Skip to content

[v14] Update bloat check to match master #34395

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
rosstimothy merged 1 commit into from
Nov 9, 2023
Merged

[v14] Update bloat check to match master #34395

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 28 additions & 13 deletions .github/workflows/bloat.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,15 @@ jobs:

steps:
- name: Checkout base
uses: actions/checkout@v3
uses: actions/checkout@v3 # Cannot upgrade to v4 while this runs in centos:7 due to nodejs GLIBC incompatibility
with:
ref: ${{ github.event.push.before }}
ref: ${{ github.event.before }}

- name: Prepare workspace
uses: ./.github/actions/prepare-workspace

- name: Checkout shared-workflow
uses: actions/checkout@v3
uses: actions/checkout@v3 # Cannot upgrade to v4 while this runs in centos:7 due to nodejs GLIBC incompatibility
with:
repository: gravitational/shared-workflows
path: .github/shared-workflows
Expand All @@ -49,11 +49,11 @@ jobs:
with:
path: |
~/teleport_base_build_stats
key: ${{ runner.os }}-${{ github.event.push.before }}
key: ${{ github.job }}-${{ runner.os }}-${{ github.event.before }}

- name: Generate GitHub Token
id: generate_token
uses: tibdex/github-app-token@b62528385c34dbc9f38e5f4225ac829252d1ea92 # v1.8.0
uses: actions/create-github-app-token@v1.0.5 # Cannot upgrade past v1.1 while this runs in centos:7 due to nodejs GLIBC incompatibility
with:
app_id: ${{ secrets.REVIEWERS_APP_ID }}
private_key: ${{ secrets.REVIEWERS_PRIVATE_KEY }}
Expand All @@ -66,14 +66,15 @@ jobs:
cd .github/shared-workflows/bot && go run main.go -workflow=binary-sizes --artifacts="tbot,tctl,teleport,tsh" --builddir="../../../base_build" -token="${{ steps.generate_token.outputs.token }}" -reviewers="${{ secrets.reviewers }}" >> ~/teleport_base_build_stats
echo "base_stats_file=~/teleport_base_build_stats" >> $GITHUB_OUTPUT
echo "base_stats=$(cat ~/teleport_base_build_stats)" >> $GITHUB_ENV

- if: ${{ steps.cache-build-restore.outputs.cache-hit != 'true' }}
name: Save base build
id: base-build-save
uses: actions/cache/save@v3
with:
path: |
${{ steps.build_base.outputs.base_stats_file }}
key: ${{ runner.os }}-${{ github.event.push.before }}
key: ${{ github.job }}-${{ runner.os }}-${{ github.event.before }}

- if: ${{ steps.cache-build-restore.outputs.cache-hit == 'true' }}
name: Restore base stats
Expand All @@ -82,21 +83,35 @@ jobs:
echo "base_stats=$(cat ~/teleport_base_build_stats)" >> $GITHUB_ENV

- name: Checkout branch
uses: actions/checkout@v3
uses: actions/checkout@v3 # Cannot upgrade to v4 while this runs in centos:7 due to nodejs GLIBC incompatibility
with:
clean: false
ref: ${{ github.event.push.after }}
ref: ${{ github.event.after }}

- name: Checkout shared-workflow
uses: actions/checkout@v3
uses: actions/checkout@v3 # Cannot upgrade to v4 while this runs in centos:7 due to nodejs GLIBC incompatibility
with:
repository: gravitational/shared-workflows
path: .github/shared-workflows
ref: tross/skip_items_on_pr
ref: main

- name: Check branch for bloat
- name: Build Binaries
id: build_branch
run: |
make WEBASSETS_SKIP_BUILD=1 binaries
BUILD_SECRET=FAKE_SECRET make WEBASSETS_SKIP_BUILD=1 binaries

- name: Check for Environment Leak
id: check_branch_env_leak
run: |
for binary in $(pwd)/build/*; do \
if strings $binary | grep -q 'FAKE_SECRET'; then \
echo "Error: $binary contains FAKE_SECRET"; \
exit 1; \
fi; \
done

- name: Check for bloat
id: check_branch_bloat
run: |
current=$(pwd)/build
cd .github/shared-workflows/bot && go run main.go -workflow=bloat --artifacts="tbot,tctl,teleport,tsh" --base="${base_stats}" --builddir="${current}" -token="${{ steps.generate_token.outputs.token }}" -reviewers="${{ secrets.reviewers }}" > $GITHUB_STEP_SUMMARY
cd .github/shared-workflows/bot && go run main.go -workflow=bloat --artifacts="tbot,tctl,teleport,tsh" --base="${base_stats}" --builddir="${current}" -token="${{ steps.generate_token.outputs.token }}" -reviewers="${{ secrets.reviewers }}" > $GITHUB_STEP_SUMMARY