New security helmet and coat #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build Rust library | |
on: | |
issue_comment: | |
types: created | |
jobs: | |
build-rust: | |
if: | | |
github.event.issue.pull_request && | |
(github.event.comment.body == '!build_rust') && | |
((github.event.sender.id == github.event.issue.user.id) || | |
(github.event.comment.author_association == 'COLLABORATOR') || | |
(github.event.comment.author_association == 'MEMBER') || | |
(github.event.comment.author_association == 'OWNER')) | |
runs-on: ubuntu-latest | |
steps: | |
- id: create_token | |
uses: actions/create-github-app-token@v1 | |
with: | |
app-id: ${{ secrets.APP_ID }} | |
private-key: ${{ secrets.PRIVATE_KEY }} | |
- run: echo "GH_TOKEN=${{ steps.create_token.outputs.token }}" >> "$GITHUB_ENV" | |
- run: echo "FAIL_NOTIFIED=false" >> "$GITHUB_ENV" | |
- name: Like the comment | |
env: | |
BASE_REPOSITORY: ${{ github.repository }} | |
run: | | |
gh api \ | |
--method POST \ | |
-H "Accept: application/vnd.github+json" \ | |
-H "X-GitHub-Api-Version: 2022-11-28" \ | |
/repos/$BASE_REPOSITORY/issues/comments/${{ github.event.comment.id }}/reactions \ | |
-f content='+1' | |
- name: PR Data | |
run: | | |
pr_json=$(curl -L -s --fail-with-body -H "Authorization: token ${{ github.token }}" ${{ github.event.issue.pull_request.url }}) | |
if [ `jq -r '.maintainer_can_modify' <<<$pr_json` == "false" ] ; then | |
gh pr comment ${{ github.event.issue.html_url }} --body 'GitHub Actions can not push to the repository without "Allow edits and access to secrets by maintainers" checked.' | |
echo "FAIL_NOTIFIED=true" >> "$GITHUB_ENV" | |
exit 1 | |
fi | |
echo "PR_REPO=`jq -r '.head.repo.full_name' <<<$pr_json`" >> $GITHUB_ENV | |
echo "PR_BRANCH=`jq -r '.head.ref' <<<$pr_json`" >> $GITHUB_ENV | |
echo "PR_HEAD_LABEL=`jq -r '.head.label' <<<$pr_json`" >> $GITHUB_ENV | |
- uses: actions/checkout@v4 | |
with: | |
repository: ${{ env.PR_REPO }} | |
ref: ${{ env.PR_BRANCH }} | |
token: ${{ env.GH_TOKEN }} | |
- name: Build rustlibs | |
env: | |
BASE_BRANCH: ${{ github.event.repository.default_branch }} | |
BASE_REPOSITORY: ${{ github.repository }} | |
GH_TOKEN: ${{ env.GH_TOKEN }} | |
run: | | |
# Get the code. | |
git config user.name paradisess13[bot] | |
git config user.email "165046124+paradisess13[bot]@users.noreply.github.com" | |
git pull origin "$PR_BRANCH" --depth=$((ahead_by + 1)) | |
git remote add upstream "https://github.com/$BASE_REPOSITORY.git" | |
git fetch upstream "$BASE_BRANCH" --depth=$((behind_by + 1)) | |
cd rust | |
# Get dependencies. | |
rustup target add i686-unknown-linux-gnu | |
rustup target add i686-pc-windows-gnu | |
sudo dpkg --add-architecture i386 | |
sudo apt-get update | |
sudo apt-get install zlib1g-dev:i386 lib32gcc-11-dev mingw-w64 mingw-w64-i686-dev | |
# Build it. | |
cargo build --release --target i686-unknown-linux-gnu | |
cargo build --release --target i686-pc-windows-gnu | |
# Copy the built targets to their checked-in locations. | |
cp target/i686-unknown-linux-gnu/release/librustlibs.so ../tools/ci/librustlibs_ci.so | |
cp target/i686-pc-windows-gnu/release/rustlibs.dll ../rustlibs.dll | |
git commit -a -m "Build Rust library" --allow-empty | |
git push origin | |
- name: Notify Failure | |
if: failure() && env.FAIL_NOTIFIED != 'true' | |
run: | | |
gh pr comment ${{ github.event.issue.html_url }} -b 'Building Rust library failed, see the action run log for details: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}' |