From 795b03f04f541a688b0bc38ca7bb6b95a56a3c8c Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Thu, 7 May 2026 13:32:09 +0200 Subject: [PATCH 01/18] Use composite action --- .github/workflows/qnx-build.yml | 43 ++++++++++----------------------- 1 file changed, 13 insertions(+), 30 deletions(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index b7482f8..e7dc2e8 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -68,55 +68,38 @@ jobs: steps: - name: Checkout repository (Handle all events) - uses: actions/checkout@v4.2.2 + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 with: ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - name: Setup Bazel with shared caching - uses: bazel-contrib/setup-bazel@0.18.0 + uses: bazel-contrib/setup-bazel@c5acdfb288317d0b5c0bbd7a396a3dc868bb0f86 #v0.19.0 with: disk-cache: ${{ inputs.bazel-disk-cache }} repository-cache: true bazelisk-cache: true cache-save: ${{ github.event_name == 'push' }} - - name: Prepare QNX license - env: - SCORE_QNX_LICENSE: ${{ secrets.score-qnx-license }} - run: | - set -euo pipefail - LICENSE_DIR="/opt/score_qnx/license" - sudo mkdir -p "${LICENSE_DIR}" - echo "${SCORE_QNX_LICENSE}" | base64 --decode | sudo tee "${LICENSE_DIR}/licenses" >/dev/null + - name: Setup QNX SDP usage + uses: mtombosch/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec + #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec + with: + qnx-license: ${{ secrets.score-qnx-license }} + qnx-user: ${{ secrets.score-qnx-user }} + qnx-password: ${{ secrets.score-qnx-password }} + qnx-credential-helper: ${{ inputs.credential-helper }} + qnx-license-dir: "/opt/score_qnx/license" - name: Build with QNX toolchain - env: - SCORE_QNX_USER: ${{ secrets.score-qnx-user }} - SCORE_QNX_PASSWORD: ${{ secrets.score-qnx-password }} run: | set -euo pipefail - CRED_HELPER="${{ inputs.credential-helper }}" - if [[ "${CRED_HELPER}" != /* ]]; then - CRED_HELPER="${GITHUB_WORKSPACE}/${CRED_HELPER}" - fi - - if [[ ! -f "${CRED_HELPER}" ]]; then - echo "Credential helper not found at ${CRED_HELPER}" >&2 - exit 1 - fi - - if [[ ! -x "${CRED_HELPER}" ]]; then - chmod +x "${CRED_HELPER}" - fi - - echo "Using credential helper at ${CRED_HELPER}" bazel build --config ${{ inputs.bazel-config }} \ - --credential_helper=*.qnx.com="${CRED_HELPER}" ${{ inputs.extra-bazel-flags }} -- \ + --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-flags }} -- \ ${{ inputs.bazel-target }} - name: Cleanup QNX license if: always() - run: sudo rm -rf /opt/score_qnx + run: sudo rm -rf /opt/score_qnx || true From 40cc84f56eb5d67819301b62d3c1be9f54a4e52d Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Thu, 7 May 2026 13:40:27 +0200 Subject: [PATCH 02/18] Reduce code base due to usage of setup qnx comp action --- .github/workflows/qnx-build.yml | 21 +-------------------- 1 file changed, 1 insertion(+), 20 deletions(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 06f97a3..a18436c 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -122,21 +122,6 @@ jobs: run: | set -euo pipefail - CRED_HELPER="${{ inputs.credential-helper }}" - if [[ "${CRED_HELPER}" != /* ]]; then - CRED_HELPER="${GITHUB_WORKSPACE}/${CRED_HELPER}" - fi - - if [[ ! -f "${CRED_HELPER}" ]]; then - echo "Credential helper not found at ${CRED_HELPER}" >&2 - exit 1 - fi - - if [[ ! -x "${CRED_HELPER}" ]]; then - chmod +x "${CRED_HELPER}" - fi - - echo "Using credential helper at ${CRED_HELPER}" bazel build --config ${{ inputs.bazel-config }} \ --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-flags }} -- \ ${{ inputs.bazel-target }} @@ -156,15 +141,11 @@ jobs: - name: Test with QNX toolchain if: inputs.bazel-test-target != '' - env: - SCORE_QNX_USER: ${{ secrets.score-qnx-user }} - SCORE_QNX_PASSWORD: ${{ secrets.score-qnx-password }} run: | set -euo pipefail - echo "Using credential helper at ${CRED_HELPER}" bazel test --config ${{ inputs.bazel-config }} \ - --credential_helper=*.qnx.com="${CRED_HELPER}" ${{ inputs.extra-bazel-test-flags }} -- \ + --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-test-flags }} -- \ ${{ inputs.bazel-test-target }} - name: Cleanup QNX license From dea9c41e5615f284e46c61ffd83b69e474e87868 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Thu, 7 May 2026 16:07:32 +0200 Subject: [PATCH 03/18] Fix sha of comp action --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index a18436c..e397e01 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -109,7 +109,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec + uses: mtombosch/cicd-actions/.github/actions/setup-qnx-sdp@7088052ee96893c0fec53f46c04cd02089c2ba73 #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From bc14756e4694a09c18c22e9d1451ff28ee718e16 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Thu, 7 May 2026 16:12:37 +0200 Subject: [PATCH 04/18] Fix Path to action.yml --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index e397e01..db68e87 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -109,7 +109,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/.github/actions/setup-qnx-sdp@7088052ee96893c0fec53f46c04cd02089c2ba73 + uses: mtombosch/cicd-actions/.github/setup-qnx-sdp@7088052ee96893c0fec53f46c04cd02089c2ba73 #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From 2c157db4c766fd81b017c2e6acbbab5e8b31b375 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 09:52:08 +0200 Subject: [PATCH 05/18] Support qnx-license-dir input param --- .github/workflows/qnx-build.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index db68e87..c08267b 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -66,6 +66,9 @@ on: score-qnx-password: description: "QNX account password" required: true + score-qnx-license-server: + description: "Address of the QNX license server (e.g. '6287@license-server-hostname'). Configures user.bazelrc with related action env vars." + required: false jobs: approval: @@ -109,10 +112,11 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/.github/setup-qnx-sdp@7088052ee96893c0fec53f46c04cd02089c2ba73 + uses: mtombosch/cicd-actions/.github/setup-qnx-sdp@e5dcf1d58c9f7be6b5783c72226a3c7de96c935c #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} + qnx-license-server: ${{ secrets.score-qnx-license-server }} qnx-user: ${{ secrets.score-qnx-user }} qnx-password: ${{ secrets.score-qnx-password }} qnx-credential-helper: ${{ inputs.credential-helper }} From a6af6fa700ce8fed848cb087ccf51b7b8f6d732b Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 10:10:37 +0200 Subject: [PATCH 06/18] Update setup-qnx-sdp comp action link --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index c08267b..66fd13b 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -112,7 +112,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/.github/setup-qnx-sdp@e5dcf1d58c9f7be6b5783c72226a3c7de96c935c + uses: mtombosch/cicd-actions/.github/setup-qnx-sdp@4093663e9651615dc4be00b653f93b64f3e1fbcb #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From abd64de70e8db4a6dbd12204359f6756f3fcdfad Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 10:17:32 +0200 Subject: [PATCH 07/18] Fix path to comp action --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 66fd13b..6e29c2a 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -112,7 +112,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/.github/setup-qnx-sdp@4093663e9651615dc4be00b653f93b64f3e1fbcb + uses: mtombosch/cicd-actions/setup-qnx-sdp@4093663e9651615dc4be00b653f93b64f3e1fbcb #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From 601bf47e9b8dc90e625a7a7ef5182a6394261c53 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 10:28:28 +0200 Subject: [PATCH 08/18] Update comp action ref --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 6e29c2a..fa24027 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -112,7 +112,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/setup-qnx-sdp@4093663e9651615dc4be00b653f93b64f3e1fbcb + uses: mtombosch/cicd-actions/setup-qnx-sdp@3dcbcaea41c42ddd4e6a3203bbba2c42493e8e71 #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From a302e80128bfe0ea11dc04cd5551a7225b611f4b Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 11:26:03 +0200 Subject: [PATCH 09/18] Make lic server a var and not a secret --- .github/workflows/qnx-build.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index fa24027..71be953 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -56,6 +56,10 @@ on: required: false default: "" type: string + score-qnx-license-server: + description: "Address of the QNX license server (e.g. '6287@license-server-hostname'). Configures user.bazelrc with related action env vars." + required: false + type: string secrets: score-qnx-license: description: "Base64-encoded QNX license content" @@ -66,9 +70,6 @@ on: score-qnx-password: description: "QNX account password" required: true - score-qnx-license-server: - description: "Address of the QNX license server (e.g. '6287@license-server-hostname'). Configures user.bazelrc with related action env vars." - required: false jobs: approval: @@ -116,7 +117,7 @@ jobs: #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} - qnx-license-server: ${{ secrets.score-qnx-license-server }} + qnx-license-server: ${{ inputs.score-qnx-license-server }} qnx-user: ${{ secrets.score-qnx-user }} qnx-password: ${{ secrets.score-qnx-password }} qnx-credential-helper: ${{ inputs.credential-helper }} From 684d7decf1514206713895ccdaa09ae653f16618 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 11:58:12 +0200 Subject: [PATCH 10/18] Update comp action ref --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 71be953..646fb46 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -113,7 +113,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/setup-qnx-sdp@3dcbcaea41c42ddd4e6a3203bbba2c42493e8e71 + uses: mtombosch/cicd-actions/setup-qnx-sdp@dce02854c81befeb333477542927083b308b3f51 #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From 292b550f3d25d08bfbc918bf1ca34e8011e16475 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 12:14:29 +0200 Subject: [PATCH 11/18] Update comp action ref --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 646fb46..50574f5 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -113,7 +113,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/setup-qnx-sdp@dce02854c81befeb333477542927083b308b3f51 + uses: mtombosch/cicd-actions/setup-qnx-sdp@6e6c7eb5973701d665ee395fd57dfeeaae35c4fe #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From d50730e26e34a57ab02b128100ae9b3a40357758 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 13:41:17 +0200 Subject: [PATCH 12/18] Applied yamlfmt formatting to get compatible with precommit check yamlfmt --- .github/workflows/qnx-build.yml | 158 +++++++++++++++++--------------- 1 file changed, 85 insertions(+), 73 deletions(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 50574f5..41a378e 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -17,58 +17,63 @@ on: workflow_call: inputs: bazel-target: - description: "Bazel target to build with the QNX toolchain" + description: Bazel target to build with the QNX toolchain required: false - default: "//..." + default: //... type: string bazel-config: - description: "Bazel configuration to use for QNX builds" + description: Bazel configuration to use for QNX builds required: false - default: "x86_64-qnx" + default: x86_64-qnx type: string credential-helper: - description: "Relative or absolute path to the QNX credential helper script" + description: Relative or absolute path to the QNX credential helper script required: false - default: ".github/tools/qnx_credential_helper.py" + default: .github/tools/qnx_credential_helper.py type: string environment-name: - description: "Environment gating access to QNX secrets" + description: Environment gating access to QNX secrets required: false - default: "workflow-approval" + default: workflow-approval type: string bazel-disk-cache: - description: "Enable Bazel disk cache on GitHub. The value can be a string to use as cache key for separating workflows" + description: Enable Bazel disk cache on GitHub. The value can be a string + to use as cache key for separating workflows required: false - default: "true" + default: 'true' type: string extra-bazel-flags: - description: "Additional Bazel flags to pass to the build command (whitespace separated)" + description: Additional Bazel flags to pass to the build command (whitespace + separated) required: false - default: "" + default: '' type: string bazel-test-target: - description: "Bazel test targets to run with the QNX toolchain (leave empty to skip tests)" + description: Bazel test targets to run with the QNX toolchain (leave empty + to skip tests) required: false - default: "" + default: '' type: string extra-bazel-test-flags: - description: "Additional Bazel flags to pass to the test command (whitespace separated)" + description: Additional Bazel flags to pass to the test command (whitespace + separated) required: false - default: "" + default: '' type: string score-qnx-license-server: - description: "Address of the QNX license server (e.g. '6287@license-server-hostname'). Configures user.bazelrc with related action env vars." + description: Address of the QNX license server (e.g. '6287@license-server-hostname'). + Configures user.bazelrc with related action env vars. required: false type: string secrets: score-qnx-license: - description: "Base64-encoded QNX license content" + description: Base64-encoded QNX license content required: true score-qnx-user: - description: "QNX account username" + description: QNX account username required: true score-qnx-password: - description: "QNX account password" + description: QNX account password required: true jobs: @@ -76,83 +81,90 @@ jobs: # Require approvals for PRs from forks, but not for same-repository PRs, merge queues or push events. # If the job is already in the merge queue, the changes have already been reviewed and approved. # Thus the approval is already implicit by the review approval. - if: github.event_name == 'pull_request_target' && (github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) + if: github.event_name == 'pull_request_target' && (github.event.pull_request.head.repo.full_name + != github.event.pull_request.base.repo.full_name) environment: ${{ inputs.environment-name }} - runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) + || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' + }} permissions: contents: read pull-requests: read steps: - - name: Blocking on approval - run: 'true' + - name: Blocking on approval + run: 'true' qnx-build: name: Build QNX target # always run this job, because the approval is sometimes skipped by intention if: always() needs: approval - runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) + || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' + }} permissions: contents: read pull-requests: read steps: - - name: Checkout repository (Handle all events) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - with: - ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} + - name: Checkout repository (Handle all events) + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + with: + ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref + }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository + }} - - name: Setup Bazel with shared caching - uses: bazel-contrib/setup-bazel@c5acdfb288317d0b5c0bbd7a396a3dc868bb0f86 #v0.19.0 - with: - disk-cache: ${{ inputs.bazel-disk-cache }} - repository-cache: true - bazelisk-cache: true - cache-save: ${{ github.event_name == 'push' }} + - name: Setup Bazel with shared caching + uses: bazel-contrib/setup-bazel@c5acdfb288317d0b5c0bbd7a396a3dc868bb0f86 #v0.19.0 + with: + disk-cache: ${{ inputs.bazel-disk-cache }} + repository-cache: true + bazelisk-cache: true + cache-save: ${{ github.event_name == 'push' }} - - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/setup-qnx-sdp@6e6c7eb5973701d665ee395fd57dfeeaae35c4fe + - name: Setup QNX SDP usage + uses: mtombosch/cicd-actions/setup-qnx-sdp@6e6c7eb5973701d665ee395fd57dfeeaae35c4fe #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec - with: - qnx-license: ${{ secrets.score-qnx-license }} - qnx-license-server: ${{ inputs.score-qnx-license-server }} - qnx-user: ${{ secrets.score-qnx-user }} - qnx-password: ${{ secrets.score-qnx-password }} - qnx-credential-helper: ${{ inputs.credential-helper }} - qnx-license-dir: "/opt/score_qnx/license" + with: + qnx-license: ${{ secrets.score-qnx-license }} + qnx-license-server: ${{ inputs.score-qnx-license-server }} + qnx-user: ${{ secrets.score-qnx-user }} + qnx-password: ${{ secrets.score-qnx-password }} + qnx-credential-helper: ${{ inputs.credential-helper }} + qnx-license-dir: /opt/score_qnx/license - - name: Build with QNX toolchain - run: | - set -euo pipefail + - name: Build with QNX toolchain + run: | + set -euo pipefail - bazel build --config ${{ inputs.bazel-config }} \ - --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-flags }} -- \ - ${{ inputs.bazel-target }} + bazel build --config ${{ inputs.bazel-config }} \ + --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-flags }} -- \ + ${{ inputs.bazel-target }} - - name: Install qemu - if: inputs.bazel-test-target != '' - run: | - sudo apt-get update - sudo apt-get install -y qemu-system + - name: Install qemu + if: inputs.bazel-test-target != '' + run: | + sudo apt-get update + sudo apt-get install -y qemu-system - - name: Enable KVM group permissons - if: inputs.bazel-test-target != '' - run: | - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm + - name: Enable KVM group permissons + if: inputs.bazel-test-target != '' + run: | + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules + sudo udevadm control --reload-rules + sudo udevadm trigger --name-match=kvm - - name: Test with QNX toolchain - if: inputs.bazel-test-target != '' - run: | - set -euo pipefail + - name: Test with QNX toolchain + if: inputs.bazel-test-target != '' + run: | + set -euo pipefail - bazel test --config ${{ inputs.bazel-config }} \ - --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-test-flags }} -- \ - ${{ inputs.bazel-test-target }} + bazel test --config ${{ inputs.bazel-config }} \ + --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-test-flags }} -- \ + ${{ inputs.bazel-test-target }} - - name: Cleanup QNX license - if: always() - run: sudo rm -rf /opt/score_qnx || true + - name: Cleanup QNX license + if: always() + run: sudo rm -rf /opt/score_qnx || true From b604d47a83c83c2ff8d6400d189376a26b2b3058 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 13:49:06 +0200 Subject: [PATCH 13/18] Improved license cleanup logic --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 41a378e..9162104 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -167,4 +167,4 @@ jobs: - name: Cleanup QNX license if: always() - run: sudo rm -rf /opt/score_qnx || true + run: rm -rf /opt/score_qnx/license || sudo rm -rf /opt/score_qnx/license || true From 676041db36728399e8028d97b9f535ed17d204d9 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 13:53:20 +0200 Subject: [PATCH 14/18] Update action ref --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 9162104..d9b055f 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -125,7 +125,7 @@ jobs: - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/setup-qnx-sdp@6e6c7eb5973701d665ee395fd57dfeeaae35c4fe + uses: mtombosch/cicd-actions/setup-qnx-sdp@82d7064f8995defd467216e4ae8f28c6c578f577 #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From 72abc4d357a13f2dcd1f2d9d94863b6b22e66b45 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 13:57:11 +0200 Subject: [PATCH 15/18] Fail workflow if license cannot be cleaned up --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index d9b055f..bf48022 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -167,4 +167,4 @@ jobs: - name: Cleanup QNX license if: always() - run: rm -rf /opt/score_qnx/license || sudo rm -rf /opt/score_qnx/license || true + run: rm -rf /opt/score_qnx/license || sudo rm -rf /opt/score_qnx/license From 6c1bddeb5007a37ae213143ad95a339aad36c39c Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 14:05:05 +0200 Subject: [PATCH 16/18] Applied pre-commit hook --- .github/workflows/qnx-build.yml | 129 ++++++++++++++------------------ 1 file changed, 58 insertions(+), 71 deletions(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index bf48022..21c0edf 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -37,32 +37,27 @@ on: default: workflow-approval type: string bazel-disk-cache: - description: Enable Bazel disk cache on GitHub. The value can be a string - to use as cache key for separating workflows + description: Enable Bazel disk cache on GitHub. The value can be a string to use as cache key for separating workflows required: false default: 'true' type: string extra-bazel-flags: - description: Additional Bazel flags to pass to the build command (whitespace - separated) + description: Additional Bazel flags to pass to the build command (whitespace separated) required: false default: '' type: string bazel-test-target: - description: Bazel test targets to run with the QNX toolchain (leave empty - to skip tests) + description: Bazel test targets to run with the QNX toolchain (leave empty to skip tests) required: false default: '' type: string extra-bazel-test-flags: - description: Additional Bazel flags to pass to the test command (whitespace - separated) + description: Additional Bazel flags to pass to the test command (whitespace separated) required: false default: '' type: string score-qnx-license-server: - description: Address of the QNX license server (e.g. '6287@license-server-hostname'). - Configures user.bazelrc with related action env vars. + description: Address of the QNX license server (e.g. '6287@license-server-hostname'). Configures user.bazelrc with related action env vars. required: false type: string secrets: @@ -81,90 +76,82 @@ jobs: # Require approvals for PRs from forks, but not for same-repository PRs, merge queues or push events. # If the job is already in the merge queue, the changes have already been reviewed and approved. # Thus the approval is already implicit by the review approval. - if: github.event_name == 'pull_request_target' && (github.event.pull_request.head.repo.full_name - != github.event.pull_request.base.repo.full_name) + if: github.event_name == 'pull_request_target' && (github.event.pull_request.head.repo.full_name != github.event.pull_request.base.repo.full_name) environment: ${{ inputs.environment-name }} - runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) - || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' - }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: contents: read pull-requests: read steps: - - name: Blocking on approval - run: 'true' + - name: Blocking on approval + run: 'true' qnx-build: name: Build QNX target # always run this job, because the approval is sometimes skipped by intention if: always() needs: approval - runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) - || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' - }} + runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: contents: read pull-requests: read steps: - - name: Checkout repository (Handle all events) - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 - with: - ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref - }} - repository: ${{ github.event.pull_request.head.repo.full_name || github.repository - }} + - name: Checkout repository (Handle all events) + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #v6.0.2 + with: + ref: ${{ github.head_ref || github.event.pull_request.head.ref || github.ref }} + repository: ${{ github.event.pull_request.head.repo.full_name || github.repository }} - - name: Setup Bazel with shared caching - uses: bazel-contrib/setup-bazel@c5acdfb288317d0b5c0bbd7a396a3dc868bb0f86 #v0.19.0 - with: - disk-cache: ${{ inputs.bazel-disk-cache }} - repository-cache: true - bazelisk-cache: true - cache-save: ${{ github.event_name == 'push' }} + - name: Setup Bazel with shared caching + uses: bazel-contrib/setup-bazel@c5acdfb288317d0b5c0bbd7a396a3dc868bb0f86 #v0.19.0 + with: + disk-cache: ${{ inputs.bazel-disk-cache }} + repository-cache: true + bazelisk-cache: true + cache-save: ${{ github.event_name == 'push' }} - - - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/setup-qnx-sdp@82d7064f8995defd467216e4ae8f28c6c578f577 + - name: Setup QNX SDP usage + uses: mtombosch/cicd-actions/setup-qnx-sdp@82d7064f8995defd467216e4ae8f28c6c578f577 #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec - with: - qnx-license: ${{ secrets.score-qnx-license }} - qnx-license-server: ${{ inputs.score-qnx-license-server }} - qnx-user: ${{ secrets.score-qnx-user }} - qnx-password: ${{ secrets.score-qnx-password }} - qnx-credential-helper: ${{ inputs.credential-helper }} - qnx-license-dir: /opt/score_qnx/license + with: + qnx-license: ${{ secrets.score-qnx-license }} + qnx-license-server: ${{ inputs.score-qnx-license-server }} + qnx-user: ${{ secrets.score-qnx-user }} + qnx-password: ${{ secrets.score-qnx-password }} + qnx-credential-helper: ${{ inputs.credential-helper }} + qnx-license-dir: /opt/score_qnx/license - - name: Build with QNX toolchain - run: | - set -euo pipefail + - name: Build with QNX toolchain + run: | + set -euo pipefail - bazel build --config ${{ inputs.bazel-config }} \ - --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-flags }} -- \ - ${{ inputs.bazel-target }} + bazel build --config ${{ inputs.bazel-config }} \ + --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-flags }} -- \ + ${{ inputs.bazel-target }} - - name: Install qemu - if: inputs.bazel-test-target != '' - run: | - sudo apt-get update - sudo apt-get install -y qemu-system + - name: Install qemu + if: inputs.bazel-test-target != '' + run: | + sudo apt-get update + sudo apt-get install -y qemu-system - - name: Enable KVM group permissons - if: inputs.bazel-test-target != '' - run: | - echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules - sudo udevadm control --reload-rules - sudo udevadm trigger --name-match=kvm + - name: Enable KVM group permissons + if: inputs.bazel-test-target != '' + run: | + echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules + sudo udevadm control --reload-rules + sudo udevadm trigger --name-match=kvm - - name: Test with QNX toolchain - if: inputs.bazel-test-target != '' - run: | - set -euo pipefail + - name: Test with QNX toolchain + if: inputs.bazel-test-target != '' + run: | + set -euo pipefail - bazel test --config ${{ inputs.bazel-config }} \ - --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-test-flags }} -- \ - ${{ inputs.bazel-test-target }} + bazel test --config ${{ inputs.bazel-config }} \ + --credential_helper=*.qnx.com="${QNX_CREDENTIAL_HELPER}" ${{ inputs.extra-bazel-test-flags }} -- \ + ${{ inputs.bazel-test-target }} - - name: Cleanup QNX license - if: always() - run: rm -rf /opt/score_qnx/license || sudo rm -rf /opt/score_qnx/license + - name: Cleanup QNX license + if: always() + run: rm -rf /opt/score_qnx/license || sudo rm -rf /opt/score_qnx/license From ab0e3119ecb86e685dd16305d1285c34f0cc5b00 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 14:07:13 +0200 Subject: [PATCH 17/18] Update action ref --- .github/workflows/qnx-build.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 21c0edf..3aae365 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -112,7 +112,7 @@ jobs: cache-save: ${{ github.event_name == 'push' }} - name: Setup QNX SDP usage - uses: mtombosch/cicd-actions/setup-qnx-sdp@82d7064f8995defd467216e4ae8f28c6c578f577 + uses: mtombosch/cicd-actions/setup-qnx-sdp@cc100f511b6144ab04ddc3c09750094f8cc7e561 #uses: eclipse-score/cicd-actions/.github/actions/setup-qnx-sdp@ceeecb09fef61202ea2bf5d93fa6160668525bec with: qnx-license: ${{ secrets.score-qnx-license }} From 6fe99fcc8639b6d12e1a0a6205d9cd45be3ac834 Mon Sep 17 00:00:00 2001 From: Tomljenovic Marko Date: Fri, 8 May 2026 14:58:42 +0200 Subject: [PATCH 18/18] Better "always" handling --- .github/workflows/qnx-build.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/qnx-build.yml b/.github/workflows/qnx-build.yml index 3aae365..bb584c1 100644 --- a/.github/workflows/qnx-build.yml +++ b/.github/workflows/qnx-build.yml @@ -88,8 +88,9 @@ jobs: qnx-build: name: Build QNX target - # always run this job, because the approval is sometimes skipped by intention - if: always() + # run this job always unless the workflow was canceled; approval may still be skipped by intention + # Do not use always(), see https://docs.github.com/en/actions/reference/workflows-and-actions/expressions#always + if: ${{ !cancelled() }} needs: approval runs-on: ${{ vars.runner_labels_ghub_standard_x64 && fromJSON(vars.runner_labels_ghub_standard_x64) || vars.REPO_RUNNER_LABELS && fromJSON(vars.REPO_RUNNER_LABELS) || 'ubuntu-latest' }} permissions: