-
-
Notifications
You must be signed in to change notification settings - Fork 107
260 lines (241 loc) · 12.4 KB
/
ci.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
name: CI
# Controls when the action will run.
on:
# Triggers the workflow on push or pull request events but only for the main branch
push:
branches: [main]
pull_request:
branches: [main]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
concurrency:
# Cancel previous actions from the same PR: https://stackoverflow.com/a/72408109
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
# matrix-prep-* steps dynamically generate a bit of JSON depending on whether our action has
# access to repository secrets. When running on a pull_request from a fork, the author is
# untrusted so the secret will be absent. Insanely complex for how simple this requirement is...
# inspired from
# https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional
matrix-prep-config:
# Prepares the 'config' axis of the test matrix
runs-on: ubuntu-latest
env:
ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
steps:
- id: local
run: echo "config=local" >> $GITHUB_OUTPUT
- id: rbe
run: echo "config=rbe" >> $GITHUB_OUTPUT
# Don't run RBE if there are no EngFlow creds which is the case on forks
if: ${{ env.ENGFLOW_PRIVATE_KEY != '' }}
outputs:
# Will look like ["local", "rbe"]
configs: ${{ toJSON(steps.*.outputs.config) }}
matrix-prep-bazelversion:
# Prepares the 'bazelversion' axis of the test matrix
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- id: bazel_6
run: echo "bazelversion=$(head -n 1 .bazelversion)" >> $GITHUB_OUTPUT
- id: bazel_5_3
run: echo "bazelversion=5.3.2" >> $GITHUB_OUTPUT
- id: bazel_5_1
run: echo "bazelversion=5.1.1" >> $GITHUB_OUTPUT
# 5.0.0 will not build due to bazel dependency:
# ```
# ERROR: Traceback (most recent call last):
# File "/home/runner/.cache/bazel/_bazel_runner/8d53428c79e05e77d1e55522fa21a0fd/external/bazel_gazelle/internal/go_repository.bzl", line 17, column 56, in <toplevel>
# load("@bazel_tools//tools/build_defs/repo:utils.bzl", "read_user_netrc", "use_netrc")
# Error: file '@bazel_tools//tools/build_defs/repo:utils.bzl' does not contain symbol 'read_user_netrc'
# ```
outputs:
# Will look like ["<version from .bazelversion>", "5.3.2", "5.0.0"]
bazelversions: ${{ toJSON(steps.*.outputs.bazelversion) }}
matrix-prep-folder:
# Prepares the 'folder' axis of the test matrix
runs-on: ubuntu-latest
env:
ASPECT_NPM_AUTH_TOKEN: ${{ secrets.ASPECT_NPM_AUTH_TOKEN }}
steps:
- id: root
run: echo "folder=." >> $GITHUB_OUTPUT
- id: bzlmod
run: echo "folder=e2e/bzlmod" >> $GITHUB_OUTPUT
- id: js_image
run: echo "folder=e2e/js_image" >> $GITHUB_OUTPUT
- id: js_run_devserver
run: echo "folder=e2e/js_run_devserver" >> $GITHUB_OUTPUT
- id: npm_link_package-esm
run: echo "folder=e2e/npm_link_package-esm" >> $GITHUB_OUTPUT
- id: npm_link_package
run: echo "folder=e2e/npm_link_package" >> $GITHUB_OUTPUT
- id: npm_translate_lock_auth
run: echo "folder=e2e/npm_translate_lock_auth" >> $GITHUB_OUTPUT
# Don't run e2e/npm_translate_lock_auth if there is no auth token secret which is the case on forks.
if: ${{ env.ASPECT_NPM_AUTH_TOKEN != '' }}
- id: npm_translate_lock
run: echo "folder=e2e/npm_translate_lock" >> $GITHUB_OUTPUT
- id: npm_translate_package_lock
run: echo "folder=e2e/npm_translate_package_lock" >> $GITHUB_OUTPUT
- id: npm_translate_yarn_lock
run: echo "folder=e2e/npm_translate_yarn_lock" >> $GITHUB_OUTPUT
- id: package_json_module
run: echo "folder=e2e/package_json_module" >> $GITHUB_OUTPUT
- id: pnpm_workspace_rerooted
run: echo "folder=e2e/pnpm_workspace_rerooted" >> $GITHUB_OUTPUT
- id: pnpm_workspace
run: echo "folder=e2e/pnpm_workspace" >> $GITHUB_OUTPUT
- id: rules_foo
run: echo "folder=e2e/rules_foo" >> $GITHUB_OUTPUT
- id: update_pnpm_lock
run: echo "folder=e2e/update_pnpm_lock" >> $GITHUB_OUTPUT
- id: update_pnpm_lock_with_import
run: echo "folder=e2e/update_pnpm_lock_with_import" >> $GITHUB_OUTPUT
- id: vendored_node
run: echo "folder=e2e/vendored_node" >> $GITHUB_OUTPUT
- id: verify_patches
run: echo "folder=e2e/verify_patches" >> $GITHUB_OUTPUT
- id: webpack_devserver
run: echo "folder=e2e/webpack_devserver" >> $GITHUB_OUTPUT
- id: webpack_devserver_esm
run: echo "folder=e2e/webpack_devserver_esm" >> $GITHUB_OUTPUT
- id: workspace
run: echo "folder=e2e/workspace" >> $GITHUB_OUTPUT
outputs:
# Will look like [".", "e2e/bzlmod", ...]
folders: ${{ toJSON(steps.*.outputs.folder) }}
test:
runs-on: ubuntu-latest
needs:
- matrix-prep-config
- matrix-prep-bazelversion
- matrix-prep-folder
strategy:
fail-fast: false
matrix:
config: ${{ fromJSON(needs.matrix-prep-config.outputs.configs) }}
bazelversion: ${{ fromJSON(needs.matrix-prep-bazelversion.outputs.bazelversions) }}
folder: ${{ fromJSON(needs.matrix-prep-folder.outputs.folders) }}
bzlmodEnabled: [true, false]
exclude:
# Don't test RBE with Bazel 5 (not supported)
- config: rbe
bazelversion: 5.3.2
- config: rbe
bazelversion: 5.1.1
# Don't run bzlmod smoke test with Bazel 5 (not supported) or without bzlmod enabled
- bazelversion: 5.3.2
folder: e2e/bzlmod
- bazelversion: 5.1.1
folder: e2e/bzlmod
- bzlmodEnabled: false
folder: e2e/bzlmod
# Don't run workspace smoke test under bzlmod
- folder: e2e/workspace
bzlmodEnabled: true
# Don't run bzlmod e2e tests with Bazel 5
- bazelversion: 5.3.2
bzlmodEnabled: true
- bazelversion: 5.1.1
bzlmodEnabled: true
# TODO: un-exclude the following bzlmod tests once they work
- folder: .
bzlmodEnabled: true
- folder: e2e/js_image
bzlmodEnabled: true
- folder: e2e/js_run_devserver
bzlmodEnabled: true
- folder: e2e/npm_link_package-esm
bzlmodEnabled: true
- folder: e2e/npm_link_package
bzlmodEnabled: true
- folder: e2e/rules_foo
bzlmodEnabled: true
- folder: e2e/update_pnpm_lock_with_import
bzlmodEnabled: true
- folder: e2e/webpack_devserver
bzlmodEnabled: true
- folder: e2e/webpack_devserver_esm
bzlmodEnabled: true
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v3
- name: Mount bazel caches
uses: actions/cache@v3
with:
path: |
~/.cache/bazel
~/.cache/bazel-repo
key: bazel-cache-${{ hashFiles('**/BUILD.bazel', '**/*.bzl', 'WORKSPACE', '**/*.js') }}
restore-keys: bazel-cache-
- name: Configure Bazel version
working-directory: ${{ matrix.folder }}
# Overwrite the .bazelversion instead of using USE_BAZEL_VERSION so that Bazelisk
# still bootstraps Aspect CLI from configuration in .bazeliskrc. Aspect CLI will
# then use .bazelversion to determine which Bazel version to use
run: echo "${{ matrix.bazelversion }}" > .bazelversion
- name: Write EngFlow credentials
# Writes EngFlow credential files for RBE configurations
if: matrix.config == 'rbe'
working-directory: ${{ matrix.folder }}
run: |
touch engflow.crt engflow.key
chmod 0600 engflow.crt engflow.key
echo "$ENGFLOW_CLIENT_CRT" > engflow.crt
echo "$ENGFLOW_PRIVATE_KEY" > engflow.key
env:
ENGFLOW_CLIENT_CRT: ${{ secrets.ENGFLOW_CLIENT_CRT }}
ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
- name: Check for test.sh
# Checks for the existence of test.sh in the folder. Downstream steps can use
# steps.has_test_sh.outputs.files_exists as a conditional.
id: has_test_sh
uses: andstor/file-existence-action@v2
with:
files: '${{ matrix.folder }}/test.sh'
- name: Set bzlmod flag
# Store the --enable_bzlmod flag that we add to the test command below
# only when we're running bzlmod in our test matrix.
id: set_bzlmod_flag
if: matrix.bzlmodEnabled
run: echo "bzlmod_flag=--enable_bzlmod" >> $GITHUB_OUTPUT
- name: bazel test //...
working-directory: ${{ matrix.folder }}
run: |
bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc test --config=${{ matrix.config }} ${{ steps.set_bzlmod_flag.outputs.bzlmod_flag }} //...
ls $(bazel info output_base)/external | grep -v __links | grep -vz unused
env:
# Bazelisk will download bazel to here
XDG_CACHE_HOME: ~/.cache/bazel-repo
ASPECT_RULES_JS_FROZEN_PNPM_LOCK: 1
ASPECT_NPM_AUTH_TOKEN: ${{ secrets.ASPECT_NPM_AUTH_TOKEN }}
ASPECT_GH_PACKAGES_AUTH_TOKEN: ${{ secrets.ASPECT_GH_PACKAGES_AUTH_TOKEN }}
- name: bazel coverage //...
# Don't run on RBE. Coverage does not work properly with RBE. See: bazelbuild/bazel#4685.
# Don't run coverage on e2e/bzlmod. It fails evaluating js/private/coverage/BUILD.bazel because write_source_files is not yet bzlmod compatible.
if: matrix.config == 'local'
working-directory: ${{ matrix.folder }}
run: |
bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc coverage --config=${{ matrix.config }} --instrument_test_targets //...
env:
# Bazelisk will download bazel to here
XDG_CACHE_HOME: ~/.cache/bazel-repo
ASPECT_RULES_JS_FROZEN_PNPM_LOCK: 1
ASPECT_NPM_AUTH_TOKEN: ${{ secrets.ASPECT_NPM_AUTH_TOKEN }}
ASPECT_GH_PACKAGES_AUTH_TOKEN: ${{ secrets.ASPECT_GH_PACKAGES_AUTH_TOKEN }}
- name: ./test.sh
# Run if there is a test.sh file in the folder.
if: steps.has_test_sh.outputs.files_exists == 'true'
working-directory: ${{ matrix.folder }}
shell: bash
# Run the script potentially setting BZLMOD_FLAG=--enable_bzlmod. All test.sh
# scripts that run bazel directly should make use of this variable.
run: BZLMOD_FLAG=${{ steps.set_bzlmod_flag.outputs.bzlmod_flag }} ./test.sh
env:
# Bazelisk will download bazel to here
XDG_CACHE_HOME: ~/.cache/bazel-repo
ASPECT_RULES_JS_FROZEN_PNPM_LOCK: 1