quickfix - interim build #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Copyright (c) 2025 Elide Technologies, Inc. | |
| # | |
| # Licensed under the MIT license (the "License"); you may not use this file except in compliance | |
| # with the License. You may obtain a copy of the License at | |
| # | |
| # https://opensource.org/license/mit/ | |
| # | |
| # Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on | |
| # an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the | |
| # License for the specific language governing permissions and limitations under the License. | |
| # | |
| name: Release | |
| "on": | |
| workflow_dispatch: | |
| inputs: | |
| test: | |
| description: "Test Mode" | |
| type: boolean | |
| default: true | |
| push: | |
| branches: | |
| - chore/release-pipeline | |
| # Do not add `ELIDE_VERSION` here like other workflows, or it may interfere with the release version override. | |
| env: | |
| RUST_BACKTRACE: full | |
| SCCACHE_DIRECT: "true" | |
| RUSTC_WRAPPER: "sccache" | |
| BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} | |
| permissions: | |
| contents: read | |
| jobs: | |
| ## | |
| ## Job: Library Build | |
| ## | |
| release: | |
| name: "Release: Native (Debug, ${{ matrix.os }}, ${{ matrix.arch || 'amd64' }})" | |
| runs-on: ${{ matrix.runner }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: Linux | |
| runner: ubuntu-cipool | |
| arch: amd64 | |
| labs: false | |
| tag: linux-amd64 | |
| # - os: macOS | |
| # runner: ${{ inputs.runner_large_macos }} | |
| # arch: amd64 | |
| # labs: false | |
| # tag: darwin-amd64 | |
| # provenance: [true] | |
| permissions: | |
| contents: write | |
| id-token: write | |
| defaults: | |
| run: | |
| shell: bash | |
| steps: | |
| - name: "Setup: Determine Mode" | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| echo "TEST_MODE=${{ inputs.test }}" >> $GITHUB_ENV | |
| else | |
| echo "TEST_MODE=false" >> $GITHUB_ENV | |
| fi | |
| - name: "Setup: Harden Runner" | |
| uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 | |
| with: | |
| disable-sudo: false | |
| egress-policy: audit | |
| - name: "Setup: Checkout" | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| persist-credentials: false | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Setup: Cache Restore" | |
| id: cache-restore | |
| uses: buildjet/cache/restore@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2 | |
| with: | |
| key: elide-v3-build-${{ hashFiles('gradle/elide.versions.toml') }} | |
| path: | | |
| tools/elide-build/build/**/*.* | |
| packages/*/build/**/*.* | |
| target/ | |
| target/x86_64-unknown-linux-gnu/debug/*.a | |
| target/x86_64-unknown-linux-gnu/debug/*.so | |
| third_party/sqlite/install/ | |
| restore-keys: | | |
| elide-v3-build-${{ hashFiles('gradle/elide.versions.toml') }} | |
| elide-v3- | |
| - name: "Setup: Packages" | |
| if: contains(matrix.runner, 'ubuntu') || contains(matrix.runner, 'linux') | |
| run: sudo apt-get update && sudo apt-get install -y build-essential libssl-dev | |
| - name: "Setup: Rust" | |
| uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0 | |
| with: | |
| toolchain: stable | |
| cache: true # handled by sccache | |
| cache-key: "elide-rust-v1-{{ hashFiles('Cargo.lock') }}" | |
| - name: "Setup: SCCache" | |
| uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: "Setup: Rust Caching" | |
| run: echo "RUSTC_WRAPPER=sccache" >> $GITHUB_ENV | |
| - name: "Setup: GraalVM (Java 25)" | |
| uses: graalvm/setup-graalvm@7f488cf82a3629ee755e4e97342c01d6bed318fa # v1.3.5 | |
| with: | |
| distribution: "graalvm" | |
| java-version: "25" | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: "Setup: Node" | |
| uses: actions/setup-node@a0853c24544627f65ddf259abe73b1d18a591444 # v5.0.0 | |
| with: | |
| node-version: 23 | |
| - name: "Setup: Bun" | |
| uses: step-security/setup-bun@a961ff54612b97ac3259f517fb6a81be3b657a59 # v2.0.2 | |
| with: | |
| bun-version: "1.2.14" | |
| - name: "Setup: PNPM" | |
| uses: pnpm/action-setup@a7487c7e89a18df4991f7f222e4898a00d66ddda # v4.1.0 | |
| with: | |
| version: "10.6.2" | |
| - name: "Setup: uv" | |
| uses: astral-sh/setup-uv@7edac99f961f18b581bbd960d59d049f04c0002f # v6.4.1 | |
| - name: "Setup: Dependencies" | |
| run: | | |
| echo "Setting up venv..." | |
| uv venv | |
| echo "Activating venv..." | |
| . .venv/bin/activate | |
| echo "Installing dependencies via Pip..." | |
| uv pip install -r config/requirements.txt | |
| echo PATH=$PATH >> $GITHUB_ENV | |
| echo "Installing dependencies..." | |
| pnpm install | |
| - name: "Setup: Gradle" | |
| uses: gradle/actions/setup-gradle@ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3 | |
| id: gradlebuild | |
| continue-on-error: ${{ matrix.mode == 'labs' }} | |
| env: | |
| CI: true | |
| BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} | |
| cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} | |
| with: | |
| cache-read-only: false | |
| cache-encryption-key: ${{ secrets.GRADLE_CONFIGURATION_KEY }} | |
| dependency-graph: disabled | |
| gradle-home-cache-cleanup: true | |
| gradle-home-cache-includes: binaryen | |
| caches | |
| jdks | |
| native | |
| native-build-tools | |
| nodejs | |
| notifications | |
| wrapper | |
| yarn | |
| - name: "Setup: Gradle Settings" | |
| run: cp -fv ./.github/workflows/gradle-ci.properties ~/.gradle/gradle.properties | |
| - name: "Setup: Cosign" | |
| uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 | |
| - name: "Build Environment" | |
| run: file Makefile && make info CI=yes 2>&1 | tee build-info.txt | |
| - name: "🛠️ Build: Image" | |
| env: | |
| CI: true | |
| BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| TEST_EXCEPTIONS: true | |
| run: | | |
| bash ./tools/scripts/release/native-build.sh --release --publish | |
| - name: "Setup: Signing Keys" | |
| run: | | |
| cat <(echo -e "${{ secrets.SIGNING_KEY }}") | base64 -d | gpg --batch --import | |
| gpg --list-secret-keys --keyid-format LONG | |
| gpg --export-secret-keys > /home/runner/.gnupg/secring.gpg | |
| # - name: "Artifact: Build Outputs" | |
| # uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| # if: ${{ env.TEST_MODE == 'false' }} | |
| # id: build-artifact | |
| # with: | |
| # name: elide-${{env.ELIDE_VERSION}}-${{ matrix.os }}-${{ matrix.arch }} | |
| # path: packages/cli/build/native/nativeOptimizedCompile/**/*.* | |
| - name: "Get Version" | |
| run: | | |
| source ./tools/scripts/release/version-setter.sh | |
| echo "ELIDE_VERSION=$ELIDE_VERSION" >> $GITHUB_ENV | |
| - name: "🛠 Release: Package" | |
| run: bash ./tools/scripts/release/package-release.sh | |
| env: | |
| COSIGN_KEY: ${{ secrets.COSIGN_KEY }} | |
| COSIGN_PASSWORD: ${{ secrets.COSIGN_PASSWORD }} | |
| COSIGN_ARGS: "--key env://COSIGN_KEY" | |
| - name: "🛠 Release: Stage" | |
| run: | |
| bash ./tools/scripts/release/stage-release.sh | |
| # - name: "Artifact: Release Package" | |
| # uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| # if: ${{ env.TEST_MODE == 'false' }} | |
| # id: pack-artifact | |
| # with: | |
| # name: elide-${{env.ELIDE_VERSION}}-${{ matrix.os }}-${{ matrix.arch }}.zip | |
| # path: staging/**/*.* | |