bump(github-actions): Bump actions/upload-artifact from 4 to 5 #569
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "build.yml" | |
| on: | |
| pull_request: | |
| types: | |
| - opened | |
| - reopened | |
| - synchronize | |
| workflow_dispatch: | |
| inputs: | |
| debug_enabled: | |
| type: "boolean" | |
| description: "Run the build with tmate debugging enabled" | |
| merge_group: | |
| push: | |
| branches: | |
| - "main" | |
| concurrency: | |
| group: "${{ github.workflow }}:${{ github.ref }}" | |
| cancel-in-progress: true | |
| jobs: | |
| matrix: | |
| permissions: | |
| issues: "write" | |
| pull-requests: "write" | |
| packages: "write" | |
| contents: "write" | |
| id-token: "write" | |
| name: "matrix" | |
| runs-on: | |
| - "ubuntu-latest" | |
| outputs: | |
| matrix: "${{ steps.matrix.outputs.matrix }}" | |
| steps: | |
| - uses: "actions/checkout@v5" | |
| with: | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - uses: "dtolnay/rust-toolchain@stable" | |
| - uses: "cargo-bins/cargo-binstall@main" | |
| - name: "install whyq" | |
| run: | | |
| set -euxo pipefail | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends jq | |
| cargo binstall --no-confirm whyq | |
| - name: "generate test matrix" | |
| id: "matrix" | |
| run: | | |
| set -euxo pipefail | |
| yq \ | |
| --compact-output \ | |
| --raw-output \ | |
| '"matrix=" + (.matrix | tostring)' builds.yml \ | |
| | tee -a "${GITHUB_OUTPUT}" | |
| - name: "report build plan" | |
| run: | | |
| ./scripts/plan.sh "${GITHUB_STEP_SUMMARY}" | |
| run: | |
| name: "run" | |
| needs: | |
| - matrix | |
| runs-on: | |
| - "lab" | |
| timeout-minutes: 300 | |
| strategy: | |
| max-parallel: 2 | |
| matrix: ${{ fromJSON(needs.matrix.outputs.matrix) }} | |
| permissions: | |
| issues: "write" | |
| pull-requests: "write" | |
| packages: "write" | |
| contents: "read" | |
| id-token: "write" | |
| steps: | |
| - name: "log KUBE_NODE" | |
| run: | | |
| echo "$KUBE_NODE" | |
| - uses: "actions/checkout@v5" | |
| with: | |
| # make sure to update the vlab prebuild script if changing it | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: "install nix" | |
| uses: "cachix/install-nix-action@v31" | |
| - run: | | |
| sudo chown -R "$(id -u):$(id -g)" /nix | |
| - name: "login to ghcr.io" | |
| uses: "docker/login-action@v3" | |
| with: | |
| registry: "ghcr.io" | |
| username: "${{ github.actor }}" | |
| password: "${{ secrets.GITHUB_TOKEN }}" | |
| - uses: "dtolnay/rust-toolchain@stable" | |
| - uses: "cargo-bins/cargo-binstall@main" | |
| - run: | | |
| cargo binstall --no-confirm just | |
| - name: "confirm sources" | |
| run: | | |
| ./scripts/confirm-sources.sh | |
| - name: "build + push (debug)" | |
| run: | | |
| sudo --preserve-env just --yes profile=debug debug=true max_nix_builds=1 cores=$(nproc) rust="${{ matrix.toolchain.key }}" push | |
| - name: "build + push (release)" | |
| run: | | |
| sudo --preserve-env just --yes profile=release debug=true max_nix_builds=1 rust="${{ matrix.toolchain.key }}" push | |
| - name: "Install SBOM generator dependencies" | |
| run: | | |
| for f in /tmp/dpdk-sys/builds/*; do | |
| [ -h "$f" ] && sudo --preserve-env rm "$f" | |
| done | |
| cargo binstall --no-confirm csview | |
| sudo apt-get update | |
| sudo apt-get install --yes --no-install-recommends graphviz | |
| - name: "generate SBOM" | |
| run: | | |
| sudo --preserve-env ./scripts/sbom.sh | |
| - name: "step summary" | |
| continue-on-error: true # might fail due to $GITHUB_STEP_SUMMARY size limit of 1MB | |
| run: | | |
| cat "/tmp/dpdk-sys/builds/env.sysroot.summary.md" >> "${GITHUB_STEP_SUMMARY}" | |
| - name: "remove links from /tmp/dpdk-sys/builds" | |
| run: | | |
| for f in /tmp/dpdk-sys/builds/*; do | |
| [ -h "$f" ] && sudo rm "$f" | |
| done | |
| - uses: "actions/upload-artifact@v5" | |
| with: | |
| name: "builds-${{ matrix.toolchain.key }}" | |
| path: "/tmp/dpdk-sys/builds" | |
| - name: "outdated packages (gnu64)" | |
| uses: "actions/github-script@v8" | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| script: | | |
| let fs = require('fs'); | |
| let body = "<details>\n"; | |
| body += "<summary>\n\n"; | |
| body += "## Outdated packages (gnu64):\n\n"; | |
| body += "</summary>\n\n"; | |
| body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.outdated.md'); | |
| body += "\n</details>\n"; | |
| const maxLength = 65535; | |
| if (body.length > maxLength) { | |
| const warning = "\n...output truncated due to length limits...\n"; | |
| body = body.slice(0, maxLength - warning.length) + warning; | |
| } | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: body | |
| }); | |
| - name: "Vulnerable packages (gnu64)" | |
| uses: "actions/github-script@v8" | |
| if: ${{ github.event_name == 'pull_request' }} | |
| with: | |
| github-token: "${{ secrets.GITHUB_TOKEN }}" | |
| script: | | |
| let fs = require('fs'); | |
| let body = "<details>\n"; | |
| body += "<summary>\n\n"; | |
| body = "## Vulnerable packages (gnu64):\n"; | |
| body += "</summary>\n\n"; | |
| body += fs.readFileSync('/tmp/dpdk-sys/builds/env.sysroot.gnu64.vulns.triage.md'); | |
| body += "\n</details>\n"; | |
| const maxLength = 65535; | |
| if (body.length > maxLength) { | |
| const warning = "\n...output truncated due to length limits...\n"; | |
| body = body.slice(0, maxLength - warning.length) + warning; | |
| } | |
| github.rest.issues.createComment({ | |
| issue_number: context.issue.number, | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| body: body | |
| }); | |
| - name: "Setup tmate session for debug" | |
| if: ${{ failure() && github.event_name == 'workflow_dispatch' && inputs.debug_enabled }} | |
| uses: "mxschmitt/action-tmate@v3" | |
| timeout-minutes: 60 | |
| with: | |
| limit-access-to-actor: true | |
| vlab: | |
| needs: | |
| - run | |
| name: "${{ matrix.hybrid && 'hlab' || 'vlab' }}-${{ matrix.fabricmode == 'spine-leaf' && 'sl' || 'cc' }}-${{ matrix.gateway && 'gw-' || '' }}${{ matrix.includeonie && 'onie-' || '' }}${{ matrix.buildmode }}-${{ matrix.vpcmode }}" | |
| uses: githedgehog/fabricator/.github/workflows/run-vlab.yaml@master | |
| with: | |
| skip: ${{ matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+hlab') || !matrix.hybrid && !contains(github.event.pull_request.labels.*.name, 'ci:+vlab') }} | |
| fabricatorref: master | |
| prebuild: "just bump frr ${{ github.event.pull_request.head.sha }}.debug" | |
| fabricmode: ${{ matrix.fabricmode }} | |
| gateway: ${{ matrix.gateway }} | |
| includeonie: ${{ matrix.includeonie }} | |
| buildmode: ${{ matrix.buildmode }} | |
| vpcmode: ${{ matrix.vpcmode }} | |
| releasetest: ${{ contains(github.event.pull_request.labels.*.name, 'ci:+release') }} | |
| hybrid: ${{ matrix.hybrid }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| fabricmode: | |
| - spine-leaf | |
| gateway: | |
| - true | |
| includeonie: | |
| - false | |
| buildmode: | |
| - iso | |
| vpcmode: | |
| - l2vni | |
| - l3vni | |
| hybrid: | |
| - false | |
| include: | |
| - fabricmode: spine-leaf | |
| gateway: true | |
| includeonie: false | |
| buildmode: iso | |
| vpcmode: l2vni | |
| hybrid: true | |
| summary: | |
| name: "summary" | |
| if: ${{ always() }} | |
| runs-on: | |
| - "ubuntu-latest" | |
| needs: | |
| - run | |
| - vlab | |
| steps: | |
| - name: "Flag any build matrix failures" | |
| if: ${{ needs.run.result != 'success' && needs.run.result != 'skipped' }} | |
| run: | | |
| >&2 echo "A critical step failed!" | |
| exit 1 | |
| - name: "Flag any vlab matrix failures" | |
| if: ${{ needs.vlab.result != 'success' && needs.vlab.result != 'skipped' }} | |
| run: | | |
| >&2 echo "A critical step failed!" | |
| exit 1 |