blob: 47dc0e1484d1ccba7769eac11f5963a74c83f48b [file] [log] [blame]
# A txtar test version of the of the go generate workflow that wraps
# the internal/ci genworkflows CUE command.
#
# Note: all the non-golden files below are updated automatically by
# the internal/ci updateTxtarTests CUE command (with the exception
# of the cue.mod/module.cue file).
# TODO: drop cd when we solve cuelang.org/issue/708
cd internal/ci
cue cmd genworkflows
# TODO: drop cd when we solve cuelang.org/issue/708
cd ../../
cmp .github/workflows/rebuild_tip_cuelang_org.yml .github/workflows/rebuild_tip_cuelang_org.yml.golden
cmp .github/workflows/release.yml .github/workflows/release.yml.golden
cmp .github/workflows/repository_dispatch.yml .github/workflows/repository_dispatch.yml.golden
cmp .github/workflows/test.yml .github/workflows/test.yml.golden
cmp .github/workflows/mirror.yml .github/workflows/mirror.yml.golden
-- cue.mod/module --
module "cuelang.org/go"
-- .github/workflows/rebuild_tip_cuelang_org.yml.golden --
# Generated by internal/ci/ci_tool.cue; do not edit
name: Push to tip
on:
push:
branches:
- master
jobs:
push:
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
steps:
- name: Rebuild tip.cuelang.org
run: curl -f -X POST -d {} https://api.netlify.com/build_hooks/${{ secrets.CuelangOrgTipRebuildHook
}}
-- .github/workflows/release.yml.golden --
# Generated by internal/ci/ci_tool.cue; do not edit
name: Release
on:
push:
tags:
- v*
jobs:
goreleaser:
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
steps:
- name: Checkout code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
version: 1.15.8
stable: false
- name: Run GoReleaser
uses: goreleaser/goreleaser-action@v2
with:
args: release --rm-dist
version: v0.155.1
env:
GITHUB_TOKEN: ${{ secrets.ACTIONS_GITHUB_TOKEN }}
docker:
name: docker
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Set version environment
run: |-
CUE_VERSION=$(echo ${GITHUB_REF##refs/tags/v})
echo "CUE_VERSION=$CUE_VERSION"
echo "CUE_VERSION=$(echo $CUE_VERSION)" >> $GITHUB_ENV
- name: Push to Docker Hub
uses: docker/build-push-action@v1
with:
tags: ${{ env.CUE_VERSION }},latest
repository: cuelang/cue
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
tag_with_ref: false
tag_with_sha: false
target: cue
always_pull: true
build_args: GOLANG_VERSION=${{ env.GOLANG_VERSION }},CUE_VERSION=v${{ env.CUE_VERSION
}}
add_git_labels: true
env:
DOCKER_BUILDKIT: 1
GOLANG_VERSION: 1.14
CUE_VERSION: ${{ env.CUE_VERSION }}
-- .github/workflows/repository_dispatch.yml.golden --
# Generated by internal/ci/ci_tool.cue; do not edit
name: Repository Dispatch
on:
- repository_dispatch
jobs:
runtrybot:
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
if: ${{ github.event.client_payload.type == 'runtrybot' }}
steps:
- name: Trigger trybot
run: |-
mkdir tmpgit
cd tmpgit
git init
git config user.name cueckoo
git config user.email cueckoo@gmail.com
git config http.https://github.com/.extraheader "AUTHORIZATION: basic $(echo -n cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }} | base64)"
git fetch https://cue-review.googlesource.com/cue ${{ github.event.client_payload.payload.ref }}
git checkout -b ci/${{ github.event.client_payload.payload.changeID }}/${{ github.event.client_payload.payload.commit }} FETCH_HEAD
git push https://github.com/cuelang/cue ci/${{ github.event.client_payload.payload.changeID }}/${{ github.event.client_payload.payload.commit }}
mirror:
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
if: ${{ github.event.client_payload.type == 'mirror' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Mirror Gerrit to GitHub
run: |-
cd _scripts
docker run --rm -v $PWD/cache:/root/copybara/cache -v $PWD:/usr/src/app --entrypoint="" cueckoo/copybara:afc4ae03eed00b0c9d7415141cd1b5dfa583da7c bash -c " \
set -eu; \
echo \"${{ secrets.gerritCookie }}\" > ~/.gitcookies; \
chmod 600 ~/.gitcookies; \
git config --global user.name cueckoo; \
git config --global user.email cueckoo@gmail.com; \
git config --global http.cookiefile \$HOME/.gitcookies; \
echo https://cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }}@github.com > ~/.git-credentials; \
chmod 600 ~/.git-credentials; \
java -jar /opt/copybara/copybara_deploy.jar migrate copy.bara.sky github; \
"
importpr:
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
if: ${{ github.event.client_payload.type == 'importpr' }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: 'Import PR #${{ github.event.client_payload.commit }} from GitHub to Gerrit'
run: |-
cd _scripts
docker run --rm -v $PWD/cache:/root/copybara/cache -v $PWD:/usr/src/app --entrypoint="" cueckoo/copybara:afc4ae03eed00b0c9d7415141cd1b5dfa583da7c bash -c " \
set -eu; \
echo \"${{ secrets.gerritCookie }}\" > ~/.gitcookies; \
chmod 600 ~/.gitcookies; \
git config --global user.name cueckoo; \
git config --global user.email cueckoo@gmail.com; \
git config --global http.cookiefile \$HOME/.gitcookies; \
echo https://cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }}@github.com > ~/.git-credentials; \
chmod 600 ~/.git-credentials; \
java -jar /opt/copybara/copybara_deploy.jar migrate copy.bara.sky github-pr ${{ github.event.client_payload.payload.pr }}; \
"
-- .github/workflows/test.yml.golden --
# Generated by internal/ci/ci_tool.cue; do not edit
name: Test
on:
push:
branches:
- '**'
tags-ignore:
- v*
jobs:
start:
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
steps:
- if: ${{ startsWith(github.ref, 'refs/heads/ci/') }}
name: Write the gitcookies file
run: echo "${{ secrets.gerritCookie }}" > ~/.gitcookies
- if: ${{ startsWith(github.ref, 'refs/heads/ci/') }}
name: Update Gerrit CL message with starting message
run: 'curl -f -s -H "Content-Type: application/json" --request POST --data ''{"tag":"trybot","message":"Started
the build... see progress at ${{ github.event.repository.html_url }}/actions/runs/${{
github.run_id }}","labels":{"Code-Review":0}}'' -b ~/.gitcookies https://cue-review.googlesource.com/a/changes/$(basename
$(dirname $GITHUB_REF))/revisions/$(basename $GITHUB_REF)/review'
test:
needs: start
strategy:
fail-fast: false
matrix:
go-version:
- 1.14.14
- 1.15.8
- "1.16"
os:
- ubuntu-18.04
- macos-10.15
- windows-2019
runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash
steps:
- name: Write the gitcookies file
run: echo "${{ secrets.gerritCookie }}" > ~/.gitcookies
- name: Install Go
uses: actions/setup-go@v2
with:
go-version: ${{ matrix.go-version }}
stable: false
- name: Checkout code
uses: actions/checkout@v2
- name: Cache Go modules
uses: actions/cache@v1
with:
path: ~/go/pkg/mod
key: ${{ runner.os }}-${{ matrix.go-version }}-go-${{ hashFiles('**/go.sum')
}}
restore-keys: ${{ runner.os }}-${{ matrix.go-version }}-go-
- if: ${{ github.ref == 'refs/heads/master' }}
name: Set go build tags
run: go env -w GOFLAGS=-tags=long
- if: matrix.go-version == '1.14.14' && matrix.os != 'windows-2019'
name: Generate
run: go generate ./...
- name: Test
run: go test ./...
- if: ${{ github.ref == 'refs/heads/master' || startsWith(github.ref, 'refs/heads/ci/')
&& matrix.go-version == '1.15.8' && matrix.os == 'ubuntu-18.04' }}
name: Test with -race
run: go test -race ./...
- name: gorelease check
run: go run golang.org/x/exp/cmd/gorelease
- name: Check that git is clean post generate and tests
run: test -z "$(git status --porcelain)" || (git status; git diff; false)
- if: ${{ github.ref == 'refs/heads/master' }}
name: Pull this commit through the proxy on master
run: |-
v=$(git rev-parse HEAD)
cd $(mktemp -d)
go mod init mod.com
GOPROXY=https://proxy.golang.org go get -d cuelang.org/go/cmd/cue@$v
- if: ${{ startsWith(github.ref, 'refs/heads/ci/') && failure() }}
name: Post any failures for this matrix entry
run: 'curl -f -s -H "Content-Type: application/json" --request POST --data ''{"tag":"trybot","message":"Build
failed for ${{ runner.os }}-${{ matrix.go-version }}; see ${{ github.event.repository.html_url
}}/actions/runs/${{ github.run_id }} for more details","labels":{"Code-Review":-1}}''
-b ~/.gitcookies https://cue-review.googlesource.com/a/changes/$(basename
$(dirname $GITHUB_REF))/revisions/$(basename $GITHUB_REF)/review'
mark_ci_success:
runs-on: ubuntu-18.04
if: ${{ startsWith(github.ref, 'refs/heads/ci/') }}
needs: test
defaults:
run:
shell: bash
steps:
- name: Write the gitcookies file
run: echo "${{ secrets.gerritCookie }}" > ~/.gitcookies
- name: Update Gerrit CL message with success message
run: 'curl -f -s -H "Content-Type: application/json" --request POST --data ''{"tag":"trybot","message":"Build
succeeded for ${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id
}}","labels":{"Code-Review":1}}'' -b ~/.gitcookies https://cue-review.googlesource.com/a/changes/$(basename
$(dirname $GITHUB_REF))/revisions/$(basename $GITHUB_REF)/review'
delete_build_branch:
runs-on: ubuntu-18.04
if: ${{ startsWith(github.ref, 'refs/heads/ci/') && always() }}
needs: test
defaults:
run:
shell: bash
steps:
- run: |-
mkdir tmpgit
cd tmpgit
git init
git config user.name cueckoo
git config user.email cueckoo@gmail.com
git config http.https://github.com/.extraheader "AUTHORIZATION: basic $(echo -n cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }} | base64)"
git push https://github.com/cuelang/cue :${GITHUB_REF#refs/heads/}
-- .github/workflows/mirror.yml.golden --
# Generated by internal/ci/ci_tool.cue; do not edit
name: Scheduled repo mirror
on:
schedule:
- cron: '*/30 * * * *'
jobs:
mirror:
runs-on: ubuntu-18.04
defaults:
run:
shell: bash
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Mirror Gerrit to GitHub
run: |-
cd _scripts
docker run --rm -v $PWD/cache:/root/copybara/cache -v $PWD:/usr/src/app --entrypoint="" cueckoo/copybara:afc4ae03eed00b0c9d7415141cd1b5dfa583da7c bash -c " \
set -eu; \
echo \"${{ secrets.gerritCookie }}\" > ~/.gitcookies; \
chmod 600 ~/.gitcookies; \
git config --global user.name cueckoo; \
git config --global user.email cueckoo@gmail.com; \
git config --global http.cookiefile \$HOME/.gitcookies; \
echo https://cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }}@github.com > ~/.git-credentials; \
chmod 600 ~/.git-credentials; \
java -jar /opt/copybara/copybara_deploy.jar migrate copy.bara.sky github; \
"
-- cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue --
package json
import "strings"
#Workflow: {
@jsonschema(schema="http://json-schema.org/draft-07/schema")
null | bool | number | string | [...] | {
// The name of your workflow. GitHub displays the names of your
// workflows on your repository's actions page. If you omit this
// field, GitHub sets the name to the workflow's filename.
name?: string
// The name of the GitHub event that triggers the workflow. You
// can provide a single event string, array of events, array of
// event types, or an event configuration map that schedules a
// workflow or restricts the execution of a workflow to specific
// files, tags, or branch changes. For a list of available
// events, see
// https://help.github.com/en/github/automating-your-workflow-with-github-actions/events-that-trigger-workflows.
on: #event | [...#event] & [_, ...] | {
// Runs your workflow anytime the check_run event occurs. More
// than one activity type triggers this event. For information
// about the REST API, see
// https://developer.github.com/v3/checks/runs.
check_run?: #eventObject & {
types?: #types & [..."created" | "rerequested" | "completed" | "requested_action"] | *["created", "rerequested", "completed", "requested_action"]
...
}
// Runs your workflow anytime the check_suite event occurs. More
// than one activity type triggers this event. For information
// about the REST API, see
// https://developer.github.com/v3/checks/suites/.
check_suite?: #eventObject & {
types?: #types & [..."completed" | "requested" | "rerequested"] | *["completed", "requested", "rerequested"]
...
}
// Runs your workflow anytime someone creates a branch or tag,
// which triggers the create event. For information about the
// REST API, see
// https://developer.github.com/v3/git/refs/#create-a-reference.
create?: #eventObject
// Runs your workflow anytime someone deletes a branch or tag,
// which triggers the delete event. For information about the
// REST API, see
// https://developer.github.com/v3/git/refs/#delete-a-reference.
delete?: #eventObject
// Runs your workflow anytime someone creates a deployment, which
// triggers the deployment event. Deployments created with a
// commit SHA may not have a Git ref. For information about the
// REST API, see
// https://developer.github.com/v3/repos/deployments/.
deployment?: #eventObject
// Runs your workflow anytime a third party provides a deployment
// status, which triggers the deployment_status event.
// Deployments created with a commit SHA may not have a Git ref.
// For information about the REST API, see
// https://developer.github.com/v3/repos/deployments/#create-a-deployment-status.
deployment_status?: #eventObject
// Runs your workflow anytime when someone forks a repository,
// which triggers the fork event. For information about the REST
// API, see
// https://developer.github.com/v3/repos/forks/#create-a-fork.
fork?: #eventObject
// Runs your workflow when someone creates or updates a Wiki page,
// which triggers the gollum event.
gollum?: #eventObject
// Runs your workflow anytime the issue_comment event occurs. More
// than one activity type triggers this event. For information
// about the REST API, see
// https://developer.github.com/v3/issues/comments/.
issue_comment?: #eventObject & {
types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"]
...
}
// Runs your workflow anytime the issues event occurs. More than
// one activity type triggers this event. For information about
// the REST API, see https://developer.github.com/v3/issues.
issues?: #eventObject & {
types?: #types & [..."opened" | "edited" | "deleted" | "transferred" | "pinned" | "unpinned" | "closed" | "reopened" | "assigned" | "unassigned" | "labeled" | "unlabeled" | "locked" | "unlocked" | "milestoned" | "demilestoned"] | *["opened", "edited", "deleted", "transferred", "pinned", "unpinned", "closed", "reopened", "assigned", "unassigned", "labeled", "unlabeled", "locked", "unlocked", "milestoned", "demilestoned"]
...
}
// Runs your workflow anytime the label event occurs. More than
// one activity type triggers this event. For information about
// the REST API, see
// https://developer.github.com/v3/issues/labels/.
label?: #eventObject & {
types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"]
...
}
// Runs your workflow anytime the member event occurs. More than
// one activity type triggers this event. For information about
// the REST API, see
// https://developer.github.com/v3/repos/collaborators/.
member?: #eventObject & {
types?: #types & [..."added" | "edited" | "deleted"] | *["added", "edited", "deleted"]
...
}
// Runs your workflow anytime the milestone event occurs. More
// than one activity type triggers this event. For information
// about the REST API, see
// https://developer.github.com/v3/issues/milestones/.
milestone?: #eventObject & {
types?: #types & [..."created" | "closed" | "opened" | "edited" | "deleted"] | *["created", "closed", "opened", "edited", "deleted"]
...
}
// Runs your workflow anytime someone pushes to a GitHub
// Pages-enabled branch, which triggers the page_build event. For
// information about the REST API, see
// https://developer.github.com/v3/repos/pages/.
page_build?: #eventObject
// Runs your workflow anytime the project event occurs. More than
// one activity type triggers this event. For information about
// the REST API, see https://developer.github.com/v3/projects/.
project?: #eventObject & {
types?: #types & [..."created" | "updated" | "closed" | "reopened" | "edited" | "deleted"] | *["created", "updated", "closed", "reopened", "edited", "deleted"]
...
}
// Runs your workflow anytime the project_card event occurs. More
// than one activity type triggers this event. For information
// about the REST API, see
// https://developer.github.com/v3/projects/cards.
project_card?: #eventObject & {
types?: #types & [..."created" | "moved" | "converted" | "edited" | "deleted"] | *["created", "moved", "converted", "edited", "deleted"]
...
}
// Runs your workflow anytime the project_column event occurs.
// More than one activity type triggers this event. For
// information about the REST API, see
// https://developer.github.com/v3/projects/columns.
project_column?: #eventObject & {
types?: #types & [..."created" | "updated" | "moved" | "deleted"] | *["created", "updated", "moved", "deleted"]
...
}
// Runs your workflow anytime someone makes a private repository
// public, which triggers the public event. For information about
// the REST API, see https://developer.github.com/v3/repos/#edit.
public?: #eventObject
// Runs your workflow anytime the pull_request event occurs. More
// than one activity type triggers this event. For information
// about the REST API, see https://developer.github.com/v3/pulls.
// Note: Workflows do not run on private base repositories when
// you open a pull request from a forked repository.
// When you create a pull request from a forked repository to the
// base repository, GitHub sends the pull_request event to the
// base repository and no pull request events occur on the forked
// repository.
// Workflows don't run on forked repositories by default. You must
// enable GitHub Actions in the Actions tab of the forked
// repository.
// The permissions for the GITHUB_TOKEN in forked repositories is
// read-only. For more information about the GITHUB_TOKEN, see
// https://help.github.com/en/articles/virtual-environments-for-github-actions.
pull_request?: #ref & {
types?: #types & [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "ready_for_review" | "locked" | "unlocked" | "review_requested" | "review_request_removed"] | *["opened", "synchronize", "reopened"]
{[=~"^(branche|tag|path)s(-ignore)?$" & !~"^(types)$"]: _}
}
// Runs your workflow anytime the pull_request_review event
// occurs. More than one activity type triggers this event. For
// information about the REST API, see
// https://developer.github.com/v3/pulls/reviews.
// Note: Workflows do not run on private base repositories when
// you open a pull request from a forked repository.
// When you create a pull request from a forked repository to the
// base repository, GitHub sends the pull_request event to the
// base repository and no pull request events occur on the forked
// repository.
// Workflows don't run on forked repositories by default. You must
// enable GitHub Actions in the Actions tab of the forked
// repository.
// The permissions for the GITHUB_TOKEN in forked repositories is
// read-only. For more information about the GITHUB_TOKEN, see
// https://help.github.com/en/articles/virtual-environments-for-github-actions.
pull_request_review?: #eventObject & {
types?: #types & [..."submitted" | "edited" | "dismissed"] | *["submitted", "edited", "dismissed"]
...
}
// Runs your workflow anytime a comment on a pull request's
// unified diff is modified, which triggers the
// pull_request_review_comment event. More than one activity type
// triggers this event. For information about the REST API, see
// https://developer.github.com/v3/pulls/comments.
// Note: Workflows do not run on private base repositories when
// you open a pull request from a forked repository.
// When you create a pull request from a forked repository to the
// base repository, GitHub sends the pull_request event to the
// base repository and no pull request events occur on the forked
// repository.
// Workflows don't run on forked repositories by default. You must
// enable GitHub Actions in the Actions tab of the forked
// repository.
// The permissions for the GITHUB_TOKEN in forked repositories is
// read-only. For more information about the GITHUB_TOKEN, see
// https://help.github.com/en/articles/virtual-environments-for-github-actions.
pull_request_review_comment?: #eventObject & {
types?: #types & [..."created" | "edited" | "deleted"] | *["created", "edited", "deleted"]
...
}
// This event is similar to pull_request, except that it runs in
// the context of the base repository of the pull request, rather
// than in the merge commit. This means that you can more safely
// make your secrets available to the workflows triggered by the
// pull request, because only workflows defined in the commit on
// the base repository are run. For example, this event allows
// you to create workflows that label and comment on pull
// requests, based on the contents of the event payload.
pull_request_target?: #ref & {
types?: #types & [..."assigned" | "unassigned" | "labeled" | "unlabeled" | "opened" | "edited" | "closed" | "reopened" | "synchronize" | "ready_for_review" | "locked" | "unlocked" | "review_requested" | "review_request_removed"] | *["opened", "synchronize", "reopened"]
{[=~"^(branche|tag|path)s(-ignore)?$" & !~"^(types)$"]: _}
}
// Runs your workflow when someone pushes to a repository branch,
// which triggers the push event.
// Note: The webhook payload available to GitHub Actions does not
// include the added, removed, and modified attributes in the
// commit object. You can retrieve the full commit object using
// the REST API. For more information, see
// https://developer.github.com/v3/repos/commits/#get-a-single-commit.
push?: #ref & {
{[=~"^(branche|tag|path)s(-ignore)?$" & !~"^()$"]: _}
}
// Runs your workflow anytime a package is published or updated.
// For more information, see
// https://help.github.com/en/github/managing-packages-with-github-packages.
registry_package?: #eventObject & {
types?: #types & [..."published" | "updated"] | *["published", "updated"]
...
}
// Runs your workflow anytime the release event occurs. More than
// one activity type triggers this event. For information about
// the REST API, see
// https://developer.github.com/v3/repos/releases/ in the GitHub
// Developer documentation.
release?: #eventObject & {
types?: #types & [..."published" | "unpublished" | "created" | "edited" | "deleted" | "prereleased" | "released"] | *["published", "unpublished", "created", "edited", "deleted", "prereleased", "released"]
...
}
// Runs your workflow anytime the status of a Git commit changes,
// which triggers the status event. For information about the
// REST API, see https://developer.github.com/v3/repos/statuses/.
status?: #eventObject
// Runs your workflow anytime the watch event occurs. More than
// one activity type triggers this event. For information about
// the REST API, see
// https://developer.github.com/v3/activity/starring/.
watch?: #eventObject
// You can now create workflows that are manually triggered with
// the new workflow_dispatch event. You will then see a 'Run
// workflow' button on the Actions tab, enabling you to easily
// trigger a run.
workflow_dispatch?: null | bool | number | string | [...] | {
// Input parameters allow you to specify data that the action
// expects to use during runtime. GitHub stores input parameters
// as environment variables. Input ids with uppercase letters are
// converted to lowercase during runtime. We recommended using
// lowercase input ids.
inputs?: {
{[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: {
// A string description of the input parameter.
description: string
// A string shown to users using the deprecated input.
deprecationMessage?: string
// A boolean to indicate whether the action requires the input
// parameter. Set to true when the parameter is required.
required: bool
// A string representing the default value. The default value is
// used when an input parameter isn't specified in a workflow
// file.
default?: string
}}
}
...
}
// This event occurs when a workflow run is requested or
// completed, and allows you to execute a workflow based on the
// finished result of another workflow. For example, if your
// pull_request workflow generates build artifacts, you can
// create a new workflow that uses workflow_run to analyze the
// results and add a comment to the original pull request.
workflow_run?: #eventObject & {
types?: #types & [..."requested" | "completed"] | *["requested", "completed"]
workflows?: [...string] & [_, ...]
{[=~"^branches(-ignore)?$" & !~"^(types|workflows)$"]: _}
...
}
// You can use the GitHub API to trigger a webhook event called
// repository_dispatch when you want to trigger a workflow for
// activity that happens outside of GitHub. For more information,
// see
// https://developer.github.com/v3/repos/#create-a-repository-dispatch-event.
// To trigger the custom repository_dispatch webhook event, you
// must send a POST request to a GitHub API endpoint and provide
// an event_type name to describe the activity type. To trigger a
// workflow run, you must also configure your workflow to use the
// repository_dispatch event.
repository_dispatch?: #eventObject
// You can schedule a workflow to run at specific UTC times using
// POSIX cron syntax
// (https://pubs.opengroup.org/onlinepubs/9699919799/utilities/crontab.html#tag_20_25_07).
// Scheduled workflows run on the latest commit on the default or
// base branch. The shortest interval you can run scheduled
// workflows is once every 5 minutes.
// Note: GitHub Actions does not support the non-standard syntax
// @yearly, @monthly, @weekly, @daily, @hourly, and @reboot.
// You can use crontab guru (https://crontab.guru/). to help
// generate your cron syntax and confirm what time it will run.
// To help you get started, there is also a list of crontab guru
// examples (https://crontab.guru/examples.html).
schedule?: [...null | bool | number | string | [...] | {
cron?: =~"^(((\\d+,)+\\d+|((\\d+|\\*)\\/\\d+|JAN|FEB|MAR|APR|MAY|JUN|JUL|AUG|SEP|OCT|NOV|DEC)|(\\d+-\\d+)|\\d+|\\*|MON|TUE|WED|THU|FRI|SAT|SUN) ?){5,7}$"
}] & [_, ...]
}
// A map of environment variables that are available to all jobs
// and steps in the workflow.
env?: #env
// A map of default settings that will apply to all jobs in the
// workflow.
defaults?: #defaults
// A workflow run is made up of one or more jobs. Jobs run in
// parallel by default. To run jobs sequentially, you can define
// dependencies on other jobs using the jobs.<job_id>.needs
// keyword.
// Each job runs in a fresh instance of the virtual environment
// specified by runs-on.
// You can run an unlimited number of jobs as long as you are
// within the workflow usage limits. For more information, see
// https://help.github.com/en/github/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#usage-limits.
jobs: {
{[=~"^[_a-zA-Z][a-zA-Z0-9_-]*$" & !~"^()$"]: {
// The name of the job displayed on GitHub.
name?: string
// Identifies any jobs that must complete successfully before this
// job will run. It can be a string or array of strings. If a job
// fails, all jobs that need it are skipped unless the jobs use a
// conditional statement that causes the job to continue.
needs?: [...#name] & [_, ...] | #name
// The type of machine to run the job on. The machine can be
// either a GitHub-hosted runner, or a self-hosted runner.
"runs-on": "macos-10.15" | "macos-11.0" | "macos-latest" | "self-hosted" | "ubuntu-16.04" | "ubuntu-18.04" | "ubuntu-20.04" | "ubuntu-latest" | "windows-2016" | "windows-2019" | "windows-latest" | (["self-hosted"] | ["self-hosted", #machine] | ["self-hosted", #architecture] | ["self-hosted", #machine, #architecture] | ["self-hosted", #architecture, #machine]) & [...] | #expressionSyntax
// The environment that the job references.
environment?: string | #environment
// A map of outputs for a job. Job outputs are available to all
// downstream jobs that depend on this job.
outputs?: {
[string]: string
}
// A map of environment variables that are available to all steps
// in the job.
env?: #env
// A map of default settings that will apply to all steps in the
// job.
defaults?: #defaults
// You can use the if conditional to prevent a job from running
// unless a condition is met. You can use any supported context
// and expression to create a conditional.
// Expressions in an if conditional do not require the ${{ }}
// syntax. For more information, see
// https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
if?: string
// A job contains a sequence of tasks called steps. Steps can run
// commands, run setup tasks, or run an action in your
// repository, a public repository, or an action published in a
// Docker registry. Not all steps run actions, but all actions
// run as a step. Each step runs in its own process in the
// virtual environment and has access to the workspace and
// filesystem. Because steps run in their own process, changes to
// environment variables are not preserved between steps. GitHub
// provides built-in steps to set up and complete a job.
steps?: [...{
// A unique identifier for the step. You can use the id to
// reference the step in contexts. For more information, see
// https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
id?: string
// You can use the if conditional to prevent a step from running
// unless a condition is met. You can use any supported context
// and expression to create a conditional.
// Expressions in an if conditional do not require the ${{ }}
// syntax. For more information, see
// https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
if?: string
// A name for your step to display on GitHub.
name?: string
// Selects an action to run as part of a step in your job. An
// action is a reusable unit of code. You can use an action
// defined in the same repository as the workflow, a public
// repository, or in a published Docker container image
// (https://hub.docker.com/).
// We strongly recommend that you include the version of the
// action you are using by specifying a Git ref, SHA, or Docker
// tag number. If you don't specify a version, it could break
// your workflows or cause unexpected behavior when the action
// owner publishes an update.
// - Using the commit SHA of a released action version is the
// safest for stability and security.
// - Using the specific major action version allows you to receive
// critical fixes and security patches while still maintaining
// compatibility. It also assures that your workflow should still
// work.
// - Using the master branch of an action may be convenient, but
// if someone releases a new major version with a breaking
// change, your workflow could break.
// Some actions require inputs that you must set using the with
// keyword. Review the action's README file to determine the
// inputs required.
// Actions are either JavaScript files or Docker containers. If
// the action you're using is a Docker container you must run the
// job in a Linux virtual environment. For more details, see
// https://help.github.com/en/articles/virtual-environments-for-github-actions.
uses?: string
// Runs command-line programs using the operating system's shell.
// If you do not provide a name, the step name will default to
// the text specified in the run command.
// Commands run using non-login shells by default. You can choose
// a different shell and customize the shell used to run
// commands. For more information, see
// https://help.github.com/en/actions/automating-your-workflow-with-github-actions/workflow-syntax-for-github-actions#using-a-specific-shell.
// Each run keyword represents a new process and shell in the
// virtual environment. When you provide multi-line commands,
// each line runs in the same shell.
run?: string, "working-directory"?: #["working-directory"], shell?: #shell
// A map of the input parameters defined by the action. Each input
// parameter is a key/value pair. Input parameters are set as
// environment variables. The variable is prefixed with INPUT_
// and converted to upper case.
with?: #env & {
args?: string, entrypoint?: string, ...
}
// Sets environment variables for steps to use in the virtual
// environment. You can also set environment variables for the
// entire workflow or a job.
env?: #env
// Prevents a job from failing when a step fails. Set to true to
// allow a job to pass when this step fails.
"continue-on-error"?: bool | #expressionSyntax | *false
// The maximum number of minutes to run the step before killing
// the process.
"timeout-minutes"?: number
}] & [_, ...]
// The maximum number of minutes to let a workflow run before
// GitHub automatically cancels it. Default: 360
"timeout-minutes"?: number | *360
// A strategy creates a build matrix for your jobs. You can define
// different variations of an environment to run each job in.
strategy?: {
// A build matrix is a set of different configurations of the
// virtual environment. For example you might run a job against
// more than one supported version of a language, operating
// system, or tool. Each configuration is a copy of the job that
// runs and reports a status.
// You can specify a matrix by supplying an array for the
// configuration options. For example, if the GitHub virtual
// environment supports Node.js versions 6, 8, and 10 you could
// specify an array of those versions in the matrix.
// When you define a matrix of operating systems, you must set the
// required runs-on keyword to the operating system of the
// current job, rather than hard-coding the operating system
// name. To access the operating system name, you can use the
// matrix.os context parameter to set runs-on. For more
// information, see
// https://help.github.com/en/articles/contexts-and-expression-syntax-for-github-actions.
matrix: ({
...
} | #expressionSyntax) & {
{[=~"^(in|ex)clude$" & !~"^()$"]: [...{
[string]: #configuration
}] & [_, ...]}
{[!~"^(in|ex)clude$" & !~"^()$"]: [...#configuration] & [_, ...]}
}
// When set to true, GitHub cancels all in-progress jobs if any
// matrix job fails. Default: true
"fail-fast"?: bool | *true
// The maximum number of jobs that can run simultaneously when
// using a matrix job strategy. By default, GitHub will maximize
// the number of jobs run in parallel depending on the available
// runners on GitHub-hosted virtual machines.
"max-parallel"?: number
}
// Prevents a workflow run from failing when a job fails. Set to
// true to allow a workflow run to pass when this job fails.
"continue-on-error"?: bool | #expressionSyntax
// A container to run any steps in a job that don't already
// specify a container. If you have steps that use both script
// and container actions, the container actions will run as
// sibling containers on the same network with the same volume
// mounts.
// If you do not set a container, all steps will run directly on
// the host specified by runs-on unless a step refers to an
// action configured to run in a container.
container?: string | #container
// Additional containers to host services for a job in a workflow.
// These are useful for creating databases or cache services like
// redis. The runner on the virtual machine will automatically
// create a network and manage the life cycle of the service
// containers.
// When you use a service container for a job or your step uses
// container actions, you don't need to set port information to
// access the service. Docker automatically exposes all ports
// between containers on the same network.
// When both the job and the action run in a container, you can
// directly reference the container by its hostname. The hostname
// is automatically mapped to the service name.
// When a step does not use a container action, you must access
// the service using localhost and bind the ports.
services?: {
[string]: #container
}
}}
}
}
#architecture: "ARM32" | "x64" | "x86"
#branch: #globs
#configuration: string | number | bool | {
[string]: #configuration
} | [...#configuration]
#container: {
// The Docker image to use as the container to run the action. The
// value can be the Docker Hub image name or a registry name.
image: string
// If the image's container registry requires authentication to
// pull the image, you can use credentials to set a map of the
// username and password. The credentials are the same values
// that you would provide to the `docker login` command.
credentials?: {
username?: string
password?: string
...
}
// Sets an array of environment variables in the container.
env?: #env
// Sets an array of ports to expose on the container.
ports?: [...number | string] & [_, ...]
// Sets an array of volumes for the container to use. You can use
// volumes to share data between services or other steps in a
// job. You can specify named Docker volumes, anonymous Docker
// volumes, or bind mounts on the host.
// To specify a volume, you specify the source and destination
// path: <source>:<destinationPath>
// The <source> is a volume name or an absolute path on the host
// machine, and <destinationPath> is an absolute path in the
// container.
volumes?: [...=~"^[^:]+:[^:]+$"] & [_, ...]
// Additional Docker container resource options. For a list of
// options, see
// https://docs.docker.com/engine/reference/commandline/create/#options.
options?: string
}
#defaults: run?: {
shell?: #shell
"working-directory"?: #["working-directory"]
}
#env: [string]: bool | number | string
#environment: {
// The name of the environment configured in the repo.
name: string
// A deployment URL
url?: string
}
#event: "check_run" | "check_suite" | "create" | "delete" | "deployment" | "deployment_status" | "fork" | "gollum" | "issue_comment" | "issues" | "label" | "member" | "milestone" | "page_build" | "project" | "project_card" | "project_column" | "public" | "pull_request" | "pull_request_review" | "pull_request_review_comment" | "pull_request_target" | "push" | "registry_package" | "release" | "status" | "watch" | "workflow_dispatch" | "workflow_run" | "repository_dispatch"
#eventObject: null | {
...
}
#expressionSyntax: =~"^\\$\\{\\{.*\\}\\}$"
#globs: [...strings.MinRunes(1)] & [_, ...]
#machine: "linux" | "macos" | "windows"
#name: =~"^[_a-zA-Z][a-zA-Z0-9_-]*$"
#path: #globs
#ref: null | {
branches?: #branch
"branches-ignore"?: #branch
tags?: #branch
"tags-ignore"?: #branch
paths?: #path
"paths-ignore"?: #path
...
}
#shell: (string | ("bash" | "pwsh" | "python" | "sh" | "cmd" | "powershell")) & string
#types: [_, ...]
#: "working-directory": string
}
-- internal/ci/ci_tool.cue --
// Copyright 2021 The CUE Authors
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package ci
import (
"path"
"encoding/yaml"
"tool/exec"
"tool/file"
"tool/os"
)
// genworkflows regenerates the GitHub workflow Yaml definitions.
//
// See internal/ci/gen.go for details on how this step fits into the sequence
// of generating our CI workflow definitions, and updating various txtar tests
// with files from that process.
//
// Until we have a resolution for cuelang.org/issue/704 and
// cuelang.org/issue/708 this must be run from the internal/ci package. At
// which point we can switch to using _#modroot.
//
// This also explains why the ../../ relative path specification below appear
// wrong in the context of the containing directory internal/ci/vendor.
command: genworkflows: {
goos: _#goos
for w in workflows {
"\(w.file)": file.Create & {
_dir: path.FromSlash("../../.github/workflows", path.Unix)
filename: path.Join([_dir, w.file], goos.GOOS)
contents: """
# Generated by internal/ci/ci_tool.cue; do not edit
\(yaml.Marshal(w.schema))
"""
}
}
}
// updateTxtarTests ensures certain txtar tests are updated with the
// relevant files that make up the process of generating our CI
// workflows.
//
// See internal/ci/gen.go for details on how this step fits into the sequence
// of generating our CI workflow definitions, and updating various txtar tests
// with files from that process.
//
// Until we have a resolution for cuelang.org/issue/704 and
// cuelang.org/issue/708 this must be run from the internal/ci package. At
// which point we can switch to using _#modroot.
//
// This also explains why the ../../ relative path specification below appear
// wrong in the context of the containing directory internal/ci/vendor.
command: updateTxtarTests: {
goos: _#goos
readJSONSchema: file.Read & {
_path: path.FromSlash("../../cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue", path.Unix)
filename: path.Join([_path], goos.GOOS)
contents: string
}
cueDefInternalCI: exec.Run & {
cmd: "go run cuelang.org/go/cmd/cue def cuelang.org/go/internal/ci"
stdout: string
}
// updateEvalTxtarTest updates the cue/testdata/eval testscript which exercises
// the evaluation of the workflows defined in internal/ci (which by definition
// means resolving and using the vendored GitHub Workflow schema)
updateEvalTxtarTest: {
_relpath: path.FromSlash("../../cue/testdata/eval/github.txtar", path.Unix)
_path: path.Join([_relpath], goos.GOOS)
githubSchema: exec.Run & {
stdin: readJSONSchema.contents
cmd: "go run cuelang.org/go/internal/ci/updatetxtar - \(_path) cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue"
}
defWorkflows: exec.Run & {
$after: githubSchema
stdin: cueDefInternalCI.stdout
cmd: "go run cuelang.org/go/internal/ci/updatetxtar - \(_path) workflows.cue"
}
}
// When we have a solution for cuelang.org/issue/709 we can make this a
// file.Glob. Ultimately it would be better to be able to do a cue def
// on the tool "package"
readToolsFile: file.Read & {
filename: "ci_tool.cue"
contents: string
}
updateCmdCueCmdTxtarTest: {
_relpath: path.FromSlash("../../cmd/cue/cmd/testdata/script/cmd_github.txt", path.Unix)
_path: path.Join([_relpath], goos.GOOS)
githubSchema: exec.Run & {
stdin: readJSONSchema.contents
cmd: "go run cuelang.org/go/internal/ci/updatetxtar - \(_path) cue.mod/pkg/github.com/SchemaStore/schemastore/src/schemas/json/github-workflow.cue"
}
defWorkflows: exec.Run & {
$after: githubSchema
stdin: cueDefInternalCI.stdout
cmd: "go run cuelang.org/go/internal/ci/updatetxtar - \(_path) internal/ci/workflows.cue"
}
toolsFile: exec.Run & {
stdin: readToolsFile.contents
cmd: "go run cuelang.org/go/internal/ci/updatetxtar - \(_path) internal/ci/\(readToolsFile.filename)"
}
}
}
// _#modroot is a common helper to get the module root
//
// TODO: use once we have a solution to cuelang.org/issue/704.
// This will then allow us to remove the use of .. below.
_#modroot: exec.Run & {
cmd: "go list -m -f {{.Dir}}"
stdout: string
}
// Until we have the ability to inject contextual information
// we need to pass in GOOS explicitly. Either by environment
// variable (which we get for free when this is used via go generate)
// or via a tag in the case you want to manually run the CUE
// command.
_#goos: os.Getenv & {
GOOS: *path.Unix | string @tag(os)
}
-- internal/ci/workflows.cue --
package ci
import (
"github.com/SchemaStore/schemastore/src/schemas/json"
encjson "encoding/json"
)
workflowsDir: *"./" | string @tag(workflowsDir)
_#masterBranch: "master"
_#releaseTagPattern: "v*"
workflows: [...{
file: string
schema: json.#Workflow
}] & [{
file: "test.yml"
schema: test
}, {
file: "repository_dispatch.yml"
schema: repository_dispatch
}, {
file: "release.yml"
schema: release
}, {
file: "rebuild_tip_cuelang_org.yml"
schema: rebuild_tip_cuelang_org
}, {
file: "mirror.yml"
schema: mirror
}]
test: _#bashWorkflow & {
name: "Test"
on: push: {
branches: ["**"]
"tags-ignore": [_#releaseTagPattern]
}
jobs: {
start: {
"runs-on": _#linuxMachine
steps: [..._ & {
if: "${{ \(_#isCLCITestBranch) }}"
}] & [_#writeCookiesFile, _#startCLBuild]
}
test: {
needs: "start"
strategy: _#testStrategy
"runs-on": "${{ matrix.os }}"
steps: [_#writeCookiesFile, _#installGo, _#checkoutCode, _#cacheGoModules, _#setGoBuildTags & {
_#tags: "long"
if: "${{ \(_#isMaster) }}"
}, _#goGenerate, _#goTest, _#goTestRace & {
if: "${{ \(_#isMaster) || \(_#isCLCITestBranch) && matrix.go-version == '\(_#latestStableGo)' && matrix.os == '\(_#linuxMachine)' }}"
}, _#goReleaseCheck, _#checkGitClean, _#pullThroughProxy, _#failCLBuild]
}
mark_ci_success: {
"runs-on": _#linuxMachine
if: "${{ \(_#isCLCITestBranch) }}"
needs: "test"
steps: [_#writeCookiesFile, _#passCLBuild]
}
delete_build_branch: {
"runs-on": _#linuxMachine
if: "${{ \(_#isCLCITestBranch) && always() }}"
needs: "test"
steps: [_#step & {
run: """
\(_#tempCueckooGitDir)
git push https://github.com/cuelang/cue :${GITHUB_REF#\(_#branchRefPrefix)}
"""
}]
}
}
// _#isCLCITestBranch is an expression that evaluates to true
// if the job is running as a result of a CL triggered CI build
_#isCLCITestBranch: "startsWith(github.ref, '\(_#branchRefPrefix)ci/')"
// _#isMaster is an expression that evaluates to true if the
// job is running as a result of a master commit push
_#isMaster: "github.ref == '\(_#branchRefPrefix+_#masterBranch)'"
_#pullThroughProxy: _#step & {
name: "Pull this commit through the proxy on \(_#masterBranch)"
run: """
v=$(git rev-parse HEAD)
cd $(mktemp -d)
go mod init mod.com
GOPROXY=https://proxy.golang.org go get -d cuelang.org/go/cmd/cue@$v
"""
if: "${{ \(_#isMaster) }}"
}
_#startCLBuild: _#step & {
name: "Update Gerrit CL message with starting message"
run: (_#gerrit._#setCodeReview & {
#args: {
message: "Started the build... see progress at ${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}"
labels: "Code-Review": 0
}
}).res
}
_#failCLBuild: _#step & {
if: "${{ \(_#isCLCITestBranch) && failure() }}"
name: "Post any failures for this matrix entry"
run: (_#gerrit._#setCodeReview & {
#args: {
message: "Build failed for ${{ runner.os }}-${{ matrix.go-version }}; see ${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }} for more details"
labels: "Code-Review": -1
}
}).res
}
_#passCLBuild: _#step & {
name: "Update Gerrit CL message with success message"
run: (_#gerrit._#setCodeReview & {
#args: {
message: "Build succeeded for ${{ github.event.repository.html_url }}/actions/runs/${{ github.run_id }}"
labels: "Code-Review": 1
}
}).res
}
_#gerrit: {
// _#setCodeReview assumes that it is invoked from a job where
// _#isCLCITestBranch is true
_#setCodeReview: {
#args: {
tag: "trybot"
message: string
labels: "Code-Review": int
}
res: "curl -f -s -H \"Content-Type: application/json\" --request POST --data '\(encjson.Marshal(#args))' -b ~/.gitcookies https://cue-review.googlesource.com/a/changes/$(basename $(dirname $GITHUB_REF))/revisions/$(basename $GITHUB_REF)/review"
}
}
}
repository_dispatch: _#bashWorkflow & {
// These constants are defined by github.com/cue-sh/tools/cmd/cueckoo
_#runtrybot: "runtrybot"
_#mirror: "mirror"
_#importpr: "importpr"
_#unity: "unity"
_#dispatchJob: _#job & {
_#type: string
"runs-on": _#linuxMachine
if: "${{ github.event.client_payload.type == '\(_#type)' }}"
}
name: "Repository Dispatch"
on: ["repository_dispatch"]
jobs: {
"\(_#runtrybot)": _#dispatchJob & {
_#type: _#runtrybot
steps: [_#step & {
name: "Trigger trybot"
run: """
\(_#tempCueckooGitDir)
git fetch https://cue-review.googlesource.com/cue ${{ github.event.client_payload.payload.ref }}
git checkout -b ci/${{ github.event.client_payload.payload.changeID }}/${{ github.event.client_payload.payload.commit }} FETCH_HEAD
git push https://github.com/cuelang/cue ci/${{ github.event.client_payload.payload.changeID }}/${{ github.event.client_payload.payload.commit }}
"""
}]
}
"\(_#mirror)": _#dispatchJob & {
_#type: _#mirror
steps: _#copybaraSteps & {
_
_#name: "Mirror Gerrit to GitHub"
_#cmd: "github"
}
}
"\(_#importpr)": _#dispatchJob & {
_#type: _#importpr
steps: _#copybaraSteps & {
_
_#name: "Import PR #${{ github.event.client_payload.commit }} from GitHub to Gerrit"
_#cmd: "github-pr ${{ github.event.client_payload.payload.pr }}"
}
}
}
}
mirror: _#bashWorkflow & {
name: "Scheduled repo mirror"
on: schedule: [{
cron: "*/30 * * * *"
}]
jobs: mirror: {
"runs-on": _#linuxMachine
steps: _#copybaraSteps & {
_
_#name: "Mirror Gerrit to GitHub"
_#cmd: "github"
}
}
}
release: _#bashWorkflow & {
name: "Release"
on: push: tags: [_#releaseTagPattern]
jobs: {
goreleaser: {
"runs-on": _#linuxMachine
steps: [_#checkoutCode & {
with: "fetch-depth": 0
}, _#installGo & {
with: version: _#latestStableGo
}, _#step & {
name: "Run GoReleaser"
env: GITHUB_TOKEN: "${{ secrets.ACTIONS_GITHUB_TOKEN }}"
uses: "goreleaser/goreleaser-action@v2"
with: {
args: "release --rm-dist"
version: "v0.155.1"
}
}]
}
docker: {
name: "docker"
"runs-on": _#linuxMachine
steps: [_#checkoutCode, _#step & {
name: "Set version environment"
run: """
CUE_VERSION=$(echo ${GITHUB_REF##refs/tags/v})
echo \"CUE_VERSION=$CUE_VERSION\"
echo \"CUE_VERSION=$(echo $CUE_VERSION)\" >> $GITHUB_ENV
"""
}, _#step & {
name: "Push to Docker Hub"
env: {
DOCKER_BUILDKIT: 1
GOLANG_VERSION: 1.14
CUE_VERSION: "${{ env.CUE_VERSION }}"
}
uses: "docker/build-push-action@v1"
with: {
tags: "${{ env.CUE_VERSION }},latest"
repository: "cuelang/cue"
username: "${{ secrets.DOCKER_USERNAME }}"
password: "${{ secrets.DOCKER_PASSWORD }}"
tag_with_ref: false
tag_with_sha: false
target: "cue"
always_pull: true
build_args: "GOLANG_VERSION=${{ env.GOLANG_VERSION }},CUE_VERSION=v${{ env.CUE_VERSION }}"
add_git_labels: true
}
}]
}
}
}
rebuild_tip_cuelang_org: _#bashWorkflow & {
name: "Push to tip"
on: push: branches: [_#masterBranch]
jobs: push: {
"runs-on": _#linuxMachine
steps: [{
name: "Rebuild tip.cuelang.org"
run: "curl -f -X POST -d {} https://api.netlify.com/build_hooks/${{ secrets.CuelangOrgTipRebuildHook }}"
}]
}
}
_#bashWorkflow: json.#Workflow & {
jobs: [string]: defaults: run: shell: "bash"
}
// TODO: drop when cuelang.org/issue/390 is fixed.
// Declare definitions for sub-schemas
_#job: ((json.#Workflow & {}).jobs & {
x: _
}).x
_#step: ((_#job & {
steps: _
}).steps & [_])[0]
// We need at least go1.14 for code generation
_#codeGenGo: "1.14.14"
// Use a specific latest version for release builds
_#latestStableGo: "1.15.8"
_#linuxMachine: "ubuntu-18.04"
_#macosMachine: "macos-10.15"
_#windowsMachine: "windows-2019"
_#testStrategy: {
"fail-fast": false
matrix: {
// Use a stable version of 1.14.x for go generate
"go-version": [_#codeGenGo, _#latestStableGo, "1.16"]
os: [_#linuxMachine, _#macosMachine, _#windowsMachine]
}
}
_#setGoBuildTags: _#step & {
_#tags: string
name: "Set go build tags"
run: "go env -w GOFLAGS=-tags=\(_#tags)"
}
_#installGo: _#step & {
name: "Install Go"
uses: "actions/setup-go@v2"
with: {
"go-version": *"${{ matrix.go-version }}" | string
stable: false
}
}
_#checkoutCode: _#step & {
name: "Checkout code"
uses: "actions/checkout@v2"
}
_#cacheGoModules: _#step & {
name: "Cache Go modules"
uses: "actions/cache@v1"
with: {
path: "~/go/pkg/mod"
key: "${{ runner.os }}-${{ matrix.go-version }}-go-${{ hashFiles('**/go.sum') }}"
"restore-keys": """
${{ runner.os }}-${{ matrix.go-version }}-go-
"""
}
}
_#goGenerate: _#step & {
name: "Generate"
run: "go generate ./..."
// The Go version corresponds to the precise version specified in
// the matrix. Skip windows for now until we work out why re-gen is flaky
if: "matrix.go-version == '\(_#codeGenGo)' && matrix.os != '\(_#windowsMachine)'"
}
_#goTest: _#step & {
name: "Test"
run: "go test ./..."
}
_#goTestRace: _#step & {
name: "Test with -race"
run: "go test -race ./..."
}
_#goReleaseCheck: _#step & {
name: "gorelease check"
run: "go run golang.org/x/exp/cmd/gorelease"
}
_#checkGitClean: _#step & {
name: "Check that git is clean post generate and tests"
run: "test -z \"$(git status --porcelain)\" || (git status; git diff; false)"
}
_#writeCookiesFile: _#step & {
name: "Write the gitcookies file"
run: "echo \"${{ secrets.gerritCookie }}\" > ~/.gitcookies"
}
_#branchRefPrefix: "refs/heads/"
_#tempCueckooGitDir: """
mkdir tmpgit
cd tmpgit
git init
git config user.name cueckoo
git config user.email cueckoo@gmail.com
git config http.https://github.com/.extraheader "AUTHORIZATION: basic $(echo -n cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }} | base64)"
"""
// The cueckoo/copybara Docker image to use
_#cueckooCopybaraImage: "cueckoo/copybara:afc4ae03eed00b0c9d7415141cd1b5dfa583da7c"
// Define the base command for copybara
_#copybaraCmd: {
"""
cd _scripts
docker run --rm -v $PWD/cache:/root/copybara/cache -v $PWD:/usr/src/app --entrypoint="" \(_#cueckooCopybaraImage) bash -c " \\
\tset -eu; \\
\techo \\"${{ secrets.gerritCookie }}\\" > ~/.gitcookies; \\
\tchmod 600 ~/.gitcookies; \\
\tgit config --global user.name cueckoo; \\
\tgit config --global user.email cueckoo@gmail.com; \\
\tgit config --global http.cookiefile \\$HOME/.gitcookies; \\
\techo https://cueckoo:${{ secrets.CUECKOO_GITHUB_PAT }}@github.com > ~/.git-credentials; \\
\tchmod 600 ~/.git-credentials; \\
\tjava -jar /opt/copybara/copybara_deploy.jar migrate copy.bara.sky \(_#cmd); \\
\t"
"""
_#cmd: string
}
_#copybaraSteps: {
let cmdCmd = _#cmd
[_#checkoutCode, _#step & {
name: _#name
run: _#copybaraCmd & {
_
_#cmd: cmdCmd
}
}]
_#name: string
_#cmd: string
}