Package building workflow adjustments. (#10791)

Signed-off-by: Satadru Pramanik <satadru@gmail.com>
2026-01-08 23:18:10 -05:00 · 2024-11-25 17:33:42 -05:00
parent 0780199c82
commit d9cf152dfa
5 changed files with 99 additions and 39 deletions
--- a/.github/workflows/Repology.yml
+++ b/.github/workflows/Repology.yml
@@ -6,6 +6,7 @@ on:
  workflow_dispatch:
 jobs:
  generate:
+    if: ${{ github.repository_owner == 'chromebrew' }}
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v4
@@ -35,3 +36,4 @@ jobs:
          author: "github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>"
          commit-message: "Update Repology JSON"
          delete-branch: true
+          team-reviewers: active
--- a/.github/workflows/Unit-Test.yml
+++ b/.github/workflows/Unit-Test.yml
@@ -58,6 +58,7 @@ jobs:
            manifest/**
            packages/*.rb
            tools/packages.yaml
+            tools/*.json
      - name: Get all changed package files
        id: changed-ruby-files
        uses: tj-actions/changed-files@v45
--- a/.github/workflows/Updater.yml
+++ b/.github/workflows/Updater.yml
@@ -4,16 +4,22 @@ on:
  schedule:
    - cron: '0 0 * * *'  # Daily
  workflow_dispatch:
+env:
+  GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}  # setting GH_TOKEN for the entire workflow
+permissions:                    # Global permissions configuration starts here
+  contents: write                # 'read' access to repository contents
+  pull-requests: write          # 'write' access to pull requests
 jobs:
  update-check:
-    permissions:
-      actions: 'write'
+    if: ${{ github.repository_owner == 'chromebrew' }}
    runs-on: ubuntu-24.04
    outputs:
-      output1: ${{ steps.update-check.outputs.UPDATE_BRANCH_NAME }}  # https://stackoverflow.com/a/75142892
-      output2: ${{ steps.update-check.outputs.TIMESTAMP }}
+      output1: ${{ steps.set-variables.outputs.TIMESTAMP }}  # https://stackoverflow.com/a/75142892
+      output2: ${{ steps.set-variables.outputs.UPDATE_BRANCH_NAME }}
    steps:
      - uses: actions/checkout@v4
+        with:
+          persist-credentials: true
      - uses: ruby/setup-ruby@v1
        with:
          ruby-version: '3.3.6'
@@ -21,30 +27,70 @@ jobs:
        run: sudo apt install -y python3-pip
      - name: Install activesupport
        run: sudo apt install -y ruby-activesupport
-      - name: Configure git
+      - name: Set workflow & branch variables
+        id: set-variables
        run: |
-          git config --global user.name 'github-actions[bot]'
-          git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
-      - name: Check for updates in pip packages.
+          export TIMESTAMP="$(date -u +%F-%H-%M)"
+          export UPDATE_BRANCH_NAME="updates-${TIMESTAMP}"
+          echo "TIMESTAMP=${TIMESTAMP}" >> $GITHUB_OUTPUT
+          echo "UPDATE_BRANCH_NAME=${UPDATE_BRANCH_NAME}" >> $GITHUB_OUTPUT
+      - name: Git setup
        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          UPDATE_BRANCH_NAME: ${{ steps.set-variables.outputs.UPDATE_BRANCH_NAME }}
+        run: |
+          git pull && ( git checkout -b ${UPDATE_BRANCH_NAME} || git checkout ${UPDATE_BRANCH_NAME} )
+      - name: Check for updates in pip packages.
+        id: pip-update-checks
+        env:
+          UPDATE_BRANCH_NAME: ${{ steps.set-variables.outputs.UPDATE_BRANCH_NAME }}
        run: |
          tools/update_python_pip_packages.rb
          # Create a new branch with the updated package files only
          # if there are updated packages. Otherwise exit early.
          if [ -n "$(git status --porcelain)" ]; then
-            export UPDATE_BRANCH_NAME=updates-$(date --date='UTC' +%F-%H)"
-            echo "UPDATE_BRANCH_NAME=${UPDATE_BRANCH_NAME}" >> $GITHUB_OUTPUT
-            echo "TIMESTAMP=$(date --date='UTC' +%F-%H)" >> $GITHUB_OUTPUT
-            git checkout -b ${UPDATE_BRANCH_NAME}
+            echo "Python pip packages were updated."
+            git config user.name "${{ github.actor }}"
+            git config user.email "${{ github.actor }}@users.noreply.github.com"
            git add -A
            git commit -m "Add unbuilt updated pip packages to ${UPDATE_BRANCH_NAME}"
-            git push
          else
-            # https://stackoverflow.com/a/75809743
-            gh run cancel ${{ github.run_id }}
-            gh run watch ${{ github.run_id }}
+            echo "Python pip packages were not updated."
+            exit 1
          fi
+      - name: Push pip package changes
+        if: ${{ steps.pip-update-checks.outcome == 'success' }}
+        uses: ad-m/github-push-action@master
+        with:
+          branch: ${{ steps.set-variables.outputs.UPDATE_BRANCH_NAME }}
+      - name: Check for updates in ruby gem packages.
+        id: gem-update-checks
+        env:
+          UPDATE_BRANCH_NAME: ${{ steps.set-variables.outputs.UPDATE_BRANCH_NAME }}
+        run: |
+          tools/update_ruby_gem_packages.rb
+          # Create a new branch with the updated package files only
+          # if there are updated packages. Otherwise exit early.
+          if [ -n "$(git status --porcelain)" ]; then
+            echo "Ruby gem packages were updated."
+            git config user.name "${{ github.actor }}"
+            git config user.email "${{ github.actor }}@users.noreply.github.com"
+            git add -A
+            git commit -m "Add unbuilt updated ruby gem packages to ${UPDATE_BRANCH_NAME}"
+          else
+            echo "Ruby gem packages were not updated."
+            exit 1
+          fi
+      - name: Push ruby gem package changes
+        if: ${{ steps.gem-update-checks.outcome == 'success' }}
+        uses: ad-m/github-push-action@master
+        with:
+          branch: ${{ steps.set-variables.outputs.UPDATE_BRANCH_NAME }}
+      - name: Cancel if no updates
+        if: ${{ steps.pip-update-checks.outcome == 'failure' }} && ${{ steps.gem-update-checks.outcome == 'failure' }}
+        run: |
+          # https://stackoverflow.com/a/75809743
+          gh run cancel ${{ github.run_id }}
+          gh run watch ${{ github.run_id }}
  generate:
    strategy:
      max-parallel: 1
@@ -90,14 +136,19 @@ jobs:
              ;;
            esac
      - name: Run Updater in container
+        id: run-updater
+        if: ${{ !cancelled() }}
        env:
-          CREW_REPO: "https://github.com/chromebrew/chromebrew.git"
-          CREW_BRANCH: ${{ needs.update-check.outputs.output1 }}
+          #  CREW_REPO: "https://github.com/chromebrew/chromebrew.git"
+          CREW_REPO: "https://github.com/${{ github.repository }}.git"
+          CREW_BRANCH: ${{ needs.update-check.outputs.output2 }}
        run: |
-            git config --global user.name 'github-actions[bot]'
-            git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
            git pull && git checkout ${CREW_BRANCH}
            docker pull --platform ${PLATFORM} satmandu/crewbuild:${CONTAINER}
+            id
+            ls -aFl
+            sudo setfacl -R -m u:1000:rwx .
+            getfacl .
            docker run \
              --rm \
              --platform ${PLATFORM} \
@@ -113,15 +164,20 @@ jobs:
              "satmandu/crewbuild:${CONTAINER}" \
              /bin/chromebrewstart /output/tools/github_actions_update_builder.sh
      - name: Add updated packages to PR.
+        id: push-check
        env:
-          UPDATE_BRANCH_NAME: ${{ needs.update-check.outputs.output1 }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          UPDATE_BRANCH_NAME: ${{ needs.update-check.outputs.output2 }}
        run: |
          if [ -n "$(git status --porcelain)" ]; then
+            git config user.name "${{ github.actor }}"
+            git config user.email "${{ github.actor }}@users.noreply.github.com"
            git add -A
-            git commit -m "Add updated pip packages for ${PLATFORM} to ${UPDATE_BRANCH_NAME}"
-            git push
+            git commit -m "Add updated packages for ${PLATFORM} to ${UPDATE_BRANCH_NAME}"
          fi
+      - name: Push changes
+        uses: ad-m/github-push-action@master
+        with:
+          branch: ${{ needs.update-check.outputs.output2 }}
  build-check:
    runs-on: ubuntu-24.04
    needs:
@@ -136,10 +192,9 @@ jobs:
        run: echo "Update jobs succeeded. Creating a PR."
      - name: Create Pull Request
        env:
-          CREW_BRANCH: ${{ needs.update-check.outputs.output1 }}
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          CREW_BRANCH: ${{ needs.update-check.outputs.output2 }}
        run: |
          git config --global user.name 'github-actions[bot]'
          git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
          git pull && git checkout ${CREW_BRANCH}
-          gh pr create --title "Updated Packages for ${{ needs.update-check.outputs.output2 }}" --body "Automatic PR to update packages" -r @active
+          gh pr create --title "Updated Packages for ${{ needs.update-check.outputs.output1 }}" --body "Automatic PR to update packages" -r @active
--- a/tools/github_actions_update_builder.sh
+++ b/tools/github_actions_update_builder.sh
@@ -1,11 +1,7 @@
 #!/bin/bash
-if ![[ -n ${GITLAB_TOKEN_USERNAME-} ]]; then
-  echo "GITLAB_TOKEN_USERNAME not set."
-  exit 1
-fi
-if ![[ -n ${GITLAB_TOKEN-} ]]; then
-  echo "GITLAB_TOKEN not set."
-  exit 1
-fi
+# Mapping of /output should be set in the docker run options for the
+# run-updater step of the generate job in .github/workflows/Updater.yml
+cd /output/ || exit 1
+git config --global --add safe.directory /output
 export CREW_AGREE_TIMEOUT_SECONDS=1
-tools/build_updated_packages.rb --skip $@
+tools/build_updated_packages.rb --skip
--- a/tools/update_ruby_gem_packages.rb
+++ b/tools/update_ruby_gem_packages.rb
@@ -1,11 +1,17 @@
 #!/usr/bin/env ruby
-# update_ruby_gem_packages version 1.5 (for Chromebrew)
+# update_ruby_gem_packages version 1.6 (for Chromebrew)
 # Author: Satadru Pramanik (satmandu) satadru at gmail dot com
 # Usage in root of cloned chromebrew repo:
 # tools/update_ruby_gem_packages.rb
+
+# Add >LOCAL< lib to LOAD_PATH
+$LOAD_PATH.unshift '../lib'
 require_relative '../lib/color'
-require_relative '../lib/const'
 require_relative '../lib/gem_compact_index_client'
+CREW_NPROC = `nproc`.chomp
+CREW_RUBY_VER = "ruby#{RUBY_VERSION.slice(/(?:.*(?=\.))/)}"
+CREW_VERBOSE = false
+
 def require_gem(gem_name_and_require = nil, require_override = nil)
  # Allow only loading gems when needed.
  return if gem_name_and_require.nil?