name: build on: workflow_call: inputs: projects: required: true type: string platform: required: true type: string jobs: get-platform: runs-on: ubuntu-latest outputs: os: ${{ steps.platform.outputs.os }} build-os: ${{ steps.platform.outputs.build-os }} container: ${{ steps.platform.outputs.container }} test-matrix: ${{ steps.platform.outputs.test-matrix }} cache-set: ${{ steps.platform.outputs.cache-set }} available: ${{ steps.platform.outputs.available }} steps: - uses: teaxyz/brewkit/actions/get-platform@v0 id: platform with: platform: ${{ inputs.platform }} projects: ${{ inputs.projects }} build: runs-on: ${{ fromJson(needs.get-platform.outputs.build-os) }} container: ${{ fromJson(needs.get-platform.outputs.container) }} needs: [get-platform] if: ${{ needs.get-platform.outputs.available != '' }} steps: - uses: actions/checkout@v3 - uses: teaxyz/brewkit/actions/setup-brewkit@v0 id: tea with: prefix: /opt - name: sanitize macOS runners if: fromJson(needs.get-platform.outputs.build-os) == 'macos-11' run: sudo mv /usr/local/bin/* /tmp/ # setup macOS codesigning - uses: teaxyz/brewkit/actions/setup-codesign@v0 if: startsWith(inputs.platform, 'darwin+') && github.event.pull_request.head.repo.full_name == github.event.pull_request.base.repo.full_name with: p12-file-base64: ${{ secrets.APPLE_CERTIFICATE_P12 }} p12-password: ${{ secrets.APPLE_CERTIFICATE_P12_PASSWORD }} - run: pkg build ${{ needs.get-platform.outputs.available }} id: build env: GITHUB_TOKEN: ${{ github.token }} FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root APPLE_IDENTITY: ${{ secrets.APPLE_IDENTITY || '-' }} - run: | ABS_PATHS=$(echo $PATHS | tr ' ' '\n' | sed -e "s_^_$TEA_PREFIX/_" | tr '\n' ' ') echo "paths=$ABS_PATHS" >> $GITHUB_OUTPUT if: startsWith(inputs.platform, 'darwin+') id: absolute-paths env: PATHS: ${{ steps.build.outputs.relative-paths }} TEA_PREFIX: ${{ steps.tea.outputs.prefix }} # cache data we'll need in the bottling job - name: assemble artifact metadata run: | echo ${{ steps.build.outputs.pkgs }} >built echo ${{ steps.build.outputs.srcs-relative-paths }} >srcs working-directory: ${{ steps.tea.outputs.prefix }} # tarring ourselves ∵ GHA-artifacts (ludicrously) lose permissions # /ref https://github.com/actions/upload-artifact/issues/38 - name: create artifacts.tgz run: tar czvf $GITHUB_WORKSPACE/artifacts.tgz ${{ steps.build.outputs.relative-paths }} ${{ steps.build.outputs.srcs-relative-paths }} built srcs working-directory: ${{ steps.tea.outputs.prefix }} - name: upload artifacts uses: actions/upload-artifact@v3 with: name: ${{ inputs.platform }} path: artifacts.tgz if-no-files-found: error test: needs: [get-platform, build] if: ${{ needs.get-platform.outputs.available != '' }} runs-on: ${{ matrix.platform.os }} strategy: matrix: platform: ${{ fromJson(needs.get-platform.outputs.test-matrix) }} name: test ${{ matrix.platform.name-extra }} outputs: HAS_SECRETS: ${{ env.HAS_SECRETS }} container: ${{ matrix.platform.container }} steps: - uses: actions/checkout@v3 - uses: teaxyz/brewkit/actions/setup-brewkit@v0 - uses: actions/download-artifact@v3 with: name: ${{ inputs.platform }} - name: clean destination # Note: needed when changing a directory to a symlink, for example in # https://github.com/teaxyz/pantry/pull/435 run: | tar tzf $GITHUB_WORKSPACE/artifacts.tgz | \ awk '{ print length, $0 }' | \ sort -n -s -r | \ cut -d" " -f2- | \ xargs rm -rf working-directory: ${{ env.TEA_PREFIX }} - name: extract bottles run: tar xzvf artifacts.tgz -C $TEA_PREFIX - run: pkg test ${{ needs.get-platform.outputs.available }} env: GITHUB_TOKEN: ${{ github.token }} # FIXME: this shouldn't be necessary, but it currently is for the # ubuntu+container test matrix entries. :/ TEA_PANTRY_PATH: ${{ github.workspace }} - name: "[post]" run: echo "HAS_SECRETS=$HAS_SECRETS" >>$GITHUB_ENV env: HAS_SECRETS: ${{ secrets.AWS_S3_CACHE != null }} stage: needs: [get-platform, test] # this only works for PRs from our team to our repo (security! :( ) if: startsWith(github.ref, 'refs/pull/') && github.repository_owner == 'teaxyz' && needs.test.outputs.HAS_SECRETS == 'true' && needs.get-platform.outputs.available != '' runs-on: ubuntu-latest steps: - uses: actions/download-artifact@v3 with: name: ${{ inputs.platform }} - uses: teaxyz/brewkit/actions/stage-build-artifacts@v0 with: platform: ${{ inputs.platform }} AWS_S3_BUCKET: ${{ secrets.AWS_S3_CACHE }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}