Merge pull request #6488 from libgit2/ethomson/workflow

actions: simplify execution with composite action
2026-06-22 06:26:26 +00:00 · 2023-05-13 13:45:19 +01:00
parent c87a3f8f6c 7eb63188e5
commit 3a4e08a78b
4 changed files with 146 additions and 126 deletions
--- a/.github/actions/run-build/action.yml
+++ b/.github/actions/run-build/action.yml
@@ -0,0 +1,45 @@
+# Run a build step in a container or directly on the Actions runner
+name: Run Build Step
+description: Run a build step in a container or directly on the Actions runner
+
+inputs:
+  command:
+    description: Command to run
+    required: true
+    type: string
+  container:
+    description: Optional container to run in
+    type: string
+  container-version:
+    description: Version of the container to run
+    type: string
+
+runs:
+  using: 'composite'
+  steps:
+  - run: |
+      if [ -n "${{ inputs.container }}" ]; then
+        docker run \
+          --rm \
+          --user "$(id -u):$(id -g)" \
+          -v "$(pwd)/source:/home/libgit2/source" \
+          -v "$(pwd)/build:/home/libgit2/build" \
+          -w /home/libgit2 \
+          -e ASAN_SYMBOLIZER_PATH \
+          -e CC \
+          -e CFLAGS \
+          -e CMAKE_GENERATOR \
+          -e CMAKE_OPTIONS \
+          -e GITTEST_NEGOTIATE_PASSWORD \
+          -e GITTEST_FLAKY_STAT \
+          -e PKG_CONFIG_PATH \
+          -e SKIP_NEGOTIATE_TESTS \
+          -e SKIP_SSH_TESTS \
+          -e TSAN_OPTIONS \
+          -e UBSAN_OPTIONS \
+          ${{ inputs.container-version }} \
+          /bin/bash -c "${{ inputs.command }}"
+      else
+        ${{ inputs.command }}
+      fi
+    shell: bash
--- a/.github/workflows/build-containers.yml
+++ b/.github/workflows/build-containers.yml
@@ -0,0 +1,72 @@
+# Generate the containers that we use for builds.
+name: Build Containers
+
+on:
+  workflow_call:
+
+env:
+  docker-registry: ghcr.io
+  docker-config-path: source/ci/docker
+
+jobs:
+  # Build the docker container images that we will use for our Linux
+  # builds.  This will identify the last commit to the repository that
+  # updated the docker images, and try to download the image tagged with
+  # that sha.  If it does not exist, we'll do a docker build and push
+  # the image up to GitHub Packages for the actual CI/CD runs.  We tag
+  # with both the sha and "latest" so that the subsequent runs need not
+  # know the sha.  Only do this on CI builds (when the event is a "push")
+  # because PR builds from forks lack permission to write packages.
+  containers:
+    strategy:
+      matrix:
+        container:
+        - name: xenial
+        - name: bionic
+        - name: focal
+        - name: docurium
+        - name: bionic-x86
+          dockerfile: bionic
+          base: multiarch/ubuntu-core:x86-bionic
+          qemu: true
+        - name: bionic-arm32
+          dockerfile: bionic
+          base: multiarch/ubuntu-core:armhf-bionic
+          qemu: true
+        - name: bionic-arm64
+          dockerfile: bionic
+          base: multiarch/ubuntu-core:arm64-bionic
+          qemu: true
+        - name: centos7
+        - name: centos8
+    runs-on: ubuntu-latest
+    name: "Create container: ${{ matrix.container.name }}"
+    steps:
+    - name: Check out repository
+      uses: actions/checkout@v3
+      with:
+        path: source
+        fetch-depth: 0
+      if: github.event_name != 'pull_request'
+    - name: Setup QEMU
+      run: docker run --rm --privileged multiarch/qemu-user-static:register --reset
+      if: matrix.container.qemu == true
+    - name: Download existing container
+      run: |
+        "${{ github.workspace }}/source/ci/getcontainer.sh" "${{ matrix.container.name }}" "${{ matrix.container.dockerfile }}"
+      env:
+        DOCKER_REGISTRY: ${{ env.docker-registry }}
+        GITHUB_TOKEN: ${{ secrets.github_token }}
+      working-directory: ${{ env.docker-config-path }}
+      if: github.event_name != 'pull_request'
+    - name: Build and publish image
+      run: |
+        if [ "${{ matrix.container.base }}" != "" ]; then
+          BASE_ARG="--build-arg BASE=${{ matrix.container.base }}"
+        fi
+        docker build -t ${{ env.docker-registry-container-sha }} --build-arg UID=$(id -u) --build-arg GID=$(id -g) ${BASE_ARG} -f ${{ env.dockerfile }} .
+        docker tag ${{ env.docker-registry-container-sha }} ${{ env.docker-registry-container-latest }}
+        docker push ${{ env.docker-registry-container-sha }}
+        docker push ${{ env.docker-registry-container-latest }}
+      working-directory: ${{ env.docker-config-path }}
+      if: github.event_name != 'pull_request' && env.docker-container-exists != 'true'
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -14,67 +14,8 @@ env:
  docker-config-path: source/ci/docker

 jobs:
-  # Build the docker container images that we will use for our Linux
-  # builds.  This will identify the last commit to the repository that
-  # updated the docker images, and try to download the image tagged with
-  # that sha.  If it does not exist, we'll do a docker build and push
-  # the image up to GitHub Packages for the actual CI/CD runs.  We tag
-  # with both the sha and "latest" so that the subsequent runs need not
-  # know the sha.  Only do this on CI builds (when the event is a "push")
-  # because PR builds from forks lack permission to write packages.
  containers:
-    strategy:
-      matrix:
-        container:
-        - name: xenial
-        - name: bionic
-        - name: focal
-        - name: docurium
-        - name: bionic-x86
-          dockerfile: bionic
-          base: multiarch/ubuntu-core:x86-bionic
-          qemu: true
-        - name: bionic-arm32
-          dockerfile: bionic
-          base: multiarch/ubuntu-core:armhf-bionic
-          qemu: true
-        - name: bionic-arm64
-          dockerfile: bionic
-          base: multiarch/ubuntu-core:arm64-bionic
-          qemu: true
-        - name: centos7
-        - name: centos8
-    runs-on: ubuntu-latest
-    name: "Create container: ${{ matrix.container.name }}"
-    steps:
-    - name: Check out repository
-      uses: actions/checkout@v3
-      with:
-        path: source
-        fetch-depth: 0
-      if: github.event_name != 'pull_request'
-    - name: Setup QEMU
-      run: docker run --rm --privileged multiarch/qemu-user-static:register --reset
-      if: matrix.container.qemu == true
-    - name: Download existing container
-      run: |
-        "${{ github.workspace }}/source/ci/getcontainer.sh" "${{ matrix.container.name }}" "${{ matrix.container.dockerfile }}"
-      env:
-        DOCKER_REGISTRY: ${{ env.docker-registry }}
-        GITHUB_TOKEN: ${{ secrets.github_token }}
-      working-directory: ${{ env.docker-config-path }}
-      if: github.event_name != 'pull_request'
-    - name: Build and publish image
-      run: |
-        if [ "${{ matrix.container.base }}" != "" ]; then
-          BASE_ARG="--build-arg BASE=${{ matrix.container.base }}"
-        fi
-        docker build -t ${{ env.docker-registry-container-sha }} --build-arg UID=$(id -u) --build-arg GID=$(id -g) ${BASE_ARG} -f ${{ env.dockerfile }} .
-        docker tag ${{ env.docker-registry-container-sha }} ${{ env.docker-registry-container-latest }}
-        docker push ${{ env.docker-registry-container-sha }}
-        docker push ${{ env.docker-registry-container-latest }}
-      working-directory: ${{ env.docker-config-path }}
-      if: github.event_name != 'pull_request' && env.docker-container-exists != 'true'
+    uses: ./.github/workflows/build-containers.yml

  # Run our CI/CD builds.  We build a matrix with the various build targets
  # and their details.  Then we build either in a docker container (Linux)
@@ -286,43 +227,20 @@ jobs:
        docker build -t ${{ env.docker-registry-container-sha }} --build-arg UID=$(id -u) --build-arg GID=$(id -g) ${BASE_ARG} -f ${{ env.dockerfile }} .
      working-directory: ${{ env.docker-config-path }}
      if: matrix.platform.container.name != '' && env.docker-container-exists != 'true'
-    - name: Build and test
-      run: |
-        export GITTEST_NEGOTIATE_PASSWORD="${{ secrets.GITTEST_NEGOTIATE_PASSWORD }}"
-        export GITTEST_GITHUB_SSH_KEY="${{ secrets.GITTEST_GITHUB_SSH_KEY }}"
-        export GITTEST_GITHUB_SSH_PUBKEY="${{ secrets.GITTEST_GITHUB_SSH_PUBKEY }}"
-        export GITTEST_GITHUB_SSH_PASSPHRASE="${{ secrets.GITTEST_GITHUB_SSH_PASSPHRASE }}"
-        export GITTEST_GITHUB_SSH_REMOTE_HOSTKEY="${{ secrets.GITTEST_GITHUB_SSH_REMOTE_HOSTKEY }}"
-
-        if [ -n "${{ matrix.platform.container.name }}" ]; then
-          mkdir build
-          docker run \
-              --rm \
-              --user "$(id -u):$(id -g)" \
-              -v "$(pwd)/source:/home/libgit2/source" \
-              -v "$(pwd)/build:/home/libgit2/build" \
-              -w /home/libgit2 \
-              -e ASAN_SYMBOLIZER_PATH \
-              -e CC \
-              -e CFLAGS \
-              -e CMAKE_GENERATOR \
-              -e CMAKE_OPTIONS \
-              -e GITTEST_NEGOTIATE_PASSWORD \
-              -e GITTEST_FLAKY_STAT \
-              -e PKG_CONFIG_PATH \
-              -e SKIP_NEGOTIATE_TESTS \
-              -e SKIP_SSH_TESTS \
-              -e TSAN_OPTIONS \
-              -e UBSAN_OPTIONS \
-              ${{ env.docker-registry-container-sha }} \
-              /bin/bash -c "cd build && ../source/ci/build.sh && ../source/ci/test.sh"
-        else
-          mkdir build
-          cd build
-          ../source/ci/build.sh
-          ../source/ci/test.sh
-        fi
-      shell: bash
+    - name: Prepare build
+      run: mkdir build
+    - name: Build
+      uses: ./source/.github/actions/run-build
+      with:
+        command: cd build && ../source/ci/build.sh
+        container: ${{ matrix.platform.container.name }}
+        container-version: ${{ env.docker-registry-container-sha }}
+    - name: Test
+      uses: ./source/.github/actions/run-build
+      with:
+        command: cd build && ../source/ci/test.sh
+        container: ${{ matrix.platform.container.name }}
+        container-version: ${{ env.docker-registry-container-sha }}
    - name: Upload test results
      uses: actions/upload-artifact@v3
      if: success() || failure()
--- a/.github/workflows/nightly.yml
+++ b/.github/workflows/nightly.yml
@@ -340,35 +340,20 @@ jobs:
      run: docker build -t ${{ env.docker-registry-container-sha }} -f ${{ env.dockerfile }} .
      working-directory: ${{ env.docker-config-path }}
      if: matrix.platform.container.name != '' && env.docker-container-exists != 'true'
-    - name: Build and test
-      run: |
-        export GITTEST_NEGOTIATE_PASSWORD="${{ secrets.GITTEST_NEGOTIATE_PASSWORD }}"
-
-        if [ -n "${{ matrix.platform.container.name }}" ]; then
-          docker run \
-              --rm \
-              --user libgit2:libgit2 \
-              -v "$(pwd)/source:/home/libgit2/source" \
-              -w /home/libgit2 \
-              -e ASAN_SYMBOLIZER_PATH \
-              -e CC \
-              -e CFLAGS \
-              -e CMAKE_GENERATOR \
-              -e CMAKE_OPTIONS \
-              -e GITTEST_NEGOTIATE_PASSWORD \
-              -e GITTEST_FLAKY_STAT \
-              -e PKG_CONFIG_PATH \
-              -e SKIP_NEGOTIATE_TESTS \
-              -e SKIP_SSH_TESTS \
-              -e TSAN_OPTIONS \
-              ${{ env.docker-registry-container-sha }} \
-              /bin/bash -c "mkdir build && cd build && ../source/ci/build.sh && ../source/ci/test.sh"
-        else
-          mkdir build && cd build
-          ../source/ci/build.sh
-          ../source/ci/test.sh
-        fi
-      shell: bash
+    - name: Prepare build
+      run: mkdir build
+    - name: Build
+      uses: ./source/.github/actions/run-build
+      with:
+        command: cd build && ../source/ci/build.sh
+        container: ${{ matrix.platform.container.name }}
+        container-version: ${{ env.docker-registry-container-sha }}
+    - name: Test
+      uses: ./source/.github/actions/run-build
+      with:
+        command: cd build && ../source/ci/test.sh
+        container: ${{ matrix.platform.container.name }}
+        container-version: ${{ env.docker-registry-container-sha }}

  coverity:
    # Only run scheduled workflows on the main repository; prevents people