| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210 |
- # Part of the Carbon Language project, under the Apache License v2.0 with LLVM
- # Exceptions. See /LICENSE for license information.
- # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- name: Tests
- on:
- push:
- branches: [trunk, action-test]
- pull_request:
- merge_group:
- permissions:
- contents: read # For actions/checkout.
- pull-requests: read # For dorny/paths-filter to read pull requests.
- # Cancel previous workflows on the PR when there are multiple fast commits.
- # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#concurrency
- concurrency:
- group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
- cancel-in-progress: true
- jobs:
- test:
- strategy:
- matrix:
- # On PRs and in the merge queue test a recent version of each supported
- # OS. On push (post-submit), also run on `macos-12` to get Intel macOS
- # coverage.
- runner:
- ${{ fromJSON(github.event_name != 'push' && '["ubuntu-22.04",
- "macos-14"]' || '["ubuntu-22.04", "macos-14", "macos-12"]') }}
- build_mode: [fastbuild, opt]
- include:
- # The clang-tidy config doesn't work on macos (missing `truncate`).
- - runner: ubuntu-22.04
- build_mode: clang-tidy
- runs-on: ${{ matrix.runner }}
- steps:
- - name: Harden Runner
- uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
- with:
- egress-policy: block
- # When adding endpoints, see README.md.
- # prettier-ignore
- allowed-endpoints: >
- *.dl.sourceforge.net:443
- api.github.com:443
- bcr.bazel.build:443
- downloads.sourceforge.net:443
- github.com:443
- mirrors.kernel.org:443
- nodejs.org:443
- oauth2.googleapis.com:443
- objects.githubusercontent.com:443
- pypi.org:443
- releases.bazel.build:443
- sourceforge.net:443
- storage.googleapis.com:443
- # Checkout the pull request head or the branch.
- - name: Checkout pull request
- if: github.event_name == 'pull_request'
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- with:
- ref: ${{ github.event.pull_request.head.sha }}
- - name: Checkout branch
- if: github.event_name != 'pull_request'
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- # Tests should only run on applicable paths, but we still need to have an
- # action run for the merge queue. We filter steps based on the paths here,
- # and condition steps on the output.
- - id: filter
- uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
- with:
- filters: |
- has_code:
- - '!{**/*.md,LICENSE,CODEOWNERS,.git*}'
- # Disable uploads when the remote cache is read-only.
- - name: Set up remote cache access (read-only)
- if:
- steps.filter.outputs.has_code == 'true' && github.event_name ==
- 'pull_request'
- run: |
- echo "remote_cache_upload=--remote_upload_local_results=false" \
- >> $GITHUB_ENV
- # Provide a cache key when the remote cache is read-write.
- - name: Set up remote cache access (read-write)
- if:
- steps.filter.outputs.has_code == 'true' && github.event_name !=
- 'pull_request'
- env:
- REMOTE_CACHE_KEY: ${{ secrets.CARBON_BUILDS_GITHUB }}
- run: |
- echo "$REMOTE_CACHE_KEY" | base64 -d > $HOME/remote_cache_key.json
- echo "remote_cache_upload=--google_credentials=$HOME/remote_cache_key.json" \
- >> $GITHUB_ENV
- - uses: ./.github/actions/build-setup-common
- if: steps.filter.outputs.has_code == 'true'
- with:
- matrix_runner: ${{ matrix.runner }}
- remote_cache_upload: ${{ env.remote_cache_upload }}
- # Just for visibility, print space before and after the build.
- - name: Disk space before build
- if: steps.filter.outputs.has_code == 'true'
- run: df -h
- - name: Verify MODULE.bazel.lock
- if: steps.filter.outputs.has_code == 'true'
- run: |
- exit_code=0
- ./scripts/run_bazel.py \
- --attempts=5 \
- mod deps --lockfile_mode=error || exit_code=$?
- if (( $exit_code != 0 )); then
- ./scripts/run_bazel.py \
- --attempts=5 \
- mod deps --lockfile_mode=update
- echo "MODULE.bazel.lock is out of date! Use below file for update."
- echo "Platforms may require merging output, for example by applying"
- echo "an update, re-running triggers, and applying the next update."
- echo "============================================================"
- cat MODULE.bazel.lock
- echo "============================================================"
- exit 1
- fi
- # Build and run all targets on branch pushes to ensure we always have a
- # clean tree. We don't expect this to be an interactive path and so don't
- # optimize the latency of this step.
- - name: Compute impacted pull request targets (for push)
- if:
- steps.filter.outputs.has_code == 'true' && github.event_name == 'push'
- env:
- TARGETS_FILE: ${{ runner.temp }}/targets
- run: |
- echo "//..." >$TARGETS_FILE
- # Compute the set of possible rules impacted by this change using
- # Bazel-based diffing. This lets PRs and the merge queue have a much more
- # efficient test CI action by avoiding even enumerating (and downloading)
- # all of the unaffected Bazel targets.
- - name: Compute impacted pull request targets
- if:
- steps.filter.outputs.has_code == 'true' && github.event_name != 'push'
- env:
- # Compute the base SHA from the different event structures.
- GIT_BASE_SHA:
- ${{ github.event_name == 'pull_request' &&
- github.event.pull_request.base.sha ||
- github.event.merge_group.base_sha }}
- TARGETS_FILE: ${{ runner.temp }}/targets
- run: |
- # First fetch the relevant base into the git repository.
- git fetch --depth=1 origin $GIT_BASE_SHA
- # Then use `target-determinator` as wrapped by our script.
- ./scripts/target_determinator.py $GIT_BASE_SHA >$TARGETS_FILE
- # Bazel requires a test target to run the test command. There may be
- # no targets or there may only be non-test targets that we want to
- # build, so simply inject an explicit no-op test target.
- echo "//scripts:no_op_test" >> $TARGETS_FILE
- # Build and run just the tests impacted by the PR or merge group.
- - name: Test (${{ matrix.build_mode }})
- if:
- steps.filter.outputs.has_code == 'true' && matrix.build_mode !=
- 'clang-tidy'
- env:
- # 'libtool_check_unique failed to generate' workaround.
- # https://github.com/bazelbuild/bazel/issues/14113#issuecomment-999794586
- BAZEL_USE_CPP_ONLY_TOOLCHAIN: 1
- TARGETS_FILE: ${{ runner.temp }}/targets
- run: |
- # Decrease the jobs sharply if we see repeated failures to try to
- # work around transient network errors even if it makes things
- # slower.
- ./scripts/run_bazel.py \
- --attempts=5 --jobs-on-last-attempt=4 \
- test -c ${{ matrix.build_mode }} \
- --target_pattern_file=$TARGETS_FILE
- # Run in the clang-tidy config. This is done as part of tests so that we
- # aren't duplicating bazel/llvm setup.
- #
- # The `-k` flag is used to print all clang-tidy errors.
- - name: clang-tidy
- if:
- steps.filter.outputs.has_code == 'true' && matrix.build_mode ==
- 'clang-tidy'
- env:
- TARGETS_FILE: ${{ runner.temp }}/targets
- run: |
- ./scripts/run_bazel.py \
- --attempts=5 \
- build --config=clang-tidy -k \
- --target_pattern_file=$TARGETS_FILE
- # See "Disk space before build".
- - name: Disk space after build
- if: steps.filter.outputs.has_code == 'true'
- run: df -h
|
