Build package #105300
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build package | |
on: | |
workflow_call: | |
inputs: | |
crate: | |
description: Crate to release | |
required: true | |
type: string | |
version: | |
description: Version to release | |
required: true | |
type: string | |
target_arch: | |
description: Target to build against | |
required: true | |
type: string | |
build_os: | |
description: The OS to use for building | |
required: true | |
type: string | |
branch: | |
description: The branch which is checked out | |
required: true | |
type: string | |
features: | |
description: Features to enable | |
default: "" | |
type: string | |
no_default_features: | |
description: Disable default features | |
default: "" | |
type: string | |
always_build: | |
description: Always build even if it's already present, set to 1 to enable this | |
default: "" | |
type: string | |
skip_upload: | |
description: Skip upload | |
default: "" | |
type: string | |
workflow_dispatch: | |
inputs: | |
crate: | |
description: Crate to release | |
required: true | |
type: string | |
version: | |
description: Version to release | |
required: true | |
type: string | |
target_arch: | |
description: Target to build against | |
required: true | |
type: string | |
build_os: | |
description: The OS to use for building | |
required: true | |
type: string | |
branch: | |
description: The branch which is checked out | |
required: true | |
type: string | |
features: | |
description: Features to enable | |
default: "" | |
type: string | |
no_default_features: | |
description: Disable default features | |
default: "" | |
type: string | |
always_build: | |
description: Always build even if it's already present, set to 1 to enable this | |
default: "" | |
type: string | |
skip_upload: | |
description: Skip upload | |
default: "" | |
type: string | |
concurrency: | |
group: build-package-${{ github.event.inputs.crate }}-${{ github.event.inputs.version }}-${{ github.event.inputs.target_arch }} | |
env: | |
CRATE: ${{ inputs.crate }} | |
TARGET_ARCH: ${{ inputs.target_arch }} | |
VERSION: ${{ inputs.version }} | |
FEATURES: ${{ inputs.features }} | |
NO_DEFAULT_FEATURES: ${{ inputs.NO_DEFAULT_FEATURES }} | |
BUILD_DIR: ${{ github.workspace }}/built.d | |
jobs: | |
build-popular-package: | |
name: build-popular-package-${{ inputs.crate }}-${{ inputs.version }}-${{ inputs.target_arch }}-${{ inputs.features }} | |
runs-on: ${{ inputs.build_os }} | |
permissions: {} | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout trigger commit | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
path: trigger | |
- name: Checkout main repo | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
ref: ${{ inputs.branch }} | |
path: cargo-quickinstall | |
- name: Print inputs | |
run: | | |
echo $CRATE | |
echo $VERSION | |
echo $TARGET_ARCH | |
echo $FEATURES | |
- name: Install latest rust | |
run: rustup toolchain install stable --no-self-update --profile minimal | |
- name: build package | |
env: | |
ALWAYS_BUILD: ${{ inputs.always_build }} | |
TEMPDIR: ${{ env.BUILD_DIR }} | |
run: | | |
set -euxo pipefail | |
# `tar` does not understand mixed forward and backslashes, but mkdir does. | |
# Try coercing it into a single style? | |
mkdir -p "$TEMPDIR" | |
pushd "$TEMPDIR" | |
TEMPDIR="$PWD" | |
popd | |
cargo-quickinstall/build-version.sh "$CRATE" | |
touch "$TEMPDIR/dummy-file" | |
ls "$TEMPDIR" | |
# At this point, I don't think that you can really trust anything on the system anymore. | |
# I'm not sure whether the js actions runtime is also affected by this. | |
# TODO: try breaking things so that uploads don't work. | |
- name: Upload run-local binary artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: built-${{ inputs.build_os }} | |
path: ${{ env.BUILD_DIR }} | |
if-no-files-found: error | |
upload-popular-package: | |
name: Upload | |
needs: build-popular-package | |
runs-on: ubuntu-22.04 | |
defaults: | |
run: | |
shell: bash | |
env: | |
BUILD_ARCHIVE: ${{ github.workspace }}/built.d/${{ inputs.crate }}-${{ inputs.version }}-${{ inputs.target_arch }}.tar.gz | |
SIG_FILENAME: ${{ github.workspace }}/built.d/${{ inputs.crate }}-${{ inputs.version }}-${{ inputs.target_arch }}.tar.gz.sig | |
steps: | |
- name: Checkout trigger commit | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CRONJOB_DEPLOY_KEY }} | |
persist-credentials: true | |
path: trigger | |
- name: Checkout main repo | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
# TODO: maybe this should be main or configurable or something? | |
ref: ${{ inputs.branch }} | |
path: cargo-quickinstall | |
- name: Download binary artifact | |
uses: actions/download-artifact@v4 | |
with: | |
name: built-${{ inputs.build_os }} | |
# TODO: check that we it can't write anywhere other than built.d | |
path: ${{ env.BUILD_DIR }} | |
- name: Check if tarball exists | |
id: check_files | |
uses: andstor/file-existence-action@v3 | |
with: | |
files: ${{ env.BUILD_ARCHIVE }} | |
- name: Cancel if no tarball | |
if: steps.check_files.outputs.files_exists == 'false' | |
uses: andymckay/cancel-action@0.5 | |
- name: Wait for cancellation signal if no tarball | |
if: steps.check_files.outputs.files_exists == 'false' | |
run: | | |
sleep 1m | |
exit 1 | |
- name: Install minisign | |
run: | | |
set -euxo pipefail | |
cd /tmp | |
curl -L "$URL" | tar -xz | |
sudo mv minisign-linux/x86_64/minisign /usr/local/bin | |
env: | |
URL: https://github.com/jedisct1/minisign/releases/download/0.11/minisign-0.11-linux.tar.gz | |
- name: Sign the tarball | |
run: | | |
echo "$MINISIGN_PRIVATE_KEY" > /tmp/minisign-key | |
minisign -S -s /tmp/minisign-key -x $SIG_FILENAME -m $BUILD_ARCHIVE | |
env: | |
MINISIGN_PRIVATE_KEY: ${{ secrets.MINISIGN_PRIVATE_KEY }} | |
- name: Tag release | |
if: "! inputs.skip_upload" | |
run: | | |
( | |
set -euxo pipefail | |
cd trigger | |
if ! ../cargo-quickinstall/create_and_upload_tag.sh $CRATE-$VERSION; then | |
echo "$CRATE-$VERSION tag already exists" | |
fi | |
) | |
- name: Releasing assets in new release format | |
if: "! inputs.skip_upload" | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
tag: ${{ inputs.crate }}-${{ inputs.version }} | |
release_name: ${{ inputs.crate }}-${{ inputs.version }} | |
body: build ${{ inputs.crate }}@${{ inputs.version }} | |
file: ${{ env.BUILD_ARCHIVE }} | |
- name: Releasing assets signature in new release format | |
if: "! inputs.skip_upload" | |
uses: svenstaro/upload-release-action@v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
tag: ${{ inputs.crate }}-${{ inputs.version }} | |
release_name: ${{ inputs.crate }}-${{ inputs.version }} | |
body: build ${{ inputs.crate }}@${{ inputs.version }} | |
file: ${{ env.SIG_FILENAME }} | |
- name: Upload signature | |
uses: actions/upload-artifact@v4 | |
with: | |
name: signature | |
path: ${{ env.SIG_FILENAME }} | |
if-no-files-found: error | |
build-popular-package-failure: | |
needs: | |
- build-popular-package | |
if: ${{ failure() }} | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
steps: | |
- name: Checkout trigger branch | |
uses: actions/checkout@v4 | |
with: | |
ssh-key: ${{ secrets.CRONJOB_DEPLOY_KEY }} | |
persist-credentials: true | |
ref: trigger/${{ inputs.target_arch }} | |
path: trigger | |
- name: Checkout trigger commit | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
path: cargo-quickinstall | |
- name: Record failure | |
run: ${{ github.workspace }}/cargo-quickinstall/add-exclude.sh ${{ github.workspace }}/trigger |