digital-asset/daml
1
1
Fork 0
mirror of https://github.com/digital-asset/daml.git synced 2024-11-10 10:46:11 +03:00
Code Issues Projects Releases Wiki Activity
8b8f7369aa
daml/azure-cron.yml
Moritz Kiefer c89e00342d
Clean broken entries from the Bazel cache (#8668) 
* Clean broken entries from the Bazel cache

This is hopefully a somewhat reasonable workaround for the "output not
created" errors that keep annoying us.

For now, this is just part of the hourly cronjob but we could move it
somewhere else if desired.

changelog_begin
changelog_end

* Fix GCS credentials

changelog_begin
changelog_end
2021-01-28 17:57:09 +00:00

230 lines
9.2 KiB
YAML
Raw Blame History

# Copyright (c) 2021 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
# SPDX-License-Identifier: Apache-2.0
# Azure Pipelines file, see https://aka.ms/yaml
# Do not run on PRs
pr: none
# Do not run on merge to main
trigger: none
# Do run on a schedule (hourly)
#
# This is currently (2019-08-15) broken on Azure for GitHub-hosted repos. It
# does, however, work as expected for Azure-hosted repos. As a workaround, we
# have created a repo inside Azure that contains an `azure-pipelines.yml` file
# that just triggers this job.
#
# When the situation is resolved, delete that repo in Azure and uncomment the
# following. In the meantime, this should stay commented so we avoid running
# jobs twice when Azure fixes this issue.
#schedules:
#- cron: "0 * * * *"
# displayName: hourly cron
# branches:
# include:
# - main
# always: true
jobs:
- job: docs
timeoutInMinutes: 120
pool:
name: 'ubuntu_20_04'
demands: assignment -equals default
steps:
- checkout: self
- bash: ci/dev-env-install.sh
displayName: 'Build/Install the Developer Environment'
- bash: |
set -euo pipefail
eval "$(dev-env/bin/dade assist)"
bazel build //ci/cron:cron
./bazel-bin/ci/cron/cron docs
env:
AWS_ACCESS_KEY_ID: $(AWS_ACCESS_KEY_ID)
AWS_SECRET_ACCESS_KEY: $(AWS_SECRET_ACCESS_KEY)
- template: ci/tell-slack-failed.yml
- job: fix_bazel_cache
timeoutInMinutes: 120
pool:
name: 'ubuntu_20_04'
demands: assignment -equals default
steps:
- checkout: self
- bash: ci/dev-env-install.sh
displayName: 'Build/Install the Developer Environment'
- template: ci/bash-lib.yml
parameters:
var_name: bash-lib
- bash: |
set -euo pipefail
eval "$(dev-env/bin/dade assist)"
bazel build //ci/cron:cron
key=$(mktemp)
cleanup="rm -rf $key ~/.config/gcloud"
trap "$cleanup" EXIT
echo "$GCRED" > $key
gcloud auth activate-service-account --key-file=$key
export BOTO_CONFIG=/dev/null
# 90 minutes should provide enough overlap for an hourly
# cronjob.
./bazel-bin/ci/cron/cron bazel-cache --age 90 --delete
env:
GCRED: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
- template: ci/tell-slack-failed.yml
- job: docker_image
timeoutInMinutes: 60
pool:
name: 'ubuntu_20_04'
demands: assignment -equals default
steps:
- checkout: self
- bash: |
set -euo pipefail
eval "$(dev-env/bin/dade-assist)"
HEAD=$(git rev-parse HEAD)
while ! nix-build -A tools.sed -A tools.jq -A tools.curl -A tools.base64 nix; do :; done
trap 'rm -rf ~/.docker' EXIT
echo $DOCKER_PASSWORD | docker login --username $DOCKER_LOGIN --password-stdin
echo $DOCKER_CONTENT_TRUST_KEY | base64 -d > ~/.docker/da_automation.key
chmod 600 ~/.docker/da_automation.key
docker trust key load ~/.docker/da_automation.key --name $DOCKER_CONTENT_TRUST_USERNAME
RELEASES=$(curl https://api.github.com/repos/digital-asset/daml/releases -s | jq -r '.[] | .tag_name')
DIR=$(pwd)
VERSIONS=$(curl 'https://hub.docker.com/v2/repositories/digitalasset/daml-sdk/tags/?page_size=10000' -s)
# Our docker tags should be stable. Therefore, we only build the image if it has not already
# been built before and we checkout the Dockerfile for the release tag.
# We do not update docker images for older releases so only docker images for SDK releases
# >= 0.13.43 are built this way.
for version in $(echo $RELEASES | sed -e 's/ /\n/g'); do
LAST_UPDATE=$(echo $VERSIONS | jq -r '.results[] | select(.name == "'${version#v}'") | .last_updated')
if [[ -n "$LAST_UPDATE" ]]; then
echo "${version#v} already exists, skipping."
else
echo "Building version ${version#v}..."
git checkout "$version"
cd ci/docker/daml-sdk
docker build -t digitalasset/daml-sdk:${version#v} --build-arg VERSION=${version#v} .
# Despite the name not suggesting it at all, this actually signs
# _and pushes_ the image; see
# https://docs.docker.com/engine/security/trust/#signing-images-with-docker-content-trust
docker trust sign digitalasset/daml-sdk:${version#v}
cd "$DIR"
git checkout $HEAD
echo "Done."
fi
done
env:
DOCKER_LOGIN: $(DOCKER_LOGIN)
DOCKER_PASSWORD: $(DOCKER_PASSWORD)
DOCKER_CONTENT_TRUST_KEY: $(DOCKER_CONTENT_TRUST_KEY)
DOCKER_CONTENT_TRUST_USERNAME: $(DOCKER_CONTENT_TRUST_USERNAME)
# Does not appear explicitly in the script, but is used by
# docker trust key load
DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE: $(DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE)
- template: ci/tell-slack-failed.yml
- job: vscode_marketplace
timeoutInMinutes: 10
pool:
name: 'ubuntu_20_04'
demands: assignment -equals default
steps:
- checkout: self
- bash: |
set -euo pipefail
eval "$(dev-env/bin/dade-assist)"
AUTH=$(echo -n "OAuth:${MARKETPLACE_TOKEN}" | base64 -w0)
MARKET=$(curl -H "Authorization: Basic $AUTH" \
-H "Accept: application/json;api-version=5.0-preview.2" \
-s \
"https://marketplace.visualstudio.com/_apis/gallery/publishers/DigitalAssetHoldingsLLC/extensions/daml?flags=1" \
| jq -r '.versions[0].version')
# This jq expression should ensure that we always upload the
# highest-number version. Here is how this works:
#
# 1. The GitHub API documentation does not specify the order for the
# "list releases" endpoint, but does specify that the "latest"
# endpoint returns the release that points to the most recent commit.
# Assuming the same sort order is applied for the list endpoint
# (which empirically seems to hold so far), this means that they may
# be out-of-order wrt version numbers, e.g. 1.1.0 may appear after
# 1.0.2.
# 2. The `.tag_name | .[1:] | split (".") | map(tonumber)` part will
# turn "v1.0.2" into an array [1, 0, 2].
# 3. jq documents its sort method to sort numbers in numeric order
# and arrays in lexical order (ascending in both cases).
#
# This is required because, while the VSCode Marketplace does show
# _a_ version number, it doesn't handle versions at all: we can only
# have one version on the marketplace at any given time, and any
# upload replaces the existing version.
GITHUB=$(curl https://api.github.com/repos/digital-asset/daml/releases -s \
| jq -r '. | map(select(.prerelease == false)
| .tag_name
| .[1:]
| split (".")
| map(tonumber))
| sort
| reverse
| .[0]
| map(tostring)
| join(".")')
if [[ "$GITHUB" != "$MARKET" ]] && git merge-base --is-ancestor 798e96c9b9034eac85ace786b9e1955cf380285c v$GITHUB; then
echo "Publishing $GITHUB to VSCode Marketplace"
git checkout v$GITHUB
cd compiler/daml-extension
# This produces out/src/extension.js
bazel run @nodejs//:yarn
bazel run @nodejs//:yarn compile
bazel run --run_under="cd $PWD && " @daml_extension_deps//vsce/bin:vsce -- publish --yarn $GITHUB -p $MARKETPLACE_TOKEN
else
if [[ "$GITHUB" == "$MARKET" ]]; then
echo "Version on marketplace is already the latest ($GITHUB)."
else
echo "Latest version is not ready for marketplace publication."
fi
fi
env:
MARKETPLACE_TOKEN: $(VSCODE_MARKETPLACE_TOKEN)
- template: ci/tell-slack-failed.yml
- job: download_stats
timeoutInMinutes: 10
pool:
name: "ubuntu_20_04"
demands: assignment -equals default
steps:
- checkout: self
- bash: |
set -euo pipefail
eval "$(dev-env/bin/dade-assist)"
STATS=$(mktemp)
curl https://api.github.com/repos/digital-asset/daml/releases -s | gzip -9 > $STATS
GCS_KEY=$(mktemp)
cleanup () {
rm -f $GCS_KEY
}
trap cleanup EXIT
echo "$GOOGLE_APPLICATION_CREDENTIALS_CONTENT" > $GCS_KEY
gcloud auth activate-service-account --key-file=$GCS_KEY
BOTO_CONFIG=/dev/null gsutil cp $STATS gs://daml-data/downloads/$(date -u +%Y%m%d_%H%M%SZ).json.gz
env:
GOOGLE_APPLICATION_CREDENTIALS_CONTENT: $(GOOGLE_APPLICATION_CREDENTIALS_CONTENT)
- template: ci/tell-slack-failed.yml
Reference in New Issue View Git Blame Copy Permalink