-
Notifications
You must be signed in to change notification settings - Fork 2
178 lines (151 loc) · 5.79 KB
/
bare.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
#
# GitHub actions for building and testing on bare hardware.
# Typically, Windows and macOS builds are done this way.
# Look for the Linux builds in the "docker" workflow.
name: Bare
on:
push:
branches: [ master ]
pull_request:
concurrency:
group: bare-${{ github.ref }}
cancel-in-progress: true
jobs:
windows:
# The type of runner that the job will run on
runs-on: windows-latest
timeout-minutes: 45
permissions:
# Give the default GITHUB_TOKEN write permission to commit requirements.txt
contents: write
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out the repository under $GITHUB_WORKSPACE, so the job can access it
- uses: actions/checkout@v4
with:
fetch-depth: 2
# Explicitly run our scripts with Bash, not PowerShell (GitHub's default).
- name: Build Pythia
timeout-minutes: 10
run: bash ./build.sh build
- name: Test Pythia
timeout-minutes: 5
run: bash ./build.sh test
# Commit changed requirements.txt back to the repository
- uses: chevah/git-auto-commit-action@HEAD
with:
commit_message: Automated update of requirements.txt from Windows build.
file_pattern: 'requirements.txt'
# To use an RSA key with SFTPPlus, install upstream OpenSSH package,
# which is more finicky in regards to file permissions.
# Beware the commands in this step run under PowerShell.
- name: Prepare SFTP upload
run: |
mkdir -p ~/.ssh/
touch priv_key
icacls .\priv_key /inheritance:r
icacls .\priv_key /grant:r runneradmin:"(F)"
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
choco install --yes --no-progress openssh
# Upload using a (per-OS selected) sftp command, then show final links.
# Remove key in same step to avoid leaving it on disk if publishing fails.
- name: Upload testing package
timeout-minutes: 5
run: bash -c './publish_dist.sh ; rm priv_key'
- name: Tmate debug on failure
if: ${{ !cancelled() && runner.debug }}
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true
# To access the Windows desktop for advanced debugging, as per
# https://github.com/nelsonjchen/reverse-rdp-windows-github-actions,
# but using the ngrok token as password for the runnneradmin user.
# Basically use the ngrok token and the ngrok URL (from ngrok's dashboard).
- name: Ngrok debugging on failure
if: ${{ failure() && !cancelled() && runner.debug }}
env:
NGROK_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
run: |
choco install --yes --no-progress ngrok
ngrok.exe authtoken $env:NGROK_TOKEN
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
Set-LocalUser -Name "runneradmin" -Password (ConvertTo-SecureString -AsPlainText "$env:NGROK_TOKEN" -Force)
ngrok.exe tcp 3389
macos:
# For macOS on Intel at GitHub.
runs-on: macos-13
timeout-minutes: 90
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
# Some Homebrew libs pollute the build.
# Also make sure binaries depending on these libs are out of the way.
- name: Hack Homebrew
run: |
sudo mv -v /usr/local/bin/git{,.saved}
sudo chmod -v a-r /usr/local/include/libintl.h
sudo chmod -v a-r /usr/local/include/gdbm.h
sudo chmod -v a-r /usr/local/opt/gettext/lib/libintl.*
sudo chmod -v a-r /usr/local/opt/gdbm/lib/libgdbm*
sudo chmod -v a-r /usr/local/opt/mpdecimal/lib/libmpdec*
- name: Build Pythia
timeout-minutes: 30
run: ./build.sh build
# Fix back Homebrew, for working Shellcheck tests and tmate debugging.
- name: Unhack Homebrew
run: |
sudo chmod -v a+r /usr/local/include/libintl.h
sudo chmod -v a-r /usr/local/include/gdbm.h
sudo chmod -v a+r /usr/local/opt/gettext/lib/libintl*
sudo chmod -v a+r /usr/local/opt/gdbm/lib/libgdbm*
sudo chmod -v a+r /usr/local/opt/mpdecimal/lib/libmpdec*
sudo mv -v /usr/local/bin/git{.saved,}
- name: Test Pythia
timeout-minutes: 5
run: ./build.sh test
- name: Upload testing package
timeout-minutes: 5
run: |
mkdir -pv ~/.ssh/
touch priv_key
chmod 600 priv_key
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
./publish_dist.sh ; rm priv_key
- name: Tmate debug on failure
if: ${{ !cancelled() && runner.debug }}
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true
macos-m1:
# For macOS on Apple Silicon at GitHub.
runs-on: macos-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 2
- name: Build Pythia
timeout-minutes: 20
run: ./build.sh build
- name: Test Pythia
timeout-minutes: 5
run: ./build.sh test
- name: Upload testing package
timeout-minutes: 5
run: |
mkdir -pv ~/.ssh/
touch priv_key
chmod 600 priv_key
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
./publish_dist.sh ; rm priv_key
- name: Tmate debug on failure
if: ${{ !cancelled() && runner.debug }}
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true