Enforce and user guards as read-only #404
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and publish application binaries | |
| on: | |
| workflow_dispatch: | |
| push: | |
| paths: | |
| - '**' | |
| - '!.github/**' | |
| - '.github/workflows/applications.yml' | |
| jobs: | |
| build: | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| ghc: ["9.8.2", "9.10.1", '9.6.6'] | |
| cabal: ["3.12"] | |
| os: ["ubuntu-20.04", "ubuntu-22.04", "macos-14"] | |
| cabalcache: ["true"] | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.kadena_cabal_cache_aws_access_key_id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.kadena_cabal_cache_aws_secret_access_key }} | |
| AWS_DEFAULT_REGION: us-east-1 | |
| # Aritfacts | |
| ARTIFACT_BUCKET: kadena-cabal-cache | |
| BINFILE: pact.${{ matrix.ghc }}.${{ matrix.os }}.${{ github.sha }}.tar.gz | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| # Needed for a certain test | |
| - name: Download chain9 test file | |
| run: | | |
| mkdir -p pact-tests/legacy-db-regression | |
| curl -L https://chainweb-chain-db.s3.amazonaws.com/test-objects/pact-v1-chain-9.sqlite \ | |
| -o pact-tests/legacy-db-regression/pact-v1-chain-9.sqlite | |
| # Haskell Setup | |
| - name: Set permissions for .ghcup (ubuntu) | |
| if: startsWith(matrix.os, 'ubuntu-') | |
| run: sudo chown -R $USER /usr/local/.ghcup | |
| - name: Install GHC and Cabal | |
| uses: haskell-actions/setup@v2 | |
| with: | |
| ghc-version: ${{ matrix.ghc }} | |
| cabal-version: ${{ matrix.cabal }} | |
| - name: Confirm GHC and Cabal installation | |
| run: | | |
| ghc --version | |
| cabal --version | |
| - name: Setting up MPFR (Ubuntu) | |
| if: startsWith(matrix.os, 'ubuntu-') | |
| shell: bash | |
| run: sudo apt-get update && sudo apt-get install -y libmpfr-dev | |
| # Project Setup | |
| - name: Create cabal.project.local | |
| shell: bash | |
| run: | | |
| cat > cabal.project.local <<EOF | |
| documentation: False | |
| package pact | |
| tests: True | |
| benchmarks: True | |
| documentation: False | |
| optimization: 1 | |
| flags: ${{ matrix.flags }} +cryptonite-ed25519 | |
| extra-include-dirs: | |
| /opt/local/include | |
| /usr/local/opt/openssl/include | |
| extra-lib-dirs: | |
| /opt/local/lib | |
| /usr/local/opt/openssl/lib/ | |
| EOF | |
| - name: Extend cabal.project.local for GHC-9.0.2 | |
| if: "startsWith(matrix.ghc, '9')" | |
| shell: bash | |
| run: | | |
| cat >> cabal.project.local <<EOF | |
| package pact | |
| ghc-options: -Wwarn -Wunused-packages | |
| EOF | |
| - name: Add check for unused packages | |
| shell: bash | |
| run: | | |
| cat >> cabal.project.local <<EOF | |
| package pact | |
| ghc-options: -Wunused-packages | |
| EOF | |
| - name: Print cabal.project.local | |
| shell: bash | |
| run: cat cabal.project.local | |
| - uses: actions/cache@v3 | |
| name: Cache dist-newstyle | |
| with: | |
| path: | | |
| ~/.cabal/packages | |
| ~/.cabal/store | |
| dist-newstyle | |
| key: ${{ matrix.os }}-${{ matrix.ghc }}-4-cabal | |
| # Build | |
| - name: Update package database | |
| shell: bash | |
| run: cabal update | |
| - name: Display outdated packages | |
| run: cabal outdated | |
| - name: Configure build | |
| run: | | |
| cabal build --dry-run | |
| cabal freeze | |
| - name: Sync with cabal cache | |
| if: matrix.cabalcache == 'true' | |
| uses: larskuhtz/cabal-cache-action@4b537195b33898fcd9adc62cee2a44986fd7b1b6 | |
| with: | |
| bucket: "kadena-cabal-cache" | |
| region: "us-east-1" | |
| folder: "packages/${{ matrix.os }}" | |
| aws_access_key_id: "${{ secrets.kadena_cabal_cache_aws_access_key_id }}" | |
| aws_secret_access_key: "${{ secrets.kadena_cabal_cache_aws_secret_access_key }}" | |
| - name: Build dependencies | |
| shell: bash | |
| run: cabal build --only-dependencies | |
| - name: Build | |
| shell: bash | |
| run: cabal build | |
| - name: Test | |
| shell: bash | |
| run: cabal run tests | |
| - name: Verify Binary Linking | |
| shell: bash | |
| if: "!contains(matrix.flags, '-build-tool')" | |
| run: cabal run exe:pact -- --version | |
| # Publish Artifacts | |
| - name: Prepare artifacts | |
| if: "!contains(matrix.flags, '-build-tool')" | |
| shell: bash | |
| run: | | |
| export VER=$(grep '^version' pact-tng.cabal | sed -e 's/.*: *//') | |
| mkdir -p artifacts/pact | |
| cp $(cabal list-bin pact) artifacts/pact | |
| cp CHANGELOG.md artifacts/pact | |
| cp README.md artifacts/pact | |
| cp LICENSE artifacts/pact | |
| cp pact-tng.cabal artifacts/pact | |
| cp cabal.project artifacts/pact | |
| cp cabal.project.local artifacts/pact | |
| cp cabal.project.freeze artifacts/pact | |
| - name: Publish applications | |
| if: "!contains(matrix.flags, '-build-tool')" | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: pact-applications.${{ matrix.ghc }}.${{ matrix.os }} | |
| path: artifacts/pact | |
| # Publish to S3 | |
| - name: Publish applications to S3 | |
| if: "!contains(matrix.flags, '-build-tool')" | |
| shell: bash | |
| run: | | |
| tar -C ./artifacts/pact/ -czf $BINFILE '.' | |
| echo "created tar file: $BINFILE" | |
| ls $BINFILE | |
| aws s3 cp $BINFILE s3://$ARTIFACT_BUCKET/pact/ | |
| echo "uploaded tar file to S3" | |
| aws s3api put-object-acl --bucket $ARTIFACT_BUCKET --key=pact/$BINFILE --acl public-read | |
| echo "set public read permission" | |
| # ########################################################################## # | |
| # Build and publish docker image | |
| docker-image: | |
| name: Build and publish docker image | |
| needs: [build] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - ghc: "9.10.1" | |
| os: "ubuntu-22.04" | |
| env: | |
| OS: ${{ matrix.os }} | |
| steps: | |
| - name: Get build artifacts | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: pact-applications.${{ matrix.ghc }}.${{ matrix.os }} | |
| path: pact | |
| - name: Create Dockerfile | |
| run: | | |
| chmod 755 pact/pact | |
| cat > Dockerfile <<EOF | |
| FROM ubuntu:${OS#ubuntu-} | |
| LABEL com.pact.docker.image.compiler="ghc-${{ matrix.ghc }}" | |
| LABEL com.pact.docker.image.os="${{ matrix.os }}" | |
| RUN apt-get update && apt-get install -y ca-certificates libgmp10 libmpfr-dev libssl3 zlib1g locales && rm -rf /var/lib/apt/lists/* && locale-gen en_US.UTF-8 && update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8 | |
| ENV LANG=en_US.UTF-8 | |
| WORKDIR /pact | |
| COPY pact/pact . | |
| COPY pact/LICENSE . | |
| COPY pact/README.md . | |
| COPY pact/CHANGELOG.md . | |
| COPY pact/pact-tng.cabal . | |
| COPY pact/cabal.project . | |
| COPY pact/cabal.project.local . | |
| COPY pact/cabal.project.freeze . | |
| STOPSIGNAL SIGTERM | |
| ENTRYPOINT [ "/pact/pact" ] | |
| EOF | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: ghcr.io/kadena-io/pact-5 | |
| tags: | | |
| type=sha | |
| type=ref,event=branch | |
| type=ref,event=tag | |
| type=ref,event=pr | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: kadena-build | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| id: docker_build | |
| uses: docker/build-push-action@v4 | |
| with: | |
| push: true | |
| context: . | |
| file: ./Dockerfile | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=local,src=/tmp/.buildx-cache | |
| cache-to: type=local,dest=/tmp/.buildx-cache | |
| nightly: | |
| if: github.ref == 'refs/heads/master' | |
| needs: [docker-image] | |
| uses: kadena-io/pact-5/.github/workflows/release-manual.yml@master | |
| secrets: inherit |