From f021990eba54ff6b425afc4c0889a5cbf210640d Mon Sep 17 00:00:00 2001 From: Lisanna Dettwyler Date: Tue, 23 Mar 2021 15:24:48 -0700 Subject: [PATCH] Prep CI for upcoming release (#1123) - Container images are now published to ghcr.io rather than docker hub (closes #1110): - https://github.com/orgs/GaloisInc/packages/container/package/cryptol - https://github.com/orgs/GaloisInc/packages/container/package/cryptol-remote-api - Docker builds for all images are cached against ghcr.io (doesn't provide incremental builds, but it still helps a lot). - https://github.com/orgs/GaloisInc/packages/container/package/cache-cryptol - https://github.com/orgs/GaloisInc/packages/container/package/cache-cryptol-remote-api - "Portable" variant of cryptol-remote-api is now built and tested to the same degree as the non-portable one - Normalized CI workflows to [`.github/workflows/ci.yml`](https://github.com/GaloisInc/cryptol/blob/lisanna/docker-publishing/.github/workflows/ci.yml) (closes #1115) - Pre-merge and release build configurations are now more or less the same, so release process remains validated (closes #1114, closes #1116) - Matrix configs for each job are visible at high-level views of the workflow - Always upload workflow artifacts, use sensible retention periods for publish vs. non-publish - `cryptol-eval-server` included in cryptol-remote-api container image (closes #1112) - Pathclearing for static linking (#1113) --- .github/ci.sh | 4 +- .github/workflows/build.yml | 242 ------------- .github/workflows/ci.yml | 326 ++++++++++++++++++ .github/workflows/docker.yml | 50 --- .github/workflows/nightly.yml | 187 ---------- .github/workflows/pr-labeler.yml | 12 - README.md | 6 +- cryptol-remote-api/Dockerfile | 22 +- cryptol-remote-api/cryptol-remote-api.cabal | 9 + ...uild_and_test_docker.sh => test_docker.sh} | 7 +- cryptol.cabal | 10 +- helm/cryptol-remote-api/values.yaml | 2 +- 12 files changed, 362 insertions(+), 515 deletions(-) delete mode 100644 .github/workflows/build.yml create mode 100644 .github/workflows/ci.yml delete mode 100644 .github/workflows/docker.yml delete mode 100644 .github/workflows/nightly.yml delete mode 100644 .github/workflows/pr-labeler.yml rename cryptol-remote-api/{build_and_test_docker.sh => test_docker.sh} (88%) diff --git a/.github/ci.sh b/.github/ci.sh index 56354de4..16d0337a 100755 --- a/.github/ci.sh +++ b/.github/ci.sh @@ -174,9 +174,7 @@ zip_dist() { : "${VERSION?VERSION is required as an environment variable}" name="${name:-"cryptol-$VERSION-$RUNNER_OS-x86_64"}" mv dist "$name" - tar -czf "$name".tar.gz "$name" - sign "$name".tar.gz - [[ -f "$name".tar.gz.sig ]] && [[ -f "$name".tar.gz ]] + tar -cvzf "$name".tar.gz "$name" } output() { echo "::set-output name=$1::$2"; } diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 8f6d283b..00000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,242 +0,0 @@ -name: Cryptol -on: - push: - branches: [master, "release-**"] - pull_request: - -jobs: - outputs: - runs-on: ubuntu-latest - outputs: - changed: ${{ steps.outputs.outputs.changed-files }} - cryptol-version: ${{ steps.outputs.outputs.cryptol-version }} - name: ${{ steps.outputs.outputs.name }} - release: ${{ steps.env.outputs.release }} - steps: - - uses: actions/checkout@v2 - with: - fetch-depth: 0 - - id: env - if: | - startsWith(github.ref, 'refs/heads/release-') - || (github.event_name == 'pull_request' && startsWith(github.head_ref, 'actions/')) - run: .github/ci.sh output release 1 - - id: outputs - run: | - .github/ci.sh set_files ${{ github.sha }} - .github/ci.sh set_version - .github/ci.sh output name cryptol-$(.github/ci.sh ver) - - build: - runs-on: ${{ matrix.os }} - needs: [outputs] - strategy: - fail-fast: false - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - ghc: ["8.6.5", "8.8.4", "8.10.2"] - exclude: - # https://gitlab.haskell.org/ghc/ghc/-/issues/18550 - - os: windows-latest - ghc: 8.10.2 - name: Cryptol - GHC v${{ matrix.ghc }} - ${{ matrix.os }} - env: - RELEASE: ${{ needs.outputs.outputs.release }} - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - uses: actions/setup-haskell@v1 - id: setup-haskell - with: - ghc-version: ${{ matrix.ghc }} - - - uses: actions/cache@v2 - name: Cache cabal store - with: - path: | - ${{ steps.setup-haskell.outputs.cabal-store }} - dist-newstyle - key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }} - restore-keys: | - cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}- - - - shell: bash - run: .github/ci.sh install_system_deps - env: - Z3_VERSION: "4.8.8" - CVC4_VERSION: "4.1.8" - YICES_VERSION: "2.6.2" - - - shell: bash - run: .github/ci.sh setup_external_tools - - - shell: bash - run: .github/ci.sh build - - - shell: bash - run: .github/ci.sh check_docs - if: runner.os != 'Windows' - - - shell: bash - run: .github/ci.sh test_dist - - # TODO: get Python client to work on Windows - - shell: bash - run: .github/ci.sh test_rpc - if: runner.os != 'Windows' - - - if: >- - env.RELEASE && matrix.ghc == '8.8.4' - uses: actions/upload-artifact@v2 - with: - path: dist/bin - name: ${{ runner.os }}-bins - - docs: - runs-on: ubuntu-latest - needs: [outputs] - if: >- - needs.outputs.outputs.release || contains(needs.outputs.outputs.changed, 'docs/') - steps: - - uses: actions/checkout@v2 - - uses: docker://pandoc/latex:2.9.2 - with: - args: >- - sh -c - " - apk add make && - tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo && - cd docs && - make - " - - uses: actions/upload-artifact@v2 - with: - path: docs - name: docs - - bundle: - runs-on: ${{ matrix.os }} - if: needs.outputs.outputs.release - strategy: - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - ghc: ["8.8.4"] - needs: [outputs, docs, build] - env: - VERSION: ${{ needs.outputs.outputs.cryptol-version }} - RELEASE: ${{ needs.outputs.outputs.release }} - steps: - - uses: actions/checkout@v2 - - - uses: actions/download-artifact@v2 - with: - path: dist/bin - name: ${{ runner.os }}-bins - - - uses: actions/download-artifact@v2 - with: - path: docs - name: docs - - - shell: bash - run: .github/ci.sh bundle_files - - - if: runner.os == 'Windows' - run: .github/wix.ps1 - - - if: runner.os == 'Windows' - shell: bash - env: - SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} - SIGNING_KEY: ${{ secrets.SIGNING_KEY }} - run: .github/ci.sh sign cryptol.msi - - - shell: bash - env: - SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} - SIGNING_KEY: ${{ secrets.SIGNING_KEY }} - run: .github/ci.sh zip_dist - - - uses: actions/upload-artifact@v2 - with: - name: ${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64 - path: "${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64.tar.gz*" - - - uses: actions/upload-artifact@v2 - if: runner.os == 'Windows' - with: - name: ${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64 - path: "cryptol.msi*" - - docker: - runs-on: ubuntu-latest - needs: [outputs] - if: contains(needs.outputs.outputs.changed, 'Dockerfile') - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - name: Build Docker - uses: docker/build-push-action@v1 - with: - repository: galoisinc/cryptol - push: false - - docker-server-test: - runs-on: ubuntu-latest - needs: [outputs] - strategy: - fail-fast: false - name: Docker Cryptol Remote API Test - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - uses: actions/setup-python@v2 - with: - python-version: '3.x' - - - shell: bash - run: cryptol-remote-api/build_and_test_docker.sh - - release: - needs: [outputs, bundle] - if: needs.outputs.outputs.release - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - - uses: release-drafter/release-drafter@v5 - id: release - with: - version: v${{ needs.outputs.outputs.cryptol-version }} - name: v${{ needs.outputs.outputs.cryptol-version }} - tag: v${{ needs.outputs.outputs.cryptol-version }} - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - - - uses: actions/download-artifact@v2 - with: - path: artifacts - - name: Upload artifacts to release - run: | - # workaround for draft-releaser being hard to test in CI - tag="v${VERSION}" - body="${body:-$tag}" - if ! hub release show "$tag"; then - hub release create -d -m "$body" "$tag" - fi - assets=() - find ./artifacts \( -name 'cryptol*.tar.gz*' -o -name '*.msi*' \) -type f -print0 | - while IFS= read -r -d '' a; do assets+=("-a" "$a"); done - hub release edit -d "${assets[@]}" -m "" "$tag" - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - VERSION: ${{ needs.outputs.outputs.cryptol-version }} - body: ${{ steps.release.outputs.body }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 00000000..c633e224 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,326 @@ +name: Cryptol +on: + push: + tags: ["v?[0-9]+.[0-9]+(.[0-9]+)?"] + branches: [master, "release-**"] + pull_request: + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + inputs: + publish: + description: "Publish release artifacts" + required: false + default: "false" + +env: + Z3_VERSION: "4.8.8" + CVC4_VERSION: "4.1.8" + YICES_VERSION: "2.6.2" + +jobs: + config: + runs-on: ubuntu-latest + outputs: + changed: ${{ steps.getconf.outputs.changed-files }} + cryptol-version: ${{ steps.getconf.outputs.cryptol-version }} + name: ${{ steps.getconf.outputs.name }} + publish: ${{ steps.getconf-publish.outputs.publish }} + retention-days: ${{ steps.getconf-publish.outputs.retention-days }} + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - id: getconf + run: | + .github/ci.sh set_files ${{ github.sha }} + .github/ci.sh set_version + .github/ci.sh output name cryptol-$(.github/ci.sh ver) + .github/ci.sh output retention-days 5 + - id: getconf-publish + if: | + (github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')) || + (github.event_name == 'schedule') || + (github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true') + run: | + .github/ci.sh output publish true + .github/ci.sh output retention-days 90 + + build: + runs-on: ${{ matrix.os }} + needs: [config] + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + ghc: ["8.6.5", "8.8.4", "8.10.2"] + exclude: + # https://gitlab.haskell.org/ghc/ghc/-/issues/18550 + - os: windows-latest + ghc: 8.10.2 + steps: + - uses: actions/checkout@v2 + with: + submodules: true + + - uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - uses: actions/setup-haskell@v1 + id: setup-haskell + with: + ghc-version: ${{ matrix.ghc }} + + - uses: actions/cache@v2 + name: Cache cabal store + with: + path: | + ${{ steps.setup-haskell.outputs.cabal-store }} + dist-newstyle + key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }} + restore-keys: | + cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}- + + - shell: bash + run: .github/ci.sh install_system_deps + + - shell: bash + run: .github/ci.sh setup_external_tools + + - shell: bash + run: .github/ci.sh build + + - shell: bash + run: .github/ci.sh check_docs + if: runner.os != 'Windows' + + - shell: bash + run: .github/ci.sh test_dist + + # TODO: get Python client to work on Windows + - shell: bash + run: .github/ci.sh test_rpc + if: runner.os != 'Windows' + + - if: matrix.ghc == '8.8.4' + uses: actions/upload-artifact@v2 + with: + path: dist/bin + name: ${{ runner.os }}-bins + retention-days: ${{ needs.config.outputs.retention-days }} + + build-docs: + runs-on: ubuntu-latest + needs: [config] + steps: + - uses: actions/checkout@v2 + - uses: docker://pandoc/latex:2.9.2 + with: + args: >- + sh -c + " + apk add make && + tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo && + cd docs && + make + " + - uses: actions/upload-artifact@v2 + with: + path: docs + name: docs + retention-days: ${{ needs.config.outputs.retention-days }} + + bundle: + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + needs: [config, build-docs, build] + env: + VERSION: ${{ needs.config.outputs.cryptol-version }} + RELEASE: ${{ needs.config.outputs.release }} + steps: + - uses: actions/checkout@v2 + + - uses: actions/download-artifact@v2 + with: + path: dist/bin + name: ${{ runner.os }}-bins + + - uses: actions/download-artifact@v2 + with: + path: docs + name: docs + + - shell: bash + run: .github/ci.sh bundle_files + + - if: runner.os == 'Windows' + run: .github/wix.ps1 + + - if: | + runner.os == 'Windows' && + (github.head_ref == 'master' || + startsWith(github.head_ref, 'release-')) + shell: bash + env: + SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} + SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + run: .github/ci.sh sign cryptol.msi + + - shell: bash + run: | + echo "NAME=${{ needs.config.outputs.name }}-${{ runner.os }}-x86_64" >> $GITHUB_ENV + .github/ci.sh zip_dist $NAME + + - if: | + github.head_ref == 'master' || + startsWith(github.head_ref, 'release-') + shell: bash + env: + SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} + SIGNING_KEY: ${{ secrets.SIGNING_KEY }} + run: .github/ci.sh sign ${NAME}.tar.gz + + - uses: actions/upload-artifact@v2 + with: + name: ${{ env.NAME }} + path: "${{ env.NAME }}.tar.gz*" + if-no-files-found: error + retention-days: ${{ needs.config.outputs.retention-days }} + + - uses: actions/upload-artifact@v2 + if: runner.os == 'Windows' + with: + name: ${{ env.NAME }} + path: "cryptol.msi*" + if-no-files-found: error + retention-days: ${{ needs.config.outputs.retention-days }} + + build-push-image: + runs-on: ubuntu-latest + needs: [config] + strategy: + fail-fast: false + matrix: + include: + - build-args: '' + file: Dockerfile + image: ghcr.io/galoisinc/cryptol + cache: ghcr.io/galoisinc/cache-cryptol + - build-args: PORTABILITY=true + file: cryptol-remote-api/Dockerfile + image: ghcr.io/galoisinc/cryptol-remote-api + cache: ghcr.io/galoisinc/cache-cryptol-remote-api + - build-args: PORTABILITY=false + file: cryptol-remote-api/Dockerfile + image: ghcr.io/galoisinc/cryptol-remote-api + cache: ghcr.io/galoisinc/cache-cryptol-remote-api + steps: + - if: matrix.build-args == 'PORTABILITY=true' + id: prefix + run: echo "::set-output name=prefix::portable-" + + - uses: rlespinasse/github-slug-action@v3.x + + - id: common-tag + run: echo "::set-output name=common-tag::${{ steps.prefix.outputs.prefix }}$GITHUB_REF_SLUG" + + - uses: docker/setup-buildx-action@v1 + + - uses: crazy-max/ghaction-docker-meta@v1 + name: Labels + id: labels + with: + images: ${{ matrix.image }} + + - if: github.event_name != 'pull_request' + uses: crazy-max/ghaction-docker-meta@v1 + name: Tags + id: tags + with: + images: ${{ matrix.image }} + tag-semver: | + ${{ steps.prefix.outputs.prefix }}{{version}} + ${{ steps.prefix.outputs.prefix }}{{major}}.{{minor}} + tag-schedule: | + ${{ steps.prefix.outputs.prefix }}nightly + + - uses: docker/login-action@v1 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.CR_PAT }} + + - uses: docker/build-push-action@v2 + with: + tags: ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }} + load: true + push: false + file: ${{ matrix.file }} + build-args: ${{ matrix.build-args }} + cache-from: | + type=registry,ref=${{ matrix.cache }}:${{ steps.prefix.outputs.prefix }}master + type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }} + cache-to: type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }},mode=max + + - if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api' + uses: actions/checkout@v2 + + - if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api' + uses: actions/setup-python@v2 + with: + python-version: '3.x' + + - if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api' + name: Test cryptol-remote-api + run: ./cryptol-remote-api/test_docker.sh ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }} + + - if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api' + uses: docker/build-push-action@v2 + name: Build test-cryptol-remote-api + with: + tags: test-cryptol-remote-api:latest + load: true + push: false + file: cryptol-remote-api/test.Dockerfile + + - if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api' + name: Test cryptol-remote-api helm chart + run: | + set -x + kind create cluster --wait 10m + kind load docker-image ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }} + kind load docker-image test-cryptol-remote-api:latest + helm install --wait cra-http ./helm/cryptol-remote-api \ + --set image.repository=${{ matrix.image }} \ + --set image.tag=${{ steps.common-tag.outputs.common-tag }} \ + --set image.pullPolicy=Never \ + --set server.connType=http + helm install --wait cra-socket ./helm/cryptol-remote-api \ + --set image.repository=${{ matrix.image }} \ + --set image.tag=${{ steps.common-tag.outputs.common-tag }} \ + --set image.pullPolicy=Never \ + --set server.connType=socket + kubectl run --rm --attach test-http \ + --image=test-cryptol-remote-api:latest \ + --image-pull-policy=Never \ + --restart=Never \ + -- http cra-http-cryptol-remote-api 8080 + kubectl run --rm --attach test-socket \ + --image=test-cryptol-remote-api:latest \ + --image-pull-policy=Never \ + --restart=Never \ + -- socket cra-socket-cryptol-remote-api 8080 + + - uses: docker/build-push-action@v2 + with: + tags: | + ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }} + ${{ steps.tags.outputs.tags }} + labels: ${{ steps.labels.outputs.labels }} + push: ${{ needs.config.outputs.publish }} + file: ${{ matrix.file }} + build-args: ${{ matrix.build-args }} diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index 1cd94b11..00000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: Docker -on: - push: - tags: ["v?[0-9]+.[0-9]+(.[0-9]+)?"] - workflow_dispatch: - inputs: - image-to-build: - description: "Manually build and push a docker image (cryptol|cryptol-remote-api)" - required: false - default: "" - -jobs: - cryptol: - runs-on: ubuntu-latest - if: "github.event_name == 'push' || github.event.inputs.image-to-build == 'cryptol'" - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - run: .github/ci.sh set_version - id: outputs - - name: Publish to Registry - uses: docker/build-push-action@v1 - with: - username: ${{ secrets.GITHUBCRYPTOL_USERNAME }} - password: ${{ secrets.GITHUBCRYPTOL }} - repository: galoisinc/cryptol - tags: "latest,${{ steps.outputs.outputs.cryptol-version }}" - add_git_labels: true - push: true - cryptol-remote-api: - if: "github.event_name == 'push' || github.event.inputs.image-to-build == 'cryptol-remote-api'" - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - run: .github/ci.sh set_version - id: outputs - - name: Publish to Registry - uses: docker/build-push-action@v1 - with: - username: ${{ secrets.GITHUBCRYPTOL_USERNAME }} - password: ${{ secrets.GITHUBCRYPTOL }} - repository: galoisinc/cryptol-remote-api - tags: "latest,${{ steps.outputs.outputs.cryptol-version }}" - add_git_labels: true - build_args: GHCVER=8.10.3 - push: true - dockerfile: cryptol-remote-api/Dockerfile diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml deleted file mode 100644 index cc82c602..00000000 --- a/.github/workflows/nightly.yml +++ /dev/null @@ -1,187 +0,0 @@ -name: Cryptol Nightly Builds -on: - push: - branches: ["actions/**"] - schedule: - - cron: "0 0 * * *" - workflow_dispatch: - -jobs: - outputs: - runs-on: ubuntu-latest - outputs: - cryptol-version: ${{ steps.cryptol.outputs.cryptol-version }} - cryptol-name: ${{ steps.cryptol.outputs.name }} - steps: - - uses: actions/checkout@v2 - - id: cryptol - run: | - .github/ci.sh set_version - .github/ci.sh output name cryptol-$(.github/ci.sh ver)-$(date -I) - - docs: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v2 - - uses: docker://pandoc/latex:2.9.2 - with: - args: >- - sh -c - " - apk add make && - tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo && - cd docs && - make - " - - uses: actions/upload-artifact@v2 - with: - path: docs - name: docs - - docker-cryptol: - runs-on: ubuntu-latest - needs: [outputs] - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - name: Publish to Registry - uses: docker/build-push-action@v1 - with: - username: ${{ secrets.GITHUBCRYPTOL_USERNAME }} - password: ${{ secrets.GITHUBCRYPTOL }} - repository: galoisinc/cryptol - tags: "nightly" - add_git_labels: true - push: ${{ github.event_name == 'schedule' }} - - docker-cryptol-remote-api: - runs-on: ubuntu-latest - needs: [outputs] - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - name: Publish to Registry - uses: docker/build-push-action@v1 - with: - username: ${{ secrets.GITHUBCRYPTOL_USERNAME }} - password: ${{ secrets.GITHUBCRYPTOL }} - repository: galoisinc/cryptol-remote-api - tags: "nightly" - add_git_labels: true - push: ${{ github.event_name == 'schedule' }} - dockerfile: cryptol-remote-api/Dockerfile - - name: Build test-cryptol-remote-api - uses: docker/build-push-action@v1 - with: - tags: latest - repository: galoisinc/test-cryptol-remote-api - push: false - dockerfile: cryptol-remote-api/test.Dockerfile - - name: Test cryptol-remote-api helm chart - run: | - set -x - kind create cluster --wait 10m - kind load docker-image galoisinc/cryptol-remote-api:nightly - kind load docker-image galoisinc/test-cryptol-remote-api:latest - helm install --wait cra-http ./helm/cryptol-remote-api --set server.connType=http --set image.tag=nightly - helm install --wait cra-socket ./helm/cryptol-remote-api --set server.connType=socket --set image.tag=nightly - kubectl run --rm --attach test-http --image=galoisinc/test-cryptol-remote-api --image-pull-policy=Never --restart=Never -- http cra-http-cryptol-remote-api 8080 - kubectl run --rm --attach test-socket --image=galoisinc/test-cryptol-remote-api --image-pull-policy=Never --restart=Never -- socket cra-socket-cryptol-remote-api 8080 - - docker-cryptol-remote-api-portable: - runs-on: ubuntu-latest - steps: - - uses: docker/setup-buildx-action@v1 - with: - install: true - - id: docker_meta - uses: crazy-max/ghaction-docker-meta@v1 - with: - images: ghcr.io/galoisinc/cryptol-remote-api - tag-custom: nightly-portable - tag-custom-only: true - - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.CR_PAT }} - - uses: docker/build-push-action@v2 - with: - tags: ${{ steps.docker_meta.outputs.tags }} - labels: ${{ steps.docker_meta.outputs.labels }} - push: ${{ github.event_name == 'schedule' }} - file: cryptol-remote-api/Dockerfile - build-args: PORTABILITY=true - cache-from: type=registry,ref=ghcr.io/galoisinc/cryptol-remote-api:nightly-portable-cache - cache-to: type=registry,ref=ghcr.io/galoisinc/cryptol-remote-api:nightly-portable-cache,mode=max - - build: - needs: [outputs, docs] - runs-on: ${{ matrix.os }} - env: - VERSION: ${{ needs.outputs.outputs.cryptol-version }} - strategy: - matrix: - os: [ubuntu-latest, macos-latest, windows-latest] - steps: - - uses: actions/checkout@v2 - with: - submodules: true - - - uses: actions/setup-haskell@v1 - with: - ghc-version: 8.6.5 - - - uses: actions/cache@v2 - name: Cache cabal store - with: - path: | - ${{ steps.setup-haskell.outputs.cabal-store }} - dist-newstyle - key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }} - restore-keys: | - cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}- - - - uses: actions/download-artifact@v2 - with: - path: docs - name: docs - - - shell: bash - run: .github/ci.sh build - - - shell: bash - run: .github/ci.sh setup_dist_bins - - - shell: bash - run: .github/ci.sh bundle_files - - - if: runner.os == 'Windows' - run: .github/wix.ps1 - - - if: runner.os == 'Windows' - shell: bash - env: - SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} - SIGNING_KEY: ${{ secrets.SIGNING_KEY }} - run: .github/ci.sh sign cryptol.msi - - - shell: bash - env: - SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }} - SIGNING_KEY: ${{ secrets.SIGNING_KEY }} - name: ${{ needs.outputs.outputs.cryptol-name }} - run: .github/ci.sh zip_dist - - - uses: actions/upload-artifact@v2 - with: - name: ${{ needs.outputs.outputs.cryptol-name }}-${{ runner.os }} - path: "${{ needs.outputs.outputs.cryptol-name }}.tar.gz*" - - - uses: actions/upload-artifact@v2 - if: runner.os == 'Windows' - with: - name: ${{ needs.outputs.outputs.cryptol-name }}-${{ runner.os }} - path: "cryptol.msi*" diff --git a/.github/workflows/pr-labeler.yml b/.github/workflows/pr-labeler.yml deleted file mode 100644 index 71267c6f..00000000 --- a/.github/workflows/pr-labeler.yml +++ /dev/null @@ -1,12 +0,0 @@ -name: PR Labeler -on: - pull_request: - types: [opened] - -jobs: - pr-labeler: - runs-on: ubuntu-latest - steps: - - uses: TimonVS/pr-labeler-action@v3 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/README.md b/README.md index c0c59226..29cf0c79 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,4 @@ -[![Build -Status](https://github.com/GaloisInc/cryptol/workflows/Cryptol/badge.svg?branch=master) -](https://github.com/GaloisInc/cryptol/actions?query=workflow%3A%22Cryptol+Nightly+Builds%22) +[![Cryptol](https://github.com/GaloisInc/cryptol/actions/workflows/build.yml/badge.svg?event=push)](https://github.com/GaloisInc/cryptol/actions/workflows/ci.yml) # Cryptol, version 2 @@ -48,7 +46,7 @@ during type checking, and as the default solver for the `:sat` and `:prove` commands. Cryptol generally requires the most recent version of Z3, but you can see the specific version tested in CI by looking for the `Z3_VERSION` setting in [this -file](https://github.com/GaloisInc/cryptol/blob/master/.github/workflows/build.yml). +file](https://github.com/GaloisInc/cryptol/blob/master/.github/workflows/ci.yml). You can download Z3 binaries for a variety of platforms from their [releases page](https://github.com/Z3Prover/z3/releases). If you diff --git a/cryptol-remote-api/Dockerfile b/cryptol-remote-api/Dockerfile index 426f52b9..f6f7fd02 100644 --- a/cryptol-remote-api/Dockerfile +++ b/cryptol-remote-api/Dockerfile @@ -44,18 +44,18 @@ RUN latest="$(curl -sSL 'http://cvc4.cs.stanford.edu/downloads/builds/x86_64-lin # Set executable and run tests RUN chmod +x rootfs/usr/local/bin/* -FROM debian:buster AS build +FROM debian:buster AS toolchain ARG PORTABILITY=false RUN apt-get update && apt-get install -y libncurses-dev libz-dev \ build-essential curl libffi-dev libffi6 libgmp-dev libgmp10 libncurses-dev libncurses5 libtinfo5 libnuma-dev \ $(if ${PORTABILITY}; then echo git autoconf python3; fi) -RUN curl -o /usr/local/bin/ghcup "https://downloads.haskell.org/~ghcup/0.1.12/x86_64-linux-ghcup-0.1.12" && chmod +x /usr/local/bin/ghcup -ENV GHCUP_USE_XDG_DIRS=true \ - XDG_BIN_HOME=/usr/local/bin \ - XDG_DATA_HOME=/usr/local/share +ENV GHCUP_INSTALL_BASE_PREFIX=/opt \ + PATH=/opt/.ghcup/bin:$PATH +RUN curl -o /usr/local/bin/ghcup "https://downloads.haskell.org/~ghcup/0.1.14/x86_64-linux-ghcup-0.1.14" && \ + chmod +x /usr/local/bin/ghcup COPY --from=solvers /solvers/rootfs / RUN ghcup install cabal --set -ENV PATH /root/.cabal/bin:$PATH +ENV PATH=/root/.cabal/bin:$PATH ADD ./cryptol-remote-api/ghc-portability.patch . ARG GHCVER ARG GHCVER_BOOTSTRAP @@ -72,12 +72,15 @@ RUN if ${PORTABILITY}; then \ make -j && \ make install && \ cd .. && \ - rm -rf ./ghc; \ + rm -rf ./ghc && \ + ghcup rm ghc ${GHCVER_BOOTSTRAP}; \ else \ ghcup install ghc ${GHCVER} && \ ghcup set ghc ${GHCVER}; \ fi +FROM toolchain AS build + RUN useradd -m cryptol COPY --chown=cryptol:cryptol . /cryptol USER cryptol @@ -91,8 +94,9 @@ COPY cabal.GHC-${GHCVER}.config cabal.project.freeze RUN mkdir -p rootfs/usr/local/bin RUN cabal v2-update && \ - cabal v2-build -j cryptol-remote-api:exe:cryptol-remote-api && \ - cp $(cabal v2-exec which cryptol-remote-api) rootfs/usr/local/bin + cabal v2-build -j cryptol-remote-api:exe:cryptol-remote-api cryptol-remote-api:exe:cryptol-eval-server && \ + cp $(cabal v2-exec which cryptol-remote-api) rootfs/usr/local/bin && \ + cp $(cabal v2-exec which cryptol-eval-server) rootfs/usr/local/bin ENV PATH=/usr/local/bin:/cryptol/rootfs/usr/local/bin:$PATH RUN mkdir -p rootfs/"${CRYPTOLPATH}" \ && cp -r lib/* rootfs/"${CRYPTOLPATH}" diff --git a/cryptol-remote-api/cryptol-remote-api.cabal b/cryptol-remote-api/cryptol-remote-api.cabal index 9803e27d..eb2df2ac 100644 --- a/cryptol-remote-api/cryptol-remote-api.cabal +++ b/cryptol-remote-api/cryptol-remote-api.cabal @@ -8,6 +8,9 @@ maintainer: dtc@galois.com category: Language extra-source-files: CHANGELOG.md +flag static + default: False + description: Create a statically-linked binary common warnings ghc-options: @@ -81,6 +84,9 @@ executable cryptol-remote-api cryptol-remote-api, sbv < 8.10 + if os(linux) && flag(static) + ld-options: -static -pthread + executable cryptol-eval-server import: deps, warnings, errors main-is: Main.hs @@ -93,4 +99,7 @@ executable cryptol-eval-server optparse-applicative, sbv < 8.10 + if os(linux) && flag(static) + ld-options: -static -pthread + diff --git a/cryptol-remote-api/build_and_test_docker.sh b/cryptol-remote-api/test_docker.sh similarity index 88% rename from cryptol-remote-api/build_and_test_docker.sh rename to cryptol-remote-api/test_docker.sh index 89bf8e74..770631e5 100755 --- a/cryptol-remote-api/build_and_test_docker.sh +++ b/cryptol-remote-api/test_docker.sh @@ -2,17 +2,14 @@ DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" -pushd $DIR/.. - -docker build -t cryptol-remote-api --file cryptol-remote-api/Dockerfile . -popd +TAG=${1:-cryptol-remote-api} pushd $DIR docker run --name=cryptol-remote-api -d \ -v $PWD/python/tests/cryptol/test-files:/home/cryptol/tests/cryptol/test-files \ -p 8080:8080 \ - cryptol-remote-api + $TAG popd diff --git a/cryptol.cabal b/cryptol.cabal index 93cb45d4..f721e782 100644 --- a/cryptol.cabal +++ b/cryptol.cabal @@ -233,7 +233,8 @@ executable cryptol ghc-options: -Wno-redundant-constraints if os(linux) && flag(static) - ld-options: -static -pthread + ld-options: -static -pthread + ghc-options: -optl-fuse-ld=bfd executable cryptol-html Default-language: @@ -243,6 +244,10 @@ executable cryptol-html build-depends: base, text, cryptol, blaze-html GHC-options: -Wall + if os(linux) && flag(static) + ld-options: -static -pthread + ghc-options: -optl-fuse-ld=bfd + executable check-exercises Default-language: Haskell2010 @@ -269,7 +274,8 @@ benchmark cryptol-bench if impl(ghc >= 8.0.1) ghc-options: -Wno-redundant-constraints if os(linux) && flag(static) - ld-options: -static -pthread + ld-options: -static -pthread + ghc-options: -optl-fuse-ld=bfd build-depends: base , criterion , cryptol diff --git a/helm/cryptol-remote-api/values.yaml b/helm/cryptol-remote-api/values.yaml index 3456f1e6..da65b49e 100644 --- a/helm/cryptol-remote-api/values.yaml +++ b/helm/cryptol-remote-api/values.yaml @@ -5,7 +5,7 @@ replicaCount: 1 image: - repository: galoisinc/cryptol-remote-api + repository: ghcr.io/galoisinc/cryptol-remote-api pullPolicy: Always # Overrides the image tag whose default is the chart appVersion. tag: ""