mirror of
https://github.com/digital-asset/daml.git
synced 2024-11-10 10:46:11 +03:00
6cdb68daca
There's a small, subtle bug that made its way into #14287: apparently `/dev/stdout` is not defined on CI. On the bright side, we don't actually need the `out` parameter, so removing it seems like the easiest fix here. CHANGELOG_BEGIN CHANGELOG_END
200 lines
7.0 KiB
YAML
200 lines
7.0 KiB
YAML
# Copyright (c) 2022 Digital Asset (Switzerland) GmbH and/or its affiliates. All rights reserved.
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
|
|
parameters:
|
|
var_name: ""
|
|
|
|
steps:
|
|
- bash: |
|
|
set -euo pipefail
|
|
TMP=$(mktemp)
|
|
cat > "$TMP" <<'END'
|
|
PROJ_DIR="$PWD"
|
|
escape_slack() {
|
|
local r
|
|
r="$1"
|
|
r="${r//&/&}"
|
|
r="${r//>/>}"
|
|
r="${r//</<}"
|
|
echo "$r"
|
|
}
|
|
get_gh_auth_header() {
|
|
# Credentials are persisted in a different way on GCP and Azure nodes.
|
|
if header=$(git config 'http.https://github.com/digital-asset/daml.extraheader'); then
|
|
# On Azure nodes, the auth header is stored directly in the git
|
|
# config.
|
|
echo $header
|
|
else
|
|
# On GCP nodes, the credentials are stored as part of the remote
|
|
# url instead of as a separate header. The format is
|
|
# https://username:password@github.com/:user/:repo.git
|
|
echo "Authorization: basic $(git config remote.origin.url | grep -o '://.*:.*@' | cut -c4- | rev | cut -c2- | rev | tr -d '\n' | base64 -w0)"
|
|
fi
|
|
}
|
|
open_pr() {
|
|
local branch title body pr_number header output
|
|
branch="$1"
|
|
title="$2"
|
|
body="${3:-}"
|
|
pr_number="${4:-}"
|
|
header=$(mktemp)
|
|
output=$(mktemp)
|
|
|
|
git branch -D $branch || true
|
|
git checkout -b $branch
|
|
git -c user.name="Azure Pipelines Daml Build" \
|
|
-c user.email="support@digitalasset.com" \
|
|
commit \
|
|
-m "$(printf "$title\n\n$body\n\nCHANGELOG_BEGIN\nCHANGELOG_END\n")"
|
|
git push origin $branch:$branch
|
|
jq -n --arg title "$title" \
|
|
--arg branch "$branch" \
|
|
--arg body "$(printf "$body")" \
|
|
'{"title": $title, "head": $branch, "base": "main", "body": $body}' \
|
|
| curl -H "Content-Type: application/json" \
|
|
-H "$(get_gh_auth_header)" \
|
|
--fail \
|
|
--silent \
|
|
--location \
|
|
--dump-header "$header" \
|
|
--output "$output" \
|
|
-d @- \
|
|
https://api.github.com/repos/digital-asset/daml/pulls
|
|
cat "$header" "$output"
|
|
if [ -n "$pr_number" ]; then
|
|
jq '.number' "$output" > "$pr_number"
|
|
fi
|
|
}
|
|
request_pr_review() {
|
|
local pr_number reviewer
|
|
pr_number="$1"
|
|
reviewer="$2"
|
|
|
|
jq -n --arg reviewer "$reviewer" \
|
|
'{"reviewers": [$reviewer]}' \
|
|
| curl -H "Content-Type: application/json" \
|
|
-H "$(get_gh_auth_header)" \
|
|
--fail \
|
|
--silent \
|
|
--location \
|
|
-d @- \
|
|
"https://api.github.com/repos/digital-asset/daml/pulls/$pr_number/requested_reviewers"
|
|
}
|
|
user_slack_handle() {
|
|
local email sha
|
|
sha=$1
|
|
email=$(git log -n 1 --format=%ae $sha)
|
|
if cat ci/slack_user_ids | grep $email >/dev/null 2>&1; then
|
|
echo $(cat ci/slack_user_ids | grep $email | awk '{print $2}')
|
|
else
|
|
echo ""
|
|
fi
|
|
}
|
|
tell_slack() {
|
|
local message channel
|
|
message="$1"
|
|
channel=${2:-$(Slack.team-daml)}
|
|
jq -n --arg message "$message" '{"text": $message}' \
|
|
| curl -XPOST -i -H 'Content-Type: application/json' -d @- $channel
|
|
}
|
|
wrap_gcloud() (
|
|
cred="$1"
|
|
cmd="$2"
|
|
key=$(mktemp)
|
|
config_dir=$(mktemp -d)
|
|
trap "rm -rf $key $config_dir" EXIT
|
|
echo "$cred" > $key
|
|
export CLOUDSDK_CONFIG="$config_dir"
|
|
export BOTO_CONFIG=/dev/null
|
|
gcloud auth activate-service-account --key-file=$key
|
|
eval "$cmd"
|
|
)
|
|
gcs() (
|
|
cred="$1"
|
|
cmd="${@:2}"
|
|
|
|
wrap_gcloud "$cred" "gsutil $cmd"
|
|
)
|
|
gpg_verify() {
|
|
local key gpg_dir signature_file res
|
|
signature_file=$1
|
|
key=$(mktemp)
|
|
cat > $key <<PUB_KEY
|
|
-----BEGIN PGP PUBLIC KEY BLOCK-----
|
|
|
|
mQENBFzdsasBCADO+ZcfZQATP6ceTh4WfXiL2Z2tetvUZGfTaEs/UfBoJPmQ53bN
|
|
90MxudKhgB2mi8DuifYnHfLCvkxSgzfhj2IogV1S+Fa2x99Y819GausJoYfK9gwc
|
|
8YWKEkM81F15jA5UWJTsssKNxUddr/sxJIHIFfqGRQ0e6YeAcc5bOAogBE8UrmxE
|
|
uGfOt9/MvLpDewjDE+2lQOFi9RZuy7S8RMJLTiq2JWbO5yI50oFKeMQy/AJPmV7y
|
|
qAyYUIeZZxvrYeBWi5JDsZ2HOSJPqV7ttD2MvkyXcJCW/Xf8FcleAoWJU09RwVww
|
|
BhZSDz+9mipwZBHENILMuVyEygG5A+vc/YptABEBAAG0N0RpZ2l0YWwgQXNzZXQg
|
|
SG9sZGluZ3MsIExMQyA8c2VjdXJpdHlAZGlnaXRhbGFzc2V0LmNvbT6JAVQEEwEI
|
|
AD4CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQRJEajf6Xas36BxMNvoNywM
|
|
HHNMUQUCYHxZ3AUJB2EPMAAKCRDoNywMHHNMUfJpB/9Gj7Kce6qtrXj4f54eLOf1
|
|
RpKYUnBcBWjmrnj8eS9AYLy7C1nkpP4H8OAlDJWxslnY6MjMOYmPNgGzf4/MONxa
|
|
PuFbRdfyblkUfujXikI2GFXwyUDEp9J0WOTC9LmZkRxf92bFxTy9rD+Lx9EeBPdi
|
|
nfyID2TOKH0fY0pawqjjvnLyVb/WfNUogkhLRpDXFWrykCWDaWQmFgDkLU2nYkb+
|
|
YyEfWq4cgF3Sbsa43AToRUpU16rldPwClmtDPS8Ba/SxvcU3l+9ksdcTsIko8BEy
|
|
Bw0K5xkRenEDDwpZvTA2bHLs3iBWW6WC52wyUOLzar+ha/YRgNjb8YBlkYbLbwaN
|
|
uQENBFzdsasBCAC5fr5pqxFm+AWPc7wiBSt7uKNdxiRJYydeoPqgmYZTvc8Um8pI
|
|
6JHtUrNxnx4WWKtj6iSPn5pSUrJbue4NAUsBF5O9LZ0fcQKb5diZLGHKtOZttCaj
|
|
Iryp1Rm961skmPmi3yYaHXq4GC/05Ra/bo3C+ZByv/W0JzntOxA3Pvc3c8Pw5sBm
|
|
63xu7iRrnJBtyFGD+MuAZxbN8dwYX0OcmwuSFGxf/wa+aB8b7Ut9RP76sbDvFaXx
|
|
Ef314k8AwxUvlv+ozdNWmEBxp1wR/Fra9i8EbC0V6EkCcModRhjbaNSPIbgkC0ka
|
|
2cgYp1UDgf9FrKvkuir70dg75qSrPRwvFghrABEBAAGJATwEGAEIACYCGwwWIQRJ
|
|
Eajf6Xas36BxMNvoNywMHHNMUQUCYHxZ3AUJB2EPMQAKCRDoNywMHHNMUYXRB/0b
|
|
Ln55mfnhJUFwaL49Le5I74EoL4vCAya6aDDVx/C7PJlVfr+cXZi9gNJn9RTAjCz3
|
|
4yQeg3AFhqvTK/bEH7RvAfqeUf8TqPjI/qDacSFDhZjdsg3GMDolXp0oubp9mN+Y
|
|
JFowLzulJ7DXFVyICozuWeixcjtKzlePX0GW80kcPzXCNwukcMrwCf45+OzF6YMb
|
|
yA2FyBmjjgAlHKM/oUapVoD2hmO3ptC5CAkfslxrsIUAfoStez9MrGoX1JOCu4qm
|
|
aODLV3Mlty4HhdtO2o+Akh6ay5fnrXQ5r2kGa1ICrfoFFKs7oWpSDbsTsgQKexFC
|
|
rLmmBKjG6RQfWJyVSUc8
|
|
=pVlb
|
|
-----END PGP PUBLIC KEY BLOCK-----
|
|
PUB_KEY
|
|
gpg_dir=$(mktemp -d)
|
|
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --import $key
|
|
GNUPGHOME=$gpg_dir gpg --no-tty --quiet --command-fd 0 --edit-key 4911A8DFE976ACDFA07130DBE8372C0C1C734C51 << CMD
|
|
trust
|
|
4
|
|
quit
|
|
CMD
|
|
GNUPGHOME=$gpg_dir gpg --verify $signature_file
|
|
res=$?
|
|
rm -rf $gpg_dir $key
|
|
return $res
|
|
}
|
|
setvar() {
|
|
echo "Setting '$1' to '$2'"
|
|
echo "##vso[task.setvariable variable=$1;isOutput=true]$2"
|
|
}
|
|
next_in_rotation() {
|
|
awk '/^[^#]/ {print $0}' "$PROJ_DIR/release/rotation" | head -n 1
|
|
}
|
|
next_in_rotation_slack() {
|
|
next_in_rotation | awk '{print $1}'
|
|
}
|
|
next_in_rotation_github() {
|
|
next_in_rotation | awk '{print $2}'
|
|
}
|
|
trigger_azure() (
|
|
token=$1
|
|
shift
|
|
build=$1
|
|
shift
|
|
az extension add --name azure-devops
|
|
trap 'az devops logout' EXIT
|
|
echo $token \
|
|
| az devops login --org "https://dev.azure.com/digitalasset"
|
|
az pipelines build queue \
|
|
--definition-name $build \
|
|
--org "https://dev.azure.com/digitalasset" \
|
|
--project daml \
|
|
$@
|
|
)
|
|
|
|
END
|
|
echo "##vso[task.setvariable variable=${{parameters.var_name}}]$TMP"
|
|
displayName: install Bash lib
|
|
condition: always()
|