lpenz / ghaction-cmake

cmake swiss army knife github docker action
MIT License
22 stars 13 forks source link

Custom apt sources #12

Open jayvdb opened 3 years ago

jayvdb commented 3 years ago

An alternative to https://github.com/lpenz/ghaction-cmake/issues/11 is to allow custom apt sources, so that users can build better -dev packages while waiting for debian to fix the problem. This has the added benefit of allowing using non-debian maintained packages, such as NVidia (https://docs.nvidia.com/datacenter/tesla/tesla-installation-notes/index.html ; although that may only work when using self-hosted runners with GPUs) and Intel (https://www.intel.com/content/www/us/en/developer/articles/guide/installing-free-libraries-and-python-apt-repo.html)

The Travis CI implementation of this was quite good, e.g.

    - sourceline: 'deb https://packagecloud.io/chef/stable/ubuntu/precise main'
      key_url: 'https://packagecloud.io/gpg.key'
jayvdb commented 2 years ago

I have been able to get all my dependencies into Debian bullseye, by using https://build.opensuse.org/ to do debian builds.

Info about it is at https://en.opensuse.org/openSUSE:Build_Service_Debian_builds

My project is https://build.opensuse.org/project/show/home:jayvdb:debian , which publishes built packages to repo https://download.opensuse.org/repositories/home:/jayvdb:/debian/Debian_11

As a result, my main use of this github action is now able to use lpenz/ghaction-cmake:0.18 instead of custom docker builds from my fork. Happy days.

My pre_command still includes a PPA, which is more finicky to create, maintain, and use, but maybe I am biased...

apt-get update \
      && DEBIAN_FRONTEND=noninteractive \
      TZ=Etc/UTC \
      apt-get install -y --no-install-recommends \
          ca-certificates \
          gnupg2 \
          sudo \
          software-properties-common \
          wget \
      && apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ED7108895311FB59 \
      && wget https://download.opensuse.org/repositories/home:/jayvdb:/debian/Debian_11/Release.key \
      && apt-key add Release.key \
      && ls /etc/apt/sources.list.d/ \
      && echo deb http://ppa.launchpad.net/jayvdb/experimental/ubuntu jammy main >> /etc/apt/sources.list.d/ppas.list \
      && echo deb http://download.opensuse.org/repositories/home:/jayvdb:/debian/Debian_11 ./ >> /etc/apt/sources.list.d/obs.list \
      && cat /etc/apt/sources.list \
      && echo deb http://deb.debian.org/debian bullseye main contrib non-free > /etc/apt/sources.list \
      && echo deb http://deb.debian.org/debian bullseye-updates main contrib non-free >> /etc/apt/sources.list

I need to check whether apt-key adv --keyserver keyserver.ubuntu.com --recv-keys ED7108895311FB59 can be replaced with a key_url approach ; probably it can.

But in any case, I intend to remove the PPA, relying only on OBS, in which case pairs of sourceline & key_url would suffice for me.

However, that design may not be ideal, because GitHub Actions doesnt support anchors and aliases, whereas Travis and GitLab CI do. See the following for some of the discussions about that:

As a result, the array of sources would need to be duplicated for each use of this github action.

There are some wonderful workarounds for the lack of anchors and aliases, but IMO use of env: & ${{ env.FOO }} is the most straight forward, however envs are not a good way to store arrays of pairs.

So I am thinking that there should be two inputs, sourcelines and key_urls which are each multi-line.

Another alternative is to put JSON into an env var, and then maybe even it can be unserialized using GHA expression fromJSON before being given to this github action as an object - not sure if GHA supports passing objects into GHAs such as this one.