Action permissions and usage cleanup #416
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
schedule: | |
# every morning at 8am UTC | |
# https://docs.github.com/en/actions/reference/workflow-syntax-for-github-actions#onschedule | |
# make sure to change the `if` commands below when changing the schedule | |
- cron: '0 8 * * *' | |
- cron: '0 9 * * *' | |
push: | |
branches: | |
- main | |
- dev | |
- dev-rspm | |
pull_request: | |
name: Prerelease - Build, Test, Scan, and Push | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
name: build-${{ matrix.config.type }}-${{ matrix.config.product }}-${{ matrix.config.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- {product: "workbench", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "workbench", type: "preview", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "connect", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "connect-content-init", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "package-manager", type: "daily", os: "ubuntu1804", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "package-manager", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "r-session-complete", type: "daily", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "r-session-complete", type: "daily", os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
- {product: "r-session-complete", type: "preview", os: "ubuntu2204", r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.17", py-alternate: "3.8.17"} | |
- {product: "r-session-complete", type: "preview", os: 'centos7', r-primary: "4.2.3", r-alternate: "4.1.3", py-primary: "3.9.14", py-alternate: "3.8.15"} | |
concurrency: | |
group: prerelease-build-${{ matrix.config.type }}-${{ matrix.config.product }}-${{ matrix.config.os }}-${{ github.ref }} | |
cancel-in-progress: true | |
steps: | |
- name: Check Out main Branch | |
if: github.event.schedule == '0 8 * * *' | |
uses: actions/checkout@v3 | |
with: | |
ref: 'main' | |
- name: Check Out Repo at Triggered Branch | |
if: github.event.schedule != '0 8 * * *' | |
uses: actions/checkout@v3 | |
- name: Set up Just | |
uses: extractions/setup-just@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Get Version | |
id: get-version | |
run: | | |
VERSION=$(just -f ci.Justfile get-version ${{ matrix.config.product }} --type=${{ matrix.config.type }} --local) | |
echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
- name: Get build args | |
id: get-build-args | |
run: | | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
BUILD_ARGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-prerelease-args \ | |
${{ matrix.config.type }} \ | |
${{ matrix.config.product }} \ | |
${{ matrix.config.os }} \ | |
${{ steps.get-version.outputs.VERSION }} \ | |
) | |
echo "BUILD_ARGS<<$EOF" >> $GITHUB_OUTPUT | |
echo "$BUILD_ARGS" >> $GITHUB_OUTPUT | |
echo "$EOF" >> $GITHUB_OUTPUT | |
- name: Get tags | |
id: get-tags | |
run: | | |
IMAGE_TAGS=$( \ | |
just -f ci.Justfile \ | |
R_VERSION=${{ matrix.config.r-primary }} \ | |
R_VERSION_ALT=${{ matrix.config.r-alternate }} \ | |
PYTHON_VERSION=${{ matrix.config.py-primary }} \ | |
PYTHON_VERSION_ALT=${{ matrix.config.py-alternate }} \ | |
get-prerelease-tags \ | |
${{ matrix.config.type }} \ | |
${{ matrix.config.product }} \ | |
${{ matrix.config.os }} \ | |
${{ steps.get-version.outputs.VERSION }} \ | |
) | |
echo "IMAGE_TAGS=$IMAGE_TAGS" >> $GITHUB_OUTPUT | |
- name: Build/Test/Scan/Push base pro image | |
id: build1 | |
uses: ./.github/actions/build-test-scan-push | |
continue-on-error: true | |
with: | |
context: ./${{ matrix.config.product }} | |
os: ${{ matrix.config.os }} | |
product: ${{ matrix.config.product }} | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' || github.ref == 'refs/heads/dev-rspm' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
# Begin retry logic | |
- name: Wait 60s on failure before retrying | |
if: steps.build1.outcome == 'failure' | |
run: sleep 60 | |
- name: Retry - Build/Test/Scan/Push base pro image | |
id: build2 | |
if: steps.build1.outcome == 'failure' | |
uses: ./.github/actions/build-test-scan-push | |
with: | |
context: ./${{ matrix.config.product }} | |
os: ${{ matrix.config.os }} | |
product: product-base | |
image-tags: ${{ steps.get-tags.outputs.IMAGE_TAGS }} | |
build-args: ${{ steps.get-build-args.outputs.BUILD_ARGS }} | |
push-image: ${{ github.ref == 'refs/heads/main' || github.ref == 'refs/heads/dev' }} | |
snyk-token: ${{ secrets.SNYK_TOKEN }} | |
snyk-org-id: ${{ secrets.SNYK_ORG_ID }} | |
ghcr-token: ${{ secrets.GITHUB_TOKEN }} | |
dockerhub-username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
dockerhub-token: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
gcp-json: '${{ secrets.GCP_ARTIFACT_REGISTRY_JSON }}' | |
# End retry logic |