generated from bazel-contrib/rules-template
-
-
Notifications
You must be signed in to change notification settings - Fork 61
184 lines (184 loc) · 9.56 KB
/
.aspect-workflows-reusable.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
# ==================================================================================================
# Aspect Workflows Reusable Workflow for GitHub Actions (v5.11.0)
#
# https://github.com/marketplace/actions/aspect-workflows?version=5.11.0
#
# At this time, GitHub Actions does not allow referencing reusable workflows from public
# repositories in other organizations. See
# https://docs.github.com/en/actions/using-workflows/reusing-workflows#access-to-reusable-workflows
# for more info.
#
# Use the Aspect Workflows Reusable Workflow with GitHub Actions by doing one of the following:
#
# 1. Vendor this file into the `.github/workflows` folder of your repository and reference it with
# `uses:` in a workflow file such as `.github/workflows/aspect-workflows.yaml`:
#
# ```
# name: Aspect Workflows
#
# on:
# push:
# branches: [main]
# pull_request:
# branches: [main]
# workflow_dispatch:
#
# jobs:
# aspect-workflows:
# name: Aspect Workflows
# uses: ./.github/workflows/.aspect-workflows-reusable.yaml
# ```
#
# 2. Create a fork of https://github.com/aspect-build/workflows-action in your
# GitHub org and change the `uses` line above to reference the reusable work
# from your fork:
#
# ```
# jobs:
# aspect-workflows:
# name: Aspect Workflows
# uses: my-github-org/workflows-action/.github/workflows/[email protected]
# ```
# ==================================================================================================
name: Aspect Workflows Reusable Workflow (v5.11.0)
on:
# Makes this workflow reusable, see
# https://github.blog/2022-02-10-using-reusable-workflows-github-actions
workflow_call:
inputs:
aspect-config:
description: Path to the Aspect Workflows config.yaml file
type: string
default: .aspect/workflows/config.yaml
delivery-workflow:
description: The name of the file which contains the delivery workflow
type: string
default: aspect-workflows-delivery.yaml
queue:
description: The queue / runner pool that the setup step will run on
type: string
default: aspect-default
slack_webhook_url:
description: 'If set, then a webhook notification will be sent for failing builds on a release branch. Input should match the name of a secret. "secrets: inherit" must also be set'
type: string
inherited_secrets:
description: 'Comma separated list of secrets or regex (Oniguruma) describing secrets to be made available during the build. "secrets: inherit" must also be set. The regex is used by jq internally which uses the Oniguruma regular expression library: https://jqlang.github.io/jq/manual/'
type: string
jobs:
setup:
runs-on: [self-hosted, aspect-workflows, "${{ inputs.queue }}"]
steps:
- uses: actions/checkout@v4
- id: rosetta-generate
run: |
ROSETTA_RESULT=$( \
rosetta steps \
--config ${{ inputs.aspect-config }} \
--gha_task generate \
--gha_json_pretty_print=false \
)
tee "${GITHUB_OUTPUT}" <<< "json=${ROSETTA_RESULT}"
outputs:
cfg: ${{ steps.rosetta-generate.outputs.json }}
bazel:
needs: [setup]
runs-on: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].labels }}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.setup.outputs.cfg).matrix_config }}
env:
ASPECT_WORKFLOWS_CONFIG: ${{ inputs.aspect-config }}
steps:
- name: Workflows environment
run: ${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/configure_workflows_env
- name: Clone repo
uses: actions/checkout@v4
- name: Agent health check
run: ${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/agent_health_check
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].health_check_timeout }}
- name: Process secrets
id: process_secrets
if: inputs.inherited_secrets != ''
run: |
REQUIRED_SECRETS=$(${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/jq -R --compact-output 'gsub("\\s+";"";"g") | split(",")' <<< "${{ inputs.inherited_secrets }}")
FILTERED_SECRETS=$(${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/jq --compact-output --argjson secrets "${REQUIRED_SECRETS}" 'with_entries( select (.key | test($secrets[]) ) )' <<< '''${{ toJson(secrets) }}''' )
echo "filtered_secrets=${FILTERED_SECRETS}" | tee ${GITHUB_OUTPUT}
- name: Prepare archive directories
run: rm -rf ${{ join(fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].artifact_paths, ' ') }}
- name: Determine changed files
uses: tj-actions/changed-files@v42
if: endsWith(matrix.job, 'format')
with:
json: true
write_output_files: true
output_dir: ${{ fromJson(needs.setup.outputs.cfg).platform.directories.ARTIFACTS_DIR }}
- name: Checkout health
uses: aspect-build/[email protected]
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].checkout_task_timeout }}
if: fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].has_checkout_task
with:
workspace: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}
task: checkout
- name: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].name }}
uses: aspect-build/[email protected]
env: ${{ inputs.inherited_secrets != '' && fromJson(steps.process_secrets.outputs.filtered_secrets) || fromJson('{}') }}
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].timeout_in_minutes }}
with:
workspace: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}
task: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].task }}
- name: Send notification to Slack
id: slack
# oncall cares about branches that do delivery, so key this on whether we produce a delivery manifest
if: inputs.slack_webhook_url != '' && failure() && fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].generate_manifest
uses: slackapi/[email protected]
with:
payload: |
{
"gha_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets[inputs.slack_webhook_url] }}
- name: Delivery manifest
if: fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].generate_manifest
uses: aspect-build/[email protected]
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].delivery_manifest_timout }}
with:
workspace: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}
task: delivery_manifest
args: "--data TARGETS_SOURCE=${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].task }}"
# Upload all artifacts for the workspace
- name: Upload artifacts
# The `always()` condition makes this step run even if a previous step failed.
# Setting `continue-on-error: true` on previous steps isn't ideal as the UI
# will flag them as having passed even if they failed.
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].artifact_prefix }}${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].task }}.artifacts
path: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].artifact_upload_pattern }}
overwrite: true
# Codecov
- name: Codecov upload
# The `always()` condition makes this step run even if a previous step failed.
# Setting `continue-on-error: true` on previous steps isn't ideal as the UI
# will flag them as having passed even if they failed.
if: ${{ always() && fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].codecov_upload }}
# https://github.com/marketplace/actions/codecov
uses: codecov/codecov-action@v4
with:
files: bazel-out/_coverage/_coverage_report.dat
token: ${{ secrets.CODECOV_TOKEN }}
functionalities: search # Disable searching for coverage reports. If enabled, it gets confused
# by the bazel convenience symlinks and finds the same coverage report
# under bazel-out and {workspace}/bazel-out.
- name: Trigger delivery
# This uses the following API: https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event
run: |
curl \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/${{ inputs.delivery-workflow }}/dispatches \
-d "{\"ref\":\"${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].branch }}\",\"inputs\":{\"delivery_commit\":\"${GITHUB_SHA}\",\"workspace\":\"${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}\"}}"
shell: bash
if: fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].delivery