fixing dependency of final job reporting outcome #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Workflow triggered when labeling a pull request with `build::check` | |
# This action is adapted from https://github.com/t4d-gmbh/stubbed_versioning | |
name: Check Container Builds | |
on: | |
pull_request: | |
types: [ labeled ] | |
env: | |
LABEL_CHECK: 'build::check' | |
LABEL_SUCCESS: 'build::passed' | |
LABEL_FAILURE: 'build::failed' | |
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }} # where to register the image | |
REPO_PATH: ${{ vars.REPO_PATH }} | |
# REPO_PATH: github.com:furrer-lab/abn.git # for private repo cloned via ssh | |
# Set the path to the package where the DESCRIPTION file can be found | |
PACKAGE_PATH: ${{ vars.PACKAGE_PATH || './' }} | |
JAGS: ${{ vars.JAGS }} | |
# this if for the valgrind container only | |
DRMEMORY: ${{ vars.DRMEMORY }} | |
CHGLOG_RELEASE: ${{ vars.CHGLOG_RELEASE }} | |
CHGLOG_PATH: ${{ vars.CHGLOG_PATH }} | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
env: | |
CUSTOM_TAG: "${{ needs.increment-tag.outputs.VERSION }}" | |
permissions: # for `GITHUB_TOKEN` | |
contents: read | |
packages: write | |
strategy: | |
fail-fast: false | |
matrix: | |
# NOTE: valgrind container is fedora, gcc, devel | |
# see https://r-hub.github.io/containers/containers.html#valgrind | |
target-os: ['debian', 'fedora'] | |
compiler: ['gcc', 'clang'] | |
r-version: ['devel', 'release', 'patched'] | |
exclude: | |
- target-os: 'fedora' | |
r-version: 'release' | |
- target-os: 'fedora' | |
r-version: 'patched' | |
- compiler: 'clang' | |
r-version: 'patched' | |
- compiler: 'clang' | |
r-version: 'release' | |
include: | |
- target-os: 'valgrind' | |
compiler: 'gcc' | |
r-version: 'devel' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Log in to the registry | |
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1 | |
with: | |
registry: ${{ env.DOCKER_REGISTRY }} | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract tags and labels | |
id: meta | |
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7 | |
with: | |
# TODO: set a proper name of the image (same as in context below) | |
images: ${{ env.DOCKER_REGISTRY}}/${{ format('{0}/{1}/{2}/{3}/abn', github.repository, matrix.target-os, matrix.compiler, matrix.r-version ) }} | |
tags: | # set Docker tags to git tags | |
type=raw,value=${{ env.CUSTOM_TAG }} | |
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }} | |
# For private repo cloned via ssh we need a deploy key | |
# - name: Write the ssh key file | |
# run: | | |
# echo "${{ secrets.DEVEL_ABN_DEPLOY }}" >> ssh_key | |
# shell: bash | |
- name: Build and push | |
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4 | |
with: | |
context: ${{ format('./containers/{0}/', matrix.target-os ) }} | |
push: false | |
tags: ${{ steps.meta.outputs.tags }} | |
labels: ${{ steps.meta.outputs.labels }} | |
build-args: | | |
TARGET_OS=${{ matrix.target-os }} | |
COMPILER=${{ matrix.compiler }} | |
R_VERSION=${{ matrix.r-version }} | |
PACKAGE_PATH=${{ env.PACKAGE_PATH}} | |
REPO_PATH=${{ env.REPO_PATH }} | |
JAGS=${{ env.JAGS }} | |
DRMEMORY=${{ env.DRMEMORY }} | |
# For private repo cloned via ssh | |
# secret-files: | | |
# key=./ssh_key | |
container-integrity-and-config: | |
runs-on: ubuntu-22.04 | |
needs: [ 'build' ] | |
permissions: | |
contents: write | |
packages: read | |
container: | |
image: ${{ vars.CONTAINER_SOURCE }}/${{ matrix.target-os }}/${{ matrix.compiler }}/${{ matrix.r-version }}/abn:${{ needs.increment-tag.outputs.VERSION }} | |
options: --user 1001 | |
credentials: | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
strategy: | |
matrix: | |
target-os: ['debian', 'fedora'] | |
compiler: ['gcc', 'clang'] | |
r-version: ['devel', 'release', 'patched'] | |
exclude: | |
- target-os: 'fedora' | |
r-version: 'release' | |
- target-os: 'fedora' | |
r-version: 'patched' | |
- compiler: 'clang' | |
r-version: 'patched' | |
- compiler: 'clang' | |
r-version: 'release' | |
include: | |
- target-os: 'valgrind' | |
compiler: 'gcc' | |
r-version: 'devel' | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: '0' | |
- name: Install knitr | |
run: | | |
dir.create(Sys.getenv("R_LIBS_USER"), recursive = TRUE) | |
.libPaths(Sys.getenv("R_LIBS_USER")) | |
install.packages("knitr") | |
shell: Rscript {0} | |
- name: Write out configuration | |
run: | | |
Rscript -e 'args<-commandArgs(TRUE);knitr::knit_hooks$set(output = function(x, options){gsub("##", ">\n> ", x)});knitr::knit("src/release_info.tpl", sprintf("info/%s-%s-%s-%s.md", args[1], args[2], args[3], args[4]))' ${{ matrix.target-os}} ${{ matrix.compiler }} ${{ matrix.r-version }} abn | |
- name: Save config as artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: info-artifact-${{ matrix.target-os }}_${{ matrix.compiler }}_${{ matrix.r-version }} | |
path: info/${{ matrix.target-os }}-${{ matrix.compiler }}-${{ matrix.r-version }}-abn.md | |
report_build_check: | |
if: ${{ (success() || failure()) }} | |
needs: | |
- container-integrity-and-config | |
runs-on: ubuntu-latest | |
permissions: | |
contents: write | |
pull-requests: write | |
repository-projects: write | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
OWNER: ${{ github.repository_owner }} | |
REPO: ${{ github.event.repository.name }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Check if on demand tasks succeeded | |
run: | | |
gh pr edit ${{ env.EVENT }} --remove-label ${{ env.LABEL_CHECK }} --repo ${{ env.OWNER }}/${{ env.REPO }} | |
if [ ${{ needs.container-integrity-and-config.result }} == "success" ]; then | |
gh pr edit ${{ env.EVENT }} --remove-label ${{ env.LABEL_FAILURE }} --repo ${{ env.OWNER }}/${{ env.REPO }} | |
gh pr edit ${{ env.EVENT }} --add-label ${{ env.LABEL_SUCCESS }} --repo ${{ env.OWNER }}/${{ env.REPO }} | |
echo "### ${{ github.event.label.url }} passed! :rocket:" >> $GITHUB_STEP_SUMMARY | |
exit 0 | |
elif [ ${{ needs.container-integrity-and-config.result }} == "failure" ]; then | |
gh pr edit ${{ env.EVENT }} --remove-label ${{ env.LABEL_SUCCESS }} --repo ${{ env.OWNER }}/${{ env.REPO }} | |
gh pr edit ${{ env.EVENT }} --add-label ${{ env.LABEL_FAILURE }} --repo ${{ env.OWNER }}/${{ env.REPO }} | |
echo "### ${{ github.event.label.url }} failed!" >> $GITHUB_STEP_SUMMARY | |
exit 1 | |
else | |
gh pr edit ${{ env.EVENT }} --add-label ${{ env.LABEL_CHECK }} --repo ${{ env.OWNER }}/${{ env.REPO }} | |
echo "Container build task outcome was: ${{ steps.container-integrity-and-config.outcome }}" | |
fi | |
shell: bash | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
EVENT: ${{ github.event.number }} # This is either the issue or pr | |
record_existing_label: | |
runs-on: ubuntu-latest | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
OWNER: ${{ github.repository_owner }} | |
REPO: ${{ github.event.repository.name }} | |
permissions: | |
contents: write | |
pull-requests: write | |
repository-projects: write | |
outputs: | |
passed: ${{ steps.passed.outputs.PASSED}} | |
steps: | |
- name: Check if the pull request is labeled with ${{ env.LABEL_SUCCESS }} # 2 | |
id: passed | |
run: | | |
if $( gh pr view ${{ env.EVENT }} --repo ${{ env.OWNER }}/${{ env.REPO }} --json "labels" --jq ".[].[].name" | grep --quiet ${{ env.LABEL_SUCCESS }}); then | |
echo "PASSED=true" >> $GITHUB_OUTPUT | |
else | |
echo "PASSED=false" >> $GITHUB_OUTPUT | |
fi | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
EVENT: ${{ github.event.number }} # This is either the issue or pr | |
build_check_passed: | |
if: ${{ always() }} | |
needs: | |
- record_existing_label | |
- container-integrity-and-config: | |
runs-on: ubuntu-latest | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
OWNER: ${{ github.repository_owner }} | |
REPO: ${{ github.event.repository.name }} | |
steps: | |
- name: Assert that either checks passed or the label is present | |
run: | | |
if [[ ${{ needs.build.result }} == 'success' || ${{ needs.record_passed_label.outputs.passed }} == 'true' ]]; then | |
echo 'The images were built successfully!'; | |
else exit 1; fi |