public_git
/
tart
mirror of https://github.com/cirruslabs/tart.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Migrate CI to GitHub Actions

This commit is contained in:
Fedor Korotkov 2026-06-03 13:51:09 -07:00
parent 5287b597a1
commit 6d1d8a3773
2 changed files with 194 additions and 185 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

163
.cirrus.yml
View File

@ -1,163 +0,0 @@
use_compute_credits: true
task:
name: Test
alias: test
persistent_worker:
labels:
name: dev-mini
resources:
tart-vms: 1
build_script:
- swift build
test_script:
# Add /usr/sbin to PATH, otherwise testDiskutilInfo() fails to locate "diskutil"
- export PATH=$PATH:/usr/sbin
- swift test
integration_test_script:
- codesign --sign - --entitlements Resources/tart-dev.entitlements --force .build/debug/tart
- export PATH=$(pwd)/.build/arm64-apple-macosx/debug:$PATH
# Run integration tests
- cd integration-tests
- python3 -m venv --symlinks venv
- source venv/bin/activate
- pip install -r requirements.txt
- pytest --verbose --junit-xml=pytest-junit.xml
- go test -v ./...
pytest_junit_result_artifacts:
path: "integration-tests/pytest-junit.xml"
format: junit
task:
name: Markdown Lint
only_if: $CIRRUS_BRANCH != 'gh-pages' && changesInclude('**.md')
container:
image: node:latest
install_script: npm install -g markdownlint-cli
lint_script: markdownlint --config=docs/.markdownlint.yml docs/
task:
name: Lint
alias: lint
macos_instance:
image: ghcr.io/cirruslabs/macos-runner:tahoe
lint_script:
- swift package plugin --allow-writing-to-package-directory swiftformat --cache ignore --lint --report swiftformat.json .
always:
swiftformat_report_artifacts:
path: swiftformat.json
format: swiftformat
task:
only_if: $CIRRUS_TAG == ''
env:
matrix:
BUILD_ARCH: arm64
BUILD_ARCH: x86_64
name: Build ($BUILD_ARCH)
alias: build
macos_instance:
image: ghcr.io/cirruslabs/macos-runner:tahoe
build_script: swift build --arch $BUILD_ARCH --product tart
sign_script: codesign --sign - --entitlements Resources/tart-dev.entitlements --force .build/$BUILD_ARCH-apple-macosx/debug/tart
binary_artifacts:
path: .build/$BUILD_ARCH-apple-macosx/debug/tart
task:
only_if: $CIRRUS_TAG == '' && ($CIRRUS_USER_PERMISSION == 'write' || $CIRRUS_USER_PERMISSION == 'admin')
name: Release (Dry Run)
depends_on:
- lint
- build
macos_instance:
image: ghcr.io/cirruslabs/macos-runner:tahoe
env:
MACOS_CERTIFICATE: ENCRYPTED[552b9d275d1c2bdbc1bff778b104a8f9a53cbd0d59344d4b7f6d0ca3c811a5cefb97bef9ba0ef31c219cb07bdacdd2c2]
AC_PASSWORD: ENCRYPTED[4a761023e7e06fe2eb350c8b6e8e7ca961af193cb9ba47605f25f1d353abc3142606f412e405be48fd897a78787ea8c2]
GITHUB_TOKEN: ENCRYPTED[!98ace8259c6024da912c14d5a3c5c6aac186890a8d4819fad78f3e0c41a4e0cd3a2537dd6e91493952fb056fa434be7c!]
GORELEASER_KEY: ENCRYPTED[!9b80b6ef684ceaf40edd4c7af93014ee156c8aba7e6e5795f41c482729887b5c31f36b651491d790f1f668670888d9fd!]
setup_script:
- cd $HOME
- echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
- security create-keychain -p password101 build.keychain
- security default-keychain -s build.keychain
- security unlock-keychain -p password101 build.keychain
- security import certificate.p12 -k build.keychain -P password101 -T /usr/bin/codesign -T /usr/bin/pkgbuild
- security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k password101 build.keychain
- xcrun notarytool store-credentials "notarytool" --apple-id "hello@cirruslabs.org" --team-id "9M2P8L4D89" --password $AC_PASSWORD
install_script:
- brew install go
- brew install mitchellh/gon/gon
- brew install --cask goreleaser/tap/goreleaser-pro
info_script:
- security find-identity -v
- xcodebuild -version
- swift -version
goreleaser_script: goreleaser release --skip=publish --snapshot --clean
always:
dist_artifacts:
path: "dist/*"
task:
name: Release
only_if: $CIRRUS_TAG != ''
depends_on:
- lint
- build
macos_instance:
image: ghcr.io/cirruslabs/macos-runner:tahoe
env:
MACOS_CERTIFICATE: ENCRYPTED[552b9d275d1c2bdbc1bff778b104a8f9a53cbd0d59344d4b7f6d0ca3c811a5cefb97bef9ba0ef31c219cb07bdacdd2c2]
AC_PASSWORD: ENCRYPTED[4a761023e7e06fe2eb350c8b6e8e7ca961af193cb9ba47605f25f1d353abc3142606f412e405be48fd897a78787ea8c2]
GITHUB_TOKEN: ENCRYPTED[!98ace8259c6024da912c14d5a3c5c6aac186890a8d4819fad78f3e0c41a4e0cd3a2537dd6e91493952fb056fa434be7c!]
GORELEASER_KEY: ENCRYPTED[!9b80b6ef684ceaf40edd4c7af93014ee156c8aba7e6e5795f41c482729887b5c31f36b651491d790f1f668670888d9fd!]
SENTRY_ORG: cirrus-labs
SENTRY_PROJECT: persistent-workers
SENTRY_AUTH_TOKEN: ENCRYPTED[!9eaf2875d51b113e2f68598441ff8e6b2e53242e48fcb93633bd75a373fbe2e7caa900d837cc92f0b142b65579731644!]
setup_script:
- cd $HOME
- echo $MACOS_CERTIFICATE | base64 --decode > certificate.p12
- security create-keychain -p password101 build.keychain
- security default-keychain -s build.keychain
- security unlock-keychain -p password101 build.keychain
- security import certificate.p12 -k build.keychain -P password101 -T /usr/bin/codesign -T /usr/bin/pkgbuild
- security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k password101 build.keychain
- xcrun notarytool store-credentials "notarytool" --apple-id "hello@cirruslabs.org" --team-id "9M2P8L4D89" --password $AC_PASSWORD
install_script:
- brew install go getsentry/tools/sentry-cli
- brew install mitchellh/gon/gon
- brew install --cask goreleaser/tap/goreleaser-pro
info_script:
- security find-identity -v
- xcodebuild -version
- swift -version
release_script: goreleaser
upload_sentry_debug_files_script:
- cd .build/arm64-apple-macosx/release/
# Generate and upload symbols
- dsymutil tart
- sentry-cli debug-files upload tart.dSYM/
- SENTRY_PROJECT=tart sentry-cli debug-files upload tart.dSYM/
# Bundle and upload sources
- sentry-cli debug-files bundle-sources tart.dSYM
- sentry-cli debug-files upload tart.src.zip
- SENTRY_PROJECT=tart sentry-cli debug-files upload tart.src.zip
create_sentry_release_script:
- export SENTRY_RELEASE="tart@$CIRRUS_TAG"
- sentry-cli releases new $SENTRY_RELEASE
- sentry-cli releases set-commits $SENTRY_RELEASE --auto
- sentry-cli releases finalize $SENTRY_RELEASE
task:
name: Deploy Documentation
only_if: $CIRRUS_BRANCH == 'main'
container:
image: ghcr.io/squidfunk/mkdocs-material:latest
registry_config: ENCRYPTED[!cf1a0f25325aa75bad3ce6ebc890bc53eb0044c02efa70d8cefb83ba9766275a994b4831706c52630a0692b2fa9cfb9e!]
env:
DEPLOY_TOKEN: ENCRYPTED[!45ed45666558902ed1c2400add734ec063103bec31841847e8c8764802fca229bfa6d85c690e16ad159e047574b48793!]
deploy_script:
- git config --global user.name "Cirrus CI"
- git config --global user.name "hello@cirruslabs.org"
- git remote set-url origin https://$DEPLOY_TOKEN@github.com/cirruslabs/tart/
- mkdocs --verbose gh-deploy --force --remote-branch gh-pages

216
.github/workflows/build.yml vendored
View File

@ -1,37 +1,209 @@
name: Build
name: CI
on:
pull_request:
push:
branches:
- main
tags:
- '*'
workflow_dispatch:
permissions:
contents: read
jobs:
build_cached:
name: Build tart (cached)
runs-on: ghcr.io/cirruslabs/macos-runner:tahoe
timeout-minutes: 30
markdown_lint:
name: Markdown Lint
if: github.ref != 'refs/heads/gh-pages'
runs-on: ubuntu-latest
timeout-minutes: 10
steps:
- uses: actions/checkout@v5
- name: Build
run: |
export COMPILATION_CACHE_ENABLE_CACHING=YES
export COMPILATION_CACHE_REMOTE_SERVICE_PATH="$HOME/.cirruslabs/omni-cache.sock"
export COMPILATION_CACHE_ENABLE_PLUGIN=YES
export COMPILATION_CACHE_ENABLE_INTEGRATED_QUERIES=YES
export COMPILATION_CACHE_ENABLE_DETACHED_KEY_QUERIES=YES
export SWIFT_ENABLE_COMPILE_CACHE=YES
export SWIFT_ENABLE_EXPLICIT_MODULES=YES
export SWIFT_USE_INTEGRATED_DRIVER=YES
export CLANG_ENABLE_COMPILE_CACHE=YES
export CLANG_ENABLE_MODULES=YES
swift build --build-system swiftbuild --product tart
- uses: actions/setup-node@v5
with:
node-version: lts/*
- name: Install markdownlint
run: npm install -g markdownlint-cli
- name: Lint Markdown
run: markdownlint --config=docs/.markdownlint.yml docs/
build_no_cache:
name: Build tart (no cache)
runs-on: ghcr.io/cirruslabs/macos-runner:tahoe
lint:
name: Lint
runs-on: macos-15
timeout-minutes: 30
steps:
- uses: actions/checkout@v5
- name: SwiftFormat
run: swift package plugin --allow-writing-to-package-directory swiftformat --cache ignore --lint --report swiftformat.json .
- name: Upload SwiftFormat report
if: always()
uses: actions/upload-artifact@v4
with:
name: swiftformat-report
path: swiftformat.json
if-no-files-found: ignore
test:
name: Test
runs-on: macos-15
timeout-minutes: 30
steps:
- uses: actions/checkout@v5
- name: Build
run: swift build --build-system swiftbuild --product tart
run: swift build
- name: Test
run: |
export PATH="$PATH:/usr/sbin"
swift test
build:
name: Build (${{ matrix.arch }})
if: github.ref_type != 'tag'
runs-on: macos-15
timeout-minutes: 30
strategy:
fail-fast: false
matrix:
arch:
- arm64
- x86_64
steps:
- uses: actions/checkout@v5
- name: Build
run: swift build --arch "${{ matrix.arch }}" --product tart
- name: Sign
run: codesign --sign - --entitlements Resources/tart-dev.entitlements --force ".build/${{ matrix.arch }}-apple-macosx/debug/tart"
- name: Upload binary
uses: actions/upload-artifact@v4
with:
name: tart-${{ matrix.arch }}
path: .build/${{ matrix.arch }}-apple-macosx/debug/tart
if-no-files-found: error
release_dry_run:
name: Release (Dry Run)
if: github.event_name != 'pull_request' && github.ref_type != 'tag'
needs:
- lint
- build
runs-on: macos-15
timeout-minutes: 60
env:
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
GITHUB_TOKEN: ${{ github.token }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Configure signing
run: |
cd "$HOME"
echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
security create-keychain -p password101 build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p password101 build.keychain
security import certificate.p12 -k build.keychain -P password101 -T /usr/bin/codesign -T /usr/bin/pkgbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k password101 build.keychain
xcrun notarytool store-credentials "notarytool" --apple-id "hello@cirruslabs.org" --team-id "9M2P8L4D89" --password "$AC_PASSWORD"
- name: Install tools
run: |
brew install go
brew install mitchellh/gon/gon
brew install --cask goreleaser/tap/goreleaser-pro
- name: Print tool versions
run: |
security find-identity -v
xcodebuild -version
swift -version
- name: Run GoReleaser
run: goreleaser release --skip=publish --snapshot --clean
- name: Upload dist
if: always()
uses: actions/upload-artifact@v4
with:
name: dist-dry-run
path: dist/*
if-no-files-found: ignore
release:
name: Release
if: github.ref_type == 'tag'
needs:
- lint
runs-on: macos-15
timeout-minutes: 60
permissions:
contents: write
env:
AC_PASSWORD: ${{ secrets.AC_PASSWORD }}
GITHUB_TOKEN: ${{ github.token }}
GORELEASER_KEY: ${{ secrets.GORELEASER_KEY }}
MACOS_CERTIFICATE: ${{ secrets.MACOS_CERTIFICATE }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
SENTRY_ORG: cirrus-labs
SENTRY_PROJECT: persistent-workers
steps:
- uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Configure signing
run: |
cd "$HOME"
echo "$MACOS_CERTIFICATE" | base64 --decode > certificate.p12
security create-keychain -p password101 build.keychain
security default-keychain -s build.keychain
security unlock-keychain -p password101 build.keychain
security import certificate.p12 -k build.keychain -P password101 -T /usr/bin/codesign -T /usr/bin/pkgbuild
security set-key-partition-list -S apple-tool:,apple:,codesign: -s -k password101 build.keychain
xcrun notarytool store-credentials "notarytool" --apple-id "hello@cirruslabs.org" --team-id "9M2P8L4D89" --password "$AC_PASSWORD"
- name: Install tools
run: |
brew install go getsentry/tools/sentry-cli
brew install mitchellh/gon/gon
brew install --cask goreleaser/tap/goreleaser-pro
- name: Print tool versions
run: |
security find-identity -v
xcodebuild -version
swift -version
- name: Run GoReleaser
run: goreleaser
- name: Upload Sentry debug files
run: |
cd .build/arm64-apple-macosx/release/
dsymutil tart
sentry-cli debug-files upload tart.dSYM/
SENTRY_PROJECT=tart sentry-cli debug-files upload tart.dSYM/
sentry-cli debug-files bundle-sources tart.dSYM
sentry-cli debug-files upload tart.src.zip
SENTRY_PROJECT=tart sentry-cli debug-files upload tart.src.zip
- name: Create Sentry release
run: |
SENTRY_RELEASE="tart@${GITHUB_REF_NAME}"
sentry-cli releases new "$SENTRY_RELEASE"
sentry-cli releases set-commits "$SENTRY_RELEASE" --auto
sentry-cli releases finalize "$SENTRY_RELEASE"
deploy_docs:
name: Deploy Documentation
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
timeout-minutes: 20
permissions:
contents: write
container:
image: ghcr.io/squidfunk/mkdocs-material:latest
steps:
- uses: actions/checkout@v5
- name: Deploy documentation
run: |
git config --global user.name "github-actions[bot]"
git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git remote set-url origin "https://x-access-token:${GITHUB_TOKEN}@github.com/${GITHUB_REPOSITORY}.git"
mkdocs --verbose gh-deploy --force --remote-branch gh-pages
env:
GITHUB_TOKEN: ${{ github.token }}