-
Notifications
You must be signed in to change notification settings - Fork 7
238 lines (205 loc) · 7.76 KB
/
binary.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
name: Binaries
on:
workflow_dispatch:
schedule:
- cron: "0 1 * * *" # Triggers the build at 1:00 UTC time
jobs:
check_build:
name: Check if we need to run the pipeline or not
runs-on: ubuntu-latest
outputs:
action: ${{ steps.verify.outputs.action }}
steps:
- uses: actions/checkout@v4
with:
repository: ocaml/dune
ref: main
fetch-depth: 1
- name: Export HEAD
run: echo "GIT_HEAD=$(git rev-parse HEAD)" > "$GITHUB_ENV"
- name: Checkout
uses: actions/checkout@v4
- id: verify
run: |
LAST_COMMIT=$(jq -r ".|sort_by(.date)|last|.commit" < metadata.json)
if [ "$GIT_HEAD" = "$LAST_COMMIT" ] ; then
echo "action=SKIP" >> "$GITHUB_OUTPUT"
else
echo "action=BUILD" >> "$GITHUB_OUTPUT"
fi
binary:
name: Create the artifact
needs: check_build
permissions:
id-token: write
attestations: write
contents: write
strategy:
fail-fast: false
matrix:
include:
- os: macos-13
name: x86_64-apple-darwin
installable: .#dune-experimental
- os: macos-14
name: aarch64-apple-darwin
installable: .#dune-experimental
- os: ubuntu-22.04
name: x86_64-unknown-linux-musl
installable: .#dune-static-experimental
# If the latest commit is the same as latest run, don't re-run.
if: ${{ needs.check_build.outputs.action == 'BUILD' || github.event_name == 'workflow_dispatch' }}
runs-on: ${{ matrix.os }}
outputs:
git-commit: ${{ steps.git-commit.outputs.hash }}
steps:
- name: Set DATE environment variable
run: echo "DATE=$(date +'%Y-%m-%d')" >> "$GITHUB_ENV"
- name: Set archive environment variables
run: |
echo "ARCHIVE_DIR=dune-$DATE-${{ matrix.name }}" >> $GITHUB_ENV
echo "ARCHIVE_TAR=dune-$DATE-${{ matrix.name }}.tar" >> $GITHUB_ENV
echo "ARCHIVE_TARGZ=dune-$DATE-${{ matrix.name }}.tar.gz" >> $GITHUB_ENV
- uses: actions/checkout@v4
with:
repository: ocaml/dune
ref: main
fetch-depth: 0 # for git describe
- name: Checkout
uses: actions/checkout@v4
with:
path: dune-binary-distribution
- uses: cachix/install-nix-action@v22
- name: Extract build informations
id: git-commit
run: echo "hash=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT"
- name: Export version
run: |
echo "(version \"Dune Developer Preview: build $(date -u +"%Y-%m-%dT%H:%M:%SZ"), git revision $(git rev-parse HEAD)\")" >> dune-project
- run: nix build ${{ matrix.installable }}
- name: Generate artifact attestation
id: certificate
uses: actions/attest-build-provenance@v1
with:
subject-path: "result/bin/dune"
show-summary: false
# TODO: remove the extra Dune file when the complete move to tar is done.
- name: Extract artifact and attestation
run: |
mkdir -p ~/build/$ARCHIVE_DIR/
cp ${{ steps.certificate.outputs.bundle-path }} ~/build
cp result/bin/dune ~/build/$ARCHIVE_DIR
cp -r $GITHUB_WORKSPACE/dune-binary-distribution/env ~/build/$ARCHIVE_DIR
cp -r $GITHUB_WORKSPACE/dune-binary-distribution/completions ~/build/$ARCHIVE_DIR
cp -r $GITHUB_WORKSPACE/dune-binary-distribution/tool-wrappers ~/build/$ARCHIVE_DIR
tar --format=posix -cvf ~/build/$ARCHIVE_TAR -C ~/build $ARCHIVE_DIR
gzip -9 ~/build/$ARCHIVE_TAR
rm -rf ~/build/$ARCHIVE_DIR
- uses: actions/upload-artifact@v4
with:
path: ~/build
name: ${{ matrix.name }}
check-artifacts:
strategy:
fail-fast: false
matrix:
include:
- os: macos-13
name: x86_64-apple-darwin
- os: macos-14
name: aarch64-apple-darwin
- os: ubuntu-22.04
name: x86_64-unknown-linux-musl
runs-on: ${{ matrix.os }}
needs: binary
steps:
- name: Set DATE environment variable
run: echo "DATE=$(date +'%Y-%m-%d')" >> "$GITHUB_ENV"
- name: Set archive environment variables
run: |
echo "ARCHIVE_TARGZ=dune-$DATE-${{ matrix.name }}.tar.gz" >> $GITHUB_ENV
echo "ARCHIVE_DIR=dune-$DATE-${{ matrix.name }}" >> $GITHUB_ENV
- name: Checkout
uses: actions/checkout@v4
- uses: actions/download-artifact@v4
- name: Get dune accessible
run: |
mv ${{ matrix.name }}/$ARCHIVE_TARGZ .
tar -xvf $ARCHIVE_TARGZ
mv ./$ARCHIVE_DIR/dune ./dune
- name: Check dune is working
run: |
export PATH="$PWD:$PATH"
cd test
dune pkg lock
dune build
deploy-s3:
runs-on: ubuntu-latest
needs: [binary, check-artifacts]
permissions:
contents: write
steps:
- name: Install rclone
run: |
sudo -v ; curl https://rclone.org/install.sh | sudo bash
- name: Prepare SSH env
shell: bash
run: |
mkdir -p ~/.ssh
echo "$SSH_PRIVATE_KEY" > ~/.ssh/tarides
echo "$SSH_PUBLIC_KEY" > ~/.ssh/tarides.pub
chmod 600 ~/.ssh/tarides
chmod 600 ~/.ssh/tarides.pub
ssh-keyscan -H "$DEPLOY_SERVER" >> ~/.ssh/known_hosts
env:
DEPLOY_SERVER: ${{ secrets.DEPLOY_SERVER }}
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }}
- name: Checkout
uses: actions/checkout@v4
- name: Setup OCaml with cache
uses: ocaml/setup-ocaml@v3
with:
ocaml-compiler: "5.2"
dune-cache: true
- name: Update config on test
if: ${{ github.ref == 'refs/heads/staging' }}
run: |
sed -i 's#let bucket_dir = .*#let bucket_dir = "/dune/test"#g' ./bin/config.ml
sed -i 's#let url = .*#let url = "https://get.dune.build/test"#g' ./bin/config.ml
git add --ignore-errors ./bin/config.ml
cat ./bin/config.ml
- name: Install Sandworm deps && build
run: opam install -y . --deps-only && opam exec -- dune build
- uses: actions/download-artifact@v4
with:
path: /home/runner/artifacts
- name: Move artifacts to scope
run: mv "/home/runner/artifacts" "."
- name: Export Rclone configuration
run: echo "${{ secrets.RCLONE_CONF }}" >> rclone.conf
- name: Export executables and generate html
shell: bash
run: opam exec -- dune exec sandworm -- sync --commit "${{ needs.binary.outputs.git-commit }}"
- name: Commit changes to branch
run: |
git config --global user.name 'Sandworm'
git config --global user.email '[email protected]'
(git add metadata.json && \
git commit -m "Nightly build $(date +'%Y-%m-%d')" && \
git push) || echo "No new data" # Prevent from committing empty stuff
notify:
runs-on: ubuntu-latest
needs: [binary, check-artifacts, deploy-s3]
if: ${{ github.ref == 'refs/heads/main' && !cancelled() && (needs.binary.result == 'failure' || needs.check-artifacts.result == 'failure' || needs.deploy-s3.result == 'failure' ) }}
steps:
- name: Post an error message to Slack
id: slack
uses: slackapi/[email protected]
with:
channel-id: ${{ secrets.SLACK_CHANNEL_ID }}
slack-message: |
:red_circle: I'm sorry to bother you, but it seems your build is failing:
${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}
env:
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}