Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commiteada44c

Browse files
committed
Merge branch 'main' into provisionoidc
2 parents760c4a8 +ca067cf commiteada44c

File tree

929 files changed

+57069
-22297
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

929 files changed

+57069
-22297
lines changed

‎.github/pull_request_template.md

Lines changed: 0 additions & 3 deletions
This file was deleted.

‎.github/workflows/ci.yaml

Lines changed: 13 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -41,7 +41,7 @@ jobs:
4141

4242
# Check for any typos!
4343
-name:Check for typos
44-
uses:crate-ci/typos@v1.13.9
44+
uses:crate-ci/typos@v1.13.14
4545
with:
4646
config:.github/workflows/typos.toml
4747
-name:Fix the typos
@@ -121,7 +121,8 @@ jobs:
121121
- 'site/**'
122122
k8s:
123123
- 'helm/**'
124-
- Dockerfile
124+
- scripts/Dockerfile
125+
- scripts/Dockerfile.base
125126
- scripts/helm.sh
126127
-id:debug
127128
run:|
@@ -185,8 +186,9 @@ jobs:
185186

186187
-name:Install Protoc
187188
run:|
188-
# protoc must be in lockstep with our dogfood Dockerfile
189-
# or the version in the comments will differ.
189+
# protoc must be in lockstep with our dogfood Dockerfile or the
190+
# version in the comments will differ. This is also defined in
191+
# security.yaml
190192
set -x
191193
cd dogfood
192194
DOCKER_BUILDKIT=1 docker build . --target proto -t protoc
@@ -505,12 +507,12 @@ jobs:
505507
506508
-uses:actions/setup-node@v3
507509
with:
508-
node-version:"14"
510+
node-version:"16.16.0"
509511

510512
-name:Install node_modules
511513
run:./scripts/yarn_install.sh
512514

513-
-run:yarn test:ci
515+
-run:yarn test:ci --max-workers ${{ steps.cpu-cores.outputs.count }}
514516
working-directory:site
515517

516518
-uses:codecov/codecov-action@v3
@@ -554,7 +556,7 @@ jobs:
554556

555557
-uses:actions/setup-node@v3
556558
with:
557-
node-version:"14"
559+
node-version:"16.16.0"
558560

559561
-name:Echo Go Cache Paths
560562
id:go-cache-paths
@@ -582,9 +584,6 @@ jobs:
582584
-run:yarn playwright:install
583585
working-directory:site
584586

585-
-run:yarn playwright:install-deps
586-
working-directory:site
587-
588587
-run:yarn playwright:test
589588
env:
590589
DEBUG:pw:api
@@ -611,6 +610,10 @@ jobs:
611610
# only get 1 commit on shallow checkout.
612611
fetch-depth:0
613612

613+
-uses:actions/setup-node@v3
614+
with:
615+
node-version:"16.16.0"
616+
614617
-name:Install dependencies
615618
run:cd site && yarn
616619

‎.github/workflows/contrib.yaml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ concurrency: pr-${{ github.ref }}
1919

2020
jobs:
2121
# Dependabot is annoying, but this makes it a bit less so.
22-
auto-approve:
22+
auto-approve-dependabot:
2323
runs-on:ubuntu-latest
2424
if:github.event_name == 'pull_request_target'
2525
permissions:
@@ -33,7 +33,7 @@ jobs:
3333
steps:
3434
-name:cla
3535
if:(github.event.comment.body == 'recheck' || github.event.comment.body == 'I have read the CLA Document and I hereby sign the CLA') || github.event_name == 'pull_request_target'
36-
uses:contributor-assistant/github-action@v2.2.1
36+
uses:contributor-assistant/github-action@v2.3.0
3737
env:
3838
GITHUB_TOKEN:${{ secrets.GITHUB_TOKEN }}
3939
# the below token should have repo scope and must be manually added by you in the repository's secret

‎.github/workflows/docker-base.yaml

Lines changed: 90 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,90 @@
1+
name:docker-base
2+
3+
on:
4+
push:
5+
branches:
6+
-main
7+
paths:
8+
-scripts/Dockerfile.base
9+
-scripts/Dockerfile
10+
11+
schedule:
12+
# Run every week at 09:43 on Monday, Wednesday and Friday. We build this
13+
# frequently to ensure that packages are up-to-date.
14+
-cron:"43 9 * * 1,3,5"
15+
16+
workflow_dispatch:
17+
18+
permissions:
19+
contents:read
20+
# Necessary to push docker images to ghcr.io.
21+
packages:write
22+
# Necessary for depot.dev authentication.
23+
id-token:write
24+
25+
# Avoid running multiple jobs for the same commit.
26+
concurrency:
27+
group:${{ github.workflow }}-${{ github.ref }}-docker-base
28+
29+
jobs:
30+
build:
31+
runs-on:ubuntu-latest
32+
if:github.repository_owner == 'coder'
33+
steps:
34+
-uses:actions/checkout@v3
35+
36+
-name:Docker login
37+
uses:docker/login-action@v2
38+
with:
39+
registry:ghcr.io
40+
username:${{ github.actor }}
41+
password:${{ secrets.GITHUB_TOKEN }}
42+
43+
-name:Create empty base-build-context directory
44+
run:mkdir base-build-context
45+
46+
-name:Install depot.dev CLI
47+
uses:depot/setup-action@v1
48+
49+
# This uses OIDC authentication, so no auth variables are required.
50+
-name:Build base Docker image via depot.dev
51+
uses:depot/build-push-action@v1
52+
with:
53+
project:wl5hnrrkns
54+
context:base-build-context
55+
file:scripts/Dockerfile.base
56+
platforms:linux/amd64,linux/arm64,linux/arm/v7
57+
pull:true
58+
no-cache:true
59+
push:true
60+
tags:|
61+
ghcr.io/coder/coder-base:latest
62+
63+
-name:Verify that images are pushed properly
64+
run:|
65+
# retry 10 times with a 5 second delay as the images may not be
66+
# available immediately
67+
for i in {1..10}; do
68+
rc=0
69+
raw_manifests=$(docker buildx imagetools inspect --raw ghcr.io/coder/coder-base:latest) || rc=$?
70+
if [[ "$rc" -eq 0 ]]; then
71+
break
72+
fi
73+
if [[ "$i" -eq 10 ]]; then
74+
echo "Failed to pull manifests after 10 retries"
75+
exit 1
76+
fi
77+
echo "Failed to pull manifests, retrying in 5 seconds"
78+
sleep 5
79+
done
80+
81+
manifests=$(
82+
echo "$raw_manifests" | \
83+
jq -r '.manifests[].platform | .os + "/" + .architecture + (if .variant then "/" + .variant else "" end)'
84+
)
85+
86+
# Verify all 3 platforms are present.
87+
set -euxo pipefail
88+
echo "$manifests" | grep -q linux/amd64
89+
echo "$manifests" | grep -q linux/arm64
90+
echo "$manifests" | grep -q linux/arm/v7

‎.github/workflows/pr-auto-assign.yaml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
# Filtering pull requests is much easier when we can reliably guarantee
2+
# that the "Assignee" field is populated.
3+
name:PR Auto Assign
4+
5+
on:
6+
pull_request_target:
7+
types:[opened]
8+
9+
permissions:
10+
pull-requests:write
11+
12+
jobs:
13+
assign-author:
14+
runs-on:ubuntu-latest
15+
steps:
16+
-uses:toshimaru/auto-author-assign@v1.6.2

‎.github/workflows/release.yaml

Lines changed: 83 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ jobs:
6363
6464
-name:Create release notes
6565
env:
66+
GITHUB_TOKEN:${{ secrets.GITHUB_TOKEN }}
6667
# We always have to set this since there might be commits on
6768
# main that didn't have a PR.
6869
CODER_IGNORE_MISSING_COMMIT_METADATA:"1"
@@ -112,17 +113,17 @@ jobs:
112113
set -euo pipefail
113114
wget -O /tmp/nfpm.deb https://github.com/goreleaser/nfpm/releases/download/v2.18.1/nfpm_amd64.deb
114115
sudo dpkg -i /tmp/nfpm.deb
116+
rm /tmp/nfpm.deb
115117
116118
-name:Install rcodesign
117119
run:|
118120
set -euo pipefail
119-
120-
# Install a prebuilt binary of rcodesign for linux amd64. Once the
121-
# following PR is merged and released upstream, we can download
122-
# directly from GitHub releases instead:
123-
# https://github.com/indygreg/PyOxidizer/pull/635
124-
wget -O /tmp/rcodesign https://cdn.discordapp.com/attachments/283356472258199552/1016767245717872700/rcodesign
125-
sudo install --mode 755 /tmp/rcodesign /usr/local/bin/rcodesign
121+
wget -O /tmp/rcodesign.tar.gz https://github.com/indygreg/apple-platform-rs/releases/download/apple-codesign%2F0.22.0/apple-codesign-0.22.0-x86_64-unknown-linux-musl.tar.gz
122+
sudo tar -xzf /tmp/rcodesign.tar.gz \
123+
-C /usr/bin \
124+
--strip-components=1 \
125+
apple-codesign-0.22.0-x86_64-unknown-linux-musl/rcodesign
126+
rm /tmp/rcodesign.tar.gz
126127
127128
-name:Setup Apple Developer certificate and API key
128129
run:|
@@ -160,6 +161,69 @@ jobs:
160161
-name:Delete Apple Developer certificate and API key
161162
run:rm -f /tmp/{apple_cert.p12,apple_cert_password.txt,apple_apikey.p8}
162163

164+
-name:Determine base image tag
165+
id:image-base-tag
166+
run:|
167+
set -euo pipefail
168+
if [[ "${CODER_RELEASE:-}" != *t* ]] || [[ "${CODER_DRY_RUN:-}" == *t* ]]; then
169+
# Empty value means use the default and avoid building a fresh one.
170+
echo "tag=" >> $GITHUB_OUTPUT
171+
else
172+
echo "tag=$(CODER_IMAGE_BASE=ghcr.io/coder/coder-base ./scripts/image_tag.sh)" >> $GITHUB_OUTPUT
173+
fi
174+
175+
-name:Create empty base-build-context directory
176+
if:steps.image-base-tag.outputs.tag != ''
177+
run:mkdir base-build-context
178+
179+
-name:Install depot.dev CLI
180+
if:steps.image-base-tag.outputs.tag != ''
181+
uses:depot/setup-action@v1
182+
183+
# This uses OIDC authentication, so no auth variables are required.
184+
-name:Build base Docker image via depot.dev
185+
if:steps.image-base-tag.outputs.tag != ''
186+
uses:depot/build-push-action@v1
187+
with:
188+
project:wl5hnrrkns
189+
context:base-build-context
190+
file:scripts/Dockerfile.base
191+
platforms:linux/amd64,linux/arm64,linux/arm/v7
192+
pull:true
193+
no-cache:true
194+
push:true
195+
tags:|
196+
${{ steps.image-base-tag.outputs.tag }}
197+
198+
-name:Verify that images are pushed properly
199+
run:|
200+
# retry 10 times with a 5 second delay as the images may not be
201+
# available immediately
202+
for i in {1..10}; do
203+
rc=0
204+
raw_manifests=$(docker buildx imagetools inspect --raw "${{ steps.image-base-tag.outputs.tag }}") || rc=$?
205+
if [[ "$rc" -eq 0 ]]; then
206+
break
207+
fi
208+
if [[ "$i" -eq 10 ]]; then
209+
echo "Failed to pull manifests after 10 retries"
210+
exit 1
211+
fi
212+
echo "Failed to pull manifests, retrying in 5 seconds"
213+
sleep 5
214+
done
215+
216+
manifests=$(
217+
echo "$raw_manifests" | \
218+
jq -r '.manifests[].platform | .os + "/" + .architecture + (if .variant then "/" + .variant else "" end)'
219+
)
220+
221+
# Verify all 3 platforms are present.
222+
set -euxo pipefail
223+
echo "$manifests" | grep -q linux/amd64
224+
echo "$manifests" | grep -q linux/arm64
225+
echo "$manifests" | grep -q linux/arm/v7
226+
163227
-name:Build Linux Docker images
164228
run:|
165229
set -euxo pipefail
@@ -188,6 +252,8 @@ jobs:
188252
--target "$(./scripts/image_tag.sh --version latest)" \
189253
$(cat build/coder_"$version"_linux_{amd64,arm64,armv7}.tag)
190254
fi
255+
env:
256+
CODER_BASE_IMAGE_TAG:${{ steps.image-base-tag.outputs.tag }}
191257

192258
-name:ls build
193259
run:ls -lh build
@@ -239,7 +305,7 @@ jobs:
239305
240306
-name:Upload artifacts to actions (if dry-run)
241307
if:${{ inputs.dry_run }}
242-
uses:actions/upload-artifact@v2
308+
uses:actions/upload-artifact@v3
243309
with:
244310
name:release-artifacts
245311
path:|
@@ -252,6 +318,15 @@ jobs:
252318
./build/*.rpm
253319
retention-days:7
254320

321+
-name:Start Packer builds
322+
if:${{ !inputs.dry_run }}
323+
uses:peter-evans/repository-dispatch@v2
324+
with:
325+
token:${{ secrets.CDRCI_GITHUB_TOKEN }}
326+
repository:coder/packages
327+
event-type:coder-release
328+
client-payload:'{"coder_version": "${{ steps.version.outputs.version }}"}'
329+
255330
publish-winget:
256331
name:Publish to winget-pkgs
257332
runs-on:windows-latest
@@ -333,11 +408,3 @@ jobs:
333408
# For gh CLI. We need a real token since we're commenting on a PR in a
334409
# different repo.
335410
GH_TOKEN:${{ secrets.CDRCI_GITHUB_TOKEN }}
336-
337-
-name:Start Packer builds
338-
uses:peter-evans/repository-dispatch@v2
339-
with:
340-
token:${{ secrets.CDRCI_GITHUB_TOKEN }}
341-
repository:coder/packages
342-
event-type:coder-release
343-
client-payload:'{"coder_version": "${{ needs.release.outputs.version }}"}'

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp