fix(sysroot): incorrect sysroot path #290
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "build.yml" | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| type: "boolean" | |
| description: "Run the build with tmate debugging enabled" | |
| merge_group: | |
| push: | |
| branches: | |
| - "main" | |
| concurrency: | |
| group: "${{ github.workflow }}:${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| matrix: | |
| permissions: | |
| issues: "write" | |
| pull-requests: "write" | |
| packages: "write" | |
| contents: "write" | |
| id-token: "write" | |
| name: "matrix" | |
| runs-on: | |
| - "ubuntu-latest" | |
| outputs: | |
| matrix: "${{ steps.matrix.outputs.matrix }}" | |
| steps: | |
| - uses: "actions/checkout@v4" | |
| - uses: "dtolnay/rust-toolchain@stable" | |
| - uses: "cargo-bins/cargo-binstall@main" | |
| - name: "install sqlite3" | |
| run: | | |
| set -euxo pipefail | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends sqlite3 | |
| - name: "install whyq" | |
| run: | | |
| set -euxo pipefail | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends jq | |
| cargo binstall --no-confirm whyq | |
| - name: "generate test matrix" | |
| id: "matrix" | |
| run: | | |
| set -euxo pipefail | |
| yq \ | |
| --compact-output \ | |
| --raw-output \ | |
| '"matrix=" + (.matrix | tostring)' builds.yml \ | |
| | tee -a "${GITHUB_OUTPUT}" | |
| - name: "report build plan" | |
| run: | | |
| ./scripts/plan.sh "${GITHUB_STEP_SUMMARY}" | |
| run: | |
| name: "run" | |
| needs: | |
| - matrix | |
| runs-on: | |
| - "lab" | |
| timeout-minutes: 300 | |
| strategy: | |
| max-parallel: 2 | |
| matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }} | |
| permissions: | |
| issues: "write" | |
| pull-requests: "write" | |
| packages: "write" | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - name: "log KUBE_NODE" | |
| run: | | |
| echo "$KUBE_NODE" | |
| - uses: "actions/checkout@v4" | |
| - name: "install nix" | |
| uses: "cachix/install-nix-action@v30" | |
| - name: "login to ghcr.io" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - uses: "dtolnay/rust-toolchain@stable" | |
| - uses: "cargo-bins/cargo-binstall@main" | |
| - run: | | |
| cargo binstall --no-confirm just | |
| - name: "confirm sources" | |
| run: | | |
| ./scripts/confirm-sources.sh | |
| - name: "build + push" | |
| run: | | |
| just --yes debug=true max_nix_builds=1 rust="${{ matrix.toolchain.key }}" push | |
| - name: "Install SBOM generator dependencies" | |
| run: | | |
| for f in /tmp/dpdk-sys/builds/*; do | |
| [ -h "$f" ] && rm "$f" | |
| done | |
| cargo binstall --no-confirm csview | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends graphviz | |
| - name: "generate SBOM" | |
| run: | | |
| ./scripts/sbom.sh | |
| - name: "step summary" | |
| continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB | |
| run: | | |
| cat "/tmp/dpdk-sys/builds/env.sysroot.summary.md" >> "${GITHUB_STEP_SUMMARY}" | |
| - name: "remove links from /tmp/dpdk-sys/builds" | |
| run: | | |
| for f in /tmp/dpdk-sys/builds/*; do | |
| [ -h "$f" ] && rm "$f" | |
| done | |
| - uses: "actions/upload-artifact@v4" | |
| with: | |
| name: "builds-${{ matrix.toolchain.key }}" | |
| path: "/tmp/dpdk-sys/builds" | |
| - name: "outdated packages (gnu64)" | |
| uses: "actions/github-script@v7" | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| script: | | |
| let fs = require('fs'); | |
| let body = "<details>\n"; | |
| body += "<summary>\n\n"; | |
| body += "## Outdated packages (gnu64):\n\n"; | |
| body += "</summary>\n\n"; | |
| body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md'); | |
| body += "\n</details>\n"; | |
| const maxLength = 65535; | |
| if (body.length > maxLength) { | |
| const warning = "\n...output truncated due to length limits...\n"; | |
| body = body.slice(0, maxLength - warning.length) + warning; | |
| } | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: body | |
| }); | |
| - name: "Vulnerable packages (gnu64)" | |
| uses: "actions/github-script@v7" | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| script: | | |
| let fs = require('fs'); | |
| let body = "<details>\n"; | |
| body += "<summary>\n\n"; | |
| body = "## Vulnerable packages (gnu64):\n"; | |
| body += "</summary>\n\n"; | |
| body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md'); | |
| body += "\n</details>\n"; | |
| const maxLength = 65535; | |
| if (body.length > maxLength) { | |
| const warning = "\n...output truncated due to length limits...\n"; | |
| body = body.slice(0, maxLength - warning.length) + warning; | |
| } | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: body | |
| }); | |
| - name: "Setup tmate session for debug" | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: "mxschmitt/action-tmate@v3" | |
| timeout-minutes: 60 | |
| with: | |
| limit-access-to-actor: true | |
| summary: | |
| name: "summary" | |
| if: ${{ always() }} | |
| runs-on: | |
| - "ubuntu-latest" | |
| needs: | |
| - run | |
| steps: | |
| - name: "Flag any build matrix failures" | |
| if: ${{ needs.run.result != 'success' }} | |
| run: | | |
| >&2 echo "A critical step failed!" | |
| exit 1 |