review comments, testing CI before force pushing

Change-Id: I427b80d35f18e3fc4b92518506c82c885acfafa0 Signed-off-by: Tom Proctor <tomhjp@users.noreply.github.com>
2 days ago · 8222708d78
parent d9e6ba08df
commit 8222708d78
2 changed files with 15 additions and 18 deletions
--- a/.github/actions/go-cache/action.sh
+++ b/.github/actions/go-cache/action.sh
@ -26,6 +26,8 @@ JWT="$(curl -sSL -H "Authorization: Bearer $ACTIONS_ID_TOKEN_REQUEST_TOKEN" "${A
 # cigocached serves a TLS cert with an FQDN, but DNS is based on VM name.
 HOST_AND_PORT="${URL#http*://}"
 FIRST_LABEL="${HOST_AND_PORT/.*/}"
+# Save CONNECT_TO for later steps to use.
+echo "CONNECT_TO=${HOST_AND_PORT}:${FIRST_LABEL}:" >> "${GITHUB_ENV}"
 BODY="$(jq -n --arg jwt "$JWT" '{"jwt": $jwt}')"
 CIGOCACHER_TOKEN="$(curl -sSL --connect-to "$HOST_AND_PORT:$FIRST_LABEL:" -H "Content-Type: application/json" "$URL/auth/exchange-token" -d "$BODY" | jq -r .access_token)"
 if [ -z "$CIGOCACHER_TOKEN" ]; then
@ -38,12 +40,9 @@ fi
 # TODO(tomhjp): bake cigocacher into runner image and use it for auth.
 echo "Fetched cigocacher token successfully"
 echo "::add-mask::${CIGOCACHER_TOKEN}"
+echo "CIGOCACHER_TOKEN=${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}"

-BIN_NAME="cigocacher"
-if [[ "${RUNNER_OS:-}" == "Windows" ]]; then
-    BIN_NAME="cigocacher.exe"
-fi
-BIN_PATH="${RUNNER_TEMP:-/tmp}/${BIN_NAME}"
+BIN_PATH="${RUNNER_TEMP:-/tmp}/cigocacher$(go env GOEXE)"

 go build -o "${BIN_PATH}" ./cmd/cigocacher
 echo "GOCACHEPROG=${BIN_PATH} --cache-dir ${CACHE_DIR} --cigocached-url ${URL} --token ${CIGOCACHER_TOKEN}" >> "${GITHUB_ENV}"
--- a/.github/workflows/test.yml
+++ b/.github/workflows/test.yml
@ -2,10 +2,6 @@
 # both PRs and merged commits, and for the latter reports failures to slack.
 name: CI

-permissions:
-  id-token: write # This is required for requesting the JWT
-  contents: read # This is required for actions/checkout
-
 env:
  # Our fuzz job, powered by OSS-Fuzz, fails periodically because we upgrade to
  # new Go versions very eagerly. OSS-Fuzz is a little more conservative, and
@ -212,9 +208,12 @@ jobs:
        find $(go env GOCACHE) -type f -mmin +90 -delete

  windows:
-    # windows-8vpu is a 2022 GitHub-managed runner in our
-    # org with 8 cores and 32 GB of RAM:
-    # https://github.com/organizations/tailscale/settings/actions/github-hosted-runners/1
+    permissions:
+      id-token: write # This is required for requesting the GitHub action identity JWT that can auth to cigocached
+      contents: read # This is required for actions/checkout
+    # ci-windows-github-1 is a 2022 GitHub-managed runner in our org with 8 cores
+    # and 32 GB of RAM. It is connected to a private Azure VNet that hosts cigocached.
+    # https://github.com/organizations/tailscale/settings/actions/github-hosted-runners/5
    runs-on: ci-windows-github-1
    needs: gomod-cache
    name: Windows (${{ matrix.name || matrix.shard}})
@ -247,7 +246,7 @@ jobs:
        key: ${{ needs.gomod-cache.outputs.cache-key }}
        enableCrossOsArchive: true

-    - name: Setup cigocacher
+    - name: Set up cigocacher
      id: cigocacher-setup
      uses: ./src/.github/actions/go-cache
      with:
@ -268,12 +267,11 @@ jobs:
      # the equals signs cause great confusion.
      run: go test ./... -bench . -benchtime 1x -run "^$"

-    - name: Tidy cache
-      shell: pwsh
+    - name: Print stats
+      shell: bash
+      if: steps.cigocacher-setup.outputs.success == 'true'
      run: |
-        Get-ChildItem -Path cigocacher -File -Recurse |
-          Where-Object { $_.LastAccessTime -lt (Get-Date).AddMinutes(-90) } |
-          Remove-Item -Force
+        curl -sSL --connect-to "${CONNECT_TO}" -H "Authorization: Bearer ${CIGOCACHER_TOKEN}" "${{ vars.CIGOCACHED_AZURE_URL }}/session/stats" | jq .

  win-tool-go:
    runs-on: windows-latest