76ffd3ba01
Bumps [actions/cache](https://github.com/actions/cache) from 4.2.2 to 4.2.3. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/releases">actions/cache's releases</a>.</em></p> <blockquote> <h2>v4.2.3</h2> <h2>What's Changed</h2> <ul> <li>Update to use <code>@actions/cache</code> 4.0.3 package & prepare for new release by <a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> in <a href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a> (SAS tokens for cache entries are now masked in debug logs)</li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/salmanmkc"><code>@salmanmkc</code></a> made their first contribution in <a href="https://redirect.github.com/actions/cache/pull/1577">actions/cache#1577</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/cache/compare/v4.2.2...v4.2.3">https://github.com/actions/cache/compare/v4.2.2...v4.2.3</a></p> </blockquote> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/actions/cache/blob/main/RELEASES.md">actions/cache's changelog</a>.</em></p> <blockquote> <h1>Releases</h1> <h3>4.2.3</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.3 (obfuscates SAS token in debug logs for cache entries)</li> </ul> <h3>4.2.2</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.2</li> </ul> <h3>4.2.1</h3> <ul> <li>Bump <code>@actions/cache</code> to v4.0.1</li> </ul> <h3>4.2.0</h3> <p>TLDR; The cache backend service has been rewritten from the ground up for improved performance and reliability. <a href="https://github.com/actions/cache">actions/cache</a> now integrates with the new cache service (v2) APIs.</p> <p>The new service will gradually roll out as of <strong>February 1st, 2025</strong>. The legacy service will also be sunset on the same date. Changes in these release are <strong>fully backward compatible</strong>.</p> <p><strong>We are deprecating some versions of this action</strong>. We recommend upgrading to version <code>v4</code> or <code>v3</code> as soon as possible before <strong>February 1st, 2025.</strong> (Upgrade instructions below).</p> <p>If you are using pinned SHAs, please use the SHAs of versions <code>v4.2.0</code> or <code>v3.4.0</code></p> <p>If you do not upgrade, all workflow runs using any of the deprecated <a href="https://github.com/actions/cache">actions/cache</a> will fail.</p> <p>Upgrading to the recommended versions will not break your workflows.</p> <h3>4.1.2</h3> <ul> <li>Add GitHub Enterprise Cloud instances hostname filters to inform API endpoint choices - <a href="https://redirect.github.com/actions/cache/pull/1474">#1474</a></li> <li>Security fix: Bump braces from 3.0.2 to 3.0.3 - <a href="https://redirect.github.com/actions/cache/pull/1475">#1475</a></li> </ul> <h3>4.1.1</h3> <ul> <li>Restore original behavior of <code>cache-hit</code> output - <a href="https://redirect.github.com/actions/cache/pull/1467">#1467</a></li> </ul> <h3>4.1.0</h3> <ul> <li>Ensure <code>cache-hit</code> output is set when a cache is missed - <a href="https://redirect.github.com/actions/cache/pull/1404">#1404</a></li> <li>Deprecate <code>save-always</code> input - <a href="https://redirect.github.com/actions/cache/pull/1452">#1452</a></li> </ul> <h3>4.0.2</h3> <ul> <li>Fixed restore <code>fail-on-cache-miss</code> not working.</li> </ul> <h3>4.0.1</h3> <ul> <li>Updated <code>isGhes</code> check</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="5a3ec84eff"><code>5a3ec84</code></a> Merge pull request <a href="https://redirect.github.com/actions/cache/issues/1577">#1577</a> from salmanmkc/salmanmkc/4-test</li> <li><a href="7de21022a7"><code>7de2102</code></a> Update releases.md</li> <li><a href="76d40dd347"><code>76d40dd</code></a> Update to use the latest version of the cache package to obfuscate the SAS</li> <li><a href="76dd5eb692"><code>76dd5eb</code></a> update cache with main</li> <li><a href="8c80c27c5e"><code>8c80c27</code></a> new package</li> <li><a href="45cfd0e7ff"><code>45cfd0e</code></a> updates</li> <li><a href="edd449b9cf"><code>edd449b</code></a> updated cache with latest changes</li> <li><a href="0576707e37"><code>0576707</code></a> latest test before pr</li> <li><a href="3105dc9754"><code>3105dc9</code></a> update</li> <li><a href="9450d42d15"><code>9450d42</code></a> mask</li> <li>Additional commits viewable in <a href="d4323d4df1...5a3ec84eff">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
228 lines
7.7 KiB
YAML
228 lines
7.7 KiB
YAML
# GitHub actions workflow which builds the release artifacts.
|
|
|
|
name: Build release artifacts
|
|
|
|
on:
|
|
# we build on PRs and develop to (hopefully) get early warning
|
|
# of things breaking (but only build one set of debs). PRs skip
|
|
# building wheels on macOS & ARM.
|
|
pull_request:
|
|
push:
|
|
branches: ["develop", "release-*"]
|
|
|
|
# we do the full build on tags.
|
|
tags: ["v*"]
|
|
merge_group:
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}-${{ github.ref }}
|
|
cancel-in-progress: true
|
|
|
|
permissions:
|
|
contents: write
|
|
|
|
jobs:
|
|
get-distros:
|
|
name: "Calculate list of debian distros"
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
|
|
with:
|
|
python-version: '3.x'
|
|
- id: set-distros
|
|
run: |
|
|
# if we're running from a tag, get the full list of distros; otherwise just use debian:sid
|
|
# NOTE: inside the actual Dockerfile-dhvirtualenv, the image name is expanded into its full image path
|
|
dists='["debian:sid"]'
|
|
if [[ $GITHUB_REF == refs/tags/* ]]; then
|
|
dists=$(scripts-dev/build_debian_packages.py --show-dists-json)
|
|
fi
|
|
echo "distros=$dists" >> "$GITHUB_OUTPUT"
|
|
# map the step outputs to job outputs
|
|
outputs:
|
|
distros: ${{ steps.set-distros.outputs.distros }}
|
|
|
|
# now build the packages with a matrix build.
|
|
build-debs:
|
|
needs: get-distros
|
|
name: "Build .deb packages"
|
|
runs-on: ubuntu-latest
|
|
strategy:
|
|
matrix:
|
|
distro: ${{ fromJson(needs.get-distros.outputs.distros) }}
|
|
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
path: src
|
|
|
|
- name: Set up Docker Buildx
|
|
id: buildx
|
|
uses: docker/setup-buildx-action@b5ca514318bd6ebac0fb2aedd5d36ec1b5c232a2 # v3.10.0
|
|
with:
|
|
install: true
|
|
|
|
- name: Set up docker layer caching
|
|
uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
|
|
with:
|
|
path: /tmp/.buildx-cache
|
|
key: ${{ runner.os }}-buildx-${{ github.sha }}
|
|
restore-keys: |
|
|
${{ runner.os }}-buildx-
|
|
|
|
- name: Set up python
|
|
uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
|
|
with:
|
|
python-version: '3.x'
|
|
|
|
- name: Build the packages
|
|
# see https://github.com/docker/build-push-action/issues/252
|
|
# for the cache magic here
|
|
run: |
|
|
./src/scripts-dev/build_debian_packages.py \
|
|
--docker-build-arg=--cache-from=type=local,src=/tmp/.buildx-cache \
|
|
--docker-build-arg=--cache-to=type=local,mode=max,dest=/tmp/.buildx-cache-new \
|
|
--docker-build-arg=--progress=plain \
|
|
--docker-build-arg=--load \
|
|
"${{ matrix.distro }}"
|
|
rm -rf /tmp/.buildx-cache
|
|
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
|
|
|
|
- name: Artifact name
|
|
id: artifact-name
|
|
# We can't have colons in the upload name of the artifact, so we convert
|
|
# e.g. `debian:sid` to `sid`.
|
|
env:
|
|
DISTRO: ${{ matrix.distro }}
|
|
run: |
|
|
echo "ARTIFACT_NAME=${DISTRO#*:}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Upload debs as artifacts
|
|
uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
|
|
with:
|
|
name: debs-${{ steps.artifact-name.outputs.ARTIFACT_NAME }}
|
|
path: debs/*
|
|
|
|
build-wheels:
|
|
name: Build wheels on ${{ matrix.os }} for ${{ matrix.arch }}
|
|
runs-on: ${{ matrix.os }}
|
|
strategy:
|
|
matrix:
|
|
os: [ubuntu-22.04, macos-13]
|
|
arch: [x86_64, aarch64]
|
|
# is_pr is a flag used to exclude certain jobs from the matrix on PRs.
|
|
# It is not read by the rest of the workflow.
|
|
is_pr:
|
|
- ${{ startsWith(github.ref, 'refs/pull/') }}
|
|
|
|
exclude:
|
|
# Don't build macos wheels on PR CI.
|
|
- is_pr: true
|
|
os: "macos-13"
|
|
# Don't build aarch64 wheels on mac.
|
|
- os: "macos-13"
|
|
arch: aarch64
|
|
# Don't build aarch64 wheels on PR CI.
|
|
- is_pr: true
|
|
arch: aarch64
|
|
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
|
|
- uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
|
|
with:
|
|
# setup-python@v4 doesn't impose a default python version. Need to use 3.x
|
|
# here, because `python` on osx points to Python 2.7.
|
|
python-version: "3.x"
|
|
|
|
- name: Install cibuildwheel
|
|
run: python -m pip install cibuildwheel==2.23.0
|
|
|
|
- name: Set up QEMU to emulate aarch64
|
|
if: matrix.arch == 'aarch64'
|
|
uses: docker/setup-qemu-action@29109295f81e9208d7d86ff1c6c12d2833863392 # v3.6.0
|
|
with:
|
|
platforms: arm64
|
|
|
|
- name: Build aarch64 wheels
|
|
if: matrix.arch == 'aarch64'
|
|
run: echo 'CIBW_ARCHS_LINUX=aarch64' >> $GITHUB_ENV
|
|
|
|
- name: Only build a single wheel on PR
|
|
if: startsWith(github.ref, 'refs/pull/')
|
|
run: echo "CIBW_BUILD="cp39-manylinux_${{ matrix.arch }}"" >> $GITHUB_ENV
|
|
|
|
- name: Build wheels
|
|
run: python -m cibuildwheel --output-dir wheelhouse
|
|
env:
|
|
# Skip testing for platforms which various libraries don't have wheels
|
|
# for, and so need extra build deps.
|
|
CIBW_TEST_SKIP: pp3*-* *i686* *musl*
|
|
# Fix Rust OOM errors on emulated aarch64: https://github.com/rust-lang/cargo/issues/10583
|
|
CARGO_NET_GIT_FETCH_WITH_CLI: true
|
|
CIBW_ENVIRONMENT_PASS_LINUX: CARGO_NET_GIT_FETCH_WITH_CLI
|
|
|
|
- uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
|
|
with:
|
|
name: Wheel-${{ matrix.os }}-${{ matrix.arch }}
|
|
path: ./wheelhouse/*.whl
|
|
|
|
build-sdist:
|
|
name: Build sdist
|
|
runs-on: ubuntu-latest
|
|
if: ${{ !startsWith(github.ref, 'refs/pull/') }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5.4.0
|
|
with:
|
|
python-version: '3.10'
|
|
|
|
- run: pip install build
|
|
|
|
- name: Build sdist
|
|
run: python -m build --sdist
|
|
|
|
- uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
|
|
with:
|
|
name: Sdist
|
|
path: dist/*.tar.gz
|
|
|
|
|
|
# if it's a tag, create a release and attach the artifacts to it
|
|
attach-assets:
|
|
name: "Attach assets to release"
|
|
if: ${{ !failure() && !cancelled() && startsWith(github.ref, 'refs/tags/') }}
|
|
needs:
|
|
- build-debs
|
|
- build-wheels
|
|
- build-sdist
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Download all workflow run artifacts
|
|
uses: actions/download-artifact@b14cf4c92620c250e1c074ab0a5800e37df86765 # v4.2.0
|
|
- name: Build a tarball for the debs
|
|
# We need to merge all the debs uploads into one folder, then compress
|
|
# that.
|
|
run: |
|
|
mkdir debs
|
|
mv debs*/* debs/
|
|
tar -cvJf debs.tar.xz debs
|
|
- name: Attach to release
|
|
# Pinned to work around https://github.com/softprops/action-gh-release/issues/445
|
|
uses: softprops/action-gh-release@de2c0eb89ae2a093876385947365aca7b0e5f844 # v0.1.15
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
files: |
|
|
Sdist/*
|
|
Wheel*/*
|
|
debs.tar.xz
|
|
# if it's not already published, keep the release as a draft.
|
|
draft: true
|
|
# mark it as a prerelease if the tag contains 'rc'.
|
|
prerelease: ${{ contains(github.ref, 'rc') }}
|