preprocessor: support hidden uploads #3902
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Code generated internal/ci/ci_tool.cue; DO NOT EDIT. | |
"on": | |
push: | |
branches: | |
- ci/test | |
- master | |
- alpha | |
tags-ignore: | |
- v* | |
pull_request: {} | |
workflow_dispatch: | |
inputs: | |
scheduled: | |
description: Whether a workflow_dispatch was itself the result of a scheduled dispatch | |
required: true | |
default: "false" | |
jobs: | |
test: | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- if: runner.os == 'macOS' | |
name: Update Homebrew (macOS) | |
run: brew update | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
ref: ${{ github.event.pull_request.head.sha }} | |
fetch-depth: 0 | |
- name: Reset git directory modification times | |
run: touch -t 202211302355 $(find * -type d) | |
- name: Restore git file modification times | |
uses: chetan/git-restore-mtime-action@075f9bc9d159805603419d50f794bd9f33252ebe | |
- id: DispatchTrailer | |
name: Try to extract Dispatch-Trailer | |
run: |- | |
x="$(git log -1 --pretty='%(trailers:key=Dispatch-Trailer,valueonly)')" | |
if [[ "$x" == "" ]] | |
then | |
# Some steps rely on the presence or otherwise of the Dispatch-Trailer. | |
# We know that we don't have a Dispatch-Trailer in this situation, | |
# hence we use the JSON value null in order to represent that state. | |
# This means that GitHub expressions can determine whether a Dispatch-Trailer | |
# is present or not by checking whether the fromJSON() result of the | |
# output from this step is the JSON value null or not. | |
x=null | |
fi | |
echo "value<<EOD" >> $GITHUB_OUTPUT | |
echo "$x" >> $GITHUB_OUTPUT | |
echo "EOD" >> $GITHUB_OUTPUT | |
- if: |- | |
((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) && (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')) | |
name: Check we don't have Dispatch-Trailer on a protected branch | |
run: |- | |
echo "github.event.head_commit.message contains Dispatch-Trailer" | |
echo "github.event.head_commit.message value" | |
cat <<EOD | |
${{ github.event.head_commit.message }} | |
EOD | |
echo "containsDispatchTrailer expression" | |
cat <<EOD | |
(contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')) | |
EOD | |
false | |
- if: github.event.inputs.scheduled == 'true' | |
name: Fail if Preprocessor-No-Write-Cache trailer is present for a scheduled workflow run | |
run: '! ./_scripts/noWriteCache.bash HEAD' | |
- name: Early git and code sanity checks | |
run: |- | |
# Ensure the recent commit messages have Signed-off-by headers. We | |
# only need to check the HEAD commit because all commits are tested | |
# in CI. Unclear why git log outputs blank lines when parsing trailers | |
# in this way, but we remove those blank lines so as not to skew the | |
# count of the trailers we are searching for. | |
# | |
# TODO: Remove once this is enforced for admins too; | |
# see https://bugs.chromium.org/p/gerrit/issues/detail?id=15229 | |
if [[ "$(git log -1 --pretty='%(trailers:key=Signed-off-by)' | sed '/^\s*$/d' | wc -l)" -eq 0 ]]; then | |
echo -e "\nRecent commit is lacking Signed-off-by:\n" | |
git show --quiet | |
exit 1 | |
fi | |
# Ensure that commit messages have a blank second line. | |
# We know that a commit message must be longer than a single | |
# line because each commit must be signed-off. | |
if git log --format=%B -n 1 HEAD | sed -n '2{/^$/{q1}}'; then | |
echo "second line of commit message must be blank" | |
exit 1 | |
fi | |
# Ensure that the commit author is the same as the signed-off-by. This | |
# is a basic requirement of DCO. It is enforced by Gerrit (although | |
# noting that in Gerrit the author name does not have to match, only | |
# the email address), but _not_ by the DCO GitHub app: | |
# | |
# https://github.com/dcoapp/app/issues/201 | |
# | |
# Provide a sanity check as part of GitHub workflows that should enforce | |
# this, e.g. trybot workflows. | |
# | |
# We do so by comparing the commit author and "Signed-off-by" trailer for | |
# strict equality. Whilst this is more strict than Gerrit, it should | |
# generally be the case, and we can always relax this when presented with | |
# specific situations where it is is a problem. | |
# commit author email address | |
commitauthor="$(git log -1 --pretty="%ae")" | |
# signed-off-by trailer email address. There is no way to parse just the | |
# email address from the trailer in the same way as git log, so instead | |
# grab the relevant trailer and then take the last whitespace-delimited | |
# part as the "<>" contained email address. | |
# Getting the Signed-off-by trailer in this way causes blank | |
# lines for some reason. Use awk to remove them. | |
commitsigner="$(git log -1 --pretty='%(trailers:key=Signed-off-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p')" | |
if [[ "$commitauthor" != "$commitsigner" ]]; then | |
echo "commit author email address does not match signed-off-by trailer" | |
exit 1 | |
fi | |
- if: runner.os == 'macOS' | |
name: Set TMPDIR environment variable (${{runner.os}}) | |
run: |- | |
mkdir $HOME/.tmp | |
echo "TMPDIR=$HOME/.tmp" >> $GITHUB_ENV | |
- if: runner.os == 'macOS' | |
name: Write lima config (${{runner.os}}) | |
run: |- | |
mkdir -p ~/.lima/default | |
cat <<EOD > ~/.lima/default/lima.yaml | |
mounts: | |
- location: "~" | |
writable: true | |
- location: "$TMPDIR" | |
writable: true | |
EOD | |
- if: runner.os == 'macOS' | |
name: Install Docker (${{runner.os}}) | |
run: |- | |
brew install colima docker | |
colima start --mount-type virtiofs | |
sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock | |
- if: runner.os == 'macOS' | |
name: Set DOCKER_HOST environment variable (${{runner.os}}) | |
run: echo "DOCKER_HOST=unix://$HOME/.colima/default/docker.sock" >> $GITHUB_ENV | |
- if: runner.os == 'macOS' | |
name: Install macOS utils | |
run: brew install coreutils | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Install Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20.9.0 | |
- name: Install Go | |
uses: actions/setup-go@v4 | |
with: | |
cache: false | |
go-version: 1.22.0 | |
- if: runner.os == 'Linux' | |
name: Install Hugo (${{ runner.os }}) | |
uses: peaceiris/actions-hugo@v2 | |
with: | |
hugo-version: 0.120.3 | |
extended: true | |
- if: runner.os == 'macOS' | |
name: Install Hugo (${{ runner.os }}) | |
run: brew install hugo | |
- name: 'Set PREPROCESSOR_NOWRITECACHE if Preprocessor-No-Write-Cache: true' | |
run: | | |
if ./_scripts/noWriteCache.bash HEAD | |
then | |
echo 'Found Preprocessor-No-Write-Cache trailer' | |
echo "PREPROCESSOR_NOWRITECACHE=true" >> $GITHUB_ENV | |
fi | |
- id: go-mod-cache-dir | |
name: Get go mod cache directory | |
run: echo "dir=$(go env GOMODCACHE)" >> ${GITHUB_OUTPUT} | |
- id: go-cache-dir | |
name: Get go build/test cache directory | |
run: echo "dir=$(go env GOCACHE)" >> ${GITHUB_OUTPUT} | |
- if: |- | |
(((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test')) | |
uses: actions/cache@v3 | |
with: | |
path: |- | |
${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download | |
${{ steps.go-cache-dir.outputs.dir }} | |
~/.cache/dockercache | |
${{ github.workspace }}/playground/.webpack_cache | |
key: ${{ runner.os }}-1.22.0-${{ github.run_id }} | |
restore-keys: ${{ runner.os }}-1.22.0 | |
- if: |- | |
! (((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test')) | |
uses: actions/cache/restore@v3 | |
with: | |
path: |- | |
${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download | |
${{ steps.go-cache-dir.outputs.dir }} | |
~/.cache/dockercache | |
${{ github.workspace }}/playground/.webpack_cache | |
key: ${{ runner.os }}-1.22.0-${{ github.run_id }} | |
restore-keys: ${{ runner.os }}-1.22.0 | |
- if: |- | |
github.repository == 'cue-lang/cuelang.org' && (((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"')))) || github.ref == 'refs/heads/ci/test') | |
run: go clean -testcache | |
- name: Check site CUE configuration | |
run: _scripts/runPreprocessor.bash execute --check | |
- name: Regenerate | |
run: go generate ./... | |
- name: Check that git is clean at the end of the job | |
run: test -z "$(git status --porcelain)" || (git status; git diff; false) | |
- run: ./_scripts/buildDockerImage.bash | |
- run: npm install | |
working-directory: hugo | |
- name: Test | |
run: go test ./... | |
- name: staticcheck | |
run: ./_scripts/staticcheck.bash | |
- name: Check module is tidy | |
run: go mod tidy | |
- name: Dist | |
run: ./_scripts/build.bash --baseURL https://cl-${{ fromJSON(steps.DispatchTrailer.outputs.value).CL }}-${{ fromJSON(steps.DispatchTrailer.outputs.value).patchset }}--cue-cls.netlify.app | |
- name: Check that git is clean at the end of the job | |
run: test -z "$(git status --porcelain)" || (git status; git diff; false) | |
- run: npm run lint | |
working-directory: hugo | |
- if: |- | |
github.repository == 'cue-lang/cuelang.org-trybot' && (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"trybot"')) | |
name: Install Netlify CLI | |
run: npm install -g [email protected] | |
- if: |- | |
github.repository == 'cue-lang/cuelang.org-trybot' && (contains(github.event.head_commit.message, ' | |
Dispatch-Trailer: {"type":"trybot"')) | |
name: Deploy preview of CL | |
run: 'netlify deploy --alias cl-${{ fromJSON(steps.DispatchTrailer.outputs.value).CL }}-${{ fromJSON(steps.DispatchTrailer.outputs.value).patchset }} -f functions -d _public -m "Deploy preview of CL" -s cue-cls --debug ' | |
env: | |
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN_CUE_CLS}} | |
- if: github.repository == 'cue-lang/cuelang.org' && (github.ref == 'refs/heads/alpha') | |
run: npm run algolia | |
working-directory: hugo | |
env: | |
ALGOLIA_APP_ID: 5LXFM0O81Q | |
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_INDEX_KEY }} | |
ALGOLIA_INDEX_NAME: cuelang.org | |
ALGOLIA_INDEX_FILE: ../_public/algolia.json |