From fdc6fd9cb1037d73d9f39b7536a9c4da7080dcf8 Mon Sep 17 00:00:00 2001 From: PJ Reiniger Date: Wed, 3 Jun 2026 23:16:42 -0400 Subject: [PATCH] [build][bazel] Combine remote setup CI actions (#8893) When the bazel remote cache was switched from buildbuddy to a self hosted server in #8342, I asked that the buildbuddy hooks be remain so that I could still use their caching service for local builds. The downside of this was that my forks builds aren't leveraging buildbuddy, so if I'm fiddling with something heavy like a wpimath robotpy thing, my CI builds never update a cache and never are warm when I push fixups. This PR combines the `setup-bazel-remote` and `setup-build-buddy` actions which set up the bazel remote cache. Rather than having two different version, the correct one will be choosen in the following order: 1. Use wpi's server with write access if the `bazel_remote` information is set (This basically would only happen on main branch in `wpilibsuite/allwpilib` since secrets aren't accessible from builds originating in forks) 2. Use buildbuddy if the key it is present (This would work for my fork builds) 3. Fall back to the readonly version of wpi's server As seen [here](https://github.com/bzlmodRio/allwpilib/actions/runs/25777428163/job/75712863120#step:7:28) the build in my fork will run with buildbuddy, and my PR's build here should fall back to readonly mode. --- .bazelrc | 1 - .github/actions/setup-bazel-cache/action.yml | 38 +++++++++++++++++++ .github/actions/setup-bazel-remote/action.yml | 37 ------------------ .github/actions/setup-build-buddy/action.yml | 38 ------------------- .github/workflows/bazel.yml | 34 +++++++++-------- 5 files changed, 57 insertions(+), 91 deletions(-) create mode 100644 .github/actions/setup-bazel-cache/action.yml delete mode 100644 .github/actions/setup-bazel-remote/action.yml delete mode 100644 .github/actions/setup-build-buddy/action.yml diff --git a/.bazelrc b/.bazelrc index 71960cbd9f..4978524888 100644 --- a/.bazelrc +++ b/.bazelrc @@ -68,7 +68,6 @@ build:remote_user --config=remote_cache_readonly build:remote_user --remote_download_toplevel common:ci --color=yes -build:ci --config=remote_cache build:ci --remote_download_minimal build:ci --progress_report_interval=60 --show_progress_rate_limit=60 diff --git a/.github/actions/setup-bazel-cache/action.yml b/.github/actions/setup-bazel-cache/action.yml new file mode 100644 index 0000000000..b10ec8ee76 --- /dev/null +++ b/.github/actions/setup-bazel-cache/action.yml @@ -0,0 +1,38 @@ +name: 'Setup Bazel Cache' +description: 'Configures the Bazel remote cache. Prefers WPI bazel-remote (R/W), falls back to BuildBuddy, then readonly WPI cache.' + +inputs: + bazel_remote_username: + description: 'WPI Bazel remote cache username' + bazel_remote_password: + description: 'WPI Bazel remote cache password' + bazel_remote_url: + description: 'WPI Bazel remote cache base URL (no credentials or protocol, e.g. gitlib-bazel.wpi.edu)' + default: 'gitlib-bazel.wpi.edu' + buildbuddy_token: + description: 'BuildBuddy API token' + +runs: + using: "composite" + steps: + - name: Resolve Bazel cache configuration + env: + CACHE_USER: ${{ inputs.bazel_remote_username }} + CACHE_PASS: ${{ inputs.bazel_remote_password }} + REMOTE_URL: ${{ inputs.bazel_remote_url }} + BB_TOKEN: ${{ inputs.buildbuddy_token }} + shell: bash + run: | + if [ -n "${CACHE_USER}" ] && [ -n "${CACHE_PASS}" ]; then + echo "WPI bazel-remote credentials detected; configuring R/W access" + echo "build:remote_cache --remote_cache=grpcs://${CACHE_USER}:${CACHE_PASS}@${REMOTE_URL}" > bazel_auth.rc + echo "build:ci --config=remote_cache" >> bazel_auth.rc + elif [ -n "${BB_TOKEN}" ]; then + echo "BuildBuddy token detected; configuring BuildBuddy cache" + echo "build:build_buddy --remote_header=x-buildbuddy-api-key=${BB_TOKEN}" > bazel_auth.rc + echo "build:ci --config=build_buddy" >> bazel_auth.rc + else + echo "No cache credentials detected; falling back to readonly WPI cache" + echo "build:ci --config=remote_cache" > bazel_auth.rc + echo "build:ci --config=remote_cache_readonly" >> bazel_auth.rc + fi diff --git a/.github/actions/setup-bazel-remote/action.yml b/.github/actions/setup-bazel-remote/action.yml deleted file mode 100644 index fc79bf6945..0000000000 --- a/.github/actions/setup-bazel-remote/action.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: 'Setup Bazel Remote cache' -description: 'Sets up bazel-remote cache using basic auth from GitHub secrets' - -inputs: - username: - description: 'Bazel remote cache username' - password: - description: 'Bazel remote cache password' - remote_url: - description: 'Bazel remote cache base URL (no credentials or protocol, e.g. gitlib-bazel.wpi.edu)' - default: 'gitlib-bazel.wpi.edu' - -runs: - using: "composite" - steps: - - name: Setup bazel-remote (skip when no creds) - env: - CACHE_USER: ${{ inputs.username }} - CACHE_PASS: ${{ inputs.password }} - REMOTE_URL: ${{ inputs.remote_url }} - if: ${{ env.CACHE_USER == '' || env.CACHE_PASS == '' }} - shell: bash - run: | - echo "No bazel-remote credentials detected; leaving caching as previously configured" - echo "build:ci --config=remote_cache_readonly" >> bazel_auth.rc - - - name: Setup bazel-remote (with creds) - env: - CACHE_USER: ${{ inputs.username }} - CACHE_PASS: ${{ inputs.password }} - REMOTE_URL: ${{ inputs.remote_url }} - if: ${{ env.CACHE_USER != '' && env.CACHE_PASS != '' }} - shell: bash - run: | - echo "Bazel-remote credentials detected; configuring bazel_auth.rc" - URL_WITH_CREDS="grpcs://${CACHE_USER}:${CACHE_PASS}@${REMOTE_URL}" - echo "build:remote_cache --remote_cache=${URL_WITH_CREDS}" >> bazel_auth.rc diff --git a/.github/actions/setup-build-buddy/action.yml b/.github/actions/setup-build-buddy/action.yml deleted file mode 100644 index 563bfd18b9..0000000000 --- a/.github/actions/setup-build-buddy/action.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: 'Setup BuildBuddy acache' -description: 'Sets up the build buddy cache to be readonly / writing based on the presence of environment variables' - -inputs: - token: - description: 'Build Buddy API token' - -runs: - using: "composite" - steps: - # Sets up build buddy when no secret is found for the API key. This is most likely because this is triggered from an action from a fork instead of the main allwpilib repo. - - name: Setup without key - env: - API_KEY: ${{ inputs.token }} - if: ${{ env.API_KEY == '' }} - shell: bash - run: | - echo "No API key secret detected, will setup readonly cache" - echo "build:ci --config=build_buddy_readonly" > bazel_auth.rc - - # Set up the readonly key only if this build is for a pull request. Push builds happen in the forks repository, - # so the user should set their own buildbuddy api keys up there. Only enabling it for PR's should reduce heavy - # and more random load on the cache. - if [ "${{ github.event_name }}" = "pull_request" ]; then - echo "Assuming this is a pull request from a fork. Setting up the readonly api key" - echo "build:ci --remote_header=x-buildbuddy-api-key=QIOV65PTW1tVal3AJbe7" >> bazel_auth.rc - else - echo "Not setting up readonly key for trigger ${{ github.event_name }} since this is not a pull request, it is most likely a forks push. See the buildbuddy setup guide in README-Bazel.md to set up caching on your fork" - fi - - - name: Set with key - env: - API_KEY: ${{ inputs.token }} - if: ${{ env.API_KEY != '' }} - shell: bash - run: | - echo "API Key detected!" - echo "build:build_buddy --remote_header=x-buildbuddy-api-key=${{ env.API_KEY }}" > bazel_auth.rc diff --git a/.github/workflows/bazel.yml b/.github/workflows/bazel.yml index 8ab3f96350..36c2170845 100644 --- a/.github/workflows/bazel.yml +++ b/.github/workflows/bazel.yml @@ -66,11 +66,12 @@ jobs: - uses: actions/checkout@v6 with: { fetch-depth: 0 } - - id: Setup_bazel_remote - uses: ./.github/actions/setup-bazel-remote + - id: Setup_bazel_cache + uses: ./.github/actions/setup-bazel-cache with: - username: ${{ secrets.BAZEL_CACHE_USERNAME }} - password: ${{ secrets.BAZEL_CACHE_PASSWORD }} + bazel_remote_username: ${{ secrets.BAZEL_CACHE_USERNAME }} + bazel_remote_password: ${{ secrets.BAZEL_CACHE_PASSWORD }} + buildbuddy_token: ${{ secrets.BUILDBUDDY_API_KEY }} - name: Install apt dependencies if: runner.os == 'Linux' @@ -165,14 +166,15 @@ jobs: - uses: actions/checkout@v6 with: { fetch-depth: 0 } - - id: Setup_bazel_remote - uses: ./.github/actions/setup-bazel-remote + - id: Setup_bazel_cache + uses: ./.github/actions/setup-bazel-cache with: - username: ${{ secrets.BAZEL_CACHE_USERNAME }} - password: ${{ secrets.BAZEL_CACHE_PASSWORD }} + bazel_remote_username: ${{ secrets.BAZEL_CACHE_USERNAME }} + bazel_remote_password: ${{ secrets.BAZEL_CACHE_PASSWORD }} + buildbuddy_token: ${{ secrets.BUILDBUDDY_API_KEY }} - name: Run Non-RobotPy pregeneration - run: bazel run //:write_pregenerated_files + run: bazel run --config=ci //:write_pregenerated_files - name: Check Output run: git --no-pager diff --exit-code HEAD @@ -194,21 +196,23 @@ jobs: - uses: actions/checkout@v6 with: { fetch-depth: 0 } - - id: Setup_build_buddy - uses: ./.github/actions/setup-build-buddy + - id: Setup_bazel_cache + uses: ./.github/actions/setup-bazel-cache with: - token: ${{ secrets.BUILDBUDDY_API_KEY }} + bazel_remote_username: ${{ secrets.BAZEL_CACHE_USERNAME }} + bazel_remote_password: ${{ secrets.BAZEL_CACHE_PASSWORD }} + buildbuddy_token: ${{ secrets.BUILDBUDDY_API_KEY }} # You should ensure the headers are correct before trying to pregen files - name: Test Scan Headers - run: bazel test //... -k --test_tag_filters=robotpy_scan_headers --build_tests_only + run: bazel test --config=ci //... -k --test_tag_filters=robotpy_scan_headers --build_tests_only shell: bash - name: Run yaml file generation - run: bazel run //:write_robotpy_update_yaml_files + run: bazel run --config=ci //:write_robotpy_update_yaml_files - name: Run build file generation - run: bazel run //:write_robotpy_generated_pybind_files + run: bazel run --config=ci //:write_robotpy_generated_pybind_files - name: Check Output run: git --no-pager diff --exit-code HEAD