Merge pull request #2 #11815
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Contains jobs corresponding to build tests (such as verifying that certain targets build, including the app itself). | |
name: Build Tests | |
on: | |
workflow_dispatch: | |
pull_request: | |
push: | |
branches: | |
# Push events on develop branch | |
- develop | |
jobs: | |
bazel_build_app: | |
name: Build Binary with Bazel | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04] | |
env: | |
ENABLE_CACHING: false | |
CACHE_DIRECTORY: ~/.bazel_cache | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 6.5.0 | |
- name: Set up build environment | |
uses: ./.github/actions/set-up-android-bazel-build-environment | |
# For reference on this & the later cache actions, see: | |
# https://github.com/actions/cache/issues/239#issuecomment-606950711 & | |
# https://github.com/actions/cache/issues/109#issuecomment-558771281. Note that these work | |
# with Bazel since Bazel can share the most recent cache from an unrelated build and still | |
# benefit from incremental build performance (assuming that actions/cache aggressively removes | |
# older caches due to the 5GB cache limit size & Bazel's large cache size). | |
- uses: actions/cache@v2 | |
id: cache | |
with: | |
path: ${{ env.CACHE_DIRECTORY }} | |
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-tests- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel- | |
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a | |
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit) | |
# thereby only ever using the last successful cache version. This solution will result in a | |
# few slower CI actions around the time cache is detected to be too large, but it should | |
# incrementally improve thereafter. | |
- name: Ensure cache size | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
# See https://stackoverflow.com/a/27485157 for reference. | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1) | |
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB" | |
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem | |
# to only increase by a few hundred megabytes across changes for unrelated branches. This | |
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build | |
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB | |
# compressed cache). | |
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then | |
echo "Cache exceeds cut-off; resetting it (will result in a slow build)" | |
rm -rf $EXPANDED_BAZEL_CACHE_PATH | |
fi | |
- name: Configure Bazel to use a local cache | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path" | |
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc | |
shell: bash | |
- name: Check Bazel environment | |
run: bazel info | |
# See https://git-secret.io/installation for details on installing git-secret. Note that the | |
# apt-get method isn't used since it's much slower to update & upgrade apt before installation | |
# versus just directly cloning & installing the project. Further, the specific version | |
# shouldn't matter since git-secret relies on a future-proof storage mechanism for secrets. | |
# This also uses a different directory to install git-secret to avoid requiring root access | |
# when running the git secret command. | |
- name: Install git-secret (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
shell: bash | |
run: | | |
cd $HOME | |
mkdir -p $HOME/gitsecret | |
git clone https://github.com/sobolevn/git-secret.git git-secret | |
cd git-secret && make build | |
PREFIX="$HOME/gitsecret" make install | |
echo "$HOME/gitsecret" >> $GITHUB_PATH | |
echo "$HOME/gitsecret/bin" >> $GITHUB_PATH | |
- name: Decrypt secrets (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
GIT_SECRET_GPG_PRIVATE_KEY: ${{ secrets.GIT_SECRET_GPG_PRIVATE_KEY }} | |
run: | | |
cd $HOME | |
# NOTE TO DEVELOPERS: Make sure to never print this key directly to stdout! | |
echo $GIT_SECRET_GPG_PRIVATE_KEY | base64 --decode > ./git_secret_private_key.gpg | |
gpg --import ./git_secret_private_key.gpg | |
cd $GITHUB_WORKSPACE | |
git secret reveal | |
# Note that caching only works on non-forks. | |
- name: Build Oppia binary (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia | |
- name: Build Oppia binary (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build -- //:oppia | |
# Note that caching only works on non-forks. | |
- name: Build Oppia KitKat binary (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_kitkat | |
- name: Build Oppia binary KitKat (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build -- //:oppia_kitkat | |
- name: Copy Oppia dev APKs for uploading | |
run: | | |
cp $GITHUB_WORKSPACE/bazel-bin/oppia.apk /home/runner/work/oppia-android/oppia-android/ | |
- uses: actions/upload-artifact@v2 | |
with: | |
name: oppia-bazel.apk | |
path: /home/runner/work/oppia-android/oppia-android/oppia.apk | |
build_oppia_dev_aab: | |
name: Build Oppia AAB (developer flavors) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04] | |
env: | |
ENABLE_CACHING: false | |
CACHE_DIRECTORY: ~/.bazel_cache | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 6.5.0 | |
- name: Set up build environment | |
uses: ./.github/actions/set-up-android-bazel-build-environment | |
# For reference on this & the later cache actions, see: | |
# https://github.com/actions/cache/issues/239#issuecomment-606950711 & | |
# https://github.com/actions/cache/issues/109#issuecomment-558771281. Note that these work | |
# with Bazel since Bazel can share the most recent cache from an unrelated build and still | |
# benefit from incremental build performance (assuming that actions/cache aggressively removes | |
# older caches due to the 5GB cache limit size & Bazel's large cache size). | |
- uses: actions/cache@v2 | |
id: cache | |
with: | |
path: ${{ env.CACHE_DIRECTORY }} | |
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-tests- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel- | |
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a | |
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit) | |
# thereby only ever using the last successful cache version. This solution will result in a | |
# few slower CI actions around the time cache is detected to be too large, but it should | |
# incrementally improve thereafter. | |
- name: Ensure cache size | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
# See https://stackoverflow.com/a/27485157 for reference. | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1) | |
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB" | |
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem | |
# to only increase by a few hundred megabytes across changes for unrelated branches. This | |
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build | |
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB | |
# compressed cache). | |
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then | |
echo "Cache exceeds cut-off; resetting it (will result in a slow build)" | |
rm -rf $EXPANDED_BAZEL_CACHE_PATH | |
fi | |
- name: Configure Bazel to use a local cache | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path" | |
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc | |
shell: bash | |
- name: Check Bazel environment | |
run: bazel info | |
# See https://git-secret.io/installation for details on installing git-secret. Note that the | |
# apt-get method isn't used since it's much slower to update & upgrade apt before installation | |
# versus just directly cloning & installing the project. Further, the specific version | |
# shouldn't matter since git-secret relies on a future-proof storage mechanism for secrets. | |
# This also uses a different directory to install git-secret to avoid requiring root access | |
# when running the git secret command. | |
- name: Install git-secret (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
shell: bash | |
run: | | |
cd $HOME | |
mkdir -p $HOME/gitsecret | |
git clone https://github.com/sobolevn/git-secret.git git-secret | |
cd git-secret && make build | |
PREFIX="$HOME/gitsecret" make install | |
echo "$HOME/gitsecret" >> $GITHUB_PATH | |
echo "$HOME/gitsecret/bin" >> $GITHUB_PATH | |
- name: Decrypt secrets (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
GIT_SECRET_GPG_PRIVATE_KEY: ${{ secrets.GIT_SECRET_GPG_PRIVATE_KEY }} | |
run: | | |
cd $HOME | |
# NOTE TO DEVELOPERS: Make sure to never print this key directly to stdout! | |
echo $GIT_SECRET_GPG_PRIVATE_KEY | base64 --decode > ./git_secret_private_key.gpg | |
gpg --import ./git_secret_private_key.gpg | |
cd $GITHUB_WORKSPACE | |
git secret reveal | |
# Note that caching only works on non-forks. | |
- name: Build Oppia developer AAB (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_dev | |
- name: Build Oppia developer AAB (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build -- //:oppia_dev | |
# Note that caching only works on non-forks. | |
- name: Build Oppia developer KitKat AAB (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_dev_kitkat | |
- name: Build Oppia developer KitKat AAB (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build -- //:oppia_dev_kitkat | |
build_oppia_alpha_aab: | |
name: Build Oppia AAB (alpha flavors) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04] | |
env: | |
ENABLE_CACHING: false | |
CACHE_DIRECTORY: ~/.bazel_cache | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 6.5.0 | |
- name: Set up build environment | |
uses: ./.github/actions/set-up-android-bazel-build-environment | |
# For reference on this & the later cache actions, see: | |
# https://github.com/actions/cache/issues/239#issuecomment-606950711 & | |
# https://github.com/actions/cache/issues/109#issuecomment-558771281. Note that these work | |
# with Bazel since Bazel can share the most recent cache from an unrelated build and still | |
# benefit from incremental build performance (assuming that actions/cache aggressively removes | |
# older caches due to the 5GB cache limit size & Bazel's large cache size). | |
- uses: actions/cache@v2 | |
id: cache | |
with: | |
path: ${{ env.CACHE_DIRECTORY }} | |
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-tests- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel- | |
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a | |
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit) | |
# thereby only ever using the last successful cache version. This solution will result in a | |
# few slower CI actions around the time cache is detected to be too large, but it should | |
# incrementally improve thereafter. | |
- name: Ensure cache size | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
# See https://stackoverflow.com/a/27485157 for reference. | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1) | |
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB" | |
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem | |
# to only increase by a few hundred megabytes across changes for unrelated branches. This | |
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build | |
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB | |
# compressed cache). | |
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then | |
echo "Cache exceeds cut-off; resetting it (will result in a slow build)" | |
rm -rf $EXPANDED_BAZEL_CACHE_PATH | |
fi | |
- name: Configure Bazel to use a local cache | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path" | |
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc | |
shell: bash | |
- name: Check Bazel environment | |
run: bazel info | |
# See https://git-secret.io/installation for details on installing git-secret. Note that the | |
# apt-get method isn't used since it's much slower to update & upgrade apt before installation | |
# versus just directly cloning & installing the project. Further, the specific version | |
# shouldn't matter since git-secret relies on a future-proof storage mechanism for secrets. | |
# This also uses a different directory to install git-secret to avoid requiring root access | |
# when running the git secret command. | |
- name: Install git-secret (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
shell: bash | |
run: | | |
cd $HOME | |
mkdir -p $HOME/gitsecret | |
git clone https://github.com/sobolevn/git-secret.git git-secret | |
cd git-secret && make build | |
PREFIX="$HOME/gitsecret" make install | |
echo "$HOME/gitsecret" >> $GITHUB_PATH | |
echo "$HOME/gitsecret/bin" >> $GITHUB_PATH | |
- name: Decrypt secrets (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
GIT_SECRET_GPG_PRIVATE_KEY: ${{ secrets.GIT_SECRET_GPG_PRIVATE_KEY }} | |
run: | | |
cd $HOME | |
# NOTE TO DEVELOPERS: Make sure to never print this key directly to stdout! | |
echo $GIT_SECRET_GPG_PRIVATE_KEY | base64 --decode > ./git_secret_private_key.gpg | |
gpg --import ./git_secret_private_key.gpg | |
cd $GITHUB_WORKSPACE | |
git secret reveal | |
# Note that caching only works on non-forks. | |
- name: Build Oppia alpha AAB (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --compilation_mode=opt --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_alpha | |
- name: Build Oppia alpha AAB (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build --compilation_mode=opt -- //:oppia_alpha | |
# Note that caching only works on non-forks. | |
- name: Build Oppia alpha KitKat AAB (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --compilation_mode=opt --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_alpha_kitkat | |
- name: Build Oppia alpha KitKat AAB (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build --compilation_mode=opt -- //:oppia_alpha_kitkat | |
# Note that caching only works on non-forks. | |
- name: Build Oppia alpha Kenya-specific AAB (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --compilation_mode=opt --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_alpha_kenya | |
- name: Build Oppia alpha Kenya-specific AAB (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build --compilation_mode=opt -- //:oppia_alpha_kenya | |
build_oppia_beta_aab: | |
name: Build Oppia AAB (beta flavor) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04] | |
env: | |
ENABLE_CACHING: false | |
CACHE_DIRECTORY: ~/.bazel_cache | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 6.5.0 | |
- name: Set up build environment | |
uses: ./.github/actions/set-up-android-bazel-build-environment | |
# For reference on this & the later cache actions, see: | |
# https://github.com/actions/cache/issues/239#issuecomment-606950711 & | |
# https://github.com/actions/cache/issues/109#issuecomment-558771281. Note that these work | |
# with Bazel since Bazel can share the most recent cache from an unrelated build and still | |
# benefit from incremental build performance (assuming that actions/cache aggressively removes | |
# older caches due to the 5GB cache limit size & Bazel's large cache size). | |
- uses: actions/cache@v2 | |
id: cache | |
with: | |
path: ${{ env.CACHE_DIRECTORY }} | |
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-tests- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel- | |
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a | |
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit) | |
# thereby only ever using the last successful cache version. This solution will result in a | |
# few slower CI actions around the time cache is detected to be too large, but it should | |
# incrementally improve thereafter. | |
- name: Ensure cache size | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
# See https://stackoverflow.com/a/27485157 for reference. | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1) | |
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB" | |
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem | |
# to only increase by a few hundred megabytes across changes for unrelated branches. This | |
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build | |
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB | |
# compressed cache). | |
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then | |
echo "Cache exceeds cut-off; resetting it (will result in a slow build)" | |
rm -rf $EXPANDED_BAZEL_CACHE_PATH | |
fi | |
- name: Configure Bazel to use a local cache | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path" | |
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc | |
shell: bash | |
- name: Check Bazel environment | |
run: bazel info | |
# See https://git-secret.io/installation for details on installing git-secret. Note that the | |
# apt-get method isn't used since it's much slower to update & upgrade apt before installation | |
# versus just directly cloning & installing the project. Further, the specific version | |
# shouldn't matter since git-secret relies on a future-proof storage mechanism for secrets. | |
# This also uses a different directory to install git-secret to avoid requiring root access | |
# when running the git secret command. | |
- name: Install git-secret (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
shell: bash | |
run: | | |
cd $HOME | |
mkdir -p $HOME/gitsecret | |
git clone https://github.com/sobolevn/git-secret.git git-secret | |
cd git-secret && make build | |
PREFIX="$HOME/gitsecret" make install | |
echo "$HOME/gitsecret" >> $GITHUB_PATH | |
echo "$HOME/gitsecret/bin" >> $GITHUB_PATH | |
- name: Decrypt secrets (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
GIT_SECRET_GPG_PRIVATE_KEY: ${{ secrets.GIT_SECRET_GPG_PRIVATE_KEY }} | |
run: | | |
cd $HOME | |
# NOTE TO DEVELOPERS: Make sure to never print this key directly to stdout! | |
echo $GIT_SECRET_GPG_PRIVATE_KEY | base64 --decode > ./git_secret_private_key.gpg | |
gpg --import ./git_secret_private_key.gpg | |
cd $GITHUB_WORKSPACE | |
git secret reveal | |
# Note that caching only works on non-forks. | |
- name: Build Oppia beta AAB (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --compilation_mode=opt --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_beta | |
- name: Build Oppia beta AAB (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build --compilation_mode=opt -- //:oppia_beta | |
build_oppia_ga_aab: | |
name: Build Oppia AAB (GA flavor) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: [ubuntu-20.04] | |
env: | |
ENABLE_CACHING: false | |
CACHE_DIRECTORY: ~/.bazel_cache | |
steps: | |
- uses: actions/checkout@v2 | |
with: | |
fetch-depth: 0 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v1 | |
with: | |
java-version: 11 | |
- name: Set up Bazel | |
uses: abhinavsingh/setup-bazel@v3 | |
with: | |
version: 6.5.0 | |
- name: Set up build environment | |
uses: ./.github/actions/set-up-android-bazel-build-environment | |
# For reference on this & the later cache actions, see: | |
# https://github.com/actions/cache/issues/239#issuecomment-606950711 & | |
# https://github.com/actions/cache/issues/109#issuecomment-558771281. Note that these work | |
# with Bazel since Bazel can share the most recent cache from an unrelated build and still | |
# benefit from incremental build performance (assuming that actions/cache aggressively removes | |
# older caches due to the 5GB cache limit size & Bazel's large cache size). | |
- uses: actions/cache@v2 | |
id: cache | |
with: | |
path: ${{ env.CACHE_DIRECTORY }} | |
key: ${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary-${{ github.sha }} | |
restore-keys: | | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-binary- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel-tests- | |
${{ runner.os }}-${{ env.CACHE_DIRECTORY }}-bazel- | |
# This check is needed to ensure that Bazel's unbounded cache growth doesn't result in a | |
# situation where the cache never updates (e.g. due to exceeding GitHub's cache size limit) | |
# thereby only ever using the last successful cache version. This solution will result in a | |
# few slower CI actions around the time cache is detected to be too large, but it should | |
# incrementally improve thereafter. | |
- name: Ensure cache size | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
# See https://stackoverflow.com/a/27485157 for reference. | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
CACHE_SIZE_MB=$(du -smc $EXPANDED_BAZEL_CACHE_PATH | grep total | cut -f1) | |
echo "Total size of Bazel cache (rounded up to MBs): $CACHE_SIZE_MB" | |
# Use a 4.5GB threshold since actions/cache compresses the results, and Bazel caches seem | |
# to only increase by a few hundred megabytes across changes for unrelated branches. This | |
# is also a reasonable upper-bound (local tests as of 2021-03-31 suggest that a full build | |
# of the codebase (e.g. //...) from scratch only requires a ~2.1GB uncompressed/~900MB | |
# compressed cache). | |
if [[ "$CACHE_SIZE_MB" -gt 4500 ]]; then | |
echo "Cache exceeds cut-off; resetting it (will result in a slow build)" | |
rm -rf $EXPANDED_BAZEL_CACHE_PATH | |
fi | |
- name: Configure Bazel to use a local cache | |
env: | |
BAZEL_CACHE_DIR: ${{ env.CACHE_DIRECTORY }} | |
run: | | |
EXPANDED_BAZEL_CACHE_PATH="${BAZEL_CACHE_DIR/#\~/$HOME}" | |
echo "Using $EXPANDED_BAZEL_CACHE_PATH as Bazel's cache path" | |
echo "build --disk_cache=$EXPANDED_BAZEL_CACHE_PATH" >> $HOME/.bazelrc | |
shell: bash | |
- name: Check Bazel environment | |
run: bazel info | |
# See https://git-secret.io/installation for details on installing git-secret. Note that the | |
# apt-get method isn't used since it's much slower to update & upgrade apt before installation | |
# versus just directly cloning & installing the project. Further, the specific version | |
# shouldn't matter since git-secret relies on a future-proof storage mechanism for secrets. | |
# This also uses a different directory to install git-secret to avoid requiring root access | |
# when running the git secret command. | |
- name: Install git-secret (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
shell: bash | |
run: | | |
cd $HOME | |
mkdir -p $HOME/gitsecret | |
git clone https://github.com/sobolevn/git-secret.git git-secret | |
cd git-secret && make build | |
PREFIX="$HOME/gitsecret" make install | |
echo "$HOME/gitsecret" >> $GITHUB_PATH | |
echo "$HOME/gitsecret/bin" >> $GITHUB_PATH | |
- name: Decrypt secrets (non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
GIT_SECRET_GPG_PRIVATE_KEY: ${{ secrets.GIT_SECRET_GPG_PRIVATE_KEY }} | |
run: | | |
cd $HOME | |
# NOTE TO DEVELOPERS: Make sure to never print this key directly to stdout! | |
echo $GIT_SECRET_GPG_PRIVATE_KEY | base64 --decode > ./git_secret_private_key.gpg | |
gpg --import ./git_secret_private_key.gpg | |
cd $GITHUB_WORKSPACE | |
git secret reveal | |
# Note that caching only works on non-forks. | |
- name: Build Oppia GA AAB (with caching, non-fork only) | |
if: ${{ env.ENABLE_CACHING == 'true' && github.event.pull_request.head.repo.full_name == 'oppia/oppia-android' }} | |
env: | |
BAZEL_REMOTE_CACHE_URL: ${{ secrets.BAZEL_REMOTE_CACHE_URL }} | |
run: | | |
bazel build --compilation_mode=opt --remote_http_cache=$BAZEL_REMOTE_CACHE_URL --google_credentials=./config/oppia-dev-workflow-remote-cache-credentials.json -- //:oppia_ga | |
- name: Build Oppia GA AAB (without caching, or on a fork) | |
if: ${{ env.ENABLE_CACHING == 'false' || github.event.pull_request.head.repo.full_name != 'oppia/oppia-android' }} | |
run: | | |
bazel build --compilation_mode=opt -- //:oppia_ga |