mirror of
https://github.com/ivabus/pantry
synced 2024-11-10 10:35:17 +03:00
220 lines
6.1 KiB
YAML
220 lines
6.1 KiB
YAML
name: build
|
||
on:
|
||
workflow_call:
|
||
inputs:
|
||
projects:
|
||
required: true
|
||
type: string
|
||
|
||
env:
|
||
TEA_SECRET: ${{ secrets.TEA_SECRET }}
|
||
|
||
jobs:
|
||
queue-builder:
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- name: queue
|
||
run: |
|
||
curl https://app.tea.xyz/api/builder/enqueue \
|
||
-H "authorization: bearer ${{ secrets.TEA_API_TOKEN }}" \
|
||
-d "$GITHUB_SHA ${{ inputs.projects }}"
|
||
|
||
build:
|
||
runs-on: ${{ matrix.os }}
|
||
strategy:
|
||
matrix:
|
||
include:
|
||
- os: macos-11
|
||
container: ~
|
||
- os: ubuntu-latest
|
||
container:
|
||
image: ghcr.io/teaxyz/infuser:main
|
||
options: --memory=16g
|
||
container: ${{ matrix.container }}
|
||
defaults:
|
||
run:
|
||
working-directory: pantry
|
||
outputs:
|
||
built: ${{ steps.build.outputs.pkgs }}
|
||
pkgs: ${{ steps.sorted.outputs.pkgs }} ${{ steps.sorted.outputs.pre-install }}
|
||
steps:
|
||
- name: co pantry
|
||
uses: actions/checkout@v3
|
||
with:
|
||
path: pantry
|
||
|
||
- name: co cli
|
||
uses: actions/checkout@v3
|
||
with:
|
||
path: cli
|
||
repository: teaxyz/cli
|
||
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
|
||
|
||
- run: #FIXME **we provide curl** but it fails due to certificate errors
|
||
apt --yes install curl
|
||
if: ${{ matrix.os == 'ubuntu-latest' }}
|
||
|
||
- uses: teaxyz/setup@v0
|
||
id: tea
|
||
with:
|
||
prefix: /opt
|
||
|
||
- name: HACKS
|
||
run: |
|
||
case ${{ matrix.os }} in
|
||
ubuntu-latest)
|
||
# no git in our image, needed for tea finding SRCROOT
|
||
mkdir .git ../cli/.git
|
||
|
||
#FIXME needed for gdk-pixbuf
|
||
apt --yes install shared-mime-info
|
||
;;
|
||
macos-11)
|
||
# screws up a lot of build scripts
|
||
# TODO stop using GHA images or chroot or something
|
||
for x in /usr/local/*; do sudo mv $x /tmp; done
|
||
|
||
# for scripts/fix-machos.rb
|
||
sudo gem install ruby-macho
|
||
;;
|
||
*)
|
||
exit 1
|
||
esac
|
||
|
||
rm -rf /opt/tea.xyz/var
|
||
ln -s $GITHUB_WORKSPACE /opt/tea.xyz/var
|
||
|
||
touch /opt/.hack
|
||
|
||
- run: scripts/sort.ts ${{ inputs.projects }}
|
||
id: sorted
|
||
|
||
- run: ../cli/scripts/install.ts ${{ steps.sorted.outputs.pre-install }}
|
||
|
||
- run: scripts/build.ts ${{ steps.sorted.outputs.pkgs }}
|
||
id: build
|
||
env:
|
||
# GITHUB_TOKEN doesn't have private access to teaxyz/cli.
|
||
# TODO restore to ${{ github.token }} when public
|
||
GITHUB_TOKEN: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
|
||
FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root
|
||
|
||
- name: upload artifacts
|
||
uses: actions/upload-artifact@v3
|
||
with:
|
||
name: ${{ matrix.os }}
|
||
path: |
|
||
${{ steps.build.outputs.paths }}
|
||
${{ steps.tea.outputs.prefix }}/.hack
|
||
# ^^ so the uploaded artifacts keep eg. foo.com/v1.2.3 as prefixes
|
||
if-no-files-found: error
|
||
|
||
test:
|
||
needs: [build]
|
||
runs-on: ${{ matrix.os }}
|
||
defaults:
|
||
run:
|
||
working-directory: tea.xyz/var/pantry
|
||
strategy:
|
||
matrix:
|
||
os:
|
||
- macos-11
|
||
- ubuntu-latest
|
||
steps:
|
||
- uses: actions/checkout@v3
|
||
with:
|
||
path: tea.xyz/var/pantry
|
||
|
||
- uses: actions/checkout@v3
|
||
with:
|
||
path: tea.xyz/var/cli
|
||
repository: teaxyz/cli
|
||
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
|
||
|
||
- uses: teaxyz/setup@v0
|
||
id: tea
|
||
with:
|
||
prefix: ${{ github.workspace }}
|
||
|
||
- uses: actions/download-artifact@v3
|
||
with:
|
||
name: ${{ matrix.os }}
|
||
path: ${{ steps.tea.outputs.prefix }}
|
||
|
||
- run: echo ${{ inputs.projects }} | xargs -tn1 scripts/test.ts
|
||
|
||
bottle:
|
||
defaults:
|
||
run:
|
||
working-directory: tea.xyz/var/pantry
|
||
needs: [test, build]
|
||
runs-on: ${{ matrix.platform }}
|
||
strategy:
|
||
matrix:
|
||
platform:
|
||
- macos-11
|
||
- ubuntu-latest
|
||
compression:
|
||
- xz
|
||
- gz
|
||
steps:
|
||
- uses: actions/checkout@v3
|
||
with:
|
||
path: tea.xyz/var/pantry
|
||
|
||
- uses: actions/checkout@v3
|
||
with:
|
||
path: tea.xyz/var/cli
|
||
repository: teaxyz/cli
|
||
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
|
||
|
||
- uses: teaxyz/setup@v0
|
||
id: tea
|
||
with:
|
||
prefix: ${{ github.workspace }}
|
||
|
||
- uses: actions/download-artifact@v3
|
||
with:
|
||
name: ${{ matrix.platform }}
|
||
path: ${{ steps.tea.outputs.prefix }}
|
||
|
||
- run: scripts/bottle.ts ${{ needs.build.outputs.built }}
|
||
id: bottle
|
||
env:
|
||
COMPRESSION: ${{ matrix.compression }}
|
||
|
||
- name: upload bottles
|
||
id: upload
|
||
run: scripts/upload.ts
|
||
--pkgs ${{ needs.build.outputs.built }}
|
||
--bottles ${{ steps.bottle.outputs.bottles }}
|
||
--checksums ${{ steps.bottle.outputs.checksums }}
|
||
env:
|
||
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
|
||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||
|
||
#NOTE ideally we’d invalidate all at once so this is atomic
|
||
# however GHA can’t consolidate outputs from a matrix :/
|
||
- uses: chetan/invalidate-cloudfront-action@v2
|
||
env:
|
||
PATHS: ${{ steps.upload.outputs.cf-invalidation-paths }}
|
||
DISTRIBUTION: ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
|
||
AWS_REGION: us-east-1
|
||
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
|
||
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
|
||
|
||
notify:
|
||
if: always()
|
||
needs: [bottle]
|
||
runs-on: ubuntu-latest
|
||
steps:
|
||
- uses: martialonline/workflow-status@v3
|
||
id: status
|
||
- uses: rtCamp/action-slack-notify@v2
|
||
env:
|
||
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
|
||
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
|
||
SLACK_MESSAGE: build job for ${{ inputs.projects }} ${{ steps.status.outputs.status }}
|
||
SLACK_COLOR: ${{ steps.status.outputs.status }}
|