forked from urbit/vere
-
Notifications
You must be signed in to change notification settings - Fork 0
252 lines (225 loc) · 8.21 KB
/
shared.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
name: shared
on:
workflow_call:
inputs:
pace:
description: 'Release pace'
type: string
default: 'edge'
required: false
upload:
description: 'Upload binaries to GCP'
type: boolean
default: false
required: false
fake_tests:
description: 'Run fake ship tests'
type: boolean
default: true
required: false
next:
description: 'Next Kelvin version branch name'
type: string
default: null
required: false
secrets:
GCP_CREDENTIALS:
required: false
GCP_PROJECT:
required: false
env:
UPLOAD_BASE: bootstrap.urbit.org/vere
GH_TOKEN: ${{ github.token }}
jobs:
urbit:
strategy:
fail-fast: false
matrix:
include:
# GitHub doesn't provide AArch64 Linux machines, so we self-host a
# runner with BuildJet instead.
- { target: linux-aarch64, runner: buildjet-2vcpu-ubuntu-2204-arm }
- { target: linux-x86_64, runner: ubuntu-22.04 }
# GitHub doesn't provide macOS machines with Apple Silicon, so we
# self-host a runner with MacStadium instead.
- { target: macos-aarch64, runner: [self-hosted, macos, ARM64] }
- { target: macos-x86_64, runner: macos-12 }
runs-on: ${{ matrix.runner }}
steps:
#
# BUILD AND TEST
#
- uses: actions/checkout@v3
- name: chown /usr/local
if: ${{ matrix.target == 'linux-x86_64' || matrix.target == 'linux-aarch64'}}
run: |
sudo chown $(whoami) /usr/local
- name: Set up build cache
uses: actions/cache@v3
with:
key: ${{ matrix.target }}-cache
path: |
# # Cache bazel path on Linux.
~/.cache/bazel/_bazel_$(whoami)
# # Cache bazel path on macOS.
/private/var/tmp/_bazel_$(whoami)
# Cache musl libc toolchains.
/usr/local/*-musl
- name: chown /usr/local/*-musl
if: ${{ matrix.target == 'linux-x86_64' || matrix.target == 'linux-aarch64'}}
run: |
chown -R $USER /usr/local/*-musl || true
- name: Install bazel
if: ${{ matrix.target == 'linux-aarch64' }}
run: |
version="6.2.0"
platform="linux-arm64"
base_url="https://github.com/bazelbuild/bazel/releases/download/${version}/bazel-${version}-${platform}"
# download bazel from github releases
curl -L -O "${base_url}"
# make bazel executable
chmod +x bazel-${version}-${platform}
# verify the binary has a good checksum
curl -L -O "${base_url}.sha256"
if [[ "$(sha256sum bazel-${version}-${platform})" == "$(cat bazel-${version}-${platform}.sha256)" ]]; then
echo "Checksum matches"
else
echo "Checksum does not match"
exit 1
fi
# download and import the public key
curl -L -O https://bazel.build/bazel-release.pub.gpg
gpg --import bazel-release.pub.gpg
# verify the binary has a good signature
curl -L -O "${base_url}.sig"
if [[ `gpg --verify bazel-${version}-${platform}.sig` -eq 0 ]]; then
echo "Good signature from bazel"
sudo mv bazel-${version}-${platform} /usr/local/bin/bazel
else
echo "Bad signature from bazel"
exit 1
fi
- name: Install toolchains
run: |
case "${{ matrix.target }}" in
"linux-aarch64")
sudo apt-get -y install autoconf-archive
bazel run //bazel/toolchain:aarch64-linux-musl-gcc
;;
"linux-x86_64")
sudo apt-get -y install autoconf-archive
bazel run //bazel/toolchain:x86_64-linux-musl-gcc
;;
"macos-aarch64")
brew install pkg-config autoconf-archive
;;
"macos-x86_64")
# Switch Xcode path to match the path specified in our bazel toolchain.
sudo xcode-select --switch /Library/Developer/CommandLineTools
brew install automake autoconf-archive libtool llvm@15
;;
*)
echo "Unsupported target: ${{ matrix.target }}"
exit 1
;;
esac
- name: Build binary
run: |
echo "${{ inputs.pace }}" > ./PACE
case "${{ matrix.target }}" in
"linux-aarch64")
bazel build :urbit
;;
"linux-x86_64")
bazel build :urbit
;;
"macos-aarch64")
bazel build :urbit
;;
"macos-x86_64")
bazel build --clang_version=15.0.7 --extra_toolchains=//bazel/toolchain:brew-clang-macos-x86_64-toolchain :urbit
;;
esac
- name: Run unit tests
run: |
if [[ "${{ matrix.target }}" == "macos-x86_64" ]]; then
bazel test --build_tests_only --clang_version=15.0.7 --extra_toolchains=//bazel/toolchain:brew-clang-macos-x86_64-toolchain ...
else
bazel test --build_tests_only ...
fi
- name: Run fake ship tests
if: ${{ matrix.target == 'linux-x86_64' && inputs.fake_tests }}
run: |
# See https://github.com/urbit/vere/issues/40.
bazel build //pkg/vere:test-fake-ship
#
# UPLOAD TO GCP
#
- name: Prepare binary for upload to GCP
if: ${{ inputs.upload }}
run: |
echo "urbit_static=$GITHUB_WORKSPACE/bazel-bin/pkg/vere/urbit" | tee -a $GITHUB_ENV
- uses: google-github-actions/auth@v1
if: ${{ inputs.upload }}
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS }}
- uses: google-github-actions/setup-gcloud@v1
if: ${{ inputs.upload }}
with:
project_id: ${{ secrets.GCP_PROJECT }}
- name: Upload binary to bootstrap.urbit.org
if: ${{ inputs.upload }}
run: |
bazel build :version_str
sha_version=$(cat ./bazel-bin/version)
if ${{ inputs.next != null }}; then
next=$(echo "${{ inputs.next }}" | sed 's/[^0-9]//g')
target="gs://${UPLOAD_BASE}/next/kelvin/${next}/v${sha_version}/vere-v${sha_version}-${{ matrix.target }}"
else
target="gs://${UPLOAD_BASE}/${{ inputs.pace }}/v${sha_version}/vere-v${sha_version}-${{ matrix.target }}"
fi
args=""
# We never overwrite a binary deployed to the "live" train, but we do
# overwrite same-versioned binaries deployed to the "soon" and "edge"
# trains.
if [[ "${{ inputs.pace }}" == "live" ]]; then
gsutil cp -n "${{ env.urbit_static }}" "$target"
else
gsutil cp "${{ env.urbit_static }}" "$target"
fi
exitcode=$?
[ $exitcode -eq 0 ] &&
echo "upload to $target complete." ||
echo "upload to $target failed.";
exit $exitcode
upload-version-string:
name: Upload latest deployed version string to GCP
runs-on: ubuntu-latest
needs: [urbit]
if: inputs.upload
steps:
- uses: actions/checkout@v3
- uses: google-github-actions/auth@v1
with:
credentials_json: ${{ secrets.GCP_CREDENTIALS }}
- uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ secrets.GCP_PROJECT }}
- name: Upload latest deployed version string to GCP
run: |
echo "${{ inputs.pace }}" > ./PACE
if ${{ inputs.next != null }}; then
next=$(echo "${{ inputs.next }}" | sed 's/[^0-9]//g')
target="gs://${UPLOAD_BASE}/next/kelvin/${next}/last"
else
target="gs://${UPLOAD_BASE}/${{ inputs.pace }}/last"
fi
bazel build :version_str
# We don't use -n here because we want to overwrite the version
# string.
gsutil cp ./bazel-bin/version "$target"
exitcode=$?
[ $exitcode -eq 0 ] &&
echo "Upload to $target completed successfully." ||
echo "Upload to $target failed.";
exit $exitcode