internal/ci: switch away from a porcuepine logins.json secret #429
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Code generated internal/ci/ci_tool.cue; DO NOT EDIT. | |
name: TryBot | |
"on": | |
push: | |
branches: | |
- ci/test | |
- master | |
tags-ignore: | |
- v* | |
pull_request: {} | |
workflow_dispatch: | |
inputs: | |
scheduled: | |
description: Whether a workflow_dispatch was itself the result of a scheduled dispatch | |
required: true | |
default: "false" | |
jobs: | |
test: | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- if: runner.os == 'macOS' | |
name: Update Homebrew (macOS) | |
run: brew update | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- name: Reset git directory modification times | |
run: touch -t 202211302355 $(find * -type d) | |
- name: Restore git file modification times | |
uses: chetan/git-restore-mtime-action@075f9bc9d159805603419d50f794bd9f33252ebe | |
- name: Try to extract Dispatch-Trailer | |
id: DispatchTrailer | |
run: |- | |
x="$(git log -1 --pretty='%(trailers:key=Dispatch-Trailer,valueonly)')" | |
if [[ "$x" == "" ]] | |
then | |
# Some steps rely on the presence or otherwise of the Dispatch-Trailer. | |
# We know that we don't have a Dispatch-Trailer in this situation, | |
# hence we use the JSON value null in order to represent that state. | |
# This means that GitHub expressions can determine whether a Dispatch-Trailer | |
# is present or not by checking whether the fromJSON() result of the | |
# output from this step is the JSON value null or not. | |
x=null | |
fi | |
echo "value<<EOD" >> $GITHUB_OUTPUT | |
echo "$x" >> $GITHUB_OUTPUT | |
echo "EOD" >> $GITHUB_OUTPUT | |
- name: Check we don't have Dispatch-Trailer on a protected branch | |
if: |- | |
((github.ref == 'refs/heads/master') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) && (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')) | |
run: |- | |
echo "github.event.head_commit.message contains Dispatch-Trailer but we are on a protected branch" | |
false | |
- name: Fail if Preprocessor-No-Write-Cache trailer is present for a scheduled workflow run | |
if: github.event.inputs.scheduled == 'true' | |
run: '! ./_scripts/noWriteCache.bash HEAD' | |
- if: github.repository != 'cue-lang/cuelang.org' | |
run: | | |
echo 'Setting CI_NO_SKIP_CACHE=true' | |
echo "CI_NO_SKIP_CACHE=true" >> $GITHUB_ENV | |
- if: runner.os == 'macOS' | |
run: |- | |
mkdir $HOME/.tmp | |
echo "TMPDIR=$HOME/.tmp" >> $GITHUB_ENV | |
name: Set TMPDIR environment variable (${{runner.os}}) | |
- if: runner.os == 'macOS' | |
run: |- | |
mkdir -p ~/.lima/default | |
cat <<EOD > ~/.lima/default/lima.yaml | |
mounts: | |
- location: "~" | |
writable: true | |
- location: "$TMPDIR" | |
writable: true | |
EOD | |
name: Write lima config (${{runner.os}}) | |
- if: runner.os == 'macOS' | |
run: |- | |
brew install colima docker | |
colima start --mount-type virtiofs | |
sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock | |
name: Install Docker (${{runner.os}}) | |
- if: runner.os == 'macOS' | |
run: echo "DOCKER_HOST=unix://$HOME/.colima/default/docker.sock" >> $GITHUB_ENV | |
name: Set DOCKER_HOST environment variable (${{runner.os}}) | |
- if: runner.os == 'macOS' | |
name: Install macOS utils | |
run: brew install coreutils | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Install Node | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.9.0 | |
- name: Install Go | |
uses: actions/setup-go@v5 | |
with: | |
cache: false | |
go-version: 1.23.0 | |
- name: Set common go env vars | |
run: |- | |
go env -w GOTOOLCHAIN=local | |
# Dump env for good measure | |
go env | |
- if: runner.os == 'Linux' | |
name: Install Hugo (${{ runner.os }}) | |
uses: peaceiris/actions-hugo@v3 | |
with: | |
hugo-version: 0.128.2 | |
extended: true | |
- if: runner.os == 'macOS' | |
name: Install Hugo (${{ runner.os }}) | |
run: brew install hugo | |
- name: 'Set PREPROCESSOR_NOWRITECACHE if Preprocessor-No-Write-Cache: true' | |
run: | | |
if ./_scripts/noWriteCache.bash HEAD | |
then | |
echo 'Found Preprocessor-No-Write-Cache trailer' | |
echo "PREPROCESSOR_NOWRITECACHE=true" >> $GITHUB_ENV | |
fi | |
- name: Get go mod cache directory | |
id: go-mod-cache-dir | |
run: echo "dir=$(go env GOMODCACHE)" >> ${GITHUB_OUTPUT} | |
- name: Get go build/test cache directory | |
id: go-cache-dir | |
run: echo "dir=$(go env GOCACHE)" >> ${GITHUB_OUTPUT} | |
- with: | |
path: |- | |
${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download | |
${{ steps.go-cache-dir.outputs.dir }} | |
~/.cache/dockercache | |
~/.cache/node-gyp | |
~/.npm | |
${{ github.workspace }}/playground/.webpack_cache | |
key: ${{ runner.os }}-1.23.0-${{ github.run_id }} | |
restore-keys: ${{ runner.os }}-1.23.0 | |
if: |- | |
(((github.ref == 'refs/heads/master') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test')) | |
uses: actions/cache@v4 | |
- with: | |
path: |- | |
${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download | |
${{ steps.go-cache-dir.outputs.dir }} | |
~/.cache/dockercache | |
~/.cache/node-gyp | |
~/.npm | |
${{ github.workspace }}/playground/.webpack_cache | |
key: ${{ runner.os }}-1.23.0-${{ github.run_id }} | |
restore-keys: ${{ runner.os }}-1.23.0 | |
uses: actions/cache/restore@v4 | |
if: |- | |
! (((github.ref == 'refs/heads/master') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test')) | |
- if: |- | |
github.repository == 'cue-lang/cuelang.org' && (((github.ref == 'refs/heads/master') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) || github.ref == 'refs/heads/ci/test') | |
run: go clean -testcache | |
- name: Early git and code sanity checks | |
run: go run cuelang.org/go/internal/ci/[email protected] | |
- name: Perform early content checks | |
run: _scripts/contentLint.bash | |
- name: Populate CUE dependency cache | |
env: | |
CUE_TOKEN: ${{ secrets.NOTCUECKOO_CUE_TOKEN }} | |
run: _scripts/cacheWarm.bash | |
- name: Check site CUE configuration | |
run: _scripts/runPreprocessor.bash execute --check | |
- name: Regenerate | |
run: go generate ./... | |
- name: Regenerate Playground | |
run: go generate ./... | |
working-directory: playground | |
- name: Check that git is clean at the end of the job | |
if: always() | |
run: test -z "$(git status --porcelain)" || (git status; git diff; false) | |
- run: ./_scripts/buildDockerImage.bash | |
- run: npm install | |
working-directory: hugo | |
- name: Test | |
run: go test ./... | |
- name: Test Playground | |
run: go test ./... | |
working-directory: playground | |
- name: staticcheck | |
run: ./_scripts/staticcheck.bash | |
- name: staticcheck Playground | |
run: ../_scripts/staticcheck.bash | |
working-directory: playground | |
- name: Check module is tidy | |
run: go mod tidy | |
- name: Check Playground module is tidy | |
run: go mod tidy | |
working-directory: playground | |
- name: log into the central registry as porcuepine | |
run: go run cuelang.org/go/cmd/cue login --token ${{ secrets.PORCUEPINE_CUE_TOKEN }} | |
- name: Dist | |
run: ./_scripts/build.bash --baseURL https://cl-${{ fromJSON(steps.DispatchTrailer.outputs.value).CL }}-${{ fromJSON(steps.DispatchTrailer.outputs.value).patchset }}--cue-cls.netlify.app | |
- name: Check that git is clean at the end of the job | |
if: always() | |
run: test -z "$(git status --porcelain)" || (git status; git diff; false) | |
- run: ./playground/_scripts/checkCUEVersion.bash | |
- working-directory: hugo | |
run: npm run lint | |
- name: Install Netlify CLI | |
if: |- | |
github.repository == 'cue-lang/cuelang.org-trybot' && (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"trybot"')) | |
run: npm install -g [email protected] | |
- if: |- | |
github.repository == 'cue-lang/cuelang.org-trybot' && (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"trybot"')) | |
name: Deploy preview of CL | |
run: 'netlify deploy --alias cl-${{ fromJSON(steps.DispatchTrailer.outputs.value).CL }}-${{ fromJSON(steps.DispatchTrailer.outputs.value).patchset }} -f functions -d _public -m "Deploy preview of CL" -s cue-cls --debug ' | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN_CUE_CLS}} | |
- if: github.repository == 'cue-lang/cuelang.org' && (github.ref == 'refs/heads/master') | |
run: npm run algolia | |
working-directory: hugo | |
env: | |
ALGOLIA_APP_ID: 5LXFM0O81Q | |
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_INDEX_KEY }} | |
ALGOLIA_INDEX_NAME: cuelang.org | |
ALGOLIA_INDEX_FILE: ../_public/algolia.json | |
- name: 'tip.cuelang.org: Patch the site to be compatible with the tip of cue-lang/cue' | |
run: _scripts/tipPatchApply.bash | |
- name: 'tip.cuelang.org: Configure the site to use the tip of cue-lang/cue' | |
if: github.repository == 'cue-lang/cuelang.org' && (github.ref == 'refs/heads/master' || (github.ref == 'refs/heads/ci/test')) | |
env: | |
GOPRIVATE: cuelang.org/go | |
run: _scripts/tipUseAlternativeCUE.bash | |
- name: 'tip.cuelang.org: Build the site against the tip of cue-lang/cue' | |
if: github.repository == 'cue-lang/cuelang.org' && (github.ref == 'refs/heads/master' || (github.ref == 'refs/heads/ci/test')) | |
run: _scripts/regenPostInfraChange.bash | |
env: | |
GOPRIVATE: cuelang.org/go | |
- name: 'tip.cuelang.org: Deploy the site' | |
if: github.repository == 'cue-lang/cuelang.org' && (github.ref == 'refs/heads/master' || (github.ref == 'refs/heads/ci/test')) | |
run: |- | |
git config http.https://github.com/.extraheader "AUTHORIZATION: basic $(echo -n cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }} | base64)" | |
_scripts/tipDeploy.bash 'cueckoo' '[email protected]' | |
env: | |
GOPRIVATE: cuelang.org/go |