From f4cf44899d5716181d3b55f908ba7788f36db7c8 Mon Sep 17 00:00:00 2001
From: Dilum Aluthge <dilum@aluthge.com>
Date: Mon, 4 Oct 2021 13:42:46 -0400
Subject: [PATCH] CI (Buildkite): upload musl64 nightly binaries to S3
---
.buildkite/pipelines/main/0_webui.yml | 4 +-
.buildkite/pipelines/main/upload_s3/musl.yml | 43 +++++++++++++++++++
.../main/upload_s3/musl.yml.signature | 1 +
3 files changed, 47 insertions(+), 1 deletion(-)
create mode 100644 .buildkite/pipelines/main/upload_s3/musl.yml
create mode 100644 .buildkite/pipelines/main/upload_s3/musl.yml.signature
diff --git a/.buildkite/pipelines/main/0_webui.yml b/.buildkite/pipelines/main/0_webui.yml
index af68158f9a51f..79eefd909bdc4 100644
--- a/.buildkite/pipelines/main/0_webui.yml
+++ b/.buildkite/pipelines/main/0_webui.yml
@@ -19,5 +19,7 @@ steps:
# Our signed pipelines must have a `signature` or `signature_file` parameter that
# verifies the treehash of the pipeline itself and the inputs listed in `inputs`
signed_pipelines:
- - pipeline: .buildkite/pipelines/main/misc/signed_pipeline_test.yml
+ - pipeline: .buildkite/pipelines/main/misc/signed_pipeline_test.yml
signature_file: .buildkite/pipelines/main/misc/signed_pipeline_test.yml.signature
+ - pipeline: .buildkite/pipelines/main/upload_s3/musl.yml
+ signature_file: .buildkite/pipelines/main/upload_s3/musl.yml.signature
diff --git a/.buildkite/pipelines/main/upload_s3/musl.yml b/.buildkite/pipelines/main/upload_s3/musl.yml
new file mode 100644
index 0000000000000..ab2b9a0c821c3
--- /dev/null
+++ b/.buildkite/pipelines/main/upload_s3/musl.yml
@@ -0,0 +1,43 @@
+agents:
+ queue: "julia"
+ # Only run on `sandbox.jl` machines (not `docker`-isolated ones) since we need nestable sandboxing
+ sandbox.jl: "true"
+ os: "linux"
+
+steps:
+ - label: "upload_s3_musl64"
+ key: upload_s3_musl64
+ depends_on: package_musl64
+ if: |
+ (pipeline.slug == "julia-master") && (build.branch == "master") && (build.pull_request.id == null)
+ commands: |
+ echo "--- Print the full and short commit hashes"
+ SHORT_COMMIT_LENGTH=10
+ SHORT_COMMIT=`echo $${BUILDKITE_COMMIT:?} | cut -c1-$${SHORT_COMMIT_LENGTH:?}`
+ ARTIFACT_FILENAME="julia-$${SHORT_COMMIT:?}-musl64.tar.gz"
+
+ echo "--- Download build artifacts"
+ rm -rf $${ARTIFACT_FILENAME:?}
+ buildkite-agent artifact download $${ARTIFACT_FILENAME:?} .
+
+ echo "--- Upload build artifacts to S3"
+ # Upload to the following URL:
+ # https://julialangnightlies-s3.julialang.org/bin/linux/x64/julia-latest-musl64.tar.gz
+ export NEW_ARTIFACT_FILENAME="julia-latest-musl64.tar.gz"
+ export BUILDKITE_ARTIFACT_UPLOAD_DESTINATION="s3://julialangnightlies-s3/bin/linux/x64"
+ export BUILDKITE_S3_DEFAULT_REGION="us-east-1"
+ if [[ "$${ARTIFACT_FILENAME:?}" != "$${NEW_ARTIFACT_FILENAME:?}" ]]; then
+ mv $${ARTIFACT_FILENAME:?} $${NEW_ARTIFACT_FILENAME:?}
+ fi
+
+ # From the Buildkite documentation:
+ # > By default the agent will create objects with public-read permissions, so that
+ # > clicking on an artifact link in the Buildkite web interface can go directly to the
+ # > S3 object to be viewed in the browser.
+
+ buildkite-agent artifact upload $${ARTIFACT_FILENAME:?}
+ timeout_in_minutes: 60
+
+# We must accept the signed job id secret in order to propagate secrets
+env:
+ BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET: ${BUILDKITE_PLUGIN_CRYPTIC_BASE64_SIGNED_JOB_ID_SECRET?}
diff --git a/.buildkite/pipelines/main/upload_s3/musl.yml.signature b/.buildkite/pipelines/main/upload_s3/musl.yml.signature
new file mode 100644
index 0000000000000..1a82b1012a686
--- /dev/null
+++ b/.buildkite/pipelines/main/upload_s3/musl.yml.signature
@@ -0,0 +1 @@
+Salted__j� �iE��.������Z9���3r~�G�Mւ�a�?���L,����^o��
�%����Z����8���2zX�h��p���J
�j���7���
\ No newline at end of file