-
Notifications
You must be signed in to change notification settings - Fork 8
191 lines (174 loc) · 7.41 KB
/
01-make-dist-worker.yml
File metadata and controls
191 lines (174 loc) · 7.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
# Adapted from NUT 01-make-dist-worker.yml
# Separated from 01-make-dist.yml to touch untrusted sources
# in a separate job without particular permissions to anything.
# Triggered by a step in that job.
#
# See also:
# https://github.com/actions/upload-artifact
# https://docs.github.com/en/actions/reference/workflows-and-actions/variables
# https://docs.github.com/en/actions/reference/workflows-and-actions/workflow-syntax
name: "GHA-01: Tarballs Build Worker"
on:
workflow_call:
inputs:
ref:
required: true
type: string
artifact_name:
required: true
type: string
workflow_dispatch:
inputs:
ref:
required: true
type: string
artifact_name:
required: true
type: string
# This untrusted part of the job may only read Git
# (and upload artifacts, that's allowed by default)
permissions:
contents: read
jobs:
make-dist-tarballs:
name: "Make Dist and Docs Tarballs, see workflow page for links"
# FIXME: Prepare/maintain a container image with pre-installed
# WMNut build/tooling prereqs (save about 3 minutes per run!)
# Maybe https://aschmelyun.com/blog/using-docker-run-inside-of-github-actions/
# => https://github.com/addnab/docker-run-action can help
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v6
with:
# NOTE: This is the unprivileged part of the GHA-01-tarballs ritual,
# running potentially untrusted shell code from the PR source branch.
# We are still dealing with the upstream repository (not a forked
# repo), and in case of pull requests - fetch a separate scheme of
# ephemerally provided refs for PR "merge" or "head" commits.
#
# 0 => all commit history for the PR
fetch-depth: 0
# Get the git tags to construct NUT SEMVER version strings.
fetch-tags: true
ref: ${{ inputs.ref }}
persist-credentials: false
# Make build identification more useful (so we use no fallbacks in script)
- name: Try to get more Git metadata
run: |
git describe || {
git remote -v || true
git branch -a || true
for R in `git remote` ; do git fetch $R master ; done || true
git fetch --tags
pwd ; ls -la
echo "=== Known commits in history:"
git log --oneline | wc -l
echo "=== Recent commits in history:"
git log -2 || true
echo "=== Known tags:"
git tag || true
echo "=== Try to ensure 'git describe' works:"
git describe || {
git fetch --all && for R in `git remote` ; do for T in `git tag` ; do git fetch $R $T ; done ; done
git describe || {
TEST_REF="`git symbolic-ref --short HEAD 2>/dev/null || cat .git/HEAD`" && [ -n "${TEST_REF}" ] && git checkout master && git pull --all && git checkout "${TEST_REF}"
git describe || true
}
}
}
# Using hints from https://askubuntu.com/questions/272248/processing-triggers-for-man-db
# and our own docs/config-prereqs.txt
# NOTE: Currently installing the MAX prerequisite footprint,
# which for building just the docs may be a bit of an overkill.
- name: WMNut CI Prerequisite packages (Ubuntu, GCC)
run: |
echo "set man-db/auto-update false" | sudo debconf-communicate
sudo dpkg-reconfigure man-db
sudo apt update
sudo apt install \
gcc g++ clang \
libxpm-dev libxext-dev libupsclient-dev libc6-dev-amd64-cross libgcc-s1-amd64-cross ccache \
|| exit
date > .timestamp-init
- name: Prepare ccache
# Based on https://docs.github.com/en/actions/reference/workflows-and-actions/dependency-caching#example-using-the-cache-action example
id: cache-ccache
uses: actions/cache@v5
env:
compiler: 'CC=gcc CXX=g++'
cache-name: cache-ccache-${{ env.compiler }}
with:
path: |
~/.ccache
~/.cache/ccache
~/.config/ccache/ccache.conf
key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/.timestamp-init') }}
restore-keys: |
${{ runner.os }}-build-${{ env.cache-name }}-
${{ runner.os }}-build-
${{ runner.os }}-
- name: CCache stats before build
run: |
ccache -sv || ccache -s || echo "FAILED to read ccache info, oh well"
rm -f .timestamp-init
#- name: Debug gitlog2version processing
# run: bash -x ./tools/gitlog2version.sh || true
- name: WMNut CI Build Configuration
env:
compiler: 'CC=gcc CXX=g++'
run: |
PATH="/usr/lib/ccache:$PATH" ; export PATH
CCACHE_COMPRESS=true; export CCACHE_COMPRESS
ccache --version || true
( ${{env.compiler}} ; echo "=== CC: $CC => `command -v $CC` =>" ; $CC --version ; echo "=== CXX: $CXX => `command -v $CXX` =>" ; $CXX --version ) || true
./autogen.sh && \
./configure ${{env.compiler}} --enable-debug --enable-Werror
# NOTE: In this scenario we do not build actually WMNut in the main
# checkout directory, at least not explicitly (recipe may generate
# some files like man pages to fulfill the "dist" requirements;
# for now this may generate some libs to figure out their IDs).
# We do `make docs` to provide them as a separate tarball just
# in case, later.
# DO NOT `make dist-files` here as it includes `dist-sig` and
# needs a GPG keychain with maintainers' secrets deployed locally.
- name: WMNut CI Build to create "dist" tarball and related files
env:
compiler: 'CC=gcc CXX=g++'
run: |
PATH="/usr/lib/ccache:$PATH" ; export PATH
CCACHE_COMPRESS=true; export CCACHE_COMPRESS
ccache --version || true
( ${{env.compiler}} ; echo "=== CC: $CC => `command -v $CC` =>" ; $CC --version ; echo "=== CXX: $CXX => `command -v $CXX` =>" ; $CXX --version ) || true
make -s -j 8 dist dist-hash
- name: WMNut CI Build to verify "dist" tarball build
env:
compiler: 'CC=gcc CXX=g++'
run: |
PATH="/usr/lib/ccache:$PATH" ; export PATH
CCACHE_COMPRESS=true; export CCACHE_COMPRESS
ccache --version || true
( ${{env.compiler}} ; echo "=== CC: $CC => `command -v $CC` =>" ; $CC --version ; echo "=== CXX: $CXX => `command -v $CXX` =>" ; $CXX --version ) || true
make -s -j 8 distcheck
- name: WMNut CI Build to verify "dist" tarball build self-reproducibility
env:
compiler: 'CC=gcc CXX=g++'
run: |
PATH="/usr/lib/ccache:$PATH" ; export PATH
CCACHE_COMPRESS=true; export CCACHE_COMPRESS
ccache --version || true
( ${{env.compiler}} ; echo "=== CC: $CC => `command -v $CC` =>" ; $CC --version ; echo "=== CXX: $CXX => `command -v $CXX` =>" ; $CXX --version ) || true
make -s -j 8 distcheck-completeness
- name: CCache stats after distcheck
run: ccache -sv || ccache -s || echo "FAILED to read ccache info, oh well"
# NOTE: A `.zip` is added to the base `$name` automatically
- name: Upload tarball and its checksum artifacts
uses: actions/upload-artifact@v4
id: upload_artifact
with:
name: ${{ inputs.artifact_name }}
path: |
wmnut-*.tar*
compression-level: 0
overwrite: true
# FINISH: Pass control back to the main pipeline