.github/workflows/build_packages.yml - 3p/openxla/iree - Git at Google

 # Builds binary packages

 name: Build Packages

 on:
   workflow_call:
   # Note: this workflow is typically invoked by schedule_candidate_release.yml.
   workflow_dispatch:
     inputs:
       package_version:
         description: "Version of the package"
         required: true
         default: "0.1a1"
       release_id:
         description: "Release id to upload artifacts to"
         default: ""
       commit:
         description: "Commit to check out"
         default: ""
   pull_request:
   push:
     branches:
       - main

 concurrency:
   # A PR number if a pull request and otherwise the commit hash. This cancels
   # queued and in-progress runs for the same PR (presubmit) or commit
   # (postsubmit).
   group: build_packages_${{ github.event.number || github.sha }}
   cancel-in-progress: true

 # Jobs are organized into groups and topologically sorted by dependencies
 jobs:
   build:
     runs-on: ubuntu-20.04-64core
     steps:
       - name: "Checking out repository"
         uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v2.5.0
         with:
           ref: ${{ github.event.inputs.commit }}

       - id: "gcp-auth"
         name: "Authenticating to Google Cloud"
         if: github.event_name != 'pull_request'
         uses: "google-github-actions/auth@v1"
         with:
           token_format: "access_token"
           credentials_json: "${{ secrets.IREE_OSS_GITHUB_RUNNER_BASIC_TRUST_SERVICE_ACCOUNT_KEY }}"
           create_credentials_file: true

       - name: "Setting up Python"
         uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3
         with:
           python-version: "3.10"

       - name: Sync and install versions
         run: |
           # Since only building the runtime, exclude compiler deps (expensive).
           python ./sync_deps.py --depth 1 --submodules-depth 1 --exclude-submodule "iree:third_party/(llvm|mlir-hlo)"

       - name: Build Packages (Linux)
         env:
           # Note if gcp-auth didn't run, this will be empty because GitHub
           # Actions generally just fails silently. Useful, in this case.
           GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-auth.outputs.credentials_file_path }}
           # GitHub Actions horrible excuse for a ternary
           write_caches: ${{ github.event_name != 'pull_request' && 1 || 0 }}
           package_suffix: ${{ github.event.inputs.package_suffix }}
           output_dir: "${{ github.workspace }}/bindist"
         run: |
           set -euo pipefail
           echo "${write_caches}"
           ./build_tools/ci/build_linux_packages.sh

       - uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
         with:
           path: |
             bindist/*
             bindist/**/*
           retention-days: 5

       - name: Upload Release Assets
         if: github.event.inputs.release_id != ''
         id: upload-release-assets
         uses: dwenegar/upload-release-assets@5bc3024cf83521df8ebfadf00ad0c4614fd59148 # v1
         env:
           GITHUB_TOKEN: ${{ secrets.WRITE_ACCESS_TOKEN }}
         with:
           release_id: ${{ github.event.inputs.release_id }}
           # Only upload plugin artifacts.
           assets_path: ./bindist/openxla_pjrt*.*

   publish:
     name: "Trigger publish release"
     needs: build
     if: github.event.inputs.release_id != ''
     runs-on: ubuntu-20.04
     steps:
       - name: "Invoke workflow :: Publish Release"
         uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2.2
         with:
           workflow: Publish Release
           token: ${{ secrets.WRITE_ACCESS_TOKEN }}
           ref: "${{ env.tag_name }}"
           inputs: '{"release_id": "${{ github.event.inputs.release_id }}", "package_version": "${{ github.event.inputs.package_version }}", "build_run_id": "${{ github.run_id }}"}'
	# Builds binary packages

	name: Build Packages

	on:
	workflow_call:
	# Note: this workflow is typically invoked by schedule_candidate_release.yml.
	workflow_dispatch:
	inputs:
	package_version:
	description: "Version of the package"
	required: true
	default: "0.1a1"
	release_id:
	description: "Release id to upload artifacts to"
	default: ""
	commit:
	description: "Commit to check out"
	default: ""
	pull_request:
	push:
	branches:
	- main

	concurrency:
	# A PR number if a pull request and otherwise the commit hash. This cancels
	# queued and in-progress runs for the same PR (presubmit) or commit
	# (postsubmit).
	group: build_packages_${{ github.event.number \|\| github.sha }}
	cancel-in-progress: true

	# Jobs are organized into groups and topologically sorted by dependencies
	jobs:
	build:
	runs-on: ubuntu-20.04-64core
	steps:
	- name: "Checking out repository"
	uses: actions/checkout@e2f20e631ae6d7dd3b768f56a5d2af784dd54791 # v2.5.0
	with:
	ref: ${{ github.event.inputs.commit }}

	- id: "gcp-auth"
	name: "Authenticating to Google Cloud"
	if: github.event_name != 'pull_request'
	uses: "google-github-actions/auth@v1"
	with:
	token_format: "access_token"
	credentials_json: "${{ secrets.IREE_OSS_GITHUB_RUNNER_BASIC_TRUST_SERVICE_ACCOUNT_KEY }}"
	create_credentials_file: true

	- name: "Setting up Python"
	uses: actions/setup-python@75f3110429a8c05be0e1bf360334e4cced2b63fa # v2.3.3
	with:
	python-version: "3.10"

	- name: Sync and install versions
	run: \|
	# Since only building the runtime, exclude compiler deps (expensive).
	python ./sync_deps.py --depth 1 --submodules-depth 1 --exclude-submodule "iree:third_party/(llvm\|mlir-hlo)"

	- name: Build Packages (Linux)
	env:
	# Note if gcp-auth didn't run, this will be empty because GitHub
	# Actions generally just fails silently. Useful, in this case.
	GOOGLE_APPLICATION_CREDENTIALS: ${{ steps.gcp-auth.outputs.credentials_file_path }}
	# GitHub Actions horrible excuse for a ternary
	write_caches: ${{ github.event_name != 'pull_request' && 1 \|\| 0 }}
	package_suffix: ${{ github.event.inputs.package_suffix }}
	output_dir: "${{ github.workspace }}/bindist"
	run: \|
	set -euo pipefail
	echo "${write_caches}"
	./build_tools/ci/build_linux_packages.sh

	- uses: actions/upload-artifact@0b7f8abb1508181956e8e162db84b466c27e18ce # v3.1.2
	with:
	path: \|
	bindist/*
	bindist/*/
	retention-days: 5

	- name: Upload Release Assets
	if: github.event.inputs.release_id != ''
	id: upload-release-assets
	uses: dwenegar/upload-release-assets@5bc3024cf83521df8ebfadf00ad0c4614fd59148 # v1
	env:
	GITHUB_TOKEN: ${{ secrets.WRITE_ACCESS_TOKEN }}
	with:
	release_id: ${{ github.event.inputs.release_id }}
	# Only upload plugin artifacts.
	assets_path: ./bindist/openxla_pjrt.

	publish:
	name: "Trigger publish release"
	needs: build
	if: github.event.inputs.release_id != ''
	runs-on: ubuntu-20.04
	steps:
	- name: "Invoke workflow :: Publish Release"
	uses: benc-uk/workflow-dispatch@798e70c97009500150087d30d9f11c5444830385 # v1.2.2
	with:
	workflow: Publish Release
	token: ${{ secrets.WRITE_ACCESS_TOKEN }}
	ref: "${{ env.tag_name }}"
	inputs: '{"release_id": "${{ github.event.inputs.release_id }}", "package_version": "${{ github.event.inputs.package_version }}", "build_run_id": "${{ github.run_id }}"}'