Merge pull request #24 from ocaisa/update_actions

Update actions, add `dev.eessi.io` and prepare for MacOS support

.github/workflows/create_tags.yml

@@ -11,7 +11,7 @@ jobs:
     permissions:
       contents: write
     steps:
-      - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+      - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           fetch-depth: '0'
       - uses: robinraju/release-downloader@d6de084c58345d09b017e22701dbcf26977cfd14 # v1.6

.github/workflows/macos.yml

@@ -1,4 +1,4 @@
-name: macOS-placeholder
+name: macOS-minimal
 on:
   push:
     branches:
@@ -12,14 +12,15 @@ jobs:
   macOS-minimal:
     runs-on: macos-latest
     steps:
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
-    #- uses: eessi/github-action-eessi@main
-    #  with:
-    #    eessi_config_package: 'https://github.com/EESSI/filesystem-layer/releases/download/v0.3.0/cvmfs-config-eessi-0.3.0.pkg'
-    #    run_local_checkout: 'true'
-    - name: Test EESSI
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
+    - uses: ./
+    # - name: Test EESSI
+    #  run: |
+    #    direnv status
+    #    module avail
+    #  shell: bash
+    - name: Test available repos
       run: |
-       echo "This is only a placeholder until we figure out how to enable macOS support"
-       echo "if we fix it, make sure to edit the README to include the macOS badge"
-       echo "which is currently commented out"
+        ls /cvmfs/software.eessi.io
+        ls /cvmfs/dev.eessi.io
       shell: bash

.github/workflows/minimal-usage.yml

@@ -12,10 +12,15 @@ jobs:
   minimal_usage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - uses: ./
     - name: Test EESSI
       run: |
         direnv status
         module avail
       shell: bash
+    - name: Test available repos
+      run: |
+        ls /cvmfs/software.eessi.io
+        ls /cvmfs/dev.eessi.io
+      shell: bash

.github/workflows/scorecards.yml

@@ -4,24 +4,20 @@
 
 name: Scorecards supply-chain security
 on:
-  # For Branch-Protection check. Only the default branch is supported. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
-  branch_protection_rule:
   # To guarantee Maintained check is occasionally updated. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   schedule:
     - cron: '25 15 * * 3'
   push:
-    branches: [ "main" ]
-  pull_request:
-    branches:    
+    branches:
       - main
 
 # Declare default permissions as read only.
 permissions: read-all
 
 jobs:
   analysis:
+    if: github.repository_owner == 'EESSI'   # Prevent running on forks
     name: Scorecards analysis
     runs-on: ubuntu-latest
     permissions:
@@ -35,12 +31,12 @@ jobs:
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@99c53751e09b9529366343771cc321ec74e9bd3d # v2.0.6
+        uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3
         with:
           results_file: results.sarif
           results_format: sarif
@@ -62,14 +58,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@807578363a7869ca324a79039e6db9c843e0e100 # v2.1.27
+        uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6
         with:
           sarif_file: results.sarif

.github/workflows/tensorflow-usage.yml

@@ -9,7 +9,7 @@ jobs:
   tensorflow_usage:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+    - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
     - uses: eessi/github-action-eessi@main
       with:
         eessi_stack_version: '2023.06'

action.yml

@@ -8,28 +8,45 @@ inputs:
     description: 'Version of the EESSI stack to configure'
     required: false
     default: '2023.06'
+  eessi_repositories:
+    description: 'Comma-separated list of fully qualified repository names that shall be mountable under /cvmfs.'
+    required: false
+    default: 'software.eessi.io,dev.eessi.io'
 
 runs:
   using: "composite"
   steps:
-    - uses: cvmfs-contrib/github-action-cvmfs@55899ca74cf78ab874bdf47f5a804e47c198743c # v4.0
+    - uses: cvmfs-contrib/github-action-cvmfs@cec5c94a14714ab02980682fce8ab3de238401f9 # v4.0 + MacOS support
       with:
-        cvmfs_config_package: https://github.com/EESSI/filesystem-layer/releases/download/latest/cvmfs-config-eessi_latest_all.deb
+        # Can't use config package for macOS but our repos are available with the default configuration anyway
+        # cvmfs_config_package: https://github.com/EESSI/filesystem-layer/releases/download/latest/cvmfs-config-eessi_latest_all.deb
         cvmfs_http_proxy: DIRECT
-        cvmfs_repositories: software.eessi.io
+        cvmfs_repositories: 'cvmfs-config.cern.ch,${{ inputs.eessi_repositories }}'
     - id: install-eessi
       run: |
-        echo "EESSI_SILENT=1" >> $GITHUB_ENV
-        echo 'unset BASH_ENV' >> $HOME/env_config.export
-        echo "source /cvmfs/software.eessi.io/versions/$EESSI_STACK_VERSION/init/bash" >> $HOME/env_config.export
-        sudo apt install -y direnv
-        echo 'eval "$(direnv export bash)"' >> $HOME/env_config.export
-        mkdir -p $HOME/direnv/
-        echo "[whitelist]" >> $HOME/direnv/direnv.toml
-        echo "prefix = [ '$GITHUB_WORKSPACE' ]" >> $HOME/direnv/direnv.toml
-        cp $HOME/direnv/direnv.toml $HOME/direnv/config.toml
-        echo "BASH_ENV=$HOME/env_config.export" >> $GITHUB_ENV
-        echo "DIRENV_CONFIG=$HOME/direnv" >> $GITHUB_ENV
+        if [ "$RUNNER_OS" == "Linux" ]; then
+          echo "EESSI_SILENT=1" >> $GITHUB_ENV
+          echo 'unset BASH_ENV' >> $HOME/env_config.export
+          echo "source /cvmfs/software.eessi.io/versions/$EESSI_STACK_VERSION/init/bash" >> $HOME/env_config.export
+          sudo apt install -y direnv
+          echo 'eval "$(direnv export bash)"' >> $HOME/env_config.export
+          mkdir -p $HOME/direnv/
+          echo "[whitelist]" >> $HOME/direnv/direnv.toml
+          echo "prefix = [ '$GITHUB_WORKSPACE' ]" >> $HOME/direnv/direnv.toml
+          cp $HOME/direnv/direnv.toml $HOME/direnv/config.toml
+          echo "BASH_ENV=$HOME/env_config.export" >> $GITHUB_ENV
+          echo "DIRENV_CONFIG=$HOME/direnv" >> $GITHUB_ENV
+        elif [ "$RUNNER_OS" == "macOS" ]; then
+          # EESSI on macOS requires lima so we get a Linux VM, see https://gitlab.com/eessi/support/-/issues/70
+          # (unfortunately this requires nested virtualisation in GitHub Actions which is not available with M1)
+          brew install lima
+          # limactl create --vm-type=vz --mount-type=virtiofs --network vzNAT --name eessi ./eessi.yaml
+          # limactl create --name eessi ./eessi.yaml
+          # limactl start eessi
+          ## For debugging
+          # limactl start eessi || true
+          # cat /Users/runner/.lima/eessi/ha.stderr.log
+        fi
       shell: bash
       env:
         EESSI_STACK_VERSION: ${{ inputs.eessi_stack_version }}