-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
internal/ci: initial commit of working CI
Change-Id: I6af7953873972be09edaa5fb04126f719f0c8737 Signed-off-by: Paul Jolly <[email protected]>
Showing
19 changed files
with
2,557 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,138 @@ | ||
# Code generated internal/ci/ci_tool.cue; DO NOT EDIT. | ||
|
||
name: Evict caches | ||
"on": | ||
schedule: | ||
- cron: 0 2 * * * | ||
jobs: | ||
test: | ||
if: ${{github.repository == 'cue-lang/cue-api-java'}} | ||
runs-on: ubuntu-22.04 | ||
defaults: | ||
run: | ||
shell: bash | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
fetch-depth: 0 | ||
- name: Reset git directory modification times | ||
run: touch -t 202211302355 $(find * -type d) | ||
- name: Restore git file modification times | ||
uses: chetan/git-restore-mtime-action@075f9bc9d159805603419d50f794bd9f33252ebe | ||
- id: DispatchTrailer | ||
name: Try to extract Dispatch-Trailer | ||
run: |- | ||
x="$(git log -1 --pretty='%(trailers:key=Dispatch-Trailer,valueonly)')" | ||
if [[ "$x" == "" ]] | ||
then | ||
# Some steps rely on the presence or otherwise of the Dispatch-Trailer. | ||
# We know that we don't have a Dispatch-Trailer in this situation, | ||
# hence we use the JSON value null in order to represent that state. | ||
# This means that GitHub expressions can determine whether a Dispatch-Trailer | ||
# is present or not by checking whether the fromJSON() result of the | ||
# output from this step is the JSON value null or not. | ||
x=null | ||
fi | ||
echo "value<<EOD" >> $GITHUB_OUTPUT | ||
echo "$x" >> $GITHUB_OUTPUT | ||
echo "EOD" >> $GITHUB_OUTPUT | ||
- if: |- | ||
((github.ref == 'refs/heads/main') && (! (contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"')))) && (contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"')) | ||
name: Check we don't have Dispatch-Trailer on a protected branch | ||
run: |- | ||
echo "github.event.head_commit.message contains Dispatch-Trailer" | ||
echo "github.event.head_commit.message value" | ||
cat <<EOD | ||
${{ github.event.head_commit.message }} | ||
EOD | ||
echo "containsDispatchTrailer expression" | ||
cat <<EOD | ||
(contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"')) | ||
EOD | ||
false | ||
- name: Delete caches | ||
run: |- | ||
set -x | ||
echo ${{ secrets.CUECKOO_GITHUB_PAT }} | gh auth login --with-token | ||
gh extension install actions/gh-actions-cache | ||
for i in https://github.com/cue-lang/cue-api-java https://github.com/cue-lang/cue-api-java-trybot | ||
do | ||
echo "Evicting caches for $i" | ||
cd $(mktemp -d) | ||
git init -b initialbranch | ||
git remote add origin $i | ||
for j in $(gh actions-cache list -L 100 | grep refs/ | awk '{print $1}') | ||
do | ||
gh actions-cache delete --confirm $j | ||
done | ||
done | ||
- name: Trigger workflow runs to repopulate caches | ||
run: |- | ||
# Prepare git for pushes to trybot repo. Note | ||
# because we have already checked out code we don't | ||
# need origin. Fetch origin default branch for later use | ||
git config user.name cueckoo | ||
git config user.email [email protected] | ||
git config http.https://github.com/.extraheader "AUTHORIZATION: basic $(echo -n cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }} | base64)" | ||
git remote add trybot https://github.com/cue-lang/cue-api-java-trybot | ||
# Now trigger the most recent workflow run on each of the default branches. | ||
# We do this by listing all the branches on the main repo and finding those | ||
# which match the protected branch patterns (globs). | ||
for j in $(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" -f https://api.github.com/repos/cue-lang/cue-api-java/branches | jq -r '.[] | .name') | ||
do | ||
for i in main | ||
do | ||
if [[ "$j" != $i ]]; then | ||
continue | ||
fi | ||
echo Branch: $j | ||
sha=$(curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" "https://api.github.com/repos/cue-lang/cue-api-java/commits/$j" | jq -r '.sha') | ||
echo Latest commit: $sha | ||
echo "Trigger workflow on cue-lang/cue-api-java" | ||
curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/cue-api-java/actions/workflows/trybot.yml/dispatches -d "{\"ref\":\"$j\"}" | ||
# Ensure that the trybot repo has the latest commit for | ||
# this branch. If the force-push results in a commit | ||
# being pushed, that will trigger the trybot workflows | ||
# so we don't need to do anything, otherwise we need to | ||
# trigger the most recent commit on that branch | ||
git remote -v | ||
git fetch origin refs/heads/$j | ||
git log -1 FETCH_HEAD | ||
success=false | ||
for try in {1..20}; do | ||
echo "Push to trybot try $try" | ||
exitCode=0; push="$(git push -f trybot FETCH_HEAD:$j 2>&1)" || exitCode=$? | ||
echo "$push" | ||
if [[ $exitCode -eq 0 ]]; then | ||
success=true | ||
break | ||
fi | ||
sleep 1 | ||
done | ||
if ! $success; then | ||
echo "Giving up" | ||
exit 1 | ||
fi | ||
if echo "$push" | grep up-to-date | ||
then | ||
# We are up-to-date, i.e. the push did nothing, hence we need to trigger a workflow_dispatch | ||
# in the trybot repo. | ||
echo "Trigger workflow on cue-lang/cue-api-java-trybot" | ||
curl -s -L -H "Accept: application/vnd.github+json" -H "Authorization: Bearer ${{ secrets.CUECKOO_GITHUB_PAT }}" -H "X-GitHub-Api-Version: 2022-11-28" --fail-with-body -X POST https://api.github.com/repos/cue-lang/cue-api-java-trybot/actions/workflows/trybot.yml/dispatches -d "{\"ref\":\"$j\"}" | ||
else | ||
echo "Force-push to cue-lang/cue-api-java-trybot did work; nothing to do" | ||
fi | ||
done | ||
done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,50 @@ | ||
# Code generated internal/ci/ci_tool.cue; DO NOT EDIT. | ||
|
||
name: Push tip to trybot | ||
"on": | ||
push: | ||
branches: | ||
- main | ||
concurrency: push_tip_to_trybot | ||
jobs: | ||
push: | ||
runs-on: ubuntu-22.04 | ||
defaults: | ||
run: | ||
shell: bash | ||
if: ${{github.repository == 'cue-lang/cue-api-java'}} | ||
steps: | ||
- name: Write netrc file for cueckoo Gerrithub | ||
run: |- | ||
cat <<EOD > ~/.netrc | ||
machine review.gerrithub.io | ||
login cueckoo | ||
password ${{ secrets.CUECKOO_GERRITHUB_PASSWORD }} | ||
EOD | ||
chmod 600 ~/.netrc | ||
- name: Push tip to trybot | ||
run: |- | ||
mkdir tmpgit | ||
cd tmpgit | ||
git init -b initialbranch | ||
git config user.name cueckoo | ||
git config user.email [email protected] | ||
git config http.https://github.com/.extraheader "AUTHORIZATION: basic $(echo -n cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }} | base64)" | ||
git remote add origin https://review.gerrithub.io/a/cue-lang/cue-api-java | ||
git remote add trybot https://github.com/cue-lang/cue-api-java-trybot | ||
git fetch origin "${{ github.ref }}" | ||
success=false | ||
for try in {1..20}; do | ||
echo "Push to trybot try $try" | ||
if git push -f trybot "FETCH_HEAD:${{ github.ref }}"; then | ||
success=true | ||
break | ||
fi | ||
sleep 1 | ||
done | ||
if ! $success; then | ||
echo "Giving up" | ||
exit 1 | ||
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,112 @@ | ||
# Code generated internal/ci/ci_tool.cue; DO NOT EDIT. | ||
|
||
name: TryBot | ||
"on": | ||
push: | ||
branches: | ||
- ci/test | ||
- main | ||
pull_request: {} | ||
workflow_dispatch: {} | ||
jobs: | ||
test: | ||
runs-on: ubuntu-22.04 | ||
defaults: | ||
run: | ||
shell: bash | ||
if: |- | ||
(contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"trybot"')) || ! (contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"')) | ||
steps: | ||
- name: Checkout code | ||
uses: actions/checkout@v4 | ||
with: | ||
ref: ${{ github.event.pull_request.head.sha }} | ||
fetch-depth: 0 | ||
- name: Reset git directory modification times | ||
run: touch -t 202211302355 $(find * -type d) | ||
- name: Restore git file modification times | ||
uses: chetan/git-restore-mtime-action@075f9bc9d159805603419d50f794bd9f33252ebe | ||
- id: DispatchTrailer | ||
name: Try to extract Dispatch-Trailer | ||
run: |- | ||
x="$(git log -1 --pretty='%(trailers:key=Dispatch-Trailer,valueonly)')" | ||
if [[ "$x" == "" ]] | ||
then | ||
# Some steps rely on the presence or otherwise of the Dispatch-Trailer. | ||
# We know that we don't have a Dispatch-Trailer in this situation, | ||
# hence we use the JSON value null in order to represent that state. | ||
# This means that GitHub expressions can determine whether a Dispatch-Trailer | ||
# is present or not by checking whether the fromJSON() result of the | ||
# output from this step is the JSON value null or not. | ||
x=null | ||
fi | ||
echo "value<<EOD" >> $GITHUB_OUTPUT | ||
echo "$x" >> $GITHUB_OUTPUT | ||
echo "EOD" >> $GITHUB_OUTPUT | ||
- if: |- | ||
((github.ref == 'refs/heads/main') && (! (contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"')))) && (contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"')) | ||
name: Check we don't have Dispatch-Trailer on a protected branch | ||
run: |- | ||
echo "github.event.head_commit.message contains Dispatch-Trailer" | ||
echo "github.event.head_commit.message value" | ||
cat <<EOD | ||
${{ github.event.head_commit.message }} | ||
EOD | ||
echo "containsDispatchTrailer expression" | ||
cat <<EOD | ||
(contains(github.event.head_commit.message, ' | ||
Dispatch-Trailer: {"type":"')) | ||
EOD | ||
false | ||
- uses: cue-lang/[email protected] | ||
with: | ||
version: v0.8.0 | ||
- name: Early git and code sanity checks | ||
run: |- | ||
# Ensure that commit messages have a blank second line. | ||
# We know that a commit message must be longer than a single | ||
# line because each commit must be signed-off. | ||
if git log --format=%B -n 1 HEAD | sed -n '2{/^$/{q1}}'; then | ||
echo "second line of commit message must be blank" | ||
exit 1 | ||
fi | ||
# All authors, including co-authors, must have a signed-off trailer by email. | ||
# Note that trailers are in the form "Name <email>", so grab the email with sed. | ||
# For now, we require the sorted lists of author and signer emails to match. | ||
# Note that this also fails if a commit isn't signed-off at all. | ||
# | ||
# In Gerrit we already enable a form of this via https://gerrit-review.googlesource.com/Documentation/project-configuration.html#require-signed-off-by, | ||
# but it does not support co-authors nor can it be used when testing GitHub PRs. | ||
commit_authors="$( | ||
{ | ||
git log -1 --pretty='%ae' | ||
git log -1 --pretty='%(trailers:key=Co-authored-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' | ||
} | sort -u | ||
)" | ||
commit_signers="$( | ||
{ | ||
git log -1 --pretty='%(trailers:key=Signed-off-by,valueonly)' | sed -ne 's/.* <\(.*\)>/\1/p' | ||
} | sort -u | ||
)" | ||
if [[ "${commit_authors}" != "${commit_signers}" ]]; then | ||
echo "Error: commit author email addresses do not match signed-off-by trailers" | ||
echo | ||
echo "Authors:" | ||
echo "${commit_authors}" | ||
echo | ||
echo "Signers:" | ||
echo "${commit_signers}" | ||
exit 1 | ||
fi | ||
- name: Re-generate CI | ||
run: |- | ||
cue cmd importjsonschema ./vendor | ||
cue cmd gen | ||
working-directory: ./internal/ci | ||
- name: Check that git is clean at the end of the job | ||
run: test -z "$(git status --porcelain)" || (git status; git diff; false) |
Oops, something went wrong.