T0b1/wasmtime
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
a1732b2906d79033ff9266ac391a9783ac6daa27
wasmtime/.github/workflows/main.yml
Saúl Cabrera a1732b2906 winch(fuzz): Initial support for differential fuzzing (#6281) 
* winch(fuzz): Initial support for differential fuzzing

This commit introduces initial support for differential fuzzing for Winch. In
order to fuzz winch, this change introduces the `winch` cargo feature. When the
`winch` cargo feature is enabled the differential fuzz target uses `wasmi` as
the differential engine and `wasm-smith` and `single-inst` as the module sources.

The intention behind this change is to have a *local* approach for fuzzing and
verifying programs generated by Winch and to have an initial implementation that
will allow us to eventually enable this change by default. Currently it's not
worth it to enable this change by default given all the filtering that needs to
happen to ensure that the generated modules are supported by Winch.

It's worth noting that the Wasm filtering code will be temporary, until Winch
reaches feature parity in terms of Wasm operators.

* Check build targets with the `winch` feature flag

* Rename fuzz target feature to `fuzz-winch`
2023-04-25 03:56:24 +00:00

770 lines
29 KiB
YAML
Raw Blame History

name: CI
on:
# Run CI for PRs to `main` and to release branches.
#
# Note that PRs to `main` will run a subset of tests and PRs to the
# `release-*` branches will run full CI.
pull_request:
branches:
- main
- 'release-*'
push:
branches:
# This is an alternative to using `merge_group:` which doesn't work at the
# time of this writing.
- 'gh-readonly-queue/main/*'
# Right now merge queues can't be used with wildcards in branch protections
# so full CI runs both on PRs to release branches as well as merges to
# release branches. Note that the merge to a release branch may produce a
# tag at the end of CI if successful and the tag will trigger the artifact
# uploads as well as publication to crates.io.
- 'release-*'
defaults:
run:
shell: bash
# Cancel any in-flight jobs for the same PR/branch so there's only one active
# at a time
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# Check Code style quickly by running `rustfmt` over all code
rustfmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: rustup component add rustfmt
- run: cargo fmt --all -- --check
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Lint dependency graph for security advisories, duplicate versions, and
# incompatible licences
cargo_deny:
name: Cargo deny
needs: determine
if: needs.determine.outputs.audit
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: |
set -e
curl -L https://github.com/EmbarkStudios/cargo-deny/releases/download/0.8.5/cargo-deny-0.8.5-x86_64-unknown-linux-musl.tar.gz | tar xzf -
mv cargo-deny-*-x86_64-unknown-linux-musl/cargo-deny cargo-deny
echo `pwd` >> $GITHUB_PATH
- run: cargo deny check bans licenses
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Ensure dependencies are vetted. See https://mozilla.github.io/cargo-vet/
cargo_vet:
name: Cargo vet
needs: determine
if: needs.determine.outputs.audit
runs-on: ubuntu-latest
env:
CARGO_VET_VERSION: 0.6.1
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
- uses: actions/cache@v3
with:
path: ${{ runner.tool_cache }}/cargo-vet
key: cargo-vet-bin-${{ env.CARGO_VET_VERSION }}
- run: echo "${{ runner.tool_cache }}/cargo-vet/bin" >> $GITHUB_PATH
- run: cargo install --root ${{ runner.tool_cache }}/cargo-vet --version ${{ env.CARGO_VET_VERSION }} cargo-vet
- run: cargo vet --locked
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# This job is a dependency of many of the jobs below. This calculates what's
# actually being run for this workflow. For example:
#
# * Pushes to branches, which is currently both pushes to merge queue branches
# as well as release branches, perform full CI.
# * PRs to release branches (not `main`) run full CI.
# * PRs to `main` will only run a few smoke tests above plus some elements of
# the test matrix. The test matrix here is determined dynamically by the
# `./ci/build-test-matrix.js` script given the commits that happened and
# the files modified.
determine:
name: Determine CI jobs to run
runs-on: ubuntu-latest
outputs:
run-full: ${{ steps.calculate.outputs.run-full }}
test-matrix: ${{ steps.calculate.outputs.test-matrix }}
test-capi: ${{ steps.calculate.outputs.test-capi }}
build-fuzz: ${{ steps.calculate.outputs.build-fuzz }}
audit: ${{ steps.calculate.outputs.audit }}
steps:
- uses: actions/checkout@v3
- id: calculate
env:
GH_TOKEN: ${{ github.token }}
run: |
touch commits.log names.log
# Note that CI doesn't run on pushes to `main`, only pushes to merge
# queue branches and release branches, so this only runs full CI in
# those locations.
if [ "${{ github.event_name }}" != "pull_request" ]; then
run_full=true
else
pr=${{ github.event.number }}
gh pr view $pr --json commits | tee commits.log
gh pr diff $pr --name-only | tee names.log
if [ "${{ github.base_ref }}" != "main" ]; then
run_full=true
elif grep -q 'prtest:full' commits.log; then
run_full=true
fi
if grep -q crates.c-api names.log; then
echo test-capi=true >> $GITHUB_OUTPUT
fi
if grep -q fuzz names.log; then
echo build-fuzz=true >> $GITHUB_OUTPUT
fi
if grep -q Cargo.lock names.log; then
echo audit=true >> $GITHUB_OUTPUT
fi
if grep -q supply-chain names.log; then
echo audit=true >> $GITHUB_OUTPUT
fi
fi
matrix="$(node ./ci/build-test-matrix.js ./commits.log ./names.log $run_full)"
echo "test-matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT
echo "$matrix"
if [ "$run_full" = "true" ]; then
echo run-full=true >> $GITHUB_OUTPUT
echo test-capi=true >> $GITHUB_OUTPUT
echo build-fuzz=true >> $GITHUB_OUTPUT
echo audit=true >> $GITHUB_OUTPUT
fi
# Build all documentation of Wasmtime, including the C API documentation,
# mdbook documentation, etc. This produces a `gh-pages` artifact which is what
# gets uploaded to the `gh-pages` branch later on.
doc:
needs: determine
if: needs.determine.outputs.run-full
name: Doc build
runs-on: ubuntu-latest
env:
CARGO_MDBOOK_VERSION: 0.4.21
RUSTDOCFLAGS: -Dbroken_intra_doc_links --cfg nightlydoc
OPENVINO_SKIP_LINKING: 1
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
with:
toolchain: nightly-2023-03-20
# Build C API documentation
- run: curl -L https://sourceforge.net/projects/doxygen/files/rel-1.9.3/doxygen-1.9.3.linux.bin.tar.gz/download | tar xzf -
- run: echo "`pwd`/doxygen-1.9.3/bin" >> $GITHUB_PATH
- run: cd crates/c-api && doxygen doxygen.conf
# install mdbook, build the docs, and test the docs
- uses: actions/cache@v3
with:
path: ${{ runner.tool_cache }}/mdbook
key: cargo-mdbook-bin-${{ env.CARGO_MDBOOK_VERSION }}
- run: |
echo "${{ runner.tool_cache }}/mdbook/bin" >> $GITHUB_PATH
cargo install --root ${{ runner.tool_cache }}/mdbook --version ${{ env.CARGO_MDBOOK_VERSION }} mdbook
- run: (cd docs && mdbook build)
- run: cargo build -p wasmtime-wasi --features wasmtime/wat,wasmtime/cranelift
- run: (cd docs/rust_wasi_markdown_parser && cargo build)
- run: (cd docs && mdbook test -L ../target/debug/deps,./rust_wasi_markdown_parser/target/debug/deps)
# Build Rust API documentation.
# We pass in the `component-model` feature
# to match the docs.rs metadata in
# crates/wasmtime/Cargo.toml.
- run: |
cargo doc --no-deps --workspace \
--exclude wasmtime-cli \
--exclude test-programs \
--exclude cranelift-codegen-meta \
--features component-model
- run: cargo doc --package cranelift-codegen-meta --document-private-items
# Assemble the documentation, and always upload it as an artifact for
# inspection on PRs and such.
- run: |
mv docs/book gh-pages
mv crates/c-api/html gh-pages/c-api
mv target/doc gh-pages/api
tar czf gh-pages.tar.gz gh-pages
- uses: actions/upload-artifact@v3
with:
name: gh-pages
path: gh-pages.tar.gz
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Checks of various feature combinations and whether things
# compile. The goal here isn't to run tests, mostly just serve as a
# double-check that Rust code compiles and is likely to work everywhere else.
checks:
needs: determine
if: needs.determine.outputs.run-full
name: Check
runs-on: ubuntu-latest
env:
CARGO_NDK_VERSION: 2.12.2
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
# Check some feature combinations of the `wasmtime` crate
- run: cargo check -p wasmtime --no-default-features
- run: cargo check -p wasmtime --no-default-features --features wat
- run: cargo check -p wasmtime --no-default-features --features jitdump
- run: cargo check -p wasmtime --no-default-features --features vtune
- run: cargo check -p wasmtime --no-default-features --features cache
- run: cargo check -p wasmtime --no-default-features --features async
- run: cargo check -p wasmtime --no-default-features --features pooling-allocator
- run: cargo check -p wasmtime --no-default-features --features cranelift
- run: cargo check -p wasmtime --no-default-features --features component-model
- run: cargo check -p wasmtime --no-default-features --features cranelift,wat,async,cache
- run: cargo check -p wasmtime --no-default-features --features winch
- run: cargo check --features component-model
# Check that benchmarks of the cranelift project build
- run: cargo check --benches -p cranelift-codegen
# Check some feature combinations of the `wasmtime-c-api` crate
- run: cargo check -p wasmtime-c-api --no-default-features
- run: cargo check -p wasmtime-c-api --no-default-features --features wat
- run: cargo check -p wasmtime-c-api --no-default-features --features wasi
# Check a few builds of the cranelift backend
# - only x86 backend support,
# - only arm64 backend support,
# - no debug_assertions.
- run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util --no-default-features --features=cranelift-codegen/arm64
- run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util --no-default-features --features=cranelift-codegen/x86
- run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util
env:
CARGO_PROFILE_DEV_DEBUG_ASSERTIONS: false
# Check whether `wasmtime` cross-compiles to x86_64-unknown-freebsd
# TODO: We aren't building with default features since the `ittapi` crate fails to compile on freebsd.
- run: rustup target add x86_64-unknown-freebsd
- run: cargo check -p wasmtime --no-default-features --features cranelift,wat,async,cache --target x86_64-unknown-freebsd
# Check whether `wasmtime` cross-compiles to aarch64-linux-android
- run: rustup target add aarch64-linux-android
- name: Setup Android SDK
uses: android-actions/setup-android@v2
- uses: actions/cache@v3
with:
path: ${{ runner.tool_cache }}/cargo-ndk
key: cargo-ndk-bin-${{ env.CARGO_NDK_VERSION }}
- run: echo "${{ runner.tool_cache }}/cargo-ndk/bin" >> $GITHUB_PATH
- run: cargo install --root ${{ runner.tool_cache }}/cargo-ndk --version ${{ env.CARGO_NDK_VERSION }} cargo-ndk
- run: cargo ndk -t arm64-v8a check -p wasmtime
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Check whether `wasmtime` cross-compiles to aarch64-pc-windows-msvc
# We don't build nor test it because it lacks trap handling.
# Tracking issue: https://github.com/bytecodealliance/wasmtime/issues/4992
checks_winarm64:
needs: determine
if: needs.determine.outputs.run-full
name: Check Windows ARM64
runs-on: windows-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: rustup target add aarch64-pc-windows-msvc
- run: cargo check -p wasmtime --target aarch64-pc-windows-msvc
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Verify all fuzz targets compile successfully
fuzz_targets:
needs: determine
if: needs.determine.outputs.build-fuzz
name: Fuzz Targets
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
# Note that building with fuzzers requires nightly since it uses unstable
# flags to rustc.
- uses: ./.github/actions/install-rust
with:
toolchain: nightly-2023-03-20
- run: cargo install cargo-fuzz --vers "^0.11"
# Install the OCaml packages necessary for fuzz targets that use the
# `wasm-spec-interpreter`.
- run: sudo apt install -y ocaml-nox ocamlbuild ocaml-findlib libzarith-ocaml-dev
- run: cargo fetch
working-directory: ./fuzz
- run: cargo fuzz build --dev -s none
# Check that the ISLE fuzz targets build too.
- run: cargo fuzz build --dev -s none --fuzz-dir ./cranelift/isle/fuzz
# Check that winch fuzzing builds too.
- run: cargo fuzz build --dev -s none --features fuzz-winch
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Perform all tests (debug mode) for `wasmtime`.
#
# Note that the full matrix for what may run here is defined within
# `./ci/build-test-matrix.js` and the execution of the `determine` step will
# calculate whether the tests are actually run as part of PRs and such.
test:
needs: determine
name: ${{ matrix.name }}
runs-on: ${{ matrix.os }}
env:
QEMU_BUILD_VERSION: 7.2.0
strategy:
matrix: ${{ fromJson(needs.determine.outputs.test-matrix) }}
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
# Install targets in order to build various tests throughout the repo
- run: rustup target add wasm32-wasi wasm32-unknown-unknown ${{ matrix.target }}
- run: echo CARGO_BUILD_TARGET=${{ matrix.target }} >> $GITHUB_ENV
if: matrix.target != ''
# Fix an ICE for now in gcc when compiling zstd with debuginfo (??)
- run: echo CFLAGS=-g0 >> $GITHUB_ENV
if: matrix.target == 'x86_64-pc-windows-gnu'
- run: cargo fetch --locked
- run: cargo fetch --locked --manifest-path crates/test-programs/wasi-tests/Cargo.toml
- run: cargo fetch --locked --manifest-path crates/test-programs/wasi-http-tests/Cargo.toml
- uses: actions/cache@v3
with:
path: ${{ runner.tool_cache }}/qemu
key: qemu-${{ matrix.target }}-${{ env.QEMU_BUILD_VERSION }}-patchcpuinfo
if: matrix.target != '' && matrix.os == 'ubuntu-latest'
- name: Install cross-compilation tools
run: |
set -ex
sudo apt-get update
sudo apt-get install -y ${{ matrix.gcc_package }} ninja-build
# Configure Cargo for cross compilation and tell it how it can run
# cross executables
upcase=$(echo ${{ matrix.target }} | awk '{ print toupper($0) }' | sed 's/-/_/g')
echo CARGO_TARGET_${upcase}_RUNNER=${{ runner.tool_cache }}/qemu/bin/${{ matrix.qemu }} >> $GITHUB_ENV
echo CARGO_TARGET_${upcase}_LINKER=${{ matrix.gcc }} >> $GITHUB_ENV
# QEMU emulation is not always the speediest, so total testing time
# goes down if we build the libs in release mode when running tests.
echo CARGO_PROFILE_DEV_OPT_LEVEL=2 >> $GITHUB_ENV
# See comments in the source for why we enable this during QEMU
# emulation.
echo WASMTIME_TEST_NO_HOG_MEMORY=1 >> $GITHUB_ENV
# See if qemu is already in the cache
if [ -f ${{ runner.tool_cache }}/qemu/built ]; then
exit 0
fi
# Download and build qemu from source since the most recent release is
# way faster at arm emulation than the current version github actions'
# ubuntu image uses. Disable as much as we can to get it to build
# quickly.
curl https://download.qemu.org/qemu-$QEMU_BUILD_VERSION.tar.xz | tar xJf -
cd qemu-$QEMU_BUILD_VERSION
patch -p1 < $GITHUB_WORKSPACE/ci/qemu-cpuinfo.patch
./configure --target-list=${{ matrix.qemu_target }} --prefix=${{ runner.tool_cache}}/qemu --disable-tools --disable-slirp --disable-fdt --disable-capstone --disable-docs
ninja -C build install
touch ${{ runner.tool_cache }}/qemu/built
if: matrix.gcc != ''
# Build and test the C API with example C programs along with the example
# Rust programs. Note that this only executes if the `determine` step told
# us to test the capi which is off-by-default for PRs.
- run: cmake -Sexamples -Bexamples/build -DBUILD_SHARED_LIBS=OFF
if: matrix.target == '' && needs.determine.outputs.test-capi
- run: cmake --build examples/build --config Debug
if: matrix.target == '' && needs.determine.outputs.test-capi
- run: cmake -E env CTEST_OUTPUT_ON_FAILURE=1 cmake --build examples/build --config Debug --target RUN_TESTS
env:
RUST_BACKTRACE: 1
if: matrix.target == '' && matrix.os == 'windows-latest' && needs.determine.outputs.test-capi
- run: cmake -E env CTEST_OUTPUT_ON_FAILURE=1 cmake --build examples/build --config Debug --target test
env:
RUST_BACKTRACE: 1
if: matrix.target == '' && matrix.os != 'windows-latest' && needs.determine.outputs.test-capi
# Build and test all features
- run: ./ci/run-tests.sh --locked
env:
RUST_BACKTRACE: 1
# Test debug (DWARF) related functionality.
- run: |
sudo apt-get update && sudo apt-get install -y gdb lldb llvm
cargo test test_debug_dwarf -- --ignored --test-threads 1
if: matrix.os == 'ubuntu-latest' && matrix.target == ''&& needs.determine.outputs.run-full
env:
RUST_BACKTRACE: 1
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Build and test the wasi-nn module.
test_wasi_nn:
needs: determine
if: needs.determine.outputs.run-full
name: Test wasi-nn module
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: rustup target add wasm32-wasi
- uses: abrown/install-openvino-action@v6
with:
version: 2022.3.0
apt: true
- run: ./ci/run-wasi-nn-example.sh
env:
RUST_BACKTRACE: 1
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Build and test the wasi-crypto module.
test_wasi_crypto:
needs: determine
if: needs.determine.outputs.run-full
name: Test wasi-crypto module
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- run: rustup update stable && rustup default stable
- run: rustup target add wasm32-wasi
- run: ./ci/run-wasi-crypto-example.sh
env:
RUST_BACKTRACE: 1
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
bench:
needs: determine
if: needs.determine.outputs.run-full
name: Run benchmarks
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: rustup target add wasm32-wasi
- run: cargo test --benches --release
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Verify that cranelift's code generation is deterministic
meta_deterministic_check:
needs: determine
if: needs.determine.outputs.run-full
name: Meta deterministic check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
- run: cd cranelift/codegen && cargo build --features all-arch
- run: ci/ensure_deterministic_build.sh
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
verify-publish:
needs: determine
if: github.repository == 'bytecodealliance/wasmtime' && needs.determine.outputs.run-full
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- run: rustup update stable && rustup default stable
- run: |
cd ${{ runner.tool_cache }}
curl -L https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz | tar xzf -
echo "`pwd`/sccache-0.2.13-x86_64-unknown-linux-musl" >> $GITHUB_PATH
echo RUSTC_WRAPPER=sccache >> $GITHUB_ENV
- run: rustc scripts/publish.rs
# Make sure the tree is publish-able as-is
- run: ./publish verify
# Make sure we can bump version numbers for the next release
- run: ./publish bump
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# Perform release builds of `wasmtime` and `libwasmtime.so`. Builds a variety
# of platforms and architectures and then uploads the release artifacts to
# this workflow run's list of artifacts.
build:
needs: determine
if: needs.determine.outputs.run-full
name: Release build for ${{ matrix.build }}
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- build: x86_64-linux
os: ubuntu-latest
- build: x86_64-macos
os: macos-latest
- build: aarch64-macos
os: macos-latest
target: aarch64-apple-darwin
- build: x86_64-windows
os: windows-latest
- build: x86_64-mingw
os: windows-latest
target: x86_64-pc-windows-gnu
- build: aarch64-linux
os: ubuntu-latest
target: aarch64-unknown-linux-gnu
- build: s390x-linux
os: ubuntu-latest
target: s390x-unknown-linux-gnu
- build: riscv64gc-linux
os: ubuntu-latest
target: riscv64gc-unknown-linux-gnu
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/install-rust
# Note that the usage of this nightly toolchain is temporary until it
# rides to stable. After this nightly version becomes stable (Rust 1.69.0)
# then this should switch back to using stable by deleting the `with` and
# `toolchain` options.
with:
toolchain: nightly-2023-01-31
# On one builder produce the source tarball since there's no need to produce
# it everywhere
- run: ./ci/build-src-tarball.sh
if: matrix.build == 'x86_64-linux'
- uses: ./.github/actions/binary-compatible-builds
with:
name: ${{ matrix.build }}
- run: |
echo CARGO_BUILD_TARGET=${{ matrix.target }} >> $GITHUB_ENV
rustup target add ${{ matrix.target }}
if: matrix.target != ''
# Build `wasmtime` and executables. Note that we include `all-arch` so our
# release artifacts can be used to compile `.cwasm`s for other targets.
- run: $CENTOS cargo build --release --bin wasmtime --features all-arch
# Build `libwasmtime.so`
- run: $CENTOS cargo build --release --manifest-path crates/c-api/Cargo.toml
# Assemble release artifats appropriate for this platform, then upload them
# unconditionally to this workflow's files so we have a copy of them.
- run: ./ci/build-tarballs.sh "${{ matrix.build }}" "${{ matrix.target }}"
- uses: actions/upload-artifact@v3
with:
name: bins-${{ matrix.build }}
path: dist
# common logic to cancel the entire run if this job fails
- run: gh run cancel ${{ github.run_id }}
if: failure() && github.event_name != 'pull_request'
env:
GH_TOKEN: ${{ github.token }}
# This is a "join node" which depends on all prior workflows. The merge queue,
# for example, gates on this to ensure that everything has executed
# successfully.
#
# Note that this is required currently for odd reasons with github. Notably
# the set of checks to enter the merge queue and leave the merge queue must
# be the same which means that the "build" step for example shows as skipped
# for PRs but expands to many different steps for merge-queue-based PRs. That
# means that for that step there's no single name to gate on, so it's required
# to have a "join" node here which joins everything.
#
# Note that this currently always runs to always report a status, even on
# cancellation and even if dependency steps fail. Each dependency tries to
# cancel the whole run if it fails, so if a test matrix entry fails, for
# example, it cancels the build matrix entries too. This step then tries to
# fail on cancellation to ensure that the dependency failures are propagated
# correctly.
ci-status:
name: Record the result of testing and building steps
runs-on: ubuntu-latest
needs:
- test
- build
- rustfmt
- cargo_deny
- cargo_vet
- doc
- checks
- checks_winarm64
- fuzz_targets
- test_wasi_nn
- test_wasi_crypto
- bench
- meta_deterministic_check
- verify-publish
- determine
if: always()
steps:
- name: Dump needs context
env:
CONTEXT: ${{ toJson(needs) }}
run: |
echo -e "\033[33;1;4mDump context\033[0m"
echo -e "$CONTEXT\n"
- name: Successful test and build
if: ${{ !(contains(needs.*.result, 'failure')) }}
run: exit 0
- name: Failing test and build
if: ${{ contains(needs.*.result, 'failure') }}
run: exit 1
- name: Report failure on cancellation
if: ${{ contains(needs.*.result, 'cancelled') || cancelled() }}
run: exit 1
# The purpose of this jobs is to watch for changes on the `release-*`
# branches of this repository and look for the term
# "automatically-tag-and-release-this-commit" within merged PRs/commits. Once
# that term is found the current version of `Cargo.toml`, the `wasmtime-cli`
# Cargo.toml, is created as a tag and the tag is pushed to the repo.
# Currently the tag is created through the GitHub API with an access token to
# ensure that CI is further triggered for the tag itself which performs the
# full release process.
#
# Note that this depends on the `ci-status` step above which is the "join"
# point of this workflow for when everything succeeds. the purpose of that is
# so that the tag is only created after the aftifacts have been uploaded for
# this workflow as the `publish-artifacts.yml` workflow will download these
# artifacts and then publish them to the tag.
push-tag:
runs-on: ubuntu-latest
needs: ci-status
if: |
always()
&& needs.ci-status.result == 'success'
&& github.event_name == 'push'
&& startsWith(github.ref, 'refs/heads/release-')
&& github.repository == 'bytecodealliance/wasmtime'
steps:
- uses: actions/checkout@v3
with:
submodules: true
fetch-depth: 0
- name: Test if tag is needed
run: |
git log ${{ github.event.before }}...${{ github.event.after }} | tee main.log
version=$(grep '^version =' Cargo.toml | head -n 1 | sed 's/.*"\(.*\)"/\1/')
echo "version: $version"
echo "version=$version" >> $GITHUB_OUTPUT
echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT
if grep -q "automatically-tag-and-release-this-commit" main.log; then
echo push-tag
echo "push_tag=yes" >> $GITHUB_OUTPUT
else
echo no-push-tag
echo "push_tag=no" >> $GITHUB_OUTPUT
fi
id: tag
- name: Push the tag
run: |
git_refs_url=$(jq .repository.git_refs_url $GITHUB_EVENT_PATH | tr -d '"' | sed 's/{\/sha}//g')
curl -iX POST $git_refs_url \
-H "Authorization: token ${{ secrets.PERSONAL_ACCESS_TOKEN }}" \
-d @- << EOF
{
"ref": "refs/tags/v${{ steps.tag.outputs.version }}",
"sha": "${{ steps.tag.outputs.sha }}"
}
EOF
if: steps.tag.outputs.push_tag == 'yes'
Reference in New Issue View Git Blame Copy Permalink