forked from project-oak/oak
-
Notifications
You must be signed in to change notification settings - Fork 0
142 lines (118 loc) · 4.76 KB
/
reproducibility.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Build Reproducibility Index
# See https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions#example-using-concurrency-to-cancel-any-in-progress-job-or-run
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
on:
push:
branches: [main]
pull_request:
branches: [main]
jobs:
build_reproducibility_index:
runs-on: ubuntu-20.04
permissions:
# Allow the job to update the repo with the latest index.
contents: write
# Allow the job to add a comment to the PR.
pull-requests: write
steps:
- name: Checkout branch
uses: actions/checkout@v2
- name: Checkout hashes
uses: actions/checkout@v2
with:
ref: hashes
path: out
# We need to set up git user details before we can perform git operations.
- name: Git setup
run: |
git config --global user.email "[email protected]"
git config --global user.name "GitHub Actions"
# Copied from https://github.com/jens-maus/RaspberryMatic/blob/ea6b8ce0dd2d53ea88b2766ba8d7f8e1d667281f/.github/workflows/ci.yml#L34-L40
- name: free disk space
run: |
df --human-readable
sudo swapoff --all
sudo rm --force /swapfile
sudo apt clean
docker rmi $(docker image ls --all --quiet)
df --human-readable
- name: Docker pull
timeout-minutes: 10
run: |
./scripts/docker_pull
df --human-readable
# Build artifacts that are supposed to be reproducible.
- name: Build Functions server
run: |
./scripts/docker_run ./scripts/xtask build-oak-functions-server-variants
# Generate an index of the hashes of the reproducible artifacts.
- name: Generate Reproducibility Index
run: |
./scripts/docker_run ./scripts/build_reproducibility_index
# Remove all files from the "out" folder.
- name: Clear "out" folder
run: rm --recursive --force ./out/*
- name: Copy Reproducibility Index
run: cp ./reproducibility_index ./out/
- name: Diff Reproducibility Index
run: |
cd ./out
git add .
git status
git diff --staged | tee ../reproducibility_index.diff
# Print out the index to the logs of the action.
- name: Print Reproducibility Index
run: cat ./reproducibility_index
# Print out the index diff (compared to the previous commit) to the logs of the action.
- name: Print Reproducibility Index diff
run: cat ./reproducibility_index.diff
# From the "out" folder, commit the results and push to the `hashes` branch.
# This step only applies to `push` events (not `pull_request`), even if there are no actual
# changes to commit in the "out" folder (in which case the commit will be empty, but it will
# still be part of the history).
- name: Commit and push (post-merge only)
if: github.event_name == 'push'
run: |
cd ./out
git add .
git status
git diff --staged
git commit --allow-empty --message="Update hashes from ${GITHUB_SHA}"
git push
# Also post a reply on the PR thread with the contents of the index, after merge.
- name: Post Reproducibility Index (post-merge only)
uses: actions/[email protected]
if: github.event_name == 'push'
with:
github-token: ${{secrets.GITHUB_TOKEN}}
script: |
const fs = require('fs').promises;
const reproducibility_index_content = await fs.readFile('./reproducibility_index');
const reproducibility_index_diff_content = await fs.readFile('./reproducibility_index.diff');
const opts = await github.repos.listPullRequestsAssociatedWithCommit({
owner: context.repo.owner,
repo: context.repo.repo,
commit_sha: context.sha
});
// See:
// - https://octokit.github.io/rest.js/v17#previews
// - https://developer.github.com/v3/repos/commits/#list-pull-requests-associated-with-commit
opts.mediaType = {
previews: ['groot']
};
const issues = await github.paginate(opts);
await github.issues.createComment({
issue_number: issues[0].number,
owner: context.repo.owner,
repo: context.repo.repo,
body: `Reproducibility Index:
\`\`\`
${reproducibility_index_content}
\`\`\`
Reproducibility Index diff:
\`\`\`diff
${reproducibility_index_diff_content}
\`\`\`
`});