Skip to content

gha: macOS & Windows #2

gha: macOS & Windows

gha: macOS & Windows #2

Workflow file for this run

name: "gha: macOS & Windows"
# Build on pull requests and pushes to `main`. The PR builds will be
# non-blocking for now, but that is configured elsewhere.
on:
# Start these builds on pushes (think "after the merge") too. Normally there
# are no `ci-gha**` branches in our repository. The contributors to the repo
# can create such branches when testing or troubleshooting builds. In such
# branches we can disable builds (to speed up the testing) or add new ones,
# without impacting the rest of the team.
push:
branches: [ 'v[2-9]**', 'ci-gha**' ]
# Start the build in the context of the target branch. This is considered
# "safe", as the workflow files are already committed. These types of builds
# have access to the secrets in the build, which we need to use the remote
# caches (Bazel and sccache).
pull_request_target:
types:
- opened
- synchronize
- reopened
schedule:
- cron: '0 5 * * 1,2,3,4,5'
workflow_dispatch:
# Cancel in-progress runs of the workflow if somebody adds a new commit to the
# PR or branch. That reduces billing, but it creates more noise about cancelled
# jobs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
pre-flight:
# For external contributors, run the build in the `external` environment.
# This requires manual approval from a contributor. It also saves the
# `ref` of the pull request, so downstream jobs know what to checkout.
environment: >-
${{
(github.event_name != 'pull_request_target' && 'internal') ||
(github.event.pull_request.head.repo.full_name == github.repository && 'internal') ||
(contains(fromJSON(vars.TRUSTED_FORKS), github.actor) && 'internal') ||
'external'
}}
name: Require Approval for External PRs
runs-on: ubuntu-latest
outputs:
checkout-sha: ${{ steps.save-pull-request.outputs.sha }}
steps:
- name: Save Pull Request
id: save-pull-request
run: >
echo "sha=${{ github.event.pull_request.head.sha || github.ref }}" >> $GITHUB_OUTPUT
# Run other jobs once the `pre-flight` job passes. When the `pre-flight`
# job requires approval, these blocks all the other jobs. The jobs are defined
# in separate files to keep the size of this file under control. Note how
# the additional jobs inherit any secrets needed to use the remote caches and
# receive what version to checkout as an input.
external-account-integration:
name: External Account Integration
needs: [pre-flight]
uses: ./.github/workflows/external-account-integration.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: macOS-Bazel
needs: [pre-flight]
uses: ./.github/workflows/macos-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
windows-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: Windows-Bazel
needs: [pre-flight]
uses: ./.github/workflows/windows-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-cmake:
name: macOS-CMake
needs: [pre-flight]
uses: ./.github/workflows/macos-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit
windows-cmake:
name: Windows-CMake
needs: [pre-flight]
uses: ./.github/workflows/windows-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit
notify:
name: Notify-Google-Chat
# Wait until all the other jobs have completed.
needs:
- external-account-integration
- macos-bazel
- macos-cmake
- windows-bazel
- windows-cmake
# Run even if the other jobs failed or were skipped.
if: always()
runs-on: ubuntu-latest
steps:
- name: Notify Google Chat
shell: bash
run: |
event_name="${{ github.event_name }}"
case "${event_name}" in
schedule)
;;
push)
;;
workflow_dispatch)
;;
*)
exit 0
;;
esac
failure="${{ contains(needs.*.result, 'failure') }}"
cancelled="${{ contains(needs.*.result, 'cancelled') }}"
status=""
# Report whether any of the jobs failed or were cancelled.
if [[ "${cancelled}" == "true" ]]; then status="cancelled"; fi
if [[ "${failure}" == "true" ]]; then status="failure"; fi
# Exit early if there is nothing interesting to report.
if [[ -z "${status}" ]]; then exit 0; fi
printf '{"text": "GHA Build %s %s/%s/actions/runs/%s"}' \
"${status}" "${{ github.server_url }}" "${{ github.repository }}" "${{ github.run_id }}" |
curl -fsX POST -o /dev/null -d@- -H "Content-Type: application/json; charset=UTF-8" '${{ secrets.CLOUD_CPP_BUILD_ALERTS_WEBHOOK }}'