index #327
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: index | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
schedule: | |
- cron: '0 */24 * * *' | |
jobs: | |
update-revisions: | |
runs-on: ubuntu-latest | |
outputs: | |
update_deps: ${{ env.UPDATE_DEPS }} | |
do_update: ${{ env.DO_UPDATE }} | |
if: >- | |
( github.event_name == 'schedule' || | |
github.event_name == 'push' || | |
github.event_name == 'workflow_dispatch' || | |
github.event.inputs.check-for-updates ) | |
steps: | |
- name: Checkout this repository | |
id: checkout | |
uses: actions/checkout@v3 | |
- name: Check for new commits in tested repositories | |
id: check | |
# The script update-deps.py defines the following environment variables: | |
# DO_UPDATE : boolean | |
# If set to true, then there is at least one update required | |
# COMMIT_MSG_FILE : string | |
# Name of file containing the commit message used by bot | |
if: github.event_name != 'workflow_dispatch' | |
run: | | |
apt -y update && apt -y install python3 python3-pip | |
pip install -r requirements.txt | |
python3 update-deps.py | |
echo "UPDATE_DEPS=$(cat update-deps.json)" >> $GITHUB_ENV | |
- name: (Workflow dispatch) Configure build commit | |
id: workflow_dispatch_update | |
if: github.event_name == 'workflow_dispatch' | |
run: | | |
echo "DO_UPDATE=true" | tee -a "$GITHUB_ENV" | |
echo "UPDATE_DEPS=$(cat deps.json)" | tee -a "$GITHUB_ENV" | |
echo "Workflow dispatch update" > commit_message.txt | |
echo "COMMIT_MSG_FILE=commit_message.txt" | tee -a "$GITHUB_ENV" | |
- name: Print environment variables | |
id: print | |
run: | | |
echo "DO_UPDATE="${{ env.DO_UPDATE }} | |
echo "UPDATE_DEPS="${{ env.UPDATE_DEPS }} | |
echo "COMMIT_MSG_FILE="${{ env.COMMIT_MSG_FILE }} | |
- name: Update revisions | |
id: update | |
if: ${{ env.DO_UPDATE != 'False' || github.event_name == 'workflow_dispatch' }} | |
run: | | |
git config --global user.name 'github-actions[bot]' | |
git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com' | |
git commit -a --allow-empty -F ${{ env.COMMIT_MSG_FILE }} | |
git push origin master | |
index-cores: | |
needs: update-revisions | |
if: ${{ needs.update-revisions.outputs.do_update != 'False' }} | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: ${{ fromJson( needs.update-revisions.outputs.update_deps ) }} | |
env: | |
IMAGE: ${{ secrets.IMAGE }} | |
steps: | |
- name: Checkout this repository | |
uses: actions/checkout@v3 | |
- name: Set environment variables | |
shell: bash | |
run: | | |
echo "REPOSITORY_NAME=${{ matrix.cores.repository_name }}" >> $GITHUB_ENV | |
echo "REPOSITORY_URL=${{ matrix.cores.repository_url }}" >> $GITHUB_ENV | |
echo "REPOSITORY_BRANCH=${{ matrix.cores.repository_branch }}" >> $GITHUB_ENV | |
echo "REPOSITORY_REV=${{ matrix.cores.repository_revision }}" >> $GITHUB_ENV | |
- name: Update commit status (pending) | |
# Status is set automatically for all commits except those created with GH Action | |
if: ${{ needs.update-revisions.outputs.do_update }} | |
run: ./set-status ${{ secrets.GITHUB_TOKEN }} $(git rev-parse HEAD) pending | |
- name: index-core | |
uses: antmicro/[email protected] | |
with: | |
repository_name: ${{ env.REPOSITORY_NAME }} | |
repository_url: ${{ env.REPOSITORY_URL }} | |
repository_branch: ${{ env.REPOSITORY_BRANCH }} | |
repository_revision: ${{ env.REPOSITORY_REV }} | |
- uses: actions/download-artifact@v3 | |
id: download-artifact | |
with: | |
name: server-files | |
- name: Extract artifacts .tar archive | |
run: | | |
ls -al | |
mkdir artifacts | |
tar -xf server-files-${{ env.REPOSITORY_NAME }}.tar -C artifacts | |
- name: Build container image | |
run: docker build --tag $IMAGE:${{ env.REPOSITORY_NAME }} . | |
- name: Login to GitHub Container Registry (GHCR) | |
if: github.event_name != 'pull_request' && github.repository == 'antmicro/verible-indexer' | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: gha | |
password: ${{ github.token }} | |
- name: Push container image to GitHub Container Registry (GHCR) | |
if: github.event_name != 'pull_request' && github.repository == 'antmicro/verible-indexer' | |
run: docker push $IMAGE:${{ env.REPOSITORY_NAME }} | |
- name: Update commit status to build result | |
if: always() && ${{ needs.update-revisions.outputs.do_update }} | |
run: ./set-status ${{ secrets.GITHUB_TOKEN }} $(git rev-parse HEAD) ${{ job.status }} | |
setup-default-service: | |
needs: update-revisions | |
if: >- | |
( needs.update-revisions.outputs.do_update != 'False' && | |
github.event_name != 'pull_request' && | |
github.repository == 'antmicro/verible-indexer' ) | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
id-token: write | |
env: | |
GCR: ${{ secrets.GCR }} | |
APP_ENGINE_PROJECT: ${{ secrets.APP_ENGINE_PROJECT }} | |
DEFAULT_SERVICE_IMAGE_NAME: ${{ secrets.DEFAULT_SERVICE_IMAGE_NAME }} | |
steps: | |
- name: Checkout this repository | |
uses: actions/checkout@v3 | |
- id: gcp-auth | |
name: GCP Authentcation | |
uses: google-github-actions/auth@v1 | |
with: | |
service_account: ${{ secrets.GCP_SA }} | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
cleanup_credentials: true | |
create_credentials_file: true | |
export_environment_variables: false | |
- name: Setup gcloud | |
uses: google-github-actions/setup-gcloud@v1 | |
env: | |
GOOGLE_GHA_CREDS_PATH: ${{ steps.gcp-auth.outputs.credentials_file_path }} | |
with: | |
project_id: ${{ secrets.APP_ENGINE_PROJECT }} | |
version: '>= 363.0.0' | |
- name: Check default service | |
id: check-default | |
run: echo "service-exists=$(gcloud app services list | grep default | wc -l)" >> "$GITHUB_OUTPUT" | |
- name: Authenticate docker | |
if: ${{ steps.check-default.outputs.service-exists == 0 }} | |
run: | | |
gcloud auth configure-docker | |
- name: Build default service | |
if: ${{ steps.check-default.outputs.service-exists == 0 }} | |
run: docker build -t $GCR/$DEFAULT_SERVICE_IMAGE_NAME service | |
- name: Push image to Google Container Registry (GCR) | |
if: ${{ steps.check-default.outputs.service-exists == 0 }} | |
run: docker push $GCR/$DEFAULT_SERVICE_IMAGE_NAME | |
- name: Create default service | |
if: ${{ steps.check-default.outputs.service-exists == 0 }} | |
run: gcloud app deploy service/app.yaml --quiet --project $APP_ENGINE_PROJECT --image-url=$GCR/$DEFAULT_SERVICE_IMAGE_NAME --version=v1 | |
- name: Stop deafult service | |
if: ${{ steps.check-default.outputs.service-exists == 0 }} | |
run: gcloud app versions stop v1 --quiet --project $APP_ENGINE_PROJECT --service=default | |
deploy-to-gcp: | |
needs: [ index-cores, setup-default-service, update-revisions ] | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: ${{ fromJson( needs.update-revisions.outputs.update_deps ) }} | |
env: | |
REPOSITORY_NAME: ${{ matrix.cores.repository_name }} | |
APP_ENGINE_PROJECT: ${{ secrets.APP_ENGINE_PROJECT }} | |
GCR: ${{ secrets.GCR }} | |
IMAGE: ${{ secrets.IMAGE }} | |
IMAGE_NAME: ${{ secrets.IMAGE_NAME }} | |
steps: | |
- name: Checkout this repository | |
uses: actions/checkout@v3 | |
- id: gcp-auth | |
name: GCP Authentcation | |
uses: google-github-actions/auth@v1 | |
with: | |
service_account: ${{ secrets.GCP_SA }} | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
cleanup_credentials: true | |
create_credentials_file: true | |
export_environment_variables: false | |
- name: Setup gcloud | |
uses: google-github-actions/setup-gcloud@v1 | |
env: | |
GOOGLE_GHA_CREDS_PATH: ${{ steps.gcp-auth.outputs.credentials_file_path }} | |
with: | |
project_id: ${{ secrets.APP_ENGINE_PROJECT }} | |
version: '>= 363.0.0' | |
- name: Authenticate docker | |
run: | | |
gcloud auth configure-docker | |
- name: Push container image to Google Container Registry (GCR) | |
run: | | |
docker pull $IMAGE:$REPOSITORY_NAME | |
docker tag $IMAGE:$REPOSITORY_NAME $GCR/$IMAGE_NAME:$REPOSITORY_NAME | |
docker push $GCR/$IMAGE_NAME:$REPOSITORY_NAME | |
- name: Set service name | |
run: | | |
echo "service: $(echo ${REPOSITORY_NAME//_/-} | tr '[:upper:]' '[:lower:]')" >> service/app.yaml | |
- name: Deploy App Engine's service | |
run: gcloud app deploy service/app.yaml --quiet --project $APP_ENGINE_PROJECT --image-url $GCR/$IMAGE_NAME:$REPOSITORY_NAME --version v1 --promote | |
gcr-cleaner: | |
needs: [ deploy-to-gcp ] | |
permissions: | |
contents: read | |
id-token: write | |
runs-on: ubuntu-latest | |
env: | |
GCR: ${{ secrets.GCR }} | |
IMAGE_NAME: ${{ secrets.IMAGE_NAME }} | |
KEEP_IMAGES: 10 | |
steps: | |
- name: Checkout this repository | |
uses: actions/checkout@v3 | |
- id: gcp-auth | |
name: GCP Authentcation | |
uses: google-github-actions/auth@v1 | |
with: | |
service_account: ${{ secrets.GCP_SA }} | |
workload_identity_provider: ${{ secrets.WORKLOAD_IDENTITY_PROVIDER }} | |
cleanup_credentials: true | |
create_credentials_file: true | |
export_environment_variables: false | |
- name: Setup gcloud | |
uses: google-github-actions/setup-gcloud@v1 | |
env: | |
GOOGLE_GHA_CREDS_PATH: ${{ steps.gcp-auth.outputs.credentials_file_path }} | |
with: | |
project_id: ${{ secrets.APP_ENGINE_PROJECT }} | |
version: '>= 363.0.0' | |
- name: Remove old images from GCR | |
run: | | |
TAGGED_IMAGES=$(gcloud container images list-tags $GCR/$IMAGE_NAME --filter="tags:*" --format="get(digest)" | wc -l) | |
gcloud container images list-tags $GCR/$IMAGE_NAME --filter="NOT tags:*" --format="get(digest)" --sort-by="~timestamp" | tail -n +$(($KEEP_IMAGES * $TAGGED_IMAGES + 1)) | xargs -I _ gcloud container images delete --quiet $GCR/$IMAGE_NAME@_ |