From 5ac71ea412238ef0d7a10291be474180647d84e2 Mon Sep 17 00:00:00 2001 From: phlax Date: Tue, 18 Jul 2023 12:11:06 +0100 Subject: [PATCH] ci/examples: Improve CI config (#28445) Signed-off-by: Ryan Northey --- .../actions/verify/examples/setup/action.yml | 35 ++++++ .github/workflows/_ci.yml | 7 +- .github/workflows/envoy-publish.yml | 77 +++++++++++++ .github/workflows/envoy-verify.yml | 105 ------------------ .github/workflows/workflow-complete.yml | 2 +- 5 files changed, 117 insertions(+), 109 deletions(-) create mode 100644 .github/actions/verify/examples/setup/action.yml create mode 100644 .github/workflows/envoy-publish.yml delete mode 100644 .github/workflows/envoy-verify.yml diff --git a/.github/actions/verify/examples/setup/action.yml b/.github/actions/verify/examples/setup/action.yml new file mode 100644 index 000000000000..410a4a6bca6d --- /dev/null +++ b/.github/actions/verify/examples/setup/action.yml @@ -0,0 +1,35 @@ +inputs: + ref: + type: string + required: true + +runs: + using: composite + steps: + - id: url + run: | + echo "base=https://storage.googleapis.com/${BUCKET}/${REF:0:7}/docker" \ + >> "$GITHUB_OUTPUT" + env: + BUCKET: envoy-${{ github.event_name == 'pull_request' && 'pr' || 'postsubmit' }} + REF: ${{ inputs.ref }} + shell: bash + - uses: envoyproxy/toolshed/gh-actions/docker/fetch@actions-v0.0.8 + with: + url: "${{ steps.url.outputs.base }}/envoy.tar" + variant: dev + - uses: envoyproxy/toolshed/gh-actions/docker/fetch@actions-v0.0.8 + with: + url: "${{ steps.url.outputs.base }}/envoy-contrib.tar" + variant: contrib-dev + - uses: envoyproxy/toolshed/gh-actions/docker/fetch@actions-v0.0.8 + with: + url: "${{ steps.url.outputs.base }}/envoy-google-vrp.tar" + variant: google-vrp-dev + - run: docker images | grep envoy + shell: bash + - run: | + export DEBIAN_FRONTEND=noninteractive + sudo apt-get -qq update -y + sudo apt-get -qq install -y --no-install-recommends expect + shell: bash diff --git a/.github/workflows/_ci.yml b/.github/workflows/_ci.yml index ebfd8caeb666..ecaa810aac81 100644 --- a/.github/workflows/_ci.yml +++ b/.github/workflows/_ci.yml @@ -73,7 +73,8 @@ jobs: runs-on: ubuntu-22.04 name: do_ci.sh ${{ inputs.target }} steps: - - uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.0.7 + - if: ${{ inputs.cache_build_image }} + uses: envoyproxy/toolshed/gh-actions/docker/cache/restore@actions-v0.0.8 with: image_tag: ${{ inputs.cache_build_image }} - uses: actions/checkout@v3 @@ -101,7 +102,7 @@ jobs: name: "Check disk space at beginning" - if: ${{ inputs.run_pre }} - uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.7 + uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.8 with: uses: ${{ inputs.run_pre }} with: ${{ inputs.run_pre_with }} @@ -123,7 +124,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - if: ${{ inputs.run_post }} - uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.7 + uses: envoyproxy/toolshed/gh-actions/using/recurse@actions-v0.0.8 with: uses: ${{ inputs.run_post }} with: ${{ inputs.run_post_with }} diff --git a/.github/workflows/envoy-publish.yml b/.github/workflows/envoy-publish.yml new file mode 100644 index 000000000000..1ee900796eae --- /dev/null +++ b/.github/workflows/envoy-publish.yml @@ -0,0 +1,77 @@ +name: Publish & verify + +on: + # This runs untrusted code, do not expose secrets in the verify job + workflow_dispatch: + inputs: + ref: + description: "Git SHA ref to checkout" + sha: + description: "Git SHA of commit HEAD (ie last commit of PR)" + head_ref: + description: "Ref for grouping PRs" + +concurrency: + group: ${{ github.event.inputs.head_ref || github.run_id }}-${{ github.workflow }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + check: + if: | + ${{ + github.repository == 'envoyproxy/envoy' + && (!contains(github.actor, '[bot]') + || github.actor == 'trigger-workflow-envoy[bot]') + }} + uses: ./.github/workflows/_workflow-start.yml + permissions: + contents: read + statuses: write + with: + workflowName: Verify/examples + + env: + uses: ./.github/workflows/_env.yml + cache: + needs: + - env + uses: ./.github/workflows/_cache_docker.yml + with: + image_tag: "${{ needs.env.outputs.build_image_ubuntu }}" + + ci: + needs: + - check + - env + - cache + strategy: + fail-fast: false + matrix: + include: + - target: verify_examples + rbe: false + managed: true + cache_build_image: "" + command_prefix: "" + diskspace_hack: true + run_pre: ./.github/actions/verify/examples/setup + run_pre_with: | + ref: ${{ inputs.ref }} + env: | + export NO_BUILD_SETUP=1 + uses: ./.github/workflows/_ci.yml + name: CI ${{ matrix.target }} + with: + target: ${{ matrix.target }} + rbe: ${{ matrix.rbe }} + managed: ${{ matrix.managed }} + cache_build_image: ${{ matrix.cache_build_image }} + diskspace_hack: ${{ matrix.diskspace_hack }} + command_prefix: ${{ matrix.command_prefix }} + run_pre: ${{ matrix.run_pre }} + run_pre_with: ${{ matrix.run_pre_with }} + env: ${{ matrix.env }} + secrets: inherit diff --git a/.github/workflows/envoy-verify.yml b/.github/workflows/envoy-verify.yml deleted file mode 100644 index 33214ba13840..000000000000 --- a/.github/workflows/envoy-verify.yml +++ /dev/null @@ -1,105 +0,0 @@ -name: Verify/examples - -on: - # This runs untrusted code, do not expose secrets in the verify job - workflow_dispatch: - inputs: - ref: - description: "Git SHA ref to checkout" - sha: - description: "Git SHA of commit HEAD (ie last commit of PR)" - head_ref: - description: "Ref for grouping PRs" - -concurrency: - group: ${{ github.event.inputs.head_ref || github.run_id }}-${{ github.workflow }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - check: - if: | - ${{ - github.repository == 'envoyproxy/envoy' - && (!contains(github.actor, '[bot]') - || github.actor == 'trigger-workflow-envoy[bot]') - }} - uses: ./.github/workflows/_workflow-start.yml - permissions: - contents: read - statuses: write - with: - workflowName: ${{ github.workflow }} - - # Runs untrusted code - verify-examples: - runs-on: ubuntu-22.04 - needs: check - steps: - - run: | - echo "Disk space before cruft removal" - df -h - - TO_REMOVE=( - /opt/hostedtoolcache - /usr/local/lib/android - /usr/local/.ghcup) - - for removal in "${TO_REMOVE[@]}"; do - echo "Removing: ${removal} ..." - sudo rm -rf "$removal" - done - - echo "Disk space after cruft removal" - df -h - - # Checkout the repo at provided commit - - name: 'Checkout Repository' - uses: actions/checkout@v3 - with: - ref: "${{ inputs.ref }}" - - - run: | - set -e - - BUCKET="envoy-postsubmit" - PULL_REGEX="^refs/pull/*" - if [[ "${{ inputs.head_ref }}" =~ ${PULL_REGEX} ]]; then - BUCKET="envoy-pr" - fi - - DOWNLOAD_PATH="$(echo "${{ inputs.ref }}" | head -c 7)" - - tmpdir=$(mktemp -d) - cd "$tmpdir" - images=("" "contrib" "google-vrp") - for image in "${images[@]}"; do - if [[ -n "$image" ]]; then - variant="${image}-dev" - filename="envoy-${image}.tar" - else - variant=dev - filename="envoy.tar" - fi - fileurl="https://storage.googleapis.com/${BUCKET}/${DOWNLOAD_PATH}/docker/${filename}" - echo "Download docker image (${fileurl}) ..." - curl -sLO "$fileurl" - echo "Copy oci image: oci-archive:${filename} docker-daemon:envoyproxy/envoy:${variant}" - skopeo copy -q "oci-archive:${filename}" "docker-daemon:envoyproxy/envoy:${variant}" - rm "$filename" - done - docker images | grep envoy - - - run: | - set -e - export DEBIAN_FRONTEND=noninteractive - sudo apt-get -qq update -y - sudo apt-get -qq install -y --no-install-recommends expect - - - run: | - ./ci/do_ci.sh verify_examples - env: - NO_BUILD_SETUP: 1 - # ENVOY_EXAMPLES_DEBUG: 1 diff --git a/.github/workflows/workflow-complete.yml b/.github/workflows/workflow-complete.yml index 86fac2dbe0f0..c1db65ba5144 100644 --- a/.github/workflows/workflow-complete.yml +++ b/.github/workflows/workflow-complete.yml @@ -6,7 +6,7 @@ on: # Do not run untrusted code here workflow_run: workflows: - - Verify/examples + - Publish & verify types: - completed