git ci workflows

declantsien · declantsien · commit 305a4eec8825 · 2022-12-29T15:10:55.000+08:00
diff --git a/.github/workflows/_build.yml b/.github/workflows/_build.yml
@@ -0,0 +1,211 @@
+---
+# Requires _prepare.yml re-usable workflow to have run.
+name: _build
+on:
+  workflow_call:
+    inputs:
+      artifact_prefix:
+        description: Artifact prefix
+        type: string
+        required: false
+      os:
+        description: GitHub Actions runner OS
+        type: string
+        required: true
+      git_ref:
+        description: Git ref to build
+        type: string
+        required: true
+      git_sha:
+        description: Override git SHA to build
+        type: string
+        required: false
+      build_args:
+        description: Custom arguments passed to build script
+        type: string
+        required: false
+      test_build_name:
+        description: "Test build name"
+        type: string
+        required: false
+      test_release_type:
+        description: "prerelease or draft"
+        type: string
+        required: false
+        default: "prerelease"
+    secrets:
+      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64:
+        description: Base64 encoded Apple Developer Certificate
+        required: true
+      APPLE_DEVELOPER_CERTIFICATE_PASSWORD:
+        description: Password for Apple Developer Certificate
+        required: true
+      KEYCHAIN_PASSWORD:
+        description: Password to use for temporary local keychain on runner
+        required: true
+      AC_USERNAME:
+        description: Apple Connect Username
+        required: true
+      AC_PASSWORD:
+        description: Apple Connect Password
+        required: true
+      AC_PROVIDER:
+        description: Apple Connect Provider
+        required: true
+      AC_SIGN_IDENTITY:
+        description: Apple Connect Signing Identify
+        required: true
+      TAP_REPO_TOKEN:
+        description: Homebrew Tap Token
+        required: true
+
+jobs:
+  prepare:
+    runs-on: ${{ inputs.os }}
+    outputs:
+      builder_sha: ${{ steps.builder_sha.outputs.sha }}
+      emacs_sha_override: ${{ steps.emacs_sha.outputs.sha }}
+      test_plan_args: ${{ steps.test_plan_args.outputs.args }}
+    steps:
+      - name: Download emacs-builder git SHA artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: emacs-builder-git-sha
+          path: ./
+      - name: Store builder Git SHA
+        id: builder_sha
+        run: >-
+          echo "sha=$(cat emacs-builder-git-sha.txt)" >> $GITHUB_OUTPUT
+      - name: Prepare plan test args
+        id: test_plan_args
+        if: ${{ inputs.test_build_name != '' }}
+        run: >-
+          echo "args=--test-build '${{ inputs.test_build_name }}' --test-release-type '${{ inputs.test_release_type }}'" >> $GITHUB_OUTPUT
+      - name: Set git SHA override
+        id: emacs_sha
+        if: ${{ inputs.git_sha != '' }}
+        run: >-
+          echo "sha=--sha '${{ inputs.git_sha }}'" >> $GITHUB_OUTPUT
+  plan:
+    needs: [prepare]
+    runs-on: ${{ inputs.os }}
+    outputs:
+      check: ${{ steps.check.outputs.result }}
+    steps:
+      - name: Download pre-built emacs-builder artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: emacs-builder
+          path: bin
+      - name: Ensure emacs-builder is executable
+        run: chmod +x bin/emacs-builder
+      - name: Plan build
+        run: >-
+          bin/emacs-builder -l debug plan --output build-plan.yml
+          --output-dir '${{ github.workspace }}/builds'
+          ${{ needs.prepare.outputs.test_plan_args }}
+          ${{ needs.prepare.outputs.emacs_sha_override }}
+          '${{ inputs.git_ref }}'
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Show plan
+        run: cat build-plan.yml
+      - name: Upload build-plan artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ inputs.artifact_prefix }}build-plan
+          path: build-plan.yml
+          if-no-files-found: error
+      - name: Check if planned release and asset already exist
+        id: check
+        continue-on-error: true
+        run: |
+          echo "result=$((bin/emacs-builder -l debug release --plan build-plan.yml check && echo 'ok') || echo 'fail')" >> $GITHUB_OUTPUT
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - run: echo 'Planned release already seems to exist.'
+        if: ${{ steps.check.outputs.result == 'fail' }}
+
+  build:
+    runs-on: ${{ inputs.os }}
+    needs: [prepare, plan]
+    # Only run if check for existing release and asset failed.
+    if: ${{ needs.plan.outputs.check == 'fail' }}
+    steps:
+      - name: Checkout build-emacs-wr-for-macos repo
+        uses: actions/checkout@v2
+        with:
+          repository: declantsien/build-emacs-wr-for-macos
+          ref: ${{ needs.prepare.outputs.builder_sha }}
+          path: builder
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: 2.7
+      - name: Update homebrew
+        run: brew update
+      - name: Install dependencies
+        run: make bootstrap-ci
+        working-directory: builder
+      - name: Download build-plan artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.artifact_prefix }}build-plan
+          path: ./
+      - name: Build Emacs
+        run: >-
+          ./builder/build-emacs-for-macos --plan build-plan.yml
+          --native-full-aot
+          ${{ inputs.build_args }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      - name: Upload unsigned app artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ inputs.artifact_prefix }}unsigned-app
+          path: builds/*.tbz
+          if-no-files-found: error
+      - name: Upload Emacs source artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: ${{ inputs.artifact_prefix }}emacs-source
+          path: builder/tarballs/*.tgz
+
+  package:
+    runs-on: ${{ inputs.os }}
+    needs: [prepare, plan, build]
+    # Only run if check for existing release and asset failed.
+    steps:
+      - uses: actions/setup-python@v4
+        with:
+          python-version: "3.11"
+      - name: Install dmgbuild
+        run: |
+          $(command -v pip3 || command -v pip) install --upgrade dmgbuild
+      - name: Download pre-built emacs-builder artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: emacs-builder
+          path: bin
+      - name: Ensure emacs-builder is executable
+        run: chmod +x bin/emacs-builder
+      - name: Download build-plan artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.artifact_prefix }}build-plan
+          path: ./
+      - name: Download unsigned app artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.artifact_prefix }}unsigned-app
+          path: builds
+      - name: Extract unsigned app archive
+        run: |
+          find * -name '*.tbz' -exec tar xvjf "{}" \;
+        working-directory: builds
+      - name: Upload disk image artifacts
+        uses: actions/upload-artifact@v3
+        with:
+          name: tbz
+          path: |
+            builds/*.tbz
+          if-no-files-found: error
diff --git a/.github/workflows/_prepare.yml b/.github/workflows/_prepare.yml
@@ -0,0 +1,54 @@
+---
+name: _prepare
+on:
+  workflow_call:
+    inputs:
+      builder_ref:
+        description: Git ref to checkout of build-emacs-for-macos
+        required: false
+        type: string
+        default: "master"
+    secrets:
+      TAP_REPO_TOKEN:
+        description: Personal Access Token for Homebrew Tap repo
+        required: true
+
+jobs:
+  emacs-builder:
+    # Use oldest version of macOS to ensure emacs-bulder binary is compatible
+    # with later versions of macOS.
+    runs-on: macos-11
+    steps:
+      - name: Checkout build-emacs-for-macos repo
+        uses: actions/checkout@v3
+        with:
+          repository: declantsien/build-emacs-wr-for-macos
+          ref: ${{ inputs.builder_ref }}
+          path: builder
+      - name: Store builder Git SHA
+        run: |
+          git rev-parse HEAD > emacs-builder-git-sha.txt
+        working-directory: builder
+      - name: Upload builder git SHA artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: emacs-builder-git-sha
+          path: builder/emacs-builder-git-sha.txt
+          if-no-files-found: error
+      - uses: actions/setup-go@v2
+        with:
+          go-version: 1.16
+      - uses: actions/cache@v3
+        with:
+          path: ~/go/pkg/mod
+          key: ${{ runner.os }}-go-${{ hashFiles('builder/**/go.sum') }}
+          restore-keys: ${{ runner.os }}-go-
+      - name: Build emacs-builder tool
+        run: make build
+        working-directory: builder
+      - name: Upload emacs-builder artifact
+        uses: actions/upload-artifact@v3
+        with:
+          name: emacs-builder
+          path: builder/bin/emacs-builder
+          if-no-files-found: error
diff --git a/.github/workflows/_release.yml b/.github/workflows/_release.yml
@@ -0,0 +1,49 @@
+---
+# Requires _prepare.yml and _build.yml re-usable workflows to have run.
+name: _release
+on:
+  workflow_call:
+    inputs:
+      plan_artifact:
+        description: Name of artifact containing a emacs-builder plan yaml file
+        type: string
+        required: true
+      tbz_artifact:
+        description: Name of artifact containing a *.dmg files to release
+        type: string
+        required: true
+    secrets:
+      TAP_REPO_TOKEN:
+        description: Personal Access Token for Homebrew Tap repo
+        required: true
+
+jobs:
+  github:
+    runs-on: macos-11
+    steps:
+      - name: Download pre-built emacs-builder artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: emacs-builder
+          path: bin
+      - name: Ensure emacs-builder is executable
+        run: chmod +x bin/emacs-builder
+      - name: Download build-plan.yml artifact
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.plan_artifact }}
+          path: ./
+      - name: Download disk image artifacts
+        id: dmg
+        continue-on-error: true
+        uses: actions/download-artifact@v3
+        with:
+          name: ${{ inputs.tbz_artifact }}
+          path: builds
+      - name: Publish tbz archive to a GitHub Release
+        if: ${{ steps.dmg.outputs.result != 'fail' }}
+        run: >-
+          bin/emacs-builder -l debug release --plan build-plan.yml publish
+          $(find builds -name '*.tbz')
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml
@@ -0,0 +1,72 @@
+---
+name: Build
+on:
+  workflow_dispatch:
+    inputs:
+      git_ref:
+        description: Emacs git ref to build
+        required: true
+        default: "master"
+      git_sha:
+        description: Override Emacs git commit SHA to build
+        required: false
+      builder_ref:
+        description: "Git ref to checkout of build-emacs-for-macos"
+        required: true
+        default: "master"
+      builder_args:
+        description: Custom arguments passed to build script
+        required: false
+        default: ""
+      os:
+        description: 'Runner OS ("macos-11", "macos-12", or "macos-latest")'
+        required: true
+        default: "macos-11"
+      test_build_name:
+        description: "Test build name"
+        required: false
+        default: ""
+      test_release_type:
+        description: "prerelease or draft"
+        required: false
+        default: ""
+
+jobs:
+  prepare:
+    name: Prepare
+    uses: ./.github/workflows/_prepare.yml
+    with:
+      builder_ref: ${{ github.event.inputs.builder_ref }}
+    secrets:
+      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
+
+  build:
+    name: Build
+    needs: [prepare]
+    uses: ./.github/workflows/_build.yml
+    with:
+      os: ${{ github.event.inputs.os }}
+      git_ref: ${{ github.event.inputs.git_ref }}
+      git_sha: ${{ github.event.inputs.git_sha }}
+      build_args: ${{ github.event.inputs.builder_args }}
+      test_build_name: ${{ github.event.inputs.test_build_name }}
+      test_release_type: ${{ github.event.inputs.test_release_type }}
+    secrets:
+      APPLE_DEVELOPER_CERTIFICATE_P12_BASE64: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_P12_BASE64 }}
+      APPLE_DEVELOPER_CERTIFICATE_PASSWORD: ${{ secrets.APPLE_DEVELOPER_CERTIFICATE_PASSWORD }}
+      KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+      AC_USERNAME: ${{ secrets.AC_USERNAME }}
+      AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
+      AC_PROVIDER: ${{ secrets.AC_PROVIDER }}
+      AC_SIGN_IDENTITY: ${{ secrets.AC_SIGN_IDENTITY }}
+      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
+
+  release:
+    name: Release
+    needs: [build]
+    uses: ./.github/workflows/_release.yml
+    with:
+      plan_artifact: build-plan
+      tbz_artifact: tbz
+    secrets:
+      TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
diff --git a/.github/workflows/emacsng-webrender.yml b/.github/workflows/emacsng-webrender.yml
