.gitea/workflows/gentoo-utils.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201

name: Gentoo Utils

on: [push]

defaults:
  run:
    shell: bash -el -o pipefail {0}

# fixes rare instances of git commands failing because TERM isnt set
env:
  TERM: xterm

jobs:
  build-oci-image:
    runs-on: ubuntu-latest
    continue-on-error: true
    steps:
      - name: Restore git cache
        uses: actions/cache@v4
        with:
          path: .git
          key: gitea-repo-${{ gitea.repository }}-${{ gitea.ref }}

      - name: Checkout repo
        uses: actions/checkout@v5
        with:
          fetch-depth: 0

      - name: Check for changes before building
        id: image-changes
        # build image only if 1. changes are detected or 2. an image for the working branch doesnt exist
        run: |
          branch_name="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}"
          default_branch_name="${{ gitea.event.repository.default_branch }}"
          image_tag=latest
          comparison_hash="${{ gitea.event.before }}"

          if [[ "$branch_name" != "$default_branch_name" ]]; then
            image_tag=$branch_name
          fi
          # slugify
          image_tag="$(echo "$image_tag" | sed -E 's/[^a-zA-Z0-9]/-/g')"

          # rebase breaks gitea.event.before, so check to make sure the hash provided exists
          if ! git merge-base --is-ancestor $comparison_hash $branch_name >/dev/null 2>&1; then
            comparison_hash=$(git merge-base origin/$default_branch_name $branch_name)
          fi
            
          if ! git diff $comparison_hash ${{ gitea.sha }} --no-patch --exit-code .docker; then
            build_image=true
          else
            if ! docker manifest inspect ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${image_tag} >/dev/null 2>&1; then
              build_image=true
            else
              build_image=false
            fi
          fi

          echo "default_branch_name=$default_branch_name" >> $GITEA_OUTPUT
          echo "branch_name=$branch_name" >> $GITEA_OUTPUT
          echo "image_tag=$image_tag" >> $GITEA_OUTPUT
          echo "comparison_hash=$comparison_hash" >> $GITEA_OUTPUT
          echo "build_image=$build_image" >> $GITEA_OUTPUT
          cat $GITEA_OUTPUT
      - name: Set up Docker buildx
        if: steps.image-changes.outputs.build_image == 'true'
        uses: docker/setup-buildx-action@v3
        with:
          driver-opts: network=runners-net

      - name: Log in to Github Container Registry
        if: steps.image-changes.outputs.build_image == 'true'
        uses: docker/login-action@v3
        with:
          registry: ${{ vars.REGISTRY_URL }}
          username: ${{ vars.CI_BOT_USERNAME }}
          password: ${{ secrets.CI_BOT_TOKEN }}

      - name: Build and push
        if: steps.image-changes.outputs.build_image == 'true'
        uses: docker/build-push-action@v6
        with:
          push: true
          tags: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ steps.image-changes.outputs.image_tag }}
          context: "{{defaultContext}}:.docker"
          cache-from: type=gha
          cache-to: type=gha,mode=max
    outputs:
      image_tag: ${{ steps.image-changes.outputs.image_tag }}

  build:
    runs-on: brutalisk
    env:
      CC: 'clang'
      CXX: 'clang++'
    needs: build-oci-image
    container:
      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v5

      - name: build and check
        run: |
          meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized -Ddocs=enabled build
          meson compile -C build

  # FIXME: Currently this rebuilds everything. Instead we should bring over the build dir from the build job. This will come in handy
  # when we have multiple build targets and configs. What we have currently is fine until we get lots of builds going
  test:
    runs-on: brutalisk
    env:
      CC: 'clang'
      CXX: 'clang++'
    needs: [build-oci-image, build]
    container:
      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v5

      - name: test
        run: |
          meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized -Ddocs=enabled build
          meson compile -C build
          ninja test -C build

  fuzz:
    runs-on: brutalisk
    env:
      CC: 'clang'
      CXX: 'clang++'
      FUZZER_TIMEOUT_S: 300
    needs: [build-oci-image, build]
    container:
      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v5

      # FIXME: Get rid of this step when portage has fixes merged?
      # needed because portage has fixes upstream we need that arent stable yet
      - name: Checkout tip of portage
        run: |
          git clone https://github.com/gentoo/portage.git
          cd portage
          python -m venv .venv && ./.venv/bin/pip install -e .
          source ./.venv/bin/activate
          which emerge

      - name: build and fuzz
        run: |
          source ./portage/.venv/bin/activate
          which emerge
          meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build
          meson compile atom_parser_fuzzer:alias -C build
          timeout 10m ./scripts/atom_parser_fuzz.sh
        continue-on-error: true

  check-format:
    runs-on: brutalisk
    needs: [build-oci-image]
    container:
      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v5

      - name: Check Formatting
        run: |
          meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build
          meson format --check-only --recursive
          ninja rustfmt -C build

  docs:
    runs-on: brutalisk
    needs: [build-oci-image]
    container:
      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v5

      - name: Build Documentation
        run: |
          meson setup -Ddocs=enabled docs
          ninja rustdoc -C docs

  grep:
    runs-on: brutalisk
    needs: [build-oci-image]
    container:
      image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }}
    steps:
      - name: Checkout repo
        uses: actions/checkout@v5

      - name: grep for patterns
        # negate git grep ret code because 1 means no findings
        run: |
          git grep -E 'todo!|dbg!' -- '*.rs' && exit 1 || exit 0