From e43d63b054103aa7e7c8dfab8fa4c02eb4f320e0 Mon Sep 17 00:00:00 2001 From: Gavin Inglis <43075615+ginglis13@users.noreply.github.com> Date: Tue, 1 Aug 2023 14:24:54 -0700 Subject: [PATCH] ci: remove duplicate actions, use finch-core (#511) finch-core already defines scripts for updating some dependencies: https://github.com/runfinch/finch-core/blob/main/bin/update-deps.sh Since this repo takes finch-core as a submodule, some actions can be consolidated to this one for dependency updates. CORE_URL is unused and that behavior is removed. Issue #, if available: *Description of changes:* *Testing done:* - [x] I've reviewed the guidance in CONTRIBUTING.md #### License Acceptance By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. Signed-off-by: Gavin Inglis --- .github/bin/update-lima-dep.sh | 42 ------------------ ...les.yaml => sync-submodules-and-deps.yaml} | 18 ++++++-- .github/workflows/update-deps.yaml | 43 ------------------- 3 files changed, 15 insertions(+), 88 deletions(-) delete mode 100755 .github/bin/update-lima-dep.sh rename .github/workflows/{sync-submodules.yaml => sync-submodules-and-deps.yaml} (56%) delete mode 100644 .github/workflows/update-deps.yaml diff --git a/.github/bin/update-lima-dep.sh b/.github/bin/update-lima-dep.sh deleted file mode 100755 index 48ce1a93f..000000000 --- a/.github/bin/update-lima-dep.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -DEPENDENCY_CLOUDFRONT_URL="https://deps.runfinch.com/" -AARCH64_FILENAME_PATTERN="aarch64/lima-and-qemu.macos-aarch64.[0-9].*\.gz$" -AMD64_FILENAME_PATTERN="x86-64/lima-and-qemu.macos-x86_64.[0-9].*\.gz$" -AARCH64="aarch64" -X86_64="x86-64" - -FINCH_CORE_FILENAME_PATTERN="finch-core-.*\.gz$" -ARTIFACT_CLOUDFRONT_URL="https://artifact.runfinch.com/" - -set -x - -while getopts d:a: flag -do - case "${flag}" in - d) dependency_bucket=${OPTARG};; - a) artifact_bucket=${OPTARG};; - esac -done -[[ -z "$dependency_bucket" ]] && { echo "Error: Dependency bucket not set"; exit 1; } - -[[ -z "$artifact_bucket" ]] && { echo "Error: Artifact bucket not set"; exit 1; } - - -aarch64Deps=$(aws s3 ls s3://${dependency_bucket}/${AARCH64}/ --recursive | grep "$AARCH64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}') - -[[ -z "$aarch64Deps" ]] && { echo "Error: aarch64 dependency not found"; exit 1; } - - -amd64Deps=$(aws s3 ls s3://${dependency_bucket}/${X86_64}/ --recursive | grep "$AMD64_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}') - -[[ -z "$amd64Deps" ]] && { echo "Error: x86_64 dependency not found"; exit 1; } - -sed -E -i.bak 's|^([[:blank:]]*LIMA_URL[[:blank:]]*\?=[[:blank:]]*'${DEPENDENCY_CLOUDFRONT_URL}')('${AARCH64_FILENAME_PATTERN}')|\1'$aarch64Deps'|' Makefile -sed -E -i.bak 's|^([[:blank:]]*LIMA_URL[[:blank:]]*\?=[[:blank:]]*'${DEPENDENCY_CLOUDFRONT_URL}')('${AMD64_FILENAME_PATTERN}')|\1'$amd64Deps'|' Makefile - -finch_core_artifact=$(aws s3 ls s3://${artifact_bucket} --recursive | grep "$FINCH_CORE_FILENAME_PATTERN" | sort | tail -n 1 | awk '{print $4}') - -[[ -z "$finch_core_artifact" ]] && { echo "Error: finch core release not found"; exit 1; } - -sed -E -i.bak 's|^([[:blank:]]*CORE_URL[[:blank:]]*\?=[[:blank:]]*'${ARTIFACT_CLOUDFRONT_URL}')('${FINCH_CORE_FILENAME_PATTERN}')|\1'$finch_core_artifact'|' Makefile diff --git a/.github/workflows/sync-submodules.yaml b/.github/workflows/sync-submodules-and-deps.yaml similarity index 56% rename from .github/workflows/sync-submodules.yaml rename to .github/workflows/sync-submodules-and-deps.yaml index 10a3bfe2f..cc7385c5e 100644 --- a/.github/workflows/sync-submodules.yaml +++ b/.github/workflows/sync-submodules-and-deps.yaml @@ -1,4 +1,4 @@ -name: Sync Submodules +name: Sync Submodules and Dependencies # Pulls changes from the main branch of submodules daily at 9:00 UTC and opens a PR. on: @@ -15,14 +15,26 @@ jobs: with: submodules: recursive token: ${{ secrets.GITHUB_TOKEN }} - - name: Update sub modules + + - name: Update submodules run: | git submodule update --remote + + - name: Update OS image + run: | ./.github/bin/update-os-image.sh + - name: Update lima dependencies url + run: | + ./deps/finch-core/bin/update-deps.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} + + - name: Update rootfs + run: | + ./deps/finch-core/bin/update-rootfs.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} + - name: Create PR uses: peter-evans/create-pull-request@v5 with: token: ${{ secrets.GITHUB_TOKEN }} signoff: true - title: 'build(deps): Bump submodules' + title: 'build(deps): Bump submodules and dependencies' diff --git a/.github/workflows/update-deps.yaml b/.github/workflows/update-deps.yaml deleted file mode 100644 index c93dd115d..000000000 --- a/.github/workflows/update-deps.yaml +++ /dev/null @@ -1,43 +0,0 @@ -name: Update dependencies -on: - schedule: - - cron: '0 11 * * 2' - workflow_dispatch: - -permissions: - # This is required for configure-aws-credentials to request an OIDC JWT ID token to access AWS resources later on. - # More info: https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect#adding-permissions-settings - id-token: write - contents: write - pull-requests: write - -jobs: - update-deps: - runs-on: ubuntu-latest - steps: - - name: Checkout code - uses: actions/checkout@v3 - - - name: configure aws credentials - uses: aws-actions/configure-aws-credentials@v2 - with: - role-to-assume: ${{ secrets.ROLE }} - role-session-name: dependency-upload-session - aws-region: ${{ secrets.REGION }} - - # This step fetches the latest set of released dependencies from s3 and updates the Makefile to use the same. - - name: update dependencies url - run: | - ./.github/bin/update-lima-dep.sh -d ${{ secrets.DEPENDENCY_BUCKET_NAME }} -a {{ secrets.ARTIFACT_BUCKET_NAME }} - - - name: create PR - uses: peter-evans/create-pull-request@v5 - with: - # A Personal Access Token instead of the default `GITHUB_TOKEN` is required - # to trigger the checks (e.g., e2e tests) on the created pull request. - # More info: https://github.com/peter-evans/create-pull-request/blob/main/docs/concepts-guidelines.md#workarounds-to-trigger-further-workflow-runs - # TODO: Use FINCH_BOT_TOKEN instead of GITHUB_TOKEN. - token: ${{ secrets.GITHUB_TOKEN }} - signoff: true - # TODO: Add updated lima version in the title. - title: 'build(deps): Bump lima version'