Skip to content
Update Bazel Versions

bazel: Release v0.3.15 #236

Sign in to view logs

bazel: Release v0.3.15

bazel: Release v0.3.15 #236

Workflow file for this run

.github/workflows/update-versions.yml at 0a2391d
name: Update Bazel Versions
on:
workflow_dispatch:
inputs:
release_tag:
description: Release tag to update from (e.g., bins/v0.1.7)
required: false
type: string
push:
branches:
- main
paths:
- bazel/versions.bzl
- .github/workflows/update-versions.yml
pull_request:
paths:
- bazel/versions.bzl
- .github/workflows/update-versions.yml
permissions:
contents: read
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: ${{ github.event_name == 'pull_request' }}
jobs:
update-versions:
permissions:
contents: write
pull-requests: write
if: github.event_name == 'workflow_dispatch' || github.event_name == 'push' || github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
- name: Determine release tag
id: release
env:
GH_TOKEN: ${{ github.token }}
run: |
if [[ "${{ github.event_name }}" == "workflow_dispatch" && -n "${{ github.event.inputs.release_tag }}" ]]; then
TAG="${{ github.event.inputs.release_tag }}"
else
TAG=$(gh release list --limit 100 | grep "bins-v" | head -1 | awk '{print $1}' || true)
echo "TAG: $TAG"
if [[ -z "$TAG" ]]; then
echo "No bins release found - skipping version check"
echo "skip=true" >> $GITHUB_OUTPUT
exit 0
fi
fi
echo "skip=false" >> $GITHUB_OUTPUT
echo "tag=${TAG}" >> $GITHUB_OUTPUT
VERSION=$(echo "${TAG}" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+')
echo "version=${VERSION}" >> $GITHUB_OUTPUT
- name: Download release assets
if: steps.release.outputs.skip != 'true'
env:
GH_TOKEN: ${{ github.token }}
run: |
mkdir -p /tmp/release-artifacts
gh release view "${{ steps.release.outputs.tag }}" --json assets -q '.assets[].name' | while read -r asset; do
echo "Downloading ${asset}..."
gh release download "${{ steps.release.outputs.tag }}" --pattern "${asset}" --dir /tmp/release-artifacts
done
echo "Downloaded artifacts:"
ls -la /tmp/release-artifacts/
- name: Calculate SHA256 hashes
if: steps.release.outputs.skip != 'true'
id: hashes
run: |
cd /tmp/release-artifacts
# Calculate hashes for all files
echo "## Calculating SHA256 hashes" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
# Sanitizer libraries
for sanitizer in msan tsan; do
file=$(ls ${sanitizer}-llvm*-x86_64.tar.xz 2>/dev/null || true)
if [[ -n "$file" && -e "$file" ]]; then
hash=$(sha256sum "$file" | cut -d' ' -f1)
echo "${sanitizer}_libs_sha256=${hash}" >> $GITHUB_OUTPUT
echo "- ${file}: \`${hash}\`" >> $GITHUB_STEP_SUMMARY
else
echo "⚠️ Warning: ${sanitizer} libs not found" >> $GITHUB_STEP_SUMMARY
fi
done
# Sysroot archives - nested structure for versions.bzl
# Format: sysroot_hashes[glibc_version][stdlib_variant][arch]
for glibc in "2.31" "2.28"; do
for variant in "base" "13"; do
for arch in "amd64" "arm64"; do
if [[ "$variant" == "base" ]]; then
file=$(ls sysroot-glibc${glibc}-${arch}.tar.xz 2>/dev/null || true)
else
file=$(ls sysroot-glibc${glibc}-libstdc++${variant}-${arch}.tar.xz 2>/dev/null || true)
fi
if [[ -n "$file" && -e "$file" ]]; then
hash=$(sha256sum "$file" | cut -d' ' -f1)
# Output with underscores (dots not allowed in output names)
glibc_clean=$(echo "$glibc" | tr '.' '_')
echo "sysroot_${glibc_clean}_${variant}_${arch}=${hash}" >> $GITHUB_OUTPUT
echo "- ${file}: \`${hash}\`" >> $GITHUB_STEP_SUMMARY
else
echo "⚠️ Warning: sysroot glibc${glibc} ${variant} ${arch} not found" >> $GITHUB_STEP_SUMMARY
fi
done
done
done
# Legacy sysroot hashes (for backward compatibility with glibc 2.31 + libstdc++13)
file=$(ls sysroot-glibc2.31-libstdc++13-amd64.tar.xz 2>/dev/null || true)
if [[ -n "$file" && -e "$file" ]]; then
hash=$(sha256sum "$file" | cut -d' ' -f1)
echo "sysroot_amd64_sha256=${hash}" >> $GITHUB_OUTPUT
fi
file=$(ls sysroot-glibc2.31-libstdc++13-arm64.tar.xz 2>/dev/null || true)
if [[ -n "$file" && -e "$file" ]]; then
hash=$(sha256sum "$file" | cut -d' ' -f1)
echo "sysroot_arm64_sha256=${hash}" >> $GITHUB_OUTPUT
fi
# Glint binaries
for arch in "amd64" "arm64"; do
file=$(ls glint-*-${arch} 2>/dev/null || true)
if [[ -n "$file" && -e "$file" ]]; then
hash=$(sha256sum "$file" | cut -d' ' -f1)
echo "glint_${arch}_sha256=${hash}" >> $GITHUB_OUTPUT
echo "- ${file}: \`${hash}\`" >> $GITHUB_STEP_SUMMARY
else
echo "⚠️ Warning: glint ${arch} binary not found" >> $GITHUB_STEP_SUMMARY
fi
done
- name: Update versions.bzl
if: steps.release.outputs.skip != 'true'
run: |
VERSION="${{ steps.release.outputs.version }}"
FILE="bazel/versions.bzl"
# Update bins_release version
sed -i "s/\"bins_release\": \"[^\"]*\"/\"bins_release\": \"${VERSION}\"/" "$FILE"
# Update sanitizer library hashes
if [[ -n "${{ steps.hashes.outputs.msan_libs_sha256 }}" ]]; then
sed -i "s/\"msan_libs_sha256\": \"[a-f0-9]*\"/\"msan_libs_sha256\": \"${{ steps.hashes.outputs.msan_libs_sha256 }}\"/" "$FILE"
fi
if [[ -n "${{ steps.hashes.outputs.tsan_libs_sha256 }}" ]]; then
sed -i "s/\"tsan_libs_sha256\": \"[a-f0-9]*\"/\"tsan_libs_sha256\": \"${{ steps.hashes.outputs.tsan_libs_sha256 }}\"/" "$FILE"
fi
# Update glint hashes in nested structure
if [[ -n "${{ steps.hashes.outputs.glint_amd64_sha256 }}" ]]; then
HASH="${{ steps.hashes.outputs.glint_amd64_sha256 }}"
sed -i '/glint_sha256/,/^ },/{s/"amd64": "[a-f0-9]*"/"amd64": "'"$HASH"'"/}' "$FILE"
fi
if [[ -n "${{ steps.hashes.outputs.glint_arm64_sha256 }}" ]]; then
HASH="${{ steps.hashes.outputs.glint_arm64_sha256 }}"
sed -i '/glint_sha256/,/^ },/{s/"arm64": "[a-f0-9]*"/"arm64": "'"$HASH"'"/}' "$FILE"
fi
# Update sysroot hashes in nested structure using sed
# Helper function to update nested hash
update_sysroot() {
local g="$1" v="$2" a="$3" h="$4"
[[ -z "$h" ]] && return
sed -i '/"'"$g"'":/,/^ },/{/"'"$v"'":/,/^ },/{s/"'"$a"'": "[a-f0-9]*"/"'"$a"'": "'"$h"'"/}}' "$FILE"
}
update_sysroot "2.31" "base" "amd64" "${{ steps.hashes.outputs.sysroot_2_31_base_amd64 }}"
update_sysroot "2.31" "base" "arm64" "${{ steps.hashes.outputs.sysroot_2_31_base_arm64 }}"
update_sysroot "2.31" "13" "amd64" "${{ steps.hashes.outputs.sysroot_2_31_13_amd64 }}"
update_sysroot "2.31" "13" "arm64" "${{ steps.hashes.outputs.sysroot_2_31_13_arm64 }}"
update_sysroot "2.28" "base" "amd64" "${{ steps.hashes.outputs.sysroot_2_28_base_amd64 }}"
update_sysroot "2.28" "base" "arm64" "${{ steps.hashes.outputs.sysroot_2_28_base_arm64 }}"
update_sysroot "2.28" "13" "amd64" "${{ steps.hashes.outputs.sysroot_2_28_13_amd64 }}"
update_sysroot "2.28" "13" "arm64" "${{ steps.hashes.outputs.sysroot_2_28_13_arm64 }}"
# Update legacy sysroot hashes for backward compatibility
HASH="${{ steps.hashes.outputs.sysroot_amd64_sha256 }}"
if [[ -n "$HASH" ]]; then
sed -i "s/\"sysroot_amd64_sha256\": \"[a-f0-9]*\"/\"sysroot_amd64_sha256\": \"${HASH}\"/" "$FILE"
fi
HASH="${{ steps.hashes.outputs.sysroot_arm64_sha256 }}"
if [[ -n "$HASH" ]]; then
sed -i "s/\"sysroot_arm64_sha256\": \"[a-f0-9]*\"/\"sysroot_arm64_sha256\": \"${HASH}\"/" "$FILE"
fi
echo "## Updated versions.bzl" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`diff" >> $GITHUB_STEP_SUMMARY
git diff bazel/versions.bzl >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY
echo "Updated versions.bzl:"
git diff bazel/versions.bzl
- name: Check for changes
if: steps.release.outputs.skip != 'true'
id: changes
run: |
if git diff --quiet bazel/versions.bzl; then
echo "changed=false" >> $GITHUB_OUTPUT
echo "No changes to versions.bzl"
else
echo "changed=true" >> $GITHUB_OUTPUT
fi
- name: Create Pull Request
if: github.event_name == 'workflow_dispatch' && steps.changes.outputs.changed == 'true' && steps.release.outputs.skip != 'true'
uses: peter-evans/create-pull-request@98357b18bf14b5342f975ff684046ec3b2a07725 # v8
env:
MSAN_SHA: >-
${{ steps.hashes.outputs.msan_libs_sha256
&& format('msan_libs_sha256: {0}', steps.hashes.outputs.msan_libs_sha256)
|| '' }}
SYSROOT_ARM64_SHA: >-
${{ steps.hashes.outputs.sysroot_arm64_sha256
&& format('sysroot_arm64_sha256: {0}', steps.hashes.outputs.sysroot_arm64_sha256)
|| '' }}
SYSROOT_X64_SHA: >-
${{ steps.hashes.outputs.sysroot_amd64_sha256
&& format('sysroot_amd64_sha256: {0}', steps.hashes.outputs.sysroot_amd64_sha256)
|| '' }}
TSAN_SHA: >-
${{ steps.hashes.outputs.tsan_libs_sha256
&& format('tsan_libs_sha256: {0}', steps.hashes.outputs.tsan_libs_sha256)
|| '' }}
with:
token: ${{ github.token }}
commit-message: "Update bins to ${{ steps.release.outputs.version }}"
branch: "update-bins-${{ steps.release.outputs.version }}"
delete-branch: true
signoff: true
title: "Update bins to ${{ steps.release.outputs.version }}"
body: |
This PR updates the bins version and SHA256 hashes for release `${{ steps.release.outputs.tag }}`.
## Changes
- Updated `bins_release` version to `${{ steps.release.outputs.version }}`
- Updated SHA256 hashes for all binary artifacts
## Release Assets
The following artifacts were processed:
```
$MSAN_SHA
$TSAN_SHA
$SYSROOT_ARM64_SHA
$SYSROOT_X64_SHA
```
This PR was automatically generated by the Update Bazel Versions workflow.
labels: |
automation
dependencies
- name: Summary
if: github.event_name != 'workflow_dispatch' && steps.changes.outputs.changed == 'true' && steps.release.outputs.skip != 'true'
run: |
echo "## Versions Check Summary" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "Latest bins release: ${{ steps.release.outputs.tag }}" >> $GITHUB_STEP_SUMMARY
echo "Version: ${{ steps.release.outputs.version }}" >> $GITHUB_STEP_SUMMARY
echo "" >> $GITHUB_STEP_SUMMARY
echo "### Changes detected:" >> $GITHUB_STEP_SUMMARY
echo "\`\`\`diff" >> $GITHUB_STEP_SUMMARY
git diff bazel/versions.bzl >> $GITHUB_STEP_SUMMARY
echo "\`\`\`" >> $GITHUB_STEP_SUMMARY