pantry/.github/workflows/build.yml
2022-09-28 19:19:56 -04:00

220 lines
6.1 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: build
on:
workflow_call:
inputs:
projects:
required: true
type: string
env:
TEA_SECRET: ${{ secrets.TEA_SECRET }}
jobs:
queue-builder:
runs-on: ubuntu-latest
steps:
- name: queue
run: |
curl https://app.tea.xyz/api/builder/enqueue \
-H "authorization: bearer ${{ secrets.TEA_API_TOKEN }}" \
-d "$GITHUB_SHA ${{ inputs.projects }}"
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: macos-11
container: ~
- os: ubuntu-latest
container:
image: ghcr.io/teaxyz/infuser:main
options: --memory=16g
container: ${{ matrix.container }}
defaults:
run:
working-directory: pantry
outputs:
built: ${{ steps.build.outputs.pkgs }}
pkgs: ${{ steps.sorted.outputs.pkgs }} ${{ steps.sorted.outputs.pre-install }}
steps:
- name: co pantry
uses: actions/checkout@v3
with:
path: pantry
- name: co cli
uses: actions/checkout@v3
with:
path: cli
repository: teaxyz/cli
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
- run: #FIXME **we provide curl** but it fails due to certificate errors
apt --yes install curl
if: ${{ matrix.os == 'ubuntu-latest' }}
- uses: teaxyz/setup@v0
id: tea
with:
prefix: /opt
- name: HACKS
run: |
case ${{ matrix.os }} in
ubuntu-latest)
# no git in our image, needed for tea finding SRCROOT
mkdir .git ../cli/.git
#FIXME needed for gdk-pixbuf
apt --yes install shared-mime-info
;;
macos-11)
# screws up a lot of build scripts
# TODO stop using GHA images or chroot or something
for x in /usr/local/*; do sudo mv $x /tmp; done
# for scripts/fix-machos.rb
sudo gem install ruby-macho
;;
*)
exit 1
esac
rm -rf /opt/tea.xyz/var
ln -s $GITHUB_WORKSPACE /opt/tea.xyz/var
touch /opt/.hack
- run: scripts/sort.ts ${{ inputs.projects }}
id: sorted
- run: ../cli/scripts/install.ts ${{ steps.sorted.outputs.pre-install }}
- run: scripts/build.ts ${{ steps.sorted.outputs.pkgs }}
id: build
env:
# GITHUB_TOKEN doesn't have private access to teaxyz/cli.
# TODO restore to ${{ github.token }} when public
GITHUB_TOKEN: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root
- name: upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.os }}
path: |
${{ steps.build.outputs.paths }}
${{ steps.tea.outputs.prefix }}/.hack
# ^^ so the uploaded artifacts keep eg. foo.com/v1.2.3 as prefixes
if-no-files-found: error
test:
needs: [build]
runs-on: ${{ matrix.os }}
defaults:
run:
working-directory: tea.xyz/var/pantry
strategy:
matrix:
os:
- macos-11
- ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
path: tea.xyz/var/pantry
- uses: actions/checkout@v3
with:
path: tea.xyz/var/cli
repository: teaxyz/cli
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
- uses: teaxyz/setup@v0
id: tea
with:
prefix: ${{ github.workspace }}
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.os }}
path: ${{ steps.tea.outputs.prefix }}
- run: echo ${{ inputs.projects }} | xargs -tn1 scripts/test.ts
bottle:
defaults:
run:
working-directory: tea.xyz/var/pantry
needs: [test, build]
runs-on: ${{ matrix.platform }}
strategy:
matrix:
platform:
- macos-11
- ubuntu-latest
compression:
- xz
- gz
steps:
- uses: actions/checkout@v3
with:
path: tea.xyz/var/pantry
- uses: actions/checkout@v3
with:
path: tea.xyz/var/cli
repository: teaxyz/cli
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
- uses: teaxyz/setup@v0
id: tea
with:
prefix: ${{ github.workspace }}
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.platform }}
path: ${{ steps.tea.outputs.prefix }}
- run: scripts/bottle.ts ${{ needs.build.outputs.built }}
id: bottle
env:
COMPRESSION: ${{ matrix.compression }}
- name: upload bottles
id: upload
run: scripts/upload.ts
--pkgs ${{ needs.build.outputs.built }}
--bottles ${{ steps.bottle.outputs.bottles }}
--checksums ${{ steps.bottle.outputs.checksums }}
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
#NOTE ideally wed invalidate all at once so this is atomic
# however GHA cant consolidate outputs from a matrix :/
- uses: chetan/invalidate-cloudfront-action@v2
env:
PATHS: ${{ steps.upload.outputs.cf-invalidation-paths }}
DISTRIBUTION: ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
notify:
if: always()
needs: [bottle]
runs-on: ubuntu-latest
steps:
- uses: martialonline/workflow-status@v3
id: status
- uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_MESSAGE: build job for ${{ inputs.projects }} ${{ steps.status.outputs.status }}
SLACK_COLOR: ${{ steps.status.outputs.status }}