name: Gentoo Utils on: [push] defaults: run: shell: bash -el -o pipefail {0} # fixes rare instances of git commands failing because TERM isnt set env: TERM: xterm jobs: build-oci-image: runs-on: ubuntu-latest continue-on-error: true steps: - name: Restore git cache uses: actions/cache@v4 with: path: .git key: gitea-repo-${{ gitea.repository }}-${{ gitea.ref }} - name: Checkout repo uses: actions/checkout@v5 with: fetch-depth: 0 - name: Check for changes before building id: image-changes # build image only if 1. changes are detected or 2. an image for the working branch doesnt exist run: | branch_name="${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" default_branch_name="${{ gitea.event.repository.default_branch }}" image_tag=latest comparison_hash="${{ gitea.event.before }}" if [[ "$branch_name" != "$default_branch_name" ]]; then image_tag=$branch_name fi # slugify image_tag="$(echo "$image_tag" | sed -E 's/[^a-zA-Z0-9]/-/g')" # rebase breaks gitea.event.before, so check to make sure the hash provided exists if ! git merge-base --is-ancestor $comparison_hash $branch_name >/dev/null 2>&1; then comparison_hash=$(git merge-base origin/$default_branch_name $branch_name) fi if ! git diff $comparison_hash ${{ gitea.sha }} --no-patch --exit-code .docker; then build_image=true else if ! docker manifest inspect ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${image_tag} >/dev/null 2>&1; then build_image=true else build_image=false fi fi echo "default_branch_name=$default_branch_name" >> $GITEA_OUTPUT echo "branch_name=$branch_name" >> $GITEA_OUTPUT echo "image_tag=$image_tag" >> $GITEA_OUTPUT echo "comparison_hash=$comparison_hash" >> $GITEA_OUTPUT echo "build_image=$build_image" >> $GITEA_OUTPUT cat $GITEA_OUTPUT - name: Set up Docker buildx if: steps.image-changes.outputs.build_image == 'true' uses: docker/setup-buildx-action@v3 - name: Log in to Github Container Registry if: steps.image-changes.outputs.build_image == 'true' uses: docker/login-action@v3 with: registry: ${{ vars.REGISTRY_URL }} username: ${{ vars.CI_BOT_USERNAME }} password: ${{ secrets.CI_BOT_TOKEN }} - name: Build and push if: steps.image-changes.outputs.build_image == 'true' uses: docker/build-push-action@v6 with: push: true tags: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ steps.image-changes.outputs.image_tag }} context: "{{defaultContext}}:.docker" cache-from: type=gha cache-to: type=gha,mode=max outputs: image_tag: ${{ steps.image-changes.outputs.image_tag }} build: runs-on: brutalisk env: CC: 'clang' CXX: 'clang++' needs: build-oci-image container: image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }} steps: - name: Checkout repo uses: actions/checkout@v5 - name: build and check run: | meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized -Ddocs=enabled build meson compile -C build # FIXME: Currently this rebuilds everything. Instead we should bring over the build dir from the build job. This will come in handy # when we have multiple build targets and configs. What we have currently is fine until we get lots of builds going test: runs-on: brutalisk env: CC: 'clang' CXX: 'clang++' needs: [build-oci-image, build] container: image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }} steps: - name: Checkout repo uses: actions/checkout@v5 - name: test run: | meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized -Ddocs=enabled build meson compile -C build ninja test -C build fuzz: runs-on: brutalisk env: CC: 'clang' CXX: 'clang++' FUZZER_TIMEOUT_S: 300 needs: [build-oci-image, build] container: image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }} steps: - name: Checkout repo uses: actions/checkout@v5 # FIXME: Get rid of this step when portage has fixes merged? # needed because portage has fixes upstream we need that arent stable yet - name: Checkout tip of portage run: | git clone https://github.com/gentoo/portage.git cd portage python -m venv .venv && ./.venv/bin/pip install -e . source ./.venv/bin/activate which emerge - name: build and fuzz run: | source ./portage/.venv/bin/activate which emerge meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build meson compile atom_parser_fuzzer:alias -C build timeout 10m ./scripts/atom_parser_fuzz.sh continue-on-error: true check-format: runs-on: brutalisk needs: [build-oci-image] container: image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }} steps: - name: Checkout repo uses: actions/checkout@v5 - name: Check Formatting run: | meson setup -Dfuzz=enabled -Dtests=enabled -Dbuildtype=debugoptimized build meson format --check-only --recursive ninja rustfmt -C build docs: runs-on: brutalisk needs: [build-oci-image] container: image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }} steps: - name: Checkout repo uses: actions/checkout@v5 - name: Build Documentation run: | meson setup -Ddocs=enabled docs ninja rustdoc -C docs grep: runs-on: brutalisk needs: [build-oci-image] container: image: ${{ vars.REGISTRY_URL }}/${{ gitea.repository }}:${{ needs.build-oci-image.outputs.image_tag }} steps: - name: Checkout repo uses: actions/checkout@v5 - name: grep for patterns # negate git grep ret code because 1 means no findings run: | git grep -E 'todo!|dbg!' -- '*.rs' && exit 1 || exit 0