# Notes: # # jobs. # # A seperate job id results in a lot of duplication of nix/cachix work. # The build will have to download any substituted derivations from cachix # for the steps with each distinct job id and upload built derivations to # cachix after each job has completed, either succesfully or on failure. # # jobs..steps.run # # build + test are distinct as each step entry results in a collapsable title # within the log output, which makes it easier to view failing builds or # tests independently. # # jobs..strategy.fail-fast # # Set to false so developers working on vere or king-haskell can have their # respective builds proceed without the other causing failure. # # shell.nix # # mkShell doesn't allow you to build it - so instantiate all the subshells # defined for the individual pkg/*/shell.nix as a sanity check and to create # some artefacts suitable for developers to pull from cachix. The top-level # shell.nix build time is dominated by Haskell dependencies so it's built as # part of the haskell build steps. # # Syntax: # # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions name: build on: push: paths: - '.github/workflows/build.yml' - 'pkg/arvo/**' - 'pkg/docker-image/**' - 'pkg/ent/**' - 'pkg/ge-additions/**' - 'pkg/libaes_siv/**' - 'pkg/urbit/**' - 'pkg/urcrypt/**' - 'bin/**' - 'nix/**' - default.nix pull_request: paths: - '.github/workflows/build.yml' - 'pkg/arvo/**' - 'pkg/docker-image/**' - 'pkg/ent/**' - 'pkg/ge-additions/**' - 'pkg/libaes_siv/**' - 'pkg/urbit/**' - 'pkg/urcrypt/**' - 'bin/**' - 'nix/**' - default.nix workflow_dispatch: inputs: upload: description: 'upload binaries to gcp' default: false required: false type: boolean env: DO_UPLOAD: >- ${{ inputs.upload || (github.ref_name == 'next/vere' && github.ref_type == 'branch') }} UPLOAD_BASE: bootstrap.urbit.org/vere/often jobs: urbit: strategy: fail-fast: false matrix: include: - { os: ubuntu-latest } - { os: macos-latest } runs-on: ${{ matrix.os }} steps: - uses: actions/checkout@v2 # We only want the extra nix config on linux, where it is necessary # for the docker build. We don't want in on Mac, where it isn't but # it breaks the nix install. The two `if` clauses should be mutually # exclusive - uses: cachix/install-nix-action@v16 with: extra_nix_config: | system-features = nixos-test benchmark big-parallel kvm if: ${{ matrix.os == 'ubuntu-latest' }} - uses: cachix/install-nix-action@v16 if: ${{ matrix.os != 'ubuntu-latest' }} - uses: cachix/cachix-action@v10 with: name: ares authToken: ${{ secrets.CACHIX_AUTH_TOKEN }} - name: build static binary run: > echo "urbit_static=$(nix-build -A urbit --arg enableStatic true)" >> $GITHUB_ENV - name: confirm binary is mostly static if: matrix.os == 'macos-latest' run: | bin="${{ env.urbit_static }}/bin/urbit" if [ ! -f "$bin" ]; then echo "no binary at $bin" exit 1; fi libs="$(otool -L "${{ env.urbit_static }}/bin/urbit" | tail -n +2)" # XX CoreFoundation? if [ -z "$(echo "$libs" | grep -v libSystem)" ]; then echo "it's mostly static" echo "$libs" exit 0 else echo "dynamic links found:" echo "$libs" exit 1 fi - uses: google-github-actions/setup-gcloud@v0.2.0 if: env.DO_UPLOAD == 'true' with: version: '290.0.1' service_account_key: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} project_id: ${{ secrets.GCS_PROJECT }} export_default_credentials: true - name: upload binary to bootstrap.urbit.org if: env.DO_UPLOAD == 'true' run: | # version="$(cat ./pkg/urbit/version)" version="${GITHUB_SHA:0:9}" system="$(nix-instantiate --eval --expr 'builtins.currentSystem')" system=${system:1:${#system}-2} # target="gs://${UPLOAD_BASE}/${GITHUB_SHA:0:9}/vere-v${version}-${system}" target="gs://${UPLOAD_BASE}/${version}/vere-v${version}-${system}" gsutil cp -n "${{ env.urbit_static }}/bin/urbit" "$target" exitcode=$? test $exitcode -eq 0 && echo "upload to $target complete." || echo "upload to $target failed."; exit $exitcode - if: ${{ matrix.os == 'ubuntu-latest' }} run: nix-build -A urbit-tests - if: ${{ matrix.os == 'ubuntu-latest' }} run: nix-build -A docker-image mingw: runs-on: windows-latest defaults: run: shell: > C:\msys64\msys2_shell.cmd -mingw64 -defterm -no-start -here -c ". <(cygpath '{0}')" working-directory: ./pkg/urbit steps: - uses: actions/checkout@v2 with: lfs: true # echo suppresses pacman prompt - run: echo|./configure env: CACHIX_CACHE: ares CACHIX_AUTH_TOKEN: ${{ secrets.CACHIX_AUTH_TOKEN }} - run: mingw32-make build/urbit - run: > build/urbit -l -d -B ../../bin/solid.pill -F bus && curl -f --data '{"source":{"dojo":"+hood/exit"},"sink":{"app":"hood"}}' http://localhost:12321 - name: confirm binary is mostly static run: | if [ -z "$(ldd build/urbit | grep -vi "windows/system32")"]; then echo "it's mostly static" exit 0 else echo "dynamic links found:" ldd build/urbit exit 1 fi - uses: actions/setup-python@v2 if: env.DO_UPLOAD == 'true' with: python-version: 3.7 - uses: google-github-actions/setup-gcloud@v0.6.0 if: env.DO_UPLOAD == 'true' env: # see https://github.com/google-github-actions/setup-gcloud/issues/100 CLOUDSDK_PYTHON: ${{env.pythonLocation}}\python.exe with: service_account_key: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} project_id: ${{ secrets.GCS_PROJECT }} export_default_credentials: true - name: upload binary to bootstrap.urbit.org if: env.DO_UPLOAD == 'true' env: CLOUDSDK_PYTHON: ${{env.pythonLocation}}\python.exe shell: bash run: | # version="$(cat ./version)" version="${GITHUB_SHA:0:9}" system="x86_64-windows" # target="gs://${UPLOAD_BASE}/${GITHUB_SHA:0:9}/vere-v${version}-${system}.exe" target="gs://${UPLOAD_BASE}/${version}/vere-v${version}-${system}.exe" gsutil cp -n ./build/urbit.exe "$target" exitcode=$? test $exitcode -eq 0 && echo "upload to $target complete." || echo "upload to $target failed."; exit $exitcode after: runs-on: ubuntu-latest needs: [urbit, mingw] # XX disabled due to missing storage.objects.delete access if: false steps: - uses: google-github-actions/setup-gcloud@v0.2.0 if: env.DO_UPLOAD == 'true' with: version: '290.0.1' service_account_key: ${{ secrets.GCS_SERVICE_ACCOUNT_KEY }} project_id: ${{ secrets.GCS_PROJECT }} export_default_credentials: true - name: update latest deployed version if: env.DO_UPLOAD == 'true' run: | target="gs://${UPLOAD_BASE}/last" echo -n "${GITHUB_SHA:0:9}" > ./last-version gsutil cp ./last-version "$target" exitcode=$? test $exitcode -eq 0 && echo "upload to $target complete." || echo "upload to $target failed."; exit $exitcode