Skip to content

bump/main

bump/main #148

Workflow file for this run

name: "build.yml"
on:
pull_request:
types:
- opened
- reopened
- synchronize
workflow_dispatch:
inputs:
debug_enabled:
type: "boolean"
description: "Run the build with tmate debugging enabled"
merge_group:
push:
branches:
- "main"
concurrency:
group: "${{ github.workflow }}:${{ github.ref }}"
cancel-in-progress: true
jobs:
matrix:
permissions:
issues: "write"
pull-requests: "write"
packages: "write"
contents: "write"
id-token: "write"
name: "matrix"
runs-on:
- "lab"
outputs:
matrix: "${{ steps.matrix.outputs.matrix }}"
steps:
- uses: "actions/checkout@v4"
- uses: "dtolnay/rust-toolchain@stable"
- uses: "cargo-bins/cargo-binstall@main"
- name: "install whyq"
run: |
set -euxo pipefail
sudo apt-get update
sudo apt-get install --yes --no-install-recommends jq
cargo binstall --no-confirm whyq
- name: "generate test matrix"
id: "matrix"
run: |
set -euxo pipefail
yq \
--compact-output \
--raw-output \
'"matrix=" + (.matrix | tostring)' builds.yml \
| tee -a "${GITHUB_OUTPUT}"
- name: "report build plan"
run: |
./scripts/plan.sh "${GITHUB_STEP_SUMMARY}"
run:
name: "run"
needs:
- matrix
runs-on:
- "lab"
timeout-minutes: 300
strategy:
max-parallel: 2
matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }}
permissions:
issues: "write"
pull-requests: "write"
packages: "write"
contents: "read"
id-token: "write"
steps:
- uses: "actions/checkout@v4"
- name: "install nix"
uses: "cachix/install-nix-action@v30"
- name: "login to ghcr.io"
uses: "docker/login-action@v3"
with:
registry: "ghcr.io"
username: "${{ github.actor }}"
password: "${{ secrets.GITHUB_TOKEN }}"
- uses: "dtolnay/rust-toolchain@stable"
- uses: "cargo-bins/cargo-binstall@main"
- run: |
cargo binstall --no-confirm just
- name: "nix cache"
uses: "DeterminateSystems/magic-nix-cache-action@main"
- name: "confirm sources"
run: |
./scripts/confirm-sources.sh
- name: "build + push"
run: |
just --yes debug=true max_nix_builds=1 rust="${{ matrix.toolchain.key }}" push
- name: "Install SBOM generator dependencies"
run: |
for f in /tmp/dpdk-sys/builds/*; do
[ -h "$f" ] && rm "$f"
done
cargo binstall --no-confirm csview
sudo apt-get update
sudo apt-get install --yes --no-install-recommends graphviz
- name: "generate SBOM"
run: |
./scripts/sbom.sh
- name: "step summary"
continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB
run: |
cat "/tmp/dpdk-sys/builds/env.sysroot.summary.md" >> "${GITHUB_STEP_SUMMARY}"
- name: "remove links from /tmp/dpdk-sys/builds"
run: |
for f in /tmp/dpdk-sys/builds/*; do
[ -h "$f" ] && rm "$f"
done
- uses: "actions/upload-artifact@v4"
with:
name: "builds-${{ matrix.toolchain.key }}"
path: "/tmp/dpdk-sys/builds"
- name: "outdated packages (gnu64)"
uses: "actions/github-script@v7"
if: ${{ github.event_name == 'pull_request' }}
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
script: |
let fs = require('fs');
let body = "<details>\n";
body += "<summary>\n\n";
body += "## Outdated packages (gnu64):\n\n";
body += "</summary>\n\n";
body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md');
body += "\n</details>\n";
const maxLength = 65535;
if (body.length > maxLength) {
const warning = "\n...output truncated due to length limits...\n";
body = body.slice(0, maxLength - warning.length) + warning;
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
});
- name: "Vulnerable packages (gnu64)"
uses: "actions/github-script@v7"
if: ${{ github.event_name == 'pull_request' }}
with:
github-token: "${{ secrets.GITHUB_TOKEN }}"
script: |
let fs = require('fs');
let body = "<details>\n";
body += "<summary>\n\n";
body = "## Vulnerable packages (gnu64):\n";
body += "</summary>\n\n";
body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md');
body += "\n</details>\n";
const maxLength = 65535;
if (body.length > maxLength) {
const warning = "\n...output truncated due to length limits...\n";
body = body.slice(0, maxLength - warning.length) + warning;
}
github.rest.issues.createComment({
issue_number: context.issue.number,
owner: context.repo.owner,
repo: context.repo.repo,
body: body
});
- name: "Setup tmate session for debug"
if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }}
uses: "mxschmitt/action-tmate@v3"
timeout-minutes: 60
with:
limit-access-to-actor: true
summary:
name: "summary"
if: ${{ always() }}
runs-on:
- "lab"
needs:
- run
steps:
- name: "Flag any build matrix failures"
if: ${{ needs.run.result != 'success' }}
run: |
>&2 echo "A critical step failed!"
exit 1