-
Notifications
You must be signed in to change notification settings - Fork 2
150 lines (119 loc) · 5.58 KB
/
prebuild.yml
File metadata and controls
150 lines (119 loc) · 5.58 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
---
name: Prebuild
# yamllint disable-line rule:truthy
on:
workflow_dispatch:
permissions:
attestations: write
contents: write
id-token: write
env:
# Disable incremental compilation to avoid overhead.
CARGO_INCREMENTAL: "0"
jobs:
release:
runs-on: ubuntu-latest
steps:
# do NOT load any caches here, we want a clean, freestanding build w/o stateful dependencies!
- name: Set Timestamp
id: timestamp
run: |
ts_iso="$(date -u -Is)"
ts_tag="$(echo "$ts_iso" | sed 's/+00:00//g' | sed 's/:/-/g')"
echo "iso=$ts_iso"
echo "tag=$ts_tag"
echo TIMESTAMP_ISO="$ts_iso" >> "$GITHUB_OUTPUT"
echo TIMESTAMP_TAG="$ts_tag" >> "$GITHUB_OUTPUT"
- name: Checkout
uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1
with:
fetch-depth: 1
- name: Fetch main branch
run: git fetch --depth=1 origin main
- name: Free disk space
uses: ./.github/actions/free-disk-space
- name: Install `just`
uses: taiki-e/install-action@50708e9ba8d7b6587a2cb575ddaa9a62e927bc06 # v2
with:
tool: just
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 # master
with:
toolchain: stable
targets: wasm32-wasip2
- name: build "add one" example (debug)
run: just guests::rust::build-add-one-debug
- name: build "add one" example (release)
run: just guests::rust::build-add-one-release
- name: build python guest (debug)
run: just guests::python::build-debug
- name: build python guest (release)
run: just guests::python::build-release
# we need unique file names for the release
- name: stage release files
run: |
mkdir out
mv target/wasm32-wasip2/debug/examples/add_one.wasm out/example_add_one.debug.wasm
mv target/wasm32-wasip2/release/examples/add_one.wasm out/example_add_one.release.wasm
mv target/wasm32-wasip2/debug/datafusion_udf_wasm_python.wasm out/datafusion_udf_wasm_python.debug.wasm
mv target/wasm32-wasip2/release/datafusion_udf_wasm_python.wasm out/datafusion_udf_wasm_python.release.wasm
- name: compile WASM to machine code
run: |
targets=(
"aarch64-apple-darwin"
"aarch64-pc-windows-msvc"
"aarch64-unknown-linux-gnu"
"x86_64-apple-darwin",
"x86_64-pc-windows-msvc"
"x86_64-unknown-linux-gnu"
)
for wasm_path in out/*.wasm; do
wasm_basename="$(basename "$wasm_path" .wasm)"
for target in "${targets[@]}"; do
out_file="${wasm_basename}.${target}.elf"
echo "$out_file"
cargo run --bin=compile --features="all-arch" -- "$wasm_path" "out/${out_file}" "$target"
done
done
- name: calculate checksums
run: |
sha256sum * > sha256sum.txt
working-directory: ./out
- name: read wasmtime version
id: wasmtime
run: |
version="$(cargo metadata --format-version=1 | jq --raw-output '.packages[] | select(.name == "wasmtime") | .version')"
echo "version=$version"
echo VERSION="$version" >> "$GITHUB_OUTPUT"
- name: attestation
id: attestation
uses: actions/attest-build-provenance@977bb373ede98d70efdf65b84cb5f73e068dcc2a # v3
with:
subject-path: out/*
- name: publish release
uses: softprops/action-gh-release@a06a81a03ee405af7f2048a818ed3f03bbf83c7b # v2
with:
body: |
WASM guest binaries.
# Build Metadata
**Commit:** [`${{ github.sha }}`](${{ github.server_url }}/${{ github.repository }}/tree/${{ github.sha }})
**Wasmtime:** `${{ steps.wasmtime.outputs.VERSION }}`
**Build Timestamp:** `${{ steps.timestamp.outputs.TIMESTAMP_ISO }}`
**Build Attestation:** <${{ steps.attestation.outputs.attestation-url }}>
# WASM Binaries
We build the following targets:
- `example_add_one`: "add one" Rust example UDF
- `datafusion_udf_wasm_python`: Guest for Python-based UDFs, bundles CPython.
Each of them is provided in `debug` and `release` builds. The artifacts have the file extension `.wasm`.
# Machine-Code Binaries
In addition to the WASM binary blobs, we also provide pre-compiled guests for various targets to be used with `wasmtime`. The artifacts have the file extension `.elf`.
**⚠️ Using pre-build binaries requires you to validate the source and trust the binary. Using a binary blindly can lead to remote code execution, memory and data corruption, and all kinds of bad things. You can use the provided build attestation. ⚠️**
# Checksums & Attestation
We provide sha256 checksums for all artifacts in `sha256sum.txt`. You can use that file -- either directly or indirectly via its own checksum -- to safely pin all artifacts of this release. We also provide [build attestation](${{ steps.attestation.outputs.attestation-url }}).
preserve_order: true
files: out/*
name: "WASM Binaries ${{ steps.timestamp.outputs.TIMESTAMP_ISO }}"
tag_name: "wasm-binaries/${{ steps.timestamp.outputs.TIMESTAMP_TAG }}/${{ github.sha }}"
fail_on_unmatched_files: true
target_commitish: "${{ github.sha }}"
make_latest: false