pantry/.github/workflows/build.yml
Jacob Heider 68a47ae737
make branches actually parallel (#167)
* make branches actually parallel

* more

* wut

* wip

* wip
2023-02-02 20:07:32 -05:00

172 lines
5.1 KiB
YAML

name: build
on:
workflow_call:
inputs:
projects:
required: true
type: string
platform:
required: true
type: string
new-version:
type: boolean
required: false
default: false
jobs:
get-platform:
runs-on: ubuntu-latest
outputs:
os: ${{ steps.platform.outputs.os }}
build-os: ${{ steps.platform.outputs.build-os }}
container: ${{ steps.platform.outputs.container }}
test-matrix: ${{ steps.platform.outputs.test-matrix }}
steps:
- uses: actions/checkout@v3
with:
repository: teaxyz/pantry.core
- uses: teaxyz/setup@v0
- run: scripts/get-platform.ts ${{ inputs.projects }}
id: platform
env:
PLATFORM: ${{ inputs.platform }}
TEA_PANTRY_PATH: ${{ github.workspace }}
build:
runs-on: ${{ fromJson(needs.get-platform.outputs.build-os) }}
container: ${{ fromJson(needs.get-platform.outputs.container) }}
needs: [get-platform]
steps:
- uses: actions/checkout@v3
- uses: teaxyz/setup@v0
id: tea
with:
prefix: /opt
- name: sanitize macOS runners
if: matrix.platform.os == 'macos-11'
run: sudo mv /usr/local/bin/* /tmp/
- name: configure tea env
run: |
echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
echo "TEA_PANTRY_PATH=$GITHUB_WORKSPACE" >> $GITHUB_ENV
- run: sort.ts ${{ inputs.projects }}
id: sorted
- run: build.ts ${{ steps.sorted.outputs.pkgs }}
id: build
env:
GITHUB_TOKEN: ${{ github.token }}
FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root
- name: delete `.la` files
run: find . -name '*.la' -delete
working-directory: ${{ steps.tea.outputs.prefix }}
# cache data we'll need in the bottling job
- name: assemble artifact metadata
run: |
echo ${{ steps.build.outputs.pkgs }} >built
echo ${{ steps.build.outputs.relative-paths }} >relative-paths
echo ${{ steps.build.outputs.srcs }} >srcs
working-directory: ${{ steps.tea.outputs.prefix }}
# tarring ourselves ∵ GHA-artifacts (ludicrously) lose permissions
# /ref https://github.com/actions/upload-artifact/issues/38
- name: create artifacts.tgz
run:
tar czf $GITHUB_WORKSPACE/artifacts.tgz
${{ steps.build.outputs.relative-paths }}
${{ steps.build.outputs.srcs-relative-paths }}
built relative-paths srcs
working-directory: ${{ steps.tea.outputs.prefix }}
- name: upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ inputs.platform }}
path: artifacts.tgz
if-no-files-found: error
test:
needs: [get-platform, build]
runs-on: ${{ matrix.platform.os }}
strategy:
fail-fast: false
matrix:
platform: ${{ fromJson(needs.get-platform.outputs.test-matrix) }}
outputs:
HAS_SECRETS: ${{ env.HAS_SECRETS }}
container: ${{ matrix.platform.container }}
steps:
- uses: actions/checkout@v3
- uses: teaxyz/setup@v0
- name: configure scripts PATH
run: echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: actions/download-artifact@v3
with:
name: ${{ inputs.platform }}
- name: extract bottles
run: tar xzf artifacts.tgz -C $TEA_PREFIX
- run: test.ts ${{ inputs.projects }}
env:
TEA_PANTRY_PATH: ${{ github.workspace }}
- name: post
run:
echo "HAS_SECRETS=$HAS_SECRETS" >>$GITHUB_ENV
env:
HAS_SECRETS: ${{ secrets.AWS_S3_CACHE != null }}
bottle:
needs: [test]
if: inputs.new-version == true
uses: ./.github/workflows/bottle.yml
with:
new-version: ${{ inputs.new-version }}
platform: ${{ inputs.platform }}
secrets: inherit
complain:
needs: [test]
if: inputs.new-version == true && failure()
uses: ./.github/workflows/complain.yml
with:
projects: ${{ inputs.projects }}
platform: ${{ inputs.platform }}
secrets: inherit
stage:
needs: [test]
# this only works for PRs from our team to our repo (security! :( )
if: startsWith(github.ref, 'refs/pull/') && startsWith(github.repository, 'teaxyz/pantry.') && needs.test.outputs.HAS_SECRETS == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: teaxyz/setup@v0
- name: configure scripts PATH
run: echo "$PWD/scripts:$TEA_PREFIX/tea.xyz/var/pantry/scripts" >> $GITHUB_PATH
- uses: actions/download-artifact@v3
with:
name: ${{ inputs.platform }}
- run: cache-artifacts.ts
${{github.repository}}
${{github.ref}}
${{inputs.platform}}
artifacts.tgz
env:
AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}