ci/all: attest and upload artifacts

e-dant · May 26, 2024 · 7532fe2 · 7532fe2
1 parent 7f08fbf
commit 7532fe2
Show file tree

Hide file tree

Showing 7 changed files with 167 additions and 58 deletions.
diff --git a/.github/workflows/android.yml b/.github/workflows/android.yml
@@ -1,9 +1,3 @@
-#
-# Android Workflow
-#
-
-# https://github.com/filipdutescu/modern-cpp-template/blob/master/.github/workflows
-
 name: Android
 
 on:
@@ -15,17 +9,44 @@ on:
 jobs:
   build:
     runs-on: ubuntu-latest
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     strategy:
-      fail-fast: false
       matrix:
+        target-double:
+          - linux-android
+        target-platform:
+          - android
         android_ndk_maj_v:
           - '24'
           - '25'
           - '26'
-        install_location:
-          - .local
     steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/cache@v4
+        with:
+          path: out
+          key: cache.${{matrix.target-double}}.${{matrix.os}}
       - run: |
           export ANDROID_NDK_HOME=$(find /usr/local/lib/android/sdk/ndk -type d -maxdepth 1 -name '${{matrix.android_ndk_maj_v}}*' | head -n 1)
-          tool/build --verbose --platform-android --no-build-test --no-run
+          tool/build --verbose --platform-${{matrix.target-platform}} --no-build-test --no-run
+      - run: tool/bundle-artifacts out/${{matrix.target-double}} ${{matrix.target-platform}}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{matrix.target-double}}
+          path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-platform}}
+      - run: tool/test/all
+      - run: tool/build --verbose --no-build --no-run-perf
+      - run: tool/build --verbose --no-build --no-run-unit
+      - run: ls -al out/${{matrix.target-platform}}/Debug
+      - run: ls -al out/${{matrix.target-platform}}/Release
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -16,28 +16,28 @@ jobs:
       security-events: write
     runs-on: ${{matrix.os}}
     strategy:
-      fail-fast: false
       matrix:
+        target-double:
+          - unknown-linux-gnu
+        target-platform:
+          - this
         os:
           - ubuntu-latest
     steps:
       - uses: actions/checkout@v4
-      - name: Setup Cache
-        uses: actions/cache@v3
-        id: cache
         with:
-          path: |
-            ${{github.workspace}}/.local
-            ${{github.workspace}}/out
-          key: codeql-${{runner.os}}-${{matrix.os}}-dependencies
+          fetch-depth: 0
+      - uses: actions/cache@v4
+        with:
+          path: out
+          key: cache.${{matrix.target-double}}.${{matrix.os}}
       - name: Setup CodeQL
         uses: github/codeql-action/init@v2
         with:
           languages: c-cpp
       - name: Build
         run: |
-          cmake -S . -B out/this/codeql -DCMAKE_BUILD_TYPE=Debug
-          cmake --build out/this/codeql --config Debug
+          cmake -S . -B out/${{matrix.target-platform}}/codeql -DCMAKE_BUILD_TYPE=Debug
+          cmake --build out/${{matrix.target-platform}}/codeql --config Debug
       - name: Analyze
         uses: github/codeql-action/analyze@v3
-
diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml
@@ -9,23 +9,45 @@ on:
 jobs:
   build:
     runs-on: ${{matrix.os}}
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     strategy:
-      fail-fast: false
       matrix:
+        target-double:
+          - apple-darwin
+        target-platform:
+          - this
         os:
-          - macos-latest
           - macos-11
           - macos-12
           - macos-13
-        cxx_compiler:
-          - clang++
-        install_location:
-          - .local
+          - macos-14
     steps:
-      - uses: actions/checkout@v4
       - uses: lukka/[email protected]
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/cache@v4
+        with:
+          path: out
+          key: cache.${{matrix.target-double}}.${{matrix.os}}
+      - uses: chetan/git-restore-mtime-action@v1
       - run: tool/build --verbose --no-run
+      - run: tool/bundle-artifacts out/${{matrix.target-double}} ${{matrix.target-platform}}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{matrix.target-double}}
+          path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-platform}}
+      - run: tool/test/all
       - run: tool/build --verbose --no-build --no-run-perf
       - run: tool/build --verbose --no-build --no-run-unit
-      - run: tool/test/all
-
+      - run: ls -al out/${{matrix.target-platform}}/Debug
+      - run: ls -al out/${{matrix.target-platform}}/Release
diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml
@@ -9,33 +9,42 @@ on:
 jobs:
   build:
     runs-on: ${{matrix.os}}
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     strategy:
-      fail-fast: false
       matrix:
+        target-double:
+          - unknown-linux-gnu
+        target-platform:
+          - this
         os:
           - ubuntu-22.04
           - ubuntu-latest
-        cxx_compiler:
-          # See issue 41 re. clang++
-          - g++
-        install_location:
-          - .local
     steps:
       - uses: actions/checkout@v4
-      - uses: actions/cache@v3
         with:
-          path: |
-            ${{github.workspace}}/${{matrix.install_location}}
-            ${{github.workspace}}/out
-          key: ubuntu-${{runner.os}}-${{matrix.os}}-dependencies
-      - run: |
-          tool/build --verbose --no-run
-          ls -al out/this/Debug
-          ls -al out/this/Release
+          fetch-depth: 0
+      - uses: actions/cache@v4
+        with:
+          path: out
+          key: cache.${{matrix.target-double}}.${{matrix.os}}
+      - uses: chetan/git-restore-mtime-action@v1
+      - run: tool/build --verbose --no-run
+      - run: tool/bundle-artifacts out/${{matrix.target-double}} ${{matrix.target-platform}}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{matrix.target-double}}
+          path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-platform}}
+      - run: tool/test/all
       - run: tool/build --verbose --no-build --no-run-perf
-      - run: sudo tool/build --verbose --no-build --no-run-unit
       - run: tool/build --verbose --no-build --no-run-unit
-      - run: sudo tool/build --verbose --no-build --no-run-unit
-      - run: tool/test/all
-      - run: sudo tool/test/all
-
+      - run: ls -al out/${{matrix.target-platform}}/Debug
+      - run: ls -al out/${{matrix.target-platform}}/Release
diff --git a/.github/workflows/windows.yml b/.github/workflows/windows.yml
@@ -9,18 +9,32 @@ on:
 jobs:
   build:
     runs-on: ${{matrix.os}}
+    permissions:
+      id-token: write
+      contents: read
+      attestations: write
     strategy:
-      fail-fast: false
       matrix:
+        target-double:
+          - pc-windows-msvc
+        target-platform:
+          - this
         os:
           - windows-2022
           - windows-2019
     steps:
       - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - uses: actions/cache@v4
+        with:
+          path: out
+          key: cache.${{matrix.target-double}}.${{matrix.os}}
+      - uses: chetan/git-restore-mtime-action@v1
       - uses: aminya/setup-cpp@v1
         with:
           compiler: 'msvc'
-          vcvarsall: true # Truly a masterpiece, what a great idea Windows :)
+          vcvarsall: true # Wow, what a great idea Windows :)
           cmake: true
           ccache: false
           ninja: false
@@ -35,13 +49,25 @@ jobs:
           bash -c 'ls -hal tiny.exe'
       - shell: bash
         run: |
-          cmake -S . -B out/manual ; cmake --build out/manual --target wtr.test_watcher --config Release
-          cmake -S . -B out/manual ; cmake --build out/manual --target wtr.test_watcher --config Debug
+          cmake -S . -B out/${{matrix.target-double}}/Debug
+          cmake --build out/${{matrix.target-double}}/Debug --target wtr.test_watcher --config Debug
+          cmake -S . -B out/${{matrix.target-double}}/Release
+          cmake --build out/${{matrix.target-double}}/Release --target wtr.test_watcher --config Release
+      - run: tool/bundle-artifacts out/${{matrix.target-double}} ${{matrix.target-platform}}
+      - uses: actions/upload-artifact@v4
+        with:
+          name: ${{matrix.target-double}}
+          path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-double}}.tar.gz
+      - uses: actions/attest-build-provenance@v1
+        with:
+          subject-path: out/${{matrix.target-platform}}
       - shell: bash
         env:
           VERBOSE: 1
         run: |
-          out/manual/Debug/wtr.test_watcher.exe || echo f windows
-          out/manual/Release/wtr.test_watcher.exe || echo f windows
+          out/${{matrix.target-double}}/Debug/wtr.test_watcher.exe || echo f windows
+          out/${{matrix.target-double}}/Release/wtr.test_watcher.exe || echo f windows
       - run: echo windows is an abomination
-
diff --git a/tool/build b/tool/build
@@ -51,6 +51,7 @@ fia         --no-run-perf || fia      --no-run || ! { fia         --run-perf ||
                                                   ! { fia            --clean                                           ; };            CLEAN=$?
                                                   ! { fia             --help                                           ; };             HELP=$?
                                                   ! { fia          --verbose                                           ; };          VERBOSE=$?
+                                                  ! { fia   --show-artifacts                                           ; };   SHOW_ARTIFACTS=$?
 # ---------------------------------------------------------------------------------------------------------------------------------------------
 
 valid-flags() {
@@ -82,6 +83,7 @@ valid-flags() {
   echo -- --clean
   echo -- --help
   echo -- --verbose
+  echo -- --show-artifacts
 }
 
 flags-are-valid() {
@@ -330,7 +332,7 @@ existing-targets-of-platform() {
   # find has no equivalent of -x
     all-buildcfgs \
   | while read -r buildcfg
-    do find "$(opo "$buildcfg")" -maxdepth 1 -name 'wtr.*' \
+    do find "$(opo "$buildcfg")" -maxdepth 1 -name 'wtr*' -or -name 'tw*' \
   | while read -r target
     do if [[ -x "$target" && -f "$target" ]]
        then echo "$target"
@@ -437,6 +439,8 @@ show-artifacts() {
   opt-platforms | while read -r platform
   do existing-targets-of-platform "$platform"
   done
+  echo "$PWD/include"
+  echo "$PWD/src"
 }
 
 #
@@ -447,6 +451,7 @@ flags-are-valid     || { help ; exit 1 ; }
 [ 1 = "$VERBOSE"  ] && { inspect-options ; }
 [ 1 = "$HELP"     ] && { help ; exit 0 ; }
 [ 1 = "$CLEAN"    ] && { clean || exit 1 ; }
+[ 1 = "$SHOW_ARTIFACTS"  ] && { show-artifacts ; exit 0 ; }
 opt-build-each      || { exit 1 ; }
 [ 1 = "$RUN_UNIT" ] && { run-unit || exit 1 ; }
 [ 1 = "$RUN_PERF" ] && { run-perf || exit 1 ; }

diff --git a/tool/bundle-artifacts b/tool/bundle-artifacts
@@ -0,0 +1,26 @@
+#! /usr/bin/env bash
+
+[ $# -ne 2 ] && {
+  echo "Usage: $0 <out-dir> <platform-name|this>"
+  echo "  out-dir:"
+  echo "    The directory to store the artifacts for the specified platform."
+  echo "    A corresponding tarball will be created with the same name (and the .tar.gz extension)."
+  echo "  platform-name:"
+  echo "    The name of the platform to build the artifacts for, or 'this' for the host platform."
+  exit 1
+}
+out_dir=$1
+[ ! -d "$(dirname "$out_dir")" ] && mkdir -p "$(dirname "$out_dir")"
+out_dir=$(realpath "$(dirname "$out_dir")")/$(basename "$out_dir")
+platform_name=$2
+
+(
+  tmp=$(mktemp -d) || exit 1
+  rootdir=$(realpath "$(dirname "$0")/..") || exit 1
+  "$rootdir/tool/build" --show-artifacts | grep -E "$platform_name/Release|include|src" | while read -r p
+  do cp -r "$p" "$tmp" || exit 1
+  done
+  [ -d "$out_dir" ] && rm -rf "$out_dir"
+  (cd "$tmp" && tar -czf "$out_dir.tar.gz" . || exit 1) && echo "$out_dir.tar.gz"
+  cp -r "$tmp" "$out_dir" && echo "$out_dir"
+)