Skip to content
CI

Add job checking for reproducibility issues #89

Sign in to view logs

Add job checking for reproducibility issues

Add job checking for reproducibility issues #89

Workflow file for this run

.github/workflows/ci.yml at 4a3c3e0
name: CI
on:
pull_request: {}
push:
branches: [master]
# For pull requests only, cancel the previous build when a new commit is pushed. Since unfortunately
# it's not possible to only apply this to pull requests, for pull request events we use the ref
# (`refs/pulls/NUMBER/merge`, which gets reused across builds for the same PR), and for pushes we
# use the commit sha (which should never have two builds in the default branch running at a time).
concurrency:
group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.ref || github.sha }}
cancel-in-progress: true
# Define permissions at the job level.
permissions: {}
jobs:
dist:
name: ${{ matrix.name }}
permissions:
contents: read
id-token: write
attestations: write
strategy:
matrix:
include:
- os: ubuntu-latest
name: Linux
- os: windows-latest
name: Windows
uses: ./.github/workflows/build-boards.yml
with:
os: ${{ matrix.os }}
upload-artifacts: ${{ matrix.os == 'ubuntu-latest' }}
license:
name: Check licensing
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the source code
uses: actions/checkout@v6
- name: Check License Header
uses: apache/skywalking-eyes/header@501a28d2fb4a9b962661987e50cf0219631b32ff
tests:
name: Run tests
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the source code
uses: actions/checkout@v6
- name: Run tests
run: cargo test --verbose --workspace
env:
CARGO_TERM_COLOR: always
format:
name: Check formatting
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the source code
uses: actions/checkout@v6
- name: cargo fmt
run: cargo fmt --all --check
docs-build:
name: Build documentation
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the source code
uses: actions/checkout@v6
- name: Create output directories
run: |
mkdir -p output/reference
mkdir -p output/bugs
- name: Copy static website files
run: |
cp website/index.html output/index.html
cp website/style.css output/style.css
cp website/bugs/index.html output/bugs/index.html
- name: Generate reference
uses: tonynv/asciidoctor-action@master
with:
program: asciidoctor doc/index.adoc -o output/reference/index.html
- name: Upload content as an artifact
uses: actions/upload-pages-artifact@v4
with:
path: output/
retention-days: 90 # We might want to inspect this in a PR.
docs-deploy:
name: Deploy documentation
runs-on: ubuntu-slim
if: github.event_name == 'push' && github.ref == 'refs/heads/master'
needs:
- docs-build
permissions:
pages: write
id-token: write
environment:
name: github-pages
url: ${{ steps.deployment.outputs.page_url }}
steps:
- name: Deploy to GitHub Pages
uses: actions/deploy-pages@v4
id: deployment
reproducible-a:
name: Reproducibility (A)
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout the source code
uses: actions/checkout@v6
- name: Build a Hubris board
run: cargo xtask dist app/cosmo/rev-b.toml
- name: Upload the artifact to be later checked
uses: actions/upload-artifact@v6
with:
name: reproducible-a
path: target/cosmo-b/dist/default/build-cosmo-b-image-default.zip
if-no-files-found: error
reproducible-b:
name: Reproducibility (B)
runs-on: ubuntu-latest
permissions:
contents: read
env:
CUSTOM_ROOT: /very/long/path/we/are/doing/the/build/in/to/check/for/issues/with/long/paths/or/different/paths
steps:
- name: Create a different directory to run the build in
run: |
sudo mkdir -p $CUSTOM_ROOT
sudo chown $(id -u):$(id -g) $CUSTOM_ROOT
- name: Checkout the source code in the standard GitHub Actions directory
uses: actions/checkout@v6
- name: Clone the source code in the actual directory we will be building in
run: git clone . $CUSTOM_ROOT
- name: Build a Hubris board
run: cargo xtask dist app/cosmo/rev-b.toml
working-directory: ${{ env.CUSTOM_ROOT }}
- name: Upload the artifact to be later checked
uses: actions/upload-artifact@v6
with:
name: reproducible-b
path: ${{ env.CUSTOM_ROOT }}/target/cosmo-b/dist/default/build-cosmo-b-image-default.zip
if-no-files-found: error
reproducible-check:
name: Reproducibility check
runs-on: ubuntu-slim
needs:
- reproducible-a
- reproducible-b
permissions: {}
steps:
- name: Download reproducible artifacts
uses: actions/download-artifact@v7
with:
pattern: reproducible-*
- name: Install diffoscope
run: |
sudo apt update
sudo apt install -y diffoscope
- name: Compare the two reproducible artifacts
run: diffoscope --html report.html reproducible-a/build-cosmo-b-image-default.zip reproducible-b/build-cosmo-b-image-default.zip
- name: Upload the diffoscope report
uses: actions/upload-artifact@v6
if: always() # We want the report *especially* if the previous step fails.
with:
name: reproducible-diffoscope-report
path: report.html
finish:
name: CI finished
runs-on: ubuntu-slim
permissions: {}
needs:
- dist
- license
- tests
- format
- docs-build
- docs-deploy
- reproducible-check
if: "${{ !cancelled() }}"
steps:
- name: Calculate the correct exit status
run: echo $needs | jq --exit-status 'all(.result == "success" or .result == "skipped")'
env:
needs: ${{ toJson(needs) }}