Synchronize upstream #47
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Synchronize upstream | |
on: | |
workflow_dispatch: | |
inputs: | |
project: | |
type: string | |
description: upstream project name | |
options: | |
- dae | |
- daed | |
required: true | |
branch: | |
type: string | |
description: branch to sync with | |
default: unstable | |
jobs: | |
sync-upstream: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Generate GitHub auth token | |
# https://github.com/tibdex/github-app-token | |
id: generate_token | |
uses: tibdex/github-app-token@v2.1.0 | |
with: | |
app_id: ${{ secrets.GH_APP_ID }} | |
private_key: ${{ secrets.GH_APP_PRIVATE_KEY }} | |
- uses: actions/checkout@main | |
with: | |
token: ${{ steps.generate_token.outputs.token }} | |
ref: ${{ inputs.branch }} | |
- uses: DeterminateSystems/nix-installer-action@main | |
- uses: DeterminateSystems/magic-nix-cache-action@main | |
- uses: DeterminateSystems/flake-checker-action@main | |
- name: Get the latest upstream commit | |
id: upstream_commit | |
shell: bash | |
run: | | |
#!/usr/bin/env bash | |
set -exuo pipefail | |
out=$(nix run nixpkgs#nix-prefetch-git -- --url 'https://github.com/${{ github.repository_owner }}/${{ inputs.project }}.git' --rev 'refs/heads/main' --fetch-submodules --quiet | tee output.json) | |
echo sha_short=$(echo $out | jq -r '.rev' | cut -c1-7) >> "$GITHUB_OUTPUT" | |
- name: Update metadata for a project based off the latest upstream git commit | |
id: update_metadata | |
shell: bash | |
run: | | |
#!/usr/bin/env bash | |
set -exo pipefail | |
# Convert the output from previous step to valid JSON format | |
project=${{ inputs.project }} | |
json_output=$(cat output.json) | |
# Extract the necessary values from the json_output | |
date=$(echo "$json_output" | jq -r '.date' | awk -F'T' '{print $1}') | |
rev=$(echo "$json_output" | jq -r '.rev') | |
rev_short=$(echo "$json_output" | jq -r '.rev' | cut -c1-7) | |
hash=$(echo "$json_output" | jq -r '.hash') | |
# Update the metadata.json file | |
jq --arg version "unstable-$date.$rev_short" \ | |
--arg rev "$rev" \ | |
--arg hash "$hash" \ | |
'.version = $version | .rev = $rev | .hash = $hash' \ | |
./$project/metadata.json | tee ./$project/metadata.json.tmp | |
mv ./$project/{metadata.json.tmp,metadata.json} | |
# Retry logic for awk extraction | |
max_retries=3 | |
retry_count=0 | |
vendor= | |
until [ "$retry_count" -ge "$max_retries" ]; do | |
vendor="$(nix --log-format raw build .#$project 2>&1 | grep "got: " | awk '/got: / {print $NF}' || echo '')" | |
vendor_fetch_status=$? | |
if [ -n "$vendor" ]; then | |
# If $vendor is not empty, extraction succeeded | |
vendor_fetch_status=0 | |
break | |
fi | |
retry_count=$((retry_count + 1)) | |
echo "Retrying nix command and awk extraction ($retry_count/$max_retries)..." | |
sleep 3 | |
done | |
if [ "$vendor_fetch_status" -ne 0 ]; then | |
echo "nix command failed with status $vendor_fetch_status." | |
echo "awk extraction failed after $max_retries attempts." | |
exit 1 | |
fi | |
if [ -z "$vendor" ]; then | |
# if $vendor is empty | |
# use original vendorHash | |
vendor="$(jq -r '.vendorHash' $project/metadata.json)" | |
fi | |
# Continue with script execution using $vendor | |
echo "Vendor extraction succeeded: $vendor" | |
# Update vendorHash in metadata.json | |
jq --arg vendor "$vendor" \ | |
'.vendorHash = $vendor' \ | |
./$project/metadata.json | tee ./$project/metadata.json.tmp | |
mv ./$project/{metadata.json.tmp,metadata.json} | |
- name: Commit changes and push | |
uses: EndBug/add-and-commit@main | |
with: | |
add: "${{ inputs.project }}/metadata.json" | |
commit: --signoff | |
message: "chore(${{ inputs.project }}): pin ref to refs/head/main (${{ steps.upstream_commit.outputs.sha_short }})" | |
- name: Build | |
run: | | |
#!/usr/bin/env bash | |
set -exuo pipefail | |
nix build .#${{ inputs.project }} |