Binaries #79
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Binaries | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| - cron: '0 1 * * *' # Triggers the build at 1:00 UTC time | |
| jobs: | |
| binary: | |
| name: Create | |
| permissions: | |
| id-token: write | |
| attestations: write | |
| contents: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: macos-13 | |
| name: x86_64-apple-darwin | |
| installable: .#dune-experimental | |
| - os: macos-14 | |
| name: aarch64-apple-darwin | |
| installable: .#dune-experimental | |
| - os: ubuntu-22.04 | |
| name: x86_64-unknown-linux-musl | |
| installable: .#dune-static-experimental | |
| runs-on: ${{ matrix.os }} | |
| outputs: | |
| git-commit: ${{ steps.git-commit.outputs.hash }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: "WARNING: Store patch(es) in tmp" | |
| run: | | |
| mv ./dune-locking.patch /tmp | |
| - uses: actions/checkout@v4 | |
| with: | |
| repository: ocaml/dune | |
| ref: main # At some point we might need to change it to point to a developer preview branch | |
| fetch-depth: 0 # for git describe | |
| - uses: cachix/install-nix-action@v22 | |
| - name: Extract build informations | |
| id: git-commit | |
| run: echo "hash=$(git rev-parse HEAD)" >> "$GITHUB_OUTPUT" | |
| - name: Export version | |
| run: | | |
| echo "(version \"Dune Developer Preview: build $(date --iso-8601=seconds), git revision $(git rev-parse HEAD)\")" >> dune-project | |
| - name: "WARNING: import and apply patch(es)" | |
| run: | | |
| git config --global user.email "temporary@tarides.com" | |
| git config --global user.name "Temporary patch" | |
| mv /tmp/dune-locking.patch . | |
| git am dune-locking.patch | |
| - run: nix build ${{ matrix.installable }} | |
| - name: Generate artifact attestation | |
| id: certificate | |
| uses: actions/attest-build-provenance@v1 | |
| with: | |
| subject-path: "result/bin/dune" | |
| show-summary: false | |
| - name: Extract artifact and attestation | |
| run: | | |
| mkdir -p ~/build/ | |
| cp ${{ steps.certificate.outputs.bundle-path }} result/bin/dune ~/build/ | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| path: ~/build/* | |
| name: ${{ matrix.name }} | |
| check-artifacts: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: macos-13 | |
| name: x86_64-apple-darwin | |
| - os: macos-14 | |
| name: aarch64-apple-darwin | |
| - os: ubuntu-22.04 | |
| name: x86_64-unknown-linux-musl | |
| runs-on: ${{ matrix.os }} | |
| needs: binary | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| - name: Get dune accessible | |
| run: | | |
| mv ./${{ matrix.name }}/dune ./dune | |
| chmod u+x ./dune | |
| - name: Check dune is working | |
| run: | | |
| export PATH="$PWD:$PATH" | |
| cd test | |
| dune pkg lock | |
| dune build | |
| deploy-s3: | |
| runs-on: ubuntu-latest | |
| needs: [binary, check-artifacts] | |
| permissions: | |
| contents: write | |
| steps: | |
| - name: Install rclone | |
| run: | | |
| sudo -v ; curl https://rclone.org/install.sh | sudo bash | |
| - name: Prepare SSH env | |
| shell: bash | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/tarides | |
| echo "$SSH_PUBLIC_KEY" > ~/.ssh/tarides.pub | |
| chmod 600 ~/.ssh/tarides | |
| chmod 600 ~/.ssh/tarides.pub | |
| ssh-keyscan -H "$DEPLOY_SERVER" >> ~/.ssh/known_hosts | |
| env: | |
| DEPLOY_SERVER: ${{ secrets.DEPLOY_SERVER }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| SSH_PUBLIC_KEY: ${{ secrets.SSH_PUBLIC_KEY }} | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup OCaml with cache | |
| uses: ocaml/setup-ocaml@v3 | |
| with: | |
| ocaml-compiler: "5.2" | |
| dune-cache: true | |
| - name: Install Sandworm | |
| run: cd sandworm && opam install -y . --deps-only && opam exec -- dune build | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| path: /home/runner/artifacts | |
| - name: Move artifacts to scope | |
| run: mv "/home/runner/artifacts" "." | |
| - name: Export Rclone configuration | |
| run: echo "${{ secrets.RCLONE_CONF }}" >> rclone.conf | |
| - name: Export executables and generate html | |
| shell: bash | |
| run: ./sandworm/_build/install/default/bin/sandworm sync --with-certificate --commit "${{ needs.binary.outputs.git-commit }}" | |
| - name: Commit changes to branch | |
| run: | | |
| git config --global user.name 'Sandworm' | |
| git config --global user.email 'tarides@users.noreply.github.com' | |
| git add index.html metadata.json | |
| git commit -m "Nightly build $(date +'%Y-%m-%d')" | |
| git push | |
| notify: | |
| runs-on: ubuntu-latest | |
| needs: [ binary, check-artifacts, deploy-s3 ] | |
| if: ${{ !cancelled() && (needs.binary.result == 'failure' || needs.check-artifacts.result == 'failure' || needs.deploy-s3.result == 'failure' ) }} | |
| steps: | |
| - name: Post an error message to Slack | |
| id: slack | |
| uses: slackapi/slack-github-action@v1.27.0 | |
| with: | |
| channel-id: ${{ secrets.SLACK_CHANNEL_ID }} | |
| slack-message: | | |
| :red_circle: I'm sorry to disturbe you, but it seems that something is failing here: | |
| ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}" | |
| env: | |
| SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }} | |