mirror of
https://github.com/pchuan98/codex.git
synced 2026-07-01 00:31:56 +08:00
1168254bd9
## Why It's hard to change the set of required jobs when they're managed in the GitHub UI, and when each workflow is responsible for choosing it's own scheduling it's easy to end up with skew between what we enforce on PRs vs. on main. ## What - add a `blocking-ci` caller workflow, triggered by pull requests and pushes to `main`, for Bazel, blob size, cargo-deny, Codespell, `repo-checks`, rust CI, and SDK CI - add an `always()` terminal job named `CI required` that fails unless every called workflow succeeds - add a `postmerge-ci` caller workflow for `rust-ci-full` and `v8-canary`, with a terminal `Postmerge CI results` job - centralize V8 relevance detection in `v8_canary_changes.py`; unrelated PR and postmerge runs execute metadata only and skip the expensive build matrices - leave `v8-canary` outside the blocking gate and leave the external `cla` check independent ## Rollout A repository admin must replace the existing required GitHub Actions contexts with `CI required` in the main-branch ruleset. Retain `cla` as a separate required check. Until that change is coordinated, this PR cannot satisfy the old standalone check names. In-flight PRs will need to be rebased after this lands.
450 lines
16 KiB
YAML
450 lines
16 KiB
YAML
name: v8-canary
|
|
|
|
# Do not use trigger-level path filters here. This workflow is also called by
|
|
# postmerge-ci, and GitHub cannot share a path filter between pull_request and
|
|
# workflow_call. v8_canary_changes.py is the single source of truth instead;
|
|
# unrelated events run only the cheap metadata job below.
|
|
on:
|
|
workflow_call:
|
|
pull_request: {}
|
|
workflow_dispatch:
|
|
|
|
# Cargo's libgit2 transport has been flaky when fetching git dependencies with
|
|
# nested submodules. Prefer the system git CLI for Cargo builds and smoke tests.
|
|
env:
|
|
CARGO_NET_GIT_FETCH_WITH_CLI: "true"
|
|
|
|
concurrency:
|
|
group: ${{ github.workflow }}::${{ github.event.pull_request.number > 0 && format('pr-{0}', github.event.pull_request.number) || github.ref_name }}
|
|
cancel-in-progress: ${{ github.ref_name != 'main' }}
|
|
|
|
jobs:
|
|
metadata:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
# A stale PR head can contain the old detector, which does not emit this
|
|
# output. Missing must mean "run" so older branches cannot silently skip
|
|
# the expensive V8 coverage while reporting success.
|
|
canary_required: ${{ steps.changes.outputs.canary_required || 'true' }}
|
|
v8_version: ${{ steps.v8_version.outputs.version }}
|
|
windows_source_required: ${{ steps.changes.outputs.windows_source_required }}
|
|
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
|
|
fetch-depth: 0
|
|
persist-credentials: false
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
- name: Resolve exact v8 crate version
|
|
id: v8_version
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
version="$(python3 .github/scripts/rusty_v8_bazel.py resolved-v8-crate-version)"
|
|
echo "version=${version}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Detect V8 canary changes
|
|
id: changes
|
|
env:
|
|
BASE_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event.before }}
|
|
EVENT_NAME: ${{ github.event_name }}
|
|
HEAD_SHA: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
# Manual runs have no meaningful before/after range. Force every V8
|
|
# variant so workflow_dispatch remains a reliable retry path.
|
|
if [[ "${EVENT_NAME}" == "workflow_dispatch" ]]; then
|
|
output="$(python3 .github/scripts/v8_canary_changes.py --force)"
|
|
else
|
|
output="$(python3 .github/scripts/v8_canary_changes.py \
|
|
--base "${BASE_SHA}" \
|
|
--head "${HEAD_SHA}")"
|
|
fi
|
|
echo "${output}"
|
|
echo "${output}" >> "${GITHUB_OUTPUT}"
|
|
|
|
- name: Check for a clean worktree
|
|
if: always() && !cancelled()
|
|
uses: ./.github/actions/check-clean-worktree
|
|
|
|
build:
|
|
name: Build ${{ matrix.variant }} ${{ matrix.target }}
|
|
needs: metadata
|
|
# Metadata always runs; only relevant changes pay for the large matrix.
|
|
if: ${{ needs.metadata.outputs.canary_required == 'true' }}
|
|
runs-on: ${{ matrix.runner }}
|
|
permissions:
|
|
contents: read
|
|
actions: read
|
|
environment:
|
|
name: bazel
|
|
deployment: false
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runner: ubuntu-24.04
|
|
bazel_config: ci-v8
|
|
platform: linux_amd64
|
|
sandbox: false
|
|
target: x86_64-unknown-linux-gnu
|
|
v8_cpu: x64
|
|
variant: release
|
|
- runner: ubuntu-24.04
|
|
bazel_config: ci-v8
|
|
platform: linux_amd64
|
|
sandbox: true
|
|
target: x86_64-unknown-linux-gnu
|
|
v8_cpu: x64
|
|
variant: ptrcomp-sandbox
|
|
- runner: ubuntu-24.04-arm
|
|
bazel_config: ci-v8
|
|
platform: linux_arm64
|
|
sandbox: false
|
|
target: aarch64-unknown-linux-gnu
|
|
v8_cpu: arm64
|
|
variant: release
|
|
- runner: ubuntu-24.04-arm
|
|
bazel_config: ci-v8
|
|
platform: linux_arm64
|
|
sandbox: true
|
|
target: aarch64-unknown-linux-gnu
|
|
v8_cpu: arm64
|
|
variant: ptrcomp-sandbox
|
|
- runner: macos-15-xlarge
|
|
bazel_config: ci-macos
|
|
platform: macos_amd64
|
|
sandbox: false
|
|
target: x86_64-apple-darwin
|
|
v8_cpu: x64
|
|
variant: release
|
|
- runner: macos-15-xlarge
|
|
bazel_config: ci-macos
|
|
platform: macos_amd64
|
|
sandbox: true
|
|
target: x86_64-apple-darwin
|
|
v8_cpu: x64
|
|
variant: ptrcomp-sandbox
|
|
- runner: macos-15-xlarge
|
|
bazel_config: ci-macos
|
|
platform: macos_arm64
|
|
sandbox: false
|
|
target: aarch64-apple-darwin
|
|
v8_cpu: arm64
|
|
variant: release
|
|
- runner: macos-15-xlarge
|
|
bazel_config: ci-macos
|
|
platform: macos_arm64
|
|
sandbox: true
|
|
target: aarch64-apple-darwin
|
|
v8_cpu: arm64
|
|
variant: ptrcomp-sandbox
|
|
- runner: ubuntu-24.04
|
|
bazel_config: ci-v8
|
|
platform: linux_amd64_musl
|
|
sandbox: false
|
|
target: x86_64-unknown-linux-musl
|
|
v8_cpu: x64
|
|
variant: release
|
|
- runner: ubuntu-24.04
|
|
bazel_config: ci-v8
|
|
platform: linux_amd64_musl
|
|
sandbox: true
|
|
target: x86_64-unknown-linux-musl
|
|
v8_cpu: x64
|
|
variant: ptrcomp-sandbox
|
|
- runner: ubuntu-24.04-arm
|
|
bazel_config: ci-v8
|
|
platform: linux_arm64_musl
|
|
sandbox: false
|
|
target: aarch64-unknown-linux-musl
|
|
v8_cpu: arm64
|
|
variant: release
|
|
- runner: ubuntu-24.04-arm
|
|
bazel_config: ci-v8
|
|
platform: linux_arm64_musl
|
|
sandbox: true
|
|
target: aarch64-unknown-linux-musl
|
|
v8_cpu: arm64
|
|
variant: ptrcomp-sandbox
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
|
|
with:
|
|
ref: ${{ github.event_name == 'pull_request' && github.event.pull_request.head.sha || github.sha }}
|
|
persist-credentials: false
|
|
|
|
- name: Set up Bazel
|
|
uses: ./.github/actions/setup-bazel-ci
|
|
with:
|
|
target: ${{ matrix.target }}
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0
|
|
with:
|
|
python-version: "3.12"
|
|
|
|
- name: Set up Rust toolchain for Cargo smoke
|
|
uses: dtolnay/rust-toolchain@e081816240890017053eacbb1bdf337761dc5582 # 1.95.0
|
|
with:
|
|
toolchain: "1.95.0"
|
|
|
|
- name: Build Bazel V8 release pair
|
|
env:
|
|
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
|
|
PLATFORM: ${{ matrix.platform }}
|
|
SANDBOX: ${{ matrix.sandbox }}
|
|
TARGET: ${{ matrix.target }}
|
|
V8_CPU: ${{ matrix.v8_cpu }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
target_suffix="${TARGET//-/_}"
|
|
pair_kind="release_pair"
|
|
if [[ "${SANDBOX}" == "true" ]]; then
|
|
pair_kind="sandbox_release_pair"
|
|
fi
|
|
pair_target="//third_party/v8:rusty_v8_${pair_kind}_${target_suffix}"
|
|
|
|
bazel_args=(
|
|
build
|
|
"--platforms=@llvm//platforms:${PLATFORM}"
|
|
--config=rusty-v8-upstream-libcxx
|
|
"--config=v8-target-${V8_CPU}"
|
|
"${pair_target}"
|
|
--build_metadata=COMMIT_SHA=$(git rev-parse HEAD)
|
|
)
|
|
if [[ "${SANDBOX}" != "true" ]]; then
|
|
bazel_args+=(--config=v8-release-compat)
|
|
fi
|
|
|
|
./.github/scripts/run_bazel_with_buildbuddy.py \
|
|
--noexperimental_remote_repo_contents_cache \
|
|
"${bazel_args[@]}" \
|
|
"--config=${{ matrix.bazel_config }}"
|
|
|
|
- name: Stage release pair
|
|
env:
|
|
BAZEL_CONFIG: ${{ matrix.bazel_config }}
|
|
BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }}
|
|
PLATFORM: ${{ matrix.platform }}
|
|
SANDBOX: ${{ matrix.sandbox }}
|
|
TARGET: ${{ matrix.target }}
|
|
V8_CPU: ${{ matrix.v8_cpu }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
stage_args=(
|
|
--platform "${PLATFORM}"
|
|
--target "${TARGET}"
|
|
--output-dir "dist/${TARGET}"
|
|
--bazel-config "${BAZEL_CONFIG}"
|
|
--bazel-config "v8-target-${V8_CPU}"
|
|
)
|
|
if [[ "${SANDBOX}" == "true" ]]; then
|
|
stage_args+=(--sandbox)
|
|
else
|
|
stage_args+=(--bazel-config v8-release-compat)
|
|
fi
|
|
|
|
python3 .github/scripts/rusty_v8_bazel.py stage-release-pair "${stage_args[@]}"
|
|
|
|
- name: Smoke test staged artifact with Cargo
|
|
env:
|
|
SANDBOX: ${{ matrix.sandbox }}
|
|
TARGET: ${{ matrix.target }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
host_arch="$(uname -m)"
|
|
case "${TARGET}:${host_arch}" in
|
|
x86_64-apple-darwin:x86_64|aarch64-apple-darwin:arm64|x86_64-unknown-linux-gnu:x86_64|aarch64-unknown-linux-gnu:aarch64)
|
|
;;
|
|
*)
|
|
echo "Skipping non-native Cargo smoke for ${TARGET} on ${host_arch}."
|
|
exit 0
|
|
;;
|
|
esac
|
|
|
|
archive="$(find "dist/${TARGET}" -maxdepth 1 -type f -name 'librusty_v8_*.a.gz' -print -quit)"
|
|
binding="$(find "dist/${TARGET}" -maxdepth 1 -type f -name 'src_binding_*.rs' -print -quit)"
|
|
if [[ -z "${archive}" || -z "${binding}" ]]; then
|
|
echo "Missing staged archive or binding for ${TARGET}." >&2
|
|
exit 1
|
|
fi
|
|
|
|
cargo_args=(test -p codex-v8-poc)
|
|
if [[ "${SANDBOX}" == "true" ]]; then
|
|
cargo_args+=(--features sandbox)
|
|
fi
|
|
|
|
(
|
|
cd codex-rs
|
|
CARGO_TARGET_DIR="${RUNNER_TEMP}/rusty-v8-cargo-smoke-${TARGET}-${SANDBOX}" \
|
|
RUSTY_V8_ARCHIVE="${GITHUB_WORKSPACE}/${archive}" \
|
|
RUSTY_V8_SRC_BINDING_PATH="${GITHUB_WORKSPACE}/${binding}" \
|
|
cargo "${cargo_args[@]}"
|
|
)
|
|
|
|
- name: Upload staged artifacts
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0
|
|
with:
|
|
name: v8-canary-${{ needs.metadata.outputs.v8_version }}-${{ matrix.variant }}-${{ matrix.target }}
|
|
path: dist/${{ matrix.target }}/*
|
|
|
|
- name: Check for a clean worktree
|
|
if: always() && !cancelled()
|
|
uses: ./.github/actions/check-clean-worktree
|
|
|
|
build-windows-source:
|
|
name: Build ptrcomp-sandbox ${{ matrix.target }} from source
|
|
needs: metadata
|
|
if: ${{ needs.metadata.outputs.windows_source_required == 'true' }}
|
|
runs-on: ${{ matrix.runner }}
|
|
permissions:
|
|
contents: read
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runner: windows-2022
|
|
target: x86_64-pc-windows-msvc
|
|
- runner: windows-2022
|
|
target: aarch64-pc-windows-msvc
|
|
|
|
steps:
|
|
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
|
|
- name: Configure git for upstream checkout
|
|
shell: bash
|
|
run: git config --global core.symlinks true
|
|
|
|
- name: Check out upstream rusty_v8
|
|
uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
|
|
with:
|
|
repository: denoland/rusty_v8
|
|
ref: v${{ needs.metadata.outputs.v8_version }}
|
|
path: upstream-rusty-v8
|
|
submodules: recursive
|
|
|
|
- name: Set up Python
|
|
uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6
|
|
with:
|
|
python-version: "3.11"
|
|
architecture: x64
|
|
|
|
- name: Set up Codex Rust toolchain for Cargo smoke
|
|
uses: dtolnay/rust-toolchain@e081816240890017053eacbb1bdf337761dc5582 # 1.95.0
|
|
with:
|
|
toolchain: "1.95.0"
|
|
targets: ${{ matrix.target }}
|
|
|
|
- name: Install rusty_v8 Rust toolchain
|
|
env:
|
|
TARGET: ${{ matrix.target }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
rustup toolchain install 1.91.0 --profile minimal --no-self-update
|
|
rustup target add --toolchain 1.91.0 "${TARGET}"
|
|
|
|
- name: Write upstream submodule status
|
|
shell: bash
|
|
working-directory: upstream-rusty-v8
|
|
run: git submodule status --recursive > git_submodule_status.txt
|
|
|
|
- name: Restore upstream source-build cache
|
|
uses: actions/cache@668228422ae6a00e4ad889ee87cd7109ec5666a7 # v5
|
|
with:
|
|
path: |
|
|
upstream-rusty-v8/target/sccache
|
|
upstream-rusty-v8/target/${{ matrix.target }}/release/gn_out
|
|
key: rusty-v8-source-${{ matrix.target }}-sandbox-${{ hashFiles('upstream-rusty-v8/Cargo.lock', 'upstream-rusty-v8/build.rs', 'upstream-rusty-v8/git_submodule_status.txt') }}
|
|
restore-keys: |
|
|
rusty-v8-source-${{ matrix.target }}-sandbox-
|
|
|
|
- name: Install and start sccache
|
|
shell: pwsh
|
|
env:
|
|
SCCACHE_CACHE_SIZE: 256M
|
|
SCCACHE_DIR: ${{ github.workspace }}/upstream-rusty-v8/target/sccache
|
|
SCCACHE_IDLE_TIMEOUT: 0
|
|
run: |
|
|
$version = "v0.8.2"
|
|
$platform = "x86_64-pc-windows-msvc"
|
|
$basename = "sccache-$version-$platform"
|
|
$url = "https://github.com/mozilla/sccache/releases/download/$version/$basename.tar.gz"
|
|
cd ~
|
|
curl -LO $url
|
|
tar -xzvf "$basename.tar.gz"
|
|
. $basename/sccache --start-server
|
|
echo "$(pwd)/$basename" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append
|
|
|
|
- name: Install Chromium clang for ARM64 MSVC cross build
|
|
if: matrix.target == 'aarch64-pc-windows-msvc'
|
|
shell: bash
|
|
working-directory: upstream-rusty-v8
|
|
run: python3 tools/clang/scripts/update.py
|
|
|
|
- name: Build upstream rusty_v8 sandbox release pair
|
|
env:
|
|
SCCACHE_IDLE_TIMEOUT: 0
|
|
TARGET: ${{ matrix.target }}
|
|
V8_FROM_SOURCE: "1"
|
|
shell: bash
|
|
working-directory: upstream-rusty-v8
|
|
run: cargo +1.91.0 build --locked --release --target "${TARGET}" --features v8_enable_sandbox
|
|
|
|
- name: Stage upstream sandbox release pair
|
|
env:
|
|
TARGET: ${{ matrix.target }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
python3 .github/scripts/rusty_v8_bazel.py stage-upstream-release-pair \
|
|
--source-root upstream-rusty-v8 \
|
|
--target "${TARGET}" \
|
|
--output-dir "dist/${TARGET}" \
|
|
--sandbox
|
|
|
|
- name: Smoke link staged artifact with Cargo
|
|
env:
|
|
TARGET: ${{ matrix.target }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
|
|
archive="$(find "dist/${TARGET}" -maxdepth 1 -type f -name 'rusty_v8_*.lib.gz' -print -quit)"
|
|
binding="$(find "dist/${TARGET}" -maxdepth 1 -type f -name 'src_binding_*.rs' -print -quit)"
|
|
if [[ -z "${archive}" || -z "${binding}" ]]; then
|
|
echo "Missing staged archive or binding for ${TARGET}." >&2
|
|
exit 1
|
|
fi
|
|
|
|
(
|
|
cd codex-rs
|
|
RUSTY_V8_ARCHIVE="${GITHUB_WORKSPACE}/${archive}" \
|
|
RUSTY_V8_SRC_BINDING_PATH="${GITHUB_WORKSPACE}/${binding}" \
|
|
cargo +1.95.0 test -p codex-v8-poc --target "${TARGET}" --features sandbox --no-run
|
|
)
|
|
|
|
- name: Upload staged artifacts
|
|
uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7
|
|
with:
|
|
name: v8-canary-${{ needs.metadata.outputs.v8_version }}-ptrcomp-sandbox-${{ matrix.target }}
|
|
path: dist/${{ matrix.target }}/*
|
|
|
|
- name: Check for a clean worktree
|
|
if: always() && !cancelled()
|
|
uses: ./.github/actions/check-clean-worktree
|