fix: remove invalid step-level permissions syntax #303
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: MSVC Build | |
| on: | |
| push: | |
| branches: [ '*' ] | |
| pull_request: | |
| branches: [ '*' ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: windows-2025 | |
| env: | |
| THRIFT_BUILD_DIR: C:\thrift-build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd | |
| - name: Ensure expected workspace path | |
| shell: pwsh | |
| run: | | |
| if (-not (Test-Path 'C:\src')) { New-Item -Path 'C:\src' -ItemType Directory | Out-Null } | |
| if (Test-Path 'C:\src\thrift') { Remove-Item 'C:\src\thrift' -Recurse -Force } | |
| cmd /c mklink /J C:\src\thrift $env:GITHUB_WORKSPACE | |
| - name: Configure build output directory | |
| shell: pwsh | |
| run: | | |
| New-Item -Path $env:THRIFT_BUILD_DIR -ItemType Directory -Force | Out-Null | |
| - name: Set Docker image name | |
| shell: pwsh | |
| env: | |
| OWNER: ${{ github.repository_owner }} | |
| run: | | |
| $image = "ghcr.io/{0}/thrift-build" -f $env:OWNER.ToLower() | |
| "DOCKER_IMAGE=$image" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| - name: Compute Docker image tag | |
| shell: pwsh | |
| run: | | |
| $hash = (Get-FileHash -Algorithm SHA256 'build/docker/msvc/Dockerfile').Hash.ToLower().Substring(0, 12) | |
| "IMAGE_TAG=msvc-$hash" | Out-File -FilePath $env:GITHUB_ENV -Append | |
| - name: Log in to GHCR | |
| if: github.event_name != 'pull_request' | |
| uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Pull cached image | |
| id: pull_cached | |
| continue-on-error: true | |
| timeout-minutes: 10 | |
| shell: pwsh | |
| run: | | |
| $needBuild = $true | |
| Write-Host "Attempting to pull hash-based tag: $($env:DOCKER_IMAGE):$($env.IMAGE_TAG)" | |
| $output = docker pull "$($env.DOCKER_IMAGE):$($env.IMAGE_TAG)" 2>&1 | |
| $output | Out-Host | |
| if ($LASTEXITCODE -eq 0) { | |
| Write-Host "Successfully pulled cached image with hash tag" | |
| $needBuild = $false | |
| } elseif ($output -match 'not found|does not exist|404') { | |
| Write-Host "Image not found in registry, will build from scratch." | |
| $needBuild = $true | |
| } else { | |
| Write-Host "##[error]Docker pull failed with unexpected error. Check logs above." | |
| Write-Host "This may indicate an authentication issue, registry problem, or network error." | |
| exit 1 | |
| } | |
| Write-Host "Setting outputs: need_build=$needBuild" | |
| "need_build=$needBuild" >> $env:GITHUB_OUTPUT | |
| - name: Build Docker image | |
| if: steps.pull_cached.outputs.need_build == 'true' | |
| timeout-minutes: 60 | |
| shell: pwsh | |
| run: | | |
| Write-Host "Building with tag: $($env:DOCKER_IMAGE):$($env:IMAGE_TAG)" | |
| docker build -t "$($env:DOCKER_IMAGE):$($env:IMAGE_TAG)" -f build\docker\msvc\Dockerfile 'build\' | |
| if ($LASTEXITCODE -ne 0) { | |
| Write-Error "Docker build failed" | |
| exit 1 | |
| } | |
| Write-Host "Verifying tags were created:" | |
| docker images "$($env:DOCKER_IMAGE)" | |
| - name: Push Docker image | |
| if: github.event_name != 'pull_request' && steps.pull_cached.outputs.need_build == 'true' | |
| timeout-minutes: 20 | |
| shell: pwsh | |
| run: | | |
| Write-Host "Pushing hash-based tag only: $($env:DOCKER_IMAGE):$($env:IMAGE_TAG)" | |
| docker push "$($env:DOCKER_IMAGE):$($env:IMAGE_TAG)" | |
| if ($LASTEXITCODE -ne 0) { | |
| Write-Error "Failed to push hash-based tag" | |
| exit 1 | |
| } | |
| Write-Host "Successfully pushed hash-tagged image" | |
| - name: Build and test inside container | |
| timeout-minutes: 120 | |
| shell: pwsh | |
| run: | | |
| docker run -v c:\src\thrift:C:\Thrift -v "${env:THRIFT_BUILD_DIR}:C:\build" --rm -t "$($env:DOCKER_IMAGE):$($env:IMAGE_TAG)" c:\thrift\build\docker\msvc\build.bat | |
| if ($LASTEXITCODE -ne 0) { | |
| Write-Error "Container build failed with exit code $LASTEXITCODE" | |
| exit $LASTEXITCODE | |
| } | |
| - name: Check test results | |
| if: always() | |
| shell: pwsh | |
| run: | | |
| $logPath = Join-Path $env:THRIFT_BUILD_DIR 'Testing\Temporary\LastTest.log' | |
| if (Test-Path $logPath) { | |
| $content = Get-Content $logPath -Raw | |
| if ($content -match 'Test Failed\.') { | |
| Write-Error "Tests failed - check LastTest.log artifact for details" | |
| exit 1 | |
| } else { | |
| Write-Host "All tests passed" | |
| } | |
| } else { | |
| Write-Error "LastTest.log not found at $logPath" | |
| exit 1 | |
| } | |
| - name: Upload LastTest log | |
| if: always() | |
| uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f | |
| with: | |
| name: msvc-LastTest-log | |
| path: ${{ env.THRIFT_BUILD_DIR }}\Testing\Temporary\LastTest.log | |
| if-no-files-found: warn |