pantry/.github/workflows/build.yml
2023-01-31 15:07:23 -05:00

237 lines
7 KiB
YAML

name: build
on:
workflow_call:
inputs:
projects:
required: true
type: string
env:
TEA_PANTRY_PATH: ${{ github.workspace }}/pantry
jobs:
check-core-sizes:
runs-on: ubuntu-latest
outputs:
gha-linux-build-size: ${{ env.GHA_LINUX_BUILD_SIZE }}
steps:
- name: co pantry
uses: actions/checkout@v3
with:
path: pantry
repository: teaxyz/pantry.core
- uses: teaxyz/setup@v0
with:
# necessary because we currently require a `.git` directory
srcroot: pantry
- run: ./scripts/check-core-sizes.ts ${{ inputs.projects }}
working-directory: pantry
env:
TEA_PANTRY_PATH: ${{ env.TEA_PANTRY_PATH }}
build:
runs-on: ${{ matrix.platform.os }}
needs: [check-core-sizes]
strategy:
matrix:
platform:
- os: macos-11
name: darwin+x86-64
- os: ${{ needs.check-core-sizes.outputs.gha-linux-build-size }}
name: linux+x86-64
container:
image: debian:buster-slim
- os: [self-hosted, macOS, ARM64]
name: darwin+aarch64
- os: [self-hosted, linux, ARM64]
name: linux+aarch64
container: ${{ matrix.platform.container }}
steps:
- name: co pantry
uses: actions/checkout@v3
with:
path: pantry
- name: co cli
uses: actions/checkout@v3
with:
path: cli
repository: teaxyz/cli
- uses: teaxyz/setup@v0
id: tea
with:
# necessary because we currently require a `.git` directory
srcroot: /opt/tea.xyz/var/pantry
prefix: /opt
- name: HACKS
run: |
case ${{ matrix.platform.os }} in
macos-11)
#FIXME we need a clean install of macOS for builds
#TODO stop using GHA images or chroot or something
for x in /usr/local/*; do sudo mv $x /tmp; done
;;
esac
ln -s $GITHUB_WORKSPACE/cli /opt/tea.xyz/var/cli
# in case this PR contains updates to the scripts
#TODO only do for PRs
if test "$GITHUB_REPOSITORY" = "teaxyz/pantry.core"; then
cp -rv pantry/scripts/* /opt/tea.xyz/var/pantry/scripts
fi
- run: /opt/tea.xyz/var/pantry/scripts/sort.ts ${{ inputs.projects }}
id: sorted
# running out of /opt because only pantry.core has these scripts
- run: /opt/tea.xyz/var/pantry/scripts/build.ts ${{ steps.sorted.outputs.pkgs }}
id: build
env:
GITHUB_TOKEN: ${{ github.token }}
FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root
- name: delete `.la` files
run: find ${{ steps.tea.outputs.prefix }} -name '*.la' -delete
# cache data we'll need in the bottling job
- run: |
echo ${{ steps.build.outputs.pkgs }} >built
echo ${{ steps.build.outputs.relative-paths }} >relative-paths
echo ${{ steps.build.outputs.srcs }} >srcs
working-directory: ${{ steps.tea.outputs.prefix }}
# tarring ourselves ∵ GHA-artifacts (ludicrously) lose permissions
# /ref https://github.com/actions/upload-artifact/issues/38
- run:
tar czf $GITHUB_WORKSPACE/artifacts.tgz
${{ steps.build.outputs.relative-paths }}
${{ steps.build.outputs.srcs-relative-paths }}
built relative-paths srcs
working-directory: ${{ steps.tea.outputs.prefix }}
- name: upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.platform.name }}
path: artifacts.tgz
if-no-files-found: error
test:
needs: [build]
runs-on: ${{ matrix.platform.os }}
strategy:
matrix:
platform:
- os: macos-11
name: darwin+x86-64
- os: ubuntu-latest
name: linux+x86-64
- os: ubuntu-latest
name: linux+x86-64
container: ghcr.io/teaxyz/infuser:latest
- os: ubuntu-latest
name: linux+x86-64
container: debian:buster-slim
- os: [self-hosted, macOS, ARM64]
name: darwin+aarch64
- os: [self-hosted, linux, ARM64]
name: linux+aarch64
outputs:
HAS_SECRETS: ${{ env.HAS_SECRETS }}
container: ${{ matrix.platform.container }}
steps:
- uses: actions/checkout@v3
with:
path: tea.xyz/var/cli
repository: teaxyz/cli
- uses: actions/checkout@v3
with:
path: pantry
- uses: teaxyz/setup@v0
id: tea
with:
srcroot: tea.xyz/var/pantry
prefix: ${{ github.workspace }}
- run: |
# in case this PR contains updates to the scripts TODO only PRs
if test "$GITHUB_REPOSITORY" = "teaxyz/pantry.core"; then
cp -rv pantry/scripts/* $(tea --prefix)/tea.xyz/var/pantry/scripts
fi
if: ${{ matrix.platform.container != '' }}
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.platform.name }}
- run: tar xzf artifacts.tgz
- run: tea.xyz/var/pantry/scripts/test.ts ${{ inputs.projects }}
- run:
echo "HAS_SECRETS=$HAS_SECRETS" >>$GITHUB_ENV
env:
HAS_SECRETS: ${{ secrets.AWS_S3_CACHE != null }}
stage:
needs: [test]
# this only works for PRs from our team to our repo (security! :( )
if: startsWith(github.ref, 'refs/pull/') && startsWith(github.repository, 'teaxyz/pantry.') && needs.test.outputs.HAS_SECRETS == 'true'
runs-on: ubuntu-latest
strategy:
matrix:
platform:
- os: macos-11
name: darwin+x86-64
- os: ubuntu-latest
name: linux+x86-64
- os: [self-hosted, macOS, ARM64]
name: darwin+aarch64
- os: [self-hosted, linux, ARM64]
name: linux+aarch64
steps:
- uses: actions/checkout@v3
with:
path: tea.xyz/var/cli
repository: teaxyz/cli
- uses: actions/checkout@v3
with:
path: pantry
- uses: teaxyz/setup@v0
id: tea
with:
srcroot: tea.xyz/var/pantry
prefix: ${{ github.workspace }}
- run: |
tea --sync
# in case this PR contains updates to the scripts
#TODO only do for PRs
if test "$GITHUB_REPOSITORY" = "teaxyz/pantry.core"; then
cp -rv $GITHUB_WORKSPACE/pantry/scripts/* $(tea --prefix)/tea.xyz/var/pantry/scripts
fi
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.platform.name }}
- run:
tea.xyz/var/pantry/scripts/cache-artifacts.ts
${{github.repository}}
${{github.ref}}
${{matrix.platform.name}}
artifacts.tgz
env:
AWS_S3_CACHE: ${{ secrets.AWS_S3_CACHE }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}