generated from Warchant/cmake-hunter-seed
-
Notifications
You must be signed in to change notification settings - Fork 36
188 lines (180 loc) · 8.3 KB
/
build-cpp-filecoin.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
## DO NOT EDIT
## Generated from build-cpp-filecoin.src.yml with make-workflows.sh
name: Fuhon (cpp-Filecoin)
on:
push:
branches: [master]
tags: '**'
pull_request:
branches: [master] ## target branches
jobs:
## GitHub Actions Workflow does not support yaml anchors
## and that is why there is a workaround with make-workflows.sh
## You should `pre-commit install` or use `pre-commit-hook.sh`,
## anyway please read .github/README.md
check_workflow_yaml_coressponds_to_src_yaml:
runs-on: ubuntu-latest
#container: ubuntu:latest ## This is required as barrier between AWS-hosted runners and GitHub-hosted runners - they have different set of software, so run in container
name: Check if github workflows were properly made from sources
steps:
- name: REF and SHA of commented PR to ENV
if: github.event.comment
run: >
curl -fsSL ${{github.event.issue.pull_request.url}} -H "Authorization: token ${{github.token}}" | jq -r '
"PR_REF="+.head.ref,
"PR_SHA="+.head.sha,
"PR_NUM="+(.number|tostring),
"PR_REPO="+.head.repo.full_name' >>$GITHUB_ENV
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{env.PR_REF}} ## not empty on issue_comment, else default value GITHUB_REF
repository: ${{env.PR_REPO}} ## not empty on issue_comment, else default value github.repository, required by forks
- run: sudo snap install yq
- name: Check if .github/workflows/*.yml correspond to *.src.yml
run: |
set -x
[[ $(./.github/make-workflows.sh -x --worktree) = *"everything is up to date" ]]
## Build docker image named 'filecoin/fuhon-builder' with all stuff to compile fuhon and its dependancies
## The result docker image is pushed with tags :pr-NUMBER, :commit-HASH, :branch-name, :tag-name,
## and conditional tags :edge for development branch, and :latest for git-tags.
## Note: image is push only when DockerHub login-token pair available - not to PRs from forks.
Docker-fuhon-builder:
needs: check_workflow_yaml_coressponds_to_src_yaml
runs-on: ubuntu-latest #[ self-hosted, Linux ]
env:
DOCKERHUB_ORG: soramitsu ## Cannot use ${{ secrets.DOCKERHUB_ORG }}
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }}
steps:
- name: System info
run: |
set -x
whoami
id $(whoami)
free || vm_stat | perl -ne '/page size of (\d+)/ and $size=$1;
/Pages\s+([^:]+)[^\d]+(\d+)/ and printf("%-16s % 16.2f Mi\n", "$1:", $2 * $size / 1048576);'
df -h
- name: Build info
run: |
cat << 'END'
ref:${{github.ref}}
sha:${{github.sha}}
run_number:${{github.run_number}}
event_name:${{github.event_name}}
event.action:${{github.event.action}}
event.issue.number:${{ github.event.issue.number }}
END
- name: REF and SHA of commented PR to ENV
if: github.event.comment
run: >
curl -fsSL ${{github.event.issue.pull_request.url}} -H "Authorization: token ${{github.token}}" | jq -r '
"PR_REF="+.head.ref,
"PR_SHA="+.head.sha,
"PR_NUM="+(.number|tostring),
"PR_REPO="+.head.repo.full_name' >>$GITHUB_ENV
- name: Checkout
uses: actions/checkout@v2
with:
ref: ${{env.PR_REF}} ## not empty on issue_comment, else default value GITHUB_REF
repository: ${{env.PR_REPO}} ## not empty on issue_comment, else default value github.repository, required by forks
- name: Determine dockertag
id: dockertag
env:
dockertag: ${{ hashFiles('docker/**') }}
run: |
echo "::set-output name=dockertag::$dockertag"
echo >>$GITHUB_ENV dockertag=$dockertag
test -n "$DOCKERHUB_ORG" || {
echo ::error::"DOCKERHUB_ORG must contain value"
false
}
- name: Login to DockerHub
if: ${{ env.DOCKERHUB_TOKEN != '' && env.DOCKERHUB_USERNAME != '' }}
id: docker_login
uses: docker/login-action@v1
with:
registry: docker.soramitsu.co.jp
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Possible WARNING
if: ${{ steps.docker_login.outcome == 'skipped' }}
run: echo "::warning::DOCKERHUB_TOKEN and DOCKERHUB_USERNAME are empty. Will build but NOT push."
- name: Docker meta
id: meta
uses: docker/metadata-action@v3
with:
# registry.rocket.chat/rocketchat/rocket.chat:latest
images: docker.soramitsu.co.jp/fuhon/node
tags: |
type=raw,value=${{env.dockertag}}
type=ref,event=branch
type=ref,event=pr
type=ref,event=tag
type=schedule
type=edge,branch=develop
## Docker image will be pushed with tags:
## - hash of file Dockerfile.builder
## - branchname, when branch is pushed
## - pr-NUMBER, when pushed to PR
## - git tag when tag is pushed
## - semver like 1.2.3 and 1.2 when tag vX.X.X is pushed
## - tag 'edge' when branch support/1.2.x is pushed
## - schedule, see the docs
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v1
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{env.dockertag}}
restore-keys: ${{ runner.os }}-buildx-
- id: build_and_push
name: Build and push
uses: docker/build-push-action@v2
with:
cache-from: type=local,src=/tmp/.buildx-cache
cache-to: type=local,dest=/tmp/.buildx-cache-new
push: ${{ steps.docker_login.outcome == 'success' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
context: .
- # Temp fix
# https://github.com/docker/build-push-action/issues/252
# https://github.com/moby/buildkit/issues/1896
name: Move cache
run: |
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Check if dockertaghash exists in remote registry
id: dockertag_already
run: |
echo "::set-output name=container::$DOCKERHUB_ORG/fuhon:$dockertag"
- name: Possible ERROR, Dockerfile edited but image cannot be pushed
if: ${{ steps.docker_login.outcome != 'success' || steps.build_and_push.outcome != 'success' }}
env:
container: ${{steps.dockertag_already.outputs.container}}
dockertag: ${{env.dockertag}}
run: |
cat <<END
::error::CHANGES TO Dockerfile.builder WERE NOT APPLYED.
It seems container with tag '$dockertag' was not pushed to registry and does not exist remotely.
The most possible reason is GitHub secrets are inaccessable to PRs from public forks.
$(test ${{github.event.pull_request.head.repo.full_name}} != ${{github.event.pull_request.base.repo.full_name}} \
&& echo -n "SECRETS ARE NOT EXPOSED TO FORKS" || echo -n "SECRETS AVAILABLE")
**Consider to open PR from the same organization.**
What we know about this build:
- PR URL is ${{github.event.pull_request.html_url}}
- head repo is '${{github.event.pull_request.head.repo.full_name}}'
- base repo is '${{github.event.pull_request.base.repo.full_name}}'
- See more information in previous step 'Show context'
Please ask @ahmedelkashev on GitHub or in Telegram if you need help.
END
false
outputs:
## WARN secret dropped from output!, output may not contain secret,
## and secret cannot be used in job:container directly, and there is no github non-secret variables...
## if dockertag is already pushed then use it. But let it be empty when tag does not exist remotely.
dockertag: ${{steps.dockertag.outputs.dockertag}}
container: ${{steps.dockertag_already.outputs.container}}
pushed: ${{ steps.docker_login.outcome == 'success' && steps.build_and_push.outcome == 'success' }}