Prerelease - Build, Test, Scan, and Push #499
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
schedule: | |
# every morning at 8am UTC | |
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onschedule | |
# make sure to change the `if` commands below when changing the schedule | |
- cron: '0 8 * * *' | |
- cron: '0 9 * * *' | |
push: | |
branches: | |
- main | |
- dev | |
- dev-rspm | |
pull_request: | |
name: Prerelease - Build, Test, Scan, and Push | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
name: build-${{ matrix.config.type }}-${{ matrix.config.product }}-${{ matrix.config.os }} | |
permissions: | |
contents: read | |
packages: write | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- {product: "workbench", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "workbench", type: "preview", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "connect", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "connect-content-init", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "package-manager", type: "daily", os: "ubuntu1804", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "package-manager", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "r-session-complete", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "r-session-complete", type: "daily", os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {product: "r-session-complete", type: "preview", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "r-session-complete", type: "preview", os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
concurrency: | |
group: prerelease-build-${{ matrix.config.type }}-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Check Out main Branch | |
if: github.event.schedule == '0 8 * * *' | |
uses: actions/checkout@v3 | |
with: | |
ref: 'main' | |
- name: Check Out Repo at Triggered Branch | |
if: github.event.schedule != '0 8 * * *' | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Version | |
id: get-version | |
run: | | |
VERSION=$(just -f ci.Justfile get-version ${{ matrix.config.product }} --type=${{ matrix.config.type }} --local) | |
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-prerelease-args \ | |
${{ matrix.config.type }} \ | |
${{ matrix.config.product }} \ | |
${{ matrix.config.os }} \ | |
${{ steps.get-version.outputs.VERSION }} \ | |
) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-prerelease-tags \ | |
${{ matrix.config.type }} \ | |
${{ matrix.config.product }} \ | |
${{ matrix.config.os }} \ | |
${{ steps.get-version.outputs.VERSION }} \ | |
) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push base pro image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./${{ matrix.config.product }} | |
os: ${{ matrix.config.os }} | |
product: ${{ matrix.config.product }} | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./${{ matrix.config.product }} | |
os: ${{ matrix.config.os }} | |
product: product-base | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
# End retry logic |