diff --git a/.bazelrc b/.bazelrc index aef34a5..592136d 100644 --- a/.bazelrc +++ b/.bazelrc @@ -19,6 +19,8 @@ common:debs-ci --config=ci common:debs-ci --//debs:excludes=//debs:excludes.txt common:debs-ci --//debs:token=//debs:token.txt +common:debs-publish --//debs:debs-publish=//debs:import + common:publish-ci --config=debs-ci common:publish-ci --//tools/tarball:target=//:html common:publish-ci --//tools/tarball:overwrite=//tools/tarball:true diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..a69fa79 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,38 @@ +name: Build + +permissions: + contents: read + +on: + pull_request: + push: + branches: + - main + +concurrency: + group: >- + ${{ github.event.inputs.head_ref || github.run_id }} + + +jobs: + build: + runs-on: ubuntu-latest-8-cores + if: ${{ github.repository_owner == 'envoyproxy' }} + steps: + - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + + - run: | + mkdir ./debs/import + gsutil -mq rsync -r gs://envoy-apt-cache/debs ./debs/import/ + ls -alh debs/import/ + + - run: | + sudo mkdir /opt/build + sudo chown runner:docker /opt/build + echo ${{ github.token }} > debs/token.txt + ./build-repository.sh + du -ch /opt/build + du -ch ~/.cache + env: + CONTEXT: deploy-preview + GITHUB_TOKEN: ${{ github.token }} diff --git a/.github/workflows/update.yml b/.github/workflows/update.yml index 545d8ff..1c02094 100644 --- a/.github/workflows/update.yml +++ b/.github/workflows/update.yml @@ -18,12 +18,11 @@ jobs: if: github.repository_owner == 'envoyproxy' steps: - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - + - uses: envoyproxy/toolshed/gh-actions/diskspace@actions-v0.3.16 - run: | mkdir ./debs/import gsutil -mq rsync -r gs://envoy-apt-cache/debs ./debs/import/ ls -alh debs/import/ - - run: | . ./build-repository.sh import_public_key @@ -33,7 +32,6 @@ jobs: time bazel build "--sandbox_writable_path=${GNUPG_HOME}" --config=debs-ci //debs env: GITHUB_TOKEN: ${{ github.token }} - - uses: envoyproxy/toolshed/gh-actions/gcp/setup@actions-v0.3.14 name: Setup GCP (cache) if: ${{ github.event_name != 'pull_request' }} diff --git a/build-repository.sh b/build-repository.sh index 669dd3f..8990966 100755 --- a/build-repository.sh +++ b/build-repository.sh @@ -7,7 +7,8 @@ UNDERLINE="\e[4m" NORMAL="\e[0m" EXCLUDE_FILE=debs/excludes.txt -DEBS_ROOT=/opt/build/cache/repository +DEBS_ROOT="${DEBS_ROOT:-/opt/build/cache/repository}" +OUTPUT_DIR="${OUTPUT_DIR:-/opt/build/repo/html}" SIGNING_KEY_PASSPHRASE="${SIGNING_KEY_PASSPHRASE:-Hackme}" @@ -103,8 +104,12 @@ main () { fi bazel run \ "${bazel_args[@]}" \ + --config=debug-bazel \ + --config=debs-publish \ + --sandbox_writable_path=/opt/build \ + --sandbox_writable_path=/home/runner/.gnupg/ \ //tools/tarball:unpack \ - /opt/build/repo/html + $OUTPUT_DIR } if [[ "${BASH_SOURCE[0]}" == "${0}" ]]; then diff --git a/debs/BUILD b/debs/BUILD index 42264b7..2964253 100644 --- a/debs/BUILD +++ b/debs/BUILD @@ -139,15 +139,26 @@ fetch_debs( excludes = ":excludes", ) +filegroup( + name = "import", + srcs = glob(["import/v*/*"]), +) + PUBLISH_ENV = { "APTLY_BIN": "$(location @aptly)", "MAINTAINER_KEY": "$(location //:envoy-maintainers-public.key)", "APTLY_CONF": "$(location //:aptly-config)", - "DEBS": "$(location :debs)", + "DEBS": "$(locations :debs-publish)", "DEBS_ROOT": "$${APT_ROOT}/repository", "SIGNING_TOKEN": "$(location :signing-token)", } +label_flag( + name = "debs-publish", + build_setting_default = ":debs", + visibility = ["//visibility:public"], +) + sh_binary( name = "publish", srcs = ["publish.sh"], @@ -159,7 +170,7 @@ sh_binary( "@aptly", "//:aptly-config", "//:envoy-maintainers-public.key", - ":debs", + ":debs-publish", ":signing-token", ], visibility = ["//visibility:public"], @@ -169,9 +180,10 @@ HTML_BUILD_CMD = """ export APTLY_BIN="$(location @aptly)" export MAINTAINER_KEY="$(location //:envoy-maintainers-public.key)" export APTLY_CONF="$(location //:aptly-config)" -export DEBS="$(location :debs)" +export DEBS="$(locations :debs-publish)" export DEBS_ROOT="$${APT_ROOT}/repository" export SIGNING_TOKEN="$(location :signing-token)" +ls -alh /opt/build $(location :publish) tar hcf $@ -C $${APT_ROOT}/html . """ @@ -187,7 +199,7 @@ genrule( "@aptly", "//:aptly-config", "//:envoy-maintainers-public.key", - ":debs", + ":debs-publish", ":publish", ":signing-token", ], diff --git a/debs/publish.sh b/debs/publish.sh index c736776..9ee64c3 100755 --- a/debs/publish.sh +++ b/debs/publish.sh @@ -17,6 +17,9 @@ if [[ -z "$SIGNING_KEY" ]]; then exit 1 fi +if [[ -n "$DEBS" ]]; then + DEBS="$(dirname $(dirname $(echo ${DEBS} | cut -d' ' -f1)))" +fi _aptly () { "${APTLY[@]}" -- "${@}" @@ -41,6 +44,7 @@ create_dirs () { unpack_debs () { if [[ -d "$DEBS" ]]; then + DEBS_ROOT=$DEBS return 0 elif [[ -s "$DEBS" ]]; then tar xf "$DEBS" -C "$DEBS_ROOT" diff --git a/netlify-should-run.sh b/netlify-should-run.sh new file mode 100644 index 0000000..379a4c9 --- /dev/null +++ b/netlify-should-run.sh @@ -0,0 +1 @@ +exit 1 diff --git a/netlify.toml b/netlify.toml old mode 100644 new mode 100755 index fbc62be..8dbfa38 --- a/netlify.toml +++ b/netlify.toml @@ -1,6 +1,7 @@ [build] publish = "html" command = "./build-repository.sh" +ignore = "./netlify-should-run.sh" [build.environment] BAZELISK_HOME="/opt/build/cache/bazelisk"