openssl-release #1040
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Nanvix CI | |
| on: | |
| schedule: | |
| - cron: "0 0 * * *" | |
| push: | |
| branches: | |
| - nanvix/** | |
| pull_request: | |
| branches: | |
| - nanvix/** | |
| workflow_dispatch: | |
| repository_dispatch: | |
| types: [sqlite-release, openssl-release, bzip2-release, libffi-release] | |
| permissions: | |
| contents: write | |
| actions: write | |
| issues: write | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name || github.ref || 'default' }} | |
| cancel-in-progress: ${{ github.event_name == 'repository_dispatch' }} | |
| jobs: | |
| get-nanvix-info: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| sha: ${{ steps.extract.outputs.sha }} | |
| sha_full: ${{ steps.extract.outputs.sha_full }} | |
| steps: | |
| - name: Download Nanvix Release Artifacts | |
| id: extract | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| # Download all Nanvix release artifacts (authenticated to avoid API rate limits) | |
| curl -fsSL https://raw.githubusercontent.com/nanvix/nanvix/refs/heads/dev/scripts/get-nanvix.sh | bash -s -- --force nanvix-artifacts | |
| # Find any artifact to extract the SHA | |
| ARTIFACT_FILE=$(find nanvix-artifacts -maxdepth 1 -type f -name "*.tar.bz2" | head -1) | |
| if [[ -z "$ARTIFACT_FILE" ]]; then | |
| echo "::error::No Nanvix artifact found" | |
| exit 1 | |
| fi | |
| # Extract Nanvix commit SHA from artifact filename | |
| NANVIX_SHA_FULL=$(basename "$ARTIFACT_FILE" | sed -E 's/.*-([a-f0-9]{40})\.tar\.bz2$/\1/') | |
| NANVIX_SHA="${NANVIX_SHA_FULL::7}" | |
| echo "Nanvix commit SHA: $NANVIX_SHA_FULL (short: $NANVIX_SHA)" | |
| echo "sha=$NANVIX_SHA" >> "$GITHUB_OUTPUT" | |
| echo "sha_full=$NANVIX_SHA_FULL" >> "$GITHUB_OUTPUT" | |
| build-and-test: | |
| needs: get-nanvix-info | |
| runs-on: ubuntu-latest | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - platform: hyperlight | |
| process-mode: multi-process | |
| memory: 128mb | |
| - platform: hyperlight | |
| process-mode: single-process | |
| memory: 128mb | |
| - platform: microvm | |
| process-mode: single-process | |
| memory: 128mb | |
| - platform: microvm | |
| process-mode: multi-process | |
| memory: 128mb | |
| - platform: microvm | |
| process-mode: standalone | |
| memory: 128mb | |
| name: ${{ matrix.platform }}-${{ matrix.process-mode }}-${{ matrix.memory }} | |
| container: | |
| image: nanvix/toolchain:latest-minimal | |
| options: --device /dev/kvm | |
| defaults: | |
| run: | |
| shell: bash | |
| env: | |
| NANVIX_TOOLCHAIN: /opt/nanvix | |
| NANVIX_PLATFORM: ${{ matrix.platform }} | |
| NANVIX_PROCESS_MODE: ${{ matrix.process-mode }} | |
| NANVIX_MEMORY_SIZE: ${{ matrix.memory }} | |
| USER: runner | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Prepare Setup.local for L2 | |
| run: | | |
| if [[ -f Modules/Setup.local ]]; then | |
| grep -v '_regex\|_cffi_backend\|NANVIX_SYSROOT.*/lib/numpy/\|NANVIX_SYSROOT.*/lib/cext/' \ | |
| Modules/Setup.local > Modules/Setup.local.l2 || true | |
| mv Modules/Setup.local.l2 Modules/Setup.local | |
| fi | |
| - name: Setup | |
| run: | | |
| curl -fsSL https://bootstrap.pypa.io/get-pip.py | python3 - --break-system-packages | |
| ./z setup | |
| - name: Build | |
| run: ./z build | |
| - name: Test | |
| if: matrix.process-mode != 'standalone' | |
| run: ./z test | |
| - name: Package | |
| run: | | |
| set -euo pipefail | |
| ./z release | |
| ARTIFACT_NAME="cpython-${{ matrix.platform }}-${{ matrix.process-mode }}-${{ matrix.memory }}" | |
| echo "ARTIFACT_TARBALL=dist/${ARTIFACT_NAME}.tar.bz2" >> "$GITHUB_ENV" | |
| - name: Upload Artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cpython-${{ matrix.platform }}-${{ matrix.process-mode }}-${{ matrix.memory }} | |
| path: ${{ env.ARTIFACT_TARBALL }} | |
| retention-days: 7 | |
| release: | |
| needs: [get-nanvix-info, build-and-test] | |
| if: github.event_name != 'pull_request' | |
| runs-on: ubuntu-latest | |
| env: | |
| NANVIX_SHA: ${{ needs.get-nanvix-info.outputs.sha }} | |
| NANVIX_SHA_FULL: ${{ needs.get-nanvix-info.outputs.sha_full }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Download All Artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| path: release-artifacts | |
| pattern: cpython-* | |
| - name: Prepare Release Assets | |
| run: | | |
| set -euo pipefail | |
| mkdir -p release-assets | |
| find release-artifacts -name "*.tar.bz2" -exec cp {} release-assets/ \; | |
| ls -la release-assets/ | |
| - name: Get Release Metadata | |
| id: meta | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| run: | | |
| set -euo pipefail | |
| for repo in zlib sqlite openssl bzip2 libffi; do | |
| tag=$(curl -fsSL -H "Authorization: Bearer ${GH_TOKEN}" \ | |
| "https://api.github.com/repos/nanvix/${repo}/releases/latest" | jq -r '.tag_name // "latest"') | |
| echo "${repo}_tag=${tag}" >> "$GITHUB_OUTPUT" | |
| done | |
| RELEASE_INFO=$(curl -fsSL -H "Authorization: Bearer ${GH_TOKEN}" \ | |
| "https://api.github.com/repos/nanvix/nanvix/releases/tags/latest") | |
| echo "nanvix_name=$(echo "$RELEASE_INFO" | jq -r '.name // "latest"')" >> "$GITHUB_OUTPUT" | |
| echo "nanvix_published=$(echo "$RELEASE_INFO" | jq -r '.published_at')" >> "$GITHUB_OUTPUT" | |
| - name: Create Release | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| NANVIX_NAME: ${{ steps.meta.outputs.nanvix_name }} | |
| NANVIX_PUBLISHED: ${{ steps.meta.outputs.nanvix_published }} | |
| ZLIB_TAG: ${{ steps.meta.outputs.zlib_tag }} | |
| SQLITE_TAG: ${{ steps.meta.outputs.sqlite_tag }} | |
| OPENSSL_TAG: ${{ steps.meta.outputs.openssl_tag }} | |
| BZIP2_TAG: ${{ steps.meta.outputs.bzip2_tag }} | |
| LIBFFI_TAG: ${{ steps.meta.outputs.libffi_tag }} | |
| run: | | |
| RELEASE_TAG="${GITHUB_SHA::7}-nanvix-${NANVIX_SHA}" | |
| if gh release view "$RELEASE_TAG" &>/dev/null; then | |
| gh release delete "$RELEASE_TAG" --yes --cleanup-tag || true | |
| fi | |
| gh release create "$RELEASE_TAG" \ | |
| --title "Build ${GITHUB_SHA::7}" \ | |
| --notes "Automated build from branch ${{ github.ref_name }} at commit ${{ github.sha }}. | |
| **Build Information:** | |
| - Workflow Run: [#${{ github.run_number }}](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| - Commit: [${{ github.sha }}](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }}) | |
| - Date: $(date -u +"%Y-%m-%d %H:%M:%S UTC") | |
| **Nanvix Release:** | |
| - Name: ${NANVIX_NAME} | |
| - Published: ${NANVIX_PUBLISHED} | |
| - Commit: [${NANVIX_SHA_FULL}](https://github.com/nanvix/nanvix/commit/${NANVIX_SHA_FULL}) | |
| **Build Dependencies (statically linked, not needed at runtime):** | |
| | Dependency | Version | Source | | |
| |---|---|---| | |
| | zlib | \`${ZLIB_TAG}\` | [release](https://github.com/nanvix/zlib/releases/tag/${ZLIB_TAG}) | | |
| | sqlite | \`${SQLITE_TAG}\` | [release](https://github.com/nanvix/sqlite/releases/tag/${SQLITE_TAG}) | | |
| | openssl | \`${OPENSSL_TAG}\` | [release](https://github.com/nanvix/openssl/releases/tag/${OPENSSL_TAG}) | | |
| | bzip2 | \`${BZIP2_TAG}\` | [release](https://github.com/nanvix/bzip2/releases/tag/${BZIP2_TAG}) | | |
| | libffi | \`${LIBFFI_TAG}\` | [release](https://github.com/nanvix/libffi/releases/tag/${LIBFFI_TAG}) | | |
| **Quick Start (only Nanvix runtime required):** | |
| \`\`\`bash | |
| # Pick your platform and process mode | |
| PLATFORM=hyperlight # or microvm | |
| MODE=multi-process # or single-process | |
| MEMORY=128mb | |
| # 1. Download & extract Nanvix runtime | |
| mkdir -p sysroot | |
| curl -fsSL https://raw.githubusercontent.com/nanvix/nanvix/refs/heads/dev/scripts/get-nanvix.sh | bash -s -- nanvix-artifacts | |
| tar -xjf nanvix-artifacts/nanvix-\${PLATFORM}-\${MODE}-\${MEMORY}-*.tar.bz2 -C sysroot | |
| # 2. Download & overlay CPython release | |
| curl -fsSL -o cpython.tar.bz2 <this-release-cpython-PLATFORM-MODE-MEMORY.tar.bz2-url> | |
| tar -xjf cpython.tar.bz2 | |
| # 3. Run | |
| echo 'import sys; print(\"Hello from Nanvix CPython!\", sys.version)' > sysroot/hello.py | |
| cd sysroot && ./bin/nanvixd.elf -- ./bin/python3.12 ./hello.py | |
| \`\`\`" \ | |
| --latest \ | |
| release-assets/*.tar.bz2 | |
| - name: Trigger Dependent Workflows | |
| if: success() | |
| env: | |
| GH_TOKEN: ${{ secrets.DISPATCH_TOKEN }} | |
| run: | | |
| RELEASE_TAG="${GITHUB_SHA::7}-nanvix-${NANVIX_SHA}" | |
| for repo in cymem murmurhash preshed srsly kiwi numpy nanvix-python; do | |
| echo "Dispatching nanvix/$repo..." | |
| gh api repos/nanvix/$repo/dispatches \ | |
| -X POST \ | |
| -H "Accept: application/vnd.github+json" \ | |
| -f event_type="cpython-release" \ | |
| -f "client_payload[nanvix_sha]=${NANVIX_SHA}" \ | |
| -f "client_payload[cpython_tag]=${RELEASE_TAG}" || echo "::warning::Failed to dispatch $repo" | |
| done | |
| report-failure: | |
| needs: [build-and-test] | |
| if: >- | |
| ${{ always() && | |
| (github.event_name == 'repository_dispatch' || github.event_name == 'schedule' || github.event_name == 'push') && | |
| needs.build-and-test.result == 'failure' }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Create failure issue | |
| uses: actions/github-script@v7 | |
| env: | |
| BUILD_RESULT: ${{ needs.build-and-test.result }} | |
| with: | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| script: | | |
| const runUrl = `${context.serverUrl}/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`; | |
| const title = `CI failure (run ${context.runNumber})`; | |
| const body = [ | |
| `The cpython CI workflow failed.`, | |
| `- Trigger: ${context.eventName}`, | |
| `- Run: [#${context.runNumber}](${runUrl})`, | |
| `- SHA: ${context.sha}`, | |
| `- build-and-test: ${process.env.BUILD_RESULT}`, | |
| '', | |
| 'Please investigate and take any corrective actions.' | |
| ].join('\n'); | |
| await github.rest.issues.create({ | |
| owner: context.repo.owner, | |
| repo: context.repo.repo, | |
| title, | |
| body, | |
| assignees: ['ppenna'] | |
| }); |