Skip to content

Commit

Permalink
Switch CI to Roles (#591)
Browse files Browse the repository at this point in the history
  • Loading branch information
DmitriyMusatkin authored Dec 6, 2024
1 parent 71c2eef commit 02ffc15
Show file tree
Hide file tree
Showing 2 changed files with 101 additions and 58 deletions.
155 changes: 99 additions & 56 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,21 +7,21 @@ on:
- 'docs'

env:
BUILDER_VERSION: v0.9.62
BUILDER_VERSION: v0.9.73
BUILDER_SOURCE: releases
BUILDER_HOST: https://d19elf31gohf1l.cloudfront.net
PACKAGE_NAME: aws-crt-nodejs
LINUX_BASE_IMAGE: ubuntu-18-x64
RUN: ${{ github.run_id }}-${{ github.run_number }}
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
AWS_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
CRT_CI_ROLE: ${{ secrets.CRT_CI_ROLE_ARN }}
AWS_DEFAULT_REGION: us-east-1

jobs:
permissions:
id-token: write # This is required for requesting the JWT

jobs:
linux-compat:
runs-on: ubuntu-20.04 # latest
runs-on: ubuntu-24.04 # latest
strategy:
fail-fast: false
matrix:
Expand All @@ -35,54 +35,63 @@ jobs:
- rhel8-x64
- raspbian-bullseye
steps:
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
musl-linux:
runs-on: ubuntu-20.04 # latest
runs-on: ubuntu-24.04 # latest
strategy:
fail-fast: false
matrix:
image:
- alpine-3.16-x64
steps:
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-${{ matrix.image }} build -p ${{ env.PACKAGE_NAME }}
linux-musl-armv7:
runs-on: ubuntu-20.04 # latest
strategy:
fail-fast: false
matrix:
image:
- alpine-3.16-x64
steps:
- name: Install qemu/docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Checkout Sources
uses: actions/checkout@v2
with:
submodules: true
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
export AWS_CRT_ARCH=armv7
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-alpine-3.16-armv7 build -p ${{ env.PACKAGE_NAME }}
runs-on: ubuntu-24.04 # latest
strategy:
fail-fast: false
matrix:
image:
- alpine-3.16-x64
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Install qemu/docker
run: docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- name: Checkout Sources
uses: actions/checkout@v2
with:
submodules: true
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
export AWS_CRT_ARCH=armv7
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
./linux-container-ci.sh ${{ env.BUILDER_VERSION }} aws-crt-alpine-3.16-armv7 build -p ${{ env.PACKAGE_NAME }}
linux-compiler-compat:
runs-on: ubuntu-20.04 # latest
runs-on: ubuntu-24.04 # latest
strategy:
fail-fast: false
matrix:
Expand All @@ -93,14 +102,20 @@ jobs:
clang-9,
clang-10,
clang-11,
clang-15,
gcc-4.8,
gcc-5,
gcc-6,
gcc-7,
gcc-8
gcc-8,
gcc-11
]
steps:
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
# We can't use the `uses: docker://image` version yet, GitHub lacks authentication for actions -> packages
- name: Build ${{ env.PACKAGE_NAME }}
run: |
aws s3 cp s3://aws-crt-test-stuff/ci/${{ env.BUILDER_VERSION }}/linux-container-ci.sh ./linux-container-ci.sh && chmod a+x ./linux-container-ci.sh
Expand All @@ -109,6 +124,10 @@ jobs:
windows:
runs-on: windows-2022 # latest
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder.pyz')"
Expand All @@ -117,6 +136,10 @@ jobs:
windows-vc14-x86:
runs-on: windows-2019 # windows-2019 is last env with Visual Studio 2015 (v14.0)
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
env:
AWS_CMAKE_TOOLSET: v140
Expand All @@ -132,6 +155,10 @@ jobs:
macos:
runs-on: macos-14 # latest
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
Expand All @@ -145,6 +172,10 @@ jobs:
macos-x64:
runs-on: macos-14-large # latest
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Build ${{ env.PACKAGE_NAME }} + consumers
run: |
python3 -c "from urllib.request import urlretrieve; urlretrieve('${{ env.BUILDER_HOST }}/${{ env.BUILDER_SOURCE }}/${{ env.BUILDER_VERSION }}/builder.pyz?run=${{ env.RUN }}', 'builder')"
Expand All @@ -165,19 +196,27 @@ jobs:
# check that docs can still build
check-docs:
runs-on: ubuntu-20.04 # latest
runs-on: ubuntu-24.04 # latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Check docs
run: |
npm ci
./make-docs.sh
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- uses: actions/checkout@v4
with:
submodules: true
- name: Check docs
run: |
npm ci
./make-docs.sh
check-submodules:
runs-on: ubuntu-20.04 # latest
runs-on: ubuntu-24.04 # latest
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- name: Checkout Source
uses: actions/checkout@v4
with:
Expand All @@ -189,11 +228,15 @@ jobs:
uses: awslabs/aws-crt-builder/.github/actions/check-submodules@main

check-lockfile-version:
runs-on: ubuntu-20.04 # latest
runs-on: ubuntu-24.04 # latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check for edits to package-lock.json
run: |
test `jq -r '.lockfileVersion' package-lock.json` = 1
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ env.CRT_CI_ROLE }}
aws-region: ${{ env.AWS_DEFAULT_REGION }}
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Check for edits to package-lock.json
run: |
test `jq -r '.lockfileVersion' package-lock.json` = 1
4 changes: 2 additions & 2 deletions .github/workflows/docs.yml
Original file line number Diff line number Diff line change
Expand Up @@ -9,12 +9,12 @@ on:

jobs:
update-docs-branch:
runs-on: ubuntu-20.04 # latest
runs-on: ubuntu-24.04 # latest
permissions:
contents: write # allow push
steps:
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4
with:
submodules: true

Expand Down

0 comments on commit 02ffc15

Please sign in to comment.