.github/workflows/ci.yaml - third_party/github/aspect-build/bazel-lib - Git at Google

 name: CI

 # Controls when the action will run.
 on:
   # Triggers the workflow on push or pull request events but only for the main branch
   push:
     branches: [main]
   pull_request:
     branches: [main]

   # Allows you to run this workflow manually from the Actions tab
   workflow_dispatch:

 jobs:
   # matrix-prep-* steps dynamically generate a bit of JSON depending on whether our action has
   # access to repository secrets. When running on a pull_request from a fork, the author is
   # untrusted so the secret will be absent. Insanely complex for how simple this requirement is...
   # inspired from
   # https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional

   matrix-prep-config:
     # Prepares the 'config' axis of the test matrix
     runs-on: ubuntu-latest
     env:
       ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
     steps:
       - id: local
         run: echo "config=local" >> $GITHUB_OUTPUT
       - id: rbe
         run: echo "config=rbe" >> $GITHUB_OUTPUT
         # Don't run RBE if there are no EngFlow creds which is the case on forks
         if: ${{ env.ENGFLOW_PRIVATE_KEY != '' }}
     outputs:
       # Will look like '["local", "rbe"]'
       configs: ${{ toJSON(steps.*.outputs.config) }}

   matrix-prep-bazelversion:
     # Prepares the 'bazelversion' axis of the test matrix
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
       - id: bazel_6
         run: echo "bazelversion=$(head -n 1 .bazelversion)" >> $GITHUB_OUTPUT
       - id: bazel_5
         run: echo "bazelversion=5.3.2" >> $GITHUB_OUTPUT
     outputs:
       # Will look like '["6.0.0rc1", "5.3.2"]'
       bazelversions: ${{ toJSON(steps.*.outputs.bazelversion) }}

   test:
     # The type of runner that the job will run on
     runs-on: ubuntu-latest

     needs:
       - matrix-prep-config
       - matrix-prep-bazelversion

     strategy:
       fail-fast: false
       matrix:
         config: ${{ fromJSON(needs.matrix-prep-config.outputs.configs) }}
         bazelversion: ${{ fromJSON(needs.matrix-prep-bazelversion.outputs.bazelversions) }}
         folder:
           - "."
           - "e2e/bzlmod"
           - "e2e/copy_to_directory"
           - "e2e/workspace"
         exclude:
           # bzlmod broken at 5.3.2 which the RBE:
           # ```
           # ERROR: /home/runner/work/bazel-lib/bazel-lib/e2e/bzlmod/BUILD.bazel:37:10: While resolving
           # toolchains for target //:test: com.google.devtools.build.lib.packages.BuildFileNotFoundException:
           # no such package '@aspect_bazel_lib//platforms': The repository '@aspect_bazel_lib' could not be
           # resolved: Repository '@aspect_bazel_lib' is not defined
           # ```
           - config: rbe
             bazelversion: 5.3.2
             folder: e2e/bzlmod

     # Steps represent a sequence of tasks that will be executed as part of the job
     steps:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v3

       - name: Mount bazel caches
         uses: actions/cache@v3
         with:
           path: |
             ~/.cache/bazel
             ~/.cache/bazel-repo
           key: bazel-cache-${{ hashFiles('**/BUILD.bazel', '**/*.bzl', 'WORKSPACE') }}
           restore-keys: bazel-cache-

       - name: Configure Bazel version
         working-directory: ${{ matrix.folder }}
         # Overwrite the .bazelversion instead of using USE_BAZEL_VERSION so that Bazelisk
         # still bootstraps Aspect CLI from configuration in .bazeliskrc. Aspect CLI will
         # then use .bazelversion to determine which Bazel version to use
         run: echo "${{ matrix.bazelversion }}" > .bazelversion

       - name: Write engflow credentials
         if: ${{ matrix.config == 'rbe' }}
         working-directory: ${{ matrix.folder }}
         run: |
           touch engflow.crt engflow.key
           chmod 0600 engflow.crt engflow.key
           echo "$ENGFLOW_CLIENT_CRT" > engflow.crt
           echo "$ENGFLOW_PRIVATE_KEY" > engflow.key
         env:
           ENGFLOW_CLIENT_CRT: ${{ secrets.ENGFLOW_CLIENT_CRT }}
           ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}

       - name: bazel test //...
         working-directory: ${{ matrix.folder }}
         run: bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc test --config=${{ matrix.config }} //...
         env:
           # Bazelisk will download bazel to here
           XDG_CACHE_HOME: ~/.cache/bazel-repo

       - name: integration tests
         if: ${{ matrix.folder == '.' }}
         # Find all shell scripts within e2e, echo the filename, execute, fail on error
         run: find e2e/*.sh -maxdepth 1 -type f -exec sh -c 'echo "\n\n------------------------------- $0 -------------------------------" && "$0" || kill $PPID' \{\} \;
	name: CI

	# Controls when the action will run.
	on:
	# Triggers the workflow on push or pull request events but only for the main branch
	push:
	branches: [main]
	pull_request:
	branches: [main]

	# Allows you to run this workflow manually from the Actions tab
	workflow_dispatch:

	jobs:
	# matrix-prep-* steps dynamically generate a bit of JSON depending on whether our action has
	# access to repository secrets. When running on a pull_request from a fork, the author is
	# untrusted so the secret will be absent. Insanely complex for how simple this requirement is...
	# inspired from
	# https://stackoverflow.com/questions/65384420/how-to-make-a-github-action-matrix-element-conditional

	matrix-prep-config:
	# Prepares the 'config' axis of the test matrix
	runs-on: ubuntu-latest
	env:
	ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}
	steps:
	- id: local
	run: echo "config=local" >> $GITHUB_OUTPUT
	- id: rbe
	run: echo "config=rbe" >> $GITHUB_OUTPUT
	# Don't run RBE if there are no EngFlow creds which is the case on forks
	if: ${{ env.ENGFLOW_PRIVATE_KEY != '' }}
	outputs:
	# Will look like '["local", "rbe"]'
	configs: ${{ toJSON(steps.*.outputs.config) }}

	matrix-prep-bazelversion:
	# Prepares the 'bazelversion' axis of the test matrix
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v3
	- id: bazel_6
	run: echo "bazelversion=$(head -n 1 .bazelversion)" >> $GITHUB_OUTPUT
	- id: bazel_5
	run: echo "bazelversion=5.3.2" >> $GITHUB_OUTPUT
	outputs:
	# Will look like '["6.0.0rc1", "5.3.2"]'
	bazelversions: ${{ toJSON(steps.*.outputs.bazelversion) }}

	test:
	# The type of runner that the job will run on
	runs-on: ubuntu-latest

	needs:
	- matrix-prep-config
	- matrix-prep-bazelversion

	strategy:
	fail-fast: false
	matrix:
	config: ${{ fromJSON(needs.matrix-prep-config.outputs.configs) }}
	bazelversion: ${{ fromJSON(needs.matrix-prep-bazelversion.outputs.bazelversions) }}
	folder:
	- "."
	- "e2e/bzlmod"
	- "e2e/copy_to_directory"
	- "e2e/workspace"
	exclude:
	# bzlmod broken at 5.3.2 which the RBE:
	# ```
	# ERROR: /home/runner/work/bazel-lib/bazel-lib/e2e/bzlmod/BUILD.bazel:37:10: While resolving
	# toolchains for target //:test: com.google.devtools.build.lib.packages.BuildFileNotFoundException:
	# no such package '@aspect_bazel_lib//platforms': The repository '@aspect_bazel_lib' could not be
	# resolved: Repository '@aspect_bazel_lib' is not defined
	# ```
	- config: rbe
	bazelversion: 5.3.2
	folder: e2e/bzlmod

	# Steps represent a sequence of tasks that will be executed as part of the job
	steps:
	# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
	- uses: actions/checkout@v3

	- name: Mount bazel caches
	uses: actions/cache@v3
	with:
	path: \|
	~/.cache/bazel
	~/.cache/bazel-repo
	key: bazel-cache-${{ hashFiles('/BUILD.bazel', '/*.bzl', 'WORKSPACE') }}
	restore-keys: bazel-cache-

	- name: Configure Bazel version
	working-directory: ${{ matrix.folder }}
	# Overwrite the .bazelversion instead of using USE_BAZEL_VERSION so that Bazelisk
	# still bootstraps Aspect CLI from configuration in .bazeliskrc. Aspect CLI will
	# then use .bazelversion to determine which Bazel version to use
	run: echo "${{ matrix.bazelversion }}" > .bazelversion

	- name: Write engflow credentials
	if: ${{ matrix.config == 'rbe' }}
	working-directory: ${{ matrix.folder }}
	run: \|
	touch engflow.crt engflow.key
	chmod 0600 engflow.crt engflow.key
	echo "$ENGFLOW_CLIENT_CRT" > engflow.crt
	echo "$ENGFLOW_PRIVATE_KEY" > engflow.key
	env:
	ENGFLOW_CLIENT_CRT: ${{ secrets.ENGFLOW_CLIENT_CRT }}
	ENGFLOW_PRIVATE_KEY: ${{ secrets.ENGFLOW_PRIVATE_KEY }}

	- name: bazel test //...
	working-directory: ${{ matrix.folder }}
	run: bazel --bazelrc=$GITHUB_WORKSPACE/.github/workflows/ci.bazelrc --bazelrc=.bazelrc test --config=${{ matrix.config }} //...
	env:
	# Bazelisk will download bazel to here
	XDG_CACHE_HOME: ~/.cache/bazel-repo

	- name: integration tests
	if: ${{ matrix.folder == '.' }}
	# Find all shell scripts within e2e, echo the filename, execute, fail on error
	run: find e2e/*.sh -maxdepth 1 -type f -exec sh -c 'echo "\n\n------------------------------- $0 -------------------------------" && "$0" \|\| kill $PPID' \{\} \;