-
Notifications
You must be signed in to change notification settings - Fork 8
214 lines (195 loc) · 9.21 KB
/
build_and_test.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
name: Build and Run All Tests
# We use action's triggers 'push' and 'pull_request'.
# The strategy is the following: this action will be
# triggered on any push to 'main' branch and any pull
# request to any branch. Thus we avoid duplicate work-
# flows.
on:
push:
branches:
- "main"
pull_request:
branches:
- "**"
workflow_dispatch:
inputs:
# Live debug failures using tmate by toggling input parameter
# 'debug_enabled':
# https://github.com/mxschmitt/action-tmate#manually-triggered-debug
# When manually running this workflow:
# https://docs.github.com/en/actions/managing-workflow-runs/manually-running-a-workflow
debug_enabled:
description: "Enable tmate debugging"
type: boolean
default: false
env:
XCODE_VERSION: 14.3.1
jobs:
check-secrets:
name: Check Secrets
# There is no reason to run that job on the 'macos-13' or 'macos-13-xlarge,
# which are more expensive runners, since we are just checking the secrets.
runs-on: ubuntu-latest
steps:
- name: Fail if GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS secret is missing
env:
secret: ${{ secrets.GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS }}
if: ${{ env.secret == '' }}
run: echo "Missing secret 'GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS'"; exit 1
linux-test:
name: Test eventuals on Linux
needs: [check-secrets]
runs-on: 64_core_GitHub_hosted
steps:
- uses: actions/checkout@v2
with:
submodules: "recursive"
- name: Use Bazel remote cache (scoped to this devcontainer version)
env:
# The devcontainer is fully defined by the files in the
# `.devcontainer/` directory, so we can use the hash of those files to
# determine a "version" that changes if and only if the devcontainer
# changes.
#
# By then setting that "version" as an `--action_env` variable, we
# force Bazel to reject cached results from previous devcontainer
# versions. This is intended to prevent cache corruptions due to
# incompatible tooling across devcontainer versions, see:
# https://github.com/reboot-dev/respect/issues/1723
DEVCONTAINER_VERSION: ${{ hashFiles('.devcontainer/') }}
run: |
# The remote bazel cache saves a LOT of time when building in a clean
# environment.
echo "build --remote_cache=https://storage.googleapis.com/reboot-dev-bazel-remote-cache-eventuals-us" >user.bazelrc
# The remote cache credentials are provided by environment variable.
echo "build --google_default_credentials" >>user.bazelrc
# Scope all of the artifacts we'll produce in the remote cache to this
# devcontainer version by adding an `--action_env` variable. This will
# ensure that changes to the devcontainer (which might produce
# incompatible artifacts) don't cause cache corruption.
echo "build --action_env=DEVCONTAINER_VERSION=$DEVCONTAINER_VERSION" >>user.bazelrc
echo "user.bazelrc:"
echo "----"
cat user.bazelrc
echo "----"
- name: Run
uses: devcontainers/[email protected]
env:
# NOTE: the following environment variables are _not_ passed through
# to the devcontainer when it runs, but are available ONLY to
# its `devcontainer.json` (the build step). The
# `devcontainer.json` forwards some of them on to the runtime
# environment of the devcontainer, but that is not a given.
# If you would like to pass environment variables to the
# run-time of the devcontainer, use the `env` section inside the
# `with`; see:
# https://github.com/devcontainers/ci/blob/main/docs/github-action.md#environment-variables
# Specify that this devcontainer build was triggered by this
# YML file so we skip steps that we intend only when using
# Codespaces.
#
# NOTE: while there does exist an 'env' input to
# 'devcontainers/ci', that _only_ changes the environment for
# the 'runCmd', not for the building and creating of the
# devcontainer itself. In contrast, this 'env' section also influences
# the build, as it should.
GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS: ${{ secrets.GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS }}
with:
# The Docker image of the runner will get built based on the
# `.devcontainer/devcontainer.json`, which in our case means it's
# mostly based on the `Dockerfile`.
# We are not using cache for the devcontainer build.
push: never
runCmd: |
bazel \
test \
--config=asan \
--test_env=ASAN_OPTIONS=detect_odr_violation=0 \
--experimental_ui_max_stdouterr_bytes=-1 \
--verbose_failures \
-c dbg \
--strip="never" \
--test_output=errors \
test/... \
--test_arg=--gtest_shuffle \
--test_arg=--gtest_repeat=100
- name: Debug using tmate (if failure)
uses: mxschmitt/action-tmate@v3
# Optionally enable tmate debugging if the workflow was manually-triggered
# with `debug_enabled` set to `true`.
# https://github.com/mxschmitt/action-tmate#manually-triggered-debug
if: ${{ failure() && github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }}
macos-test:
name: Test eventuals on macOS
needs: [check-secrets]
runs-on: ${{ matrix.runner }}
strategy:
matrix:
runner: [macos-13, macos-13-xlarge]
steps:
- name: Install llvm@14
run: |
brew install llvm@14
brew link llvm@14 --force --overwrite
echo 'export PATH="/opt/homebrew/opt/llvm@14/bin:$PATH"' >> $HOME/.bash_profile
- name: Select Xcode
run: |
sudo xcode-select -s /Applications/Xcode_$XCODE_VERSION.app/Contents/Developer
- uses: actions/checkout@v2
with:
submodules: "recursive"
# We need to differentiate between different MacOS environments, like
# arm64 and x86_64 in the remote cache, so we dump information about the
# environment into 'mac_os_environment.txt' and calculate a hash of
# that file later.
- name: Create environment information file for remote-cache
run: |
# Get the architecture and Release version of the runner.
echo $(uname -rsm) >> mac_os_environment.txt
# Get the MacOS version of the runner.
echo $(sw_vers) >> mac_os_environment.txt
- name: Use Bazel remote cache (scoped to this MacOS runner version)
env:
# Setting a hash of "mac_os_environment.txt" as an `--action_env`
# variable, we force Bazel to reject cached results from other
# MacOS environments. This is intended to prevent cache
# corruptions due to incompatible tooling across MacOS runner versions.
# See: https://github.com/reboot-dev/respect/issues/1723
MAC_OS_ENVIRONMENT_VERSION: ${{ hashFiles('mac_os_environment.txt') }}
run: |
# The remote bazel cache saves a LOT of time when building in a clean
# environment.
echo "build --remote_cache=https://storage.googleapis.com/reboot-dev-bazel-remote-cache-eventuals-us" >> user.bazelrc
# The remote cache credentials are provided by environment variable.
echo "build --google_default_credentials" >> user.bazelrc
# Scope all of the artifacts we'll produce in the remote cache to this
# MacOS runner version by adding an `--action_env` variable. This will
# ensure that changes to the MacOS runner (which might produce
# incompatible artifacts) don't cause cache corruption.
echo "build --action_env=MAC_OS_ENVIRONMENT_VERSION=$MAC_OS_ENVIRONMENT_VERSION" >> user.bazelrc
echo "user.bazelrc:"
echo "----"
cat user.bazelrc
echo "----"
- name: Create google_application_credentials.json
env:
GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS: ${{ secrets.GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS }}
run: |
echo "export GOOGLE_APPLICATION_CREDENTIALS=google_application_credentials.json" >> $HOME/.bash_profile
source $HOME/.bash_profile
echo $GCP_GITHUB_INFRA_REMOTE_CACHE_CREDENTIALS > $GOOGLE_APPLICATION_CREDENTIALS
- name: Run
run: |
source $HOME/.bash_profile
bazel \
test \
--test_output=errors \
test/... \
--test_arg=--gtest_shuffle \
--test_arg=--gtest_repeat=100
- name: Debug using tmate (if failure)
uses: mxschmitt/action-tmate@v3
# Optionally enable tmate debugging if the workflow was manually-triggered
# with `debug_enabled` set to `true`.
# https://github.com/mxschmitt/action-tmate#manually-triggered-debug
if: ${{ failure() && github.event_name == 'workflow_dispatch' && github.event.inputs.debug_enabled }}