add max_connections_open option for httpc profile #22540
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| ## %CopyrightBegin% | |
| ## | |
| ## SPDX-License-Identifier: Apache-2.0 | |
| ## | |
| ## Copyright Ericsson AB 2024-2025. All Rights Reserved. | |
| ## | |
| ## Licensed under the Apache License, Version 2.0 (the "License"); | |
| ## you may not use this file except in compliance with the License. | |
| ## You may obtain a copy of the License at | |
| ## | |
| ## http://www.apache.org/licenses/LICENSE-2.0 | |
| ## | |
| ## Unless required by applicable law or agreed to in writing, software | |
| ## distributed under the License is distributed on an "AS IS" BASIS, | |
| ## WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. | |
| ## See the License for the specific language governing permissions and | |
| ## limitations under the License. | |
| ## | |
| ## %CopyrightEnd% | |
| ## | |
| ## This workflow handles testing of pull requests and pushes. | |
| ## It also publishes some packages to any new Erlang/OTP release | |
| ## | |
| ## To speed this up it would be nice if one could share docker | |
| ## images inbetween different jobs, but at the moment this is | |
| ## not possible so we need to rebuild all of Erlang/OTP multiple | |
| ## times. | |
| ## | |
| ## Now that we have migrated to ghcr.io we use the | |
| ## built-in caching mechanisms of docker/build-push-action@v2. | |
| ## However as things are now we use docker directly to make things | |
| ## work due to historical reasons. | |
| ## | |
| name: Build and check Erlang/OTP | |
| on: | |
| push: | |
| pull_request: | |
| schedule: | |
| - cron: 0 1 * * * | |
| ## We cancel any multiple runs from PRs, while runs from tags/branches are allowed | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.pull_request.number || github.sha }} | |
| cancel-in-progress: true | |
| env: | |
| ## Equivalent to github.event_name == 'pull_request' ? github.base_ref : github.ref_name | |
| BASE_BRANCH: ${{ github.event_name == 'pull_request' && github.base_ref || github.ref_name }} | |
| OTP_SBOM_VERSION: ${{ github.ref_type == 'tag' && github.ref_name || github.sha }} | |
| ## 'true' if all steps should be built and all tests run | |
| FULL_BUILD_AND_CHECK: ${{ github.event_name == 'pull_request' && contains(github.event.pull_request.labels.*.name, 'full-build-and-check') || github.event_name == 'scheduled' }} | |
| permissions: | |
| contents: read | |
| pull-requests: read | |
| jobs: | |
| pack: | |
| name: Build Erlang/OTP (64-bit) | |
| runs-on: ubuntu-latest | |
| if: github.repository == 'erlang/otp' || github.event_name != 'scheduled' | |
| outputs: | |
| changes: ${{ steps.changes.outputs.changes }} | |
| build-c-code: ${{ steps.c-code-changes.outputs.changes != '[]' || env.FULL_BUILD_AND_CHECK == 'true' }} | |
| all: ${{ steps.apps.outputs.all }} | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| BUILD_IMAGE: false | |
| - name: Get applications | |
| id: apps | |
| run: | | |
| .github/scripts/path-filters.sh > .github/scripts/path-filters.yaml | |
| .github/scripts/c-code-path-filters.sh > .github/scripts/c-code-path-filters.yaml | |
| ## Print path-filters for debug purposes | |
| cat .github/scripts/path-filters.yaml | |
| cat .github/scripts/c-code-path-filters.yaml | |
| ALL_APPS=$(grep '^[a-z_]*:' .github/scripts/path-filters.yaml | sed 's/:.*$//') | |
| ALL_APPS=$(jq -n --arg inarr "${ALL_APPS}" '$inarr | split("\n")' | tr '\n' ' ') | |
| echo "all=${ALL_APPS}" >> $GITHUB_OUTPUT | |
| - name: Check which applications have changed | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/[email protected] | |
| id: app-changes | |
| with: | |
| filters: .github/scripts/path-filters.yaml | |
| - name: Override which applications have changed | |
| id: changes | |
| env: | |
| ALL_APPS: ${{ steps.apps.outputs.all }} | |
| CHANGED_APPS: ${{ steps.app-changes.outputs.changes }} | |
| run: | | |
| if ${{ env.FULL_BUILD_AND_CHECK }}; then | |
| echo "changes=${ALL_APPS}" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "changes=${CHANGED_APPS}" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Check if there are any C-code changes, if not then limit CI run | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/[email protected] | |
| id: c-code-changes | |
| with: | |
| filters: .github/scripts/c-code-path-filters.yaml | |
| - name: Cache pre-built src | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # ratchet:actions/[email protected] | |
| with: | |
| path: otp_src.tar.gz | |
| key: prebuilt-src-${{ github.ref_name }}-${{ github.sha }} | |
| restore-keys: | | |
| prebuilt-src-${{ github.base_ref }}-${{ github.event.pull_request.base.sha }} | |
| - name: Cache pre-built binaries | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # ratchet:actions/[email protected] | |
| with: | |
| path: otp_cache.tar.gz | |
| key: prebuilt-cache-64-bit-${{ github.ref_name }}-${{ github.sha }} | |
| restore-keys: | | |
| prebuilt-cache-64-bit-${{ github.base_ref }}-${{ github.event.pull_request.base.sha }} | |
| - name: Create initial pre-release tar | |
| run: .github/scripts/init-pre-release.sh otp_archive.tar.gz otp_src.tar.gz | |
| - name: Upload source tar archive | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_git_archive | |
| path: otp_archive.tar.gz | |
| - name: Check how we can use the pre-built cache | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # ratchet:dorny/[email protected] | |
| id: cache | |
| with: | |
| filters: | | |
| no-cache: | |
| - '.github/**' | |
| - deleted: '**/*.h' | |
| deleted: | |
| - deleted: '**' | |
| bootstrap: | |
| - 'bootstrap/**' | |
| configure: | |
| - '**.ac' | |
| - '**.in' | |
| list-files: shell | |
| - name: Restore from cache | |
| env: | |
| NO_CACHE: ${{ fromJson(steps.cache.outputs.no-cache) || fromJson(env.FULL_BUILD_AND_CHECK) || fromJson(steps.cache.outputs.deleted_count) > 20 }} | |
| BOOTSTRAP: ${{ steps.cache.outputs.bootstrap }} | |
| CONFIGURE: ${{ steps.cache.outputs.configure }} | |
| EVENT: ${{ github.event_name }} | |
| DELETED: ${{ fromJson(steps.cache.outputs.deleted_count) > 20 && '[]' || steps.cache.outputs.deleted_files }} | |
| run: | | |
| .github/scripts/restore-from-prebuilt.sh "`pwd`" \ | |
| "`pwd`/.github/otp.tar.gz" \ | |
| "`pwd`/otp_archive.tar.gz" | |
| - name: Upload restored cache | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| if: runner.debug == 1 | |
| with: | |
| name: restored-cache | |
| path: .github/otp.tar.gz | |
| - name: Build image | |
| run: | | |
| docker build --tag otp \ | |
| --build-arg MAKEFLAGS=-j$(($(nproc) + 2)) \ | |
| --file ".github/dockerfiles/Dockerfile.64-bit" \ | |
| .github/ | |
| - name: Build pre-built tar archives | |
| run: | | |
| docker run -v $PWD:/github --entrypoint "" otp \ | |
| scripts/build-otp-tar -o /github/otp_clean_src.tar.gz /github/otp_src.tar.gz -b /buildroot/otp/ /github/otp_archive.tar.gz | |
| - name: Build cache | |
| run: | | |
| if [ -f otp_cache.tar.gz ]; then | |
| gunzip otp_cache.tar.gz | |
| else | |
| docker run -v $PWD:/github --entrypoint "" otp \ | |
| bash -c 'cp ../otp_cache.tar /github/' | |
| fi | |
| docker run -v $PWD:/github --entrypoint "" otp \ | |
| bash -c 'set -x; C_APPS=$(ls -d ./lib/*/c_src); find Makefile ./make ./erts ./bin/`erts/autoconf/config.guess` ./lib/erl_interface ./lib/jinterface ${C_APPS} `echo "${C_APPS}" | sed -e 's:c_src$:priv:'` -type f -newer README.md \! -name "*.beam" \! -path "*/doc/*" \! -path "./erts/preloaded/*" | xargs tar --transform "s:^./:otp/:" -uvf /github/otp_cache.tar' | |
| gzip otp_cache.tar | |
| - name: Upload pre-built tar archives | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_prebuilt | |
| path: | | |
| otp_src.tar.gz | |
| otp_cache.tar.gz | |
| build-macos: | |
| name: Build Erlang/OTP (macOS) | |
| runs-on: macos-15 | |
| needs: pack | |
| if: needs.pack.outputs.build-c-code == 'true' | |
| env: | |
| WXWIDGETS_VERSION: 3.2.6 | |
| MACOS_VERSION: 15 | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - name: Download source archive | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_prebuilt | |
| - name: Cache wxWidgets | |
| id: wxwidgets-cache | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # ratchet:actions/[email protected] | |
| with: | |
| path: wxWidgets | |
| key: wxWidgets-${{ env.WXWIDGETS_VERSION }}-${{ runner.os }}-${{ hashFiles('.github/scripts/build-macos-wxwidgets.sh') }}-${{ env.MACOS_VERSION }} | |
| - name: Compile wxWidgets | |
| if: steps.wxwidgets-cache.outputs.cache-hit != 'true' | |
| run: .github/scripts/build-macos-wxwidgets.sh | |
| - name: Compile Erlang | |
| run: | | |
| tar -xzf ./otp_src.tar.gz | |
| export PATH=$PWD/wxWidgets/release/bin:$PATH | |
| cd otp | |
| $GITHUB_WORKSPACE/.github/scripts/build-macos.sh build_docs --disable-dynamic-ssl-lib | |
| tar -czf otp_macos_$(cat OTP_VERSION)_x86-64.tar.gz -C release . | |
| - name: Test Erlang | |
| run: | | |
| cd otp/release | |
| ./Install -sasl $PWD | |
| ./bin/erl -noshell -eval 'io:format("~s", [erlang:system_info(system_version)]), halt().' | |
| ./bin/erl -noshell -eval 'ok = application:start(crypto), io:format("crypto ok~n"), halt().' | |
| ./bin/erl -noshell -eval '{wx_ref,_,_,_} = wx:new(), io:format("wx ok~n"), halt().' | |
| - name: Upload tarball | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_prebuilt_macos_x86-64 | |
| path: otp/otp_macos_*_x86-64.tar.gz | |
| build-ios: | |
| env: | |
| RELEASE_LIBBEAM: yes | |
| TARGET_ARCH: aarch64-apple-ios | |
| name: Build Erlang/OTP (iOS) | |
| runs-on: macos-15 | |
| needs: pack | |
| if: needs.pack.outputs.build-c-code == 'true' | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - name: Download source archive | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_prebuilt | |
| - name: Compile Erlang | |
| run: | | |
| tar -xzf ./otp_src.tar.gz | |
| cd otp | |
| $GITHUB_WORKSPACE/.github/scripts/build-macos.sh --xcomp-conf=./xcomp/erl-xcomp-arm64-ios.conf --without-ssl | |
| - name: Package .xcframework | |
| run: | | |
| cd otp | |
| export BUILD_ARCH=`./erts/autoconf/config.guess` | |
| export LIBS=`find . -not -path "*${BUILD_ARCH}*" -path "*${TARGET_ARCH}*" -not -name "*_st.a" -not -name "*_r.a" -name "*.a" | awk '{ "basename " $1 | getline name; names[name] = $1 } END { for (n in names) { print names[n] }}'` | |
| libtool -static -o liberlang.a $LIBS | |
| xcodebuild -create-xcframework -output ./liberlang.xcframework -library liberlang.a | |
| - name: Upload framework | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: ios_framework_${{ env.TARGET_ARCH }} | |
| path: otp/liberlang.xcframework | |
| build-windows: | |
| defaults: | |
| run: | |
| shell: wsl-bash {0} | |
| env: | |
| WXWIDGETS_VERSION: 3.2.6 | |
| name: Build Erlang/OTP (Windows) | |
| runs-on: windows-2022 | |
| needs: pack | |
| if: needs.pack.outputs.build-c-code == 'true' | |
| steps: | |
| - uses: Vampire/setup-wsl@3b46b44374d5d0ae94654c45d114a3ed7a0e07a8 # ratchet:Vampire/[email protected] | |
| with: | |
| distribution: Ubuntu-18.04 | |
| - name: Install WSL dependencies | |
| run: apt update && apt install -y make autoconf unzip | |
| - name: Install openssl | |
| shell: cmd | |
| run: | | |
| choco install openssl --version=3.1.1 | |
| IF EXIST "c:\\Program Files\\OpenSSL-Win64" (move "c:\\Program Files\\OpenSSL-Win64" "c:\\OpenSSL-Win64") ELSE (move "c:\\Program Files\\OpenSSL" "c:\\OpenSSL-Win64") | |
| - name: Cache wxWidgets | |
| uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # ratchet:actions/[email protected] | |
| with: | |
| path: wxWidgets | |
| key: wxWidgets-${{ env.WXWIDGETS_VERSION }}-${{ runner.os }} | |
| # actions/cache on Windows sometimes does not set cache-hit even though there was one. Setting it manually. | |
| - name: Set wxWidgets cache | |
| id: wxwidgets-cache | |
| env: | |
| WSLENV: GITHUB_OUTPUT/p | |
| run: | | |
| if [ -d wxWidgets ]; then | |
| echo "cache-hit=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "cache-hit=false" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Download wxWidgets | |
| if: steps.wxwidgets-cache.outputs.cache-hit != 'true' | |
| run: | | |
| wget https://github.com/wxWidgets/wxWidgets/releases/download/v${{ env.WXWIDGETS_VERSION }}/wxWidgets-${{ env.WXWIDGETS_VERSION }}.zip | |
| unzip wxWidgets-${{ env.WXWIDGETS_VERSION }}.zip -d wxWidgets | |
| sed -i -r -e 's/wxUSE_POSTSCRIPT +0/wxUSE_POSTSCRIPT 1/' wxWidgets/include/wx/msw/setup.h | |
| sed -i -r -e 's/wxUSE_WEBVIEW_EDGE +0/wxUSE_WEBVIEW_EDGE 1/' wxWidgets/include/wx/msw/setup.h | |
| - name: Install WebView2 | |
| if: steps.wxwidgets-cache.outputs.cache-hit != 'true' | |
| shell: cmd | |
| run: | | |
| cd wxWidgets\\3rdparty | |
| nuget install Microsoft.Web.WebView2 -Version 1.0.705.50 -Source https://api.nuget.org/v3/index.json | |
| rename Microsoft.Web.WebView2.1.0.705.50 webview2 | |
| - name: Build wxWidgets | |
| if: steps.wxwidgets-cache.outputs.cache-hit != 'true' | |
| shell: cmd | |
| run: | | |
| cd wxWidgets\\build\\msw | |
| call "C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\Auxiliary\\Build\\vcvars64.bat" | |
| nmake TARGET_CPU=amd64 BUILD=release SHARED=0 DIR_SUFFIX_CPU= -f makefile.vc | |
| - name: Download source archive | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_prebuilt | |
| - name: Compile Erlang | |
| run: | | |
| mkdir -p /mnt/c/opt/local64/pgm/ | |
| cp -R wxWidgets /mnt/c/opt/local64/pgm/wxWidgets-${{ env.WXWIDGETS_VERSION }} | |
| tar -xzf ./otp_src.tar.gz | |
| cd otp | |
| export ERL_TOP=`pwd` | |
| export MAKEFLAGS=-j$(($(nproc) + 2)) | |
| export ERLC_USE_SERVER=true | |
| export ERTS_SKIP_DEPEND=true | |
| eval `./otp_build env_win32 x64` | |
| ./otp_build configure | |
| if cat erts/CONF_INFO || | |
| grep -v "Static linking with OpenSSL 3.0" lib/*/CONF_INFO || | |
| cat lib/*/SKIP || | |
| cat lib/SKIP-APPLICATIONS; then | |
| exit 1 | |
| fi | |
| ./otp_build boot -a | |
| ./otp_build release -a | |
| cp /mnt/c/opt/local64/pgm/wxWidgets-${{ env.WXWIDGETS_VERSION }}/3rdparty/webview2/runtimes/win-x64/native/WebView2Loader.dll $ERL_TOP/release/win32/erts-*/bin/ | |
| ./otp_build debuginfo_win32 | |
| ./otp_build installer_win32 | |
| - name: Upload installer | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_win32_installer | |
| path: otp/release/win32/otp*.exe | |
| build-flavors: | |
| name: Build Erlang/OTP (Types and Flavors) | |
| runs-on: ubuntu-latest | |
| needs: pack | |
| if: needs.pack.outputs.build-c-code == 'true' | |
| strategy: | |
| matrix: | |
| flavor: [jit, emu] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| - name: Build Erlang/OTP flavors and types | |
| run: | | |
| TYPES="opt debug lcnt asan gcov valgrind" | |
| FLAVORS="${{ matrix.flavor }}" | |
| for TYPE in ${TYPES}; do | |
| for FLAVOR in ${FLAVORS}; do | |
| echo "::group::{TYPE=$TYPE FLAVOR=$FLAVOR}" | |
| docker run otp \ | |
| "set -xe; | |
| if [ '${TYPE}' = 'valgrind' ]; then sudo apt-get install -y valgrind bc; fi; | |
| echo 'Setup start flags'; | |
| if [ '$TYPE' != 'opt' ]; then EMU_TYPE='-emu_type $TYPE'; fi; | |
| if [ '$FLAVOR' = 'jit' ]; then | |
| EMU_FLAVOR='smp' | |
| else | |
| EMU_FLAVOR='$FLAVOR' | |
| fi; | |
| echo 'Build type and flavor and test starting in source tree'; | |
| TYPE=$TYPE FLAVOR=$FLAVOR ./otp_build boot -a; | |
| cerl -$TYPE -emu_flavor \$EMU_FLAVOR -noshell -s init stop; | |
| echo 'Install and test installation'; | |
| sudo make install TYPE=$TYPE FLAVOR=$FLAVOR; | |
| if [ $TYPE != 'valgrind' ] && [ $TYPE != 'asan' ]; then | |
| erl \$EMU_TYPE -emu_flavor \$EMU_FLAVOR -noshell -s init stop; | |
| fi | |
| echo 'Release and test release' | |
| ./otp_build release -a \$(pwd)/test_release/; | |
| (cd \$(pwd)/test_release/ && ./Install -minimal \$(pwd)); | |
| TYPE=$TYPE FLAVOR=$FLAVOR ./otp_build release -a \$(pwd)/test_release; | |
| if [ $TYPE != 'valgrind' ] && [ $TYPE != 'asan' ]; then | |
| test_release/bin/erl \$EMU_TYPE -emu_flavor \$EMU_FLAVOR -noshell -s init stop; | |
| fi" | |
| echo "::endgroup::" | |
| done | |
| done | |
| - name: Build Erlang/OTP JIT Win32 ABI | |
| if: ${{ matrix.flavor == 'jit' }} | |
| run: > | |
| docker run otp \ | |
| 'set -xe; | |
| ./configure CFLAGS="$CFLAGS -DERTS_JIT_ABI_WIN32=1"; | |
| make && make TYPE=debug; | |
| cerl -noshell -s init stop && cerl -debug -noshell -s init stop' | |
| - name: Build Erlang/OTP with LTTNG | |
| if: ${{ matrix.flavor == 'jit' }} | |
| run: > | |
| docker run otp \ | |
| 'set -xe; | |
| sudo apt-get install -y lttng-tools; | |
| ./configure --enable-dynamic-trace=lttng; | |
| make && make TYPE=debug; | |
| cerl -noshell -s init stop && cerl -debug -noshell -s init stop' | |
| - name: Start Erlang with various start options | |
| if: ${{ matrix.flavor == 'jit' }} | |
| run: | | |
| OPTIONS=("+JPperf true" "+JMsingle true" "+JDdump true") | |
| for OPTION in "${OPTIONS[@]}"; do | |
| docker run otp "erl ${OPTION} -noshell -s init stop" | |
| done | |
| build: | |
| name: Build Erlang/OTP | |
| runs-on: ubuntu-latest | |
| needs: pack | |
| if: needs.pack.outputs.build-c-code == 'true' | |
| strategy: | |
| matrix: | |
| type: [32-bit,cross-compile,clang] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| TYPE: ${{ matrix.type }} | |
| freebsd: | |
| name: Build Erlang/OTP (FreeBSD) | |
| runs-on: ubuntu-latest | |
| needs: pack | |
| if: needs.pack.outputs.build-c-code == 'true' | |
| steps: | |
| - name: Download source archive | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_prebuilt | |
| - name: Build on FreeBSD | |
| uses: vmactions/freebsd-vm@966989c456d41351f095a421f60e71342d3bce41 # v1 | |
| with: | |
| usesh: true | |
| copyback: false | |
| prepare: | | |
| pkg update | |
| pkg upgrade -y | |
| pkg install -y bash gmake gtar autoconf ncurses pkgconf | |
| run: | | |
| tar -xzf ./otp_src.tar.gz | |
| cd otp | |
| export ERL_TOP=`pwd` | |
| export MAKEFLAGS=-j$(($(nproc) + 2)) | |
| export ERLC_USE_SERVER=true | |
| export ERTS_SKIP_DEPEND=true | |
| ./configure | |
| gmake | |
| documentation: | |
| name: Build and check documentation | |
| runs-on: ubuntu-latest | |
| needs: pack | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| ## Build all the documentation | |
| - name: Build documentation | |
| env: | |
| BASE_URL: ${{ github.event_name == 'pull_request' && | |
| format('{0}/blob/{1}/',github.event.pull_request.head.repo.full_name,github.event.pull_request.head.ref) || | |
| format('{0}/blob/{1}/',github.repository,github.ref_name) | |
| }} | |
| run: | | |
| docker build --build-arg BASE_URL="$BASE_URL" -t otp - <<EOF | |
| FROM otp | |
| ENV BASE_URL=$BASE_URL | |
| RUN ./otp_build download_ex_doc | |
| ## Need later jdk to create correct anchors in html docs | |
| RUN sudo update-java-alternatives -s java-1.11.0-openjdk-amd64 | |
| RUN make release docs release_docs && sudo make install-docs | |
| EOF | |
| - name: Release docs to publish | |
| run: | | |
| docker run -v $PWD/:/github otp \ | |
| "make release_docs DOC_TARGETS='html man' RELEASE_ROOT=/github/docs" | |
| sudo chown -R `whoami` docs | |
| cd docs | |
| tar czf ../otp_doc_man.tar.gz man | |
| rm -rf man | |
| tar czf ../otp_doc_html.tar.gz * | |
| - name: Upload html documentation archive | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_doc_html | |
| path: otp_doc_html.tar.gz | |
| - name: Upload man documentation archive | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_doc_man | |
| path: otp_doc_man.tar.gz | |
| - name: Trigger rebuild of erlang.org/docs/ | |
| if: github.ref_name == 'master' && github.repository == 'erlang/otp' | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.TRIGGER_ERLANG_ORG_BUILD }} | |
| run: | | |
| curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/erlang/erlang-org/actions/workflows/update-gh-cache.yaml/dispatches" -d '{"ref":"master"}' | |
| - name: Run html link check | |
| run: docker run -v $PWD/:/github otp "cd /github/docs && /github/scripts/otp_check_html_links.exs" | |
| static: | |
| name: Run static analysis | |
| runs-on: ubuntu-latest | |
| needs: pack | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| ## Check formatting of cpp code | |
| - name: Check format | |
| run: docker run otp "make format-check" | |
| ## Run dialyzer | |
| - name: Run dialyzer | |
| run: docker run -v $PWD/:/github otp '/github/scripts/run-dialyzer' | |
| - name: Check OSSF compiler flags | |
| uses: ./.github/actions/ossf-compiler-flags-scanner | |
| test: | |
| name: Test Erlang/OTP | |
| runs-on: ubuntu-latest | |
| needs: pack | |
| if: needs.pack.outputs.changes != '[]' | |
| strategy: | |
| matrix: | |
| # type: ${{ fromJson(needs.pack.outputs.all) }} | |
| type: ${{ fromJson(needs.pack.outputs.changes) }} | |
| # type: ["os_mon","sasl"] | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| - name: Run tests | |
| id: run-tests | |
| run: | | |
| set -x | |
| mkdir $PWD/make_test_dir | |
| APP="${{ matrix.type }}" | |
| ## Need to specialize for epmd, emulator and debug | |
| case "${APP}" in | |
| emulator) DIR=erts/emulator/ ;; | |
| epmd) DIR=erts/epmd ;; | |
| debug) DIR=lib/os_mon; APP=os_mon; TYPE=debug ;; | |
| *) DIR=lib/${{ matrix.type }} ;; | |
| esac | |
| ## Remove systemd-coredump | |
| ! sudo apt remove systemd-coredump | |
| ## Removing systemd-coredump, caused apport to be installed instead, so we disable it | |
| ! sudo service apport stop | |
| sudo sysctl -w dev.tty.legacy_tiocsti=1 | |
| sudo bash -c "echo 'core.%p' > /proc/sys/kernel/core_pattern" | |
| docker run --ulimit core=-1 --ulimit nofile=5000:5000 --pids-limit 1024 \ | |
| -e CTRUN_TIMEOUT=90 -e SPEC_POSTFIX=gh \ | |
| -e TEST_NEEDS_RELEASE=true -e "RELEASE_ROOT=/buildroot/otp/Erlang ∅⊤℞" \ | |
| -e EXTRA_ARGS="-ct_hooks cth_surefire [{path,\"/buildroot/otp/$DIR/make_test_dir/${{ matrix.type }}_junit.xml\"}]" \ | |
| -v "$PWD/make_test_dir:/buildroot/otp/$DIR/make_test_dir" \ | |
| -v "$PWD/scripts:/buildroot/otp/scripts" \ | |
| otp "./otp_build download_gdb_tools && make emulator && make TYPE=${TYPE} && make ${APP}_test TYPE=${TYPE}" | |
| ## Rename os_mon to debug for debug build | |
| if [ "$APP" != "${{ matrix.type }}" ]; then | |
| mv make_test_dir/${APP}_test "make_test_dir/${{ matrix.type }}_test" | |
| fi | |
| - name: Cleanup tests | |
| if: ${{ !cancelled() }} | |
| run: | | |
| rm -rf make_test_dir/otp || true | |
| sudo bash -c "chown -R `whoami` make_test_dir && chmod -R +r make_test_dir" | |
| tar czf ${{ matrix.type }}_test_results.tar.gz make_test_dir | |
| - name: Upload test results | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: ${{ matrix.type }}_test_results | |
| path: ${{ matrix.type }}_test_results.tar.gz | |
| system-test: | |
| name: Test Erlang/OTP (system) | |
| runs-on: ubuntu-latest | |
| if: ${{ !cancelled() }} # Run even if the need has failed | |
| needs: test | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| - name: Download test results | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| - name: Merge test results | |
| run: | | |
| shopt -s nullglob | |
| mkdir -p make_test_dir | |
| for file in *_test_results/*.tar.gz; do | |
| tar xzf $file | |
| done | |
| docker run -v $PWD/make_test_dir:/buildroot/otp/erts/make_test_dir otp \ | |
| "ct_run -refresh_logs /buildroot/otp/erts/make_test_dir" | |
| - name: Run system tests | |
| run: | | |
| ## Remove systemd-coredump | |
| ! sudo apt remove systemd-coredump | |
| ## Removing systemd-coredump, caused apport to be installed instead, so we disable it | |
| ! sudo service apport stop | |
| sudo bash -c "echo 'core.%p' > /proc/sys/kernel/core_pattern" | |
| docker run --ulimit core=-1 --ulimit nofile=5000:5000 --pids-limit 512 \ | |
| -e CTRUN_TIMEOUT=90 -e SPEC_POSTFIX=gh \ | |
| -e EXTRA_ARGS="-ct_hooks cth_surefire [{path,\"/buildroot/otp/erts/make_test_dir/system_junit.xml\"}]" \ | |
| -e OTP_DAILY_BUILD_TOP_DIR=/buildroot/otp/erts/make_test_dir \ | |
| -v $PWD/make_test_dir:/buildroot/otp/erts/make_test_dir otp \ | |
| "make system_test" | |
| - name: Cleanup tests | |
| if: ${{ !cancelled() }} | |
| run: | | |
| rm -rf make_test_dir/otp || true | |
| tar czf test_results.tar.gz make_test_dir | |
| # Translate file="/buildroot/otp/lib/os_mon/make_test_dir/os_mon_test/cpu_sup_SUITE.erl" | |
| # to file="lib/os_mon/test/cpu_sup_SUITE.erl" | |
| sed -i -e 's:file="/buildroot/otp/:file=":g' \ | |
| -e 's:\(file="[^/]*/[^/]*/\)make_test_dir/[^/]*:\1test:g' \ | |
| -e 's:\(file="erts/\)make_test_dir/[^/]*:\1test:g' \ | |
| make_test_dir/*_junit.xml | |
| - name: Upload test results | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| if: ${{ !cancelled() }} | |
| with: | |
| name: test_results | |
| path: test_results.tar.gz | |
| - name: Upload Test Results | |
| if: ${{ !cancelled() }} | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: Unit Test Results | |
| path: | | |
| make_test_dir/*_junit.xml | |
| ## If you want to speedup this step for testing the easiest way is to create | |
| ## these two commits: | |
| ## | |
| ## git rm -rf lib erts system && git revert HEAD | |
| ## | |
| ## and then create a step that that does this: | |
| ## | |
| ## - name: SBOM Sha | |
| ## run: echo "sha=$(git rev-parse HEAD~1)" >> $GITHUB_OUTPUT | |
| ## | |
| ## and then make sure to use that sha instead of env.OTP_SBOM_VERSION | |
| sbom: | |
| name: Create SBOM | |
| runs-on: ubuntu-latest | |
| needs: pack | |
| env: | |
| ORT_VERSION: 58.0.1 | |
| SCAN_RESULT_CACHE_PATH: .ort/scan-result.json | |
| steps: | |
| - name: Use HTTPS instead of SSH for Git cloning | |
| run: git config --global url.https://github.com/.insteadOf ssh://[email protected]/ | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| - name: Fetch Default ORT Config | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/checkout@v4 | |
| with: | |
| repository: oss-review-toolkit/ort-config | |
| ref: "d2978deb230beae095bb6cfec074b94f1a74fd34" | |
| path: ".ort-config" | |
| - name: Setup ORT Config | |
| id: setup-ort-config | |
| run: | | |
| mkdir -p "$HOME/.ort/" | |
| # Move Fetched Default Config into Place | |
| mv .ort-config "$HOME/.ort/config" | |
| # Copy local configuration | |
| cp .ort/config/* "$HOME/.ort/config/" | |
| - name: Run OSS Review Toolkit (analyzer) | |
| uses: oss-review-toolkit/ort-ci-github-action@1805edcf1f4f55f35ae6e4d2d9795ccfb29b6021 # ratchet:oss-review-toolkit/[email protected] | |
| with: | |
| image: ghcr.io/oss-review-toolkit/ort-minimal:${{ env.ORT_VERSION }} | |
| run: > | |
| labels, | |
| cache-dependencies, | |
| analyzer | |
| sw-version: ${{ env.OTP_SBOM_VERSION }} | |
| - name: Link results | |
| run: ln -s analyzer-result.json $HOME/.ort/ort-results/current-result.json | |
| - name: Restore ORT Scanner cache | |
| uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # ratchet:actions/cache/restore@v4 | |
| id: ort-cache | |
| with: | |
| path: ${{ env.SCAN_RESULT_CACHE_PATH }} | |
| key: ort-scan-result-${{ env.ORT_VERSION }}-${{ github.ref_name }}-${{ github.sha }} | |
| restore-keys: | | |
| ort-scan-result-${{ env.ORT_VERSION }}-${{ github.ref_name }}- | |
| ort-scan-result-${{ env.ORT_VERSION }}-${{ github.base_ref }}-${{ github.event.pull_request.base.sha }} | |
| ort-scan-result-${{ env.ORT_VERSION }}-${{ github.base_ref }}- | |
| - name: Install dependencies in docker image | |
| run: | | |
| SCANCODE_VERSION=$(docker run --entrypoint="" ghcr.io/oss-review-toolkit/ort-minimal:${{ env.ORT_VERSION }} bash -c "scancode --version" | grep "ScanCode version" | awk '{print $3}') | |
| docker build -t otp - <<EOF | |
| FROM otp | |
| RUN echo 'export PATH="\$HOME/.local/bin:\$PATH"' >> /home/otptest/.profile | |
| RUN sudo apt-get install -y pip && \ | |
| pip install click==8.1.7 scancode-toolkit==${SCANCODE_VERSION} reuse && \ | |
| pip install -U ntia-conformance-checker | |
| EOF | |
| - name: Restore from cache | |
| if: hashFiles(env.SCAN_RESULT_CACHE_PATH) != '' | |
| run: | | |
| docker run -v $PWD/:/github -v $HOME:$HOME otp \ | |
| "/github/.github/scripts/ort-scanner.es init -i $HOME/.ort/ort-results/analyzer-result.json \ | |
| -o $HOME/.ort/ort-results/scan-result.init.json /github" | |
| docker run -v $PWD/:/github -v $HOME:$HOME otp \ | |
| "/github/.github/scripts/ort-scanner.es restore-cache -i $HOME/.ort/ort-results/scan-result.init.json \ | |
| -o $HOME/.ort/ort-results/scan-result.cache.json /github/${{ env.SCAN_RESULT_CACHE_PATH }}" | |
| docker run -v $PWD/:/github -v $HOME:$HOME otp \ | |
| "/github/.github/scripts/ort-scanner.es scan -t scancode -s fill \ | |
| -i $HOME/.ort/ort-results/scan-result.cache.json \ | |
| -o $HOME/.ort/ort-results/scan-result.json /github" | |
| - name: Run OSS Review Toolkit (scanner) | |
| if: hashFiles(env.SCAN_RESULT_CACHE_PATH) == '' | |
| uses: oss-review-toolkit/ort-ci-github-action@1805edcf1f4f55f35ae6e4d2d9795ccfb29b6021 # ratchet:oss-review-toolkit/[email protected] | |
| with: | |
| image: ghcr.io/oss-review-toolkit/ort-minimal:${{ env.ORT_VERSION }} | |
| run: > | |
| scanner | |
| sw-version: ${{ env.OTP_SBOM_VERSION }} | |
| - name: Overwrite scan results using reuse | |
| run: | | |
| cp $HOME/.ort/ort-results/scan-result.json $HOME/.ort/ort-results/scan-result.scanned.json | |
| docker run -v $PWD/:/github -v $HOME:$HOME otp \ | |
| "/github/.github/scripts/ort-scanner.es scan -t reuse -s overwrite \ | |
| -i $HOME/.ort/ort-results/scan-result.json \ | |
| -o $HOME/.ort/ort-results/scan-result.reuse.json /github" | |
| - name: Upload scan results | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: ort-scan-results | |
| path: | | |
| /home/runner/.ort/ort-results/*.json | |
| ${{ env.SCAN_RESULT_CACHE_PATH }} | |
| - name: Copy to cache and link results | |
| run: | | |
| cp $HOME/.ort/ort-results/scan-result.reuse.json ${{ env.SCAN_RESULT_CACHE_PATH }} | |
| ln -f -s scan-result.reuse.json $HOME/.ort/ort-results/current-result.json | |
| - name: Run OSS Review Toolkit (reporter) | |
| uses: oss-review-toolkit/ort-ci-github-action@1805edcf1f4f55f35ae6e4d2d9795ccfb29b6021 # ratchet:oss-review-toolkit/[email protected] | |
| with: | |
| image: ghcr.io/oss-review-toolkit/ort-minimal:${{ env.ORT_VERSION }} | |
| run: > | |
| reporter | |
| report-formats: "SpdxDocument" | |
| ort-cli-report-args: '-O SpdxDocument=outputFileFormats=JSON' | |
| sw-version: ${{ env.OTP_SBOM_VERSION }} | |
| - name: Save ORT Scanner cache | |
| uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # ratchet:actions/cache/save@v4 | |
| if: steps.ort-cache.outputs.cache-hit != 'true' | |
| with: | |
| path: ${{ env.SCAN_RESULT_CACHE_PATH }} | |
| key: ${{ steps.ort-cache.outputs.cache-primary-key }} | |
| - name: Process SBOM | |
| run: | | |
| docker run -v $PWD/:/github -v $HOME:$HOME otp \ | |
| "/github/.github/scripts/otp-compliance.es sbom otp-info \ | |
| --sbom-file $HOME/.ort/ort-results/bom.spdx.json \ | |
| --input-file $HOME/.ort/ort-results/scan-result.json" | |
| - name: Verify SBOM | |
| run: | | |
| docker run -v $PWD/:/github -v $HOME:$HOME otp \ | |
| "/github/.github/scripts/otp-compliance.es sbom test-file \ | |
| --sbom-file $HOME/.ort/ort-results/bom.spdx.json" | |
| - name: Upload SPDX SBOM result | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: spdx-sbom-result | |
| path: /home/runner/.ort/ort-results/bom.spdx.json | |
| - name: Run OSS Review Toolkit (upload) | |
| uses: oss-review-toolkit/ort-ci-github-action@1805edcf1f4f55f35ae6e4d2d9795ccfb29b6021 # ratchet:oss-review-toolkit/[email protected] | |
| with: | |
| image: ghcr.io/oss-review-toolkit/ort-minimal:${{ env.ORT_VERSION }} | |
| run: > | |
| 'upload-results', | |
| 'upload-scan-result' | |
| sw-version: ${{ env.OTP_SBOM_VERSION }} | |
| - name: Link results | |
| run: ln -f -s scan-result.reuse.json $HOME/.ort/ort-results/current-result.json | |
| - name: Run OSS Review Toolkit (evaluator) | |
| uses: oss-review-toolkit/ort-ci-github-action@1805edcf1f4f55f35ae6e4d2d9795ccfb29b6021 # ratchet:oss-review-toolkit/[email protected] | |
| with: | |
| image: ghcr.io/oss-review-toolkit/ort-minimal:${{ env.ORT_VERSION }} | |
| run: > | |
| advisor, | |
| evaluator | |
| fail-on: ${{ github.ref_type == 'tag' && '' || 'violations,issues' }} | |
| sw-version: ${{ env.OTP_SBOM_VERSION }} | |
| vendor-analysis: | |
| name: Vendor Dependency Analysis | |
| runs-on: ubuntu-latest | |
| if: github.event_name == 'push' | |
| needs: | |
| - sbom | |
| - pack | |
| ## Needed to use Github Dependency API | |
| permissions: | |
| contents: write | |
| id-token: write | |
| steps: | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| - uses: ./.github/actions/build-base-image | |
| with: | |
| BASE_BRANCH: ${{ env.BASE_BRANCH }} | |
| - name: Download SBoM | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: ort-results-otp-${{ env.OTP_SBOM_VERSION }} | |
| - name: Generate Vendor SBOM | |
| run: | | |
| docker run -v $PWD/:/github -v $HOME:$HOME otp \ | |
| "/github/.github/scripts/otp-compliance.es sbom vendor \ | |
| --sbom-file /github/bom.spdx.json" | |
| # allows Dependabot to give us alert of the vendor libraries that use semantic versioning | |
| - name: Upload SBOM to Github Dependency API | |
| uses: advanced-security/spdx-dependency-submission-action@5530bab9ee4bbe66420ce8280624036c77f89746 # ratchet:advanced-security/[email protected] | |
| ## If this is an "OTP-*" tag that has been pushed we do some release work | |
| release: | |
| name: Release Erlang/OTP | |
| runs-on: ubuntu-latest | |
| needs: | |
| - documentation | |
| - sbom | |
| if: startsWith(github.ref, 'refs/tags/OTP-') && github.repository == 'erlang/otp' | |
| ## Needed to create releases | |
| permissions: | |
| contents: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| ## This step outputs the tag name and whether the tag is a release or patch | |
| ## (all releases have only two version identifiers, while patches have three | |
| ## or more) | |
| - name: Get Tag Name | |
| id: tag | |
| run: | | |
| TAG=${GITHUB_REF#refs/tags/} | |
| VSN=${TAG#OTP-} | |
| echo "tag=${TAG}" >> $GITHUB_OUTPUT | |
| echo "vsn=${VSN}" >> $GITHUB_OUTPUT | |
| - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # ratchet:actions/[email protected] | |
| ## Publish the pre-built archive and docs | |
| - name: Download source archive | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_prebuilt | |
| - name: Download html docs | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_doc_html | |
| - name: Download man docs | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: otp_doc_man | |
| ## We add the correct version name into the file names | |
| ## and create the hash files for all assets | |
| - name: Create pre-build and doc archives | |
| run: .github/scripts/create-artifacts.sh artifacts ${{ steps.tag.outputs.tag }} | |
| ## Create hash files | |
| - name: Create pre-build and doc archives | |
| run: | | |
| shopt -s nullglob | |
| cd artifacts | |
| FILES=$(ls {*.tar.gz,*.txt}) | |
| md5sum $FILES > MD5.txt | |
| sha256sum $FILES > SHA256.txt | |
| - name: Download SBoM | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: ort-results-otp-${{ env.OTP_SBOM_VERSION }} | |
| - name: Download ORT Scan Results | |
| uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # ratchet:actions/[email protected] | |
| with: | |
| name: ort-results-otp-${{ env.OTP_SBOM_VERSION }}-scan-result.json.zip | |
| - name: Attest Distribution Assets with SBoM | |
| id: attest-sbom | |
| uses: actions/attest-sbom@bd218ad0dbcb3e146bd073d1d9c6d78e08aa8a0b # v2 | |
| with: | |
| subject-path: | | |
| artifacts/*.tar.gz | |
| bom.*.json | |
| bom.*.yml | |
| bom.*.xml | |
| sbom-path: bom.spdx.json | |
| - name: "Copy SBoM provenance" | |
| id: sbom-provenance | |
| shell: bash | |
| run: | | |
| shopt -s nullglob | |
| mkdir attestations | |
| for FILE in artifacts/*.tar.gz bom.*.xml bom.*.json bom.*.yml; do | |
| cp "$ATTESTATION" "attestations/$(basename "$FILE").sigstore" | |
| done | |
| env: | |
| ATTESTATION: "${{ steps.attest-sbom.outputs.bundle-path }}" | |
| - name: "Assemble Distribution Attestations" | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/upload-artifact@v4 | |
| with: | |
| name: "Attestations" | |
| path: "attestations/*.sigstore" | |
| - name: Upload pre-built and doc tar archives | |
| uses: softprops/action-gh-release@72f2c25fcb47643c292f7107632f7a47c1df5cd8 # v2.3.2 | |
| with: | |
| name: OTP ${{ steps.tag.outputs.vsn }} | |
| files: | | |
| artifacts/*.tar.gz | |
| artifacts/*.txt | |
| attestations/*.sigstore | |
| scan-report-web-app.html | |
| bom.* | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Deploy on erlang.org | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.TRIGGER_ERLANG_ORG_BUILD }} | |
| run: | | |
| curl -H "Authorization: token ${GITHUB_TOKEN}" -X POST -H "Accept: application/vnd.github.v3+json" "https://api.github.com/repos/erlang/erlang-org/actions/workflows/update-gh-cache.yaml/dispatches" -d '{"ref":"master"}' | |
| event_file: | |
| name: "Event File" | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Upload | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # ratchet:actions/[email protected] | |
| with: | |
| name: Event File | |
| path: ${{ github.event_path }} |