name: build on: workflow_call: inputs: projects: required: true type: string jobs: queue-builder: runs-on: ubuntu-latest steps: - name: queue run: | curl https://app.tea.xyz/api/builder/enqueue \ -H "authorization: bearer ${{ secrets.TEA_API_TOKEN }}" \ -d "${{ inputs.projects }}" build: runs-on: ${{ matrix.os }} strategy: matrix: include: - os: macos-11 container: ~ - os: ubuntu-latest container: image: ghcr.io/teaxyz/infuser:main options: --memory=16g container: ${{ matrix.container }} defaults: run: working-directory: pantry outputs: pkgs: ${{ steps.sorted.outputs.pkgs }} ${{ steps.sorted.outputs.pre-install }} steps: - name: co pantry uses: actions/checkout@v3 with: path: pantry - name: co cli uses: actions/checkout@v3 with: path: cli repository: teaxyz/cli token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }} - name: HACKS run: | case ${{ matrix.os }} in ubuntu-latest) rm -rf /opt/tea.xyz/var/pantry ln -s $GITHUB_WORKSPACE/pantry /opt/tea.xyz/var/pantry mkdir .git # no git in our image #FIXME needed for gdk-pixbuf apt --yes install shared-mime-info ;; macos-11) # screws up a lot of build scripts # TODO stop using GHA images or chroot or something for x in /usr/local/*; do sudo mv $x /tmp; done sudo mkdir -p /opt/tea.xyz/var sudo chown -R $(whoami):staff /opt ln -s $GITHUB_WORKSPACE/pantry /opt/tea.xyz/var/pantry # HACKs for teaxyz/setup since it currently requires the working dir to be a srcroot cp README.md .. mkdir ../.git ;; *) exit 1 esac - uses: teaxyz/setup@v0 env: TEA_SECRET: ${{ secrets.TEA_SECRET }} with: prefix: /opt if: ${{ matrix.os == 'macos-11' }} - name: sort topologically run: scripts/sort.ts ${{ inputs.projects }} id: sorted - run: scripts/install.ts ${{ steps.sorted.outputs.pre-install }} - run: scripts/build.ts ${{ steps.sorted.outputs.pkgs }} id: build env: GITHUB_TOKEN: ${{ github.token }} FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root - name: test run: echo ${{ steps.build.outputs.pkgs }} | xargs -tn1 scripts/test.ts - name: bottle run: scripts/bottle.ts ${{ steps.build.outputs.pkgs }} id: bottle # TODO only upload if all jobs succeed # TODO only upload when we merge # TODO upload to a staging location until we release new pantry versions - name: upload bottles run: ./scripts/upload.ts ${{ steps.bottle.outputs.bottles }} env: AWS_S3: ${{ secrets.AWS_S3 }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - name: upload artifacts uses: actions/upload-artifact@v3 with: name: ${{ matrix.os }} path: ${{ steps.bottle.outputs.filenames }} if-no-files-found: error invalidate-cloudfront: needs: [build] runs-on: ubuntu-latest steps: #FIXME incredibly inefficient - have upload.ts tell us what to invalidate - uses: chetan/invalidate-cloudfront-action@v2 env: DISTRIBUTION: ${{ secrets.AWS_CF_DISTRIBUTION_ID }} PATHS: "/*" AWS_REGION: "us-east-1" AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} verify-relocatable: needs: [invalidate-cloudfront] runs-on: ${{ matrix.os }} defaults: run: working-directory: pantry strategy: matrix: os: - macos-11 - ubuntu-latest steps: - uses: actions/checkout@v3 with: path: pantry - name: co cli uses: actions/checkout@v3 with: path: cli repository: teaxyz/cli token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }} - name: HACKS run: | mkdir -p ~/opt/tea.xyz/var ln -s $GITHUB_WORKSPACE/pantry ~/opt/tea.xyz/var/pantry mkdir ../.git cp README.md .. - uses: teaxyz/setup@v0 id: tea env: TEA_SECRET: ${{ secrets.TEA_SECRET }} - name: download bottles uses: actions/download-artifact@v3 with: name: ${{ matrix.os }} path: ${{ steps.tea.outputs.prefix }} - run: find ${{ steps.tea.outputs.prefix }}/tea.xyz/var/www - run: scripts/deps.ts -i ${{ needs.build.outputs.pkgs }} id: deps - run: scripts/install.ts ${{ steps.deps.outputs.pkgs }} - run: echo ${{ inputs.projects }} | xargs -tn1 scripts/test.ts notify: if: always() needs: [verify-relocatable] runs-on: ubuntu-latest steps: - uses: rtCamp/action-slack-notify@v2 env: SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }} SLACK_MESSAGE: build job for ${{ inputs.projects }} ${{ needs.build.result == 'success' && 'succeeded' || 'failed' }} #FIXME SO UGLY: if one of the matrix fails, it cancels the others and returns `cancelled` SLACK_COLOR: ${{ needs.build.result == 'cancelled' && 'failed' || needs.build.result }}