diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index b8736d5..1df6944 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,44 +1,8 @@ -# This file was autogenerated by dist: https://opensource.axo.dev/cargo-dist/ -# -# Copyright 2022-2024, axodotdev -# SPDX-License-Identifier: MIT or Apache-2.0 -# -# CI that: -# -# * checks for a Git Tag that looks like a release -# * builds artifacts with dist (archives, installers, hashes) -# * uploads those artifacts to temporary workflow zip -# * on success, uploads the artifacts to a GitHub Release -# -# Note that the GitHub Release will be created with a generated -# title/body based on your changelogs. - name: Release permissions: - "contents": "write" - "packages": "write" + contents: write + packages: write -# This task will run whenever you push a git tag that looks like a version -# like "1.0.0", "v0.1.0-prerelease.1", "my-app/0.1.0", "releases/v1.0.0", etc. -# Various formats will be parsed into a VERSION and an optional PACKAGE_NAME, where -# PACKAGE_NAME must be the name of a Cargo package in your workspace, and VERSION -# must be a Cargo-style SemVer Version (must have at least major.minor.patch). -# -# If PACKAGE_NAME is specified, then the announcement will be for that -# package (erroring out if it doesn't have the given version or isn't dist-able). -# -# If PACKAGE_NAME isn't specified, then the announcement will be for all -# (dist-able) packages in the workspace with that version (this mode is -# intended for workspaces with only one dist-able package, or with all dist-able -# packages versioned/released in lockstep). -# -# If you push multiple tags at once, separate instances of this workflow will -# spin up, creating an independent announcement for each one. However, GitHub -# will hard limit this to 3 tags per commit, as it will assume more tags is a -# mistake. -# -# If there's a prerelease-style suffix to the version, then the release(s) -# will be marked as a prerelease. on: pull_request: push: @@ -46,9 +10,8 @@ on: - '**[0-9]+.[0-9]+.[0-9]+*' jobs: - # Run 'dist plan' (or host) to determine what tasks we need to do plan: - runs-on: "ubuntu-22.04" + runs-on: ubuntu-22.04 outputs: val: ${{ steps.plan.outputs.manifest }} tag: ${{ !github.event.pull_request && github.ref_name || '' }} @@ -60,52 +23,36 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive + - name: Install dist - # we specify bash to get pipefail; it guards against the `curl` command - # failing. otherwise `sh` won't catch that `curl` returned non-0 shell: bash - run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.28.0/cargo-dist-installer.sh | sh" + run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.30.0/cargo-dist-installer.sh | sh" + - name: Cache dist uses: actions/upload-artifact@v4 with: name: cargo-dist-cache path: ~/.cargo/bin/dist - # sure would be cool if github gave us proper conditionals... - # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible - # functionality based on whether this is a pull_request, and whether it's from a fork. - # (PRs run on the *source* but secrets are usually on the *target* -- that's *good* - # but also really annoying to build CI around when it needs secrets to work right.) + - id: plan run: | dist ${{ (!github.event.pull_request && format('host --steps=create --tag={0}', github.ref_name)) || 'plan' }} --output-format=json > plan-dist-manifest.json echo "dist ran successfully" cat plan-dist-manifest.json - echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" - - name: "Upload dist-manifest.json" + echo "manifest=$(jq -c . plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" + + - name: Upload dist-manifest.json uses: actions/upload-artifact@v4 with: name: artifacts-plan-dist-manifest path: plan-dist-manifest.json - # Build and packages all the platform-specific things build-local-artifacts: name: build-local-artifacts (${{ join(matrix.targets, ', ') }}) - # Let the initial task tell us to not run (currently very blunt) - needs: - - plan + needs: [plan] if: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix.include != null && (needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload') }} strategy: fail-fast: false - # Target platforms/runners are computed by dist in create-release. - # Each member of the matrix has the following arguments: - # - # - runner: the github runner - # - dist-args: cli flags to pass to dist - # - install-dist: expression to run to install dist on the runner - # - # Typically there will be: - # - 1 "global" task that builds universal installers - # - N "local" tasks that build each platform's binaries and platform-specific installers matrix: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix }} runs-on: ${{ matrix.runner }} container: ${{ matrix.container && matrix.container.image || null }} @@ -114,11 +61,12 @@ jobs: BUILD_MANIFEST_NAME: target/distrib/${{ join(matrix.targets, '-') }}-dist-manifest.json steps: - name: enable windows longpaths - run: | - git config --global core.longpaths true + run: git config --global core.longpaths true + - uses: actions/checkout@v4 with: submodules: recursive + - name: Install Rust non-interactively if not already installed if: ${{ matrix.container }} run: | @@ -126,37 +74,103 @@ jobs: curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y echo "$HOME/.cargo/bin" >> $GITHUB_PATH fi + - name: Install dist run: ${{ matrix.install_dist.run }} - # Get the dist-manifest + - name: Fetch local artifacts uses: actions/download-artifact@v4 with: pattern: artifacts-* path: target/distrib/ merge-multiple: true + + # ===== BEGIN: Injected ORT staging for cargo-dist bundling ===== + - run: echo "=== BUILD-SETUP START ===" + + # Unix shells + - name: Prepare lib dir (Unix) + if: runner.os != 'Windows' + shell: bash + run: | + mkdir -p lib + rm -f lib/* + + # Windows PowerShell + - name: Prepare lib dir (Windows) + if: runner.os == 'Windows' + shell: pwsh + run: | + New-Item -ItemType Directory -Force -Path lib | Out-Null + # remove contents if any + Get-ChildItem -Path lib -Force | Remove-Item -Force -Recurse -ErrorAction SilentlyContinue + + - name: Fetch ONNX Runtime (Linux) + if: runner.os == 'Linux' + env: + ORT_VER: 1.22.0 + run: | + set -euo pipefail + ARCH="$(uname -m)" + case "$ARCH" in + x86_64) URL="https://github.com/microsoft/onnxruntime/releases/download/v${ORT_VER}/onnxruntime-linux-x64-${ORT_VER}.tgz" ;; + aarch64) URL="https://github.com/microsoft/onnxruntime/releases/download/v${ORT_VER}/onnxruntime-linux-aarch64-${ORT_VER}.tgz" ;; + *) echo "Unsupported arch $ARCH"; exit 1 ;; + esac + curl -fsSL -o ort.tgz "$URL" + tar -xzf ort.tgz + cp -v onnxruntime-*/lib/libonnxruntime.so* lib/ + # normalize to stable name if needed + [ -f lib/libonnxruntime.so ] || cp -v lib/libonnxruntime.so.* lib/libonnxruntime.so + + - name: Fetch ONNX Runtime (macOS) + if: runner.os == 'macOS' + env: + ORT_VER: 1.22.0 + run: | + set -euo pipefail + curl -fsSL -o ort.tgz "https://github.com/microsoft/onnxruntime/releases/download/v${ORT_VER}/onnxruntime-osx-universal2-${ORT_VER}.tgz" + tar -xzf ort.tgz + cp -v onnxruntime-*/lib/libonnxruntime*.dylib lib/ + [ -f lib/libonnxruntime.dylib ] || cp -v lib/libonnxruntime*.dylib lib/libonnxruntime.dylib + + - name: Fetch ONNX Runtime (Windows) + if: runner.os == 'Windows' + shell: pwsh + env: + ORT_VER: 1.22.0 + run: | + $url = "https://github.com/microsoft/onnxruntime/releases/download/v$env:ORT_VER/onnxruntime-win-x64-$env:ORT_VER.zip" + Invoke-WebRequest $url -OutFile ort.zip + Expand-Archive ort.zip -DestinationPath ort + $dll = Get-ChildItem -Recurse -Path ort -Filter onnxruntime.dll | Select-Object -First 1 + Copy-Item $dll.FullName lib\onnxruntime.dll + + - run: | + echo "=== BUILD-SETUP END ===" + echo "lib/ contents:" + ls -l lib || dir lib + # ===== END: Injected ORT staging ===== + - name: Install dependencies run: | ${{ matrix.packages_install }} + - name: Build artifacts run: | - # Actually do builds and make zips and whatnot dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json echo "dist ran successfully" + - id: cargo-dist name: Post-build - # We force bash here just because github makes it really hard to get values up - # to "real" actions without writing to env-vars, and writing to env-vars has - # inconsistent syntax between shell and powershell. shell: bash run: | - # Parse out what we just built and upload it to scratch storage echo "paths<> "$GITHUB_OUTPUT" dist print-upload-files-from-manifest --manifest dist-manifest.json >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" - cp dist-manifest.json "$BUILD_MANIFEST_NAME" - - name: "Upload artifacts" + + - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: artifacts-build-local-${{ join(matrix.targets, '_') }} @@ -167,16 +181,16 @@ jobs: build_and_push_docker_image: name: Build and Push Docker Image runs-on: ubuntu-latest - needs: [plan] - if: ${{ needs.plan.outputs.publishing == 'true' }} + needs: [plan] + if: ${{ needs.plan.outputs.publishing == 'true' }} permissions: - contents: read # Permission to checkout the repository - packages: write # Permission to push Docker image to GHCR + contents: read + packages: write steps: - name: Checkout repository uses: actions/checkout@v4 with: - submodules: recursive # Matches your other checkout steps + submodules: recursive - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 @@ -185,33 +199,28 @@ jobs: uses: docker/login-action@v3 with: registry: ghcr.io - username: ${{ github.actor }} # User triggering the workflow + username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract Docker metadata id: meta uses: docker/metadata-action@v5 with: - images: ghcr.io/${{ github.repository }} - # This action automatically uses the Git tag as the Docker image tag. - # For example, a Git tag 'v1.2.3' will result in Docker tag 'ghcr.io/owner/repo:v1.2.3'. + images: ghcr.io/${{ github.repository }} - name: Build and push Docker image uses: docker/build-push-action@v5 with: - context: . + context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} - cache-from: type=gha # Enable Docker layer caching from GitHub Actions cache - cache-to: type=gha,mode=max # Enable Docker layer caching to GitHub Actions cache + cache-from: type=gha + cache-to: type=gha,mode=max - # Build and package all the platform-agnostic(ish) things build-global-artifacts: - needs: - - plan - - build-local-artifacts - runs-on: "ubuntu-22.04" + needs: [plan, build-local-artifacts] + runs-on: ubuntu-22.04 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} BUILD_MANIFEST_NAME: target/distrib/global-dist-manifest.json @@ -219,92 +228,90 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive + - name: Install cached dist uses: actions/download-artifact@v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - run: chmod +x ~/.cargo/bin/dist - # Get all the local artifacts for the global tasks to use (for e.g. checksums) + - name: Fetch local artifacts uses: actions/download-artifact@v4 with: pattern: artifacts-* path: target/distrib/ merge-multiple: true + - id: cargo-dist shell: bash run: | dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json echo "dist ran successfully" - - # Parse out what we just built and upload it to scratch storage echo "paths<> "$GITHUB_OUTPUT" jq --raw-output ".upload_files[]" dist-manifest.json >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" - cp dist-manifest.json "$BUILD_MANIFEST_NAME" - - name: "Upload artifacts" + + - name: Upload artifacts uses: actions/upload-artifact@v4 with: name: artifacts-build-global path: | ${{ steps.cargo-dist.outputs.paths }} ${{ env.BUILD_MANIFEST_NAME }} - # Determines if we should publish/announce + host: - needs: - - plan - - build-local-artifacts - - build-global-artifacts - # Only run if we're "publishing", and only if local and global didn't fail (skipped is fine) + needs: [plan, build-local-artifacts, build-global-artifacts] if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.build-local-artifacts.result == 'skipped' || needs.build-local-artifacts.result == 'success') }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} - runs-on: "ubuntu-22.04" + runs-on: ubuntu-22.04 outputs: val: ${{ steps.host.outputs.manifest }} steps: - uses: actions/checkout@v4 with: submodules: recursive + - name: Install cached dist uses: actions/download-artifact@v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - run: chmod +x ~/.cargo/bin/dist - # Fetch artifacts from scratch-storage + - name: Fetch artifacts uses: actions/download-artifact@v4 with: pattern: artifacts-* path: target/distrib/ merge-multiple: true + - id: host shell: bash run: | dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json echo "artifacts uploaded and released successfully" cat dist-manifest.json - echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT" - - name: "Upload dist-manifest.json" + echo "manifest=$(jq -c . dist-manifest.json)" >> "$GITHUB_OUTPUT" + + - name: Upload dist-manifest.json uses: actions/upload-artifact@v4 with: - # Overwrite the previous copy name: artifacts-dist-manifest path: dist-manifest.json - # Create a GitHub Release while uploading all files to it - - name: "Download GitHub Artifacts" + + - name: Download GitHub Artifacts uses: actions/download-artifact@v4 with: pattern: artifacts-* path: artifacts merge-multiple: true + - name: Cleanup - run: | - # Remove the granular manifests - rm -f artifacts/*-dist-manifest.json + run: rm -f artifacts/*-dist-manifest.json + - name: Create GitHub Release env: PRERELEASE_FLAG: "${{ fromJson(steps.host.outputs.manifest).announcement_is_prerelease && '--prerelease' || '' }}" @@ -312,20 +319,13 @@ jobs: ANNOUNCEMENT_BODY: "${{ fromJson(steps.host.outputs.manifest).announcement_github_body }}" RELEASE_COMMIT: "${{ github.sha }}" run: | - # Write and read notes from a file to avoid quoting breaking things echo "$ANNOUNCEMENT_BODY" > $RUNNER_TEMP/notes.txt - gh release create "${{ needs.plan.outputs.tag }}" --target "$RELEASE_COMMIT" $PRERELEASE_FLAG --title "$ANNOUNCEMENT_TITLE" --notes-file "$RUNNER_TEMP/notes.txt" artifacts/* announce: - needs: - - plan - - host - # use "always() && ..." to allow us to wait for all publish jobs while - # still allowing individual publish jobs to skip themselves (for prereleases). - # "host" however must run to completion, no skipping allowed! + needs: [plan, host] if: ${{ always() && needs.host.result == 'success' }} - runs-on: "ubuntu-22.04" + runs-on: ubuntu-22.04 env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: diff --git a/dist-workspace.toml b/dist-workspace.toml index 106b44f..ab9bb09 100644 --- a/dist-workspace.toml +++ b/dist-workspace.toml @@ -8,8 +8,7 @@ cargo-dist-version = "0.30.0" # CI backends to support ci = "github" # Extra static files to include in each App (path relative to this Cargo.toml's dir) -include = [] -github-build-setup = "../build-setup.yml" +include = ["lib"] # The installers to generate for each app installers = [] # Target platforms to build apps for (Rust target-triple syntax)