Skip to content

Bare

Bare #381

Workflow file for this run

#
# GitHub actions for building and testing on bare hardware.
# Typically, Windows and macOS builds are done this way.
# Look for the Linux builds in the "docker" workflow.
name: Bare
on:
push:
branches: [ master ]
pull_request:
concurrency:
group: bare-${{ github.ref }}
cancel-in-progress: true
jobs:
windows:
# The type of runner that the job will run on
runs-on: windows-latest
timeout-minutes: 45
permissions:
# Give the default GITHUB_TOKEN write permission to commit requirements.txt
contents: write
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out the repository under $GITHUB_WORKSPACE, so the job can access it
- uses: actions/checkout@v4
with:
fetch-depth: 2
# Explicitly run our scripts with Bash, not PowerShell (GitHub's default).
- name: Build Pythia
timeout-minutes: 10
run: bash ./build.sh build
- name: Test Pythia
timeout-minutes: 5
run: bash ./build.sh test
# Commit changed requirements.txt back to the repository
- uses: stefanzweifel/git-auto-commit-action@v5
with:
commit_message: Automated update of requirements.txt from Windows build.
file_pattern: 'requirements.txt'
# To use an RSA key with SFTPPlus, install upstream OpenSSH package,
# which is more finicky in regards to file permissions.
# Beware the commands in this step run under PowerShell.
- name: Prepare SFTP upload
run: |
mkdir -p ~/.ssh/
touch priv_key
icacls .\priv_key /inheritance:r
icacls .\priv_key /grant:r runneradmin:"(F)"
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
choco install --yes --no-progress openssh
# Upload using a (per-OS selected) sftp command, then show final links.
# Remove key in same step to avoid leaving it on disk if publishing fails.
- name: Upload testing package
timeout-minutes: 5
run: bash -c './publish_dist.sh ; rm priv_key'
- name: Tmate debug on failure
if: ${{ !cancelled() && runner.debug }}
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true
# To access the Windows desktop for advanced debugging, as per
# https://github.com/nelsonjchen/reverse-rdp-windows-github-actions,
# but using the ngrok token as password for the runnneradmin user.
# Basically use the ngrok token and the ngrok URL (from ngrok's dashboard).
- name: Ngrok debugging on failure
if: ${{ failure() && !cancelled() && runner.debug }}
env:
NGROK_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
run: |
choco install --yes --no-progress ngrok
ngrok.exe authtoken $env:NGROK_TOKEN
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
Set-LocalUser -Name "runneradmin" -Password (ConvertTo-SecureString -AsPlainText "$env:NGROK_TOKEN" -Force)
ngrok.exe tcp 3389
macos:
# For macOS on Intel at GitHub.
runs-on: macos-13
timeout-minutes: 90
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
# Some Homebrew libs pollute the build.
# Also make sure binaries depending on these libs are out of the way.
- name: Hack Homebrew
run: |
sudo mv -v /usr/local/bin/git{,.saved}
sudo chmod -v a-r /usr/local/include/libintl.h
sudo chmod -v a-r /usr/local/include/gdbm.h
sudo chmod -v a-r /usr/local/opt/gettext/lib/libintl.*
sudo chmod -v a-r /usr/local/opt/gdbm/lib/libgdbm*
sudo chmod -v a-r /usr/local/opt/mpdecimal/lib/libmpdec*
- name: Build Pythia
timeout-minutes: 30
run: ./build.sh build
# Fix back Homebrew, for working Shellcheck tests and tmate debugging.
- name: Unhack Homebrew
run: |
sudo chmod -v a+r /usr/local/include/libintl.h
sudo chmod -v a-r /usr/local/include/gdbm.h
sudo chmod -v a+r /usr/local/opt/gettext/lib/libintl*
sudo chmod -v a+r /usr/local/opt/gdbm/lib/libgdbm*
sudo chmod -v a+r /usr/local/opt/mpdecimal/lib/libmpdec*
sudo mv -v /usr/local/bin/git{.saved,}
- name: Test Pythia
timeout-minutes: 5
run: ./build.sh test
- name: Upload testing package
timeout-minutes: 5
run: |
mkdir -pv ~/.ssh/
touch priv_key
chmod 600 priv_key
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
./publish_dist.sh ; rm priv_key
- name: Tmate debug on failure
if: ${{ !cancelled() && runner.debug }}
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true
macos-m1:
# For macOS on Apple Silicon at GitHub.
runs-on: macos-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Build Pythia
timeout-minutes: 20
run: ./build.sh build
- name: Test Pythia
timeout-minutes: 5
run: ./build.sh test
- name: Upload testing package
timeout-minutes: 5
run: |
mkdir -pv ~/.ssh/
touch priv_key
chmod 600 priv_key
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
./publish_dist.sh ; rm priv_key
- name: Tmate debug on failure
if: ${{ !cancelled() && runner.debug }}
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true