From 37aeab10b1408f7486c63583797656440312da38 Mon Sep 17 00:00:00 2001 From: Georg Semmler Date: Fri, 31 Jan 2025 10:52:15 +0100 Subject: [PATCH] Improve CI setup This commit tweaks our CI build matrix to: * Include linux-arm builders * Now exclude builds for rust beta and nightly for anything but the x86 linux build This extends our test matrix, while at the same time it minimizes the number of jobs run. We don't have any os specific code beside linking the libraries and that should be tested well by the stable job. So there is no need to run all rust versions for all platforms. --- .github/workflows/ci.yml | 41 +++++++++++++----- .github/workflows/release.yml | 79 +++++++++++++++++++++++------------ Cargo.toml | 23 ---------- dist-workspace.toml | 35 ++++++++++++++++ 4 files changed, 118 insertions(+), 60 deletions(-) create mode 100644 dist-workspace.toml diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d48622207c20..48c1b0302d06 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -21,20 +21,32 @@ concurrency: jobs: check_and_test: name: Check - needs: - [ - sqlite_bundled, - sqlite_wasm, - rustfmt_and_clippy, - postgres_bundled, - mysql_bundled, - ] + needs: [rustfmt_and_clippy] strategy: fail-fast: false matrix: - rust: ["stable", "beta", "nightly"] + rust: ["stable"] backend: ["postgres", "sqlite", "mysql"] - os: [ubuntu-latest, macos-13, macos-15, windows-2025] + os: [ubuntu-latest, macos-13, macos-15, windows-2025, ubuntu-22.04-arm] + include: + - rust: "beta" + backend: "postgres" + os: "ubuntu-latest" + - rust: "beta" + backend: "sqlite" + os: "ubuntu-latest" + - rust: "beta" + backend: "mysql" + os: "ubuntu-latest" + - rust: "nightly" + backend: "postgres" + os: "ubuntu-latest" + - rust: "nightly" + backend: "sqlite" + os: "ubuntu-latest" + - rust: "nightly" + backend: "mysql" + os: "ubuntu-latest" runs-on: ${{ matrix.os }} steps: - name: Checkout sources @@ -239,6 +251,7 @@ jobs: compile_tests: name: Compiletests runs-on: ubuntu-latest + needs: [rustfmt_and_clippy] steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@master @@ -290,6 +303,7 @@ jobs: sqlite_wasm: name: Check sqlite wasm runs-on: ubuntu-latest + needs: [rustfmt_and_clippy] steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable @@ -310,6 +324,7 @@ jobs: sqlite_bundled: name: Check sqlite bundled + Sqlite with asan runs-on: ubuntu-latest + needs: [rustfmt_and_clippy] steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable @@ -341,6 +356,7 @@ jobs: postgres_bundled: name: Check postgres bundled + Postgres with asan runs-on: ubuntu-latest + needs: [rustfmt_and_clippy] steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable @@ -383,6 +399,7 @@ jobs: mysql_bundled: name: Check mysql bundled + Mysql with asan runs-on: ubuntu-latest + needs: [rustfmt_and_clippy] steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@stable @@ -394,9 +411,10 @@ jobs: key: mysql_bundled-cargo-${{ hashFiles('**/Cargo.toml') }} - name: Install Mysql (Linux) run: | - sudo systemctl start mysql.service sudo apt-get update sudo apt-get -y install libmysqlclient-dev llvm + sudo systemctl start mysql.service + sleep 5 mysql -e "create database diesel_test; create database diesel_unit_test; grant all on \`diesel_%\`.* to 'root'@'localhost';" -uroot -proot echo "MYSQL_DATABASE_URL=mysql://root:root@127.0.0.1/diesel_test" >> $GITHUB_ENV echo "MYSQL_EXAMPLE_DATABASE_URL=mysql://root:root@127.0.0.1/diesel_example" >> $GITHUB_ENV @@ -435,6 +453,7 @@ jobs: minimal_rust_version: name: Check Minimal supported rust version (1.78.0) runs-on: ubuntu-latest + needs: [rustfmt_and_clippy] steps: - uses: actions/checkout@v4 - uses: dtolnay/rust-toolchain@1.78.0 diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 810a41d19358..24974c25109a 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -1,4 +1,4 @@ -# This file was autogenerated by cargo-dist: https://opensource.axo.dev/cargo-dist/ +# This file was autogenerated by dist: https://opensource.axo.dev/cargo-dist/ # # Copyright 2022-2024, axodotdev # SPDX-License-Identifier: MIT or Apache-2.0 @@ -6,7 +6,7 @@ # CI that: # # * checks for a Git Tag that looks like a release -# * builds artifacts with cargo-dist (archives, installers, hashes) +# * builds artifacts with dist (archives, installers, hashes) # * uploads those artifacts to temporary workflow zip # * on success, uploads the artifacts to a GitHub Release # @@ -24,10 +24,10 @@ permissions: # must be a Cargo-style SemVer Version (must have at least major.minor.patch). # # If PACKAGE_NAME is specified, then the announcement will be for that -# package (erroring out if it doesn't have the given version or isn't cargo-dist-able). +# package (erroring out if it doesn't have the given version or isn't dist-able). # # If PACKAGE_NAME isn't specified, then the announcement will be for all -# (cargo-dist-able) packages in the workspace with that version (this mode is +# (dist-able) packages in the workspace with that version (this mode is # intended for workspaces with only one dist-able package, or with all dist-able # packages versioned/released in lockstep). # @@ -45,7 +45,7 @@ on: - '**[0-9]+.[0-9]+.[0-9]+*' jobs: - # Run 'cargo dist plan' (or host) to determine what tasks we need to do + # Run 'dist plan' (or host) to determine what tasks we need to do plan: runs-on: "ubuntu-20.04" outputs: @@ -59,16 +59,16 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install cargo-dist + - name: Install dist # we specify bash to get pipefail; it guards against the `curl` command # failing. otherwise `sh` won't catch that `curl` returned non-0 shell: bash - run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.21.1/cargo-dist-installer.sh | sh" - - name: Cache cargo-dist + run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/axodotdev/cargo-dist/releases/download/v0.28.0/cargo-dist-installer.sh | sh" + - name: Cache dist uses: actions/upload-artifact@v4 with: name: cargo-dist-cache - path: ~/.cargo/bin/cargo-dist + path: ~/.cargo/bin/dist # sure would be cool if github gave us proper conditionals... # so here's a doubly-nested ternary-via-truthiness to try to provide the best possible # functionality based on whether this is a pull_request, and whether it's from a fork. @@ -76,8 +76,8 @@ jobs: # but also really annoying to build CI around when it needs secrets to work right.) - id: plan run: | - cargo dist ${{ (!github.event.pull_request && format('host --steps=create --tag={0}', github.ref_name)) || 'plan' }} --output-format=json > plan-dist-manifest.json - echo "cargo dist ran successfully" + dist ${{ (!github.event.pull_request && format('host --steps=create --tag={0}', github.ref_name)) || 'plan' }} --output-format=json > plan-dist-manifest.json + echo "dist ran successfully" cat plan-dist-manifest.json echo "manifest=$(jq -c "." plan-dist-manifest.json)" >> "$GITHUB_OUTPUT" - name: "Upload dist-manifest.json" @@ -95,18 +95,19 @@ jobs: if: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix.include != null && (needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload') }} strategy: fail-fast: false - # Target platforms/runners are computed by cargo-dist in create-release. + # Target platforms/runners are computed by dist in create-release. # Each member of the matrix has the following arguments: # # - runner: the github runner - # - dist-args: cli flags to pass to cargo dist - # - install-dist: expression to run to install cargo-dist on the runner + # - dist-args: cli flags to pass to dist + # - install-dist: expression to run to install dist on the runner # # Typically there will be: # - 1 "global" task that builds universal installers # - N "local" tasks that build each platform's binaries and platform-specific installers matrix: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix }} runs-on: ${{ matrix.runner }} + container: ${{ matrix.container && matrix.container.image || null }} env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} BUILD_MANIFEST_NAME: target/distrib/${{ join(matrix.targets, '-') }}-dist-manifest.json @@ -117,8 +118,15 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install cargo-dist - run: ${{ matrix.install_dist }} + - name: Install Rust non-interactively if not already installed + if: ${{ matrix.container }} + run: | + if ! command -v cargo > /dev/null 2>&1; then + curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y + echo "$HOME/.cargo/bin" >> $GITHUB_PATH + fi + - name: Install dist + run: ${{ matrix.install_dist.run }} # Get the dist-manifest - name: Fetch local artifacts uses: actions/download-artifact@v4 @@ -132,8 +140,8 @@ jobs: - name: Build artifacts run: | # Actually do builds and make zips and whatnot - cargo dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json - echo "cargo dist ran successfully" + dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json + echo "dist ran successfully" - id: cargo-dist name: Post-build # We force bash here just because github makes it really hard to get values up @@ -143,7 +151,7 @@ jobs: run: | # Parse out what we just built and upload it to scratch storage echo "paths<> "$GITHUB_OUTPUT" - jq --raw-output ".upload_files[]" dist-manifest.json >> "$GITHUB_OUTPUT" + dist print-upload-files-from-manifest --manifest dist-manifest.json >> "$GITHUB_OUTPUT" echo "EOF" >> "$GITHUB_OUTPUT" cp dist-manifest.json "$BUILD_MANIFEST_NAME" @@ -168,12 +176,17 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install cached cargo-dist + - name: Install cached dist uses: actions/download-artifact@v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - - run: chmod +x ~/.cargo/bin/cargo-dist + - run: chmod +x ~/.cargo/bin/dist + - name: Install cargo-cyclonedx + # we specify bash to get pipefail; it guards against the `curl` command + # failing. otherwise `sh` won't catch that `curl` return non-0 + run: "curl --proto '=https' --tlsv1.2 -LsSf https://github.com/CycloneDX/cyclonedx-rust-cargo/releases/download/cargo-cyclonedx-0.5.5/cargo-cyclonedx-installer.sh | sh" + shell: bash # Get all the local artifacts for the global tasks to use (for e.g. checksums) - name: Fetch local artifacts uses: actions/download-artifact@v4 @@ -184,8 +197,8 @@ jobs: - id: cargo-dist shell: bash run: | - cargo dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json - echo "cargo dist ran successfully" + dist build ${{ needs.plan.outputs.tag-flag }} --output-format=json "--artifacts=global" > dist-manifest.json + echo "dist ran successfully" # Parse out what we just built and upload it to scratch storage echo "paths<> "$GITHUB_OUTPUT" @@ -193,12 +206,26 @@ jobs: echo "EOF" >> "$GITHUB_OUTPUT" cp dist-manifest.json "$BUILD_MANIFEST_NAME" + - id: cargo-cyclonedx + shell: bash + run: | + # Generate SBOM (.cdx.xml) files. + cargo cyclonedx -v + + # Move all SBOM (.cdx.xml) files under target/distrib/ since + # we expect all artifacts to be in that folder. + find . -name '*.cdx.xml' -exec mv '{}' target/distrib/ ';' + + echo "paths<> "$GITHUB_OUTPUT" + find . -name '*.cdx.xml' | tee -a "$GITHUB_OUTPUT" + echo "EOF" >> "$GITHUB_OUTPUT" - name: "Upload artifacts" uses: actions/upload-artifact@v4 with: name: artifacts-build-global path: | ${{ steps.cargo-dist.outputs.paths }} + ${{ steps.cargo-cyclonedx.output.paths }} ${{ env.BUILD_MANIFEST_NAME }} # Determines if we should publish/announce host: @@ -217,12 +244,12 @@ jobs: - uses: actions/checkout@v4 with: submodules: recursive - - name: Install cached cargo-dist + - name: Install cached dist uses: actions/download-artifact@v4 with: name: cargo-dist-cache path: ~/.cargo/bin/ - - run: chmod +x ~/.cargo/bin/cargo-dist + - run: chmod +x ~/.cargo/bin/dist # Fetch artifacts from scratch-storage - name: Fetch artifacts uses: actions/download-artifact@v4 @@ -233,7 +260,7 @@ jobs: - id: host shell: bash run: | - cargo dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json + dist host ${{ needs.plan.outputs.tag-flag }} --steps=upload --steps=release --output-format=json > dist-manifest.json echo "artifacts uploaded and released successfully" cat dist-manifest.json echo "manifest=$(jq -c "." dist-manifest.json)" >> "$GITHUB_OUTPUT" diff --git a/Cargo.toml b/Cargo.toml index c533fd9eef3c..715c981de473 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -46,29 +46,6 @@ pq-sys = ">=0.6,<0.8" openssl-sys = "0.9.100" mysqlclient-sys = "0.4" -# Config for 'cargo dist' -[workspace.metadata.dist] -# The preferred cargo-dist version to use in CI (Cargo.toml SemVer syntax) -cargo-dist-version = "0.21.1" -# CI backends to support -ci = "github" -# The installers to generate for each app -installers = ["shell", "powershell"] -# Target platforms to build apps for (Rust target-triple syntax) -targets = ["aarch64-apple-darwin", "x86_64-apple-darwin", "x86_64-unknown-linux-gnu", "x86_64-pc-windows-msvc"] -# Which actions to run on pull requests -pr-run-mode = "plan" -# Whether cargo-dist should create a Github Release or use an existing draft -create-release = false -# Whether to install an updater program -install-updater = false -# Path that installers should place binaries in -install-path = "CARGO_HOME" - -[workspace.metadata.dist.github-custom-runners] -aarch64-apple-darwin = "macos-14" -x86_64-unknown-linux-gnu = "ubuntu-22.04" - [profile.dev.package.insta] opt-level = 3 diff --git a/dist-workspace.toml b/dist-workspace.toml new file mode 100644 index 000000000000..d9643538cb27 --- /dev/null +++ b/dist-workspace.toml @@ -0,0 +1,35 @@ +[workspace] +members = ["cargo:."] + +# Config for 'dist' +[dist] +# The preferred dist version to use in CI (Cargo.toml SemVer syntax) +cargo-dist-version = "0.28.0" +# CI backends to support +ci = "github" +# The installers to generate for each app +installers = ["shell", "powershell"] +# Target platforms to build apps for (Rust target-triple syntax) +targets = ["aarch64-apple-darwin", "aarch64-unknown-linux-gnu", "x86_64-apple-darwin", "x86_64-unknown-linux-gnu", "x86_64-pc-windows-msvc"] +# Which actions to run on pull requests +pr-run-mode = "plan" +# Whether dist should create a Github Release or use an existing draft +create-release = false +# Whether to install an updater program +install-updater = false +# Path that installers should place binaries in +install-path = "CARGO_HOME" +cargo-cyclonedx = true + +[dist.min-glibc-version] +"*" = "2.17" + +[dist.dependencies.apt] +libncurses5-dev = '*' + +# otherwise the builds fail for whatever reason +[dist.github-custom-runners] +aarch64-apple-darwin = "macos-14" +aarch64-unknown-linux-gnu = "ubuntu-22.04-arm" +x86_64-unknown-linux-gnu = "ubuntu-22.04" +