Implement Linux sandboxes #152

Workflow file for this run

.github/workflows/vorpal.yaml at 7a552a0

	name: vorpal

	on:
	pull_request:
	push:
	branches:
	- main

	jobs:
	dev:
	runs-on: ${{ matrix.runner }}
	strategy:
	matrix:
	runner:
	- macos-latest
	- ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/cache/restore@v4
	with:
	key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
	path: .env

	- run: ./script/dev.sh

	- uses: actions/cache/save@v4
	with:
	key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
	path: .env

	code-quality:
	needs:
	- dev
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/cache/restore@v4
	with:
	key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
	path: .env

	- uses: actions/cache/restore@v4
	with:
	key: package-target-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
	path: target

	- run: ./script/dev.sh # prebake
	- run: ./script/dev.sh make format
	- run: ./script/dev.sh make lint

	package:
	needs:
	- code-quality
	runs-on: ${{ matrix.runner }}
	strategy:
	matrix:
	runner:
	- macos-latest
	- ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- uses: actions/cache/restore@v4
	with:
	key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
	path: .env

	- uses: actions/cache/restore@v4
	with:
	key: package-target-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
	path: target

	- run: ./script/dev.sh # prebake
	- run: ./script/dev.sh make dist

	- run: \|
	echo "ARCH=$(uname -m \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
	echo "OS=$(uname -s \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV

	- uses: actions/upload-artifact@v4
	with:
	name: vorpal-${{ env.ARCH }}-${{ env.OS }}
	path: vorpal-${{ env.ARCH }}-${{ env.OS }}.tar.gz

	- uses: actions/cache/save@v4
	with:
	key: package-target-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('Cargo.lock') }}
	path: target

	test:
	needs:
	- package
	runs-on: ${{ matrix.runner }}
	strategy:
	matrix:
	runner:
	- macos-latest
	- ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	- if: matrix.runner == 'ubuntu-latest'
	run: \|
	./script/dev/debian.sh
	sudo chmod u+s $(which -a bwrap \| head -n 1)
	sudo aa-teardown \|\| true
	sudo systemctl stop apparmor
	sudo systemctl disable apparmor
	sudo rm -rf /etc/apparmor.d/*

	- uses: actions/cache/restore@v4
	with:
	key: dev-env-${{ runner.arch }}-${{ runner.os }}-${{ hashFiles('script/dev.sh', 'script/dev/**') }}
	path: .env

	- run: echo "$PWD/.env/bin" >> $GITHUB_PATH

	- run: which nickel

	- run: \|
	echo "ARCH=$(uname -m \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
	echo "OS=$(uname -s \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV

	- uses: actions/download-artifact@v4
	with:
	name: vorpal-${{ env.ARCH }}-${{ env.OS }}

	- run: tar -xzf "vorpal-${ARCH}-${OS}.tar.gz"

	- run: \|
	sudo mkdir -p /var/lib/vorpal
	sudo chown -R $(id -u):$(id -g) /var/lib/vorpal

	- run: ./vorpal keys generate
	- run: ./vorpal check

	- run: \|
	./vorpal worker start > worker_output.log 2>&1 &
	WORKER_PID=$(echo $!)
	echo "WORKER_PID=$WORKER_PID" >> $GITHUB_ENV
	echo "Worker pid: $WORKER_PID"

	- run: ./vorpal build

	- if: always()
	run: \|
	cat worker_output.log
	kill $WORKER_PID

	# release:
	# needs:
	# - test
	# permissions:
	# attestations: write
	# contents: write
	# id-token: write
	# packages: write
	# runs-on: ubuntu-latest
	# steps:
	# - uses: actions/checkout@v4
	#
	# - uses: actions/download-artifact@v4
	# with:
	# fail-on-cache-miss: true
	# pattern: vorpal-*
	#
	# - run: git fetch --tags
	#
	# - if: github.ref == 'refs/heads/main'
	# env:
	# GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	# run: \|
	# if gh release view edge > /dev/null 2>&1; then
	# gh release delete --cleanup-tag --yes edge
	# fi
	# git tag edge
	# git push --tags
	#
	# - if: github.ref == 'refs/heads/main'
	# uses: softprops/action-gh-release@v2
	# with:
	# body: Latest artifacts from `main` branch when merged.
	# fail_on_unmatched_files: true
	# files: \|
	# vorpal-aarch64-linux/vorpal-aarch64-linux.tar.gz
	# vorpal-x86_64-linux/vorpal-x86_64-linux.tar.gz
	# name: edge
	# prerelease: true
	# tag_name: refs/tags/edge
	#
	# - run: \|
	# mkdir -p dist/aarch64-linux
	# mkdir -p dist/x86_64-linux
	# tar -xzf vorpal-aarch64-linux/vorpal-aarch64-linux.tar.gz -C dist/aarch64-linux
	# tar -xzf vorpal-x86_64-linux/vorpal-x86_64-linux.tar.gz -C dist/x86_64-linux
	#
	# - if: github.ref == 'refs/heads/main'
	# uses: actions/attest-build-provenance@v1
	# with:
	# subject-path: \|
	# dist/aarch64-linux/vorpal
	# dist/x86_64-linux/vorpal

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Implement Linux sandboxes #152

Workflow file

Implement Linux sandboxes #152

Jobs

Run details

Workflow file for this run