Skip to content

Commit

Permalink
chore: add Aspect Workflows GitHub Actions configuration
Browse files Browse the repository at this point in the history
  • Loading branch information
gregmagolan committed Dec 28, 2024
1 parent 4a7b0fc commit 1b50139
Show file tree
Hide file tree
Showing 3 changed files with 252 additions and 0 deletions.
189 changes: 189 additions & 0 deletions .github/workflows/.aspect-workflows-reusable.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,189 @@
# ==================================================================================================
# Aspect Workflows Reusable Workflow for GitHub Actions (v5.12.0-alpha0.dev.68.g41b1e2f)
#
# https://github.com/marketplace/actions/aspect-workflows?version=5.12.0-alpha0.dev.68.g41b1e2f
#
# At this time, GitHub Actions does not allow referencing reusable workflows from public
# repositories in other organizations. See
# https://docs.github.com/en/actions/using-workflows/reusing-workflows#access-to-reusable-workflows
# for more info.
#
# Use the Aspect Workflows Reusable Workflow with GitHub Actions by doing one of the following:
#
# 1. Vendor this file into the `.github/workflows` folder of your repository and reference it with
# `uses:` in a workflow file such as `.github/workflows/aspect-workflows.yaml`:
#
# ```
# name: Aspect Workflows
#
# on:
# push:
# branches: [main]
# pull_request:
# branches: [main]
# workflow_dispatch:
#
# jobs:
# aspect-workflows:
# name: Aspect Workflows
# uses: ./.github/workflows/.aspect-workflows-reusable.yaml
# ```
#
# 2. Create a fork of https://github.com/aspect-build/workflows-action in your
# GitHub org and change the `uses` line above to reference the reusable work
# from your fork:
#
# ```
# jobs:
# aspect-workflows:
# name: Aspect Workflows
# uses: my-github-org/workflows-action/.github/workflows/.aspect-workflows-reusable.yaml@5.12.0-alpha0.dev.68.g41b1e2f
# ```
# ==================================================================================================
name: Aspect Workflows Reusable Workflow (v5.12.0-alpha0.dev.68.g41b1e2f)
on:
# Makes this workflow reusable, see
# https://github.blog/2022-02-10-using-reusable-workflows-github-actions
workflow_call:
inputs:
aspect-config:
description: Path to the Aspect Workflows config.yaml file
type: string
default: .aspect/workflows/config.yaml
delivery-workflow:
description: The name of the file which contains the delivery workflow
type: string
default: aspect-workflows-delivery.yaml
queue:
description: The queue / runner pool that the setup step will run on
type: string
default: aspect-default
slack_webhook_url:
description: 'If set, then a webhook notification will be sent for failing builds on a release branch. Input should match the name of a secret. "secrets: inherit" must also be set'
type: string
inherited_secrets:
description: 'Comma separated list of secrets or regex (Oniguruma) describing secrets to be made available during the build. "secrets: inherit" must also be set. The regex is used by jq internally which uses the Oniguruma regular expression library: https://jqlang.github.io/jq/manual/'
type: string
jobs:
setup:
runs-on: [self-hosted, aspect-workflows, "${{ inputs.queue }}"]
steps:
- uses: actions/checkout@v4
- id: rosetta-generate
run: |
ROSETTA_RESULT=$( \
rosetta steps \
--config ${{ inputs.aspect-config }} \
--gha_task generate \
--gha_json_pretty_print=false \
)
tee "${GITHUB_OUTPUT}" <<< "json=${ROSETTA_RESULT}"
outputs:
cfg: ${{ steps.rosetta-generate.outputs.json }}
bazel:
needs: [setup]
runs-on: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].labels }}
strategy:
fail-fast: false
matrix: ${{ fromJson(needs.setup.outputs.cfg).matrix_config }}
env:
ASPECT_WORKFLOWS_CONFIG: ${{ inputs.aspect-config }}
steps:
- name: Workflows environment
run: ${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/configure_workflows_env
- name: Clone repo
uses: actions/checkout@v4
with:
fetch-depth: ${{ !endsWith(matrix.job, 'lint') && 1 || 2 }}
- name: Agent health check
# Set RUNNER_TRACKER_ID="" to prevent GitHub Actions from killing the Bazel server started
# during health check when "Cleaning up orphan processes" in the "Complete job" step.
# See https://github.com/actions/runner/issues/598.
run: RUNNER_TRACKING_ID="" && ${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/agent_health_check
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].health_check_timeout }}
- name: Process secrets
id: process_secrets
if: inputs.inherited_secrets != ''
run: |
REQUIRED_SECRETS=$(${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/jq -R --compact-output 'gsub("\\s+";"";"g") | split(",")' <<< "${{ inputs.inherited_secrets }}")
FILTERED_SECRETS=$(${{ fromJson(needs.setup.outputs.cfg).platform.directories.WORKFLOWS_BIN_DIR }}/jq --compact-output --argjson secrets "${REQUIRED_SECRETS}" 'with_entries( select (.key | test($secrets[]) ) )' <<< '''${{ toJson(secrets) }}''' )
echo "filtered_secrets=${FILTERED_SECRETS}" | tee ${GITHUB_OUTPUT}
- name: Prepare archive directories
run: rm -rf ${{ join(fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].artifact_paths, ' ') }}
- name: Determine changed files
uses: tj-actions/changed-files@v42
if: endsWith(matrix.job, 'format')
with:
json: true
write_output_files: true
output_dir: ${{ fromJson(needs.setup.outputs.cfg).platform.directories.ARTIFACTS_DIR }}
- name: Checkout health
uses: aspect-build/workflows-action@5.12.0-alpha0.dev.68.g41b1e2f
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].checkout_task_timeout }}
if: fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].has_checkout_task
with:
workspace: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}
task: checkout
- name: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].name }}
uses: aspect-build/workflows-action@5.12.0-alpha0.dev.68.g41b1e2f
env: ${{ inputs.inherited_secrets != '' && fromJson(steps.process_secrets.outputs.filtered_secrets) || fromJson('{}') }}
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].timeout_in_minutes }}
with:
workspace: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}
task: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].task }}
- name: Send notification to Slack
id: slack
# oncall cares about branches that do delivery, so key this on whether we produce a delivery manifest
if: inputs.slack_webhook_url != '' && failure() && fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].generate_manifest
uses: slackapi/slack-github-action@v1.27.0
with:
payload: |
{
"gha_url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
}
env:
SLACK_WEBHOOK_URL: ${{ secrets[inputs.slack_webhook_url] }}
- name: Delivery manifest
if: fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].generate_manifest
uses: aspect-build/workflows-action@5.12.0-alpha0.dev.68.g41b1e2f
timeout-minutes: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].delivery_manifest_timeout }}
with:
workspace: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}
task: delivery_manifest
args: "--data TARGETS_SOURCE=${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].task }}"
# Upload all artifacts for the workspace
- name: Upload artifacts
# The `always()` condition makes this step run even if a previous step failed.
# Setting `continue-on-error: true` on previous steps isn't ideal as the UI
# will flag them as having passed even if they failed.
if: ${{ always() }}
uses: actions/upload-artifact@v4
with:
name: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].artifact_prefix }}${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].task }}.artifacts
path: ${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].artifact_upload_pattern }}
overwrite: true
# Codecov
- name: Codecov upload
# The `always()` condition makes this step run even if a previous step failed.
# Setting `continue-on-error: true` on previous steps isn't ideal as the UI
# will flag them as having passed even if they failed.
if: ${{ always() && fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].codecov_upload }}
# https://github.com/marketplace/actions/codecov
uses: codecov/codecov-action@v4
with:
files: bazel-out/_coverage/_coverage_report.dat
token: ${{ secrets.CODECOV_TOKEN }}
functionalities: search # Disable searching for coverage reports. If enabled, it gets confused
# by the bazel convenience symlinks and finds the same coverage report
# under bazel-out and {workspace}/bazel-out.
- name: Trigger delivery
# This uses the following API: https://docs.github.com/en/rest/actions/workflows?apiVersion=2022-11-28#create-a-workflow-dispatch-event
run: |
curl \
-X POST \
-H "Accept: application/vnd.github.v3+json" \
-H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
https://api.github.com/repos/${{ github.repository }}/actions/workflows/${{ inputs.delivery-workflow }}/dispatches \
-d "{\"ref\":\"${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].branch }}\",\"inputs\":{\"delivery_commit\":\"${GITHUB_SHA}\",\"workspace\":\"${{ fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].workspace }}\"}}"
shell: bash
if: fromJson(needs.setup.outputs.cfg).workflows_config[matrix.job].delivery
34 changes: 34 additions & 0 deletions .github/workflows/aspect-workflows-warming.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Aspect Workflows Warming

on:
# Run the workflows on a cron schedule to periodically create an up-to-date warming archive
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
schedule:
- cron: '0 8 * * *'

# Allow this to be triggered manually via the GitHub UI Actions tab
workflow_dispatch:

jobs:
warming-archive:
name: Aspect Workflows Warming
runs-on: [self-hosted, aspect-workflows, aspect-warming]
env:
ASPECT_WORKFLOWS_BIN_DIR: /etc/aspect/workflows/bin
steps:
- name: Workflows environment
run: ${ASPECT_WORKFLOWS_BIN_DIR}/configure_workflows_env
- uses: actions/checkout@v4
with:
ref: main-gha
- name: Agent health check
# Set RUNNER_TRACKER_ID="" to prevent GitHub Actions from killing the Bazel server started
# during health check when "Cleaning up orphan processes" in the "Complete job" step.
# See https://github.com/actions/runner/issues/598.
run: RUNNER_TRACKER_ID="" && ${ASPECT_WORKFLOWS_BIN_DIR}/agent_health_check
- name: Create warming archive
uses: aspect-build/workflows-action@5.12.0-alpha0.dev.68.g41b1e2f
with:
task: warming
- name: Archive warming tars
run: ${ASPECT_WORKFLOWS_BIN_DIR}/warming_archive
29 changes: 29 additions & 0 deletions .github/workflows/aspect-workflows.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
name: Aspect Workflows

on:
# Triggers the workflow on the main-gha branch and on pull requests with main-gha bases
push:
branches: [main-gha]
pull_request:
branches: [main-gha]

# Run the workflows on a cron schedule to run once a day on main branch
# https://docs.github.com/en/actions/using-workflows/events-that-trigger-workflows#schedule
schedule:
- cron: '0 14 * * 1-5'

# Allow this to be triggered manually via the GitHub UI Actions tab
workflow_dispatch:

concurrency:
# Cancel previous actions from the same PR or branch except 'main-gha' branch.
# See https://docs.github.com/en/actions/using-jobs/using-concurrency and https://docs.github.com/en/actions/learn-github-actions/contexts for more info.
group: concurrency-group::${{ github.workflow }}::${{ github.event.pull_request.number > 0 && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}${{ github.ref_name == 'main-gha' && format('::{0}', github.run_id) || ''}}
cancel-in-progress: ${{ github.ref_name != 'main-gha' }}

jobs:
aspect-workflows:
name: Aspect Workflows
uses: ./.github/workflows/.aspect-workflows-reusable.yaml
with:
queue: aspect-small

0 comments on commit 1b50139

Please sign in to comment.