docs: add developer's guide for running CodeBuild locally (#94) #3
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CodeBuild | |
| on: | |
| workflow_dispatch: {} | |
| push: | |
| branches: | |
| - main | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| env: | |
| CODEBUILD_PROJECT_NAME: ${{ vars.CODEBUILD_PROJECT_NAME || 'codebuild-project' }} | |
| permissions: | |
| actions: none | |
| attestations: none | |
| checks: none | |
| contents: none | |
| deployments: none | |
| discussions: none | |
| id-token: none | |
| issues: none | |
| models: none | |
| packages: none | |
| pages: none | |
| pull-requests: none | |
| repository-projects: none | |
| security-events: none | |
| statuses: none | |
| jobs: | |
| build: | |
| environment: codebuild | |
| permissions: | |
| actions: write | |
| contents: read | |
| id-token: write # Required for OIDC token request to AWS STS | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: List caches | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh cache list -R "${{ github.repository }}" --key "${{ env.CODEBUILD_PROJECT_NAME }}-" --order asc | |
| - name: Check cache | |
| id: cache-check | |
| uses: actions/cache/restore@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: ${{ env.CODEBUILD_PROJECT_NAME }}.zip | |
| key: ${{ env.CODEBUILD_PROJECT_NAME }}-${{ github.ref_name }}-${{ github.sha }} | |
| lookup-only: true | |
| - name: Configure AWS credentials | |
| if: steps.cache-check.outputs.cache-hit != 'true' | |
| uses: aws-actions/configure-aws-credentials@8df5847569e6427dd6c4fb1cf565c83acfa8afa7 # v6.0.0 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_CODEBUILD_ROLE_ARN }} | |
| aws-region: ${{ vars.AWS_REGION || 'us-east-1' }} | |
| role-duration-seconds: ${{ vars.ROLE_DURATION_SECONDS || 7200 }} | |
| role-session-name: GitHubActions${{ github.run_id }} | |
| mask-aws-account-id: true | |
| retry-max-attempts: 0 | |
| - name: Run CodeBuild | |
| if: steps.cache-check.outputs.cache-hit != 'true' | |
| id: codebuild | |
| uses: aws-actions/aws-codebuild-run-build@d8279f349f3b1b84e834c30e47c20dcb8888b7e5 # v1.0.18 | |
| with: | |
| project-name: ${{ env.CODEBUILD_PROJECT_NAME }} | |
| source-version-override: ${{ github.sha }} | |
| buildspec-override: | | |
| version: 0.2 | |
| env: | |
| variables: | |
| GH_TOKEN: ${{ github.token }} | |
| phases: | |
| install: | |
| commands: | |
| - dnf config-manager --add-repo https://cli.github.com/packages/rpm/gh-cli.repo || echo "dnf config-manager" | |
| - dnf install -y 'dnf-command(config-manager)' gh || echo "dnf install failed" | |
| - curl -LsSf https://astral.sh/uv/install.sh | sh && export PATH=$HOME/.local/bin:$PATH || "echo uv failed" | |
| pre_build: | |
| commands: | |
| - echo "pre_build" | |
| - mkdir -p .codebuild | |
| - touch .codebuild/codebuild.out | |
| - git config --global --add safe.directory "/codebuild/output/srcDownload/src" # for running AWS CodeBuild locally | |
| build: | |
| commands: | |
| - DEFAULT_BRANCH=$(gh repo view --json defaultBranchRef --jq '.defaultBranchRef.name') | |
| - CURRENT_BRANCH=$(git symbolic-ref --short HEAD 2>/dev/null || echo "") | |
| - CURRENT_TAG=$(git describe --tags --exact-match 2>/dev/null || echo "") | |
| - IS_RELEASE=$([[ -n "$CURRENT_TAG" ]] && echo "true" || echo "false") | |
| - IS_PRE_RELEASE=$([[ "$CURRENT_BRANCH" == "$DEFAULT_BRANCH" ]] && echo "true" || echo "false") | |
| - IS_PRE_MERGE=$([[ -z "$CURRENT_TAG" && "$CURRENT_BRANCH" != "$DEFAULT_BRANCH" ]] && echo "true" || echo "false") | |
| - if [[ "$IS_RELEASE" == "true" ]]; then echo "This is a release"; fi; | |
| - if [[ "$IS_PRE_RELEASE" == "true" ]]; then echo "This is a pre-release"; fi; | |
| - if [[ "$IS_PRE_MERGE" == "true" ]]; then echo "This is a pre-merge"; fi; | |
| - mkdir -p .codebuild/evaluation | |
| - mkdir -p .codebuild/trend | |
| - mkdir -p .codebuild/missing | |
| - touch .codebuild/evaluation/evaluation_report.html | |
| - touch .codebuild/evaluation/metrics.yml | |
| - touch .codebuild/trend/trend_report.html | |
| post_build: | |
| commands: | |
| - echo "Build completed with status $CODEBUILD_BUILD_SUCCEEDING" | |
| - cat ./.codebuild/codebuild.out | |
| artifacts: | |
| files: | |
| - '**/*' | |
| discard-paths: no | |
| base-directory: .codebuild | |
| secondary-artifacts: | |
| evaluation: | |
| files: | |
| - '**/*' | |
| name: evaluation | |
| discard-paths: yes | |
| base-directory: .codebuild/evaluation | |
| trend: | |
| files: | |
| - '**/*' | |
| name: trend | |
| discard-paths: yes | |
| base-directory: .codebuild/trend | |
| - name: Build ID | |
| if: always() && steps.cache-check.outputs.cache-hit != 'true' | |
| run: echo "CodeBuild Build ID ${{ steps.codebuild.outputs.aws-build-id }}" | |
| - name: Download CodeBuild artifacts | |
| if: steps.cache-check.outputs.cache-hit != 'true' | |
| run: | | |
| DOWNLOADS="${ACT_CODEBUILD_DIR:-${GITHUB_WORKSPACE}/.codebuild/downloads}" | |
| mkdir -p "$DOWNLOADS" | |
| PRIMARY_ARTIFACT_LOCATION=$(aws codebuild batch-get-builds \ | |
| --ids "${{ steps.codebuild.outputs.aws-build-id }}" \ | |
| --query 'builds[0].artifacts.location' \ | |
| --output text) | |
| aws s3 cp "s3://${PRIMARY_ARTIFACT_LOCATION#arn:aws:s3:::}" "$DOWNLOADS/${{ env.CODEBUILD_PROJECT_NAME }}.zip" | |
| SECONDARY_ARTIFACT_LOCATIONS=$(aws codebuild batch-get-builds \ | |
| --ids "${{ steps.codebuild.outputs.aws-build-id }}" \ | |
| --query 'builds[0].secondaryArtifacts[*].[artifactIdentifier, location]' \ | |
| --output json) | |
| echo "$SECONDARY_ARTIFACT_LOCATIONS" | jq -r '.[] | @tsv' | while IFS=$'\t' read -r NAME LOCATION; do | |
| echo "Downloading secondary artifact: $NAME" | |
| aws s3 cp "s3://${LOCATION#arn:aws:s3:::}" "$DOWNLOADS/${NAME}.zip" | |
| done | |
| - name: List CodeBuild artifacts | |
| if: steps.cache-check.outputs.cache-hit != 'true' | |
| run: | | |
| DOWNLOADS="${ACT_CODEBUILD_DIR:-${GITHUB_WORKSPACE}/.codebuild/downloads}" | |
| ls -alR "$DOWNLOADS" | |
| unzip -l "$DOWNLOADS/${{ env.CODEBUILD_PROJECT_NAME }}.zip" | |
| unzip -l "$DOWNLOADS/evaluation.zip" | |
| unzip -l "$DOWNLOADS/trend.zip" | |
| - name: Clean old report caches | |
| if: steps.cache-check.outputs.cache-hit != 'true' | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| gh cache list -R "${{ github.repository }}" --key "${{ env.CODEBUILD_PROJECT_NAME }}-${{ github.ref_name }}-" --order asc \ | |
| | tail -n 3 \ | |
| | cut -f1 \ | |
| | xargs -I {} gh cache delete -R "${{ github.repository }}" "{}" || true | |
| - name: Save report to cache | |
| if: steps.cache-check.outputs.cache-hit != 'true' | |
| uses: actions/cache/save@cdf6c1fa76f9f475f3d7449005a359c84ca0f306 # v5.0.3 | |
| with: | |
| path: ${{ github.workspace }}/.codebuild/downloads/${{ env.CODEBUILD_PROJECT_NAME }}.zip | |
| key: ${{ env.CODEBUILD_PROJECT_NAME }}-${{ github.ref_name }}-${{ github.sha }} | |
| - name: Upload CodeBuild primary artifact | |
| if: ${{ !env.ACT }} # incompatability with v6 of upload-artifact and act | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: ${{ env.CODEBUILD_PROJECT_NAME }}.zip | |
| path: ${{ github.workspace }}/.codebuild/downloads/${{ env.CODEBUILD_PROJECT_NAME }}.zip | |
| if-no-files-found: error | |
| - name: Upload CodeBuild secondary artifact - evaluation | |
| if: ${{ !env.ACT }} # incompatability with v6 of upload-artifact and act | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: evaluation.zip | |
| path: ${{ github.workspace }}/.codebuild/downloads/evaluation.zip | |
| if-no-files-found: error | |
| - name: Upload CodeBuild secondary artifact - trend | |
| if: ${{ !env.ACT }} # incompatability with v6 of upload-artifact and act | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: trend.zip | |
| path: ${{ github.workspace }}/.codebuild/downloads/trend.zip | |
| if-no-files-found: error |