diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 8aa00d91b395a..19332c6f65b5b 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,10 +1,10 @@ name: "CodeQL" -on: - # Run the analysis once every 24 hours. The actual time does not matter - # that much, start with a time that allows for easier troubleshooting. - schedule: - - cron: '00 22 * * *' +# on: +# # Run the analysis once every 24 hours. The actual time does not matter +# # that much, start with a time that allows for easier troubleshooting. +# schedule: +# - cron: '00 22 * * *' jobs: analyze: diff --git a/.github/workflows/external-account-integration.yml b/.github/workflows/external-account-integration.yml index 7ce4cf5dda765..71596eeda637b 100644 --- a/.github/workflows/external-account-integration.yml +++ b/.github/workflows/external-account-integration.yml @@ -1,12 +1,12 @@ name: "External Account Integration" -on: - workflow_call: - inputs: - checkout-ref: - required: true - description: "The ref we want to compile" - type: string +# on: +# workflow_call: +# inputs: +# checkout-ref: +# required: true +# description: "The ref we want to compile" +# type: string permissions: contents: read diff --git a/.github/workflows/macos-bazel.yml b/.github/workflows/macos-bazel.yml index 5af5ef491eb8c..0cf4f93ec50d7 100644 --- a/.github/workflows/macos-bazel.yml +++ b/.github/workflows/macos-bazel.yml @@ -1,20 +1,20 @@ name: macOS-Bazel-Builds -on: - workflow_call: - inputs: - checkout-ref: - required: true - description: "The ref we want to compile" - type: string - bazel-cache-mode: - required: true - description: "READ_WRITE or READ_ONLY" - type: string - execute-integration-tests: - required: true - description: "Integration tests require credentials." - type: boolean +# on: +# workflow_call: +# inputs: +# checkout-ref: +# required: true +# description: "The ref we want to compile" +# type: string +# bazel-cache-mode: +# required: true +# description: "READ_WRITE or READ_ONLY" +# type: string +# execute-integration-tests: +# required: true +# description: "Integration tests require credentials." +# type: boolean permissions: contents: read diff --git a/.github/workflows/macos-cmake.yml b/.github/workflows/macos-cmake.yml index 38e20058dce57..7070d117b83ca 100644 --- a/.github/workflows/macos-cmake.yml +++ b/.github/workflows/macos-cmake.yml @@ -1,28 +1,28 @@ name: macOS-CMake-Builds -on: - workflow_call: - inputs: - checkout-ref: - required: true - description: "The ref we want to compile" - type: string - full-matrix: - required: true - description: "Build the full matrix" - type: boolean - sccache-mode: - required: true - description: "READ_WRITE or DISABLED" - type: string - vcpkg-cache-mode: - required: true - description: "read or readwrite" - type: string - execute-integration-tests: - required: true - description: "Integration tests require credentials." - type: boolean +# on: +# workflow_call: +# inputs: +# checkout-ref: +# required: true +# description: "The ref we want to compile" +# type: string +# full-matrix: +# required: true +# description: "Build the full matrix" +# type: boolean +# sccache-mode: +# required: true +# description: "READ_WRITE or DISABLED" +# type: string +# vcpkg-cache-mode: +# required: true +# description: "read or readwrite" +# type: string +# execute-integration-tests: +# required: true +# description: "Integration tests require credentials." +# type: boolean permissions: contents: read diff --git a/.github/workflows/test-runner-untrusted.yml b/.github/workflows/test-runner-untrusted.yml index 0a5bc0efdf960..8f29b8e7cfa2b 100644 --- a/.github/workflows/test-runner-untrusted.yml +++ b/.github/workflows/test-runner-untrusted.yml @@ -2,17 +2,17 @@ name: "gha: macOS & Windows Untrusted" # Build on pull requests and pushes to `main`. The PR builds will be # non-blocking for now, but that is configured elsewhere. -on: - # Start the build in the context of the target branch. This is considered - # "safe", as the workflow files are already committed. These types of builds - # have access to the secrets in the build, which we need to use the remote - # caches (Bazel and sccache). - pull_request: - types: - - opened - - synchronize - - reopened - workflow_dispatch: +# on: +# # Start the build in the context of the target branch. This is considered +# # "safe", as the workflow files are already committed. These types of builds +# # have access to the secrets in the build, which we need to use the remote +# # caches (Bazel and sccache). +# pull_request: +# types: +# - opened +# - synchronize +# - reopened +# workflow_dispatch: # Cancel in-progress runs of the workflow if somebody adds a new commit to the # PR or branch. That reduces billing, but it creates more noise about cancelled diff --git a/.github/workflows/test-runner.yml b/.github/workflows/test-runner.yml index 580708aa7e488..47bfe1950e0e7 100644 --- a/.github/workflows/test-runner.yml +++ b/.github/workflows/test-runner.yml @@ -2,25 +2,25 @@ name: "gha: macOS & Windows" # Build on pull requests and pushes to `main`. The PR builds will be # non-blocking for now, but that is configured elsewhere. -on: - # Start these builds on pushes (think "after the merge") too. Normally there - # are no `ci-gha**` branches in our repository. The contributors to the repo - # can create such branches when testing or troubleshooting builds. In such - # branches we can disable builds (to speed up the testing) or add new ones, - # without impacting the rest of the team. - push: - branches: [ 'v[2-9]**', 'ci-gha**', 'prepare-for-v3.0.0' ] - # Start the build in the context of the target branch. This is considered - # "safe", as the workflow files are already committed. These types of builds - # have access to the secrets in the build, which we need to use the remote - # caches (Bazel and sccache). - pull_request_target: - types: - - opened - - synchronize - - reopened - schedule: - - cron: '0 5 * * 1,2,3,4,5' +# on: +# # Start these builds on pushes (think "after the merge") too. Normally there +# # are no `ci-gha**` branches in our repository. The contributors to the repo +# # can create such branches when testing or troubleshooting builds. In such +# # branches we can disable builds (to speed up the testing) or add new ones, +# # without impacting the rest of the team. +# push: +# branches: [ 'v[2-9]**', 'ci-gha**', 'prepare-for-v3.0.0' ] +# # Start the build in the context of the target branch. This is considered +# # "safe", as the workflow files are already committed. These types of builds +# # have access to the secrets in the build, which we need to use the remote +# # caches (Bazel and sccache). +# pull_request_target: +# types: +# - opened +# - synchronize +# - reopened +# schedule: +# - cron: '0 5 * * 1,2,3,4,5' # Cancel in-progress runs of the workflow if somebody adds a new commit to the # PR or branch. That reduces billing, but it creates more noise about cancelled diff --git a/.github/workflows/windows-bazel.yml b/.github/workflows/windows-bazel.yml index 9ac496fd2cf25..338c0296e7453 100644 --- a/.github/workflows/windows-bazel.yml +++ b/.github/workflows/windows-bazel.yml @@ -1,20 +1,20 @@ name: Windows-Builds -on: - workflow_call: - inputs: - checkout-ref: - required: true - description: "The ref we want to compile" - type: string - bazel-cache-mode: - required: true - description: "READ_WRITE or READ_ONLY" - type: string - execute-integration-tests: - required: true - description: "Integration tests require credentials." - type: boolean +# on: +# workflow_call: +# inputs: +# checkout-ref: +# required: true +# description: "The ref we want to compile" +# type: string +# bazel-cache-mode: +# required: true +# description: "READ_WRITE or READ_ONLY" +# type: string +# execute-integration-tests: +# required: true +# description: "Integration tests require credentials." +# type: boolean permissions: contents: read diff --git a/.github/workflows/windows-cmake.yml b/.github/workflows/windows-cmake.yml index 0a09fc10369af..eb75a60dced7f 100644 --- a/.github/workflows/windows-cmake.yml +++ b/.github/workflows/windows-cmake.yml @@ -1,28 +1,28 @@ name: Windows-Builds -on: - workflow_call: - inputs: - checkout-ref: - required: true - description: "The ref we want to compile" - type: string - full-matrix: - required: true - description: "Build the full matrix" - type: boolean - sccache-mode: - required: true - description: "READ_WRITE or DISABLED" - type: string - vcpkg-cache-mode: - required: true - description: "read or readwrite" - type: string - execute-integration-tests: - required: true - description: "Integration tests require credentials." - type: boolean +# on: +# workflow_call: +# inputs: +# checkout-ref: +# required: true +# description: "The ref we want to compile" +# type: string +# full-matrix: +# required: true +# description: "Build the full matrix" +# type: boolean +# sccache-mode: +# required: true +# description: "READ_WRITE or DISABLED" +# type: string +# vcpkg-cache-mode: +# required: true +# description: "read or readwrite" +# type: string +# execute-integration-tests: +# required: true +# description: "Integration tests require credentials." +# type: boolean permissions: contents: read diff --git a/ci/kokoro/macos/build.sh b/ci/kokoro/macos/build.sh index 67bdaa68c97a9..1fce612ea87d6 100755 --- a/ci/kokoro/macos/build.sh +++ b/ci/kokoro/macos/build.sh @@ -16,6 +16,49 @@ set -euo pipefail +# New debug output to confirm which script is running +echo "================================================================" +echo "== EXECUTING SCRIPT FROM 'preview-kokoro-fix' BRANCH ==" +echo "================================================================" + +# ===== START HOMEBREW FIXES ===== +echo "Attempting to fix Homebrew environment" + +# Check initial state +echo "DEBUG: Brew version before any fixes" +brew --version || echo "brew version failed" +echo "DEBUG: Brew doctor before any fixes" +brew doctor || echo "brew doctor failed" + +# 1. Fix Git Origins as suggested by brew doctor +echo "DEBUG: Setting Homebrew git origins" +git -C "/usr/local/Homebrew" remote set-url origin https://github.com/Homebrew/brew || echo "Failed to set Homebrew origin" +git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core" remote set-url origin https://github.com/Homebrew/homebrew-core || echo "Failed to set homebrew-core origin" + +# 2. Untap unnecessary taps as suggested by brew doctor +echo "DEBUG: Untapping unnecessary taps" +brew untap homebrew/cask --force || echo "Failed to untap homebrew/cask" +brew untap homebrew/core --force || echo "Failed to untap homebrew/core" +# Also untap cask-versions just in case +brew untap homebrew/cask-versions --force || echo "Failed to untap homebrew/cask-versions" + +# 3. Clean up broken symlinks +echo "DEBUG: Cleaning up Homebrew" +brew cleanup -s || echo "brew cleanup failed" + +# 4. Forcefully reset Homebrew +echo "DEBUG: Running brew update-reset" +brew update-reset + +# Check state after fixes +echo "DEBUG: Brew version after fixes" +brew --version || echo "brew version failed" +echo "DEBUG: Brew doctor after fixes" +#brew doctor || echo "brew doctor failed" + +echo "DEBUG: Homebrew environment fixes complete" +# ===== END HOMEBREW FIXES ===== + source "$(dirname "$0")/../../lib/init.sh" source module ci/lib/io.sh @@ -71,7 +114,7 @@ printf "%10s %s\n" "clang:" "$(clang --version 2>&1 | head -1)" printf "%10s %s\n" "brew:" "$(brew --version 2>&1 | head -1)" printf "%10s %s\n" "branch:" "${BRANCH}" -io::log_h2 "Brew packages" +echo "Brew packages" export HOMEBREW_NO_AUTO_UPDATE=1 export HOMEBREW_NO_INSTALL_CLEANUP=1 brew list --versions --formula diff --git a/ci/kokoro/macos/builds/cmake-vcpkg.sh b/ci/kokoro/macos/builds/cmake-vcpkg.sh index b5e50a9a8dbad..74fbcf21456f3 100755 --- a/ci/kokoro/macos/builds/cmake-vcpkg.sh +++ b/ci/kokoro/macos/builds/cmake-vcpkg.sh @@ -21,6 +21,31 @@ source module ci/etc/integration-tests-config.sh source module ci/lib/io.sh source module ci/kokoro/lib/vcpkg.sh +# ===== START HOMEBREW FIXES ===== +echo "== Attempting to fix Homebrew environment IN cmake-vcpkg.sh" + +# 1. Fix Git Origins as suggested by brew doctor +echo "== DEBUG: Setting Homebrew git origins" +git -C "/usr/local/Homebrew" remote set-url origin https://github.com/Homebrew/brew || echo "Failed to set Homebrew origin" +git -C "/usr/local/Homebrew/Library/Taps/homebrew/homebrew-core" remote set-url origin https://github.com/Homebrew/homebrew-core || echo "Failed to set homebrew-core origin" + +# 2. Untap unnecessary taps as suggested by brew doctor +echo "== DEBUG: Untapping unnecessary taps" +brew untap homebrew/cask --force || echo "Failed to untap homebrew/cask" +brew untap homebrew/core --force || echo "Failed to untap homebrew/core" +brew untap homebrew/cask-versions --force || echo "Failed to untap homebrew/cask-versions" + +# 3. Clean up broken symlinks and scrub the cache +echo "== DEBUG: Cleaning up Homebrew" +brew cleanup -s || echo "brew cleanup failed" + +# 4. Forcefully reset Homebrew +echo "== DEBUG: Running brew update-reset" +brew update-reset + +echo "== DEBUG: Homebrew environment fixes complete IN cmake-vcpkg.sh" +# ===== END HOMEBREW FIXES ===== + readonly SOURCE_DIR="." readonly BINARY_DIR="cmake-out/macos-vcpkg" @@ -28,19 +53,41 @@ NCPU="$(sysctl -n hw.logicalcpu)" readonly NCPU io::log_h2 "Update or install dependencies" -# Install bash and ninja -brew install bash ninja -# Install a specific version of CMake to match our GHA builds +io::log_h2 "DEBUG: Brew version before update" +brew --version +io::log_h2 "DEBUG: Brew doctor before update" +# brew doctor + +# Install v3.27.2 CMake +io::log_h2 "DEBUG: Before brew install for cmake" ( cd "${HOME}" + mkdir -p user/homebrew-tap/Formula + cd user/homebrew-tap + + git init + curl -fsSL -o cmake.rb https://raw.githubusercontent.com/Homebrew/homebrew-core/fd21fcf239bcd0231c9fed5719403ec128151af4/Formula/cmake.rb - brew install cmake.rb + mv cmake.rb ./Formula/ + + git add . + git commit -m "Add CMake formula" + + brew tap user/homebrew-tap "${HOME}/user/homebrew-tap" + brew uninstall cmake + brew install --build-from-source user/homebrew-tap/cmake ) +io::log_h2 "DEBUG: After brew install for cmake" io::log_h2 "Using CMake version" cmake --version +# Install bash and ninja +io::log_h2 "DEBUG: Before brew install bash ninja" +brew install bash ninja +io::log_h2 "DEBUG: After brew install bash ninja" + # Fetch vcpkg at the specified hash, download to the tmpfs directory when # running on Kokoro. if [[ -z "${KOKORO_ARTIFACTS_DIR:-}" ]]; then