pantry/.github/workflows/build.yml
Jacob Heider a9d7965089 store sources from build pipeline
Use relative-path srcs only
2022-10-03 13:23:23 -04:00

236 lines
6.8 KiB
YAML
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

name: build
on:
workflow_call:
inputs:
projects:
required: true
type: string
ref:
required: true
type: string
env:
TEA_SECRET: ${{ secrets.TEA_SECRET }}
jobs:
queue-builder:
runs-on: ubuntu-latest
steps:
- name: queue
run: |
# Don't use GITHUB_SHA for PRs: https://github.com/orgs/community/discussions/25191
curl https://app.tea.xyz/api/builder/enqueue \
-H "authorization: bearer ${{ secrets.TEA_API_TOKEN }}" \
-d "${{inputs.ref}} ${{ inputs.projects }}"
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: macos-11
container: ~
- os: ubuntu-latest
container:
image: debian:buster-slim
options: --memory=16g
container: ${{ matrix.container }}
outputs:
built: ${{ steps.build.outputs.pkgs }}
srcs: ${{ steps.build.outputs.srcs }}
pkgs: ${{ steps.sorted.outputs.pkgs }} ${{ steps.sorted.outputs.pre-install }}
steps:
- name: co pantry
uses: actions/checkout@v3
with:
path: pantry
- name: co cli
uses: actions/checkout@v3
with:
path: cli
repository: teaxyz/cli
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
- uses: teaxyz/setup@v0
id: tea
with:
srcroot: pantry
prefix: /opt
- name: HACKS
run: |
case ${{ matrix.os }} in
ubuntu-latest)
apt-get update
apt-get --yes install libc-dev libstdc++-8-dev libgcc-8-dev
;;
macos-11)
# screws up a lot of build scripts
# TODO stop using GHA images or chroot or something
for x in /usr/local/*; do sudo mv $x /tmp; done
# for scripts/fix-machos.rb
sudo gem install ruby-macho
;;
*)
exit 1
esac
rm -rf /opt/tea.xyz/var
ln -s $GITHUB_WORKSPACE /opt/tea.xyz/var
- run: pantry/scripts/sort.ts ${{ inputs.projects }}
id: sorted
- run: cli/scripts/install.ts ${{ steps.sorted.outputs.pre-install }}
#FIXME remove later
- run: find /opt -name bin -type d -exec find {} -type f \; | xargs chmod 777
- run: pantry/scripts/build.ts ${{ steps.sorted.outputs.pkgs }}
id: build
env:
# GITHUB_TOKEN doesn't have private access to teaxyz/cli.
# TODO restore to ${{ github.token }} when public
GITHUB_TOKEN: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
FORCE_UNSAFE_CONFIGURE: 1 # some configure scripts refuse to run as root
# tarring ourselves ∵ GHA-artifacts (ludicrously) lose permissions
# /ref https://github.com/actions/upload-artifact/issues/38
- run: tar czf $GITHUB_WORKSPACE/artifacts.tgz ${{ steps.build.outputs.relative-paths }} ${{ steps.build.outputs.srcs }}
working-directory: ${{ steps.tea.outputs.prefix }}
- name: upload artifacts
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.os }}
path: artifacts.tgz
if-no-files-found: error
test:
needs: [build]
runs-on: ${{ matrix.os }}
defaults:
run:
working-directory: tea.xyz/var/pantry/scripts
strategy:
matrix:
include:
- os: macos-11
- os: ubuntu-latest
- os: ubuntu-latest
container: ghcr.io/teaxyz/infuser:main
- os: ubuntu-latest
container: debian:buster-slim
container: ${{ matrix.container }}
steps:
- uses: actions/checkout@v3
with:
path: tea.xyz/var/pantry
- uses: actions/checkout@v3
with:
path: tea.xyz/var/cli
repository: teaxyz/cli
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
- run: |
apt-get update
apt-get --yes install libc-dev libstdc++-8-dev libgcc-8-dev
if: ${{ matrix.container != '' }}
- uses: teaxyz/setup@v0
id: tea
with:
prefix: ${{ github.workspace }}
srcroot: tea.xyz/var/pantry
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.os }}
- run: tar xzf artifacts.tgz
working-directory: ${{ steps.tea.outputs.prefix }}
- run: ./test.ts ${{ inputs.projects }}
bottle:
defaults:
run:
working-directory: tea.xyz/var/pantry/scripts
needs: [test, build]
runs-on: ${{ matrix.platform }}
strategy:
matrix:
platform:
- macos-11
- ubuntu-latest
compression:
- xz
- gz
steps:
- uses: actions/checkout@v3
with:
path: tea.xyz/var/pantry
- uses: actions/checkout@v3
with:
path: tea.xyz/var/cli
repository: teaxyz/cli
token: ${{ secrets.TEMP_JACOBS_GITHUB_PAT }}
- uses: teaxyz/setup@v0
id: tea
with:
prefix: ${{ github.workspace }}
srcroot: tea.xyz/var/pantry
- uses: actions/download-artifact@v3
with:
name: ${{ matrix.platform }}
path: ${{ steps.tea.outputs.prefix }}
- run: tar xzf artifacts.tgz
working-directory: ${{ steps.tea.outputs.prefix }}
- run: ./bottle.ts ${{ needs.build.outputs.built }}
id: bottle
env:
COMPRESSION: ${{ matrix.compression }}
- name: upload bottles
id: upload
run: ./upload.ts
--pkgs ${{ needs.build.outputs.built }}
--srcs ${{ needs.build.outputs.srcs }}
--bottles ${{ steps.bottle.outputs.bottles }}
--checksums ${{ steps.bottle.outputs.checksums }}
env:
AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
#NOTE ideally wed invalidate all at once so this is atomic
# however GHA cant consolidate outputs from a matrix :/
- uses: chetan/invalidate-cloudfront-action@v2
env:
PATHS: ${{ steps.upload.outputs.cf-invalidation-paths }}
DISTRIBUTION: ${{ secrets.AWS_CF_DISTRIBUTION_ID }}
AWS_REGION: us-east-1
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
notify:
if: always()
needs: [bottle]
runs-on: ubuntu-latest
steps:
- uses: martialonline/workflow-status@v3
id: status
- uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_CHANNEL: ${{ secrets.SLACK_CHANNEL }}
SLACK_MESSAGE: build job for ${{ inputs.projects }} ${{ steps.status.outputs.status }}
SLACK_COLOR: ${{ steps.status.outputs.status }}