-
Notifications
You must be signed in to change notification settings - Fork 8
164 lines (149 loc) · 5.77 KB
/
build.yml
File metadata and controls
164 lines (149 loc) · 5.77 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
name: Build
on:
workflow_dispatch:
inputs:
buildId:
required: true
type: string
bashbrewArch:
required: true
type: choice
options:
- amd64
- i386
- windows-amd64
firstTag: # informational only, because "run-name" can't be set to a useful value otherwise
type: string
windowsVersion:
type: choice
options:
- '' # without this, it's technically "required" 🙃
- 2025
- 2022
- 2019
run-name: '${{ inputs.bashbrewArch }}: ${{ inputs.firstTag }} (${{ inputs.buildId }})'
permissions:
contents: read
actions: write # for https://github.com/andymckay/cancel-action (see usage below)
concurrency:
group: ${{ github.event.inputs.buildId }}
cancel-in-progress: false
defaults:
run:
shell: 'bash -Eeuo pipefail -x {0}'
env:
BUILD_ID: ${{ inputs.buildId }}
BASHBREW_ARCH: ${{ inputs.bashbrewArch }}
jobs:
build:
name: Build ${{ inputs.buildId }}
runs-on: ${{ inputs.bashbrewArch == 'windows-amd64' && format('windows-{0}', inputs.windowsVersion) || 'ubuntu-latest' }}
env:
BASHBREW_META_SCRIPTS: ${{ github.workspace }}/.scripts
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
# TODO on Linux, install Tianon's Docker builds (switch off "ubuntu-latest" to pin to something closer to something we publish Debian builds for OR just run Docker-in-Docker and use GITHUB_ENV to set DOCKER_HOST to a suitable value)
- uses: ./.doi/.github/workflows/.bashbrew
with:
# avoid building because we want to skip the build and download a release instead (which will be way faster)
build: none # this will set BASHBREW_VERSION for us
# TODO improve the bashbrew action to download a release binary instead of building from source ("build: download", perhaps?)
- name: Tools
run: |
mkdir .gha-bin
echo "$PWD/.gha-bin" >> "$GITHUB_PATH"
ext=''
if [ "$BASHBREW_ARCH" = 'windows-amd64' ]; then # TODO should we run "bashbrew-host-arch.sh" here instead?
ext='.exe'
fi
_download() {
# prefer wget, but "windows-2019" doesn't have it, so fall back to curl
local target="$1"; shift
local url="$1"; shift
if command -v wget > /dev/null; then
wget --timeout=5 -O "$target" "$url" --progress=dot:giga
else
curl -fL -o "$target" "$url"
fi
}
# https://github.com/docker-library/bashbrew/releases
[ -n "$BASHBREW_VERSION" ]
_download ".gha-bin/bashbrew$ext" "https://github.com/docker-library/bashbrew/releases/download/$BASHBREW_VERSION/bashbrew-$BASHBREW_ARCH$ext"
chmod +x ".gha-bin/bashbrew$ext"
".gha-bin/bashbrew$ext" --version
# https://doi-janky.infosiftr.net/job/wip/job/crane
_download ".gha-bin/crane$ext" "https://doi-janky.infosiftr.net/job/wip/job/crane/lastSuccessfulBuild/artifact/crane-$BASHBREW_ARCH$ext"
# TODO checksum verification ("checksums.txt")
chmod +x ".gha-bin/crane$ext"
".gha-bin/crane$ext" version
- name: JSON
id: json
run: |
json="$(
jq -L"$BASHBREW_META_SCRIPTS" '
include "meta";
include "doi";
.[env.BUILD_ID]
| select(needs_build and .build.arch == env.BASHBREW_ARCH) # sanity check
| .commands = commands
' builds.json
)"
[ -n "$json" ]
{
EOJSON="EOJSON-$RANDOM-$RANDOM-$RANDOM"
echo "json<<$EOJSON"
cat <<<"$json"
echo "$EOJSON"
} | tee -a "$GITHUB_ENV" "$GITHUB_OUTPUT" > /dev/null
mkdir build
- name: Check
run: |
img="$(jq <<<"$json" -r '.build.img')"
if crane digest "$img"; then
echo >&2 "error: '$img' already exists! cowardly refusing to overwrite it"
echo 'cancel=exists' >> "$GITHUB_OUTPUT"
else
echo 'cancel=' >> "$GITHUB_OUTPUT"
fi
id: check
- name: Cancel If Built
if: steps.check.outputs.cancel == 'exists'
uses: andymckay/cancel-action@435124153eb37d6a62a29d053a7e449652f89d51 # https://github.com/andymckay/cancel-action/commits/HEAD
# https://github.com/andymckay/cancel-action/issues/12
- name: Spin Wheels If Built (waiting for cancellation)
if: steps.check.outputs.cancel == 'exists'
run: |
while true; do
echo 'Waiting for build cancellation...'
sleep 30
done
exit 1
- name: Pull
run: |
cd build
shell="$(jq <<<"$json" -r '.commands.pull')"
eval "$shell"
- name: Build
run: |
bk="$(.doi/.bin/bashbrew-buildkit-env-setup.sh)"
bk="$(jq <<<"$bk" -r 'to_entries | map(.key + "=" + .value | @sh) | "export " + join(" ")')"
eval "$bk"
cd build
shell="$(jq <<<"$json" -r '.commands.build')"
eval "$shell"
- name: Push
env:
DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }}
DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }}
run: |
export DOCKER_CONFIG="$PWD/.docker"
mkdir "$DOCKER_CONFIG"
trap 'find "$DOCKER_CONFIG" -type f -exec shred -fuvz "{}" + || :; rm -rf "$DOCKER_CONFIG"' EXIT
docker login --username "$DOCKER_HUB_USERNAME" --password-stdin <<<"$DOCKER_HUB_PASSWORD"
unset DOCKER_HUB_USERNAME DOCKER_HUB_PASSWORD
cd build
shell="$(jq <<<"$json" -r '.commands.push')"
eval "$shell"