Update 6 packages #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "03 Maintain: Apply Package Cache" | |
| description: "Generate the package cache for the lesson after a pull request has been merged or via manual trigger, and cache in S3 or GitHub" | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| name: | |
| description: 'Who triggered this build?' | |
| required: true | |
| default: 'Maintainer (via GitHub)' | |
| pull_request: | |
| types: | |
| - closed | |
| branches: | |
| - main | |
| # queue cache runs | |
| concurrency: | |
| group: docker-apply-cache | |
| cancel-in-progress: false | |
| jobs: | |
| preflight: | |
| name: "Preflight: PR or Manual Trigger?" | |
| runs-on: ubuntu-latest | |
| outputs: | |
| do-apply: ${{ steps.check.outputs.merged_or_manual }} | |
| steps: | |
| - name: "Should we run cache application?" | |
| id: check | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" || | |
| ("${{ github.ref }}" == "refs/heads/main" && "${{ github.event.action }}" == "closed" && "${{ github.event.pull_request.merged }}" == "true") ]]; then | |
| echo "merged_or_manual=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "This was not a manual trigger and no PR was merged. No action taken." | |
| echo "merged_or_manual=false" >> $GITHUB_OUTPUT | |
| fi | |
| shell: bash | |
| check-renv: | |
| name: "Check If We Need {renv}" | |
| runs-on: ubuntu-latest | |
| needs: preflight | |
| if: needs.preflight.outputs.do-apply == 'true' | |
| permissions: | |
| id-token: write | |
| outputs: | |
| renv-needed: ${{ steps.check-for-renv.outputs.renv-needed }} | |
| renv-cache-hashsum: ${{ steps.check-for-renv.outputs.renv-cache-hashsum }} | |
| renv-cache-available: ${{ steps.check-for-renv.outputs.renv-cache-available }} | |
| steps: | |
| - name: "Check for renv" | |
| id: check-for-renv | |
| uses: carpentries/actions/renv-checks@main | |
| with: | |
| role-to-assume: ${{ secrets.AWS_GH_OIDC_ARN }} | |
| aws-region: ${{ secrets.AWS_GH_OIDC_REGION }} | |
| WORKBENCH_TAG: ${{ vars.WORKBENCH_TAG || 'latest' }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| no-renv-cache-used: | |
| name: "No renv cache used" | |
| runs-on: ubuntu-latest | |
| needs: check-renv | |
| if: needs.check-renv.outputs.renv-needed != 'true' | |
| steps: | |
| - name: "No renv cache needed" | |
| run: echo "No renv cache needed for this lesson" | |
| renv-cache-available: | |
| name: "renv cache available" | |
| runs-on: ubuntu-latest | |
| needs: check-renv | |
| if: needs.check-renv.outputs.renv-cache-available == 'true' | |
| steps: | |
| - name: "renv cache available" | |
| run: echo "renv cache available for this lesson" | |
| update-renv-cache: | |
| name: "Update renv Cache" | |
| runs-on: ubuntu-latest | |
| needs: check-renv | |
| if: | | |
| needs.check-renv.outputs.renv-needed == 'true' && | |
| needs.check-renv.outputs.renv-cache-available != 'true' && | |
| ( | |
| github.event_name == 'workflow_dispatch' || | |
| ( | |
| github.event.pull_request.merged == true && | |
| ( | |
| ( | |
| contains( | |
| join(github.event.pull_request.labels.*.name, ','), | |
| 'type: package cache' | |
| ) && | |
| github.event.pull_request.head.ref == 'update/packages' | |
| ) | |
| || | |
| ( | |
| contains( | |
| join(github.event.pull_request.labels.*.name, ','), | |
| 'type: workflows' | |
| ) && | |
| github.event.pull_request.head.ref == 'update/workflows' | |
| ) | |
| || | |
| ( | |
| contains( | |
| join(github.event.pull_request.labels.*.name, ','), | |
| 'type: docker version' | |
| ) && | |
| github.event.pull_request.head.ref == 'update/workbench-docker-version' | |
| ) | |
| ) | |
| ) | |
| ) | |
| permissions: | |
| checks: write | |
| contents: write | |
| pages: write | |
| id-token: write | |
| container: | |
| image: ghcr.io/carpentries/workbench-docker:${{ vars.WORKBENCH_TAG || 'latest' }} | |
| env: | |
| WORKBENCH_PROFILE: "ci" | |
| GITHUB_PAT: ${{ secrets.GITHUB_TOKEN }} | |
| RENV_PATHS_ROOT: /home/rstudio/lesson/renv | |
| RENV_PROFILE: "lesson-requirements" | |
| RENV_VERSION: ${{ needs.check-renv.outputs.renv-cache-hashsum }} | |
| RENV_CONFIG_EXTERNAL_LIBRARIES: "/usr/local/lib/R/site-library" | |
| volumes: | |
| - ${{ github.workspace }}:/home/rstudio/lesson | |
| options: --cpus 2 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: "Debugging Info" | |
| run: | | |
| echo "Current Directory: $(pwd)" | |
| ls -lah /home/rstudio/.workbench | |
| ls -lah $(pwd) | |
| Rscript -e 'sessionInfo()' | |
| shell: bash | |
| - name: "Mark Repository as Safe" | |
| run: | | |
| git config --global --add safe.directory $(pwd) | |
| shell: bash | |
| - name: "Ensure sandpaper is loadable" | |
| run: | | |
| .libPaths() | |
| library(sandpaper) | |
| shell: Rscript {0} | |
| - name: "Setup Lesson Dependencies" | |
| run: | | |
| Rscript /home/rstudio/.workbench/setup_lesson_deps.R | |
| shell: bash | |
| - name: "Fortify renv Cache" | |
| run: | | |
| Rscript /home/rstudio/.workbench/fortify_renv_cache.R | |
| shell: bash | |
| - name: "Get Container Version Used" | |
| id: wb-vers | |
| uses: carpentries/actions/container-version@main | |
| with: | |
| WORKBENCH_TAG: ${{ vars.WORKBENCH_TAG }} | |
| renv-needed: ${{ needs.check-renv.outputs.renv-needed }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Validate Current Org and Workflow" | |
| id: validate-org-workflow | |
| uses: carpentries/actions/validate-org-workflow@main | |
| with: | |
| repo: ${{ github.repository }} | |
| workflow: ${{ github.workflow }} | |
| - name: "Configure AWS credentials via OIDC" | |
| id: aws-creds | |
| env: | |
| role-to-assume: ${{ secrets.AWS_GH_OIDC_ARN }} | |
| aws-region: ${{ secrets.AWS_GH_OIDC_REGION }} | |
| if: | | |
| steps.validate-org-workflow.outputs.is_valid == 'true' && | |
| env.role-to-assume != '' && | |
| env.aws-region != '' | |
| uses: aws-actions/[email protected] | |
| with: | |
| role-to-assume: ${{ env.role-to-assume }} | |
| aws-region: ${{ env.aws-region }} | |
| output-credentials: true | |
| - name: "Upload cache object to S3" | |
| id: upload-cache | |
| uses: carpentries/actions-cache@frog-matchedkey-1 | |
| with: | |
| accessKey: ${{ steps.aws-creds.outputs.aws-access-key-id }} | |
| secretKey: ${{ steps.aws-creds.outputs.aws-secret-access-key }} | |
| sessionToken: ${{ steps.aws-creds.outputs.aws-session-token }} | |
| bucket: workbench-docker-caches | |
| path: | | |
| /home/rstudio/lesson/renv | |
| /usr/local/lib/R/site-library | |
| key: ${{ github.repository }}/${{ steps.wb-vers.outputs.container-version }}_renv-${{ needs.check-renv.outputs.renv-cache-hashsum }} | |
| restore-keys: | |
| ${{ github.repository }}/${{ steps.wb-vers.outputs.container-version }}_renv- | |
| trigger-build-deploy: | |
| name: "Trigger Build and Deploy Workflow" | |
| runs-on: ubuntu-latest | |
| needs: update-renv-cache | |
| if: | | |
| needs.update-renv-cache.result == 'success' || | |
| needs.check-renv.outputs.renv-cache-available == 'true' | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: "Trigger Build and Deploy Workflow" | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| gh workflow run docker_build_deploy.yaml --ref main | |
| shell: bash | |
| continue-on-error: true |