Skip to content

Implement Linux sandboxes #98

Implement Linux sandboxes

Implement Linux sandboxes #98

Workflow file for this run

name: vorpal
on:
pull_request:
push:
branches:
- main
env:
RUST_VERSION: 1.80.1
jobs:
dev:
runs-on: ${{ matrix.runner }}
strategy:
matrix:
runner:
- macos-latest
- ubuntu-latest
- ubuntu-latest-arm64
steps:
- uses: actions/checkout@v4
- uses: actions/cache/restore@v4
with:
key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
path: .env
- if: matrix.runner != 'macos-latest'
run: ./script/debian.sh "dev"
- run: ./script/dev.sh
- run: ./script/dev.sh cargo --version
- run: ./script/dev.sh rustc --version
- run: ./script/dev.sh sha256sum --version
- run: ./script/dev.sh nickel --version
- run: ./script/dev.sh protoc --version
- run: ./script/dev.sh zstd --version
- uses: actions/cache/save@v4
with:
key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
path: .env
code-quality:
needs:
- dev
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: actions/cache/restore@v4
with:
key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
path: .env
- uses: actions/cache/restore@v4
with:
key: package-target-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
path: target
- run: ./script/dev.sh # prebake
- run: ./script/dev.sh make format
- run: ./script/dev.sh make lint
package:
needs:
- code-quality
runs-on: ${{ matrix.runner }}
strategy:
matrix:
runner:
- macos-latest
- ubuntu-latest
- ubuntu-latest-arm64
steps:
- uses: actions/checkout@v4
- uses: actions/cache/restore@v4
with:
key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
path: .env
- uses: actions/cache/restore@v4
with:
key: package-target-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
path: target
- run: ./script/dev.sh # prebake
- run: ./script/dev.sh make dist
- run: |
echo "ARCH=$(uname -m | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
echo "OS=$(uname -s | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- uses: actions/upload-artifact@v4
with:
name: vorpal-${{ env.ARCH }}-${{ env.OS }}
path: vorpal-${{ env.ARCH }}-${{ env.OS }}.tar.gz
- uses: actions/cache/save@v4
with:
key: package-target-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
path: target
package-sandbox:
needs:
- dev
runs-on: ${{ matrix.runner }}
strategy:
matrix:
runner:
- macos-latest
- ubuntu-latest
- ubuntu-latest-arm64
steps:
- uses: actions/checkout@v4
- uses: actions/cache/restore@v4
with:
key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
path: .env
- run: echo "$PWD/.env/bin" >> $GITHUB_PATH
- if: matrix.runner != 'macos-latest'
run: ./script/debian.sh "sandbox"
- run: ./script/sandbox.sh
- run: |
OS=$(uname -s | tr '[:upper:]' '[:lower:]')
SANDBOX_HASH=$(cat "${PWD}/script/sandbox/sha256sum/${OS}/sandbox")
echo "ARCH=$(uname -m | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
echo "OS=${OS}" >> $GITHUB_ENV
echo "SANDBOX_HASH=${SANDBOX_HASH}" >> $GITHUB_ENV
- run: |
cp "/var/lib/vorpal/store/vorpal-sandbox-${SANDBOX_HASH}.package.tar.zst" \
"${PWD}/vorpal-sandbox-${SANDBOX_HASH}.package.tar.zst"
- uses: actions/upload-artifact@v4
with:
name: vorpal-sandbox-${{ env.ARCH }}-${{ env.OS }}
path: vorpal-sandbox-${{ env.SANDBOX_HASH }}.package.tar.zst
test:
needs:
- package
- package-sandbox
runs-on: ${{ matrix.runner }}
strategy:
matrix:
runner:
- macos-latest
# - ubuntu-latest
# - ubuntu-latest-arm64
steps:
- uses: actions/checkout@v4
- uses: actions/cache/restore@v4
with:
key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
path: .env
- run: echo "$PWD/.env/bin" >> $GITHUB_PATH
- run: which nickel
- run: |
echo "ARCH=$(uname -m | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
echo "OS=$(uname -s | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
- uses: actions/download-artifact@v4
with:
name: vorpal-${{ env.ARCH }}-${{ env.OS }}
- run: tar -xzf "vorpal-${ARCH}-${OS}.tar.gz"
- run: |
sudo mkdir -p /var/lib/vorpal
sudo chown -R $(id -u):$(id -g) /var/lib/vorpal
- run: ./vorpal keys generate
- run: ./vorpal validate
- run: |
./vorpal worker start > worker_output.log 2>&1 &
WORKER_PID=$(echo $!)
echo "WORKER_PID=$WORKER_PID" >> $GITHUB_ENV
echo "Worker pid: $WORKER_PID"
- run: ./vorpal build
- if: always()
run: |
cat worker_output.log
kill $WORKER_PID
# release:
# needs:
# - test
# permissions:
# attestations: write
# contents: write
# id-token: write
# packages: write
# runs-on: ubuntu-latest
# steps:
# - uses: actions/checkout@v4
#
# - uses: actions/download-artifact@v4
# with:
# fail-on-cache-miss: true
# pattern: vorpal-*
#
# - run: git fetch --tags
#
# - if: github.ref == 'refs/heads/main'
# env:
# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# run: |
# if gh release view edge > /dev/null 2>&1; then
# gh release delete --cleanup-tag --yes edge
# fi
# git tag edge
# git push --tags
#
# - if: github.ref == 'refs/heads/main'
# uses: softprops/action-gh-release@v2
# with:
# body: Latest artifacts from `main` branch when merged.
# fail_on_unmatched_files: true
# files: |
# vorpal-aarch64-linux/vorpal-aarch64-linux.tar.gz
# vorpal-x86_64-linux/vorpal-x86_64-linux.tar.gz
# name: edge
# prerelease: true
# tag_name: refs/tags/edge
#
# - run: |
# mkdir -p dist/aarch64-linux
# mkdir -p dist/x86_64-linux
# tar -xzf vorpal-aarch64-linux/vorpal-aarch64-linux.tar.gz -C dist/aarch64-linux
# tar -xzf vorpal-x86_64-linux/vorpal-x86_64-linux.tar.gz -C dist/x86_64-linux
#
# - if: github.ref == 'refs/heads/main'
# uses: actions/attest-build-provenance@v1
# with:
# subject-path: |
# dist/aarch64-linux/vorpal
# dist/x86_64-linux/vorpal