diff --git a/.cargo/config.macos-arm64.toml b/.cargo/config.macos-arm64.toml index 484dfc1392..5964941bff 100644 --- a/.cargo/config.macos-arm64.toml +++ b/.cargo/config.macos-arm64.toml @@ -54,7 +54,7 @@ rustflags = [ # "-Zvirtual-function-elimination", # Explicit macOS target version to align with C-layer code. - "-Clink-arg=-mmacosx-version-min=15.0", + "-Clink-arg=-mmacosx-version-min=14.0", ] [env] @@ -68,5 +68,4 @@ OPENSSL_LIB_DIR = { value = "target/lib", relative = true } OPENSSL_INCLUDE_DIR = { value = "target/include", relative = true } SQLITE3_LIB_DIR = { value = "target/lib", relative = true } SQLITE3_INCLUDE_DIR = { value = "target/include", relative = true } -MACOSX_DEPLOYMENT_TARGET = { value = "15.0" } - +MACOSX_DEPLOYMENT_TARGET = { value = "14.0" } diff --git a/.cargo/config.macos-x86_64.toml b/.cargo/config.macos-x86_64.toml new file mode 100644 index 0000000000..e82fd0b45b --- /dev/null +++ b/.cargo/config.macos-x86_64.toml @@ -0,0 +1,62 @@ +# +# Copyright (c) 2024 Elide Technologies, Inc. +# +# Licensed under the MIT license (the "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# https://opensource.org/license/mit/ +# +# Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on +# an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations under the License. +# + +[build] +rustflags = [ + # Use clang to drive linking via linker plugins, with lld as the linker. Wire in the linker script which fixes LTO + # arguments via linker plugins. + # "-Clinker=clang", + # "-Clink-arg=-fuse-ld=lld", + + # Defer LTO to the final linkage step, which happens outside `rustc`. + # "-Clto=thin", + # "-Clinker-plugin-lto", + + # Target the native host CPU. + # "-Ctarget-cpu=apple-m1", + + # Enforce completely position-independent executables. + "-Crelocation-model=pic", + + # Enables access to unstable options. + # "-Zunstable-options", + + # Tune for M2, despite compat at M1. + # "-Ztune-cpu=apple-m2", + + # Assigns alignment with macOS build flags in `third_party`; for equivalence to `-mbranch-protection-standard`, + # see: https://developer.arm.com/documentation/102433/0200/Applying-these-techniques-to-real-code + # "-Zbranch-protection=bti,pac-ret", + + # Thread locals are confined to the inner binary, and are never accessible beyond the VM barrier. + # "-Ztls_model=local-exec", + + # Build the Rust stdlib when we build the runtime, so that flags are applied uniformly. + # "-Zbuild-std", + + # Symbol visibility is set to `hidden` by default. + # "-Zdefault_hidden_visibility=yes", + + # Enable elimination of unused virtual functions if LLVM can prove in the LTO phase that they are never executed. + # "-Zvirtual-function-elimination", + + # Explicit macOS target version to align with C-layer code. + "-Clink-arg=-mmacosx-version-min=14.0", +] + +[env] +ELIDE_ROOT = { value = ".", relative = true } +SQLITE3_STATIC = { value = "1" } +SQLITE3_LIB_DIR = { value = "target/lib", relative = true } +SQLITE3_INCLUDE_DIR = { value = "target/include", relative = true } +MACOSX_DEPLOYMENT_TARGET = { value = "14.0" } diff --git a/.github/workflows/job.native-image.yml b/.github/workflows/job.native-image.yml index f3dcf14b45..78961c0f09 100644 --- a/.github/workflows/job.native-image.yml +++ b/.github/workflows/job.native-image.yml @@ -22,6 +22,12 @@ name: Native Image type: boolean default: false + ## Input: Enable Signing + signing: + description: "Signing" + type: boolean + default: false + ## Input: Static Linkage static: description: "Static" @@ -92,6 +98,14 @@ name: Native Image description: "Release" type: boolean default: false + signing: + description: "Signing" + type: boolean + default: false + provenance: + description: "Provenance" + type: boolean + default: false static: description: "Static" type: boolean @@ -161,9 +175,8 @@ name: Native Image # Do not add `ELIDE_VERSION` here like other workflows, or it may interfere with the release version override. env: RUST_BACKTRACE: full - SCCACHE_DIRECT: "true" - RUSTC_WRAPPER: "sccache" BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} + MACOSX_DEPLOYMENT_TARGET: "14.0" permissions: contents: read @@ -173,19 +186,8 @@ jobs: ## Job: Library Build ## gradle: - strategy: - fail-fast: false - matrix: - os: ["${{ inputs.os }}"] - mode: ["Strict"] - machine: - - ${{ inputs.runner }} - arch: - - ${{ inputs.arch }} - - name: "Native (${{ matrix.os }}-${{ matrix.arch }})" - runs-on: ${{ matrix.machine }} - continue-on-error: ${{ matrix.mode != 'Strict' }} + name: "Native (${{ inputs.os }}-${{ inputs.arch }})" + runs-on: ${{ inputs.runner }} permissions: contents: write @@ -211,25 +213,11 @@ jobs: - name: "Setup: Checkout" uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 with: - fetch-depth: 0 + fetch-depth: 1 submodules: true persist-credentials: false + clean: true token: ${{ secrets.GITHUB_TOKEN }} - - name: "Setup: Cache Restore" - id: cache-restore - uses: buildjet/cache/restore@3e70d19e31d6a8030aeddf6ed8dbe601f94d09f4 # v4.0.2 - with: - key: elide-v3-build-${{ hashFiles('gradle/elide.versions.toml') }} - path: | - tools/elide-build/build/**/*.* - packages/*/build/**/*.* - target/ - target/x86_64-unknown-linux-gnu/debug/*.a - target/x86_64-unknown-linux-gnu/debug/*.so - third_party/sqlite/install/ - restore-keys: | - elide-v3-build-${{ hashFiles('gradle/elide.versions.toml') }} - elide-v3- - name: "Setup: Packages" if: contains(inputs.runner, 'ubuntu') || contains(inputs.runner, 'linux') run: sudo apt-get update && sudo apt-get install -y build-essential libssl-dev libtool libtool-bin @@ -237,8 +225,7 @@ jobs: uses: actions-rust-lang/setup-rust-toolchain@fb51252c7ba57d633bc668f941da052e410add48 # v1.13.0 with: toolchain: stable - cache: true # handled by sccache - cache-key: "elide-rust-v1-{{ hashFiles('Cargo.lock') }}" + cache: false # handled by sccache - name: "Setup: SCCache" uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 - name: "Setup: Rust Caching" @@ -277,13 +264,12 @@ jobs: - name: "Setup: Gradle" uses: gradle/actions/setup-gradle@4d9f0ba0025fe599b4ebab900eb7f3a1d93ef4c2 # v5.0.0 id: gradlebuild - continue-on-error: ${{ matrix.mode == 'labs' }} env: CI: true BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} cache-encryption-key: ${{ secrets.GRADLE_ENCRYPTION_KEY }} with: - cache-read-only: false + cache-read-only: true cache-encryption-key: ${{ secrets.GRADLE_CONFIGURATION_KEY }} dependency-graph: disabled gradle-home-cache-cleanup: true @@ -301,7 +287,7 @@ jobs: - name: "Setup: Gradle Settings (Globals)" run: cp -fv /home/ci-agent/gradle-ci.properties ~/.gradle/gradle.properties || echo "No global settings." - name: "Setup: Cosign" - if: inputs.pack + if: inputs.pack && inputs.signing uses: sigstore/cosign-installer@d7543c93d881b35a8faa02e8e3605f69b7a1ce62 # v3.10.0 - name: "Build Environment" run: file Makefile && make info CI=yes 2>&1 | tee build-info.txt @@ -314,12 +300,21 @@ jobs: sed -i "s/elide = \"${current_version}\"/elide = \"${{ inputs.version }}\"/g" gradle/elide.versions.toml sed -i "s/elide-bin = \"${current_version}\"/elide-bin = \"${{ inputs.version }}\"/g" gradle/elide.versions.toml sed -i "s/${current_version}/${{ inputs.version }}/g" tools/elide-build/src/main/kotlin/elide/internal/conventions/Constants.kt + - name: "🛠️ Release: Third-Party Natives" + env: + CI: true + BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + TEST_EXCEPTIONS: true + run: make natives CI=yes + timeout-minutes: 10 - name: "🛠️ Release: Image" env: CI: true BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} TEST_EXCEPTIONS: true + timeout-minutes: 30 run: | ./gradlew \ :packages:cli:nativeOptimizedCompile \ @@ -342,23 +337,25 @@ jobs: -Pelide.release=${{ inputs.release }} \ -Pelide.buildMode=${{ inputs.release == true && 'release' || 'dev' }} - name: "Setup: Signing Keys" + if: inputs.release && inputs.pack && inputs.signing run: | cat <(echo -e "${{ secrets.SIGNING_KEY }}") | base64 -d | gpg --batch --import gpg --list-secret-keys --keyid-format LONG - gpg --export-secret-keys > /home/runner/.gnupg/secring.gpg + mkdir -p /home/$(whoami)/.gnupg/ + gpg --export-secret-keys > /home/$(whoami)/.gnupg/secring.gpg || echo "No key exported." - name: "Artifact: Build Outputs" uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 id: build-artifact with: - name: elide-native-${{ inputs.release == true && 'release' || 'dev' }}-${{ matrix.os }}-${{ matrix.arch }} + name: elide-native-${{ inputs.release == true && 'release' || 'dev' }}-${{ inputs.os }}-${{ inputs.arch }} path: packages/cli/build/native/nativeOptimizedCompile/**/*.* - name: "Artifact: Provenance Subject" id: hash - if: ${{ matrix.os == 'linux' && inputs.release }} + if: inputs.release && inputs.pack && inputs.signing run: | echo "hashes=$(sha256sum ./packages/cli/build/native/nativeOptimizedCompile/elide | base64 -w0)" >> "$GITHUB_OUTPUT" - name: "🛠️ Release: Package" - if: inputs.pack + if: inputs.pack && inputs.signing run: bash ./tools/scripts/release/build-release.sh env: COSIGN_KEY: ${{ secrets.COSIGN_KEY }} @@ -387,5 +384,5 @@ jobs: id: pack-artifact if: inputs.pack with: - name: elide-native-${{ inputs.release == true && 'release' || 'dev' }}-${{ matrix.os }}-${{ matrix.arch }}-release.zip + name: elide-native-${{ inputs.release == true && 'release' || 'dev' }}-${{ inputs.os }}-${{ inputs.arch }}-release.zip path: staging/**/*.* diff --git a/.github/workflows/job.native-images.yml b/.github/workflows/job.native-images.yml index a5239a75ce..ed617ce565 100644 --- a/.github/workflows/job.native-images.yml +++ b/.github/workflows/job.native-images.yml @@ -22,6 +22,12 @@ name: Native Images type: boolean default: false + ## Input: Enable Signing + signing: + description: "Signing" + type: boolean + default: false + ## Input: Optimization opt: description: "Optimization" @@ -60,6 +66,10 @@ name: Native Images description: "Release" type: boolean default: false + signing: + description: "Signing" + type: boolean + default: false opt: description: "Optimization" type: string @@ -106,8 +116,6 @@ name: Native Images # Do not add `ELIDE_VERSION` here like other workflows, or it may interfere with the release version override. env: RUST_BACKTRACE: full - SCCACHE_DIRECT: "true" - RUSTC_WRAPPER: "sccache" BUILDLESS_APIKEY: ${{ secrets.BUILDLESS_APIKEY }} permissions: @@ -128,7 +136,7 @@ jobs: - amd64 - aarch64 - name: "Native (${{ matrix.os }}-${{ matrix.arch }})" + name: "Native Image" permissions: contents: write @@ -138,6 +146,7 @@ jobs: secrets: inherit with: release: ${{ inputs.release }} + signing: ${{ inputs.signing }} pgo: ${{ inputs.pgo }} pack: ${{ inputs.pack }} version: "${{ inputs.version }}" diff --git a/.gitmodules b/.gitmodules index 25d48ba434..44a81ddc17 100644 --- a/.gitmodules +++ b/.gitmodules @@ -12,9 +12,10 @@ [submodule "apr"] path = third_party/apache/apr url = git@github.com:apache/apr.git + shallow = true ignore = dirty [submodule "boringssl"] path = third_party/google/boringssl url = git@github.com:google/boringssl.git + shallow = true ignore = dirty - diff --git a/Makefile b/Makefile index 33f8762cf2..add9f16fbb 100644 --- a/Makefile +++ b/Makefile @@ -30,7 +30,7 @@ COVERAGE ?= yes BUILD_NATIVE_IMAGE ?= no BUILD_STDLIB ?= no RELEASE ?= no -MACOS_MIN_VERSION ?= 12.3 +MACOS_MIN_VERSION ?= 14.0 ENABLE_CCACHE ?= no ENABLE_SCCACHE ?= yes CUSTOM_JVM ?= no diff --git a/crates/builder/src/lib.rs b/crates/builder/src/lib.rs index 0b6a814869..8ee22e571f 100644 --- a/crates/builder/src/lib.rs +++ b/crates/builder/src/lib.rs @@ -47,7 +47,7 @@ const DEBUG: &str = "debug"; const RELEASE: &str = "release"; /// Minimum supported version of macOS. -pub const MACOS_MIN: &str = "12.3"; +pub const MACOS_MIN: &str = "14.0"; /// Minimum supported version of Android. const android_api_version: &str = "21"; diff --git a/crates/builder/src/model.rs b/crates/builder/src/model.rs index bf394cf44a..c3f9ae8293 100644 --- a/crates/builder/src/model.rs +++ b/crates/builder/src/model.rs @@ -33,7 +33,7 @@ const DEBUG: &str = "debug"; const RELEASE: &str = "release"; /// Minimum supported version of macOS. -pub const MACOS_MIN: &str = "12.3"; +pub const MACOS_MIN: &str = "14.0"; /// Enumerates the types of build profiles which Elide supports. #[derive(Debug, Serialize, Deserialize, PartialEq, Eq)] diff --git a/crates/local-ai/Cargo.toml b/crates/local-ai/Cargo.toml index 57c12f4fb8..84ca2846b1 100644 --- a/crates/local-ai/Cargo.toml +++ b/crates/local-ai/Cargo.toml @@ -62,6 +62,10 @@ default-features = true workspace = true default-features = false +[target.x86_64-apple-darwin.dependencies.llama-cpp-2] +workspace = true +default-features = true + [target.aarch64-apple-darwin.dependencies.llama-cpp-2] workspace = true default-features = true diff --git a/packages/cli/build.gradle.kts b/packages/cli/build.gradle.kts index a524249b72..9497d2e46d 100644 --- a/packages/cli/build.gradle.kts +++ b/packages/cli/build.gradle.kts @@ -183,6 +183,7 @@ val dumpPointsTo = false val elideTarget = TargetInfo.current(project) val effectiveGc = findProperty("elide.gc") ?: "serial" val defaultArchTarget = when { + TargetCriteria.allOf(elideTarget, Criteria.MacAmd64) -> "compatibility" TargetCriteria.allOf(elideTarget, Criteria.Amd64) -> "x86-64-v3" TargetCriteria.allOf(elideTarget, Criteria.MacArm64) -> "armv8.1-a" else -> "compatibility" @@ -1876,7 +1877,7 @@ val linuxOnlyArgs = defaultPlatformArgs.plus( "-Delide.vm.engine.preinitialize=true", ) else emptyList()) ).plus(if (project.properties["elide.ci"] == "true") listOf( - "-J-Xmx${nativeBuildRam("64g")}", + "-J-Xmx${nativeBuildRam("32g")}", "--parallelism=${nativeBuildCpus(Runtime.getRuntime().availableProcessors())}", ) else listOf( "-J-Xmx${nativeBuildRam("64g")}", diff --git a/packages/cli/src/config/resource-config-darwin-amd64.json b/packages/cli/src/config/resource-config-darwin-amd64.json index e48bcbe2b9..e74fe92d5b 100644 --- a/packages/cli/src/config/resource-config-darwin-amd64.json +++ b/packages/cli/src/config/resource-config-darwin-amd64.json @@ -14,8 +14,6 @@ { "pattern": "Windows" }, { "pattern": "win32" }, { "pattern": "Win32" }, - { "pattern": "*.dll\\E" }, - { "pattern": "*.so\\E" }, { "pattern": "aarch64" }, { "pattern": "arm64" } ] diff --git a/packages/graalvm/build.gradle.kts b/packages/graalvm/build.gradle.kts index ca5dc4d967..bf017293d2 100644 --- a/packages/graalvm/build.gradle.kts +++ b/packages/graalvm/build.gradle.kts @@ -722,8 +722,8 @@ private fun TargetInfo.matches(criteria: TargetPredicate): Boolean = val isClang19 = findProperty("elide.compiler") == "clang-19" fun resolveCargoConfig(target: TargetInfo): File? = when { - // Disabled: causes issues with clang. - // target.matches(Criteria.MacArm64) -> "macos-arm64" + target.matches(Criteria.MacAmd64) -> "macos-x86_64" + target.matches(Criteria.MacArm64) -> "macos-arm64" target.matches(Criteria.Amd64) -> if (isClang19) "clang-x86_64" else "x86_64" target.matches(Criteria.Arm64) -> if (isClang19) "clang-arm64" else "arm64" else -> null @@ -776,7 +776,7 @@ val buildRustNativesForHostRelease by tasks.registering(Exec::class) { executable = "cargo" args(baseCargoFlags.plus("--release")) environment("JAVA_HOME", System.getProperty("java.home")) - environment("MACOSX_DEPLOYMENT_TARGET", "15.0") + environment("MACOSX_DEPLOYMENT_TARGET", "14.0") outputs.upToDateWhen { true } outputs.dir(targetDir) @@ -789,7 +789,7 @@ val buildRustNativesForHostDebug by tasks.registering(Exec::class) { executable = "cargo" args(baseCargoFlags) environment("JAVA_HOME", System.getProperty("java.home")) - environment("MACOSX_DEPLOYMENT_TARGET", "15.0") + environment("MACOSX_DEPLOYMENT_TARGET", "14.0") outputs.upToDateWhen { true } outputs.dir(targetDir) @@ -802,7 +802,7 @@ val buildRustNativesForHost by tasks.registering(Exec::class) { executable = "cargo" args(baseCargoFlags.plus(listOfNotNull(if (isRelease) "--release" else null))) environment("JAVA_HOME", System.getProperty("java.home")) - environment("MACOSX_DEPLOYMENT_TARGET", "15.0") + environment("MACOSX_DEPLOYMENT_TARGET", "14.0") outputs.upToDateWhen { true } outputs.dir(targetDir) diff --git a/third_party/Makefile b/third_party/Makefile index 2cfcf9dc7b..abadeb3967 100644 --- a/third_party/Makefile +++ b/third_party/Makefile @@ -24,7 +24,7 @@ USE_NINJA ?= yes ENABLE_CCACHE ?= no ENABLE_SCCACHE ?= no ELIDE_ROOT ?= $(realpath $(shell pwd)/..) -MACOS_MIN_VERSION ?= 12.3 +MACOS_MIN_VERSION ?= 14.0 NATIVE_TOOLS ?= boringssl sqlite apr LANGS ?= pkl diff --git a/third_party/oracle/truffle-api.jar b/third_party/oracle/truffle-api.jar index 20eefe885c..0b29883c8f 100644 Binary files a/third_party/oracle/truffle-api.jar and b/third_party/oracle/truffle-api.jar differ