dash/.github/workflows/guix-build.yml

142 lines
5.0 KiB
YAML
Raw Normal View History

name: Guix Build
permissions:
packages: write
2024-10-22 16:57:23 +02:00
id-token: write
attestations: write
on:
pull_request_target:
push:
jobs:
build-image:
runs-on: ubuntu-latest
outputs:
image-tag: ${{ steps.prepare.outputs.image-tag }}
repo-name: ${{ steps.prepare.outputs.repo-name }}
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
path: dash
feat: Set client version for non-release binaries and version in guix based on git tags (#5653) ## Issue being fixed or feature implemented Client version string is inconsistent. Building `v20.0.0-beta.8` tag locally produces binaries that report `v20.0.0-beta.8` version but binaries built in guix would report `v20.0.0rc1-g3e732a952226a20505f907e4fd9b3fdbb14ea5ee` instead. Building any commit after `v20.0.0-beta.8` locally would result in versions like `v20.0.0rc1-8c94153d2497` which is close but it's still yet another format. And both versions with `rc1` in their names are confusing cause you'd expect them to mention `beta.8` instead maybe (or is it just me? :D ). ## What was done? Change it so that the version string would look like this: on tag: ~`v20.0.0-beta.8-dev` or `v20.0.0-beta.8-gitarc`~ `v20.0.0-beta.8` post-tag: ~`v20.0.0-beta.8-1-gb837e08164-gitarc`~ `v20.0.0-beta.8-1-gb837e08164` post-tag format is `recent tag`-`commits since that tag`-`g+12 chars of commit hash`-`dirty (optional)` ~-`dev or gitarc`~ ~`dev`/`gitarc` suffixes should help avoiding confusion with the release versions and they also indicate the way non-release binaries were built.~ Note that release binaries do not use any of this, they still use `PACKAGE_VERSION` from `configure` like before. Also, `CLIENT_VERSION_RC` is no longer used in this setup so it was removed. Few things aren't clear to me yet: 1. Version bump in `configure.ac` no longer affects the reported version (unless it's an actual release). Are there any downsides I might be missing? 2. Which tag should we use on `develop` once we bump version in configure? `v21.0.0-init`? `v21.0.0-alpha1`? 3. How is it going to behave once `merge master back into develop` kind of PR is merged? E.g. say `develop` branch is on `v21.0.0-alpha1` tag and we merge v20.1.0 from `master` back into it. Will this bring `v20.1.0` release tag into `develop`? Will it become the one that will be used from that moment? If so we will probably need another tag on `develop` every time such PR is merged e.g. `v21.0.0-alpha2` (or whatever the next number is). Don't think these are blockers but would like to hear thoughts from others. ## How Has This Been Tested? Built binaries locally, built them using guix at a specific tag and at some commit on top of it. ## Breaking Changes n/a ## Checklist: - [x] I have performed a self-review of my own code - [x] I have commented my code, particularly in hard-to-understand areas - [ ] I have added or updated relevant unit/integration/functional/e2e tests - [ ] I have made corresponding changes to the documentation - [x] I have assigned this pull request to a milestone _(for repository code-owners and collaborators only)_
2024-01-12 04:43:42 +01:00
fetch-depth: 0
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Commit variables
id: prepare
run: |
echo "hash=$(sha256sum ./dash/contrib/containers/guix/Dockerfile | cut -d ' ' -f1)" >> $GITHUB_OUTPUT
echo "host_user_id=$(id -u)" >> $GITHUB_OUTPUT
echo "host_group_id=$(id -g)" >> $GITHUB_OUTPUT
BRANCH_NAME=$(echo "${GITHUB_REF##*/}" | tr '[:upper:]' '[:lower:]')
REPO_NAME=$(echo "${{ github.repository }}" | tr '[:upper:]' '[:lower:]')
2024-08-24 00:15:31 +02:00
echo "image-tag=${BRANCH_NAME}" >> $GITHUB_OUTPUT
echo "repo-name=${REPO_NAME}" >> $GITHUB_OUTPUT
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build Docker image
uses: docker/build-push-action@v6
with:
context: ${{ github.workspace }}/dash
build-args: |
USER_ID=${{ steps.prepare.outputs.host_user_id }}
GROUP_ID=${{ steps.prepare.outputs.host_group_id }}
build-contexts: |
docker_root=${{ github.workspace }}/dash/contrib/containers/guix
file: ./dash/contrib/containers/guix/Dockerfile
push: true
tags: |
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-guix-builder:${{ steps.prepare.outputs.image-tag }}
ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-guix-builder:latest
cache-from: type=registry,ref=ghcr.io/${{ steps.prepare.outputs.repo-name }}/dashcore-guix-builder:latest
cache-to: type=inline,mode=max
build:
needs: build-image
# runs-on: [ "self-hosted", "linux", "x64", "ubuntu-core" ]
runs-on: ubuntu-latest
# if: ${{ contains(github.event.pull_request.labels.*.name, 'guix-build') }}
strategy:
matrix:
build_target: [x86_64-linux-gnu, arm-linux-gnueabihf, aarch64-linux-gnu, riscv64-linux-gnu, powerpc64-linux-gnu, x86_64-w64-mingw32, x86_64-apple-darwin, arm64-apple-darwin]
timeout-minutes: 480
steps:
- name: Checkout
uses: actions/checkout@v4
with:
ref: ${{ github.event.pull_request.head.sha }}
path: dash
fetch-depth: 0
- name: Cache depends sources
uses: actions/cache@v4
with:
path: dash/depends/sources
key: depends-sources-${{ hashFiles('dash/depends/packages/*') }}
restore-keys: |
depends-sources-
- name: Cache Guix and depends
id: guix-cache-restore
uses: actions/cache@v3
with:
path: |
${{ github.workspace }}/.cache
${{ github.workspace }}/dash/depends/built
${{ github.workspace }}/dash/depends/work
/gnu/store
key: ${{ runner.os }}-guix-${{ matrix.build_target }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-guix-${{ matrix.build_target }}
${{ runner.os }}-guix-
- name: Create .cache folder if missing
if: steps.guix-cache-restore.outputs.cache-hit != 'true'
run: mkdir -p .cache
- name: Run Guix build
timeout-minutes: 480
run: |
docker run --privileged -d --rm -t \
--name guix-daemon \
-v ${{ github.workspace }}/dash:/src/dash \
-v ${{ github.workspace }}/.cache:/home/ubuntu/.cache \
-w /src/dash \
ghcr.io/${{ needs.build-image.outputs.repo-name }}/dashcore-guix-builder:${{ needs.build-image.outputs.image-tag }} && \
docker exec guix-daemon bash -c 'HOSTS=${{ matrix.build_target }} /usr/local/bin/guix-start /src/dash'
- name: Ensure build passes
run: |
if [[ $? != 0 ]]; then
echo "Guix build failed!"
exit 1
fi
- name: Compute SHA256 checksums
continue-on-error: true # It will complain on depending on only some hosts
run: |
2024-08-12 04:36:53 +02:00
HOSTS=${{ matrix.build_target }} ./dash/contrib/containers/guix/scripts/guix-check ${{ github.workspace }}/dash
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: guix-artifacts-${{ matrix.build_target }}
path: |
${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/
2024-10-22 16:57:23 +02:00
- name: Attest build provenance
uses: actions/attest-build-provenance@v1
with:
subject-path: ${{ github.workspace }}/dash/guix-build*/output/${{ matrix.build_target }}/*