GaloisInc/cryptol
1
1
Fork 0
mirror of https://github.com/GaloisInc/cryptol.git synced 2024-07-07 10:46:54 +03:00
Code Issues Projects Releases Wiki Activity

Prep CI for upcoming release (#1123)

Browse Source 
- Container images are now published to ghcr.io rather than docker hub (closes #1110):
  - https://github.com/orgs/GaloisInc/packages/container/package/cryptol
  - https://github.com/orgs/GaloisInc/packages/container/package/cryptol-remote-api
- Docker builds for all images are cached against ghcr.io (doesn't provide incremental builds, but it still helps a lot).
  - https://github.com/orgs/GaloisInc/packages/container/package/cache-cryptol
  - https://github.com/orgs/GaloisInc/packages/container/package/cache-cryptol-remote-api
- "Portable" variant of cryptol-remote-api is now built and tested to the same degree as the non-portable one
- Normalized CI workflows to [`.github/workflows/ci.yml`](https://github.com/GaloisInc/cryptol/blob/lisanna/docker-publishing/.github/workflows/ci.yml) (closes #1115)
- Pre-merge and release build configurations are now more or less the same, so release process remains validated (closes #1114, closes #1116)
- Matrix configs for each job are visible at high-level views of the workflow
- Always upload workflow artifacts, use sensible retention periods for publish vs. non-publish
- `cryptol-eval-server` included in cryptol-remote-api container image (closes #1112)
- Pathclearing for static linking (#1113)
This commit is contained in:
Lisanna Dettwyler 2021-03-23 15:24:48 -07:00 committed by GitHub
parent b64e07526d
commit f021990eba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 362 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/ci.sh vendored
View File

@ -174,9 +174,7 @@ zip_dist() {
: "${VERSION?VERSION is required as an environment variable}"
name="${name:-"cryptol-$VERSION-$RUNNER_OS-x86_64"}"
mv dist "$name"
tar -czf "$name".tar.gz "$name"
sign "$name".tar.gz
[[ -f "$name".tar.gz.sig ]] && [[ -f "$name".tar.gz ]]
tar -cvzf "$name".tar.gz "$name"
}
output() { echo "::set-output name=$1::$2"; }

242
.github/workflows/build.yml vendored
View File

@ -1,242 +0,0 @@
name: Cryptol
on:
push:
branches: [master, "release-**"]
pull_request:
jobs:
outputs:
runs-on: ubuntu-latest
outputs:
changed: ${{ steps.outputs.outputs.changed-files }}
cryptol-version: ${{ steps.outputs.outputs.cryptol-version }}
name: ${{ steps.outputs.outputs.name }}
release: ${{ steps.env.outputs.release }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- id: env
if: |
startsWith(github.ref, 'refs/heads/release-')
|| (github.event_name == 'pull_request' && startsWith(github.head_ref, 'actions/'))
run: .github/ci.sh output release 1
- id: outputs
run: |
.github/ci.sh set_files ${{ github.sha }}
.github/ci.sh set_version
.github/ci.sh output name cryptol-$(.github/ci.sh ver)
build:
runs-on: ${{ matrix.os }}
needs: [outputs]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
ghc: ["8.6.5", "8.8.4", "8.10.2"]
exclude:
# https://gitlab.haskell.org/ghc/ghc/-/issues/18550
- os: windows-latest
ghc: 8.10.2
name: Cryptol - GHC v${{ matrix.ghc }} - ${{ matrix.os }}
env:
RELEASE: ${{ needs.outputs.outputs.release }}
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- uses: actions/setup-haskell@v1
id: setup-haskell
with:
ghc-version: ${{ matrix.ghc }}
- uses: actions/cache@v2
name: Cache cabal store
with:
path: |
${{ steps.setup-haskell.outputs.cabal-store }}
dist-newstyle
key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }}
restore-keys: |
cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-
- shell: bash
run: .github/ci.sh install_system_deps
env:
Z3_VERSION: "4.8.8"
CVC4_VERSION: "4.1.8"
YICES_VERSION: "2.6.2"
- shell: bash
run: .github/ci.sh setup_external_tools
- shell: bash
run: .github/ci.sh build
- shell: bash
run: .github/ci.sh check_docs
if: runner.os != 'Windows'
- shell: bash
run: .github/ci.sh test_dist
# TODO: get Python client to work on Windows
- shell: bash
run: .github/ci.sh test_rpc
if: runner.os != 'Windows'
- if: >-
env.RELEASE && matrix.ghc == '8.8.4'
uses: actions/upload-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
docs:
runs-on: ubuntu-latest
needs: [outputs]
if: >-
needs.outputs.outputs.release || contains(needs.outputs.outputs.changed, 'docs/')
steps:
- uses: actions/checkout@v2
- uses: docker://pandoc/latex:2.9.2
with:
args: >-
sh -c
"
apk add make &&
tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo &&
cd docs &&
make
"
- uses: actions/upload-artifact@v2
with:
path: docs
name: docs
bundle:
runs-on: ${{ matrix.os }}
if: needs.outputs.outputs.release
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
ghc: ["8.8.4"]
needs: [outputs, docs, build]
env:
VERSION: ${{ needs.outputs.outputs.cryptol-version }}
RELEASE: ${{ needs.outputs.outputs.release }}
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
- uses: actions/download-artifact@v2
with:
path: docs
name: docs
- shell: bash
run: .github/ci.sh bundle_files
- if: runner.os == 'Windows'
run: .github/wix.ps1
- if: runner.os == 'Windows'
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign cryptol.msi
- shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh zip_dist
- uses: actions/upload-artifact@v2
with:
name: ${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64
path: "${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64.tar.gz*"
- uses: actions/upload-artifact@v2
if: runner.os == 'Windows'
with:
name: ${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64
path: "cryptol.msi*"
docker:
runs-on: ubuntu-latest
needs: [outputs]
if: contains(needs.outputs.outputs.changed, 'Dockerfile')
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Build Docker
uses: docker/build-push-action@v1
with:
repository: galoisinc/cryptol
push: false
docker-server-test:
runs-on: ubuntu-latest
needs: [outputs]
strategy:
fail-fast: false
name: Docker Cryptol Remote API Test
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- shell: bash
run: cryptol-remote-api/build_and_test_docker.sh
release:
needs: [outputs, bundle]
if: needs.outputs.outputs.release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: release-drafter/release-drafter@v5
id: release
with:
version: v${{ needs.outputs.outputs.cryptol-version }}
name: v${{ needs.outputs.outputs.cryptol-version }}
tag: v${{ needs.outputs.outputs.cryptol-version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/download-artifact@v2
with:
path: artifacts
- name: Upload artifacts to release
run: |
# workaround for draft-releaser being hard to test in CI
tag="v${VERSION}"
body="${body:-$tag}"
if ! hub release show "$tag"; then
hub release create -d -m "$body" "$tag"
fi
assets=()
find ./artifacts \( -name 'cryptol*.tar.gz*' -o -name '*.msi*' \) -type f -print0 |
while IFS= read -r -d '' a; do assets+=("-a" "$a"); done
hub release edit -d "${assets[@]}" -m "" "$tag"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ needs.outputs.outputs.cryptol-version }}
body: ${{ steps.release.outputs.body }}

326
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,326 @@
name: Cryptol
on:
push:
tags: ["v?[0-9]+.[0-9]+(.[0-9]+)?"]
branches: [master, "release-**"]
pull_request:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
inputs:
publish:
description: "Publish release artifacts"
required: false
default: "false"
env:
Z3_VERSION: "4.8.8"
CVC4_VERSION: "4.1.8"
YICES_VERSION: "2.6.2"
jobs:
config:
runs-on: ubuntu-latest
outputs:
changed: ${{ steps.getconf.outputs.changed-files }}
cryptol-version: ${{ steps.getconf.outputs.cryptol-version }}
name: ${{ steps.getconf.outputs.name }}
publish: ${{ steps.getconf-publish.outputs.publish }}
retention-days: ${{ steps.getconf-publish.outputs.retention-days }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- id: getconf
run: |
.github/ci.sh set_files ${{ github.sha }}
.github/ci.sh set_version
.github/ci.sh output name cryptol-$(.github/ci.sh ver)
.github/ci.sh output retention-days 5
- id: getconf-publish
if: |
(github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')) ||
(github.event_name == 'schedule') ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true')
run: |
.github/ci.sh output publish true
.github/ci.sh output retention-days 90
build:
runs-on: ${{ matrix.os }}
needs: [config]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
ghc: ["8.6.5", "8.8.4", "8.10.2"]
exclude:
# https://gitlab.haskell.org/ghc/ghc/-/issues/18550
- os: windows-latest
ghc: 8.10.2
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- uses: actions/setup-haskell@v1
id: setup-haskell
with:
ghc-version: ${{ matrix.ghc }}
- uses: actions/cache@v2
name: Cache cabal store
with:
path: |
${{ steps.setup-haskell.outputs.cabal-store }}
dist-newstyle
key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }}
restore-keys: |
cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-
- shell: bash
run: .github/ci.sh install_system_deps
- shell: bash
run: .github/ci.sh setup_external_tools
- shell: bash
run: .github/ci.sh build
- shell: bash
run: .github/ci.sh check_docs
if: runner.os != 'Windows'
- shell: bash
run: .github/ci.sh test_dist
# TODO: get Python client to work on Windows
- shell: bash
run: .github/ci.sh test_rpc
if: runner.os != 'Windows'
- if: matrix.ghc == '8.8.4'
uses: actions/upload-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
retention-days: ${{ needs.config.outputs.retention-days }}
build-docs:
runs-on: ubuntu-latest
needs: [config]
steps:
- uses: actions/checkout@v2
- uses: docker://pandoc/latex:2.9.2
with:
args: >-
sh -c
"
apk add make &&
tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo &&
cd docs &&
make
"
- uses: actions/upload-artifact@v2
with:
path: docs
name: docs
retention-days: ${{ needs.config.outputs.retention-days }}
bundle:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
needs: [config, build-docs, build]
env:
VERSION: ${{ needs.config.outputs.cryptol-version }}
RELEASE: ${{ needs.config.outputs.release }}
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
- uses: actions/download-artifact@v2
with:
path: docs
name: docs
- shell: bash
run: .github/ci.sh bundle_files
- if: runner.os == 'Windows'
run: .github/wix.ps1
- if: |
runner.os == 'Windows' &&
(github.head_ref == 'master' ||
startsWith(github.head_ref, 'release-'))
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign cryptol.msi
- shell: bash
run: |
echo "NAME=${{ needs.config.outputs.name }}-${{ runner.os }}-x86_64" >> $GITHUB_ENV
.github/ci.sh zip_dist $NAME
- if: |
github.head_ref == 'master' ||
startsWith(github.head_ref, 'release-')
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign ${NAME}.tar.gz
- uses: actions/upload-artifact@v2
with:
name: ${{ env.NAME }}
path: "${{ env.NAME }}.tar.gz*"
if-no-files-found: error
retention-days: ${{ needs.config.outputs.retention-days }}
- uses: actions/upload-artifact@v2
if: runner.os == 'Windows'
with:
name: ${{ env.NAME }}
path: "cryptol.msi*"
if-no-files-found: error
retention-days: ${{ needs.config.outputs.retention-days }}
build-push-image:
runs-on: ubuntu-latest
needs: [config]
strategy:
fail-fast: false
matrix:
include:
- build-args: ''
file: Dockerfile
image: ghcr.io/galoisinc/cryptol
cache: ghcr.io/galoisinc/cache-cryptol
- build-args: PORTABILITY=true
file: cryptol-remote-api/Dockerfile
image: ghcr.io/galoisinc/cryptol-remote-api
cache: ghcr.io/galoisinc/cache-cryptol-remote-api
- build-args: PORTABILITY=false
file: cryptol-remote-api/Dockerfile
image: ghcr.io/galoisinc/cryptol-remote-api
cache: ghcr.io/galoisinc/cache-cryptol-remote-api
steps:
- if: matrix.build-args == 'PORTABILITY=true'
id: prefix
run: echo "::set-output name=prefix::portable-"
- uses: rlespinasse/github-slug-action@v3.x
- id: common-tag
run: echo "::set-output name=common-tag::${{ steps.prefix.outputs.prefix }}$GITHUB_REF_SLUG"
- uses: docker/setup-buildx-action@v1
- uses: crazy-max/ghaction-docker-meta@v1
name: Labels
id: labels
with:
images: ${{ matrix.image }}
- if: github.event_name != 'pull_request'
uses: crazy-max/ghaction-docker-meta@v1
name: Tags
id: tags
with:
images: ${{ matrix.image }}
tag-semver: |
${{ steps.prefix.outputs.prefix }}{{version}}
${{ steps.prefix.outputs.prefix }}{{major}}.{{minor}}
tag-schedule: |
${{ steps.prefix.outputs.prefix }}nightly
- uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.CR_PAT }}
- uses: docker/build-push-action@v2
with:
tags: ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
load: true
push: false
file: ${{ matrix.file }}
build-args: ${{ matrix.build-args }}
cache-from: |
type=registry,ref=${{ matrix.cache }}:${{ steps.prefix.outputs.prefix }}master
type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }}
cache-to: type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }},mode=max
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
uses: actions/checkout@v2
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
uses: actions/setup-python@v2
with:
python-version: '3.x'
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
name: Test cryptol-remote-api
run: ./cryptol-remote-api/test_docker.sh ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
uses: docker/build-push-action@v2
name: Build test-cryptol-remote-api
with:
tags: test-cryptol-remote-api:latest
load: true
push: false
file: cryptol-remote-api/test.Dockerfile
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
name: Test cryptol-remote-api helm chart
run: |
set -x
kind create cluster --wait 10m
kind load docker-image ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
kind load docker-image test-cryptol-remote-api:latest
helm install --wait cra-http ./helm/cryptol-remote-api \
--set image.repository=${{ matrix.image }} \
--set image.tag=${{ steps.common-tag.outputs.common-tag }} \
--set image.pullPolicy=Never \
--set server.connType=http
helm install --wait cra-socket ./helm/cryptol-remote-api \
--set image.repository=${{ matrix.image }} \
--set image.tag=${{ steps.common-tag.outputs.common-tag }} \
--set image.pullPolicy=Never \
--set server.connType=socket
kubectl run --rm --attach test-http \
--image=test-cryptol-remote-api:latest \
--image-pull-policy=Never \
--restart=Never \
-- http cra-http-cryptol-remote-api 8080
kubectl run --rm --attach test-socket \
--image=test-cryptol-remote-api:latest \
--image-pull-policy=Never \
--restart=Never \
-- socket cra-socket-cryptol-remote-api 8080
- uses: docker/build-push-action@v2
with:
tags: |
${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
${{ steps.tags.outputs.tags }}
labels: ${{ steps.labels.outputs.labels }}
push: ${{ needs.config.outputs.publish }}
file: ${{ matrix.file }}
build-args: ${{ matrix.build-args }}

50
.github/workflows/docker.yml vendored
View File

@ -1,50 +0,0 @@
name: Docker
on:
push:
tags: ["v?[0-9]+.[0-9]+(.[0-9]+)?"]
workflow_dispatch:
inputs:
image-to-build:
description: "Manually build and push a docker image (cryptol|cryptol-remote-api)"
required: false
default: ""
jobs:
cryptol:
runs-on: ubuntu-latest
if: "github.event_name == 'push' || github.event.inputs.image-to-build == 'cryptol'"
steps:
- uses: actions/checkout@v2
with:
submodules: true
- run: .github/ci.sh set_version
id: outputs
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol
tags: "latest,${{ steps.outputs.outputs.cryptol-version }}"
add_git_labels: true
push: true
cryptol-remote-api:
if: "github.event_name == 'push' || github.event.inputs.image-to-build == 'cryptol-remote-api'"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- run: .github/ci.sh set_version
id: outputs
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol-remote-api
tags: "latest,${{ steps.outputs.outputs.cryptol-version }}"
add_git_labels: true
build_args: GHCVER=8.10.3
push: true
dockerfile: cryptol-remote-api/Dockerfile

187
.github/workflows/nightly.yml vendored
View File

@ -1,187 +0,0 @@
name: Cryptol Nightly Builds
on:
push:
branches: ["actions/**"]
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
outputs:
runs-on: ubuntu-latest
outputs:
cryptol-version: ${{ steps.cryptol.outputs.cryptol-version }}
cryptol-name: ${{ steps.cryptol.outputs.name }}
steps:
- uses: actions/checkout@v2
- id: cryptol
run: |
.github/ci.sh set_version
.github/ci.sh output name cryptol-$(.github/ci.sh ver)-$(date -I)
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: docker://pandoc/latex:2.9.2
with:
args: >-
sh -c
"
apk add make &&
tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo &&
cd docs &&
make
"
- uses: actions/upload-artifact@v2
with:
path: docs
name: docs
docker-cryptol:
runs-on: ubuntu-latest
needs: [outputs]
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol
tags: "nightly"
add_git_labels: true
push: ${{ github.event_name == 'schedule' }}
docker-cryptol-remote-api:
runs-on: ubuntu-latest
needs: [outputs]
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol-remote-api
tags: "nightly"
add_git_labels: true
push: ${{ github.event_name == 'schedule' }}
dockerfile: cryptol-remote-api/Dockerfile
- name: Build test-cryptol-remote-api
uses: docker/build-push-action@v1
with:
tags: latest
repository: galoisinc/test-cryptol-remote-api
push: false
dockerfile: cryptol-remote-api/test.Dockerfile
- name: Test cryptol-remote-api helm chart
run: |
set -x
kind create cluster --wait 10m
kind load docker-image galoisinc/cryptol-remote-api:nightly
kind load docker-image galoisinc/test-cryptol-remote-api:latest
helm install --wait cra-http ./helm/cryptol-remote-api --set server.connType=http --set image.tag=nightly
helm install --wait cra-socket ./helm/cryptol-remote-api --set server.connType=socket --set image.tag=nightly
kubectl run --rm --attach test-http --image=galoisinc/test-cryptol-remote-api --image-pull-policy=Never --restart=Never -- http cra-http-cryptol-remote-api 8080
kubectl run --rm --attach test-socket --image=galoisinc/test-cryptol-remote-api --image-pull-policy=Never --restart=Never -- socket cra-socket-cryptol-remote-api 8080
docker-cryptol-remote-api-portable:
runs-on: ubuntu-latest
steps:
- uses: docker/setup-buildx-action@v1
with:
install: true
- id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ghcr.io/galoisinc/cryptol-remote-api
tag-custom: nightly-portable
tag-custom-only: true
- uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.CR_PAT }}
- uses: docker/build-push-action@v2
with:
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
push: ${{ github.event_name == 'schedule' }}
file: cryptol-remote-api/Dockerfile
build-args: PORTABILITY=true
cache-from: type=registry,ref=ghcr.io/galoisinc/cryptol-remote-api:nightly-portable-cache
cache-to: type=registry,ref=ghcr.io/galoisinc/cryptol-remote-api:nightly-portable-cache,mode=max
build:
needs: [outputs, docs]
runs-on: ${{ matrix.os }}
env:
VERSION: ${{ needs.outputs.outputs.cryptol-version }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-haskell@v1
with:
ghc-version: 8.6.5
- uses: actions/cache@v2
name: Cache cabal store
with:
path: |
${{ steps.setup-haskell.outputs.cabal-store }}
dist-newstyle
key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }}
restore-keys: |
cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-
- uses: actions/download-artifact@v2
with:
path: docs
name: docs
- shell: bash
run: .github/ci.sh build
- shell: bash
run: .github/ci.sh setup_dist_bins
- shell: bash
run: .github/ci.sh bundle_files
- if: runner.os == 'Windows'
run: .github/wix.ps1
- if: runner.os == 'Windows'
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign cryptol.msi
- shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
name: ${{ needs.outputs.outputs.cryptol-name }}
run: .github/ci.sh zip_dist
- uses: actions/upload-artifact@v2
with:
name: ${{ needs.outputs.outputs.cryptol-name }}-${{ runner.os }}
path: "${{ needs.outputs.outputs.cryptol-name }}.tar.gz*"
- uses: actions/upload-artifact@v2
if: runner.os == 'Windows'
with:
name: ${{ needs.outputs.outputs.cryptol-name }}-${{ runner.os }}
path: "cryptol.msi*"

12
.github/workflows/pr-labeler.yml vendored
View File

@ -1,12 +0,0 @@
name: PR Labeler
on:
pull_request:
types: [opened]
jobs:
pr-labeler:
runs-on: ubuntu-latest
steps:
- uses: TimonVS/pr-labeler-action@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

6
README.md
View File

@ -1,6 +1,4 @@
[![Build
Status](https://github.com/GaloisInc/cryptol/workflows/Cryptol/badge.svg?branch=master)
](https://github.com/GaloisInc/cryptol/actions?query=workflow%3A%22Cryptol+Nightly+Builds%22)
[![Cryptol](https://github.com/GaloisInc/cryptol/actions/workflows/build.yml/badge.svg?event=push)](https://github.com/GaloisInc/cryptol/actions/workflows/ci.yml)
# Cryptol, version 2
@ -48,7 +46,7 @@ during type checking, and as the default solver for the `:sat` and
`:prove` commands. Cryptol generally requires the most recent version
of Z3, but you can see the specific version tested in CI by looking for
the `Z3_VERSION` setting in [this
file](https://github.com/GaloisInc/cryptol/blob/master/.github/workflows/build.yml).
file](https://github.com/GaloisInc/cryptol/blob/master/.github/workflows/ci.yml).
You can download Z3 binaries for a variety of platforms from their
[releases page](https://github.com/Z3Prover/z3/releases). If you

22
cryptol-remote-api/Dockerfile
View File

@ -44,18 +44,18 @@ RUN latest="$(curl -sSL 'http://cvc4.cs.stanford.edu/downloads/builds/x86_64-lin
# Set executable and run tests
RUN chmod +x rootfs/usr/local/bin/*
FROM debian:buster AS build
FROM debian:buster AS toolchain
ARG PORTABILITY=false
RUN apt-get update && apt-get install -y libncurses-dev libz-dev \
build-essential curl libffi-dev libffi6 libgmp-dev libgmp10 libncurses-dev libncurses5 libtinfo5 libnuma-dev \
$(if ${PORTABILITY}; then echo git autoconf python3; fi)
RUN curl -o /usr/local/bin/ghcup "https://downloads.haskell.org/~ghcup/0.1.12/x86_64-linux-ghcup-0.1.12" && chmod +x /usr/local/bin/ghcup
ENV GHCUP_USE_XDG_DIRS=true \
XDG_BIN_HOME=/usr/local/bin \
XDG_DATA_HOME=/usr/local/share
ENV GHCUP_INSTALL_BASE_PREFIX=/opt \
PATH=/opt/.ghcup/bin:$PATH
RUN curl -o /usr/local/bin/ghcup "https://downloads.haskell.org/~ghcup/0.1.14/x86_64-linux-ghcup-0.1.14" && \
chmod +x /usr/local/bin/ghcup
COPY --from=solvers /solvers/rootfs /
RUN ghcup install cabal --set
ENV PATH /root/.cabal/bin:$PATH
ENV PATH=/root/.cabal/bin:$PATH
ADD ./cryptol-remote-api/ghc-portability.patch .
ARG GHCVER
ARG GHCVER_BOOTSTRAP
@ -72,12 +72,15 @@ RUN if ${PORTABILITY}; then \
make -j && \
make install && \
cd .. && \
rm -rf ./ghc; \
rm -rf ./ghc && \
ghcup rm ghc ${GHCVER_BOOTSTRAP}; \
else \
ghcup install ghc ${GHCVER} && \
ghcup set ghc ${GHCVER}; \
fi
FROM toolchain AS build
RUN useradd -m cryptol
COPY --chown=cryptol:cryptol . /cryptol
USER cryptol
@ -91,8 +94,9 @@ COPY cabal.GHC-${GHCVER}.config cabal.project.freeze
RUN mkdir -p rootfs/usr/local/bin
RUN cabal v2-update && \
cabal v2-build -j cryptol-remote-api:exe:cryptol-remote-api && \
cp $(cabal v2-exec which cryptol-remote-api) rootfs/usr/local/bin
cabal v2-build -j cryptol-remote-api:exe:cryptol-remote-api cryptol-remote-api:exe:cryptol-eval-server && \
cp $(cabal v2-exec which cryptol-remote-api) rootfs/usr/local/bin && \
cp $(cabal v2-exec which cryptol-eval-server) rootfs/usr/local/bin
ENV PATH=/usr/local/bin:/cryptol/rootfs/usr/local/bin:$PATH
RUN mkdir -p rootfs/"${CRYPTOLPATH}" \
&& cp -r lib/* rootfs/"${CRYPTOLPATH}"

9
cryptol-remote-api/cryptol-remote-api.cabal
View File

@ -8,6 +8,9 @@ maintainer: dtc@galois.com
category: Language
extra-source-files: CHANGELOG.md
flag static
default: False
description: Create a statically-linked binary
common warnings
ghc-options:
@ -81,6 +84,9 @@ executable cryptol-remote-api
cryptol-remote-api,
sbv < 8.10
if os(linux) && flag(static)
ld-options: -static -pthread
executable cryptol-eval-server
import: deps, warnings, errors
main-is: Main.hs
@ -93,4 +99,7 @@ executable cryptol-eval-server
optparse-applicative,
sbv < 8.10
if os(linux) && flag(static)
ld-options: -static -pthread

7
cryptol-remote-api/build_and_test_docker.sh → cryptol-remote-api/test_docker.sh
View File

@ -2,17 +2,14 @@
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
pushd $DIR/..
docker build -t cryptol-remote-api --file cryptol-remote-api/Dockerfile .
popd
TAG=${1:-cryptol-remote-api}
pushd $DIR
docker run --name=cryptol-remote-api -d \
-v $PWD/python/tests/cryptol/test-files:/home/cryptol/tests/cryptol/test-files \
-p 8080:8080 \
cryptol-remote-api
$TAG
popd

10
cryptol.cabal
View File

@ -233,7 +233,8 @@ executable cryptol
ghc-options: -Wno-redundant-constraints
if os(linux) && flag(static)
ld-options: -static -pthread
ld-options: -static -pthread
ghc-options: -optl-fuse-ld=bfd
executable cryptol-html
Default-language:
@ -243,6 +244,10 @@ executable cryptol-html
build-depends: base, text, cryptol, blaze-html
GHC-options: -Wall
if os(linux) && flag(static)
ld-options: -static -pthread
ghc-options: -optl-fuse-ld=bfd
executable check-exercises
Default-language:
Haskell2010
@ -269,7 +274,8 @@ benchmark cryptol-bench
if impl(ghc >= 8.0.1)
ghc-options: -Wno-redundant-constraints
if os(linux) && flag(static)
ld-options: -static -pthread
ld-options: -static -pthread
ghc-options: -optl-fuse-ld=bfd
build-depends: base
, criterion
, cryptol

2
helm/cryptol-remote-api/values.yaml
View File

@ -5,7 +5,7 @@
replicaCount: 1
image:
repository: galoisinc/cryptol-remote-api
repository: ghcr.io/galoisinc/cryptol-remote-api
pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion.
tag: ""