NVIDIA/nvbench
1
0
Fork 0
mirror of https://github.com/NVIDIA/nvbench.git synced 2026-03-14 20:27:24 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
f049f109776a89639ae05c0bb263a7e168ea3899
nvbench/.github/workflows/verify-devcontainers.yml
Allison Piper 457b9f1064 Update verify-devcontainers workflow to match CCCL. 
This prevents us from spawning a ton of jobs unless the devcontainers actually change.
2025-04-14 14:37:40 -04:00

151 lines
5.4 KiB
YAML
Raw Blame History

name: Verify devcontainers
on:
workflow_call:
inputs:
base_sha:
type: string
description: 'For PRs, set the base SHA to conditionally run this workflow only when relevant files are modified.'
required: false
defaults:
run:
shell: bash -euo pipefail {0}
permissions:
contents: read
jobs:
get-devcontainer-list:
name: Verify devcontainer files are up-to-date
outputs:
skip: ${{ steps.inspect-changes.outputs.skip }}
devcontainers: ${{ steps.get-list.outputs.devcontainers }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Setup jq and yq
run: |
sudo apt-get update
sudo apt-get install jq -y
sudo wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.34.2/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq
- name: Run the script to generate devcontainer files
run: |
./.devcontainer/make_devcontainers.sh --verbose --clean
- name: Check for changes
run: |
if [[ $(git diff --stat) != '' || $(git status --porcelain | grep '^??') != '' ]]; then
git diff --minimal
git status --porcelain
echo "::error:: Dev Container files are out of date or there are untracked files. Run the .devcontainer/make_devcontainers.sh script and commit the changes."
exit 1
else
echo "::note::Dev Container files are up-to-date."
fi
- name: Inspect changes
if: ${{ inputs.base_sha != '' }}
id: inspect-changes
env:
BASE_SHA: ${{ inputs.base_sha }}
run: |
echo "Fetch history and determine merge base..."
git fetch origin --unshallow -q
git fetch origin $BASE_SHA -q
merge_base_sha=$(git merge-base $GITHUB_SHA $BASE_SHA)
echo "Head SHA: $GITHUB_SHA"
echo "PR Base SHA: $BASE_SHA"
echo "Merge Base SHA: $merge_base_sha"
echo "Checking for changes to devcontainer/matrix files..."
all_dirty_files=$(git diff --name-only "${merge_base_sha}" "${GITHUB_SHA}")
echo "::group::All dirty files"
echo "${all_dirty_files}"
echo "::endgroup::"
file_regex="^(.devcontainer|ci/matrix.yaml|.github/actions/workflow-build/build-workflow.py)"
echo "Regex: ${file_regex}"
relevant_dirty_files=$(echo "${all_dirty_files}" | grep -E "${file_regex}" || true)
echo "::group::Relevant dirty files"
echo "${relevant_dirty_files}"
echo "::endgroup::"
if [[ -z "${relevant_dirty_files}" ]]; then
echo "No relevant changes detected. Skipping devcontainer testing."
echo "skip=true" >> $GITHUB_OUTPUT
else
echo "Detected relevant changes. Continuing."
echo "skip=false" >> $GITHUB_OUTPUT
fi
- name: Get list of devcontainer.json paths and names
if: ${{ steps.inspect-changes.outputs.skip != 'true' }}
id: get-list
run: |
devcontainers=$(find .devcontainer/ -name 'devcontainer.json' | while read -r devcontainer; do
jq --arg path "$devcontainer" '{path: $path, name: .name}' "$devcontainer"
done | jq -s -c .)
echo "devcontainers=${devcontainers}" | tee --append "${GITHUB_OUTPUT}"
verify-devcontainers:
name: ${{matrix.devcontainer.name}}
needs: get-devcontainer-list
if: ${{ needs.get-devcontainer-list.outputs.skip != 'true' }}
runs-on: linux-amd64-cpu4
strategy:
fail-fast: false
matrix:
devcontainer: ${{fromJson(needs.get-devcontainer-list.outputs.devcontainers)}}
permissions:
id-token: write
contents: read
steps:
- name: Check out the code
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install dependencies
run: |
# Add PPA for nodejs, devcontainer CLI requires a newer version:
curl -fsSL https://deb.nodesource.com/setup_20.x -o /tmp/nodesource_setup.sh
sudo bash /tmp/nodesource_setup.sh
sudo apt-get update
sudo apt-get install -y nodejs
sudo npm install -g @devcontainers/cli
# We don't really need sccache configured, but we need the AWS credentials envvars to be set
# in order to avoid the devcontainer hanging waiting for GitHub authentication
- name: Get AWS credentials for sccache bucket
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: arn:aws:iam::279114543810:role/gha-oidc-NVIDIA
aws-region: us-east-2
role-duration-seconds: 43200 # 12 hours
- name: Set environment variables
run: |
echo "SCCACHE_BUCKET=rapids-sccache-devs" >> $GITHUB_ENV
echo "SCCACHE_REGION=us-east-2" >> $GITHUB_ENV
echo "SCCACHE_IDLE_TIMEOUT=32768" >> $GITHUB_ENV
echo "SCCACHE_S3_USE_SSL=true" >> $GITHUB_ENV
echo "SCCACHE_S3_NO_CREDENTIALS=false" >> $GITHUB_ENV
- name: Run in devcontainer
uses: devcontainers/ci@v0.3
with:
push: never
configFile: ${{ matrix.devcontainer.path }}
env: |
SCCACHE_REGION=${{ env.SCCACHE_REGION }}
AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }}
AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }}
AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }}
runCmd: |
.devcontainer/verify_devcontainer.sh
Reference in New Issue View Git Blame Copy Permalink