feat: Support a NEXTCLADE_EXTRA_CA_CERTS environment variable and --extra-ca-certs option #1888
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Build CLI binaries and publish them to GitHub Releases | |
name: cli | |
on: | |
push: | |
branches: [ 'master', 'staging-cli', 'release-cli' ] | |
pull_request: | |
repository_dispatch: | |
types: build | |
workflow_dispatch: | |
workflow_call: | |
concurrency: | |
group: cli-${{ github.workflow }}-${{ github.ref_type }}-${{ github.event.pull_request.number || github.ref || github.run_id }} | |
cancel-in-progress: true | |
defaults: | |
run: | |
shell: bash -euxo pipefail {0} | |
env: | |
GITHUB_REPOSITORY_URL: ${{ github.server_url }}/${{ github.repository }} | |
VERBOSE: 1 | |
jobs: | |
builder-docker-image: | |
name: "Run 'builder-docker-image.yml' workflow" | |
uses: ./.github/workflows/builder-docker-image.yml | |
secrets: inherit | |
concurrency: | |
group: cli-builder-docker-image-workflow_call-${{ github.workflow }}-${{ github.ref_type }}-${{ github.event.pull_request.number || github.ref || github.run_id }} | |
cancel-in-progress: true | |
build-cli: | |
name: "Build CLI (${{ matrix.arch }})" | |
needs: [ builder-docker-image ] | |
runs-on: ubuntu-22.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
arch: | |
- aarch64-apple-darwin | |
- aarch64-unknown-linux-gnu | |
- aarch64-unknown-linux-musl | |
- x86_64-apple-darwin | |
- x86_64-pc-windows-gnu | |
- x86_64-unknown-linux-gnu | |
- x86_64-unknown-linux-musl | |
steps: | |
- name: "Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Free disk space" | |
run: | | |
sudo swapoff -a || true | |
sudo rm -f /swapfile || true | |
sudo apt-get remove --yes --purge --verbose-versions '^dotnet-.*' '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-sdk hhvm google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri || true | |
sudo apt-get autoremove --purge --verbose-versions --yes | |
sudo apt-get clean | |
sudo apt-get update | |
sudo rm -rf /opt/ghc | |
sudo rm -rf /usr/local/.ghcup | |
sudo rm -rf /usr/local/graalvm | |
sudo rm -rf /usr/local/lib/android | |
sudo rm -rf /usr/local/lib/node_modules | |
sudo rm -rf /usr/local/share/chromium | |
sudo rm -rf /usr/local/share/powershell | |
sudo rm -rf /usr/share/dotnet | |
docker container stop $(docker ps -q) || true | |
docker rmi $(docker image ls -aq) || true | |
yes | docker system prune -af --volumes || true | |
yes | docker network prune -f || true | |
yes | docker image prune -af || true | |
yes | docker builder prune -af || true | |
yes | docker buildx prune -af || true | |
- name: "Check disk space" | |
run: | | |
echo "" | |
df -Th | awk 'NR == 1; NR > 1 {print $0 | "sort -n"}' | |
echo "" | |
lsblk -o MOUNTPOINT,FSTYPE,FSSIZE,FSAVAIL,FSUSE%,TYPE,NAME,ROTA,SIZE,MODEL,UUID | |
- name: "Setup environment (release)" | |
if: endsWith(github.ref, '/release-cli') | |
run: | | |
echo "DATA_FULL_DOMAIN=https://data.clades.nextstrain.org/v3" >> $GITHUB_ENV | |
- name: "Setup environment (staging)" | |
if: endsWith(github.ref, '/staging-cli') | |
run: | | |
echo "DATA_FULL_DOMAIN=https://data.staging.clades.nextstrain.org/v3" >> $GITHUB_ENV | |
- name: "Setup environment (master)" | |
if: ${{ !endsWith(github.ref, '/staging-cli') && !endsWith(github.ref, '/release-cli') }} | |
run: | | |
echo "DATA_FULL_DOMAIN=https://data.master.clades.nextstrain.org/v3" >> $GITHUB_ENV | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Get docker build checksum" | |
id: docker-build-checksum | |
run: echo "checksum=$(./scripts/docker_build_checksum.sh)" >> $GITHUB_OUTPUT | |
- name: "Setup cache for Docker buildx (${{ matrix.arch }})" | |
uses: actions/cache@v4 | |
with: | |
path: .cache/docker/buildx | |
key: cache-v1-buildx-${{ runner.os }}-${{ matrix.arch }}-${{ steps.docker-build-checksum.outputs.checksum }} | |
restore-keys: | | |
cache-v1-buildx-${{ runner.os }}-${{ matrix.arch }}-${{ steps.docker-build-checksum.outputs.checksum }} | |
cache-v1-buildx-${{ runner.os }}-${{ matrix.arch }}- | |
cache-v1-buildx-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }} | |
cache-v1-buildx-${{ runner.os }}- | |
- name: "Setup cache for Rust and Cargo" | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.cache/docker/.cargo | |
.build/ | |
key: cache-v1-cargo-${{ runner.os }}-${{ matrix.arch }}-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: | | |
cache-v1-cargo-${{ runner.os }}-${{ matrix.arch }}-${{ hashFiles('**/Cargo.lock') }} | |
cache-v1-cargo-${{ runner.os }}-${{ matrix.arch }}- | |
cache-v1-cargo-${{ runner.os }}- | |
- name: "Install deps" | |
run: | | |
mkdir -p "${HOME}/bin" | |
curl -fsSL "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -o "${HOME}/bin/dasel" && chmod +x "${HOME}/bin/dasel" | |
- name: "Prepare .env file" | |
run: | | |
export PATH="${PATH}:${HOME}/bin" | |
version=$(dasel select -p toml -s ".workspace.package.version" -f "Cargo.toml") | |
if [[ "$version" =~ (rc|beta|alpha) ]]; then | |
export DATA_FULL_DOMAIN="https://data.master.clades.nextstrain.org/v3" | |
fi | |
cp .env.example .env | |
sed -i -e "s|OSXCROSS_URL=http://example.com/osxcross/osxcross.tar.xz|OSXCROSS_URL=${{ secrets.OSXCROSS_URL }}|g" .env | |
sed -i -e "s|DATA_FULL_DOMAIN=https://data.master.clades.nextstrain.org/v3|DATA_FULL_DOMAIN=${DATA_FULL_DOMAIN}|g" .env | |
- name: "Login to Docker Hub" | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: nextstrainbot | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: "Build docker image (${{ matrix.arch }})" | |
run: | | |
CROSS="${{ matrix.arch }}" ./docker/dev docker-image-build-push | |
- name: "Build CLI (${{ matrix.arch }})" | |
run: | | |
CROSS="${{ matrix.arch }}" ./docker/dev build-release | |
- name: "Upload build artifacts (${{ matrix.arch }})" | |
uses: actions/upload-artifact@v4 | |
with: | |
name: out-${{ matrix.arch }} | |
path: ./.out/* | |
run-unit-tests: | |
name: "Run unit tests" | |
needs: [ builder-docker-image ] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Get docker build checksum" | |
id: docker-build-checksum | |
run: echo "checksum=$(./scripts/docker_build_checksum.sh)" >> $GITHUB_OUTPUT | |
- name: "Setup cache for Docker buildx" | |
uses: actions/cache@v4 | |
with: | |
path: .cache/docker/buildx | |
key: cache-v1-buildx-unit-tests-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }} | |
restore-keys: | | |
cache-v1-buildx-unit-tests-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }} | |
cache-v1-buildx-unit-tests-${{ runner.os }}- | |
- name: "Setup cache for Rust and Cargo" | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.cache/docker/.cargo | |
.build/ | |
key: cache-v1-cargo-unit-tests-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: | | |
cache-v1-cargo-unit-tests-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
cache-v1-cargo-unit-tests-${{ runner.os }}- | |
- name: "Prepare .env file" | |
run: | | |
cp .env.example .env | |
sed -i -e "s|OSXCROSS_URL=http://example.com/osxcross/osxcross.tar.xz|OSXCROSS_URL=${{ secrets.OSXCROSS_URL }}|g" .env | |
- name: "Run unit tests" | |
run: | | |
./docker/dev test | |
run-lints: | |
name: "Run lints" | |
needs: [ builder-docker-image ] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Get docker build checksum" | |
id: docker-build-checksum | |
run: echo "checksum=$(./scripts/docker_build_checksum.sh)" >> $GITHUB_OUTPUT | |
- name: "Setup cache for Docker buildx" | |
uses: actions/cache@v4 | |
with: | |
path: .cache/docker/buildx | |
key: cache-v1-buildx-lints-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }} | |
restore-keys: | | |
cache-v1-buildx-lints-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }} | |
cache-v1-buildx-lints-${{ runner.os }}- | |
- name: "Setup cache for Rust and Cargo" | |
uses: actions/cache@v4 | |
with: | |
path: | | |
.cache/docker/.cargo | |
.build/ | |
key: cache-v1-cargo-lints-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
restore-keys: | | |
cache-v1-cargo-lints-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
cache-v1-cargo-lints-${{ runner.os }}- | |
- name: "Prepare .env file" | |
run: | | |
cp .env.example .env | |
sed -i -e "s|OSXCROSS_URL=http://example.com/osxcross/osxcross.tar.xz|OSXCROSS_URL=${{ secrets.OSXCROSS_URL }}|g" .env | |
- name: "Run lints" | |
run: | | |
./docker/dev lint-ci | |
run-smoke-tests: | |
name: "Run smoke tests (linux)" | |
needs: [ build-cli ] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Install dependencies" | |
run: | | |
mkdir -p "${HOME}/bin" | |
export PATH="${HOME}/bin:${PATH}" | |
curl -fsSL "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" -o ${HOME}/bin/jq && chmod +x ${HOME}/bin/jq | |
- name: "Download build artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: out-* | |
merge-multiple: true | |
path: ".out" | |
- name: "Run smoke tests (linux)" | |
run: | | |
chmod +x ./.out/* | |
JOBS=2 ./tests/run-smoke-tests ./.out/nextclade-x86_64-unknown-linux-gnu | |
# run-smoke-tests-mac: | |
# name: "Run smoke tests (mac)" | |
# needs: [ build-cli ] | |
# runs-on: macos-latest | |
# | |
# steps: | |
# - name: "Checkout code" | |
# uses: actions/checkout@v4 | |
# with: | |
# fetch-depth: 1 | |
# submodules: true | |
# | |
# - name: "Download build artifacts" | |
# uses: actions/download-artifact@v4 | |
# with: | |
# name: "out" | |
# path: ".out" | |
# | |
# - name: "Run smoke tests (mac)" | |
# run: | | |
# chmod +x ./.out/* | |
# ./tests/run-smoke-tests ./.out/nextclade-x86_64-apple-darwin | |
run-linux-distros-test: | |
name: "Run Linux distros compatibility test" | |
needs: [ build-cli ] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Set up Docker Buildx" | |
uses: docker/setup-buildx-action@v3 | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Download build artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: out-* | |
merge-multiple: true | |
path: ".out" | |
- name: "Test Linux distros compatibility" | |
run: | | |
chmod +x ./.out/nextclade-x86_64-unknown-linux-gnu | |
./tests/test-linux-distros ./.out/nextclade-x86_64-unknown-linux-gnu | |
check-cli-docs: | |
name: "Check that autogenerated CLI documentation is up-to-date" | |
needs: [ build-cli ] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Download build artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: out-* | |
merge-multiple: true | |
path: ".out" | |
- name: "Re-generate CLI docs" | |
run: | | |
chmod +x ./.out/nextclade-x86_64-unknown-linux-gnu | |
./scripts/update_cli_reference_docs ./.out/nextclade-x86_64-unknown-linux-gnu | |
- name: "Check that the git diff is clean" | |
run: | | |
git -c color.ui=always diff --exit-code 'docs/user/nextclade-cli/reference.md' || (echo "Autogenerated CLI documentation is not up-to-date, please run './scripts/update_cli_reference_docs <path_to_nextclade>', then verify and commit the changes." >&2; exit 1) | |
publish-to-github-releases: | |
name: "Publish to GitHub Releases" | |
needs: [ build-cli, run-unit-tests, run-lints, run-smoke-tests, run-linux-distros-test, check-cli-docs ] | |
if: endsWith(github.ref, '/release-cli') | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Download build artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: out-* | |
merge-multiple: true | |
path: ".out" | |
- name: "Install deploy dependencies" | |
run: | | |
mkdir -p "${HOME}/bin" | |
curl -fsSL "https://github.com/cli/cli/releases/download/v2.10.1/gh_2.10.1_linux_amd64.tar.gz" | tar xz -C "${HOME}/bin" --strip-components=2 gh_2.10.1_linux_amd64/bin/gh | |
curl -fsSL "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -o "${HOME}/bin/dasel" && chmod +x "${HOME}/bin/dasel" | |
curl -fsSL "https://github.com/orhun/git-cliff/releases/download/v0.7.0/git-cliff-0.7.0-x86_64-unknown-linux-gnu.tar.gz" | tar -C "${HOME}/bin" --strip-components=1 -xz "git-cliff-0.7.0/git-cliff" | |
curl -fsSL "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" -o ${HOME}/bin/jq && chmod +x ${HOME}/bin/jq | |
- name: "Publish build artifacts to GitHub releases" | |
run: | | |
export PATH="${PATH}:${HOME}/bin" | |
export GITHUB_TOKEN="${{ secrets.GH_TOKEN_NEXTSTRAIN_BOT_REPO }}" | |
./scripts/publish_github \ | |
--artifacts_dir ".out" \ | |
--repo "${{ github.repository }}" \ | |
--git_sha "${{ github.sha }}" | |
publish-to-docker-hub: | |
name: "Publish to Docker Hub" | |
needs: [ build-cli, run-unit-tests, run-lints, run-smoke-tests, run-linux-distros-test, check-cli-docs ] | |
if: endsWith(github.ref, '/release-cli') | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: "Checkout code" | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 1 | |
submodules: true | |
- name: "Download build artifacts" | |
uses: actions/download-artifact@v4 | |
with: | |
pattern: out-* | |
merge-multiple: true | |
path: ".out" | |
- name: "Install deploy dependencies" | |
run: | | |
mkdir -p "${HOME}/bin" | |
curl -fsSL "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -o "${HOME}/bin/dasel" && chmod +x "${HOME}/bin/dasel" | |
- name: "Login to Docker Hub" | |
uses: docker/login-action@v3 | |
with: | |
registry: docker.io | |
username: nextstrainbot | |
password: ${{ secrets.DOCKER_TOKEN }} | |
- name: "Build and publish Docker container images to Docker Hub" | |
run: | | |
export PATH="${PATH}:${HOME}/bin" | |
chmod +x ./.out/* | |
./scripts/publish_docker --push |