-
Notifications
You must be signed in to change notification settings - Fork 1.5k
108 lines (96 loc) · 4.03 KB
/
nightly_release.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
# Part of the Carbon Language project, under the Apache License v2.0 with LLVM
# Exceptions. See /LICENSE for license information.
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
#
# This workflow creates a GitHub "release" of a nightly build of the project.
#
# Note: This is just an initial rough attempt, there is a lot of future work
# needed here. A brief summary of TODOs:
#
# - Configure a nice release notes template and switch to generating the title
# and notes instead of hard coding them.
#
# - Do some amount of testing prior to building and uploading the release.
# - Tempting to try to examine existing testing workflow, but maybe better to
# allow re-using any complex parts and do our own testing. That would, for
# example, allow us to narrow or expand the set of tests uses for
# pre-release testing to potentially be different from continuous testing.
# - Some questions around what to do in the event of a failure... error? Where
# does the error go? Create a draft, unpublished release instead?
#
# - Build artifacts for all the different OSes we have GitHub runners for rather
# than just x86 Linux.
name: Nightly Release
on:
schedule:
- cron: '0 2 * * *'
# Enable manual runs for testing or manually (re-)creating a nightly release.
workflow_dispatch:
permissions:
contents: write # For creating and uploading to releases.
jobs:
release:
runs-on: ubuntu-22.04
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: block
# When adding endpoints, see README.md.
# prettier-ignore
allowed-endpoints: >
*.dl.sourceforge.net:443
api.github.com:443
bcr.bazel.build:443
downloads.sourceforge.net:443
github.com:443
oauth2.googleapis.com:443
objects.githubusercontent.com:443
releases.bazel.build:443
sourceforge.net:443
storage.googleapis.com:443
uploads.github.com:443
- name: Checkout branch
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Set up remote cache access
env:
REMOTE_CACHE_KEY: ${{ secrets.CARBON_BUILDS_GITHUB }}
run: |
echo "$REMOTE_CACHE_KEY" | base64 -d > $HOME/remote_cache_key.json
echo "remote_cache_upload=--google_credentials=$HOME/remote_cache_key.json" \
>> $GITHUB_ENV
- uses: ./.github/actions/build-setup-common
with:
matrix_runner: ubuntu-22.04
remote_cache_upload: ${{ env.remote_cache_upload }}
- name: Get nightly date
run: |
echo "nightly_date=$(date '+%Y.%m.%d')" >> $GITHUB_ENV
- name: Build release
run: |
./scripts/run_bazel.py \
--attempts=5 --jobs-on-last-attempt=4 \
test -c opt --remote_download_toplevel \
--pre_release=nightly --nightly_date=${{ env.nightly_date }} \
//toolchain/install:prefix_root/bin/carbon \
//toolchain/install:carbon_toolchain_tar_gz_rule \
//toolchain/install:carbon_toolchain_tar_gz_test
- name: Extract the release version
run: |
# Make sure we can run the toolchain to get the version.
./bazel-bin/toolchain/install/prefix_root/bin/carbon version
# Now stash it in a variable and export it.
VERSION=$( \
./bazel-bin/toolchain/install/prefix_root/bin/carbon version \
| cut -d' ' -f5 | cut -d'+' -f1)
echo "release_version=$VERSION" >> $GITHUB_ENV
- name: Create the release
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
gh release create \
--title "Nightly build ${{ env.nightly_date }}" \
--generate-notes \
--prerelease \
v${{ env.release_version }} \
"bazel-bin/toolchain/install/carbon_toolchain-${{ env.release_version }}.tar.gz"