Nightly Release #152
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Part of the Carbon Language project, under the Apache License v2.0 with LLVM | |
# Exceptions. See /LICENSE for license information. | |
# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | |
# | |
# This workflow creates a GitHub "release" of a nightly build of the project. | |
# | |
# Note: This is just an initial rough attempt, there is a lot of future work | |
# needed here. A brief summary of TODOs: | |
# | |
# - Configure a nice release notes template and switch to generating the title | |
# and notes instead of hard coding them. | |
# | |
# - Do some amount of testing prior to building and uploading the release. | |
# - Tempting to try to examine existing testing workflow, but maybe better to | |
# allow re-using any complex parts and do our own testing. That would, for | |
# example, allow us to narrow or expand the set of tests uses for | |
# pre-release testing to potentially be different from continuous testing. | |
# - Some questions around what to do in the event of a failure... error? Where | |
# does the error go? Create a draft, unpublished release instead? | |
# | |
# - Build artifacts for all the different OSes we have GitHub runners for rather | |
# than just x86 Linux. | |
name: Nightly Release | |
on: | |
schedule: | |
- cron: '0 2 * * *' | |
# Enable manual runs for testing or manually (re-)creating a nightly release. | |
workflow_dispatch: | |
permissions: | |
contents: write # For creating and uploading to releases. | |
jobs: | |
release: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1 | |
with: | |
egress-policy: block | |
# When adding endpoints, see README.md. | |
# prettier-ignore | |
allowed-endpoints: > | |
*.dl.sourceforge.net:443 | |
api.github.com:443 | |
bcr.bazel.build:443 | |
downloads.sourceforge.net:443 | |
github.com:443 | |
oauth2.googleapis.com:443 | |
objects.githubusercontent.com:443 | |
releases.bazel.build:443 | |
sourceforge.net:443 | |
storage.googleapis.com:443 | |
uploads.github.com:443 | |
- name: Checkout branch | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Set up remote cache access | |
env: | |
REMOTE_CACHE_KEY: ${{ secrets.CARBON_BUILDS_GITHUB }} | |
run: | | |
echo "$REMOTE_CACHE_KEY" | base64 -d > $HOME/remote_cache_key.json | |
echo "remote_cache_upload=--google_credentials=$HOME/remote_cache_key.json" \ | |
>> $GITHUB_ENV | |
- uses: ./.github/actions/build-setup-common | |
with: | |
matrix_runner: ubuntu-22.04 | |
remote_cache_upload: ${{ env.remote_cache_upload }} | |
- name: Get nightly date | |
run: | | |
echo "nightly_date=$(date '+%Y.%m.%d')" >> $GITHUB_ENV | |
- name: Build release | |
run: | | |
./scripts/run_bazel.py \ | |
--attempts=5 --jobs-on-last-attempt=4 \ | |
test -c opt --remote_download_toplevel \ | |
--pre_release=nightly --nightly_date=${{ env.nightly_date }} \ | |
//toolchain \ | |
//toolchain/install:carbon_toolchain_tar_gz_rule \ | |
//toolchain/install:carbon_toolchain_tar_gz_test | |
- name: Extract the release version | |
run: | | |
# Make sure we can run the toolchain to get the version. | |
./bazel-bin/toolchain/carbon version | |
# Now stash it in a variable and export it. | |
VERSION=$( \ | |
./bazel-bin/toolchain/carbon version \ | |
| cut -d' ' -f5 | cut -d'+' -f1) | |
echo "release_version=$VERSION" >> $GITHUB_ENV | |
- name: Create the release | |
env: | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
gh release create \ | |
--title "Nightly build ${{ env.nightly_date }}" \ | |
--generate-notes \ | |
--prerelease \ | |
v${{ env.release_version }} \ | |
"bazel-bin/toolchain/install/carbon_toolchain-${{ env.release_version }}.tar.gz" |