-
Notifications
You must be signed in to change notification settings - Fork 56
160 lines (151 loc) · 5.19 KB
/
build-manual.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
on:
workflow_dispatch:
inputs:
branch:
description: "Branch to build off."
default: "main"
type: choice
options:
- main
- dev
- dev-rspm
product:
description: "The product/path to build."
required: true
type: choice
options:
- connect
- connect-content-init
- content/base
- content/pro
- package-manager
- product/base
- product/pro
- r-session-complete
- workbench
- workbench-for-microsoft-azure-ml
os:
description: "Which OS to build. WARNING: Not all OSes may be present for all products."
required: false
default: "ubuntu2204"
type: choice
options:
- ubuntu2204
- ubuntu1804
- centos7
type:
description: "The type of image being built."
required: false
default: "preview"
type: choice
options:
- preview
- daily
- release
use_s3_download_url:
description: "Force build to download binaries directly from S3 where applicable."
required: false
default: false
type: boolean
version:
description: "The version to build. Use 'auto' to target the latest build."
required: false
default: "auto"
type: string
push:
description: "Flag to push the image after build."
required: false
default: false
type: boolean
name: Manual - Build, Test, Scan, and Push
jobs:
build:
runs-on: ubuntu-latest
name: manual-build
permissions:
contents: read
packages: write
steps:
- name: Check Out Repo
uses: actions/checkout@v3
with:
ref: ${{ inputs.branch }}
- name: Set up Just
uses: extractions/setup-just@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Get Version
id: get-version
run: |
if [[ "${{ inputs.version }}" == "auto" ]]; then
VERSION=`just -f ci.Justfile get-version ${{ inputs.product }} --type=${{ inputs.type }} --local`
else
VERSION="${{ inputs.version }}"
fi
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT
- name: Get build args
id: get-build-args
run: |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
ARGS_CMD=""
USE_S3_DOWNLOAD_URL=""
VERSION_OVERRIDES=""
if [[ "${{inputs.os}}" == "centos7" ]]; then
# FIXME(ianpittwood): This is probably a silly way of doing this. We don't have CentOS builds for later
# Python versions so we need to override them. This is done via matrix in the release CI
# but we don't have that here. We're also limited by the 10 input cap so these can't be
# passed by the user alongside R versions as I would've liked to do.
VERSION_OVERRIDES="PYTHON_VERSION=3.9.14 PYTHON_VERSION_ALT=3.8.15"
fi
if [[ "${{ inputs.type }}" == "release" ]]; then
ARGS_CMD="get-product-args"
if [[ "${{ inputs.use_s3_download_url }}" == "true" ]]; then
USE_S3_DOWNLOAD_URL="${{ inputs.use_s3_download_url }}"
fi
else
ARGS_CMD="get-prerelease-args ${{inputs.type}}"
fi
BUILD_ARGS=$( \
just -f ci.Justfile \
${VERSION_OVERRIDES} \
${ARGS_CMD} \
${{ inputs.product }} \
${{ inputs.os }} \
${{ steps.get-version.outputs.VERSION }} \
${USE_S3_DOWNLOAD_URL} \
)
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT
echo "$EOF" >> $GITHUB_OUTPUT
- name: Get tags
id: get-tags
run: |
ARGS_CMD=""
if [[ "${{ inputs.type }}" == "release" ]]; then
ARGS_CMD="get-product-tags"
else
ARGS_CMD="get-prerelease-tags ${{inputs.type}}"
fi
IMAGE_TAGS=$( \
just -f ci.Justfile \
${ARGS_CMD} \
${{ inputs.product }} \
${{ inputs.os }} \
${{ steps.get-version.outputs.VERSION }} \
)
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT
- name: Build/Test/Scan/Push manual build image
uses: ./.github/actions/build-test-scan-push
with:
context: ./${{ inputs.product }}
os: ${{ inputs.os }}
product: ${{ inputs.product }}
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }}
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }}
push-image: ${{ inputs.push }}
snyk-token: ${{ secrets.SNYK_TOKEN }}
snyk-org-id: ${{ secrets.SNYK_ORG_ID }}
ghcr-token: ${{ secrets.GITHUB_TOKEN }}
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }}
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }}
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}'