[create-pull-request] automated change #153
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "build.yml" | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| type: "boolean" | |
| description: "Run the build with tmate debugging enabled" | |
| merge_group: | |
| push: | |
| branches: | |
| - "main" | |
| concurrency: | |
| group: "${{ github.workflow }}:${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| matrix: | |
| permissions: | |
| issues: "write" | |
| pull-requests: "write" | |
| packages: "write" | |
| contents: "write" | |
| id-token: "write" | |
| name: "matrix" | |
| runs-on: | |
| - "lab" | |
| outputs: | |
| matrix: "${{ steps.matrix.outputs.matrix }}" | |
| steps: | |
| - uses: "actions/checkout@v4" | |
| - uses: "dtolnay/rust-toolchain@stable" | |
| - uses: "cargo-bins/cargo-binstall@main" | |
| - name: "install whyq" | |
| run: | | |
| set -euxo pipefail | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends jq | |
| cargo binstall --no-confirm whyq | |
| - name: "generate test matrix" | |
| id: "matrix" | |
| run: | | |
| set -euxo pipefail | |
| yq \ | |
| --compact-output \ | |
| --raw-output \ | |
| '"matrix=" + (.matrix | tostring)' builds.yml \ | |
| | tee -a "${GITHUB_OUTPUT}" | |
| - name: "report build plan" | |
| run: | | |
| ./scripts/plan.sh "${GITHUB_STEP_SUMMARY}" | |
| run: | |
| name: "run" | |
| needs: | |
| - matrix | |
| runs-on: | |
| - "lab" | |
| timeout-minutes: 300 | |
| strategy: | |
| max-parallel: 2 | |
| matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }} | |
| permissions: | |
| issues: "write" | |
| pull-requests: "write" | |
| packages: "write" | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - uses: "actions/checkout@v4" | |
| - name: "install nix" | |
| uses: "cachix/install-nix-action@v30" | |
| - name: "login to ghcr.io" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - uses: "dtolnay/rust-toolchain@stable" | |
| - uses: "cargo-bins/cargo-binstall@main" | |
| - run: | | |
| cargo binstall --no-confirm just | |
| - name: "nix cache" | |
| uses: "DeterminateSystems/magic-nix-cache-action@main" | |
| - name: "confirm sources" | |
| run: | | |
| ./scripts/confirm-sources.sh | |
| - name: "build + push" | |
| run: | | |
| just --yes debug=true max_nix_builds=1 rust="${{ matrix.toolchain.key }}" push | |
| - name: "Install SBOM generator dependencies" | |
| run: | | |
| for f in /tmp/dpdk-sys/builds/*; do | |
| [ -h "$f" ] && rm "$f" | |
| done | |
| cargo binstall --no-confirm csview | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends graphviz | |
| - name: "generate SBOM" | |
| run: | | |
| ./scripts/sbom.sh | |
| - name: "step summary" | |
| continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB | |
| run: | | |
| cat "/tmp/dpdk-sys/builds/env.sysroot.summary.md" >> "${GITHUB_STEP_SUMMARY}" | |
| - name: "remove links from /tmp/dpdk-sys/builds" | |
| run: | | |
| for f in /tmp/dpdk-sys/builds/*; do | |
| [ -h "$f" ] && rm "$f" | |
| done | |
| - uses: "actions/upload-artifact@v4" | |
| with: | |
| name: "builds-${{ matrix.toolchain.key }}" | |
| path: "/tmp/dpdk-sys/builds" | |
| - name: "outdated packages (gnu64)" | |
| uses: "actions/github-script@v7" | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| script: | | |
| let fs = require('fs'); | |
| let body = "<details>\n"; | |
| body += "<summary>\n\n"; | |
| body += "## Outdated packages (gnu64):\n\n"; | |
| body += "</summary>\n\n"; | |
| body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md'); | |
| body += "\n</details>\n"; | |
| const maxLength = 65535; | |
| if (body.length > maxLength) { | |
| const warning = "\n...output truncated due to length limits...\n"; | |
| body = body.slice(0, maxLength - warning.length) + warning; | |
| } | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: body | |
| }); | |
| - name: "Vulnerable packages (gnu64)" | |
| uses: "actions/github-script@v7" | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| script: | | |
| let fs = require('fs'); | |
| let body = "<details>\n"; | |
| body += "<summary>\n\n"; | |
| body = "## Vulnerable packages (gnu64):\n"; | |
| body += "</summary>\n\n"; | |
| body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md'); | |
| body += "\n</details>\n"; | |
| const maxLength = 65535; | |
| if (body.length > maxLength) { | |
| const warning = "\n...output truncated due to length limits...\n"; | |
| body = body.slice(0, maxLength - warning.length) + warning; | |
| } | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: body | |
| }); | |
| - name: "Setup tmate session for debug" | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: "mxschmitt/action-tmate@v3" | |
| timeout-minutes: 60 | |
| with: | |
| limit-access-to-actor: true | |
| summary: | |
| name: "summary" | |
| if: ${{ always() }} | |
| runs-on: | |
| - "lab" | |
| needs: | |
| - run | |
| steps: | |
| - name: "Flag any build matrix failures" | |
| if: ${{ needs.run.result != 'success' }} | |
| run: | | |
| >&2 echo "A critical step failed!" | |
| exit 1 |