Skip to content

fixing dependency of final job reporting outcome #3

fixing dependency of final job reporting outcome

fixing dependency of final job reporting outcome #3

# Workflow triggered when labeling a pull request with `build::check`
# This action is adapted from https://github.com/t4d-gmbh/stubbed_versioning
name: Check Container Builds
on:
pull_request:
types: [ labeled ]
env:
LABEL_CHECK: 'build::check'
LABEL_SUCCESS: 'build::passed'
LABEL_FAILURE: 'build::failed'
DOCKER_REGISTRY: ${{ vars.DOCKER_REGISTRY }} # where to register the image
REPO_PATH: ${{ vars.REPO_PATH }}
# REPO_PATH: github.com:furrer-lab/abn.git # for private repo cloned via ssh
# Set the path to the package where the DESCRIPTION file can be found
PACKAGE_PATH: ${{ vars.PACKAGE_PATH || './' }}
JAGS: ${{ vars.JAGS }}
# this if for the valgrind container only
DRMEMORY: ${{ vars.DRMEMORY }}
CHGLOG_RELEASE: ${{ vars.CHGLOG_RELEASE }}
CHGLOG_PATH: ${{ vars.CHGLOG_PATH }}
jobs:
build:
runs-on: ubuntu-latest
env:
CUSTOM_TAG: "${{ needs.increment-tag.outputs.VERSION }}"
permissions: # for `GITHUB_TOKEN`
contents: read
packages: write
strategy:
fail-fast: false
matrix:
# NOTE: valgrind container is fedora, gcc, devel
# see https://r-hub.github.io/containers/containers.html#valgrind
target-os: ['debian', 'fedora']
compiler: ['gcc', 'clang']
r-version: ['devel', 'release', 'patched']
exclude:
- target-os: 'fedora'
r-version: 'release'
- target-os: 'fedora'
r-version: 'patched'
- compiler: 'clang'
r-version: 'patched'
- compiler: 'clang'
r-version: 'release'
include:
- target-os: 'valgrind'
compiler: 'gcc'
r-version: 'devel'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to the registry
uses: docker/login-action@65b78e6e13532edd9afa3aa52ac7964289d1a9c1
with:
registry: ${{ env.DOCKER_REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Extract tags and labels
id: meta
uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
with:
# TODO: set a proper name of the image (same as in context below)
images: ${{ env.DOCKER_REGISTRY}}/${{ format('{0}/{1}/{2}/{3}/abn', github.repository, matrix.target-os, matrix.compiler, matrix.r-version ) }}
tags: | # set Docker tags to git tags
type=raw,value=${{ env.CUSTOM_TAG }}
type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', 'main') }}
# For private repo cloned via ssh we need a deploy key
# - name: Write the ssh key file
# run: |
# echo "${{ secrets.DEVEL_ABN_DEPLOY }}" >> ssh_key
# shell: bash
- name: Build and push
uses: docker/build-push-action@f2a1d5e99d037542a71f64918e516c093c6f3fc4
with:
context: ${{ format('./containers/{0}/', matrix.target-os ) }}
push: false
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
build-args: |
TARGET_OS=${{ matrix.target-os }}
COMPILER=${{ matrix.compiler }}
R_VERSION=${{ matrix.r-version }}
PACKAGE_PATH=${{ env.PACKAGE_PATH}}
REPO_PATH=${{ env.REPO_PATH }}
JAGS=${{ env.JAGS }}
DRMEMORY=${{ env.DRMEMORY }}
# For private repo cloned via ssh
# secret-files: |
# key=./ssh_key
container-integrity-and-config:
runs-on: ubuntu-22.04
needs: [ 'build' ]
permissions:
contents: write
packages: read
container:
image: ${{ vars.CONTAINER_SOURCE }}/${{ matrix.target-os }}/${{ matrix.compiler }}/${{ matrix.r-version }}/abn:${{ needs.increment-tag.outputs.VERSION }}
options: --user 1001
credentials:
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
strategy:
matrix:
target-os: ['debian', 'fedora']
compiler: ['gcc', 'clang']
r-version: ['devel', 'release', 'patched']
exclude:
- target-os: 'fedora'
r-version: 'release'
- target-os: 'fedora'
r-version: 'patched'
- compiler: 'clang'
r-version: 'patched'
- compiler: 'clang'
r-version: 'release'
include:
- target-os: 'valgrind'
compiler: 'gcc'
r-version: 'devel'
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
fetch-depth: '0'
- name: Install knitr
run: |
dir.create(Sys.getenv("R_LIBS_USER"), recursive = TRUE)
.libPaths(Sys.getenv("R_LIBS_USER"))
install.packages("knitr")
shell: Rscript {0}
- name: Write out configuration
run: |
Rscript -e 'args<-commandArgs(TRUE);knitr::knit_hooks$set(output = function(x, options){gsub("##", ">\n> ", x)});knitr::knit("src/release_info.tpl", sprintf("info/%s-%s-%s-%s.md", args[1], args[2], args[3], args[4]))' ${{ matrix.target-os}} ${{ matrix.compiler }} ${{ matrix.r-version }} abn
- name: Save config as artifact
uses: actions/upload-artifact@v4
with:
name: info-artifact-${{ matrix.target-os }}_${{ matrix.compiler }}_${{ matrix.r-version }}
path: info/${{ matrix.target-os }}-${{ matrix.compiler }}-${{ matrix.r-version }}-abn.md
report_build_check:
if: ${{ (success() || failure()) }}
needs:
- container-integrity-and-config
runs-on: ubuntu-latest
permissions:
contents: write
pull-requests: write
repository-projects: write
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
steps:
- uses: actions/checkout@v4
- name: Check if on demand tasks succeeded
run: |
gh pr edit ${{ env.EVENT }} --remove-label ${{ env.LABEL_CHECK }} --repo ${{ env.OWNER }}/${{ env.REPO }}
if [ ${{ needs.container-integrity-and-config.result }} == "success" ]; then
gh pr edit ${{ env.EVENT }} --remove-label ${{ env.LABEL_FAILURE }} --repo ${{ env.OWNER }}/${{ env.REPO }}
gh pr edit ${{ env.EVENT }} --add-label ${{ env.LABEL_SUCCESS }} --repo ${{ env.OWNER }}/${{ env.REPO }}
echo "### ${{ github.event.label.url }} passed! :rocket:" >> $GITHUB_STEP_SUMMARY
exit 0
elif [ ${{ needs.container-integrity-and-config.result }} == "failure" ]; then
gh pr edit ${{ env.EVENT }} --remove-label ${{ env.LABEL_SUCCESS }} --repo ${{ env.OWNER }}/${{ env.REPO }}
gh pr edit ${{ env.EVENT }} --add-label ${{ env.LABEL_FAILURE }} --repo ${{ env.OWNER }}/${{ env.REPO }}
echo "### ${{ github.event.label.url }} failed!" >> $GITHUB_STEP_SUMMARY
exit 1
else
gh pr edit ${{ env.EVENT }} --add-label ${{ env.LABEL_CHECK }} --repo ${{ env.OWNER }}/${{ env.REPO }}
echo "Container build task outcome was: ${{ steps.container-integrity-and-config.outcome }}"
fi
shell: bash
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
EVENT: ${{ github.event.number }} # This is either the issue or pr
record_existing_label:
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
permissions:
contents: write
pull-requests: write
repository-projects: write
outputs:
passed: ${{ steps.passed.outputs.PASSED}}
steps:
- name: Check if the pull request is labeled with ${{ env.LABEL_SUCCESS }} # 2
id: passed
run: |
if $( gh pr view ${{ env.EVENT }} --repo ${{ env.OWNER }}/${{ env.REPO }} --json "labels" --jq ".[].[].name" | grep --quiet ${{ env.LABEL_SUCCESS }}); then
echo "PASSED=true" >> $GITHUB_OUTPUT
else
echo "PASSED=false" >> $GITHUB_OUTPUT
fi
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
EVENT: ${{ github.event.number }} # This is either the issue or pr
build_check_passed:
if: ${{ always() }}
needs:
- record_existing_label
- container-integrity-and-config:
runs-on: ubuntu-latest
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
OWNER: ${{ github.repository_owner }}
REPO: ${{ github.event.repository.name }}
steps:
- name: Assert that either checks passed or the label is present
run: |
if [[ ${{ needs.build.result }} == 'success' || ${{ needs.record_passed_label.outputs.passed }} == 'true' ]]; then
echo 'The images were built successfully!';
else exit 1; fi