runner: Block execution from suspended/disabled users tasks #999
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build binaries | |
on: | |
pull_request: | |
push: | |
branches: | |
- main | |
- dev | |
tags: | |
- "v*" | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
build: | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
# Disabling arm64 builds till ffmpeg installation support isn't available | |
- arm64 | |
- amd64 | |
platform: | |
- os: ubuntu-20.04 | |
name: linux | |
- os: ubuntu-20.04 | |
name: windows | |
- os: macos-11 | |
name: darwin | |
name: Build binaries for ${{ matrix.platform.name }}-${{ matrix.arch }} | |
runs-on: ${{ matrix.platform.os }} | |
steps: | |
- name: Check out code | |
uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
# Check https://github.com/livepeer/go-livepeer/pull/1891 | |
# for ref value discussion | |
ref: ${{ github.event.pull_request.head.sha }} | |
- name: Set up go | |
id: go | |
uses: actions/setup-go@v3 | |
with: | |
go-version-file: go.mod | |
cache: true | |
cache-dependency-path: go.sum | |
- name: Export OS and platform env | |
run: | | |
echo "GOOS=${{ matrix.platform.name }}" >> $GITHUB_ENV | |
echo "GOARCH=${{ matrix.arch }}" >> $GITHUB_ENV | |
- name: Download dependencies | |
if: steps.go.outputs.cache-hit != 'true' | |
run: go mod download | |
- name: Build | |
run: | | |
mkdir -p build/ releases/ | |
export PKG_CONFIG_PATH=~/compiled/lib/pkgconfig | |
make | |
- uses: actions-ecosystem/action-regex-match@v2 | |
id: match-tag | |
with: | |
text: ${{ github.ref_name }} | |
regex: '^(master|main|v[0-9]+\.\d+\.\d+)$' | |
- name: Codesign and notarize binaries | |
if: ${{ steps.match-tag.outputs.match != '' && matrix.platform.name == 'darwin' }} | |
uses: livepeer/action-gh-codesign-apple@latest | |
with: | |
developer-certificate-id: ${{ secrets.CI_MACOS_CERTIFICATE_ID }} | |
developer-certificate-base64: ${{ secrets.CI_MACOS_CERTIFICATE_BASE64 }} | |
developer-certificate-password: ${{ secrets.CI_MACOS_CERTIFICATE_PASSWORD }} | |
app-notarization-email: ${{ secrets.CI_MACOS_NOTARIZATION_USER }} | |
app-notarization-password: ${{ secrets.CI_MACOS_NOTARIZATION_PASSWORD }} | |
app-notarization-team-id: ${{ secrets.CI_MACOS_NOTARIZATION_TEAM_ID }} | |
binary-path: "build/task-runner" | |
- name: Archive binaries for windows | |
if: matrix.platform.name == 'windows' | |
run: | | |
cd build/ | |
mv task-runner livepeer-task-runner.exe | |
zip -9q "../releases/livepeer-task-runner-${GOOS}-${GOARCH}.zip" ./livepeer-task-runner.exe | |
- name: Archive binaries for not windows | |
if: matrix.platform.name != 'windows' | |
run: | | |
cd build/ | |
mv task-runner livepeer-task-runner | |
tar -czf "../releases/livepeer-task-runner-${GOOS}-${GOARCH}.tar.gz" ./livepeer-task-runner | |
- name: Upload artifacts for processing further in linux | |
uses: actions/upload-artifact@v3 | |
with: | |
name: release-artifacts | |
path: releases/ | |
upload: | |
name: Upload artifacts to google bucket | |
permissions: | |
contents: "read" | |
id-token: "write" | |
runs-on: ubuntu-latest | |
needs: | |
- build | |
steps: | |
- name: Download artifacts | |
uses: actions/download-artifact@v3 | |
with: | |
name: release-artifacts | |
path: releases/ | |
- name: Generate sha256 checksum and gpg signatures for release artifacts | |
uses: livepeer/action-gh-checksum-and-gpg-sign@latest | |
with: | |
artifacts-dir: releases | |
release-name: ${{ github.ref_type == 'tag' && github.ref_name || github.sha }} | |
gpg-key: ${{ secrets.CI_GPG_SIGNING_KEY }} | |
gpg-key-passphrase: ${{ secrets.CI_GPG_SIGNING_PASSPHRASE }} | |
- name: Generate branch manifest | |
id: branch-manifest | |
uses: livepeer/branch-manifest-action@latest | |
with: | |
project-name: ${{ github.event.repository.name }} | |
- name: Authenticate to Google Cloud | |
id: auth | |
uses: google-github-actions/auth@v1 | |
with: | |
workload_identity_provider: ${{ secrets.CI_GOOGLE_WORKLOAD_IDENTITY_PROVIDER }} | |
service_account: ${{ secrets.CI_GOOGLE_SERVICE_ACCOUNT }} | |
- name: Upload release archives to Google Cloud | |
id: upload-archives | |
uses: google-github-actions/upload-cloud-storage@v1 | |
with: | |
path: "releases" | |
destination: "build.livepeer.live/${{ github.event.repository.name }}/${{ (github.ref_type == 'tag' && github.ref_name) || github.sha }}" | |
parent: false | |
- name: Upload branch manifest file | |
id: upload-manifest | |
uses: google-github-actions/upload-cloud-storage@v1 | |
with: | |
path: ${{ steps.branch-manifest.outputs.manifest-file }} | |
destination: "build.livepeer.live/${{ github.event.repository.name }}/" | |
parent: false |