--- name: Build run-name: Build ${{ inputs.branch || github.ref_name }} for ${{ inputs.build-on }} by @${{ github.actor }} on: workflow_dispatch: inputs: with_pr: description: "Create a PR after building." required: false type: choice default: 'Pull Request' options: - 'Pull Request' - 'Draft Pull Request' - 'No' allow_fail: description: "Allow packages to fail building." required: false type: boolean default: 'false' rebuild_packages: description: "Rebuild packages even if they already have binaries." required: false type: boolean default: 'false' pr_title: description: "Title of PR" required: false branch: description: "Branch of chromebrew/chromebrew to run on, if different from this branch." required: false update_rebase_to_master: description: "Update Branch." required: false type: boolean default: 'true' pr_label: description: "PR Label (Not Title)" required: false max_build_time: description: "Maximum Build Time (hours)" required: false type: number default: 5.5 build-on: description: "Architectures to build on" default: 'i686 x86_64 armv7l' type: string required: false env: BRANCH: ${{ inputs.branch || github.ref_name }} permissions: actions: write contents: write packages: write pull-requests: write repository-projects: read jobs: debug: if: ${{ ( github.repository_owner == 'chromebrew' ) }} runs-on: ubuntu-24.04 steps: - name: Dump GitHub context env: GITHUB_CONTEXT: ${{ toJson(github) }} run: echo "$GITHUB_CONTEXT" - name: Dump job context env: JOB_CONTEXT: ${{ toJson(job) }} run: echo "$JOB_CONTEXT" - name: Dump steps context env: STEPS_CONTEXT: ${{ toJson(steps) }} run: echo "$STEPS_CONTEXT" setup: if: ${{ ( github.repository_owner == 'chromebrew' ) && ( inputs.branch != 'master' ) }} runs-on: ubuntu-24.04 outputs: timestamp: ${{ steps.set-timestamp.outputs.TIMESTAMP }} # https://stackoverflow.com/a/75142892 current_head: ${{ steps.get-current-head.outputs.CURRENT_HEAD }} changed_packages: ${{ steps.changed-packages.outputs.CHANGED_PACKAGES }} glibc_232_compat: ${{ steps.get-compatibility.outputs.GLIBC_232_COMPATIBLE_PACKAGES }} glibc_237_compat: ${{ steps.get-compatibility.outputs.GLIBC_237_COMPATIBLE_PACKAGES }} i686_packages: ${{ steps.get-compatibility.outputs.i686_PACKAGES }} x86_64_packages: ${{ steps.get-compatibility.outputs.x86_64_PACKAGES }} armv7l_packages: ${{ steps.get-compatibility.outputs.armv7l_PACKAGES }} matrix: ${{ steps.set-generate-matrix.outputs.matrix }} steps: - name: Set Timestamp id: set-timestamp run: | TIMESTAMP="$(date -u +%F-%H%Z)" export TIMESTAMP echo "TIMESTAMP=${TIMESTAMP}" >> "$GITHUB_OUTPUT" - uses: actions/checkout@v5 with: fetch-depth: 0 persist-credentials: true ref: ${{ inputs.branch || github.ref_name }} - name: Set PR to Draft id: set-to-draft env: GH_TOKEN: ${{ secrets.CREW_PR_TOKEN }} run: | PR_NUMBER=$(gh pr list -L 1 -s open -H ${{ inputs.branch || github.ref_name }} | cut -f1) if [[ -n ${PR_NUMBER} ]]; then echo "Setting ${PR_NUMBER} to Draft while workflow runs." gh pr ready --undo || true # Try to update branch before building if a PR already # exists. [[ "${{ ( inputs.update_rebase_to_master ) }}" == 'true' ]] && gh pr update-branch --rebase || true fi - name: Get Current HEAD hash id: get-current-head run: | echo "CURRENT_HEAD=$(git ls-remote https://github.com/${{ github.repository }}.git | head -1 | sed 's/HEAD//')" >> "$GITHUB_OUTPUT" echo "CURRENT_HEAD is $(git ls-remote https://github.com/${{ github.repository }}.git | head -1 | sed 's/HEAD//')" - name: Get changed files id: changed-files uses: tj-actions/changed-files@v47 with: base_sha: ${{ steps.get-current-head.outputs.CURRENT_HEAD }} files_yaml: | packages: - packages/*.rb since_last_remote_commit: true - name: Export variables to github context id: changed-packages run: | if [[ -z "${{ steps.changed-files.outputs.packages_all_changed_files }}" ]]; then echo "Branch ${{ inputs.branch || github.ref_name }} has no changed package files." exit 1 fi # Convert "packages/foo.rb packages/bar.rb" (from steps.changed-files.outputs.packages_all_changed_files) into "foo bar" echo "CHANGED_PACKAGES=$(echo "${{ steps.changed-files.outputs.packages_all_changed_files }}" | xargs basename -s .rb | xargs)" >> "$GITHUB_ENV" echo "CHANGED_PACKAGES=$(echo "${{ steps.changed-files.outputs.packages_all_changed_files }}" | xargs basename -s .rb | xargs)" >> "$GITHUB_OUTPUT" - name: Determine glibc and architecture package compatibility id: get-compatibility run: | # If a package doesnt have a min_glibc value, or if it is below 2.32, add it to GLIBC_232_COMPATIBLE_PACKAGES. GLIBC_232_COMPATIBLE_PACKAGES="$(for i in ${CHANGED_PACKAGES} ; do grep min_glibc packages/"${i}".rb | tr -d \' | awk '{exit $2 <= 2.32}' || echo "${i}" ; done | xargs)" export GLIBC_232_COMPATIBLE_PACKAGES if [[ -n ${GLIBC_232_COMPATIBLE_PACKAGES} ]]; then echo "GLIBC_232_COMPATIBLE_PACKAGES=${GLIBC_232_COMPATIBLE_PACKAGES}" >> "$GITHUB_ENV" echo "GLIBC_232_COMPATIBLE_PACKAGES=${GLIBC_232_COMPATIBLE_PACKAGES}" >> "$GITHUB_OUTPUT" echo "Branch ${{ inputs.branch || github.ref_name }} has these possibly Glibc 2.32 compatible packages: ${GLIBC_232_COMPATIBLE_PACKAGES}" fi # If a package doesnt have a min_glibc value, or if it is below 2.37, add it to GLIBC_237_COMPATIBLE_PACKAGES. GLIBC_237_COMPATIBLE_PACKAGES="$(for i in ${CHANGED_PACKAGES} ; do grep min_glibc packages/"${i}".rb | tr -d \' | awk '{exit $2 <= 2.37}' || echo "${i}" ; done | xargs)" export GLIBC_237_COMPATIBLE_PACKAGES if [[ -n ${GLIBC_237_COMPATIBLE_PACKAGES} ]]; then echo "GLIBC_237_COMPATIBLE_PACKAGES=${GLIBC_237_COMPATIBLE_PACKAGES}" >> "$GITHUB_ENV" echo "GLIBC_237_COMPATIBLE_PACKAGES=${GLIBC_237_COMPATIBLE_PACKAGES}" >> "$GITHUB_OUTPUT" echo "Branch ${{ inputs.branch || github.ref_name }} has these possibly Glibc 2.37 compatible packages: ${GLIBC_237_COMPATIBLE_PACKAGES}" fi # If a package has a compatibility of 'all' or one that includes 'x86_64', add it to x86_64_PACKAGES. x86_64_PACKAGES="$(for i in ${CHANGED_PACKAGES}; do grep -q "[[:space:]]compatibility.*all\|[[:space:]]compatibility.*x86_64" packages/"${i}".rb && echo "${i}"; done | xargs)" export x86_64_PACKAGES if [[ -n ${x86_64_PACKAGES} ]]; then echo "x86_64_PACKAGES=${x86_64_PACKAGES}" >> "$GITHUB_ENV" echo "x86_64_PACKAGES=${x86_64_PACKAGES}" >> "$GITHUB_OUTPUT" echo "Branch ${{ inputs.branch || github.ref_name }} has these x86_64 compatible packages: ${x86_64_PACKAGES}" fi ## If a package has a compatibility of 'all' or one that includes 'armv7l', add it to armv7l_PACKAGES. armv7l_PACKAGES="$(for i in ${CHANGED_PACKAGES}; do grep -q "[[:space:]]compatibility.*all\|[[:space:]]compatibility.*armv7l" packages/"${i}".rb && echo "${i}"; done | xargs)" export armv7l_PACKAGES if [[ -n ${armv7l_PACKAGES} ]]; then echo "armv7l_PACKAGES=${armv7l_PACKAGES}" >> "$GITHUB_ENV" echo "armv7l_PACKAGES=${armv7l_PACKAGES}" >> "$GITHUB_OUTPUT" echo "Branch ${{ inputs.branch || github.ref_name }} has these armv7l compatible packages: ${armv7l_PACKAGES}" fi ## If a package has a compatibility of 'all' or one that includes 'i686', add it to i686_PACKAGES. i686_PACKAGES="$(for i in ${CHANGED_PACKAGES}; do grep -q "[[:space:]]compatibility.*all\|[[:space:]]compatibility.*i686" packages/"${i}".rb && echo "${i}"; done | xargs)" export i686_PACKAGES if [[ -n ${i686_PACKAGES} ]]; then echo "i686_PACKAGES=${i686_PACKAGES}" >> "$GITHUB_ENV" echo "i686_PACKAGES=${i686_PACKAGES}" >> "$GITHUB_OUTPUT" echo "Branch ${{ inputs.branch || github.ref_name }} has these i686 compatible packages: ${i686_PACKAGES}" fi - name: Generate Creation Matrix id: set-generate-matrix env: i686_PACKAGES: ${{ steps.get-compatibility.outputs.i686_PACKAGES }} x86_64_PACKAGES: ${{ steps.get-compatibility.outputs.x86_64_PACKAGES }} armv7l_PACKAGES: ${{ steps.get-compatibility.outputs.armv7l_PACKAGES }} run: | function join_by { local IFS="$1"; shift; echo "$*"; } [[ "${{ ( inputs.build-on) }}" =~ "i686" ]] && [[ -n "${i686_PACKAGES}" ]] && export CONTAINER_ARCH+=( "\"i686\"" ) [[ "${{ ( inputs.build-on) }}" =~ "x86_64" ]] && [[ -n "${x86_64_PACKAGES}" ]] && export CONTAINER_ARCH+=( "\"x86_64\"" ) [[ "${{ ( inputs.build-on) }}" =~ "armv7l" ]] && [[ -n "${armv7l_PACKAGES}" ]] && export CONTAINER_ARCH+=( "\"armv7l\"" ) export ARCHES="$(join_by , "${CONTAINER_ARCH[@]}")" echo "matrix=[${ARCHES}]" >> $GITHUB_OUTPUT echo "matrix=[${ARCHES}]" generate: needs: setup strategy: fail-fast: false matrix: arch: ${{ fromJSON(needs.setup.outputs.matrix) }} runner: - ubuntu-24.04 - ubuntu-24.04-arm exclude: - arch: x86_64 runner: ubuntu-24.04-arm - arch: i686 runner: ubuntu-24.04-arm - arch: armv7l runner: ubuntu-24.04 runs-on: ${{ matrix.runner }} env: CREW_BUILD_NO_PACKAGE_FILE_HASH_UPDATES: 1 CREW_REPO: ${{ github.event.repository.clone_url }} CREW_BRANCH: ${{ inputs.branch || github.ref_name }} TARGET_ARCH: ${{ matrix.arch }} TIMESTAMP: ${{ needs.setup.outputs.timestamp }} GLIBC_232_COMPATIBLE_PACKAGES: ${{ needs.setup.outputs.glibc_232_compat }} GLIBC_237_COMPATIBLE_PACKAGES: ${{ needs.setup.outputs.glibc_237_compat }} i686_PACKAGES: ${{ needs.setup.outputs.i686_packages }} x86_64_PACKAGES: ${{ needs.setup.outputs.x86_64_packages }} armv7l_PACKAGES: ${{ needs.setup.outputs.armv7l_packages }} if: ${{ !cancelled() }} concurrency: group: ${{ matrix.arch }}-${{ github.workflow }}-${{ inputs.branch || github.ref_name }} steps: - name: Dump GitHub context env: GITHUB_CONTEXT: ${{ toJson(github) }} run: echo "$GITHUB_CONTEXT" - name: Dump job context env: JOB_CONTEXT: ${{ toJson(job) }} run: echo "$JOB_CONTEXT" - name: Dump steps context env: STEPS_CONTEXT: ${{ toJson(steps) }} run: echo "$STEPS_CONTEXT" - name: Dump runner context env: RUNNER_CONTEXT: ${{ toJson(runner) }} run: echo "$RUNNER_CONTEXT" - name: Dump strategy context env: STRATEGY_CONTEXT: ${{ toJson(strategy) }} run: echo "$STRATEGY_CONTEXT" - name: Dump matrix context env: MATRIX_CONTEXT: ${{ toJson(matrix) }} run: echo "$MATRIX_CONTEXT" - name: Build Container cleanup run: | sudo rm -rf release - uses: actions/checkout@v5 with: fetch-depth: 0 persist-credentials: true - name: Export target docker container to github context run: | case $TARGET_ARCH in x86_64) # Export the x86_64 container depending on whether this branch updates packages with appropriate minimum glibc. if [[ $GLIBC_232_COMPATIBLE_PACKAGES ]]; then echo "CONTAINER=satmandu/crewbuild:nocturne-x86_64.m97" >> "$GITHUB_ENV" elif [[ $GLIBC_237_COMPATIBLE_PACKAGES ]]; then echo "CONTAINER=satmandu/crewbuild:hatch-x86_64.m142" >> "$GITHUB_ENV" else echo "CONTAINER=satmandu/crew-pre-glibc-standalone:nocturne-x86_64.m90" >> "$GITHUB_ENV" fi echo "PLATFORM=linux/amd64" >> "$GITHUB_ENV" echo "LIB_SUFFIX=64" >> "$GITHUB_ENV" ;; armv7l) # Export the armv7l container depending on whether this branch updates packages with appropriate minimum glibc. if [[ $GLIBC_232_COMPATIBLE_PACKAGES ]]; then echo "CONTAINER=satmandu/crewbuild:fievel-armv7l.m97" >> "$GITHUB_ENV" elif [[ $GLIBC_237_COMPATIBLE_PACKAGES ]]; then echo "CONTAINER=satmandu/crewbuild:strongbad-armv7l.m142" >> "$GITHUB_ENV" else echo "CONTAINER=satmandu/crew-pre-glibc-standalone:fievel-armv7l.m91" >> "$GITHUB_ENV" fi echo "PLATFORM=linux/arm/v7" >> "$GITHUB_ENV" echo "LIB_SUFFIX=" >> "$GITHUB_ENV" ;; i686) # There is only one i686 container based upon M58 with glibc 2.23. echo "CONTAINER=satmandu/crew-pre-glibc-standalone:alex-i686.m58" >> "$GITHUB_ENV" echo "PLATFORM=linux/386" >> "$GITHUB_ENV" echo "LIB_SUFFIX=" >> "$GITHUB_ENV" ;; esac - name: Run Updater in container id: run-updater if: ${{ !cancelled() }} env: CREW_MAX_BUILD_TIME_INPUT: ${{ inputs.max_build_time }} run: | if [[ -n ${CREW_MAX_BUILD_TIME_INPUT} ]]; then # Convert CREW_MAX_BUILD_TIME_INPUT to seconds. CREW_MAX_BUILD_TIME="$(bc <<<"scale=0;$CREW_MAX_BUILD_TIME_INPUT*3600/1")" echo "Maximum build time is $(bc <<<"scale=0;$CREW_MAX_BUILD_TIME_INPUT*60/1") minutes." fi [[ -n ${CI} ]] && echo 'CI variable is set.' if [ "$PLATFORM" == 'linux/arm/v7' ] && [ -z "${armv7l_PACKAGES}" ]; then # Exit the arm container if there are not armv7l compatible packages. echo "Skipping armv7l container builds &/or package file updates." exit 0 elif [ "$PLATFORM" == 'linux/amd64' ] && [ -z "${x86_64_PACKAGES}" ]; then # Exit the x86_64 container if there are not x86_64 compatible packages. echo "Skipping x86_64 container builds &/or package file updates." exit 0 elif [ "$PLATFORM" == 'linux/386' ] && [ -z "${i686_PACKAGES}" ]; then # Exit the i686 container if there are not i686 compatible packages. echo "Skipping i686 container builds &/or package file updates." exit 0 fi # Container Cleanup # Adapted from https://github.com/BRAINSia/free-disk-space/blob/main/action.yml echo "Running some background container cleanups from BRAINSia/free-disk-space." ( sudo apt-get purge -qq -o=Dpkg::Use-Pty=0 -y man-db manpages manpages-dev 'aspnetcore-*' 'dotnet-*' 'llvm-*' '*php*' 'mongodb-*' 'mysql-*' azure-cli google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri 'google-cloud-*' 'gcloud-*' &>/dev/null ; \ sudo apt-get autoremove -qq -o=Dpkg::Use-Pty=0 -y &>/dev/null) & git fetch origin git checkout "${{ inputs.branch || github.ref_name }}" git reset --hard "origin/${{ inputs.branch || github.ref_name }}" git log --oneline -10 docker pull --platform "${PLATFORM}" "${CONTAINER}" # Detection of /output/pkg_cache dir triggers setting # CREW_CACHE_DIR=1 and CREW_CACHE_ENABLED=1 in the build # container. Without these, upload fails. mkdir /tmp/pkg_cache sudo setfacl -R -m u:1000:rwx . sudo setfacl -R -m u:1000:rwx /tmp/pkg_cache # See https://github.com/containerd/containerd/pull/7566#issuecomment-1461134737 for why we set ulimit. if [ -z ${CI+x} ]; then echo "CI is not set." else CI_PASSTHROUGH=-e CI_PASSTHROUGH+=" " CI_PASSTHROUGH+=NESTED_CI=${CI} fi if [ -z ${CREW_MAX_BUILD_TIME+x} ]; then echo "CREW_MAX_BUILD_TIME is not set." else CREW_MAX_BUILD_TIME_PASSTHROUGH=-e CREW_MAX_BUILD_TIME_PASSTHROUGH+=" " CREW_MAX_BUILD_TIME_PASSTHROUGH+=CREW_MAX_BUILD_TIME=${CREW_MAX_BUILD_TIME} fi docker run \ --rm \ --platform "${PLATFORM}" \ -e PUID=1000 \ -e PGID=1000 \ --privileged \ -e GCONV_PATH="/usr/local/lib${LIB_SUFFIX}/gconv" \ -e CREW_BUILD_NO_PACKAGE_FILE_HASH_UPDATES="${CREW_BUILD_NO_PACKAGE_FILE_HASH_UPDATES}" \ -e CREW_REPO="${CREW_REPO}" \ -e CREW_BRANCH="${{ inputs.branch || github.ref_name }}" \ -e GITLAB_TOKEN="${{ secrets.GITLAB_TOKEN }}" \ -e GITLAB_TOKEN_USERNAME="${{ secrets.GITLAB_TOKEN_USERNAME }}" \ ${CI_PASSTHROUGH} \ ${CREW_MAX_BUILD_TIME_PASSTHROUGH} \ -v /tmp/pkg_cache:/usr/local/tmp/packages:rshared \ -v "$(pwd)":/output:rshared \ --tmpfs /tmp \ --ulimit "nofile=$(ulimit -Sn):$(ulimit -Hn)" \ "${CONTAINER}" \ /bin/chromebrewstart "/output/tools/github_actions_update_builder.sh ${{ github.event.inputs.allow_fail == 'true' && '--continue-after-failed-builds' || ''}} ${{ github.event.inputs.rebuild_packages == 'true' && '--rebuild' || ''}}" > >(tee -a /tmp/build.log) 2> >(tee -a /tmp/build.log >&2) grep "Built and Uploaded:" /tmp/build.log || true echo "Deleting build output directories." sudo rm -rf release pkg_cache build-check: runs-on: ubuntu-24.04 needs: - setup - generate if: ${{ !cancelled() }} steps: - name: Fail if update or build jobs failed, otherwise create a PR if: ${{ contains(needs.*.result, 'failure') }} run: exit 1 - name: Report update & build success run: echo "Update & build jobs succeeded." - name: Get GH Token if: ${{ github.event.inputs.with_pr != 'No' }} id: get_workflow_token uses: peter-murray/workflow-application-token-action@v4 with: application_id: ${{ secrets.APPLICATION_ID }} application_private_key: ${{ secrets.APPLICATION_PRIVATE_KEY }} organization: chromebrew revoke_token: true - name: Trigger PR workflow if: ${{ github.event.inputs.with_pr != 'No' }} id: trigger-pr-workflow env: GH_TOKEN: ${{ steps.get_workflow_token.outputs.token }} PR_TITLE: ${{ inputs.pr_title || inputs.branch || github.ref_name }} run: | echo "PR title being passed to the Generate PR workflow is: ${{ inputs.pr_title || inputs.branch || github.ref_name }}" gh workflow run Generate-PR.yml -R ${{ github.repository }} -r ${{ inputs.branch || github.ref_name }} -f branch="${{ inputs.branch || github.ref_name }}" -f pr_label="${{ inputs.pr_label }}" -f draft_pr="${{ github.event.inputs.with_pr == 'Draft Pull Request' }}" -f pr_title="$(echo "${{ inputs.pr_title || inputs.branch || github.ref_name }}" | ( read -rsd '' x; echo ${x@Q} ))"