Merge pull request #755 from rstudio/dev

Merge bug fixes and PPM release to main

.github/workflows/build-bake.yaml

@@ -9,8 +9,29 @@ on:
 
 name: Release - Build, Test, and Push
 jobs:
+  setup:
+    name: Setup
+    runs-on: ubuntu-latest
+
+    concurrency:
+      group: bake-setup-${{ github.ref }}
+      cancel-in-progress: true
+
+    outputs:
+      GIT_SHA: ${{ steps.checkout.outputs.sha }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get commit SHA
+        id: get-git-sha
+        run: |
+          GIT_SHA=$(git rev-parse --short HEAD)
+          echo "GIT_SHA=$GIT_SHA" >> $GITHUB_OUTPUT
 
   base:
+    needs: [setup]
     name: Base Images
     runs-on: ubuntu-latest-8x
 
@@ -20,6 +41,7 @@ jobs:
 
     env:
       target: base-images
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -42,6 +64,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   connect:
+    needs: [setup]
     name: Connect
     runs-on: ubuntu-latest-4x
 
@@ -51,6 +74,7 @@ jobs:
 
     env:
       target: connect
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -73,6 +97,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   connect-content-init:
+    needs: [setup]
     name: Connect Content Init
     runs-on: ubuntu-latest-4x
 
@@ -82,6 +107,7 @@ jobs:
 
     env:
       target: connect-content-init
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -104,6 +130,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   content:
+    needs: [setup]
     name: Content Images
     runs-on: ubuntu-latest-8x
 
@@ -113,6 +140,7 @@ jobs:
 
     env:
       target: content-images
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -135,6 +163,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   package-manager:
+    needs: [setup]
     name: Package Manager
     runs-on: ubuntu-latest-4x
 
@@ -144,6 +173,7 @@ jobs:
 
     env:
       target: package-manager
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -166,6 +196,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   r-session-complete:
+    needs: [setup]
     name: R Session Complete
     runs-on: ubuntu-latest-8x
 
@@ -175,6 +206,7 @@ jobs:
 
     env:
       target: r-session-complete
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -197,6 +229,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   workbench:
+    needs: [setup]
     name: Workbench
     runs-on: ubuntu-latest-4x
 
@@ -206,6 +239,7 @@ jobs:
 
     env:
       target: workbench
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -228,6 +262,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   workbench-for-google-cloud-workstations:
+    needs: [setup]
     name: Workbench for Google Cloud Workstations
     runs-on: ubuntu-latest-8x
 
@@ -237,6 +272,7 @@ jobs:
 
     env:
       target: workbench-for-google-cloud-workstations
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout
@@ -259,6 +295,7 @@ jobs:
           gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'
 
   workbench-for-microsoft-azure-ml:
+    needs: [setup]
     name: Workbench for Microsoft Azure ML
     runs-on: ubuntu-latest-8x
 
@@ -268,6 +305,7 @@ jobs:
 
     env:
       target: workbench-for-microsoft-azure-ml
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
 
     steps:
       - name: Checkout

.github/workflows/build-manual.yaml

@@ -16,23 +16,12 @@ on:
         options:
           - connect
           - connect-content-init
-          - content/base
-          - content/pro
+          - content-images
           - package-manager
-          - product/base
-          - product/pro
           - r-session-complete
           - workbench
+          - workbench-for-google-cloud-workstations
           - workbench-for-microsoft-azure-ml
-      os:
-        description: "Which OS to build. WARNING: Not all OSes may be present for all products."
-        required: false
-        default: "ubuntu2204"
-        type: choice
-        options:
-          - ubuntu2204
-          - ubuntu1804
-          - centos7
       type:
         description: "The type of image being built."
         required: false
@@ -42,11 +31,6 @@ on:
           - preview
           - daily
           - release
-      use_s3_download_url:
-        description: "Force build to download binaries directly from S3 where applicable."
-        required: false
-        default: false
-        type: boolean
       version:
         description: "The version to build. Use 'auto' to target the latest build."
         required: false
@@ -58,19 +42,43 @@ on:
         default: false
         type: boolean
 
-name: Manual - Build, Test, Scan, and Push
+name: Manual - Build, Test, and Push
 jobs:
-  build:
+  setup:
+    name: Setup
     runs-on: ubuntu-latest
+
+    concurrency:
+      group: bake-setup-${{ github.ref }}
+      cancel-in-progress: true
+
+    outputs:
+      GIT_SHA: ${{ steps.checkout.outputs.sha }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Get commit SHA
+        id: get-git-sha
+        run: |
+          GIT_SHA=$(git rev-parse --short HEAD)
+          echo "GIT_SHA=$GIT_SHA" >> $GITHUB_OUTPUT
+
+  build:
+    runs-on: ubuntu-latest-4x
     name: manual-build
 
     permissions:
       contents: read
       packages: write
 
+    env:
+      GIT_SHA: ${{ needs.setup.outputs.GIT_SHA }}
+
     steps:
       - name: Check Out Repo
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           ref: ${{ inputs.branch }}
 
@@ -79,6 +87,14 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.12'
+
+      - name: Install Python dependencies
+        run: |
+          pip install requests
+
       - name: Get Version
         id: get-version
         run: |
@@ -89,70 +105,17 @@ jobs:
           fi
           echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
 
-      - name: Get build args
-        id: get-build-args
-        run: |
-          EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
-          ARGS_CMD=""
-          USE_S3_DOWNLOAD_URL=""
-          VERSION_OVERRIDES=""
-          if [[ "${{inputs.os}}" == "centos7" ]]; then
-            # FIXME(ianpittwood): This is probably a silly way of doing this. We don't have CentOS builds for later 
-            #                     Python versions so we need to override them. This is done via matrix in the release CI
-            #                     but we don't have that here. We're also limited by the 10 input cap so these can't be
-            #                     passed by the user alongside R versions as I would've liked to do.
-            VERSION_OVERRIDES="PYTHON_VERSION=3.9.14 PYTHON_VERSION_ALT=3.8.15"
-          fi
-          if [[ "${{ inputs.type }}" == "release" ]]; then
-            ARGS_CMD="get-product-args"
-            if [[ "${{ inputs.use_s3_download_url }}" == "true" ]]; then
-              USE_S3_DOWNLOAD_URL="${{ inputs.use_s3_download_url }}"
-            fi
-          else
-            ARGS_CMD="get-prerelease-args ${{inputs.type}}"
-          fi
-          BUILD_ARGS=$( \
-              just -f ci.Justfile \
-              ${VERSION_OVERRIDES} \
-              ${ARGS_CMD} \
-              ${{ inputs.product }} \
-              ${{ inputs.os }} \
-              ${{ steps.get-version.outputs.VERSION }} \
-              ${USE_S3_DOWNLOAD_URL} \
-          )
-          echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT
-          echo "$BUILD_ARGS" >> $GITHUB_OUTPUT
-          echo "$EOF" >> $GITHUB_OUTPUT
-
-      - name: Get tags
-        id: get-tags
-        run: |
-          ARGS_CMD=""
-          if [[ "${{ inputs.type }}" == "release" ]]; then
-            ARGS_CMD="get-product-tags"
-          else
-            ARGS_CMD="get-prerelease-tags ${{inputs.type}}"
-          fi
-          IMAGE_TAGS=$( \
-              just -f ci.Justfile \
-              ${ARGS_CMD} \
-              ${{ inputs.product }} \
-              ${{ inputs.os }} \
-              ${{ steps.get-version.outputs.VERSION }} \
-          )
-          echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT
-
-      - name: Build/Test/Scan/Push manual build image
-        uses: ./.github/actions/build-test-scan-push
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        id: setup-buildx
+        with:
+          buildkitd-config: ./share/buildkitd.toml
+
+      - name: Build/Test/Push manual build image
+        uses: ./.github/actions/bake-test-push
         with:
-          context: ./${{ inputs.product }}
-          os: ${{ inputs.os }}
-          product: ${{ inputs.product }}
-          image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
-          build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
+          target: ${{ inputs.product }}
           push-image: ${{ inputs.push }}
-          snyk-token: ${{ secrets.SNYK_TOKEN }}
-          snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
           ghcr-token: ${{ secrets.GITHUB_TOKEN }}
           dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
           dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}

Justfile

@@ -8,7 +8,7 @@ sed_vars := if os() == "macos" { "-i ''" } else { "-i" }
 BUILDX_PATH := ""
 
 RSC_VERSION := "2024.04.0"
-RSPM_VERSION := "2024.04.0-18"
+RSPM_VERSION := "2024.04.0-20"
 RSW_VERSION := "2024.04.0+735.pro3"
 
 DRIVERS_VERSION := "2023.05.0"
@@ -48,7 +48,8 @@ alias build := bake
 # just bake workbench-images
 bake target="default":
   just -f {{justfile()}} create-builder || true
-  docker buildx bake --builder=posit-builder -f docker-bake.hcl {{target}}
+  GIT_SHA=$(git rev-parse --short HEAD) \
+    docker buildx bake --builder=posit-builder -f docker-bake.hcl {{target}}
 
 # just preview-bake workbench-images dev
 preview-build:
@@ -61,7 +62,7 @@ preview-bake target branch="$(git branch --show-current)":
   PACKAGE_MANAGER_PREVIEW_VERSION=$(just -f ci.Justfile get-version package-manager --type=preview --local) \
   CONNECT_DAILY_VERSION=$(just -f ci.Justfile get-version connect --type=daily --local) \
   BRANCH="{{branch}}" \
-  docker buildx bake --builder=posit-builder -f docker-bake.preview.hcl {{target}}
+    docker buildx bake --builder=posit-builder -f docker-bake.preview.hcl {{target}}
 
 content-bake:
   just -f {{justfile()}} create-builder || true
@@ -70,7 +71,8 @@ content-bake:
 
 # just plan
 plan:
-  docker buildx bake -f docker-bake.hcl --print
+  GIT_SHA=$(git rev-parse --short HEAD) \
+    docker buildx bake -f docker-bake.hcl --print
 
 # just preview-plan
 preview-plan branch="$(git branch --show-current)":
@@ -79,7 +81,7 @@ preview-plan branch="$(git branch --show-current)":
   PACKAGE_MANAGER_DAILY_VERSION=$(just -f ci.Justfile get-version package-manager --type=daily --local) \
   CONNECT_DAILY_VERSION=$(just -f ci.Justfile get-version connect --type=daily --local) \
   BRANCH="{{branch}}" \
-  docker buildx bake -f docker-bake.preview.hcl --print
+    docker buildx bake -f docker-bake.preview.hcl --print
 
 # Run tests