GaloisInc/cryptol
1
1
Fork 0
mirror of https://github.com/GaloisInc/cryptol.git synced 2024-08-16 17:30:27 +03:00
Code Issues Projects Releases Wiki Activity

Prep CI for upcoming release (#1123)

Browse Source 
- Container images are now published to ghcr.io rather than docker hub (closes #1110):
  - https://github.com/orgs/GaloisInc/packages/container/package/cryptol
  - https://github.com/orgs/GaloisInc/packages/container/package/cryptol-remote-api
- Docker builds for all images are cached against ghcr.io (doesn't provide incremental builds, but it still helps a lot).
  - https://github.com/orgs/GaloisInc/packages/container/package/cache-cryptol
  - https://github.com/orgs/GaloisInc/packages/container/package/cache-cryptol-remote-api
- "Portable" variant of cryptol-remote-api is now built and tested to the same degree as the non-portable one
- Normalized CI workflows to [`.github/workflows/ci.yml`](https://github.com/GaloisInc/cryptol/blob/lisanna/docker-publishing/.github/workflows/ci.yml) (closes #1115)
- Pre-merge and release build configurations are now more or less the same, so release process remains validated (closes #1114, closes #1116)
- Matrix configs for each job are visible at high-level views of the workflow
- Always upload workflow artifacts, use sensible retention periods for publish vs. non-publish
- `cryptol-eval-server` included in cryptol-remote-api container image (closes #1112)
- Pathclearing for static linking (#1113)
This commit is contained in:
Lisanna Dettwyler 2021-03-23 15:24:48 -07:00 committed by GitHub
parent b64e07526d
commit f021990eba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
12 changed files with 362 additions and 515 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
.github/ci.sh vendored
View File

@ -174,9 +174,7 @@ zip_dist() {
: "${VERSION?VERSION is required as an environment variable}" : "${VERSION?VERSION is required as an environment variable}"
name="${name:-"cryptol-$VERSION-$RUNNER_OS-x86_64"}" name="${name:-"cryptol-$VERSION-$RUNNER_OS-x86_64"}"
mv dist "$name" mv dist "$name"
tar -czf "$name".tar.gz "$name" tar -cvzf "$name".tar.gz "$name"
sign "$name".tar.gz
[[ -f "$name".tar.gz.sig ]] && [[ -f "$name".tar.gz ]]
} }
output() { echo "::set-output name=$1::$2"; } output() { echo "::set-output name=$1::$2"; }

242
.github/workflows/build.yml vendored
View File

@ -1,242 +0,0 @@
name: Cryptol
on:
push:
branches: [master, "release-**"]
pull_request:
jobs:
outputs:
runs-on: ubuntu-latest
outputs:
changed: ${{ steps.outputs.outputs.changed-files }}
cryptol-version: ${{ steps.outputs.outputs.cryptol-version }}
name: ${{ steps.outputs.outputs.name }}
release: ${{ steps.env.outputs.release }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- id: env
if: |
startsWith(github.ref, 'refs/heads/release-')
|| (github.event_name == 'pull_request' && startsWith(github.head_ref, 'actions/'))
run: .github/ci.sh output release 1
- id: outputs
run: |
.github/ci.sh set_files ${{ github.sha }}
.github/ci.sh set_version
.github/ci.sh output name cryptol-$(.github/ci.sh ver)
build:
runs-on: ${{ matrix.os }}
needs: [outputs]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
ghc: ["8.6.5", "8.8.4", "8.10.2"]
exclude:
# https://gitlab.haskell.org/ghc/ghc/-/issues/18550
- os: windows-latest
ghc: 8.10.2
name: Cryptol - GHC v${{ matrix.ghc }} - ${{ matrix.os }}
env:
RELEASE: ${{ needs.outputs.outputs.release }}
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- uses: actions/setup-haskell@v1
id: setup-haskell
with:
ghc-version: ${{ matrix.ghc }}
- uses: actions/cache@v2
name: Cache cabal store
with:
path: |
${{ steps.setup-haskell.outputs.cabal-store }}
dist-newstyle
key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }}
restore-keys: |
cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-
- shell: bash
run: .github/ci.sh install_system_deps
env:
Z3_VERSION: "4.8.8"
CVC4_VERSION: "4.1.8"
YICES_VERSION: "2.6.2"
- shell: bash
run: .github/ci.sh setup_external_tools
- shell: bash
run: .github/ci.sh build
- shell: bash
run: .github/ci.sh check_docs
if: runner.os != 'Windows'
- shell: bash
run: .github/ci.sh test_dist
# TODO: get Python client to work on Windows
- shell: bash
run: .github/ci.sh test_rpc
if: runner.os != 'Windows'
- if: >-
env.RELEASE && matrix.ghc == '8.8.4'
uses: actions/upload-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
docs:
runs-on: ubuntu-latest
needs: [outputs]
if: >-
needs.outputs.outputs.release || contains(needs.outputs.outputs.changed, 'docs/')
steps:
- uses: actions/checkout@v2
- uses: docker://pandoc/latex:2.9.2
with:
args: >-
sh -c
"
apk add make &&
tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo &&
cd docs &&
make
"
- uses: actions/upload-artifact@v2
with:
path: docs
name: docs
bundle:
runs-on: ${{ matrix.os }}
if: needs.outputs.outputs.release
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
ghc: ["8.8.4"]
needs: [outputs, docs, build]
env:
VERSION: ${{ needs.outputs.outputs.cryptol-version }}
RELEASE: ${{ needs.outputs.outputs.release }}
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
- uses: actions/download-artifact@v2
with:
path: docs
name: docs
- shell: bash
run: .github/ci.sh bundle_files
- if: runner.os == 'Windows'
run: .github/wix.ps1
- if: runner.os == 'Windows'
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign cryptol.msi
- shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh zip_dist
- uses: actions/upload-artifact@v2
with:
name: ${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64
path: "${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64.tar.gz*"
- uses: actions/upload-artifact@v2
if: runner.os == 'Windows'
with:
name: ${{ needs.outputs.outputs.name }}-${{ runner.os }}-x86_64
path: "cryptol.msi*"
docker:
runs-on: ubuntu-latest
needs: [outputs]
if: contains(needs.outputs.outputs.changed, 'Dockerfile')
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Build Docker
uses: docker/build-push-action@v1
with:
repository: galoisinc/cryptol
push: false
docker-server-test:
runs-on: ubuntu-latest
needs: [outputs]
strategy:
fail-fast: false
name: Docker Cryptol Remote API Test
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- shell: bash
run: cryptol-remote-api/build_and_test_docker.sh
release:
needs: [outputs, bundle]
if: needs.outputs.outputs.release
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: release-drafter/release-drafter@v5
id: release
with:
version: v${{ needs.outputs.outputs.cryptol-version }}
name: v${{ needs.outputs.outputs.cryptol-version }}
tag: v${{ needs.outputs.outputs.cryptol-version }}
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
- uses: actions/download-artifact@v2
with:
path: artifacts
- name: Upload artifacts to release
run: |
# workaround for draft-releaser being hard to test in CI
tag="v${VERSION}"
body="${body:-$tag}"
if ! hub release show "$tag"; then
hub release create -d -m "$body" "$tag"
fi
assets=()
find ./artifacts \( -name 'cryptol*.tar.gz*' -o -name '*.msi*' \) -type f -print0 |
while IFS= read -r -d '' a; do assets+=("-a" "$a"); done
hub release edit -d "${assets[@]}" -m "" "$tag"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VERSION: ${{ needs.outputs.outputs.cryptol-version }}
body: ${{ steps.release.outputs.body }}

326
.github/workflows/ci.yml vendored Normal file
View File

@ -0,0 +1,326 @@
name: Cryptol
on:
push:
tags: ["v?[0-9]+.[0-9]+(.[0-9]+)?"]
branches: [master, "release-**"]
pull_request:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
inputs:
publish:
description: "Publish release artifacts"
required: false
default: "false"
env:
Z3_VERSION: "4.8.8"
CVC4_VERSION: "4.1.8"
YICES_VERSION: "2.6.2"
jobs:
config:
runs-on: ubuntu-latest
outputs:
changed: ${{ steps.getconf.outputs.changed-files }}
cryptol-version: ${{ steps.getconf.outputs.cryptol-version }}
name: ${{ steps.getconf.outputs.name }}
publish: ${{ steps.getconf-publish.outputs.publish }}
retention-days: ${{ steps.getconf-publish.outputs.retention-days }}
steps:
- uses: actions/checkout@v2
with:
fetch-depth: 0
- id: getconf
run: |
.github/ci.sh set_files ${{ github.sha }}
.github/ci.sh set_version
.github/ci.sh output name cryptol-$(.github/ci.sh ver)
.github/ci.sh output retention-days 5
- id: getconf-publish
if: |
(github.event_name == 'push' && startsWith(github.event.ref, 'refs/tags/')) ||
(github.event_name == 'schedule') ||
(github.event_name == 'workflow_dispatch' && github.event.inputs.publish == 'true')
run: |
.github/ci.sh output publish true
.github/ci.sh output retention-days 90
build:
runs-on: ${{ matrix.os }}
needs: [config]
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
ghc: ["8.6.5", "8.8.4", "8.10.2"]
exclude:
# https://gitlab.haskell.org/ghc/ghc/-/issues/18550
- os: windows-latest
ghc: 8.10.2
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-python@v2
with:
python-version: '3.x'
- uses: actions/setup-haskell@v1
id: setup-haskell
with:
ghc-version: ${{ matrix.ghc }}
- uses: actions/cache@v2
name: Cache cabal store
with:
path: |
${{ steps.setup-haskell.outputs.cabal-store }}
dist-newstyle
key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }}
restore-keys: |
cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-
- shell: bash
run: .github/ci.sh install_system_deps
- shell: bash
run: .github/ci.sh setup_external_tools
- shell: bash
run: .github/ci.sh build
- shell: bash
run: .github/ci.sh check_docs
if: runner.os != 'Windows'
- shell: bash
run: .github/ci.sh test_dist
# TODO: get Python client to work on Windows
- shell: bash
run: .github/ci.sh test_rpc
if: runner.os != 'Windows'
- if: matrix.ghc == '8.8.4'
uses: actions/upload-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
retention-days: ${{ needs.config.outputs.retention-days }}
build-docs:
runs-on: ubuntu-latest
needs: [config]
steps:
- uses: actions/checkout@v2
- uses: docker://pandoc/latex:2.9.2
with:
args: >-
sh -c
"
apk add make &&
tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo &&
cd docs &&
make
"
- uses: actions/upload-artifact@v2
with:
path: docs
name: docs
retention-days: ${{ needs.config.outputs.retention-days }}
bundle:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
needs: [config, build-docs, build]
env:
VERSION: ${{ needs.config.outputs.cryptol-version }}
RELEASE: ${{ needs.config.outputs.release }}
steps:
- uses: actions/checkout@v2
- uses: actions/download-artifact@v2
with:
path: dist/bin
name: ${{ runner.os }}-bins
- uses: actions/download-artifact@v2
with:
path: docs
name: docs
- shell: bash
run: .github/ci.sh bundle_files
- if: runner.os == 'Windows'
run: .github/wix.ps1
- if: |
runner.os == 'Windows' &&
(github.head_ref == 'master' ||
startsWith(github.head_ref, 'release-'))
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign cryptol.msi
- shell: bash
run: |
echo "NAME=${{ needs.config.outputs.name }}-${{ runner.os }}-x86_64" >> $GITHUB_ENV
.github/ci.sh zip_dist $NAME
- if: |
github.head_ref == 'master' ||
startsWith(github.head_ref, 'release-')
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign ${NAME}.tar.gz
- uses: actions/upload-artifact@v2
with:
name: ${{ env.NAME }}
path: "${{ env.NAME }}.tar.gz*"
if-no-files-found: error
retention-days: ${{ needs.config.outputs.retention-days }}
- uses: actions/upload-artifact@v2
if: runner.os == 'Windows'
with:
name: ${{ env.NAME }}
path: "cryptol.msi*"
if-no-files-found: error
retention-days: ${{ needs.config.outputs.retention-days }}
build-push-image:
runs-on: ubuntu-latest
needs: [config]
strategy:
fail-fast: false
matrix:
include:
- build-args: ''
file: Dockerfile
image: ghcr.io/galoisinc/cryptol
cache: ghcr.io/galoisinc/cache-cryptol
- build-args: PORTABILITY=true
file: cryptol-remote-api/Dockerfile
image: ghcr.io/galoisinc/cryptol-remote-api
cache: ghcr.io/galoisinc/cache-cryptol-remote-api
- build-args: PORTABILITY=false
file: cryptol-remote-api/Dockerfile
image: ghcr.io/galoisinc/cryptol-remote-api
cache: ghcr.io/galoisinc/cache-cryptol-remote-api
steps:
- if: matrix.build-args == 'PORTABILITY=true'
id: prefix
run: echo "::set-output name=prefix::portable-"
- uses: rlespinasse/github-slug-action@v3.x
- id: common-tag
run: echo "::set-output name=common-tag::${{ steps.prefix.outputs.prefix }}$GITHUB_REF_SLUG"
- uses: docker/setup-buildx-action@v1
- uses: crazy-max/ghaction-docker-meta@v1
name: Labels
id: labels
with:
images: ${{ matrix.image }}
- if: github.event_name != 'pull_request'
uses: crazy-max/ghaction-docker-meta@v1
name: Tags
id: tags
with:
images: ${{ matrix.image }}
tag-semver: |
${{ steps.prefix.outputs.prefix }}{{version}}
${{ steps.prefix.outputs.prefix }}{{major}}.{{minor}}
tag-schedule: |
${{ steps.prefix.outputs.prefix }}nightly
- uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.CR_PAT }}
- uses: docker/build-push-action@v2
with:
tags: ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
load: true
push: false
file: ${{ matrix.file }}
build-args: ${{ matrix.build-args }}
cache-from: |
type=registry,ref=${{ matrix.cache }}:${{ steps.prefix.outputs.prefix }}master
type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }}
cache-to: type=registry,ref=${{ matrix.cache }}:${{ steps.common-tag.outputs.common-tag }},mode=max
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
uses: actions/checkout@v2
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
uses: actions/setup-python@v2
with:
python-version: '3.x'
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
name: Test cryptol-remote-api
run: ./cryptol-remote-api/test_docker.sh ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
uses: docker/build-push-action@v2
name: Build test-cryptol-remote-api
with:
tags: test-cryptol-remote-api:latest
load: true
push: false
file: cryptol-remote-api/test.Dockerfile
- if: matrix.image == 'ghcr.io/galoisinc/cryptol-remote-api'
name: Test cryptol-remote-api helm chart
run: |
set -x
kind create cluster --wait 10m
kind load docker-image ${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
kind load docker-image test-cryptol-remote-api:latest
helm install --wait cra-http ./helm/cryptol-remote-api \
--set image.repository=${{ matrix.image }} \
--set image.tag=${{ steps.common-tag.outputs.common-tag }} \
--set image.pullPolicy=Never \
--set server.connType=http
helm install --wait cra-socket ./helm/cryptol-remote-api \
--set image.repository=${{ matrix.image }} \
--set image.tag=${{ steps.common-tag.outputs.common-tag }} \
--set image.pullPolicy=Never \
--set server.connType=socket
kubectl run --rm --attach test-http \
--image=test-cryptol-remote-api:latest \
--image-pull-policy=Never \
--restart=Never \
-- http cra-http-cryptol-remote-api 8080
kubectl run --rm --attach test-socket \
--image=test-cryptol-remote-api:latest \
--image-pull-policy=Never \
--restart=Never \
-- socket cra-socket-cryptol-remote-api 8080
- uses: docker/build-push-action@v2
with:
tags: |
${{ matrix.image }}:${{ steps.common-tag.outputs.common-tag }}
${{ steps.tags.outputs.tags }}
labels: ${{ steps.labels.outputs.labels }}
push: ${{ needs.config.outputs.publish }}
file: ${{ matrix.file }}
build-args: ${{ matrix.build-args }}

50
.github/workflows/docker.yml vendored
View File

@ -1,50 +0,0 @@
name: Docker
on:
push:
tags: ["v?[0-9]+.[0-9]+(.[0-9]+)?"]
workflow_dispatch:
inputs:
image-to-build:
description: "Manually build and push a docker image (cryptol|cryptol-remote-api)"
required: false
default: ""
jobs:
cryptol:
runs-on: ubuntu-latest
if: "github.event_name == 'push' || github.event.inputs.image-to-build == 'cryptol'"
steps:
- uses: actions/checkout@v2
with:
submodules: true
- run: .github/ci.sh set_version
id: outputs
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol
tags: "latest,${{ steps.outputs.outputs.cryptol-version }}"
add_git_labels: true
push: true
cryptol-remote-api:
if: "github.event_name == 'push' || github.event.inputs.image-to-build == 'cryptol-remote-api'"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: true
- run: .github/ci.sh set_version
id: outputs
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol-remote-api
tags: "latest,${{ steps.outputs.outputs.cryptol-version }}"
add_git_labels: true
build_args: GHCVER=8.10.3
push: true
dockerfile: cryptol-remote-api/Dockerfile

187
.github/workflows/nightly.yml vendored
View File

@ -1,187 +0,0 @@
name: Cryptol Nightly Builds
on:
push:
branches: ["actions/**"]
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
jobs:
outputs:
runs-on: ubuntu-latest
outputs:
cryptol-version: ${{ steps.cryptol.outputs.cryptol-version }}
cryptol-name: ${{ steps.cryptol.outputs.name }}
steps:
- uses: actions/checkout@v2
- id: cryptol
run: |
.github/ci.sh set_version
.github/ci.sh output name cryptol-$(.github/ci.sh ver)-$(date -I)
docs:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- uses: docker://pandoc/latex:2.9.2
with:
args: >-
sh -c
"
apk add make &&
tlmgr install subfigure lastpage preprint adjustbox nag collectbox sectsty todonotes palatino mathpazo &&
cd docs &&
make
"
- uses: actions/upload-artifact@v2
with:
path: docs
name: docs
docker-cryptol:
runs-on: ubuntu-latest
needs: [outputs]
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol
tags: "nightly"
add_git_labels: true
push: ${{ github.event_name == 'schedule' }}
docker-cryptol-remote-api:
runs-on: ubuntu-latest
needs: [outputs]
steps:
- uses: actions/checkout@v2
with:
submodules: true
- name: Publish to Registry
uses: docker/build-push-action@v1
with:
username: ${{ secrets.GITHUBCRYPTOL_USERNAME }}
password: ${{ secrets.GITHUBCRYPTOL }}
repository: galoisinc/cryptol-remote-api
tags: "nightly"
add_git_labels: true
push: ${{ github.event_name == 'schedule' }}
dockerfile: cryptol-remote-api/Dockerfile
- name: Build test-cryptol-remote-api
uses: docker/build-push-action@v1
with:
tags: latest
repository: galoisinc/test-cryptol-remote-api
push: false
dockerfile: cryptol-remote-api/test.Dockerfile
- name: Test cryptol-remote-api helm chart
run: |
set -x
kind create cluster --wait 10m
kind load docker-image galoisinc/cryptol-remote-api:nightly
kind load docker-image galoisinc/test-cryptol-remote-api:latest
helm install --wait cra-http ./helm/cryptol-remote-api --set server.connType=http --set image.tag=nightly
helm install --wait cra-socket ./helm/cryptol-remote-api --set server.connType=socket --set image.tag=nightly
kubectl run --rm --attach test-http --image=galoisinc/test-cryptol-remote-api --image-pull-policy=Never --restart=Never -- http cra-http-cryptol-remote-api 8080
kubectl run --rm --attach test-socket --image=galoisinc/test-cryptol-remote-api --image-pull-policy=Never --restart=Never -- socket cra-socket-cryptol-remote-api 8080
docker-cryptol-remote-api-portable:
runs-on: ubuntu-latest
steps:
- uses: docker/setup-buildx-action@v1
with:
install: true
- id: docker_meta
uses: crazy-max/ghaction-docker-meta@v1
with:
images: ghcr.io/galoisinc/cryptol-remote-api
tag-custom: nightly-portable
tag-custom-only: true
- uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.CR_PAT }}
- uses: docker/build-push-action@v2
with:
tags: ${{ steps.docker_meta.outputs.tags }}
labels: ${{ steps.docker_meta.outputs.labels }}
push: ${{ github.event_name == 'schedule' }}
file: cryptol-remote-api/Dockerfile
build-args: PORTABILITY=true
cache-from: type=registry,ref=ghcr.io/galoisinc/cryptol-remote-api:nightly-portable-cache
cache-to: type=registry,ref=ghcr.io/galoisinc/cryptol-remote-api:nightly-portable-cache,mode=max
build:
needs: [outputs, docs]
runs-on: ${{ matrix.os }}
env:
VERSION: ${{ needs.outputs.outputs.cryptol-version }}
strategy:
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
steps:
- uses: actions/checkout@v2
with:
submodules: true
- uses: actions/setup-haskell@v1
with:
ghc-version: 8.6.5
- uses: actions/cache@v2
name: Cache cabal store
with:
path: |
${{ steps.setup-haskell.outputs.cabal-store }}
dist-newstyle
key: cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-${{ github.sha }}
restore-keys: |
cabal-${{ runner.os }}-${{ matrix.ghc }}-${{ hashFiles(format('cabal.GHC-{0}.config', matrix.ghc)) }}-
- uses: actions/download-artifact@v2
with:
path: docs
name: docs
- shell: bash
run: .github/ci.sh build
- shell: bash
run: .github/ci.sh setup_dist_bins
- shell: bash
run: .github/ci.sh bundle_files
- if: runner.os == 'Windows'
run: .github/wix.ps1
- if: runner.os == 'Windows'
shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
run: .github/ci.sh sign cryptol.msi
- shell: bash
env:
SIGNING_PASSPHRASE: ${{ secrets.SIGNING_PASSPHRASE }}
SIGNING_KEY: ${{ secrets.SIGNING_KEY }}
name: ${{ needs.outputs.outputs.cryptol-name }}
run: .github/ci.sh zip_dist
- uses: actions/upload-artifact@v2
with:
name: ${{ needs.outputs.outputs.cryptol-name }}-${{ runner.os }}
path: "${{ needs.outputs.outputs.cryptol-name }}.tar.gz*"
- uses: actions/upload-artifact@v2
if: runner.os == 'Windows'
with:
name: ${{ needs.outputs.outputs.cryptol-name }}-${{ runner.os }}
path: "cryptol.msi*"

12
.github/workflows/pr-labeler.yml vendored
View File

@ -1,12 +0,0 @@
name: PR Labeler
on:
pull_request:
types: [opened]
jobs:
pr-labeler:
runs-on: ubuntu-latest
steps:
- uses: TimonVS/pr-labeler-action@v3
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

6
README.md
View File

@ -1,6 +1,4 @@
[![Build [![Cryptol](https://github.com/GaloisInc/cryptol/actions/workflows/build.yml/badge.svg?event=push)](https://github.com/GaloisInc/cryptol/actions/workflows/ci.yml)
Status](https://github.com/GaloisInc/cryptol/workflows/Cryptol/badge.svg?branch=master)
](https://github.com/GaloisInc/cryptol/actions?query=workflow%3A%22Cryptol+Nightly+Builds%22)
# Cryptol, version 2 # Cryptol, version 2
@ -48,7 +46,7 @@ during type checking, and as the default solver for the `:sat` and
`:prove` commands. Cryptol generally requires the most recent version `:prove` commands. Cryptol generally requires the most recent version
of Z3, but you can see the specific version tested in CI by looking for of Z3, but you can see the specific version tested in CI by looking for
the `Z3_VERSION` setting in [this the `Z3_VERSION` setting in [this
file](https://github.com/GaloisInc/cryptol/blob/master/.github/workflows/build.yml). file](https://github.com/GaloisInc/cryptol/blob/master/.github/workflows/ci.yml).
You can download Z3 binaries for a variety of platforms from their You can download Z3 binaries for a variety of platforms from their
[releases page](https://github.com/Z3Prover/z3/releases). If you [releases page](https://github.com/Z3Prover/z3/releases). If you

22
cryptol-remote-api/Dockerfile
View File

@ -44,18 +44,18 @@ RUN latest="$(curl -sSL 'http://cvc4.cs.stanford.edu/downloads/builds/x86_64-lin
# Set executable and run tests # Set executable and run tests
RUN chmod +x rootfs/usr/local/bin/* RUN chmod +x rootfs/usr/local/bin/*
FROM debian:buster AS build FROM debian:buster AS toolchain
ARG PORTABILITY=false ARG PORTABILITY=false
RUN apt-get update && apt-get install -y libncurses-dev libz-dev \ RUN apt-get update && apt-get install -y libncurses-dev libz-dev \
build-essential curl libffi-dev libffi6 libgmp-dev libgmp10 libncurses-dev libncurses5 libtinfo5 libnuma-dev \ build-essential curl libffi-dev libffi6 libgmp-dev libgmp10 libncurses-dev libncurses5 libtinfo5 libnuma-dev \
$(if ${PORTABILITY}; then echo git autoconf python3; fi) $(if ${PORTABILITY}; then echo git autoconf python3; fi)
RUN curl -o /usr/local/bin/ghcup "https://downloads.haskell.org/~ghcup/0.1.12/x86_64-linux-ghcup-0.1.12" && chmod +x /usr/local/bin/ghcup ENV GHCUP_INSTALL_BASE_PREFIX=/opt \
ENV GHCUP_USE_XDG_DIRS=true \ PATH=/opt/.ghcup/bin:$PATH
XDG_BIN_HOME=/usr/local/bin \ RUN curl -o /usr/local/bin/ghcup "https://downloads.haskell.org/~ghcup/0.1.14/x86_64-linux-ghcup-0.1.14" && \
XDG_DATA_HOME=/usr/local/share chmod +x /usr/local/bin/ghcup
COPY --from=solvers /solvers/rootfs / COPY --from=solvers /solvers/rootfs /
RUN ghcup install cabal --set RUN ghcup install cabal --set
ENV PATH /root/.cabal/bin:$PATH ENV PATH=/root/.cabal/bin:$PATH
ADD ./cryptol-remote-api/ghc-portability.patch . ADD ./cryptol-remote-api/ghc-portability.patch .
ARG GHCVER ARG GHCVER
ARG GHCVER_BOOTSTRAP ARG GHCVER_BOOTSTRAP
@ -72,12 +72,15 @@ RUN if ${PORTABILITY}; then \
make -j && \ make -j && \
make install && \ make install && \
cd .. && \ cd .. && \
rm -rf ./ghc; \ rm -rf ./ghc && \
ghcup rm ghc ${GHCVER_BOOTSTRAP}; \
else \ else \
ghcup install ghc ${GHCVER} && \ ghcup install ghc ${GHCVER} && \
ghcup set ghc ${GHCVER}; \ ghcup set ghc ${GHCVER}; \
fi fi
FROM toolchain AS build
RUN useradd -m cryptol RUN useradd -m cryptol
COPY --chown=cryptol:cryptol . /cryptol COPY --chown=cryptol:cryptol . /cryptol
USER cryptol USER cryptol
@ -91,8 +94,9 @@ COPY cabal.GHC-${GHCVER}.config cabal.project.freeze
RUN mkdir -p rootfs/usr/local/bin RUN mkdir -p rootfs/usr/local/bin
RUN cabal v2-update && \ RUN cabal v2-update && \
cabal v2-build -j cryptol-remote-api:exe:cryptol-remote-api && \ cabal v2-build -j cryptol-remote-api:exe:cryptol-remote-api cryptol-remote-api:exe:cryptol-eval-server && \
cp $(cabal v2-exec which cryptol-remote-api) rootfs/usr/local/bin cp $(cabal v2-exec which cryptol-remote-api) rootfs/usr/local/bin && \
cp $(cabal v2-exec which cryptol-eval-server) rootfs/usr/local/bin
ENV PATH=/usr/local/bin:/cryptol/rootfs/usr/local/bin:$PATH ENV PATH=/usr/local/bin:/cryptol/rootfs/usr/local/bin:$PATH
RUN mkdir -p rootfs/"${CRYPTOLPATH}" \ RUN mkdir -p rootfs/"${CRYPTOLPATH}" \
&& cp -r lib/* rootfs/"${CRYPTOLPATH}" && cp -r lib/* rootfs/"${CRYPTOLPATH}"

9
cryptol-remote-api/cryptol-remote-api.cabal
View File

@ -8,6 +8,9 @@ maintainer: dtc@galois.com
category: Language category: Language
extra-source-files: CHANGELOG.md extra-source-files: CHANGELOG.md
flag static
default: False
description: Create a statically-linked binary
common warnings common warnings
ghc-options: ghc-options:
@ -81,6 +84,9 @@ executable cryptol-remote-api
cryptol-remote-api, cryptol-remote-api,
sbv < 8.10 sbv < 8.10
if os(linux) && flag(static)
ld-options: -static -pthread
executable cryptol-eval-server executable cryptol-eval-server
import: deps, warnings, errors import: deps, warnings, errors
main-is: Main.hs main-is: Main.hs
@ -93,4 +99,7 @@ executable cryptol-eval-server
optparse-applicative, optparse-applicative,
sbv < 8.10 sbv < 8.10
if os(linux) && flag(static)
ld-options: -static -pthread

7
cryptol-remote-api/build_and_test_docker.sh → cryptol-remote-api/test_docker.sh
View File

@ -2,17 +2,14 @@
DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )"
pushd $DIR/.. TAG=${1:-cryptol-remote-api}
docker build -t cryptol-remote-api --file cryptol-remote-api/Dockerfile .
popd
pushd $DIR pushd $DIR
docker run --name=cryptol-remote-api -d \ docker run --name=cryptol-remote-api -d \
-v $PWD/python/tests/cryptol/test-files:/home/cryptol/tests/cryptol/test-files \ -v $PWD/python/tests/cryptol/test-files:/home/cryptol/tests/cryptol/test-files \
-p 8080:8080 \ -p 8080:8080 \
cryptol-remote-api $TAG
popd popd

6
cryptol.cabal
View File

@ -234,6 +234,7 @@ executable cryptol
if os(linux) && flag(static) if os(linux) && flag(static)
ld-options: -static -pthread ld-options: -static -pthread
ghc-options: -optl-fuse-ld=bfd
executable cryptol-html executable cryptol-html
Default-language: Default-language:
@ -243,6 +244,10 @@ executable cryptol-html
build-depends: base, text, cryptol, blaze-html build-depends: base, text, cryptol, blaze-html
GHC-options: -Wall GHC-options: -Wall
if os(linux) && flag(static)
ld-options: -static -pthread
ghc-options: -optl-fuse-ld=bfd
executable check-exercises executable check-exercises
Default-language: Default-language:
Haskell2010 Haskell2010
@ -270,6 +275,7 @@ benchmark cryptol-bench
ghc-options: -Wno-redundant-constraints ghc-options: -Wno-redundant-constraints
if os(linux) && flag(static) if os(linux) && flag(static)
ld-options: -static -pthread ld-options: -static -pthread
ghc-options: -optl-fuse-ld=bfd
build-depends: base build-depends: base
, criterion , criterion
, cryptol , cryptol

2
helm/cryptol-remote-api/values.yaml
View File

@ -5,7 +5,7 @@
replicaCount: 1 replicaCount: 1
image: image:
repository: galoisinc/cryptol-remote-api repository: ghcr.io/galoisinc/cryptol-remote-api
pullPolicy: Always pullPolicy: Always
# Overrides the image tag whose default is the chart appVersion. # Overrides the image tag whose default is the chart appVersion.
tag: "" tag: ""