-
Notifications
You must be signed in to change notification settings - Fork 25
223 lines (216 loc) · 9.6 KB
/
conda-cpp-build.yaml
File metadata and controls
223 lines (216 loc) · 9.6 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
on:
workflow_call:
inputs:
build_type:
description: "One of: [branch, nightly, pull-request]"
required: true
type: string
branch:
description: |
Git branch the workflow run targets.
This is required even when 'sha' is provided because it is also used for organizing artifacts.
type: string
date:
description: "Date (YYYY-MM-DD) this run is for. Used to organize artifacts produced by nightly builds"
type: string
sha:
description: "Full git commit SHA to check out"
type: string
repo:
description: "Git repo to check out, in '{org}/{repo}' form, e.g. 'rapidsai/cudf'"
type: string
node_type:
description: |
Suffix, without leading '-', indicating the type of machine to run jobs on (e.g., 'cpu4' or 'gpu-l4-latest-1').
Runner labels are of the form '{operating_system}-{arch}-{node_type}'.
See https://github.com/nv-gha-runners/enterprise-runner-configuration/blob/main/docs/runner-groups.md for a list
of valid values.
type: string
default: "cpu8"
script:
type: string
required: true
description: "Shell code to be executed in a step. Ideally this should just invoke a script managed in the repo the workflow runs from, like 'ci/build_cpp.sh'."
upload-artifacts:
type: boolean
default: true
required: false
description: "One of [true, false], true if artifacts should be uploaded to GitHub's artifact store"
matrix_filter:
description: |
jq expression which modifies the matrix.
For example, 'map(select(.ARCH == "amd64"))' to achieve "only run amd64 jobs".
type: string
default: "."
sccache-dist-request-timeout:
type: string
default: 7140
description: |
The maximum time (in seconds) the sccache client should wait for a distributed compilation to complete.
sccache-dist-token-secret-name:
type: string
required: false
description: |
The name of the secret that contains the token used to authenticate with the RAPIDS Build Engineering sccache-dist build cluster.
alternative-gh-token-secret-name:
type: string
required: false
description: |
If provided, should contain the name of a secret in the repo which holds a GitHub API token.
When this is non-empty, that secret's value is used in place of the default repo-level token
anywhere that environment variable GH_TOKEN is set. This is especially useful for downloading
artifacts from other private repos, which repo tokens do not have access to.
defaults:
run:
shell: bash
permissions:
actions: read
checks: none
contents: read
deployments: none
discussions: none
id-token: write
issues: none
packages: read
pages: none
pull-requests: read
repository-projects: none
security-events: none
statuses: none
jobs:
compute-matrix:
uses: ./.github/workflows/compute-matrix.yaml
with:
build_type: ${{ inputs.build_type }}
matrix_name: conda-cpp-build
matrix_filter: ${{ inputs.matrix_filter }}
build:
name: ${{ matrix.CUDA_VER }}, ${{ matrix.PY_VER }}, ${{ matrix.ARCH }}, ${{ matrix.LINUX_VER }}
needs: compute-matrix
timeout-minutes: 480
strategy:
fail-fast: false
matrix: ${{ fromJSON(needs.compute-matrix.outputs.matrix) }}
runs-on: "linux-${{ matrix.ARCH }}-${{ inputs.node_type }}"
env:
RAPIDS_ARTIFACTS_DIR: ${{ github.workspace }}/artifacts
container:
image: rapidsai/ci-conda:26.06-cuda${{ matrix.CUDA_VER }}-${{ matrix.LINUX_VER }}-py${{ matrix.PY_VER }}
env:
RAPIDS_BUILD_TYPE: ${{ inputs.build_type }}
steps:
- uses: aws-actions/configure-aws-credentials@ec61189d14ec14c8efccab744f656cffd0e33f37 # v6.1.0
with:
role-to-assume: ${{ vars.AWS_ROLE_ARN }}
aws-region: ${{ vars.AWS_REGION }}
role-duration-seconds: 43200 # 12h
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.sha }}
fetch-depth: 0
persist-credentials: true
- name: Standardize repository information
env:
RAPIDS_REPOSITORY: ${{ inputs.repo || github.repository }}
RAPIDS_REF_NAME: ${{ inputs.branch || github.ref_name }}
RAPIDS_NIGHTLY_DATE: ${{ inputs.date }}
run: |
{
echo "RAPIDS_REPOSITORY=${RAPIDS_REPOSITORY}"
echo "RAPIDS_SHA=$(git rev-parse HEAD)"
echo "RAPIDS_REF_NAME=${RAPIDS_REF_NAME}"
echo "RAPIDS_NIGHTLY_DATE=${RAPIDS_NIGHTLY_DATE}"
} >> "${GITHUB_ENV}"
- name: Setup proxy cache
uses: nv-gha-runners/setup-proxy-cache@main
continue-on-error: true
with:
enable-apt: true
# This has to be AFTER the checkout step. It creates a telemetry-artifacts directory,
# and the checkout step would destroy it.
- name: Telemetry setup
uses: rapidsai/shared-actions/telemetry-dispatch-setup@main
continue-on-error: true
if: ${{ vars.TELEMETRY_ENABLED == 'true' }}
env:
# DOES NOT NEED alternative-gh-token-secret-name - github.token is enough and more limited
GH_TOKEN: ${{ github.token }}
with:
extra_attributes: "rapids.PACKAGER=conda,rapids.CUDA_VER=${{ matrix.CUDA_VER }},rapids.PY_VER=${{ matrix.PY_VER }},rapids.ARCH=${{ matrix.ARCH }},rapids.LINUX_VER=${{ matrix.LINUX_VER }}"
# Install latest rapidsai/sccache client and configure sccache-dist
- name: Setup sccache-dist
uses: rapidsai/shared-actions/setup-sccache-dist@main
env:
AWS_REGION: "${{env.AWS_REGION}}"
AWS_ACCESS_KEY_ID: "${{env.AWS_ACCESS_KEY_ID}}"
AWS_SECRET_ACCESS_KEY: "${{env.AWS_SECRET_ACCESS_KEY}}"
with:
log-file: "${{ env.RAPIDS_ARTIFACTS_DIR }}/sccache.log"
request-timeout: ${{ inputs.sccache-dist-request-timeout }}
# Per the docs at https://docs.github.com/en/rest/rate-limit/rate-limit?apiVersion=2022-11-28#get-rate-limit-status-for-the-authenticated-user,
# checking '/rate_limit | jq .' should not itself count against any rate limits.
#
# gh CLI is pre-installed on Github-hosted runners, but may not be on self-hosted runners.
- name: Check GitHub API rate limits
run: |
if ! type gh >/dev/null; then
echo "'gh' CLI is not installed... skipping rate-limits check"
else
gh api /rate_limit | jq .
fi
env:
# NEEDS alternative-gh-token-secret-name - API limits need to be for whatever token is used for upload/download. Repo token may be a different pool for rate limits.
GH_TOKEN: ${{ inputs.alternative-gh-token-secret-name && secrets[inputs.alternative-gh-token-secret-name] || github.token }} # zizmor: ignore[overprovisioned-secrets]
- name: C++ build
id: cpp-build
run: |
ulimit -n "$(ulimit -Hn)"
# shellcheck disable=SC1090
source "${INPUTS_SCRIPT}"
# Capture RAPIDS_PACKAGE_NAME if set by the build script
if [[ -n "${RAPIDS_PACKAGE_NAME:-}" ]]; then
echo "rapids-package-name=${RAPIDS_PACKAGE_NAME}" >> "${GITHUB_OUTPUT}"
fi
env:
INPUTS_SCRIPT: "${{ inputs.script }}"
STEP_NAME: "C++ build"
# NEEDS alternative-gh-token-secret-name - may require a token with more permissions
GH_TOKEN: ${{ inputs.alternative-gh-token-secret-name && secrets[inputs.alternative-gh-token-secret-name] || github.token }} # zizmor: ignore[overprovisioned-secrets]
- name: Get Package Name and Location
if: ${{ inputs.upload-artifacts }}
env:
# Pass RAPIDS_PACKAGE_NAME from cpp-build step if available
RAPIDS_PACKAGE_NAME: ${{ steps.cpp-build.outputs.rapids-package-name }}
run: |
# Use RAPIDS_PACKAGE_NAME from build step if available, otherwise generate default
if [[ -n "${RAPIDS_PACKAGE_NAME:-}" ]]; then
echo "RAPIDS_PACKAGE_NAME=${RAPIDS_PACKAGE_NAME}" >> "${GITHUB_OUTPUT}"
else
echo "RAPIDS_PACKAGE_NAME=$(RAPISD_NO_PKG_EXTENSION=true rapids-package-name conda_cpp)" >> "${GITHUB_OUTPUT}"
fi
echo "CONDA_OUTPUT_DIR=${RAPIDS_CONDA_BLD_OUTPUT_DIR}" >> "${GITHUB_OUTPUT}"
id: package-name
- name: Show files to be uploaded
if: ${{ inputs.upload-artifacts }}
env:
CONDA_OUTPUT_DIR: ${{ steps.package-name.outputs.CONDA_OUTPUT_DIR }}
run: |
echo "Contents of directory to be uploaded:"
ls -R "${CONDA_OUTPUT_DIR}"
- uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7
if: ${{ inputs.upload-artifacts }}
with:
if-no-files-found: 'error'
name: ${{ steps.package-name.outputs.RAPIDS_PACKAGE_NAME }}
path: ${{ steps.package-name.outputs.CONDA_OUTPUT_DIR }}
- name: Upload additional artifacts
if: "!cancelled()"
run: rapids-upload-artifacts-dir "cuda${RAPIDS_CUDA_VERSION%%.*}_$(arch)"
- name: Telemetry upload attributes
uses: rapidsai/shared-actions/telemetry-dispatch-stash-job-artifacts@main
continue-on-error: true
if: ${{ vars.TELEMETRY_ENABLED == 'true' }}
env:
# DOES NOT NEED alternative-gh-token-secret-name - github.token is enough and more limited
GH_TOKEN: ${{ github.token }}