Merge pull request #52 from godaddy/bug-fix-3 #358
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| cancel-in-progress: true | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Cache cargo registry | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: lint-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| lint-${{ runner.os }}- | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| components: rustfmt, clippy | |
| - name: Ensure pinned toolchain components | |
| run: | | |
| TOOLCHAIN=$(rustup show active-toolchain | cut -d' ' -f1) | |
| rustup component add --toolchain "$TOOLCHAIN" rustfmt clippy | |
| - name: Format check | |
| run: cargo fmt --all -- --check | |
| - name: Clippy | |
| run: cargo clippy --all-targets --all-features -- -D warnings | |
| tests: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/pip | |
| .cache/npm | |
| .cache/maven | |
| .cache/dotnet | |
| .cache/bun | |
| key: tests-${{ runner.os }}-amd64-${{ hashFiles('**/Cargo.lock', 'asherah-node/package-lock.json', 'asherah-py/Cargo.toml', 'asherah-py/pyproject.toml', 'asherah-java/java/pom.xml', 'asherah-dotnet/**/*.csproj') }} | |
| restore-keys: | | |
| tests-${{ runner.os }}-amd64- | |
| - name: Verify Docker availability | |
| run: docker version | |
| - name: Run full language test matrix | |
| env: | |
| SKIP_RUST_CHECKS: "1" | |
| run: ./scripts/test-in-docker.sh | |
| integration-tests: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Cache cargo registry | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: integration-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| integration-${{ runner.os }}- | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| - name: Verify Docker availability | |
| run: docker version | |
| - name: Run integration tests (MySQL, Postgres, DynamoDB, KMS via containers) | |
| run: cargo test -p asherah --features mysql,postgres,dynamodb --test integration_containers -- --test-threads=1 | |
| build-rlib-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/sccache | |
| key: build-${{ runner.os }}-x86_64-rlib-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-x86_64-rlib- | |
| - name: Install sccache | |
| run: | | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| sudo mv sccache-*/sccache /usr/local/bin/ | |
| sudo chmod +x /usr/local/bin/sccache | |
| - name: Build FFI rlib (x86_64) | |
| env: | |
| TARGET_ARCH: x86_64 | |
| BINDING_COMPONENTS: ffi | |
| run: ./scripts/build-bindings.sh | |
| - name: Upload x86_64 rlib artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: x86_64-rlib-artifacts | |
| retention-days: 1 | |
| path: target/ | |
| build-node-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-x86_64 | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| NPM_CONFIG_CACHE: ${{ github.workspace }}/.cache/npm | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/npm | |
| .cache/sccache | |
| key: build-${{ runner.os }}-x86_64-node-${{ hashFiles('**/Cargo.lock', 'asherah-node/package-lock.json') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-x86_64-node- | |
| - name: Download x86_64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: x86_64-rlib-artifacts | |
| path: target/ | |
| - name: Install sccache | |
| run: | | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| sudo mv sccache-*/sccache /usr/local/bin/ | |
| sudo chmod +x /usr/local/bin/sccache | |
| - uses: actions/setup-node@v6 | |
| with: | |
| node-version: 20 | |
| - name: Build Node.js binding (x86_64) | |
| env: | |
| TARGET_ARCH: x86_64 | |
| BINDING_COMPONENTS: node | |
| SKIP_CORE_BUILD: "1" | |
| run: ./scripts/build-bindings.sh | |
| - name: Upload x86_64 node binding artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-x86_64-part-node | |
| retention-days: 1 | |
| path: artifacts/x86_64 | |
| build-python-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-x86_64 | |
| container: quay.io/pypa/manylinux_2_28_x86_64 | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| PIP_CACHE_DIR: ${{ github.workspace }}/.cache/pip | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/pip | |
| .cache/sccache | |
| key: build-${{ runner.os }}-x86_64-python-${{ hashFiles('Cargo.lock', 'asherah-py/Cargo.toml') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-x86_64-python- | |
| - name: Download x86_64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: x86_64-rlib-artifacts | |
| path: target/ | |
| - name: Build Python binding (x86_64) - manylinux | |
| run: | | |
| curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain none | |
| export PATH="$CARGO_HOME/bin:$PATH" | |
| rustup toolchain install 1.88.0 --profile minimal --component rustfmt | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| mv sccache-*/sccache /usr/local/bin/ | |
| chmod +x /usr/local/bin/sccache | |
| python3.11 -m pip install maturin==1.9.4 | |
| rm -rf artifacts/x86_64/python || true | |
| mkdir -p artifacts/x86_64/python | |
| python3.11 -m maturin build --release --manifest-path asherah-py/Cargo.toml --compatibility manylinux_2_28 -i python3.11 --out artifacts/x86_64/python | |
| - name: Upload x86_64 python binding artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-x86_64-part-python | |
| retention-days: 1 | |
| path: artifacts/x86_64 | |
| build-java-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-x86_64 | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/maven | |
| .cache/sccache | |
| key: build-${{ runner.os }}-x86_64-java-${{ hashFiles('**/Cargo.lock', 'asherah-java/java/pom.xml') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-x86_64-java- | |
| - name: Download x86_64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: x86_64-rlib-artifacts | |
| path: target/ | |
| - name: Install sccache | |
| run: | | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| sudo mv sccache-*/sccache /usr/local/bin/ | |
| sudo chmod +x /usr/local/bin/sccache | |
| - name: Build Java binding (x86_64) | |
| env: | |
| TARGET_ARCH: x86_64 | |
| BINDING_COMPONENTS: java | |
| SKIP_CORE_BUILD: "1" | |
| run: ./scripts/build-bindings.sh | |
| - name: Upload x86_64 java artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-x86_64-part-java | |
| retention-days: 1 | |
| path: artifacts/x86_64 | |
| build-dotnet-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-x86_64 | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/dotnet | |
| .cache/sccache | |
| key: build-${{ runner.os }}-x86_64-dotnet-${{ hashFiles('**/Cargo.lock', 'asherah-dotnet/**/*.csproj') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-x86_64-dotnet- | |
| - name: Download x86_64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: x86_64-rlib-artifacts | |
| path: target/ | |
| - name: Install sccache | |
| run: | | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| sudo mv sccache-*/sccache /usr/local/bin/ | |
| sudo chmod +x /usr/local/bin/sccache | |
| - uses: actions/setup-dotnet@v5 | |
| with: | |
| dotnet-version: | | |
| 8.0.x | |
| 10.0.x | |
| - name: Build .NET binding (x86_64) | |
| env: | |
| TARGET_ARCH: x86_64 | |
| BINDING_COMPONENTS: dotnet | |
| SKIP_CORE_BUILD: "1" | |
| run: ./scripts/build-bindings.sh | |
| - name: Upload x86_64 dotnet artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-x86_64-part-dotnet | |
| retention-days: 1 | |
| path: artifacts/x86_64 | |
| build-ffi-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-x86_64 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download x86_64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: x86_64-rlib-artifacts | |
| path: target/ | |
| - name: Package FFI artifacts (x86_64) | |
| run: | | |
| mkdir -p artifacts/x86_64/ffi artifacts/x86_64/ruby | |
| find target/release -name 'libasherah_ffi.*' -type f ! -name '*.d' -exec cp {} artifacts/x86_64/ffi/ \; | |
| find target/release -name 'libasherah_ffi.*' -type f ! -name '*.d' -exec cp {} artifacts/x86_64/ruby/ \; | |
| - name: Upload x86_64 ffi artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-x86_64-part-ffi | |
| retention-days: 1 | |
| path: artifacts/x86_64 | |
| build-cobhan-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-x86_64 | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/sccache | |
| key: build-${{ runner.os }}-x86_64-cobhan-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-x86_64-cobhan- | |
| - name: Download x86_64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: x86_64-rlib-artifacts | |
| path: target/ | |
| - name: Install sccache | |
| run: | | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| sudo mv sccache-*/sccache /usr/local/bin/ | |
| sudo chmod +x /usr/local/bin/sccache | |
| - name: Build asherah-cobhan (x86_64) | |
| env: | |
| TARGET_ARCH: x86_64 | |
| BINDING_COMPONENTS: cobhan | |
| SKIP_CORE_BUILD: "1" | |
| run: ./scripts/build-bindings.sh | |
| - name: Upload x86_64 cobhan artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-x86_64-part-cobhan | |
| retention-days: 1 | |
| path: artifacts/x86_64 | |
| package-x86_64: | |
| runs-on: ubuntu-latest | |
| needs: [build-ffi-x86_64, build-cobhan-x86_64, build-node-x86_64, build-python-x86_64, build-dotnet-x86_64, build-java-x86_64] | |
| steps: | |
| - name: Download all x86_64 artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| pattern: bindings-linux-x86_64-part-* | |
| path: artifacts-staging | |
| merge-multiple: true | |
| - name: Consolidate artifacts | |
| run: | | |
| mkdir -p artifacts/x86_64 | |
| cp -r artifacts-staging/* artifacts/x86_64/ | |
| - name: Upload consolidated x86_64 artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-x86_64 | |
| retention-days: 1 | |
| path: artifacts/x86_64 | |
| arm64-test-image: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| env: | |
| CACHE_MAX_AGE_DAYS: 7 | |
| outputs: | |
| cache-hit: ${{ steps.check-cache.outputs.cache-hit }} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Calculate cache key | |
| id: cache-key | |
| run: | | |
| DOCKERFILE_HASH=$(sha256sum docker/tests.Dockerfile | cut -d' ' -f1 | head -c 8) | |
| # Get week number to force rebuild every N days | |
| WEEK_NUM=$(( $(date +%s) / 86400 / ${{ env.CACHE_MAX_AGE_DAYS }} )) | |
| CACHE_KEY="arm64-test-image-${DOCKERFILE_HASH}-week-${WEEK_NUM}" | |
| echo "cache-key=${CACHE_KEY}" >> $GITHUB_OUTPUT | |
| echo "Cache key: ${CACHE_KEY}" | |
| - name: Check for cached image | |
| id: check-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: /tmp/asherah-tests-arm64.tar | |
| key: ${{ steps.cache-key.outputs.cache-key }} | |
| lookup-only: true | |
| - name: Set up QEMU | |
| if: steps.check-cache.outputs.cache-hit != 'true' | |
| uses: docker/setup-qemu-action@v4 | |
| with: | |
| platforms: linux/arm64 | |
| - name: Set up Docker Buildx | |
| if: steps.check-cache.outputs.cache-hit != 'true' | |
| uses: docker/setup-buildx-action@v4 | |
| - name: Build arm64 test image | |
| if: steps.check-cache.outputs.cache-hit != 'true' | |
| run: | | |
| docker buildx build \ | |
| --file docker/tests.Dockerfile \ | |
| --platform linux/arm64 \ | |
| --tag asherah-tests:arm64 \ | |
| --cache-from type=gha,scope=tests-arm64-image \ | |
| --cache-to type=gha,mode=max,scope=tests-arm64-image \ | |
| --output type=docker,dest=/tmp/asherah-tests-arm64.tar \ | |
| . | |
| - name: Restore cached image | |
| if: steps.check-cache.outputs.cache-hit == 'true' | |
| uses: actions/cache/restore@v5 | |
| with: | |
| path: /tmp/asherah-tests-arm64.tar | |
| key: ${{ steps.cache-key.outputs.cache-key }} | |
| - name: Save image to cache | |
| if: steps.check-cache.outputs.cache-hit != 'true' | |
| uses: actions/cache/save@v5 | |
| with: | |
| path: /tmp/asherah-tests-arm64.tar | |
| key: ${{ steps.cache-key.outputs.cache-key }} | |
| - name: Upload arm64 test image | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: arm64-tests-image | |
| retention-days: 1 | |
| path: /tmp/asherah-tests-arm64.tar | |
| tests-arm64: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - package-arm64 | |
| - arm64-test-image | |
| strategy: | |
| fail-fast: true | |
| matrix: | |
| binding: [ffi, python, node, dotnet, java] | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/pip | |
| .cache/npm | |
| .cache/maven | |
| .cache/dotnet | |
| key: tests-${{ runner.os }}-arm64-${{ matrix.binding }}-${{ hashFiles('**/Cargo.lock', 'asherah-node/package-lock.json', 'asherah-py/Cargo.toml', 'asherah-py/pyproject.toml', 'asherah-java/java/pom.xml', 'asherah-dotnet/**/*.csproj') }} | |
| restore-keys: | | |
| tests-${{ runner.os }}-arm64-${{ matrix.binding }}- | |
| tests-${{ runner.os }}-arm64- | |
| - name: Download arm64 binding artifact | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: bindings-linux-aarch64-part-${{ matrix.binding }} | |
| path: artifacts/aarch64 | |
| - name: Download arm64 core FFI artifact | |
| if: matrix.binding != 'python' && matrix.binding != 'ffi' | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: bindings-linux-aarch64-part-ffi | |
| path: artifacts/aarch64 | |
| - name: Download arm64 test image | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: arm64-tests-image | |
| path: artifacts | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v4 | |
| with: | |
| platforms: linux/arm64 | |
| - name: Verify Docker availability | |
| run: docker version | |
| - name: Load arm64 test image | |
| run: docker load --input artifacts/asherah-tests-arm64.tar | |
| - name: Debug - List artifacts structure | |
| run: | | |
| echo "=== Artifacts directory structure ===" | |
| find artifacts/aarch64 -type f | head -50 || true | |
| - name: Run ${{ matrix.binding }} binding tests (Arm64) | |
| env: | |
| DOCKER_PLATFORM: linux/arm64 | |
| BINDING_TESTS_ONLY: "1" | |
| BINDING_ARTIFACTS_DIR: ${{ github.workspace }}/artifacts/aarch64 | |
| BINDING_TESTS_FAST_ONLY: "1" | |
| BINDING_TESTS_BINDING: ${{ matrix.binding }} | |
| USE_PREBUILT_TEST_IMAGE: "1" | |
| TESTS_IMAGE_TAG: asherah-tests:arm64 | |
| run: ./scripts/test-in-docker.sh | |
| sanitizers: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-x86_64 | |
| if: github.event_name == 'push' && github.ref == 'refs/heads/main' || github.event_name == 'schedule' || contains(github.event.head_commit.message, '[sanitize]') | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Cache cargo registry | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| key: sanitizers-${{ runner.os }}-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| sanitizers-${{ runner.os }}- | |
| - name: Install dependencies | |
| run: | | |
| echo 'Acquire::Retries "3";' | sudo tee /etc/apt/apt.conf.d/80-retries | |
| sudo apt-get update | |
| sudo apt-get install -y clang llvm valgrind | |
| - name: Install nightly with miri | |
| uses: dtolnay/rust-toolchain@nightly | |
| with: | |
| components: miri | |
| - name: Run miri on FFI crate | |
| run: | | |
| cargo +nightly miri setup | |
| cargo +nightly miri test -p asherah-ffi | |
| - name: Prepare nightly toolchain target | |
| run: rustup +nightly target add x86_64-unknown-linux-gnu | |
| - name: Run address sanitizer on FFI crate | |
| env: | |
| RUSTFLAGS: -Zsanitizer=address | |
| RUSTDOCFLAGS: -Zsanitizer=address | |
| ASAN_OPTIONS: detect_leaks=1 | |
| run: cargo +nightly -Zbuild-std test -p asherah-ffi --target x86_64-unknown-linux-gnu -- --test-threads=1 | |
| - name: Run valgrind on FFI tests | |
| run: | | |
| valgrind --error-exitcode=1 cargo test -p asherah-ffi --lib | |
| build-rlib-arm64: | |
| runs-on: ubuntu-latest | |
| needs: lint | |
| container: rust:1.86-bullseye | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_TARGET_DIR: ${{ github.workspace }}/target | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/sccache | |
| key: build-${{ runner.os }}-arm64-rlib-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-arm64-rlib- | |
| - name: Install cross-compile toolchain and sccache | |
| run: | | |
| echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries | |
| apt-get update | |
| apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu curl | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| mv sccache-*/sccache /usr/local/bin/ | |
| chmod +x /usr/local/bin/sccache | |
| - name: Build FFI rlib (arm64) | |
| env: | |
| CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
| CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ | |
| AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
| PKG_CONFIG_ALLOW_CROSS: 1 | |
| TARGET_ARCH: aarch64 | |
| BINDING_COMPONENTS: ffi | |
| run: | | |
| rustup target add aarch64-unknown-linux-gnu | |
| # Build core rlibs first for dependency reuse | |
| cargo build --release -p asherah --features sqlite --target aarch64-unknown-linux-gnu | |
| cargo build --release -p asherah-config --target aarch64-unknown-linux-gnu | |
| # Build FFI cdylib for other bindings | |
| ./scripts/build-bindings.sh | |
| - name: Upload arm64 rlib artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: arm64-rlib-artifacts | |
| retention-days: 1 | |
| path: target/ | |
| build-node-arm64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-arm64 | |
| container: rust:1.86-bullseye | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| NPM_CONFIG_CACHE: ${{ github.workspace }}/.cache/npm | |
| CARGO_TARGET_DIR: ${{ github.workspace }}/target | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/npm | |
| .cache/sccache | |
| key: build-${{ runner.os }}-arm64-node-${{ hashFiles('**/Cargo.lock', 'asherah-node/package-lock.json') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-arm64-node- | |
| - name: Download arm64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: arm64-rlib-artifacts | |
| path: target/ | |
| - name: Install cross-compile toolchain, Node.js, and sccache | |
| run: | | |
| echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries | |
| apt-get update | |
| apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu curl | |
| curl -fsSL https://deb.nodesource.com/setup_20.x | bash - | |
| apt-get install -y nodejs | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| mv sccache-*/sccache /usr/local/bin/ | |
| chmod +x /usr/local/bin/sccache | |
| - name: Build Node.js binding (arm64) | |
| env: | |
| CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
| CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ | |
| AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
| PKG_CONFIG_ALLOW_CROSS: 1 | |
| TARGET_ARCH: aarch64 | |
| BINDING_COMPONENTS: node | |
| SKIP_CORE_BUILD: "1" | |
| run: | | |
| rustup target add aarch64-unknown-linux-gnu | |
| rustup default 1.86.0 | |
| ./scripts/build-bindings.sh | |
| - name: Upload arm64 node binding artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-aarch64-part-node | |
| retention-days: 1 | |
| path: artifacts/aarch64 | |
| build-python-arm64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-arm64 | |
| container: rust:1.86-bullseye | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| PIP_CACHE_DIR: ${{ github.workspace }}/.cache/pip | |
| CARGO_TARGET_DIR: ${{ github.workspace }}/target | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/pip | |
| .cache/sccache | |
| key: build-${{ runner.os }}-arm64-python-${{ hashFiles('Cargo.lock', 'asherah-py/Cargo.toml') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-arm64-python- | |
| - name: Download arm64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: arm64-rlib-artifacts | |
| path: target/ | |
| - name: Install cross-compile toolchain, Python, and sccache | |
| run: | | |
| echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries | |
| apt-get update | |
| apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu python3 python3-pip python3-venv curl | |
| pip3 install maturin==1.9.4 | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| mv sccache-*/sccache /usr/local/bin/ | |
| chmod +x /usr/local/bin/sccache | |
| - name: Build Python binding (arm64) | |
| env: | |
| CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
| CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ | |
| AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
| PKG_CONFIG_ALLOW_CROSS: 1 | |
| TARGET_ARCH: aarch64 | |
| CARGO_LOG: cargo::core::compiler::fingerprint=info | |
| run: | | |
| rustup toolchain install 1.88.0 --profile minimal --component rustfmt | |
| rustup default 1.88.0 | |
| rustup target add aarch64-unknown-linux-gnu | |
| rm -rf artifacts/aarch64/python || true | |
| mkdir -p artifacts/aarch64/python | |
| maturin build --release --target aarch64-unknown-linux-gnu --manifest-path asherah-py/Cargo.toml --skip-auditwheel --out artifacts/aarch64/python 2>&1 | tee /tmp/maturin-build.log | |
| echo "=== Checking for 'Fresh' vs 'Compiling' for asherah ===" | |
| grep -E "(Fresh|Compiling) (asherah|tokio|aws)" /tmp/maturin-build.log || true | |
| - name: Upload arm64 python binding artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-aarch64-part-python | |
| retention-days: 1 | |
| path: artifacts/aarch64 | |
| build-java-arm64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-arm64 | |
| container: rust:1.86-bullseye | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_TARGET_DIR: ${{ github.workspace }}/target | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/maven | |
| .cache/sccache | |
| key: build-${{ runner.os }}-arm64-java-${{ hashFiles('**/Cargo.lock', 'asherah-java/java/pom.xml') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-arm64-java- | |
| - name: Download arm64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: arm64-rlib-artifacts | |
| path: target/ | |
| - name: Install cross-compile toolchain, Maven, and sccache | |
| run: | | |
| echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries | |
| apt-get update | |
| apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu maven curl | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| mv sccache-*/sccache /usr/local/bin/ | |
| chmod +x /usr/local/bin/sccache | |
| - name: Build Java binding (arm64) | |
| env: | |
| CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
| CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ | |
| AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
| TARGET_ARCH: aarch64 | |
| BINDING_COMPONENTS: java | |
| SKIP_CORE_BUILD: "1" | |
| run: | | |
| rustup target add aarch64-unknown-linux-gnu | |
| rustup default 1.86.0 | |
| ./scripts/build-bindings.sh | |
| - name: Upload Java binding artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-aarch64-part-java | |
| retention-days: 1 | |
| path: artifacts/aarch64 | |
| build-dotnet-arm64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-arm64 | |
| container: rust:1.86-bullseye | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_TARGET_DIR: ${{ github.workspace }}/target | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/dotnet | |
| .cache/sccache | |
| key: build-${{ runner.os }}-arm64-dotnet-${{ hashFiles('**/Cargo.lock', 'asherah-dotnet/**/*.csproj') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-arm64-dotnet- | |
| - name: Download arm64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: arm64-rlib-artifacts | |
| path: target/ | |
| - name: Install cross-compile toolchain, .NET, and sccache | |
| run: | | |
| echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries | |
| apt-get update | |
| apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu wget curl | |
| wget https://dot.net/v1/dotnet-install.sh -O dotnet-install.sh | |
| chmod +x dotnet-install.sh | |
| ./dotnet-install.sh --channel 8.0 --install-dir /usr/share/dotnet | |
| ./dotnet-install.sh --channel 10.0 --install-dir /usr/share/dotnet | |
| ln -sf /usr/share/dotnet/dotnet /usr/bin/dotnet | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| mv sccache-*/sccache /usr/local/bin/ | |
| chmod +x /usr/local/bin/sccache | |
| - name: Build .NET binding (arm64) | |
| env: | |
| CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
| CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ | |
| AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
| TARGET_ARCH: aarch64 | |
| BINDING_COMPONENTS: dotnet | |
| SKIP_CORE_BUILD: "1" | |
| run: | | |
| rustup target add aarch64-unknown-linux-gnu | |
| rustup default 1.86.0 | |
| ./scripts/build-bindings.sh | |
| - name: Upload .NET binding artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-aarch64-part-dotnet | |
| retention-days: 1 | |
| path: artifacts/aarch64 | |
| build-ffi-arm64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-arm64 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Download arm64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: arm64-rlib-artifacts | |
| path: target/ | |
| - name: Package FFI artifacts (arm64) | |
| run: | | |
| mkdir -p artifacts/aarch64/ffi artifacts/aarch64/ruby | |
| find target -name 'libasherah_ffi.*' -type f ! -name '*.d' -exec cp {} artifacts/aarch64/ffi/ \; | |
| find target -name 'libasherah_ffi.*' -type f ! -name '*.d' -exec cp {} artifacts/aarch64/ruby/ \; | |
| - name: Upload FFI artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-aarch64-part-ffi | |
| retention-days: 1 | |
| path: artifacts/aarch64 | |
| build-cobhan-arm64: | |
| runs-on: ubuntu-latest | |
| needs: build-rlib-arm64 | |
| container: rust:1.86-bullseye | |
| env: | |
| CARGO_HOME: ${{ github.workspace }}/.cache/cargo | |
| RUSTUP_HOME: ${{ github.workspace }}/.cache/rustup | |
| CARGO_TARGET_DIR: ${{ github.workspace }}/target | |
| CARGO_INCREMENTAL: 0 | |
| RUSTC_WRAPPER: sccache | |
| SCCACHE_DIR: ${{ github.workspace }}/.cache/sccache | |
| SCCACHE_CACHE_SIZE: 2G | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Restore workspace caches | |
| uses: actions/cache@v5 | |
| with: | |
| path: | | |
| .cache/cargo | |
| .cache/rustup | |
| .cache/sccache | |
| key: build-${{ runner.os }}-arm64-cobhan-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| build-${{ runner.os }}-arm64-cobhan- | |
| - name: Download arm64 rlib artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| name: arm64-rlib-artifacts | |
| path: target/ | |
| - name: Install cross-compile toolchain and sccache | |
| run: | | |
| echo 'Acquire::Retries "3";' > /etc/apt/apt.conf.d/80-retries | |
| apt-get update | |
| apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu curl | |
| curl -fL --retry 5 --retry-delay 5 https://github.com/mozilla/sccache/releases/download/v0.8.1/sccache-v0.8.1-x86_64-unknown-linux-musl.tar.gz | tar xz | |
| mv sccache-*/sccache /usr/local/bin/ | |
| chmod +x /usr/local/bin/sccache | |
| - name: Build asherah-cobhan (arm64) | |
| env: | |
| CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc | |
| CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ | |
| AR_aarch64_unknown_linux_gnu: aarch64-linux-gnu-ar | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
| PKG_CONFIG_ALLOW_CROSS: 1 | |
| TARGET_ARCH: aarch64 | |
| BINDING_COMPONENTS: cobhan | |
| SKIP_CORE_BUILD: "1" | |
| run: | | |
| rustup target add aarch64-unknown-linux-gnu | |
| rustup default 1.86.0 | |
| ./scripts/build-bindings.sh | |
| - name: Upload arm64 cobhan artifact | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-aarch64-part-cobhan | |
| retention-days: 1 | |
| path: artifacts/aarch64 | |
| package-arm64: | |
| runs-on: ubuntu-latest | |
| needs: [build-ffi-arm64, build-cobhan-arm64, build-node-arm64, build-python-arm64, build-dotnet-arm64, build-java-arm64] | |
| steps: | |
| - name: Download all arm64 artifacts | |
| uses: actions/download-artifact@v8 | |
| with: | |
| pattern: bindings-linux-aarch64-part-* | |
| path: artifacts-staging | |
| merge-multiple: true | |
| - name: Consolidate artifacts | |
| run: | | |
| mkdir -p artifacts/aarch64 | |
| cp -r artifacts-staging/* artifacts/aarch64/ | |
| - name: Upload consolidated arm64 artifacts | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| name: bindings-linux-aarch64 | |
| retention-days: 1 | |
| path: artifacts/aarch64 |