Build package #1660
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build package | |
on: | |
push: | |
branches: | |
- main | |
pull_request: {} | |
schedule: | |
- cron: '0 0 * * *' | |
jobs: | |
windows: | |
environment: aws | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: windows-2019 | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python 3.10 | |
uses: actions/setup-python@v5 | |
with: | |
python-version: "3.10" | |
- name: Install requirements | |
run: pip install -r requirements.txt | |
- name: Download dvc pkg | |
run: python download.py | |
- name: Set pkg type | |
shell: bash | |
run: echo 'PKG = "exe"' > dvc/dvc/_build.py | |
- name: Install dvc requirements | |
run: | | |
pip install .\dvc[all] | |
# https://github.com/iterative/dvc/issues/7949 | |
pip install PyInstaller==6.9.0 | |
# https://github.com/iterative/dvc/issues/9654 | |
pip install flufl-lock==7.1.1 | |
dvc doctor | |
- name: Build binary | |
run: python build_bin.py | |
- name: Pull images | |
run: dvc pull | |
- name: Build package | |
run: python build.py | |
- name: Install JSign | |
run: | | |
curl --location --remote-name https://github.com/ebourg/jsign/releases/download/4.2/jsign-4.2.jar | |
sha256sum jsign-4.2.jar | grep 290377fc4f593256200b3ea4061b7409e8276255f449d4c6de7833faf0850cc1 | |
- uses: google-github-actions/auth@v2 | |
with: | |
project_id: dvc-artifact-signing | |
workload_identity_provider: projects/680041843771/locations/global/workloadIdentityPools/github/providers/github | |
service_account: [email protected] | |
- name: Sign | |
run: java -jar jsign-4.2.jar dvc-*.exe | |
--storetype GOOGLECLOUD | |
--storepass $(gcloud auth print-access-token) | |
--keystore projects/dvc-artifact-signing/locations/global/keyRings/certificates | |
--alias windows | |
--certfile certificate_chain.pem | |
--tsmode RFC3161 | |
--tsaurl http://timestamp.digicert.com | |
--alg SHA-256 | |
- uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-region: us-east-2 | |
role-to-assume: arn:aws:iam::260760892802:role/dvc-public-exe-deployer | |
- name: Upload | |
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }} | |
run: python upload.py dvc-*.exe | |
notify: | |
if: github.ref == 'refs/heads/main' && failure() | |
needs: [windows] | |
runs-on: ubuntu-latest | |
steps: | |
- name: Slack Notification | |
uses: rtCamp/[email protected] | |
env: | |
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
SLACK_COLOR: ${{ job.status }} | |
SLACK_MESSAGE: 'Package build failed for ${{ github.repository }}' | |
SLACK_TITLE: CI Status | |
SLACK_USERNAME: dvc-pkg-build |