From fd12a6f3f216adb358771395929b10843b37a7fd Mon Sep 17 00:00:00 2001 From: Daniel Noland Date: Sat, 9 Nov 2024 11:04:54 -0700 Subject: [PATCH] Minor CI improvements --- .github/workflows/build.yml | 90 ++++++++++++------------------------- plan.template.md | 49 ++++++++++++++++++++ scripts/bump.sh | 4 +- scripts/plan.sh | 19 ++++++++ 4 files changed, 99 insertions(+), 63 deletions(-) create mode 100644 plan.template.md create mode 100755 scripts/plan.sh diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index efa78b2..aab0031 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -11,9 +11,9 @@ on: branches: - "main" -#concurrency: -# group: "${{ github.workflow }}" -# cancel-in-progress: true +concurrency: + group: "${{ github.workflow }}:${{ github.ref }}" + cancel-in-progress: true jobs: matrix: @@ -49,57 +49,7 @@ jobs: | tee -a "${GITHUB_OUTPUT}" - name: "report build plan" run: | - cat >> "${GITHUB_STEP_SUMMARY}" < - - - ## Raw \`builds.yml\` file - - - - \`\`\`yml - $(< builds.yml) - \`\`\` - - - -
- - - ## Raw \`versions.nix\` file - - - - \`\`\`nix - $(< nix/versions.nix) - \`\`\` - -
- - EOF - + ./scripts/plan.sh "${GITHUB_STEP_SUMMARY}" run: name: "run" needs: @@ -108,13 +58,13 @@ jobs: - "lab" timeout-minutes: 300 strategy: - max-parallel: 3 + max-parallel: 2 matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }} permissions: issues: "write" pull-requests: "write" packages: "write" - contents: "write" + contents: "read" id-token: "write" steps: - uses: "actions/checkout@v4" @@ -145,7 +95,7 @@ jobs: - name: "build + push" run: | - just --yes debug=true max_nix_builds=1 rust=${{matrix.toolchain.key}} push + just --yes debug=true max_nix_builds=1 rust="${{ matrix.toolchain.key }}" push - name: "Install SBOM generator dependencies" run: | @@ -156,7 +106,7 @@ jobs: sudo apt-get update sudo apt-get install --yes --no-install-recommends graphviz - - name: "Generate SBOM" + - name: "generate SBOM" run: | ./scripts/sbom.sh @@ -179,7 +129,6 @@ jobs: - name: "outdated packages (gnu64)" uses: "actions/github-script@v7" if: ${{ github.event_name == 'pull_request' }} - continue-on-error: true with: github-token: "${{ secrets.GITHUB_TOKEN }}" script: | @@ -190,6 +139,11 @@ jobs: body += "\n\n"; body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md'); body += "\n\n"; + const maxLength = 65535; + if (body.length > maxLength) { + const warning = "\n...output truncated due to length limits...\n"; + body = body.slice(0, maxLength - warning.length) + warning; + } github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, @@ -200,7 +154,6 @@ jobs: - name: "outdated packages (musl64)" uses: "actions/github-script@v7" if: ${{ github.event_name == 'pull_request' }} - continue-on-error: true with: github-token: "${{ secrets.GITHUB_TOKEN }}" script: | @@ -211,6 +164,11 @@ jobs: body += "\n\n"; body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.musl64.outdated.md'); body += "\n\n"; + const maxLength = 65535; + if (body.length > maxLength) { + const warning = "\n...output truncated due to length limits...\n"; + body = body.slice(0, maxLength - warning.length) + warning; + } github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, @@ -221,7 +179,6 @@ jobs: - name: "Vulnerable packages (gnu64)" uses: "actions/github-script@v7" if: ${{ github.event_name == 'pull_request' }} - continue-on-error: true with: github-token: "${{ secrets.GITHUB_TOKEN }}" script: | @@ -232,6 +189,11 @@ jobs: body += "\n\n"; body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md'); body += "\n\n"; + const maxLength = 65535; + if (body.length > maxLength) { + const warning = "\n...output truncated due to length limits...\n"; + body = body.slice(0, maxLength - warning.length) + warning; + } github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, @@ -242,7 +204,6 @@ jobs: - name: "Vulnerable packages (musl64)" uses: "actions/github-script@v7" if: ${{ github.event_name == 'pull_request' }} - continue-on-error: true with: github-token: "${{ secrets.GITHUB_TOKEN }}" script: | @@ -253,6 +214,11 @@ jobs: body += "\n\n"; body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.musl64.vulns.triage.md'); body += "\n\n"; + const maxLength = 65535; + if (body.length > maxLength) { + const warning = "\n...output truncated due to length limits...\n"; + body = body.slice(0, maxLength - warning.length) + warning; + } github.rest.issues.createComment({ issue_number: context.issue.number, owner: context.repo.owner, diff --git a/plan.template.md b/plan.template.md new file mode 100644 index 0000000..5df99cb --- /dev/null +++ b/plan.template.md @@ -0,0 +1,49 @@ +# Build Plan + +## Build matrix + +\`\`\`yml +$(yq --yaml-output '.matrix' builds.yml) +\`\`\` + +## Raw build flags file + +\`\`\`yml +$(< ./nix/flags.nix) +\`\`\` + +## Build versions + +### env + +\`\`\`yml +$(yq --yaml-output '.env' builds.yml) +\`\`\` + +
+ + +## Raw \`builds.yml\` file + + + +\`\`\`yml +$(< builds.yml) +\`\`\` + +
+ +
+ + +## Raw \`versions.nix\` file + + + +\`\`\`nix +$(< nix/versions.nix) +\`\`\` + +
+ +EOF diff --git a/scripts/bump.sh b/scripts/bump.sh index 1ade367..3437a94 100755 --- a/scripts/bump.sh +++ b/scripts/bump.sh @@ -74,6 +74,7 @@ nix_multi_hash() { declare -n dict="${1}" declare -r file="${2}" declare -r source_url="${3}" + declare hash for hash in "${!hash_algos[@]}"; do dict["openssl_${hash}"]="$(hash_file "${hash_algos[${hash}]}" "${file}")" declare -rxg "${1}_openssl_${hash}"="${dict["openssl_${hash}"]}" @@ -90,6 +91,7 @@ nix_multi_hash() { done } +# shellcheck disable=SC2034 declare -A NIXPKGS_ARCHIVE nix_multi_hash NIXPKGS_ARCHIVE "${nixpkgs_repo}/${NIXPKGS_COMMIT}.tar.gz" "${NIXPKGS_SOURCE_URL}" @@ -115,5 +117,5 @@ JUST_STABLE_PIN="$(just --version | grep '^just ' | awk '{print $NF}')" declare -rx JUST_STABLE_PIN declare -rx WARNING="WARNING: This file is generated by the bump.sh script. Do not edit it manually." -envsubst < "./builds.template.yml" > "./builds.yml" +envsubst < "${project_dir}/builds.template.yml" > "${project_dir}/builds.yml" envsubst < "${project_dir}/nix/versions.nix.template" > "${project_dir}/nix/versions.nix" diff --git a/scripts/plan.sh b/scripts/plan.sh new file mode 100755 index 0000000..b81b884 --- /dev/null +++ b/scripts/plan.sh @@ -0,0 +1,19 @@ +#!/usr/bin/env bash + +set -euxo pipefail +# usage: apply_template /path/to/template.txt +apply_template() { + trap 'rm -f ${tempfile}' RETURN + declare tempfile; + tempfile="$(mktemp)"; + declare -r tempfile; + { + echo 'cat < "${tempfile}"; + source "${tempfile}" +} + +apply_template ./plan.template.md >> "${1:-/proc/self/fd/1}" +