-
Notifications
You must be signed in to change notification settings - Fork 2
154 lines (128 loc) · 5 KB
/
bare.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
#
# GitHub actions for building and testing on bare hardware.
# Typically, Windows and macOS builds are done this way.
# Look for the Linux builds in the "docker" workflow.
name: Bare
on:
push:
branches: [ master ]
pull_request:
concurrency:
group: bare-${{ github.ref }}
cancel-in-progress: true
# Set to 'yes' to open a tunnel to GitHub's VMs through ngrok/tmate on failures.
# Also increase timeout-minutes for the relevant OS when debugging remotely.
# Version 3 of mxschmitt/action-tmate should also work on Windows.
env:
TMATE_DEBUG: 'no'
NGROK_DEBUG: 'no'
jobs:
windows:
# The type of runner that the job will run on
runs-on: windows-latest
timeout-minutes: 15
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out the repository under $GITHUB_WORKSPACE, so the job can access it
- uses: actions/checkout@v2
with:
fetch-depth: 2
# Explicitly run our scripts with Bash, not PowerShell (GitHub's default).
- name: Build Pythia
run: bash ./build.sh build
- name: Test Pythia
run: bash ./build.sh test
# To use an RSA key with SFTPPlus, install upstream OpenSSH package,
# which is more finicky in regards to file permissions.
# Beware the commands in this step run under PowerShell.
- name: Prepare SFTP upload
run: |
mkdir -p ~/.ssh/
touch priv_key
icacls .\priv_key /inheritance:r
icacls .\priv_key /grant:r runneradmin:"(F)"
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
choco install --yes --no-progress openssh
# Upload using a (per-OS selected) sftp command, then show final links.
# Remove key in same step to avoid leaving it on disk if publishing fails.
- name: Upload testing package
run: bash -c './publish_dist.sh ; rm priv_key'
# Command line debugging through Tmate. v3 works on Windows too.
- name: Tmate debug on failure
if: failure() && env.TMATE_DEBUG == 'yes'
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true
# To access the Windows desktop for advanced debugging, as per
# https://github.com/nelsonjchen/reverse-rdp-windows-github-actions,
# but using the ngrok token as password for the runnneradmin user.
# Basically use the ngrok token and the ngrok URL (from ngrok's dashboard).
- name: Ngrok debugging on failure
if: failure() && env.NGROK_DEBUG == 'yes'
env:
NGROK_TOKEN: ${{ secrets.NGROK_AUTH_TOKEN }}
run: |
choco install --yes --no-progress ngrok
ngrok.exe authtoken $env:NGROK_TOKEN
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server'-name "fDenyTSConnections" -Value 0
Enable-NetFirewallRule -DisplayGroup "Remote Desktop"
Set-ItemProperty -Path 'HKLM:\System\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp' -name "UserAuthentication" -Value 1
Set-LocalUser -Name "runneradmin" -Password (ConvertTo-SecureString -AsPlainText "$env:NGROK_TOKEN" -Force)
ngrok.exe tcp 3389
macos:
runs-on: macos-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 2
# Some Homebrew libs pollute the build.
# Also make sure binaries depending on these libs are out of the way.
- name: Hack Homebrew
run: |
sudo mv -v /usr/local/bin/git{,.saved}
sudo chmod -v a-r /usr/local/include/libintl.h
sudo chmod -v a-r /usr/local/opt/gettext/lib/libintl.*
- name: Build Pythia
run: ./build.sh build
# Fix back Homebrew, for working Shellcheck tests and tmate debugging.
- name: Unhack Homebrew
run: |
sudo chmod -v a+r /usr/local/opt/gettext/lib/libintl*
sudo chmod -v a+r /usr/local/include/libintl.h
sudo mv -v /usr/local/bin/git{.saved,}
- name: Test Pythia
run: ./build.sh test
- name: Upload testing package
run: |
mkdir -pv ~/.ssh/
touch priv_key
chmod 600 priv_key
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
./publish_dist.sh ; rm priv_key
- name: Tmate debug on failure
if: ${{ failure() && !cancelled() && runner.debug }}
uses: chevah/action-tmate@v3
with:
limit-access-to-actor: true
macos-m1:
runs-on: m1
timeout-minutes: ${{ matrix.tests.debug == 'yes' && 90 || 30 }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 2
- name: Build Pythia
run: ./build.sh build
- name: Test Pythia
run: ./build.sh test
- name: Upload testing package
run: |
mkdir -pv ~/.ssh/
touch priv_key
chmod 600 priv_key
echo "${{ secrets.SFTPPLUS_BIN_PRIV_KEY }}" > priv_key
echo "${{ secrets.SFTPPLUS_BIN_HOST_KEY }}" > ~/.ssh/known_hosts
./publish_dist.sh ; rm priv_key