11. CI container #782
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 11. CI container | |
'on': | |
push: | |
branches: | |
- github* | |
pull_request: | |
branches: | |
- '**' | |
schedule: | |
- cron: 0 0 * * * | |
workflow_dispatch: null | |
concurrency: | |
group: 'mainc-${{ github.ref }}' | |
cancel-in-progress: true | |
jobs: | |
mainc-arch-minimal: | |
needs: | |
- mainc-smoke-minimal | |
- mainc-smoke-common | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- arch-0 | |
yp_ci_brew_install: | |
- minimal | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-alpine-minimal: | |
needs: | |
- mainc-smoke-minimal | |
- mainc-smoke-common | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- alpine-3.15 | |
yp_ci_brew_install: | |
- minimal | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-amzn-minimal: | |
needs: | |
- mainc-smoke-minimal | |
- mainc-smoke-common | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- amzn-2 | |
yp_ci_brew_install: | |
- minimal | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-centos-minimal: | |
needs: | |
- mainc-smoke-minimal | |
- mainc-smoke-common | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- centos-8 | |
yp_ci_brew_install: | |
- minimal | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-debian-minimal: | |
needs: | |
- mainc-smoke-minimal | |
- mainc-smoke-common | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- debian-9 | |
- debian-10 | |
yp_ci_brew_install: | |
- minimal | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-ubuntu-minimal: | |
needs: | |
- mainc-smoke-minimal | |
- mainc-smoke-common | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- ubuntu-18.04 | |
- ubuntu-22.04 | |
yp_ci_brew_install: | |
- minimal | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-smoke-minimal: | |
needs: [] | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- ubuntu-20.04 | |
yp_ci_brew_install: | |
- minimal | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-arch-common: | |
needs: | |
- mainc-arch-minimal | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- arch-0 | |
yp_ci_brew_install: | |
- common | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-alpine-common: | |
needs: | |
- mainc-alpine-minimal | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- alpine-3.15 | |
yp_ci_brew_install: | |
- common | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-amzn-common: | |
needs: | |
- mainc-amzn-minimal | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- amzn-2 | |
yp_ci_brew_install: | |
- common | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-centos-common: | |
needs: | |
- mainc-centos-minimal | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- centos-8 | |
yp_ci_brew_install: | |
- common | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-debian-common: | |
needs: | |
- mainc-debian-minimal | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- debian-9 | |
- debian-10 | |
yp_ci_brew_install: | |
- common | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-ubuntu-common: | |
needs: | |
- mainc-ubuntu-minimal | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- ubuntu-18.04 | |
- ubuntu-22.04 | |
yp_ci_brew_install: | |
- common | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 | |
mainc-smoke-common: | |
needs: [] | |
timeout-minutes: 30 | |
strategy: | |
fail-fast: false | |
matrix: | |
container: | |
- ubuntu-20.04 | |
yp_ci_brew_install: | |
- common | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
runs-on: ubuntu-latest | |
env: | |
GITHUB_TOKEN: '${{ secrets.GITHUB_TOKEN }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY: '${{ secrets.YP_CI_ECHO_EXTERNAL_HONEYCOMB_API_KEY }}' | |
YP_LOG_BOOTSTRAP: true | |
YP_PRINTENV_BOOTSTRAP: '${{ secrets.YP_PRINTENV_BOOTSTRAP }}' | |
YP_TRANSCRYPT_PASSWORD: '${{ secrets.YP_TRANSCRYPT_PASSWORD }}' | |
V: '${{ secrets.V }}' | |
DOCKER_USERNAME: '${{ secrets.DOCKER_USERNAME }}' | |
DOCKER_TOKEN: '${{ secrets.DOCKER_TOKEN }}' | |
GITHUB_MATRIX_CONTAINER: '${{ matrix.container }}' | |
GITHUB_MATRIX_YP_CI_BREW_INSTALL: '${{ matrix.yp_ci_brew_install }}' | |
GITHUB_JOB_NAME: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_CI_ECHO_EXTERNAL_HONEYCOMB_DATASET: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
YP_DEPLOY_DRYRUN: true | |
steps: | |
- name: yplatform/bin/github-checkout | |
shell: bash | |
run: > | |
set -x | |
#!/usr/bin/env bash | |
set -euo pipefail | |
HOME_REAL=$(eval echo "~$(id -u -n)") | |
[[ "${HOME}" = "${HOME_REAL}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[WARN] \$HOME is overriden to ${HOME}." | |
>&2 echo "$(date +"%H:%M:%S")" "[INFO] Resetting \$HOME to ${HOME_REAL}..." | |
export HOME=${HOME_REAL} | |
} | |
[[ -n "${GITHUB_REPOSITORY:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REPOSITORY is undefined." | |
exit 1 | |
} | |
[[ -n "${GITHUB_REF:-}" ]] || { | |
>&2 echo "$(date +"%H:%M:%S")" "[ERR ] GITHUB_REF is undefined." | |
exit 1 | |
} | |
# run with a clean .gitconfig, but restore on exit | |
TMP_GITHUB_CHECKOUT=$(mktemp -t yplatform.XXXXXXXXXX) | |
touch ${HOME}/.gitconfig | |
mv ${HOME}/.gitconfig ${TMP_GITHUB_CHECKOUT} | |
function on_exit() { | |
mv ${TMP_GITHUB_CHECKOUT} ${HOME}/.gitconfig | |
} | |
trap on_exit EXIT | |
# basic git config | |
git config --global core.autocrlf false | |
git config --global core.eol lf | |
git config --global advice.detachedHead false | |
# use https instead of everything else | |
# sync with gitconfig/dot.gitconfig.github-https | |
git config --global --add url."https://github.com/".insteadOf "https://github.com/" # git canonical https url | |
git config --global --add url."https://github.com/".insteadOf "git://github.com/" # git canonical git url | |
git config --global --add url."https://github.com/".insteadOf "github://" # github url | |
git config --global --add url."https://github.com/".insteadOf "[email protected]:" # git canonical ssh url | |
git config --global --add url."https://github.com/".insteadOf "ssh://[email protected]/" # npm package.json's | |
canonical git+ssh url # editorconfig-checker-disable-line | |
# use github token transparently | |
[[ -z "${GITHUB_TOKEN:-}" ]] || { | |
BASE64="base64 --wrap 0" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="base64" | |
echo "" | ${BASE64} >/dev/null 2>&1 || BASE64="openssl base64 -A" | |
echo "" | ${BASE64} >/dev/null 2>&1 | |
GIT_HTTP_EXTRAHEADER="AUTHORIZATION: basic $(echo -n "x-access-token:${GITHUB_TOKEN}" | ${BASE64})" | |
git config --global --add http."https://github.com/".extraheader "${GIT_HTTP_EXTRAHEADER}" | |
} | |
# use git protocol version 2 if available | |
GIT_DEPTH_ARG= | |
# NOTE may fail if git-man is not installed | |
# ! git config --help | grep -q "wire protocol version 2" || { | |
! grep -q "protocol version 2" $(command -v git) || { | |
git config --global --add protocol.version 2 | |
GIT_DEPTH_ARG="--depth=1" | |
} | |
# ------------------------------------------------------------------------------ | |
# clone/fetch | |
GIT_URL=${GITHUB_SERVER_URL:-${GITHUB_URL:-https://github.com}}/${GITHUB_REPOSITORY}.git | |
GIT_BRANCH_ARG= | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/heads\/}" | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
GIT_BRANCH_ARG="--branch ${GITHUB_REF#refs\/tags\/}" | |
fi | |
[[ -z "${GITHUB_WORKSPACE:-}" ]] || cd ${GITHUB_WORKSPACE} | |
git clone ${GIT_DEPTH_ARG:-} ${GIT_BRANCH_ARG} ${GIT_URL} $(pwd) | |
# shellcheck disable=SC2193 | |
if [[ "${GITHUB_EVENT_NAME:-}" = "pull_request" ]]; then | |
git fetch ${GIT_DEPTH_ARG:-} origin ${GITHUB_REF}:refs/remotes/pull/${GITHUB_REF#refs\/pull\/} | |
GITHUB_SHA=$(git rev-parse pull/${GITHUB_REF#refs\/pull\/}) | |
GIT_BRANCH_DEFAULT=$(git ls-remote --symref ${GIT_URL} HEAD | head -1 | sed "s,^ref: refs/heads/,," | sed "s,\s\+HEAD,,") | |
GITHUB_REF=refs/heads/${GITHUB_BASE_REF:-${GIT_BRANCH_DEFAULT}} | |
fi | |
# ------------------------------------------------------------------------------ | |
# checkout | |
if [[ "${GITHUB_REF}" =~ ^refs/heads/ ]]; then | |
git checkout -B ${GITHUB_REF#refs\/heads\/} ${GITHUB_SHA:-origin/${GITHUB_REF#refs\/heads\/}} | |
elif [[ "${GITHUB_REF}" =~ ^refs/tags/ ]]; then | |
git checkout ${GITHUB_REF} | |
else | |
set -x | |
printenv | |
cat ${GITHUB_EVENT_PATH:-/dev/null} | |
exit 1 | |
fi | |
# submodules | |
git submodule sync --recursive | |
git submodule update --init --recursive --force ${GIT_DEPTH_ARG:-} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
id: buildx | |
uses: docker/setup-buildx-action@v2 | |
with: | |
buildkitd-flags: '--debug' | |
- name: 'Set up Docker Buildx: remote ssh for arm64' | |
id: buildx-arm64-ssh | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: '${{ secrets.DOCKER_AWS_SSH_PRIVATE_KEY }}' | |
known_hosts: unnecessary | |
- name: 'Set up Docker Buildx: remote builder for arm64' | |
id: buildx-arm64-builder | |
shell: bash | |
env: | |
DOCKER_AWS_SSH_SERVER: docker-arm64.aws.ysoftware.se | |
run: |- | |
set -x | |
ssh-keyscan -H ${DOCKER_AWS_SSH_SERVER} >> ~/.ssh/known_hosts || exit 0 | |
ssh ${DOCKER_AWS_SSH_SERVER} "exit 0" || exit 0 | |
docker context create aws-docker-arm64 --docker host=ssh://${DOCKER_AWS_SSH_SERVER} | |
docker buildx create --name localamd64-remotearm64 default --platform linux/amd64 | |
docker buildx create --name localamd64-remotearm64 aws-docker-arm64 --platform linux/arm64 --append | |
docker buildx use localamd64-remotearm64 | |
- shell: bash | |
run: ./.ci.sh before_deploy | |
- shell: bash | |
run: ./.ci.sh deploy | |
- shell: bash | |
run: ./.ci.sh after_deploy || true | |
- name: Upload Artifacts | |
uses: actions/upload-artifact@v3 | |
with: | |
name: 'mainc-${{ matrix.container }}-${{ matrix.yp_ci_brew_install }}' | |
path: |- | |
yp-ci-echo-benchmark | |
some-job-artifact.md | |
log.sh-session | |
retention-days: 7 |