jimeh/emacs-builds
1
0
Fork 0
mirror of https://github.com/jimeh/emacs-builds.git synced 2026-02-19 02:46:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

refactor(build): avoid release publishing race conditions

Browse Source 
Only run release jobs after all build jobs have completed, ensure only
one release job runs at a time, and also ensure update casks only runs
once after all release jobs have completed.
This commit is contained in:
Jim Myhrberg
2024-11-03 14:45:37 +00:00
parent e0c0d92424
commit 099c10776a
5 changed files with 117 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
.github/workflows/_build.yml vendored
View File

@@ -4,6 +4,10 @@ name: _build
on:
workflow_call:
inputs:
should_run:
description: Whether or not to run the build job
type: boolean
default: false
artifact_prefix:
description: Artifact prefix
type: string
@@ -103,7 +107,6 @@ jobs:
check: ${{ steps.check.outputs.result }}
steps:
- name: Checkout build-emacs-for-macos repo
if: ${{ inputs.os != inputs.build_os }}
uses: actions/checkout@v4
with:
repository: jimeh/build-emacs-for-macos
@@ -124,8 +127,11 @@ jobs:
- name: Ensure emacs-builder is executable
if: ${{ inputs.os == inputs.build_os }}
run: chmod +x bin/emacs-builder
- uses: DeterminateSystems/nix-installer-action@main
- uses: DeterminateSystems/magic-nix-cache-action@main
- name: Plan build
run: >-
nix develop --command
bin/emacs-builder -l debug plan --output build-plan.yml
--output-dir '${{ github.workspace }}/builds'
${{ needs.prepare.outputs.test_plan_args }}
@@ -239,7 +245,7 @@ jobs:
KEYCHAIN_PATH="$RUNNER_TEMP/app-signing.keychain-db"
# import certificate and provisioning profile from secrets
echo -n "$CERT_BASE64" | base64 --decode --output "$CERTIFICATE_PATH"
echo -n "$CERT_BASE64" | base64 --decode > "$CERTIFICATE_PATH"
# create temporary keychain
security create-keychain -p "$KEYCHAIN_PASSWORD" "$KEYCHAIN_PATH"

23
.github/workflows/_release.yml vendored
View File

@@ -1,6 +1,9 @@
---
# Requires _prepare.yml and _build.yml re-usable workflows to have run.
name: _release
concurrency:
group: _release
cancel-in-progress: false
on:
workflow_call:
inputs:
@@ -8,7 +11,7 @@ on:
description: GitHub Actions runner OS
type: string
required: false
default: "macos-12"
default: "macos-13"
plan_artifact:
description: Name of artifact containing a emacs-builder plan yaml file
type: string
@@ -17,15 +20,6 @@ on:
description: Name of artifact containing a *.dmg files to release
type: string
required: true
test_build_name:
description: "Test build name"
type: string
required: false
update_casks:
description: "Update casks in homebrew tap?"
type: boolean
required: true
default: true
secrets:
TAP_REPO_TOKEN:
description: Personal Access Token for Homebrew Tap repo
@@ -61,14 +55,5 @@ jobs:
$(find builds -name '*.dmg' -or -name '*.sha256')
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- name: Trigger update casks workflow in homebrew tap
if: >-
steps.dmg.outputs.result != 'fail' &&
inputs.test_build_name == '' &&
inputs.update_casks
run: >-
gh workflow run --repo jimeh/homebrew-emacs-builds update-casks.yml
env:
GITHUB_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
- run: echo 'No DMG artifact available, was there a new commit to build?'
if: ${{ steps.dmg.outputs.result == 'fail' }}

27
.github/workflows/_update-casks.yml vendored Normal file
View File

@@ -0,0 +1,27 @@
---
name: _update-casks
concurrency:
group: _update-casks
cancel-in-progress: false
on:
workflow_call:
inputs:
os:
description: GitHub Actions runner OS
type: string
required: false
default: "ubuntu-latest"
secrets:
TAP_REPO_TOKEN:
description: Personal Access Token for Homebrew Tap repo
required: true
jobs:
emacs-builds:
runs-on: ${{ inputs.os }}
steps:
- name: Trigger update casks workflow in homebrew tap
run: >-
gh workflow run --repo jimeh/homebrew-emacs-builds update-casks.yml
env:
GITHUB_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}

51
.github/workflows/build.yml vendored
View File

@@ -19,9 +19,9 @@ on:
required: false
default: ""
os:
description: 'Runner OS ("macos-12", "macos-13", or "macos-latest")'
description: 'Runner OS ("macos-13", "macos-14", or "macos-latest")'
required: true
default: "macos-12"
default: "macos-13"
test_build_name:
description: "Test build name"
required: false
@@ -62,7 +62,7 @@ jobs:
needs: [prepare]
with:
os: ${{ github.event.inputs.os }}
build_os: "macos-12"
build_os: "macos-13"
artifact_prefix: "x86_64-"
git_ref: ${{ github.event.inputs.git_ref }}
git_sha: ${{ github.event.inputs.git_sha }}
@@ -82,14 +82,19 @@ jobs:
release_x86_64:
name: Release (x86_64)
uses: ./.github/workflows/_release.yml
needs: [build_x86_64]
if: ${{ needs.build_x86_64.outputs.package_created }}
# Depend on both build_x86_64 and build_arm64, but only run if build_x86_64
# was successful and a package was created. This ensure wait for all builds
# to complete before running any release jobs.
needs: [build_x86_64, build_arm64]
if: |
always() &&
needs.build_x86_64.result == 'success' &&
needs.build_x86_64.outputs.package_created &&
needs.build_arm64.result != 'failure'
with:
os: ${{ github.event.inputs.os }}
plan_artifact: x86_64-build-plan
dmg_artifact: x86_64-dmg
test_build_name: ${{ github.event.inputs.test_build_name }}
update_casks: true
secrets:
TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
@@ -124,13 +129,37 @@ jobs:
release_arm64:
name: Release (arm64)
uses: ./.github/workflows/_release.yml
needs: [build_arm64]
if: ${{ needs.build_arm64.outputs.package_created }}
# Depend on both build_arm64 and build_x86_64, but only run if build_arm64
# was successful and a package was created. This ensure wait for all builds
# to complete before running any release jobs.
needs: [build_arm64, build_x86_64]
if: |
always() &&
needs.build_arm64.result == 'success' &&
needs.build_arm64.outputs.package_created &&
needs.build_x86_64.result != 'failure'
with:
os: ${{ github.event.inputs.os }}
plan_artifact: arm64-build-plan
dmg_artifact: arm64-dmg
test_build_name: ${{ github.event.inputs.test_build_name }}
update_casks: false
secrets:
TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
# ----------------------------------------------------------------------------
# Trigger update casks workflow in homebrew tap
# ----------------------------------------------------------------------------
update_casks:
name: Update Casks
uses: ./.github/workflows/_update-casks.yml
# Depend on both release jobs, but only run if either of them was
# successful. This ensures we only run this job once all release jobs have
# been completed.
needs: [release_x86_64, release_arm64]
if: >-
always() &&
github.event.inputs.test_build_name == '' &&
contains(needs.*.result, 'success') &&
!contains(needs.*.result, 'failure')
secrets:
TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}

45
.github/workflows/nightly-master.yml vendored
View File

@@ -31,7 +31,7 @@ jobs:
uses: ./.github/workflows/_build.yml
needs: [prepare]
with:
build_os: "macos-12"
build_os: "macos-13"
artifact_prefix: "x86_64-"
git_ref: "master"
git_sha: ${{ github.event.inputs.git_sha }}
@@ -48,12 +48,18 @@ jobs:
release_x86_64:
name: Release (x86_64)
uses: ./.github/workflows/_release.yml
needs: [build_x86_64]
if: ${{ needs.build_x86_64.outputs.package_created }}
# Depend on both build_x86_64 and build_arm64, but only run if build_x86_64
# was successful and a package was created. This ensure wait for all builds
# to complete before running any release jobs.
needs: [build_x86_64, build_arm64]
if: |
always() &&
needs.build_x86_64.result == 'success' &&
needs.build_x86_64.outputs.package_created &&
needs.build_arm64.result != 'failure'
with:
plan_artifact: x86_64-build-plan
dmg_artifact: x86_64-dmg
update_casks: true
secrets:
TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
@@ -86,11 +92,36 @@ jobs:
release_arm64:
name: Release (arm64)
uses: ./.github/workflows/_release.yml
needs: [build_arm64]
if: ${{ needs.build_arm64.outputs.package_created }}
# Depend on both build_arm64 and build_x86_64, but only run if build_arm64
# was successful and a package was created. This ensure wait for all builds
# to complete before running any release jobs.
needs: [build_arm64, build_x86_64]
if: |
always() &&
needs.build_arm64.result == 'success' &&
needs.build_arm64.outputs.package_created &&
needs.build_x86_64.result != 'failure'
with:
plan_artifact: arm64-build-plan
dmg_artifact: arm64-dmg
update_casks: false
secrets:
TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}
# ----------------------------------------------------------------------------
# Trigger update casks workflow in homebrew tap
# ----------------------------------------------------------------------------
update_casks:
name: Update Casks
uses: ./.github/workflows/_update-casks.yml
# Depend on both release jobs, but only run if either of them was
# successful. This ensures we only run this job once all release jobs have
# been completed.
needs: [release_x86_64, release_arm64]
if: >-
always() &&
github.event.inputs.test_build_name == '' &&
contains(needs.*.result, 'success') &&
!contains(needs.*.result, 'failure')
secrets:
TAP_REPO_TOKEN: ${{ secrets.TAP_REPO_TOKEN }}