Make sure altstack_size_ is a multiple of the system page size (#1883) #69
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: vizier-release | |
on: | |
push: | |
tags: | |
- release/vizier/** | |
permissions: | |
contents: read | |
env: | |
VERSIONS_FILE: "VERSIONS.json" | |
jobs: | |
get-dev-image: | |
uses: ./.github/workflows/get_image.yaml | |
with: | |
image-base-name: "dev_image_with_extras" | |
build-release: | |
name: Build Release | |
runs-on: ubuntu-latest-16-cores | |
needs: get-dev-image | |
container: | |
image: ${{ needs.get-dev-image.outputs.image-with-tag }} | |
env: | |
MANIFEST_UPDATES: "manifest_updates.json" | |
ARTIFACT_UPLOAD_LOG: "artifact_uploads.json" | |
steps: | |
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | |
with: | |
fetch-depth: 0 | |
- name: Add pwd to git safe dir | |
run: git config --global --add safe.directory `pwd` | |
- name: Use github bazel config | |
uses: ./.github/actions/bazelrc | |
with: | |
download_toplevel: 'true' | |
BB_API_KEY: ${{ secrets.BB_IO_API_KEY }} | |
- id: gcloud-creds | |
uses: ./.github/actions/gcloud_creds | |
with: | |
SERVICE_ACCOUNT_KEY: ${{ secrets.GH_RELEASE_SA_PEM_B64 }} | |
- name: Import GPG key | |
env: | |
BUILDBOT_GPG_KEY_B64: ${{ secrets.BUILDBOT_GPG_KEY_B64 }} | |
run: | | |
echo "${BUILDBOT_GPG_KEY_B64}" | base64 --decode | gpg --no-tty --batch --import | |
- name: Build & Push Artifacts | |
env: | |
REF: ${{ github.event.ref }} | |
BUILD_NUMBER: ${{ github.run_attempt }} | |
JOB_NAME: ${{ github.job }} | |
COSIGN_PASSWORD: ${{secrets.COSIGN_PASSWORD}} | |
COSIGN_PRIVATE_KEY: ${{secrets.COSIGN_PRIVATE_KEY}} | |
GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcloud-creds.outputs.gcloud-creds }} | |
BUILDBOT_GPG_KEY_ID: ${{ secrets.BUILDBOT_GPG_KEY_ID }} | |
GH_REPO: ${{ github.repository }} | |
shell: bash | |
run: | | |
export TAG_NAME="${REF#*/tags/}" | |
export ARTIFACTS_DIR="$(pwd)/artifacts" | |
mkdir -p "${ARTIFACTS_DIR}" | |
export INDEX_FILE="$(pwd)/index.yaml" | |
./ci/save_version_info.sh | |
./ci/vizier_build_release.sh | |
- name: Build & Export Docs | |
env: | |
PXL_DOCS_GCS_PATH: "gs://pixie-dev-public/pxl-docs.json" | |
run: | | |
docs="$(mktemp)" | |
bazel run //src/carnot/docstring:docstring -- --output_json "${docs}" | |
gsutil cp "${docs}" "${PXL_DOCS_GCS_PATH}" | |
- name: Update GCS Manifest | |
env: | |
ARTIFACT_MANIFEST_BUCKET: "pixie-dev-public" | |
# Use the old style versions file instead of the new updates for the gcs manifest. | |
MANIFEST_UPDATES: "" | |
GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcloud-creds.outputs.gcloud-creds }} | |
run: ./ci/update_artifact_manifest.sh | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: manifest-updates | |
path: ${{ env.MANIFEST_UPDATES }} | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: vizier-artifacts | |
path: artifacts/ | |
- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2 | |
with: | |
name: index-artifacts | |
path: index.yaml | |
create-github-release: | |
name: Create Release on Github | |
runs-on: ubuntu-latest | |
needs: build-release | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | |
with: | |
fetch-depth: 0 | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
- name: Create Release | |
env: | |
REF: ${{ github.event.ref }} | |
GH_TOKEN: ${{ secrets.BUILDBOT_GH_API_TOKEN }} | |
shell: bash | |
# yamllint disable rule:indentation | |
run: | | |
export TAG_NAME="${REF#*/tags/}" | |
# actions/checkout doesn't get the tag annotation properly. | |
git fetch origin tag "${TAG_NAME}" -f | |
export changelog="$(git tag -l --format='%(contents)' "${TAG_NAME}")" | |
prerelease=() | |
if [[ "${REF}" == *"-"* ]]; then | |
prerelease=("--prerelease") | |
fi | |
gh release create "${TAG_NAME}" "${prerelease[@]}" \ | |
--title "Vizier ${TAG_NAME#release/vizier/}" \ | |
--notes $'Pixie Vizier Release:\n'"${changelog}" | |
gh release upload "${TAG_NAME}" vizier-artifacts/* | |
# yamllint enable rule:indentation | |
create-helm-chart: | |
if: ${{ !contains(github.event.ref, '-') }} | |
name: Create Helm chart on Github | |
runs-on: ubuntu-latest | |
needs: build-release | |
concurrency: gh-pages | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | |
with: | |
fetch-depth: 0 | |
ref: gh-pages | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
- name: Setup git | |
shell: bash | |
env: | |
GIT_SSH_COMMAND: "ssh -i /tmp/ssh.key" | |
run: | | |
git config --global user.name 'pixie-io-buildbot' | |
git config --global user.email '[email protected]' | |
- name: Push Helm YAML to gh-pages | |
shell: bash | |
env: | |
TAG_NAME: ${{ github.event.release.tag_name }} | |
GH_TOKEN: ${{ secrets.BUILDBOT_GH_API_TOKEN }} | |
GIT_SSH_COMMAND: "ssh -i /tmp/ssh.key" | |
# yamllint disable rule:indentation | |
run: | | |
cp index-artifacts/index.yaml helm_charts/vizier/index.yaml | |
git add helm_charts/vizier/index.yaml | |
export VERSION="$(echo "${TAG_NAME}" | cut -d'/' -f3)" | |
git commit -s -m "Release Helm chart Vizier ${VERSION}" | |
git push origin "gh-pages" | |
# yamllint enable rule:indentation | |
update-gh-artifacts-manifest: | |
runs-on: ubuntu-latest-8-cores | |
needs: [get-dev-image, create-github-release] | |
container: | |
image: ${{ needs.get-dev-image.outputs.image-with-tag }} | |
concurrency: gh-pages | |
permissions: | |
contents: write | |
steps: | |
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | |
with: | |
fetch-depth: 0 | |
- uses: actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0 | |
with: | |
ref: gh-pages | |
path: gh-pages | |
- name: Add pwd to git safe dir | |
run: | | |
git config --global --add safe.directory `pwd` | |
git config --global --add safe.directory "$(pwd)/gh-pages" | |
- name: Import GPG key | |
env: | |
BUILDBOT_GPG_KEY_B64: ${{ secrets.BUILDBOT_GPG_KEY_B64 }} | |
run: | | |
echo "${BUILDBOT_GPG_KEY_B64}" | base64 --decode | gpg --no-tty --batch --import | |
- name: Setup git | |
shell: bash | |
env: | |
BUILDBOT_GPG_KEY_ID: ${{ secrets.BUILDBOT_GPG_KEY_ID }} | |
run: | | |
git config --global user.name 'pixie-io-buildbot' | |
git config --global user.email '[email protected]' | |
git config --global user.signingkey "${BUILDBOT_GPG_KEY_ID}" | |
git config --global commit.gpgsign true | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
id: download-artifact | |
with: | |
name: manifest-updates | |
- name: Update gh-pages Manifest | |
env: | |
ARTIFACT_MANIFEST_PATH: "gh-pages/artifacts/manifest.json" | |
MANIFEST_UPDATES: "manifest_updates.json" | |
run: | | |
./ci/update_artifact_manifest.sh | |
cd gh-pages | |
export ARTIFACT_MANIFEST_PATH="${ARTIFACT_MANIFEST_PATH##gh-pages/}" | |
git add "${ARTIFACT_MANIFEST_PATH}" "${ARTIFACT_MANIFEST_PATH}.sha256" | |
git commit -s -m "Update artifact manifest" | |
git push origin "gh-pages" |