-
Notifications
You must be signed in to change notification settings - Fork 1
252 lines (246 loc) · 11.1 KB
/
trybot.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
# Code generated internal/ci/ci_tool.cue; DO NOT EDIT.
"on":
push:
branches:
- ci/test
- master
- alpha
tags-ignore:
- v*
pull_request: {}
workflow_dispatch:
inputs:
scheduled:
description: Whether a workflow_dispatch was itself the result of a scheduled dispatch
required: true
default: "false"
jobs:
test:
runs-on: ubuntu-22.04
defaults:
run:
shell: bash
steps:
- if: runner.os == 'macOS'
name: Update Homebrew (macOS)
run: brew update
- name: Checkout code
uses: actions/checkout@v3
with:
ref: ${{ github.event.pull_request.head.sha }}
fetch-depth: 0
- name: Reset git directory modification times
run: touch -t 202211302355 $(find * -type d)
- name: Restore git file modification times
uses: chetan/git-restore-mtime-action@075f9bc9d159805603419d50f794bd9f33252ebe
- id: DispatchTrailer
name: Try to extract Dispatch-Trailer
run: |-
x="$(git log -1 --pretty='%(trailers:key=Dispatch-Trailer,valueonly)')"
if [[ "$x" == "" ]]
then
# Some steps rely on the presence or otherwise of the Dispatch-Trailer.
# We know that we don't have a Dispatch-Trailer in this situation,
# hence we use the JSON value null in order to represent that state.
# This means that GitHub expressions can determine whether a Dispatch-Trailer
# is present or not by checking whether the fromJSON() result of the
# output from this step is the JSON value null or not.
x=null
fi
echo "value<<EOD" >> $GITHUB_OUTPUT
echo "$x" >> $GITHUB_OUTPUT
echo "EOD" >> $GITHUB_OUTPUT
- if: |-
((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, '
Dispatch-Trailer: {"type":"')))) && (contains(github.event.head_commit.message, '
Dispatch-Trailer: {"type":"'))
name: Check we don't have Dispatch-Trailer on a protected branch
run: |-
echo "github.event.head_commit.message contains Dispatch-Trailer"
echo "github.event.head_commit.message value"
cat <<EOD
${{ github.event.head_commit.message }}
EOD
echo "containsDispatchTrailer expression"
cat <<EOD
(contains(github.event.head_commit.message, '
Dispatch-Trailer: {"type":"'))
EOD
false
- if: github.event.inputs.scheduled == 'true'
name: Fail if Preprocessor-No-Write-Cache trailer is present for a scheduled workflow run
run: '! ./_scripts/noWriteCache.bash HEAD'
- name: Early git and code sanity checks
run: |-
# Ensure the recent commit messages have Signed-off-by headers. We
# only need to check the HEAD commit because all commits are tested
# in CI. Unclear why git log outputs blank lines when parsing trailers
# in this way, but we remove those blank lines so as not to skew the
# count of the trailers we are searching for.
#
# TODO: Remove once this is enforced for admins too;
# see https://bugs.chromium.org/p/gerrit/issues/detail?id=15229
if [[ "$(git log -1 --pretty='%(trailers:key=Signed-off-by)' | sed '/^\s*$/d' | wc -l)" -eq 0 ]]; then
echo -e "\nRecent commit is lacking Signed-off-by:\n"
git show --quiet
exit 1
fi
# Ensure that commit messages have a blank second line.
# We know that a commit message must be longer than a single
# line because each commit must be signed-off.
if git log --format=%B -n 1 HEAD | sed -n '2{/^$/{q1}}'; then
echo "second line of commit message must be blank"
exit 1
fi
# Ensure that the commit author is the same as the signed-off-by. This
# is a basic requirement of DCO. It is enforced by Gerrit (although
# noting that in Gerrit the author name does not have to match, only
# the email address), but _not_ by the DCO GitHub app:
#
# https://github.com/dcoapp/app/issues/201
#
# Provide a sanity check as part of GitHub workflows that should enforce
# this, e.g. trybot workflows.
#
# We do so by comparing the commit author and "Signed-off-by" trailer for
# strict equality. Whilst this is more strict than Gerrit, it should
# generally be the case, and we can always relax this when presented with
# specific situations where it is is a problem.
# commit author email address
commitauthor="$(git log -1 --pretty="%ae")"
# signed-off-by trailer email address. There is no way to parse just the
# email address from the trailer in the same way as git log, so instead
# grab the relevant trailer and then take the last whitespace-delimited
# part as the "<>" contained email address.
# Getting the Signed-off-by trailer in this way causes blank
# lines for some reason. Use awk to remove them.
commitsigner="$(git log -1 --pretty='%(trailers:key=Signed-off-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p')"
if [[ "$commitauthor" != "$commitsigner" ]]; then
echo "commit author email address does not match signed-off-by trailer"
exit 1
fi
- if: runner.os == 'macOS'
name: Set TMPDIR environment variable (${{runner.os}})
run: |-
mkdir $HOME/.tmp
echo "TMPDIR=$HOME/.tmp" >> $GITHUB_ENV
- if: runner.os == 'macOS'
name: Write lima config (${{runner.os}})
run: |-
mkdir -p ~/.lima/default
cat <<EOD > ~/.lima/default/lima.yaml
mounts:
- location: "~"
writable: true
- location: "$TMPDIR"
writable: true
EOD
- if: runner.os == 'macOS'
name: Install Docker (${{runner.os}})
run: |-
brew install colima docker
colima start --mount-type virtiofs
sudo ln -sf $HOME/.colima/default/docker.sock /var/run/docker.sock
- if: runner.os == 'macOS'
name: Set DOCKER_HOST environment variable (${{runner.os}})
run: echo "DOCKER_HOST=unix://$HOME/.colima/default/docker.sock" >> $GITHUB_ENV
- if: runner.os == 'macOS'
name: Install macOS utils
run: brew install coreutils
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v2
- name: Install Node
uses: actions/setup-node@v3
with:
node-version: 18.17.0
- name: Install Go
uses: actions/setup-go@v4
with:
cache: false
go-version: 1.21.1
- if: runner.os == 'Linux'
name: Install Hugo (${{ runner.os }})
uses: peaceiris/actions-hugo@v2
with:
hugo-version: 0.117.0
extended: true
- if: runner.os == 'macOS'
name: Install Hugo (${{ runner.os }})
run: brew install hugo
- name: 'Set PREPROCESSOR_NOWRITECACHE if Preprocessor-No-Write-Cache: true'
run: |
if ./_scripts/noWriteCache.bash HEAD
then
echo 'Found Preprocessor-No-Write-Cache trailer'
echo "PREPROCESSOR_NOWRITECACHE=true" >> $GITHUB_ENV
fi
- id: go-mod-cache-dir
name: Get go mod cache directory
run: echo "dir=$(go env GOMODCACHE)" >> ${GITHUB_OUTPUT}
- id: go-cache-dir
name: Get go build/test cache directory
run: echo "dir=$(go env GOCACHE)" >> ${GITHUB_OUTPUT}
- if: |-
(((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, '
Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test'))
uses: actions/cache@v3
with:
path: |-
${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download
${{ steps.go-cache-dir.outputs.dir }}
~/.cache/dockercache
${{ github.workspace }}/playground/.webpack_cache
key: ${{ runner.os }}-1.21.1-${{ github.run_id }}
restore-keys: ${{ runner.os }}-1.21.1
- if: |-
! (((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, '
Dispatch-Trailer: {"type":"')))) || (github.ref == 'refs/heads/ci/test'))
uses: actions/cache/restore@v3
with:
path: |-
${{ steps.go-mod-cache-dir.outputs.dir }}/cache/download
${{ steps.go-cache-dir.outputs.dir }}
~/.cache/dockercache
${{ github.workspace }}/playground/.webpack_cache
key: ${{ runner.os }}-1.21.1-${{ github.run_id }}
restore-keys: ${{ runner.os }}-1.21.1
- if: |-
github.repository == 'cue-lang/cuelang.org' && (((github.ref == 'refs/heads/master' || github.ref == 'refs/heads/alpha') && (! (contains(github.event.head_commit.message, '
Dispatch-Trailer: {"type":"')))) || github.ref == 'refs/heads/ci/test')
run: go clean -testcache
- name: Check site CUE configuration
run: _scripts/runPreprocessor.bash execute --check
- name: Regenerate
run: go generate ./...
- name: Check that git is clean at the end of the job
run: test -z "$(git status --porcelain)" || (git status; git diff; false)
- run: ./_scripts/buildDockerImage.bash
- run: npm install
working-directory: hugo
- name: Test
run: go test ./...
- name: staticcheck
run: ./_scripts/staticcheck.bash
- name: Check module is tidy
run: go mod tidy
- name: Dist
run: ./_scripts/build.bash --baseURL https://cl-${{ fromJSON(steps.DispatchTrailer.outputs.value).CL }}-${{ fromJSON(steps.DispatchTrailer.outputs.value).patchset }}--cue-cls.netlify.app
- name: Check that git is clean at the end of the job
run: test -z "$(git status --porcelain)" || (git status; git diff; false)
- run: npm run lint
working-directory: hugo
- if: |-
github.repository == 'cue-lang/cuelang.org-trybot' && (contains(github.event.head_commit.message, '
Dispatch-Trailer: {"type":"trybot"'))
name: Deploy preview of CL
run: 'netlify deploy --alias cl-${{ fromJSON(steps.DispatchTrailer.outputs.value).CL }}-${{ fromJSON(steps.DispatchTrailer.outputs.value).patchset }} -f functions -d _public -m "Deploy preview of CL" -s cue-cls --debug '
env:
NETLIFY_AUTH_TOKEN: ${{ secrets.NETLIFY_AUTH_TOKEN_CUE_CLS}}
- if: github.repository == 'cue-lang/cuelang.org' && (github.ref == 'refs/heads/alpha')
run: npm run algolia
working-directory: hugo
env:
ALGOLIA_APP_ID: 5LXFM0O81Q
ALGOLIA_ADMIN_KEY: ${{ secrets.ALGOLIA_INDEX_KEY }}
ALGOLIA_INDEX_NAME: cuelang.org
ALGOLIA_INDEX_FILE: ../_public/algolia.json