| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119 |
- # Part of the Carbon Language project, under the Apache License v2.0 with LLVM
- # Exceptions. See /LICENSE for license information.
- # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
- #
- # This workflow creates a GitHub "release" of a nightly build of the project.
- #
- # Note: This is just an initial rough attempt, there is a lot of future work
- # needed here. A brief summary of TODOs:
- #
- # - Configure a nice release notes template and switch to generating the title
- # and notes instead of hard coding them.
- #
- # - Do some amount of testing prior to building and uploading the release.
- # - Tempting to try to examine existing testing workflow, but maybe better to
- # allow reusing any complex parts and do our own testing. That would, for
- # example, allow us to narrow or expand the set of tests uses for
- # pre-release testing to potentially be different from continuous testing.
- # - Some questions around what to do in the event of a failure... error? Where
- # does the error go? Create a draft, unpublished release instead?
- #
- # - Build artifacts for all the different OSes we have GitHub runners for rather
- # than just x86 Linux.
- name: Nightly Release
- on:
- schedule:
- - cron: '0 2 * * *'
- # Enable manual runs for testing or manually (re-)creating a nightly release.
- workflow_dispatch:
- permissions:
- contents: write # For creating and uploading to releases.
- jobs:
- release:
- runs-on: ubuntu-22.04
- steps:
- - name: Harden Runner
- uses: step-security/harden-runner@58077d3c7e43986b6b15fba718e8ea69e387dfcc # v2.15.1
- with:
- egress-policy: block
- # When adding endpoints, see README.md.
- # prettier-ignore
- allowed-endpoints: >
- *.blob.storage.azure.net:443
- *.githubapp.com:443
- *.sourceforge.net:443
- api.github.com:443
- api.ipify.org:443
- bcr.bazel.build:443
- downloads.sourceforge.net:443
- files.pythonhosted.org:443
- github.com:443
- go.dev:443
- mirror.bazel.build:443
- mirrors.kernel.org:443
- nodejs.org:443
- oauth2.googleapis.com:443
- objects.githubusercontent.com:443
- pypi.org:443
- registry.npmjs.org:443
- release-assets.githubusercontent.com:443
- releases.bazel.build:443
- storage.googleapis.com:443
- uploads.github.com:443
- www.googleapis.com:443
- - name: Checkout branch
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
- - name: Set up remote cache access
- env:
- REMOTE_CACHE_KEY: ${{ secrets.CARBON_BUILDS_GITHUB }}
- run: |
- echo "$REMOTE_CACHE_KEY" | base64 -d > $HOME/remote_cache_key.json
- echo "remote_cache_upload=--google_credentials=$HOME/remote_cache_key.json" \
- >> $GITHUB_ENV
- - uses: ./.github/actions/build-setup-common
- with:
- matrix_runner: ubuntu-22.04
- remote_cache_upload: ${{ env.remote_cache_upload }}
- - name: Get nightly date
- run: |
- echo "nightly_date=$(date '+%Y.%m.%d')" >> $GITHUB_ENV
- - name: Build release
- run: |
- ./scripts/run_bazel.py \
- --attempts=5 --jobs-on-last-attempt=4 \
- test -c opt --stamp --remote_download_toplevel \
- --pre_release=nightly --nightly_date=${{ env.nightly_date }} \
- //toolchain \
- //toolchain/install:carbon_toolchain_tar_gz \
- //toolchain/install:carbon_toolchain_tar_gz_test
- - name: Extract the release version
- run: |
- # Make sure we can run the toolchain to get the version.
- ./bazel-bin/toolchain/carbon version
- # Now stash it in a variable and export it.
- VERSION=$( \
- ./bazel-bin/toolchain/carbon version \
- | cut -d' ' -f5 | cut -d'+' -f1)
- echo "release_version=$VERSION" >> $GITHUB_ENV
- - name: Create the release
- env:
- GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- run: |
- gh release create \
- --title "Nightly build ${{ env.nightly_date }}" \
- --generate-notes \
- --prerelease \
- v${{ env.release_version }} \
- "bazel-bin/toolchain/install/carbon_toolchain-${{ env.release_version }}.tar.gz"
|
