Binaries #223
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Binaries | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: "0 1 * * *" # Triggers the build at 1:00 UTC time | |
jobs: | |
check_build: | |
name: Check if we need to run the pipeline or not | |
runs-on: ubuntu-latest | |
outputs: | |
action: ${{ steps.verify.outputs.action }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
repository: ocaml/dune | |
ref: main | |
fetch-depth: 1 | |
- name: Export HEAD | |
run: echo "GIT_HEAD=$(git rev-parse HEAD)" > "$GITHUB_ENV" | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- id: verify | |
run: | | |
LAST_COMMIT=$(jq -r ".|sort_by(.date)|last|.commit" < metadata.json) | |
if [ "$GIT_HEAD" = "$LAST_COMMIT" ] ; then | |
echo "action=SKIP" >> "$GITHUB_OUTPUT" | |
else | |
echo "action=BUILD" >> "$GITHUB_OUTPUT" | |
fi | |
binary: | |
name: Create the artifact | |
needs: check_build | |
permissions: | |
id-token: write | |
attestations: write | |
contents: write | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: macos-13 | |
name: x86_64-apple-darwin | |
installable: .#dune-experimental | |
- os: macos-14 | |
name: aarch64-apple-darwin | |
installable: .#dune-experimental | |
- os: ubuntu-22.04 | |
name: x86_64-unknown-linux-musl | |
installable: .#dune-static-experimental | |
# If the latest commit is the same as latest run, don't re-run. | |
if: ${{ needs.check_build.outputs.action == 'BUILD' || github.event_name == 'workflow_dispatch' }} | |
runs-on: ${{ matrix.os }} | |
outputs: | |
git-commit: ${{ steps.git-commit.outputs.hash }} | |
steps: | |
- name: Set DATE environment variable | |
run: echo "DATE=$(date +'%Y-%m-%d')" >> "$GITHUB_ENV" | |
- name: Set archive environment variables | |
run: | | |
echo "ARCHIVE_DIR=dune-$DATE-${{ matrix.name }}" >> $GITHUB_ENV | |
echo "ARCHIVE_TAR=dune-$DATE-${{ matrix.name }}.tar" >> $GITHUB_ENV | |
echo "ARCHIVE_TARGZ=dune-$DATE-${{ matrix.name }}.tar.gz" >> $GITHUB_ENV | |
- uses: actions/checkout@v4 | |
with: | |
repository: ocaml/dune | |
ref: main | |
fetch-depth: 0 # for git describe | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
path: dune-binary-distribution | |
- uses: cachix/install-nix-action@v22 | |
- name: Extract build informations | |
id: git-commit | |
run: echo "hash=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
- name: Export version | |
run: | | |
echo "(version \"Dune Developer Preview: build $(date -u +"%Y-%m-%dT%H:%M:%SZ"), git revision $(git rev-parse HEAD)\")" >> dune-project | |
- run: nix build ${{ matrix.installable }} | |
- name: Generate artifact attestation | |
id: certificate | |
uses: actions/attest-build-provenance@v1 | |
with: | |
subject-path: "result/bin/dune" | |
show-summary: false | |
# TODO: remove the extra Dune file when the complete move to tar is done. | |
- name: Extract artifact and attestation | |
run: | | |
mkdir -p ~/build/$ARCHIVE_DIR/ | |
cp ${{ steps.certificate.outputs.bundle-path }} ~/build | |
cp result/bin/dune ~/build/$ARCHIVE_DIR | |
cp -r $GITHUB_WORKSPACE/dune-binary-distribution/env ~/build/$ARCHIVE_DIR | |
cp -r $GITHUB_WORKSPACE/dune-binary-distribution/completions ~/build/$ARCHIVE_DIR | |
cp -r $GITHUB_WORKSPACE/dune-binary-distribution/tool-wrappers ~/build/$ARCHIVE_DIR | |
tar --format=posix -cvf ~/build/$ARCHIVE_TAR -C ~/build $ARCHIVE_DIR | |
gzip -9 ~/build/$ARCHIVE_TAR | |
rm -rf ~/build/$ARCHIVE_DIR | |
- uses: actions/upload-artifact@v4 | |
with: | |
path: ~/build | |
name: ${{ matrix.name }} | |
check-artifacts: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: macos-13 | |
name: x86_64-apple-darwin | |
- os: macos-14 | |
name: aarch64-apple-darwin | |
- os: ubuntu-22.04 | |
name: x86_64-unknown-linux-musl | |
runs-on: ${{ matrix.os }} | |
needs: binary | |
steps: | |
- name: Set DATE environment variable | |
run: echo "DATE=$(date +'%Y-%m-%d')" >> "$GITHUB_ENV" | |
- name: Set archive environment variables | |
run: | | |
echo "ARCHIVE_TARGZ=dune-$DATE-${{ matrix.name }}.tar.gz" >> $GITHUB_ENV | |
echo "ARCHIVE_DIR=dune-$DATE-${{ matrix.name }}" >> $GITHUB_ENV | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- uses: actions/download-artifact@v4 | |
- name: Get dune accessible | |
run: | | |
mv ${{ matrix.name }}/$ARCHIVE_TARGZ . | |
tar -xvf $ARCHIVE_TARGZ | |
mv ./$ARCHIVE_DIR/dune ./dune | |
- name: Check dune is working | |
run: | | |
export PATH="$PWD:$PATH" | |
cd test | |
dune pkg lock | |
dune build | |
deploy-s3: | |
runs-on: ubuntu-latest | |
needs: [binary, check-artifacts] | |
permissions: | |
contents: write | |
steps: | |
- name: Install rclone | |
run: | | |
sudo -v ; curl https://rclone.org/install.sh | sudo bash | |
- name: Prepare SSH env | |
shell: bash | |
run: | | |
mkdir -p ~/.ssh | |
echo "$SSH_PRIVATE_KEY" > ~/.ssh/tarides | |
echo "$SSH_PUBLIC_KEY" > ~/.ssh/tarides.pub | |
chmod 600 ~/.ssh/tarides | |
chmod 600 ~/.ssh/tarides.pub | |
ssh-keyscan -H "$DEPLOY_SERVER" >> ~/.ssh/known_hosts | |
env: | |
DEPLOY_SERVER: ${{ secrets.DEPLOY_SERVER }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Setup OCaml with cache | |
uses: ocaml/setup-ocaml@v3 | |
with: | |
ocaml-compiler: "5.2" | |
dune-cache: true | |
- name: Update config on test | |
if: ${{ github.ref == 'refs/heads/staging' }} | |
run: | | |
sed -i 's#let bucket_dir = .*#let bucket_dir = "/dune/test"#g' ./bin/config.ml | |
sed -i 's#let url = .*#let url = "https://get.dune.build/test"#g' ./bin/config.ml | |
git add --ignore-errors ./bin/config.ml | |
cat ./bin/config.ml | |
- name: Install Sandworm deps && build | |
run: opam install -y . --deps-only && opam exec -- dune build | |
- uses: actions/download-artifact@v4 | |
with: | |
path: /home/runner/artifacts | |
- name: Move artifacts to scope | |
run: mv "/home/runner/artifacts" "." | |
- name: Export Rclone configuration | |
run: echo "${{ secrets.RCLONE_CONF }}" >> rclone.conf | |
- name: Export executables and generate html | |
shell: bash | |
run: opam exec -- dune exec sandworm -- sync --commit "${{ needs.binary.outputs.git-commit }}" | |
- name: Commit changes to branch | |
run: | | |
git config --global user.name 'Sandworm' | |
git config --global user.email '[email protected]' | |
(git add metadata.json && \ | |
git commit -m "Nightly build $(date +'%Y-%m-%d')" && \ | |
git push) || echo "No new data" # Prevent from committing empty stuff | |
notify: | |
runs-on: ubuntu-latest | |
needs: [binary, check-artifacts, deploy-s3] | |
if: ${{ github.ref == 'refs/heads/main' && !cancelled() && (needs.binary.result == 'failure' || needs.check-artifacts.result == 'failure' || needs.deploy-s3.result == 'failure' ) }} | |
steps: | |
- name: Post an error message to Slack | |
id: slack | |
uses: slackapi/[email protected] | |
with: | |
channel-id: ${{ secrets.SLACK_CHANNEL_ID }} | |
slack-message: | | |
:red_circle: I'm sorry to bother you, but it seems your build is failing: | |
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} | |
env: | |
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} |