11---
22name : build-and-test
33on :
4- pull_request :
4+ pull_request_target :
55 push :
66 branches :
77 - ' main'
1111permissions :
1212 contents : read
1313jobs :
14+ env-protect-setup :
15+ runs-on : ubuntu-latest
16+ outputs :
17+ env-name : ${{ steps.output.outputs.env-name }}
18+ ref : ${{ steps.output.outputs.ref }}
19+ steps :
20+ - uses : actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
21+ - id : output
22+ uses : ./.github/actions/env_protected_pr
23+ authorize :
24+ runs-on : ubuntu-latest
25+ needs : env-protect-setup
26+ environment : ${{ needs.env-protect-setup.outputs.env-name }}
27+ steps :
28+ - run : echo "Authorized"
1429 get-dev-image :
30+ needs : authorize
1531 uses : ./.github/workflows/get_image.yaml
1632 with :
1733 image-base-name : " dev_image_with_extras"
1834 clang-tidy :
19- needs : get-dev-image
20- runs-on : [self-hosted, nokvm ]
35+ runs-on : ubuntu-latest-16-cores
36+ needs : [authorize, env-protect-setup, get-dev-image ]
2137 container :
2238 image : ${{ needs.get-dev-image.outputs.image-with-tag }}
23- volumes :
24- - /etc/bazelrc:/etc/bazelrc
25- options : --cpus 16
2639 steps :
2740 - uses : actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
2841 with :
2942 fetch-depth : 0
43+ ref : ${{ needs.env-protect-setup.outputs.ref }}
3044 - name : Add pwd to git safe dir
3145 run : git config --global --add safe.directory `pwd`
3246 - name : get bazel config
3347 uses : ./.github/actions/bazelrc
48+ with :
49+ use_remote_exec : ' true'
50+ BB_API_KEY : ${{ secrets.BB_IO_API_KEY }}
3451 - name : Save Diff Info
3552 run : ./ci/save_diff_info.sh
3653 - name : Run Clang Tidy
@@ -45,24 +62,23 @@ jobs:
4562 # yamllint enable rule:indentation
4663 code-coverage :
4764 if : github.event_name == 'push'
48- needs : get-dev-image
49- runs-on : [self-hosted, nokvm]
65+ needs : [authorize, env-protect-setup, get-dev-image]
66+ runs-on : ubuntu-latest-16-cores
5067 container :
5168 image : ${{ needs.get-dev-image.outputs.image-with-tag }}
52- volumes :
53- - /etc/bazelrc:/etc/bazelrc
54- # Needs to be priviledged to enable IPV6
55- options : --cpus 16 --privileged
5669 steps :
5770 - uses : actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
5871 with :
5972 fetch-depth : 0
73+ ref : ${{ needs.env-protect-setup.outputs.ref }}
6074 - name : Add pwd to git safe dir
6175 run : git config --global --add safe.directory `pwd`
6276 - name : get bazel config
6377 uses : ./.github/actions/bazelrc
6478 with :
6579 dev : ' false'
80+ use_remote_exec : ' true'
81+ BB_API_KEY : ${{ secrets.BB_IO_API_KEY }}
6682 - name : Collect and upload coverage
6783 env :
6884 CODECOV_TOKEN : ${{ secrets.CODECOV_TOKEN }}
@@ -71,23 +87,24 @@ jobs:
7187 sysctl -w net.ipv6.conf.lo.disable_ipv6=0
7288 ./ci/collect_coverage.sh -u -b main -c "$(git rev-parse HEAD)" -r pixie-io/pixie
7389 generate-matrix :
74- needs : get-dev-image
75- runs-on : [self-hosted, nokvm]
90+ needs : [authorize, env-protect-setup, get-dev-image]
91+ runs-on : ubuntu-latest-16-cores
7692 container :
7793 image : ${{ needs.get-dev-image.outputs.image-with-tag }}
78- volumes :
79- - /etc/bazelrc:/etc/bazelrc
80- options : --cpus 16
8194 outputs :
8295 matrix : ${{ steps.set-matrix.outputs.matrix }}
8396 steps :
8497 - uses : actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
8598 with :
8699 fetch-depth : 0
100+ ref : ${{ needs.env-protect-setup.outputs.ref }}
87101 - name : Add pwd to git safe dir
88102 run : git config --global --add safe.directory `pwd`
89103 - name : get bazel config
90104 uses : ./.github/actions/bazelrc
105+ with :
106+ use_remote_exec : ' true'
107+ BB_API_KEY : ${{ secrets.BB_IO_API_KEY }}
91108 - name : Set matrix
92109 id : set-matrix
93110 shell : bash
@@ -103,22 +120,19 @@ jobs:
103120 bazel_buildables_*
104121 bazel_tests_*
105122 build-and-test :
106- needs : [get-dev-image, generate-matrix]
107- runs-on :
108- - self-hosted
109- - ${{ matrix.runner }}
123+ needs : [authorize, env-protect-setup, get-dev-image, generate-matrix]
124+ runs-on : ubuntu-latest-16-cores
110125 container :
111126 image : ${{ needs.get-dev-image.outputs.image-with-tag }}
112- volumes :
113- - /etc/bazelrc:/etc/bazelrc
114- - /var/run/docker.sock:/var/run/docker.sock
115127 options : --privileged
116128 if : ${{ needs.generate-matrix.outputs.matrix && (toJson(fromJson(needs.generate-matrix.outputs.matrix)) != '[]') }}
117129 strategy :
118130 matrix : ${{ fromJson(needs.generate-matrix.outputs.matrix) }}
119131 fail-fast : false
120132 steps :
121133 - uses : actions/checkout@8f4b7f84864484a7bf31766abe9204da3cbe65b3 # v3.5.0
134+ with :
135+ ref : ${{ needs.env-protect-setup.outputs.ref }}
122136 - name : Add pwd to git safe dir
123137 run : git config --global --add safe.directory `pwd`
124138 - uses : actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
@@ -127,11 +141,15 @@ jobs:
127141 uses : ./.github/actions/bazelrc
128142 with :
129143 dev : ' true'
144+ use_remote_exec : ' true'
145+ BB_API_KEY : ${{ secrets.BB_IO_API_KEY }}
130146 - name : get ci bazel config
131147 if : github.event_name == 'push'
132148 uses : ./.github/actions/bazelrc
133149 with :
134150 dev : ' false'
151+ use_remote_exec : ' true'
152+ BB_API_KEY : ${{ secrets.BB_IO_API_KEY }}
135153 - name : Build ${{ matrix.name }}
136154 shell : bash
137155 # yamllint disable rule:indentation
0 commit comments