1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
|
name: Verify devcontainers
on:
workflow_call:
defaults:
run:
shell: bash -euo pipefail {0}
permissions:
contents: read
jobs:
get-devcontainer-list:
name: Verify devcontainer files are up-to-date
outputs:
devcontainers: ${{ steps.get-list.outputs.devcontainers }}
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Setup jq and yq
run: |
sudo apt-get update
sudo apt-get install jq -y
sudo wget -O /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.34.2/yq_linux_amd64
sudo chmod +x /usr/local/bin/yq
- name: Run the script to generate devcontainer files
run: |
./.devcontainer/make_devcontainers.sh --verbose
- name: Check for changes
run: |
if [[ $(git diff --stat) != '' || $(git status --porcelain | grep '^??') != '' ]]; then
git diff --minimal
git status --porcelain
echo "::error:: Dev Container files are out of date or there are untracked files. Run the .devcontainer/make_devcontainers.sh script and commit the changes."
exit 1
else
echo "::note::Dev Container files are up-to-date."
fi
- name: Get list of devcontainer.json paths and names
id: get-list
run: |
devcontainers=$(find .devcontainer/ -name 'devcontainer.json' | while read -r devcontainer; do
jq --arg path "$devcontainer" '{path: $path, name: .name}' "$devcontainer"
done | jq -s -c .)
echo "devcontainers=${devcontainers}" | tee --append "${GITHUB_OUTPUT}"
verify-devcontainers:
needs: get-devcontainer-list
name: ${{matrix.devcontainer.name}}
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
devcontainer: ${{fromJson(needs.get-devcontainer-list.outputs.devcontainers)}}
permissions:
id-token: write
contents: read
steps:
- name: Check out the code
uses: actions/checkout@v3
# devcontainer/ci doesn't supported nested devcontainer.json files, so we need to copy the devcontainer.json
# file to the top level .devcontainer/ directory
- name: Copy devcontainer.json to .devcontainer/
run: |
src="${{ matrix.devcontainer.path }}"
dst=".devcontainer/devcontainer.json"
if [[ "$src" != "$dst" ]]; then
cp "$src" "$dst"
fi
# We don't really need sccache configured, but we need the AWS credentials envvars to be set
# in order to avoid the devcontainer hanging waiting for GitHub authentication
- name: Get AWS credentials for sccache bucket
uses: aws-actions/configure-aws-credentials@v2
with:
role-to-assume: arn:aws:iam::279114543810:role/gha-oidc-NVIDIA
aws-region: us-east-2
role-duration-seconds: 43200 # 12 hours)
- name: Set environment variables
run: |
echo "SCCACHE_BUCKET=rapids-sccache-devs" >> $GITHUB_ENV
echo "SCCACHE_REGION=us-east-2" >> $GITHUB_ENV
echo "SCCACHE_IDLE_TIMEOUT=32768" >> $GITHUB_ENV
echo "SCCACHE_S3_USE_SSL=true" >> $GITHUB_ENV
echo "SCCACHE_S3_NO_CREDENTIALS=false" >> $GITHUB_ENV
- name: Run in devcontainer
uses: devcontainers/ci@v0.3
with:
push: never
env: |
SCCACHE_REGION=${{ env.SCCACHE_REGION }}
AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }}
AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }}
AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }}
runCmd: |
.devcontainer/verify_devcontainer.sh
|
