Skip to content

chore(deps): update Bazel to v7 #2900

chore(deps): update Bazel to v7

chore(deps): update Bazel to v7 #2900

Workflow file for this run

name: "gha: macOS & Windows"
# Build on pull requests and pushes to `main`. The PR builds will be
# non-blocking for now, but that is configured elsewhere.
on:
# Start these builds on pushes (think "after the merge") too. Normally there
# are no `ci-gha**` branches in our repository. The contributors to the repo
# can create such branches when testing or troubleshooting builds. In such
# branches we can disable builds (to speed up the testing) or add new ones,
# without impacting the rest of the team.
push:
branches: [ 'v[2-9]**', 'ci-gha**' ]
# Start the build in the context of the target branch. This is considered
# "safe", as the workflow files are already committed. These types of builds
# have access to the secrets in the build, which we need to use the remote
# caches (Bazel and sccache).
pull_request_target:
types:
- opened
- synchronize
- reopened
schedule:
- cron: '0 5 * * 1,2,3,4,5'
workflow_dispatch:
# Cancel in-progress runs of the workflow if somebody adds a new commit to the
# PR or branch. That reduces billing, but it creates more noise about cancelled
# jobs
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.head.label || github.head_ref || github.ref }}
cancel-in-progress: true
jobs:
pre-flight:
# For external contributors, run the build in the `external` environment.
# This requires manual approval from a contributor. It also saves the
# `ref` of the pull request, so downstream jobs know what to checkout.
environment: >-
${{
(github.event_name != 'pull_request_target' && 'internal') ||
(github.event.pull_request.head.repo.full_name == github.repository && 'internal') ||
(contains(fromJSON(vars.TRUSTED_FORKS), github.actor) && 'internal') ||
'external'
}}
name: Require Approval for External PRs
runs-on: ubuntu-latest
outputs:
checkout-sha: ${{ steps.save-pull-request.outputs.sha }}
steps:
- name: Save Pull Request
id: save-pull-request
run: >
echo "sha=${{ github.event.pull_request.head.sha || github.ref }}" >> $GITHUB_OUTPUT
# Run other jobs once the `pre-flight` job passes. When the `pre-flight`
# job requires approval, these blocks all the other jobs. The jobs are defined
# in separate files to keep the size of this file under control. Note how
# the additional jobs inherit any secrets needed to use the remote caches and
# receive what version to checkout as an input.
external-account-integration:
name: External Account Integration
needs: [pre-flight]
uses: ./.github/workflows/external-account-integration.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: macOS-Bazel
needs: [pre-flight]
uses: ./.github/workflows/macos-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
windows-bazel:
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
if: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
name: Windows-Bazel
needs: [pre-flight]
uses: ./.github/workflows/windows-bazel.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
secrets: inherit
macos-cmake:
name: macOS-CMake
needs: [pre-flight]
uses: ./.github/workflows/macos-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit
windows-cmake:
name: Windows-CMake
needs: [pre-flight]
uses: ./.github/workflows/windows-cmake.yml
with:
checkout-ref: ${{ needs.pre-flight.outputs.checkout-sha }}
# Build the full matrix only on push events to the default branch, or
# when PR gets the has a `gha:full-build` label, or when it had the
# label already and it gets a new commit.
full-matrix: |-
${{
github.event_name == 'schedule' ||
github.event_name == 'push' ||
github.event_name == 'workflow_dispatch' ||
contains(github.event.pull_request.labels.*.name, 'gha:full-build')
}}
secrets: inherit