Envoy/Windows #344
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Envoy/Windows | |
permissions: | |
contents: read | |
on: | |
workflow_run: | |
workflows: | |
- Request | |
types: | |
- completed | |
concurrency: | |
group: ${{ github.head_ref || github.run_id }}-${{ github.workflow }} | |
cancel-in-progress: true | |
jobs: | |
load: | |
secrets: | |
app-key: ${{ secrets.ENVOY_CI_APP_KEY }} | |
app-id: ${{ secrets.ENVOY_CI_APP_ID }} | |
lock-app-key: ${{ secrets.ENVOY_CI_MUTEX_APP_KEY }} | |
lock-app-id: ${{ secrets.ENVOY_CI_MUTEX_APP_ID }} | |
permissions: | |
actions: read | |
contents: read | |
packages: read | |
pull-requests: read | |
if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
uses: ./.github/workflows/_load.yml | |
with: | |
cache-docker: false | |
check-name: windows | |
windows: | |
permissions: | |
contents: read | |
packages: read | |
secrets: | |
rbe-key: ${{ secrets.GCP_SERVICE_ACCOUNT_KEY }} | |
if: ${{ fromJSON(needs.load.outputs.request).run.build-windows }} | |
needs: | |
- load | |
uses: ./.github/workflows/_run.yml | |
name: CI ${{ matrix.name || matrix.target }} | |
with: | |
command: | |
request: ${{ needs.load.outputs.request }} | |
runs-on: envoy-win19-small | |
source: | | |
export ENVOY_SHARED_TMP_DIR="C:\Users\runner\AppData\Local\Temp\bazel-shared" | |
export ENVOY_DOCKER_BUILD_DIR="C:\Users\runner\AppData\Local\Temp" | |
mkdir -p "$ENVOY_SHARED_TMP_DIR" | |
GCP_SERVICE_ACCOUNT_KEY_PATH=$(mktemp -p "${ENVOY_SHARED_TMP_DIR}" -t gcp_service_account.XXXXXX.json) | |
bash -c "echo \"${RBE_KEY}\" | base64 --decode > \"${GCP_SERVICE_ACCOUNT_KEY_PATH}\"" | |
_BAZEL_BUILD_EXTRA_OPTIONS=( | |
--config=remote-ci | |
--config=rbe-google | |
--config=remote-msvc-cl | |
--google_credentials=${GCP_SERVICE_ACCOUNT_KEY_PATH} | |
--jobs=75 | |
--flaky_test_attempts=2) | |
export BAZEL_BUILD_EXTRA_OPTIONS=${_BAZEL_BUILD_EXTRA_OPTIONS[*]} | |
steps-post: | |
target: ${{ matrix.target }} | |
temp-dir: 'C:\Users\runner\AppData\Local\Temp\bazel-shared' | |
timeout-minutes: 120 | |
trusted: ${{ fromJSON(needs.load.outputs.trusted) }} | |
upload-name: windows.release | |
upload-path: 'C:\Users\runner\AppData\Local\Temp\envoy' | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: ci/windows_ci_steps.sh | |
name: Windows 2019 | |
docker: | |
needs: | |
- load | |
- windows | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: windows2019 | |
name: Windows 2019 | |
runs-on: envoy-win19-small | |
build-type: windows | |
image-base: mcr.microsoft.com/windows/servercore | |
image-tag: ltsc2019 | |
- target: windows2022 | |
name: Windows 2022 | |
runs-on: envoy-win22-small | |
build-type: windows-ltsc2022 | |
image-base: mcr.microsoft.com/windows/nanoserver | |
image-tag: ltsc2022 | |
runs-on: ${{ matrix.runs-on }} | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
ref: ${{ needs.load.outputs.repo_ref }} | |
- uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: windows.release | |
- run: | | |
# Convert to Unix-style path so tar doesn't think drive letter is a hostname | |
STAGING_DIR="$(echo $PWD | tr -d ':' | tr '\\' '/')" | |
mkdir -p windows/amd64 && tar zxf "${STAGING_DIR}/envoy_binary.tar.gz" -C ./windows/amd64 | |
CI_SHA1=$(git rev-parse head) | |
export CI_SHA1 | |
ci/docker_ci.sh | |
shell: bash | |
env: | |
CI_BRANCH: ${{ github.ref }} | |
DOCKERHUB_USERNAME: ${{ fromJSON(needs.load.outputs.trusted) && secrets.DOCKERHUB_USERNAME || '' }} | |
DOCKERHUB_PASSWORD: ${{ fromJSON(needs.load.outputs.trusted) && secrets.DOCKERHUB_PASSWORD || '' }} | |
WINDOWS_BUILD_TYPE: ${{ matrix.build-type }} | |
WINDOWS_IMAGE_BASE: ${{ matrix.image-base }} | |
WINDOWS_IMAGE_TAG: ${{ matrix.image-tag }} | |
request: | |
permissions: | |
actions: read | |
contents: read | |
pull-requests: read | |
secrets: | |
app-id: ${{ secrets.ENVOY_CI_APP_ID }} | |
app-key: ${{ secrets.ENVOY_CI_APP_KEY }} | |
if: >- | |
${{ always() | |
&& github.event.workflow_run.conclusion == 'success' | |
&& fromJSON(needs.load.outputs.request).run.build-windows }} | |
needs: | |
- load | |
- windows | |
- docker | |
uses: ./.github/workflows/_finish.yml | |
with: | |
needs: ${{ toJSON(needs) }} |