amd64: hylang:1.1.0-python3.14-rc-bookworm (8349417820b7544452dc53ab4a6497460128275bd3953ca1163d2f1dd1fbe186) #127590
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| buildId: | |
| required: true | |
| type: string | |
| bashbrewArch: | |
| required: true | |
| type: choice | |
| options: | |
| - amd64 | |
| - i386 | |
| - windows-amd64 | |
| firstTag: # informational only, because "run-name" can't be set to a useful value otherwise | |
| type: string | |
| windowsVersion: | |
| type: choice | |
| options: | |
| - '' # without this, it's technically "required" 🙃 | |
| - 2025 | |
| - 2022 | |
| - 2019 | |
| run-name: '${{ inputs.bashbrewArch }}: ${{ inputs.firstTag }} (${{ inputs.buildId }})' | |
| permissions: | |
| contents: read | |
| actions: write # for https://github.com/andymckay/cancel-action (see usage below) | |
| concurrency: | |
| group: ${{ github.event.inputs.buildId }} | |
| cancel-in-progress: false | |
| defaults: | |
| run: | |
| shell: 'bash -Eeuo pipefail -x {0}' | |
| env: | |
| BUILD_ID: ${{ inputs.buildId }} | |
| BASHBREW_ARCH: ${{ inputs.bashbrewArch }} | |
| jobs: | |
| build: | |
| name: Build ${{ inputs.buildId }} | |
| runs-on: ${{ inputs.bashbrewArch == 'windows-amd64' && format('windows-{0}', inputs.windowsVersion) || 'ubuntu-latest' }} | |
| env: | |
| BASHBREW_META_SCRIPTS: ${{ github.workspace }}/.scripts | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| # TODO on Linux, install Tianon's Docker builds (switch off "ubuntu-latest" to pin to something closer to something we publish Debian builds for OR just run Docker-in-Docker and use GITHUB_ENV to set DOCKER_HOST to a suitable value) | |
| - uses: ./.doi/.github/workflows/.bashbrew | |
| with: | |
| # avoid building because we want to skip the build and download a release instead (which will be way faster) | |
| build: none # this will set BASHBREW_VERSION for us | |
| # TODO improve the bashbrew action to download a release binary instead of building from source ("build: download", perhaps?) | |
| - name: Tools | |
| run: | | |
| mkdir .gha-bin | |
| echo "$PWD/.gha-bin" >> "$GITHUB_PATH" | |
| ext='' | |
| if [ "$BASHBREW_ARCH" = 'windows-amd64' ]; then # TODO should we run "bashbrew-host-arch.sh" here instead? | |
| ext='.exe' | |
| fi | |
| _download() { | |
| # prefer wget, but "windows-2019" doesn't have it, so fall back to curl | |
| local target="$1"; shift | |
| local url="$1"; shift | |
| if command -v wget > /dev/null; then | |
| wget --timeout=5 -O "$target" "$url" --progress=dot:giga | |
| else | |
| curl -fL -o "$target" "$url" | |
| fi | |
| } | |
| # https://github.com/docker-library/bashbrew/releases | |
| [ -n "$BASHBREW_VERSION" ] | |
| _download ".gha-bin/bashbrew$ext" "https://github.com/docker-library/bashbrew/releases/download/$BASHBREW_VERSION/bashbrew-$BASHBREW_ARCH$ext" | |
| chmod +x ".gha-bin/bashbrew$ext" | |
| ".gha-bin/bashbrew$ext" --version | |
| # https://doi-janky.infosiftr.net/job/wip/job/crane | |
| _download ".gha-bin/crane$ext" "https://doi-janky.infosiftr.net/job/wip/job/crane/lastSuccessfulBuild/artifact/crane-$BASHBREW_ARCH$ext" | |
| # TODO checksum verification ("checksums.txt") | |
| chmod +x ".gha-bin/crane$ext" | |
| ".gha-bin/crane$ext" version | |
| - name: JSON | |
| id: json | |
| run: | | |
| json="$( | |
| jq -L"$BASHBREW_META_SCRIPTS" ' | |
| include "meta"; | |
| include "doi"; | |
| .[env.BUILD_ID] | |
| | select(needs_build and .build.arch == env.BASHBREW_ARCH) # sanity check | |
| | .commands = commands | |
| ' builds.json | |
| )" | |
| [ -n "$json" ] | |
| { | |
| EOJSON="EOJSON-$RANDOM-$RANDOM-$RANDOM" | |
| echo "json<<$EOJSON" | |
| cat <<<"$json" | |
| echo "$EOJSON" | |
| } | tee -a "$GITHUB_ENV" "$GITHUB_OUTPUT" > /dev/null | |
| mkdir build | |
| - name: Check | |
| run: | | |
| img="$(jq <<<"$json" -r '.build.img')" | |
| if crane digest "$img"; then | |
| echo >&2 "error: '$img' already exists! cowardly refusing to overwrite it" | |
| echo 'cancel=exists' >> "$GITHUB_OUTPUT" | |
| else | |
| echo 'cancel=' >> "$GITHUB_OUTPUT" | |
| fi | |
| id: check | |
| - name: Cancel If Built | |
| if: steps.check.outputs.cancel == 'exists' | |
| uses: andymckay/cancel-action@435124153eb37d6a62a29d053a7e449652f89d51 # https://github.com/andymckay/cancel-action/commits/HEAD | |
| # https://github.com/andymckay/cancel-action/issues/12 | |
| - name: Spin Wheels If Built (waiting for cancellation) | |
| if: steps.check.outputs.cancel == 'exists' | |
| run: | | |
| while true; do | |
| echo 'Waiting for build cancellation...' | |
| sleep 30 | |
| done | |
| exit 1 | |
| - name: Pull | |
| run: | | |
| cd build | |
| shell="$(jq <<<"$json" -r '.commands.pull')" | |
| eval "$shell" | |
| - name: Build | |
| run: | | |
| bk="$(.doi/.bin/bashbrew-buildkit-env-setup.sh)" | |
| bk="$(jq <<<"$bk" -r 'to_entries | map(.key + "=" + .value | @sh) | "export " + join(" ")')" | |
| eval "$bk" | |
| cd build | |
| shell="$(jq <<<"$json" -r '.commands.build')" | |
| eval "$shell" | |
| - name: Push | |
| env: | |
| DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| DOCKER_HUB_PASSWORD: ${{ secrets.DOCKER_HUB_PASSWORD }} | |
| run: | | |
| export DOCKER_CONFIG="$PWD/.docker" | |
| mkdir "$DOCKER_CONFIG" | |
| trap 'find "$DOCKER_CONFIG" -type f -exec shred -fuvz "{}" + || :; rm -rf "$DOCKER_CONFIG"' EXIT | |
| docker login --username "$DOCKER_HUB_USERNAME" --password-stdin <<<"$DOCKER_HUB_PASSWORD" | |
| unset DOCKER_HUB_USERNAME DOCKER_HUB_PASSWORD | |
| cd build | |
| shell="$(jq <<<"$json" -r '.commands.push')" | |
| eval "$shell" |