })
const inRepo = await bucket.headObject(key)
const repoChecksum = inRepo ? await checksum(`${url}.sha256sum`) : undefined
// path.read() returns a string; this is easier to get a UInt8Array
const contents = await Deno.readFile(stowed.path.string)
const sha256sum = toHashString(await crypto.subtle.digest("SHA-256", contents))
if (!inRepo || repoChecksum !== sha256sum) {
const basename = url.path().basename()
const body = new TextEncoder().encode(`${sha256sum} ${basename}`)
console.log({ uploading: url })
await bucket.putObject(key, contents)
await bucket.putObject(`${key}.sha256sum`, body)
console.log({ uploaded: url })
}
}
async function checksum(url: string) {
const rsp = await fetch(url)
if (!rsp.ok) throw new Error(`404-not-found: ${url}`)
const rdr = rsp.body?.getReader()
if (!rdr) throw new Error(`Couldnt read: ${url}`)
const r = await readAll(readerFromStreamReader(rdr))
return new TextDecoder().decode(r).split(' ')[0]
}
type RV = Package & {bottle: Path}

5
tea.yaml Normal file
View file

@ -0,0 +1,5 @@
dependencies:
tea.xyz/brewkit: ^0.3
env:
TEA_PANTRY_PATH: ${{srcroot}}:{{home}}/.tea/tea.xyz/var/pantry
TEA_PREFIX: ${{srcroot}}/tea.out