and upload the builds to buildomat

oxidecomputer · Oct 18, 2024 · 56adb38 · 56adb38
1 parent 010a522
commit 56adb38
Show file tree

Hide file tree

Showing 2 changed files with 88 additions and 0 deletions.
diff --git a/.github/buildomat/fetch-gh-artifacts.sh b/.github/buildomat/fetch-gh-artifacts.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# Copyright Oxide Computer Company
+
+set -o errexit
+set -o pipefail
+set -o xtrace
+
+# We use `--netrc` in these calls in order to use the GitHub token Buildomat
+# provides us. This is not strictly necessary for all APIs we use, _except_ the
+# one to download artifacts. But using it for all calls keeps us from hitting
+# rate limits!
+
+API_BASE="https://github.com/repos/$GITHUB_REPOSITORY"
+
+# Buildomat creates at most one check suite per commit per repository, but
+# GitHub Actions will generally make several. We need to choose which run we
+# care about, ideally picking the one most closely related to this Buildomat
+# check suite. We first look for the most recently-created "push" run, but if
+# none are found we fall back to the most recently-created "pull_request" run.
+#
+# We check 10 times with 30 second pauses in between; if we don't have a check
+# run within about five minutes it'll probably never show up.
+for attempt in {1..10}; do
+    runs=$(curl -sSfL --netrc "$API_BASE/actions/runs?head_sha=$GITHUB_SHA" \
+        | jq -r --arg name "$1" '
+            .workflow_runs
+            | sort_by(.created_at) | reverse
+            | .[] | select(.name == $name)
+            | {id: .id, event: .event}
+        ')
+    for event in push pull_request; do
+        run_id=$(jq -r --arg event "$event" 'select(.event == $event) | .id' <<<"$runs" | head -n 1)
+        [[ -n "$run_id" ]] && break 2
+    done
+    sleep 30
+done
+if [[ -z "$run_id" ]]; then
+    echo >&2 "no check run found"
+    exit 1
+fi
+
+# Wait for the run to complete.
+until [[ $(curl -sSfL --netrc "$API_BASE/actions/runs/$run_id" | jq -r .status) == completed ]]; do
+    sleep 60
+done
+
+# Get information about artifacts and download them.
+artifacts=$(curl -sSfL --netrc "$API_BASE/actions/runs/$run_id/artifacts" \
+    | jq -r '.artifacts[] | {id: .id, name: .name}')
+for artifact_id in $(jq -r '.id' <<<"$artifacts"); do
+    artifact_name=$(jq -r --argjson id "$artifact_id" 'select(.id == $id) | .name' <<<"$artifacts")
+    # Artifact names are not allowed to contain special filesystem characters:
+    # https://github.com/actions/upload-artifact/issues/22
+    curl -sSfL --netrc -o "$artifact_name.zip" \
+        "$API_BASE/actions/artifacts/$artifact_id/zip"
+done
diff --git a/.github/buildomat/jobs/artifacts-macos.sh b/.github/buildomat/jobs/artifacts-macos.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#:
+#: name = "artifacts-macos"
+#: variety = "basic"
+#: target = "ubuntu-22.04"
+#: output_rules = [
+#:	"=/work/oxidecomputer/cockroach/cockroach.tgz",
+#:	"=/work/oxidecomputer/cockroach/cockroach.tgz.sha256",
+#: ]
+#:
+#: [[publish]]
+#: series = "darwin-amd64"
+#: name = "cockroach.tgz"
+#: from_output = "=/work/oxidecomputer/cockroach/cockroach.tgz"
+#:
+#: [[publish]]
+#: series = "darwin-amd64"
+#: name = "cockroach.tgz.sha256"
+#: from_output = "=/work/oxidecomputer/cockroach/cockroach.tgz.sha256"
+
+set -o errexit
+set -o pipefail
+set -o xtrace
+
+sudo apt-get install -y jq unzip
+timeout 30m .github/buildomat/fetch-gh-artifacts.sh build-macos
+unzip build.zip