Skip to content

feat: Support a NEXTCLADE_EXTRA_CA_CERTS environment variable and --extra-ca-certs option #1888

feat: Support a NEXTCLADE_EXTRA_CA_CERTS environment variable and --extra-ca-certs option

feat: Support a NEXTCLADE_EXTRA_CA_CERTS environment variable and --extra-ca-certs option #1888

Workflow file for this run

# Build CLI binaries and publish them to GitHub Releases
name: cli
on:
push:
branches: [ 'master', 'staging-cli', 'release-cli' ]
pull_request:
repository_dispatch:
types: build
workflow_dispatch:
workflow_call:
concurrency:
group: cli-${{ github.workflow }}-${{ github.ref_type }}-${{ github.event.pull_request.number || github.ref || github.run_id }}
cancel-in-progress: true
defaults:
run:
shell: bash -euxo pipefail {0}
env:
GITHUB_REPOSITORY_URL: ${{ github.server_url }}/${{ github.repository }}
VERBOSE: 1
jobs:
builder-docker-image:
name: "Run 'builder-docker-image.yml' workflow"
uses: ./.github/workflows/builder-docker-image.yml
secrets: inherit
concurrency:
group: cli-builder-docker-image-workflow_call-${{ github.workflow }}-${{ github.ref_type }}-${{ github.event.pull_request.number || github.ref || github.run_id }}
cancel-in-progress: true
build-cli:
name: "Build CLI (${{ matrix.arch }})"
needs: [ builder-docker-image ]
runs-on: ubuntu-22.04
strategy:
fail-fast: false
matrix:
arch:
- aarch64-apple-darwin
- aarch64-unknown-linux-gnu
- aarch64-unknown-linux-musl
- x86_64-apple-darwin
- x86_64-pc-windows-gnu
- x86_64-unknown-linux-gnu
- x86_64-unknown-linux-musl
steps:
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "Free disk space"
run: |
sudo swapoff -a || true
sudo rm -f /swapfile || true
sudo apt-get remove --yes --purge --verbose-versions '^dotnet-.*' '^llvm-.*' 'php.*' '^mongodb-.*' '^mysql-.*' azure-cli google-cloud-sdk hhvm google-chrome-stable firefox powershell mono-devel libgl1-mesa-dri || true
sudo apt-get autoremove --purge --verbose-versions --yes
sudo apt-get clean
sudo apt-get update
sudo rm -rf /opt/ghc
sudo rm -rf /usr/local/.ghcup
sudo rm -rf /usr/local/graalvm
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/local/lib/node_modules
sudo rm -rf /usr/local/share/chromium
sudo rm -rf /usr/local/share/powershell
sudo rm -rf /usr/share/dotnet
docker container stop $(docker ps -q) || true
docker rmi $(docker image ls -aq) || true
yes | docker system prune -af --volumes || true
yes | docker network prune -f || true
yes | docker image prune -af || true
yes | docker builder prune -af || true
yes | docker buildx prune -af || true
- name: "Check disk space"
run: |
echo ""
df -Th | awk 'NR == 1; NR > 1 {print $0 | "sort -n"}'
echo ""
lsblk -o MOUNTPOINT,FSTYPE,FSSIZE,FSAVAIL,FSUSE%,TYPE,NAME,ROTA,SIZE,MODEL,UUID
- name: "Setup environment (release)"
if: endsWith(github.ref, '/release-cli')
run: |
echo "DATA_FULL_DOMAIN=https://data.clades.nextstrain.org/v3" >> $GITHUB_ENV
- name: "Setup environment (staging)"
if: endsWith(github.ref, '/staging-cli')
run: |
echo "DATA_FULL_DOMAIN=https://data.staging.clades.nextstrain.org/v3" >> $GITHUB_ENV
- name: "Setup environment (master)"
if: ${{ !endsWith(github.ref, '/staging-cli') && !endsWith(github.ref, '/release-cli') }}
run: |
echo "DATA_FULL_DOMAIN=https://data.master.clades.nextstrain.org/v3" >> $GITHUB_ENV
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Get docker build checksum"
id: docker-build-checksum
run: echo "checksum=$(./scripts/docker_build_checksum.sh)" >> $GITHUB_OUTPUT
- name: "Setup cache for Docker buildx (${{ matrix.arch }})"
uses: actions/cache@v4
with:
path: .cache/docker/buildx
key: cache-v1-buildx-${{ runner.os }}-${{ matrix.arch }}-${{ steps.docker-build-checksum.outputs.checksum }}
restore-keys: |
cache-v1-buildx-${{ runner.os }}-${{ matrix.arch }}-${{ steps.docker-build-checksum.outputs.checksum }}
cache-v1-buildx-${{ runner.os }}-${{ matrix.arch }}-
cache-v1-buildx-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }}
cache-v1-buildx-${{ runner.os }}-
- name: "Setup cache for Rust and Cargo"
uses: actions/cache@v4
with:
path: |
.cache/docker/.cargo
.build/
key: cache-v1-cargo-${{ runner.os }}-${{ matrix.arch }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
cache-v1-cargo-${{ runner.os }}-${{ matrix.arch }}-${{ hashFiles('**/Cargo.lock') }}
cache-v1-cargo-${{ runner.os }}-${{ matrix.arch }}-
cache-v1-cargo-${{ runner.os }}-
- name: "Install deps"
run: |
mkdir -p "${HOME}/bin"
curl -fsSL "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -o "${HOME}/bin/dasel" && chmod +x "${HOME}/bin/dasel"
- name: "Prepare .env file"
run: |
export PATH="${PATH}:${HOME}/bin"
version=$(dasel select -p toml -s ".workspace.package.version" -f "Cargo.toml")
if [[ "$version" =~ (rc|beta|alpha) ]]; then
export DATA_FULL_DOMAIN="https://data.master.clades.nextstrain.org/v3"
fi
cp .env.example .env
sed -i -e "s|OSXCROSS_URL=http://example.com/osxcross/osxcross.tar.xz|OSXCROSS_URL=${{ secrets.OSXCROSS_URL }}|g" .env
sed -i -e "s|DATA_FULL_DOMAIN=https://data.master.clades.nextstrain.org/v3|DATA_FULL_DOMAIN=${DATA_FULL_DOMAIN}|g" .env
- name: "Login to Docker Hub"
uses: docker/login-action@v3
with:
registry: docker.io
username: nextstrainbot
password: ${{ secrets.DOCKER_TOKEN }}
- name: "Build docker image (${{ matrix.arch }})"
run: |
CROSS="${{ matrix.arch }}" ./docker/dev docker-image-build-push
- name: "Build CLI (${{ matrix.arch }})"
run: |
CROSS="${{ matrix.arch }}" ./docker/dev build-release
- name: "Upload build artifacts (${{ matrix.arch }})"
uses: actions/upload-artifact@v4
with:
name: out-${{ matrix.arch }}
path: ./.out/*
run-unit-tests:
name: "Run unit tests"
needs: [ builder-docker-image ]
runs-on: ubuntu-22.04
steps:
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Get docker build checksum"
id: docker-build-checksum
run: echo "checksum=$(./scripts/docker_build_checksum.sh)" >> $GITHUB_OUTPUT
- name: "Setup cache for Docker buildx"
uses: actions/cache@v4
with:
path: .cache/docker/buildx
key: cache-v1-buildx-unit-tests-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }}
restore-keys: |
cache-v1-buildx-unit-tests-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }}
cache-v1-buildx-unit-tests-${{ runner.os }}-
- name: "Setup cache for Rust and Cargo"
uses: actions/cache@v4
with:
path: |
.cache/docker/.cargo
.build/
key: cache-v1-cargo-unit-tests-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
cache-v1-cargo-unit-tests-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
cache-v1-cargo-unit-tests-${{ runner.os }}-
- name: "Prepare .env file"
run: |
cp .env.example .env
sed -i -e "s|OSXCROSS_URL=http://example.com/osxcross/osxcross.tar.xz|OSXCROSS_URL=${{ secrets.OSXCROSS_URL }}|g" .env
- name: "Run unit tests"
run: |
./docker/dev test
run-lints:
name: "Run lints"
needs: [ builder-docker-image ]
runs-on: ubuntu-22.04
steps:
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Get docker build checksum"
id: docker-build-checksum
run: echo "checksum=$(./scripts/docker_build_checksum.sh)" >> $GITHUB_OUTPUT
- name: "Setup cache for Docker buildx"
uses: actions/cache@v4
with:
path: .cache/docker/buildx
key: cache-v1-buildx-lints-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }}
restore-keys: |
cache-v1-buildx-lints-${{ runner.os }}-${{ steps.docker-build-checksum.outputs.checksum }}
cache-v1-buildx-lints-${{ runner.os }}-
- name: "Setup cache for Rust and Cargo"
uses: actions/cache@v4
with:
path: |
.cache/docker/.cargo
.build/
key: cache-v1-cargo-lints-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
restore-keys: |
cache-v1-cargo-lints-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }}
cache-v1-cargo-lints-${{ runner.os }}-
- name: "Prepare .env file"
run: |
cp .env.example .env
sed -i -e "s|OSXCROSS_URL=http://example.com/osxcross/osxcross.tar.xz|OSXCROSS_URL=${{ secrets.OSXCROSS_URL }}|g" .env
- name: "Run lints"
run: |
./docker/dev lint-ci
run-smoke-tests:
name: "Run smoke tests (linux)"
needs: [ build-cli ]
runs-on: ubuntu-22.04
steps:
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Install dependencies"
run: |
mkdir -p "${HOME}/bin"
export PATH="${HOME}/bin:${PATH}"
curl -fsSL "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" -o ${HOME}/bin/jq && chmod +x ${HOME}/bin/jq
- name: "Download build artifacts"
uses: actions/download-artifact@v4
with:
pattern: out-*
merge-multiple: true
path: ".out"
- name: "Run smoke tests (linux)"
run: |
chmod +x ./.out/*
JOBS=2 ./tests/run-smoke-tests ./.out/nextclade-x86_64-unknown-linux-gnu
# run-smoke-tests-mac:
# name: "Run smoke tests (mac)"
# needs: [ build-cli ]
# runs-on: macos-latest
#
# steps:
# - name: "Checkout code"
# uses: actions/checkout@v4
# with:
# fetch-depth: 1
# submodules: true
#
# - name: "Download build artifacts"
# uses: actions/download-artifact@v4
# with:
# name: "out"
# path: ".out"
#
# - name: "Run smoke tests (mac)"
# run: |
# chmod +x ./.out/*
# ./tests/run-smoke-tests ./.out/nextclade-x86_64-apple-darwin
run-linux-distros-test:
name: "Run Linux distros compatibility test"
needs: [ build-cli ]
runs-on: ubuntu-22.04
steps:
- name: "Set up Docker Buildx"
uses: docker/setup-buildx-action@v3
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Download build artifacts"
uses: actions/download-artifact@v4
with:
pattern: out-*
merge-multiple: true
path: ".out"
- name: "Test Linux distros compatibility"
run: |
chmod +x ./.out/nextclade-x86_64-unknown-linux-gnu
./tests/test-linux-distros ./.out/nextclade-x86_64-unknown-linux-gnu
check-cli-docs:
name: "Check that autogenerated CLI documentation is up-to-date"
needs: [ build-cli ]
runs-on: ubuntu-22.04
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Download build artifacts"
uses: actions/download-artifact@v4
with:
pattern: out-*
merge-multiple: true
path: ".out"
- name: "Re-generate CLI docs"
run: |
chmod +x ./.out/nextclade-x86_64-unknown-linux-gnu
./scripts/update_cli_reference_docs ./.out/nextclade-x86_64-unknown-linux-gnu
- name: "Check that the git diff is clean"
run: |
git -c color.ui=always diff --exit-code 'docs/user/nextclade-cli/reference.md' || (echo "Autogenerated CLI documentation is not up-to-date, please run './scripts/update_cli_reference_docs <path_to_nextclade>', then verify and commit the changes." >&2; exit 1)
publish-to-github-releases:
name: "Publish to GitHub Releases"
needs: [ build-cli, run-unit-tests, run-lints, run-smoke-tests, run-linux-distros-test, check-cli-docs ]
if: endsWith(github.ref, '/release-cli')
runs-on: ubuntu-22.04
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Download build artifacts"
uses: actions/download-artifact@v4
with:
pattern: out-*
merge-multiple: true
path: ".out"
- name: "Install deploy dependencies"
run: |
mkdir -p "${HOME}/bin"
curl -fsSL "https://github.com/cli/cli/releases/download/v2.10.1/gh_2.10.1_linux_amd64.tar.gz" | tar xz -C "${HOME}/bin" --strip-components=2 gh_2.10.1_linux_amd64/bin/gh
curl -fsSL "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -o "${HOME}/bin/dasel" && chmod +x "${HOME}/bin/dasel"
curl -fsSL "https://github.com/orhun/git-cliff/releases/download/v0.7.0/git-cliff-0.7.0-x86_64-unknown-linux-gnu.tar.gz" | tar -C "${HOME}/bin" --strip-components=1 -xz "git-cliff-0.7.0/git-cliff"
curl -fsSL "https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64" -o ${HOME}/bin/jq && chmod +x ${HOME}/bin/jq
- name: "Publish build artifacts to GitHub releases"
run: |
export PATH="${PATH}:${HOME}/bin"
export GITHUB_TOKEN="${{ secrets.GH_TOKEN_NEXTSTRAIN_BOT_REPO }}"
./scripts/publish_github \
--artifacts_dir ".out" \
--repo "${{ github.repository }}" \
--git_sha "${{ github.sha }}"
publish-to-docker-hub:
name: "Publish to Docker Hub"
needs: [ build-cli, run-unit-tests, run-lints, run-smoke-tests, run-linux-distros-test, check-cli-docs ]
if: endsWith(github.ref, '/release-cli')
runs-on: ubuntu-22.04
steps:
- name: "Checkout code"
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: "Download build artifacts"
uses: actions/download-artifact@v4
with:
pattern: out-*
merge-multiple: true
path: ".out"
- name: "Install deploy dependencies"
run: |
mkdir -p "${HOME}/bin"
curl -fsSL "https://github.com/TomWright/dasel/releases/download/v1.24.3/dasel_linux_amd64" -o "${HOME}/bin/dasel" && chmod +x "${HOME}/bin/dasel"
- name: "Login to Docker Hub"
uses: docker/login-action@v3
with:
registry: docker.io
username: nextstrainbot
password: ${{ secrets.DOCKER_TOKEN }}
- name: "Build and publish Docker container images to Docker Hub"
run: |
export PATH="${PATH}:${HOME}/bin"
chmod +x ./.out/*
./scripts/publish_docker --push