rob thijssen
60176e7c2e
Two CI hygiene fixes uncovered while validating against the live fleet.
1. Same-day prerelease packages were being ordered by RPM-vercmp's
alpha-vs-digit precedence on the git SHA fragment, not by commit
chronology. With release stamps like "0.1.${YYYYMMDD}git${SHA}",
two commits on the same day produce the same numeric prefix and
rpmvercmp falls back to comparing the alphanumeric SHA suffixes,
where digit-leading SHAs are ranked above alpha-leading ones —
completely unrelated to which commit landed first. Verified with
rpmdev-vercmp:
gitabc1234 < gitdef5678 (old scheme — purely lexicographic)
Bumping the timestamp prefix to second-precision (%Y%m%d%H%M%S)
makes the numeric prefix strictly monotonic for any chronologically-
ordered commits, so the SHA fragment becomes a debug identifier
only — never participates in version ordering.
2. ci.yml and build-prerelease.yml both target the `rust` runner label
and both auto-trigger on push to main. The act-based runner reuses
/root/.cache/act/<hash>/hostexecutor/ across concurrent jobs, so
ci.yml's clippy and build-prerelease.yml's build-cortex were racing
each other's checkout/cleanup steps and corrupting in-flight
compile artifacts. Real fix is in gongfoo; workflow-level workaround
is a shared concurrency group with cancel-in-progress=false so the
two workflows queue sequentially on the same ref.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
263 lines
8.0 KiB
YAML
263 lines
8.0 KiB
YAML
name: CI
|
|
|
|
on:
|
|
push:
|
|
branches: ["**"]
|
|
tags: ["v*"]
|
|
pull_request:
|
|
branches: [main]
|
|
|
|
# Share a concurrency group with build-prerelease.yml so the two
|
|
# workflows don't race on the same `rust` runner workspace (act's
|
|
# /root/.cache/act/<hash>/hostexecutor/ is shared across concurrent
|
|
# jobs and one job's checkout step nukes another's in-flight build
|
|
# files). cancel-in-progress=false → they queue; same-ref pushes
|
|
# coalesce per workflow via cancel-in-progress on each.
|
|
concurrency:
|
|
group: cortex-runner-pool-${{ github.ref }}
|
|
cancel-in-progress: false
|
|
|
|
env:
|
|
CARGO_INCREMENTAL: "0"
|
|
RUSTC_WRAPPER: sccache
|
|
SCCACHE_BUCKET: sccache
|
|
SCCACHE_ENDPOINT: http://caveman.kosherinata.internal:9000
|
|
SCCACHE_REGION: auto
|
|
SCCACHE_S3_USE_SSL: "false"
|
|
AWS_ACCESS_KEY_ID: ${{ secrets.SCCACHE_S3_ACCESS_KEY }}
|
|
AWS_SECRET_ACCESS_KEY: ${{ secrets.SCCACHE_S3_SECRET_KEY }}
|
|
# fmt, clippy, and test all run in parallel on the same `rust` runner
|
|
# and would otherwise share /root/.cache/act/<hash>/hostexecutor/target/,
|
|
# racing each other's cargo temp files (.tmpXXXXXX) and failing builds
|
|
# mid-compile. Give each job its own target directory so the invocations
|
|
# don't collide. sccache still backs the actual rustc cache, so the
|
|
# rebuild penalty is small.
|
|
CARGO_TARGET_DIR: target-${{ github.job }}
|
|
|
|
jobs:
|
|
fmt:
|
|
name: Format
|
|
runs-on: rust
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- run: cargo fmt --check --all
|
|
|
|
clippy:
|
|
name: Clippy
|
|
runs-on: rust
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- run: cargo clippy --workspace -- -D warnings
|
|
- run: sccache --show-stats
|
|
|
|
test:
|
|
name: Test
|
|
runs-on: rust
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- run: cargo test --workspace
|
|
- run: sccache --show-stats
|
|
|
|
srpm-cortex:
|
|
name: Build cortex SRPM
|
|
runs-on: rpm
|
|
needs: [fmt, clippy, test]
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Determine version
|
|
id: version
|
|
run: |
|
|
VERSION="${GITHUB_REF#refs/tags/v}"
|
|
echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Stamp version
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
sed -i '/\[workspace\.package\]/,/\[/{ s/^version = ".*"/version = "'"${VERSION}"'"/ }' Cargo.toml
|
|
sed -i "s/^Version:.*/Version: ${VERSION}/" cortex.spec
|
|
|
|
- name: Generate changelog entry
|
|
uses: https://git.lair.cafe/actions/rpm-changelog@v1
|
|
with:
|
|
spec: cortex.spec
|
|
version: ${{ steps.version.outputs.VERSION }}
|
|
|
|
- name: Generate source tarball
|
|
run: |
|
|
set -ex
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
tar czf /tmp/cortex-${VERSION}.tar.gz \
|
|
--transform "s,^\.,cortex-${VERSION}," \
|
|
--exclude='./target' \
|
|
--exclude='./.git' \
|
|
--exclude='*.tar.gz' \
|
|
--exclude='*.src.rpm' \
|
|
.
|
|
mv /tmp/cortex-${VERSION}.tar.gz .
|
|
|
|
- name: Vendor Rust dependencies
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
cargo vendor vendor/
|
|
tar czf cortex-${VERSION}-vendor.tar.gz vendor/
|
|
rm -rf vendor/
|
|
|
|
- name: Build SRPM
|
|
run: |
|
|
rpmbuild -bs cortex.spec \
|
|
--define "_sourcedir $(pwd)" \
|
|
--define "_srcrpmdir $(pwd)"
|
|
|
|
- name: Upload SRPM artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: srpm-cortex
|
|
path: "*.src.rpm"
|
|
|
|
srpm-neuron:
|
|
name: Build neuron SRPM
|
|
runs-on: rpm
|
|
needs: [fmt, clippy, test]
|
|
if: startsWith(github.ref, 'refs/tags/v')
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Determine version
|
|
id: version
|
|
run: |
|
|
VERSION="${GITHUB_REF#refs/tags/v}"
|
|
echo "VERSION=${VERSION}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Stamp version
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
sed -i '/\[workspace\.package\]/,/\[/{ s/^version = ".*"/version = "'"${VERSION}"'"/ }' Cargo.toml
|
|
sed -i "s/^Version:.*/Version: ${VERSION}/" helexa-neuron.spec
|
|
|
|
- name: Generate changelog entry
|
|
uses: https://git.lair.cafe/actions/rpm-changelog@v1
|
|
with:
|
|
spec: helexa-neuron.spec
|
|
version: ${{ steps.version.outputs.VERSION }}
|
|
|
|
- name: Generate source tarball
|
|
run: |
|
|
set -ex
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
tar czf /tmp/helexa-neuron-${VERSION}.tar.gz \
|
|
--transform "s,^\.,helexa-neuron-${VERSION}," \
|
|
--exclude='./target' \
|
|
--exclude='./.git' \
|
|
--exclude='*.tar.gz' \
|
|
--exclude='*.src.rpm' \
|
|
.
|
|
mv /tmp/helexa-neuron-${VERSION}.tar.gz .
|
|
|
|
- name: Vendor Rust dependencies
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
cargo vendor vendor/
|
|
tar czf helexa-neuron-${VERSION}-vendor.tar.gz vendor/
|
|
rm -rf vendor/
|
|
|
|
- name: Build SRPM
|
|
run: |
|
|
rpmbuild -bs helexa-neuron.spec \
|
|
--define "_sourcedir $(pwd)" \
|
|
--define "_srcrpmdir $(pwd)"
|
|
|
|
- name: Upload SRPM artifact
|
|
uses: actions/upload-artifact@v3
|
|
with:
|
|
name: srpm-neuron
|
|
path: "*.src.rpm"
|
|
|
|
copr-cortex:
|
|
name: Publish cortex to COPR
|
|
runs-on: fedora-43
|
|
needs: srpm-cortex
|
|
steps:
|
|
- name: Download SRPM
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: srpm-cortex
|
|
|
|
- name: Publish to COPR
|
|
uses: https://git.lair.cafe/actions/copr-publish@v1
|
|
with:
|
|
project: helexa/helexa
|
|
srpm: "*.src.rpm"
|
|
copr-config: ${{ secrets.COPR_CONFIG }}
|
|
|
|
copr-neuron:
|
|
name: Publish neuron to COPR
|
|
runs-on: fedora-43
|
|
needs: srpm-neuron
|
|
steps:
|
|
- name: Download SRPM
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: srpm-neuron
|
|
|
|
- name: Publish to COPR
|
|
uses: https://git.lair.cafe/actions/copr-publish@v1
|
|
with:
|
|
project: helexa/helexa
|
|
srpm: "*.src.rpm"
|
|
copr-config: ${{ secrets.COPR_CONFIG }}
|
|
|
|
bump-version:
|
|
name: Bump version in source
|
|
runs-on: rust
|
|
needs: [copr-cortex, copr-neuron]
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
- name: Determine version
|
|
id: version
|
|
run: echo "VERSION=${GITHUB_REF#refs/tags/v}" >> "$GITHUB_OUTPUT"
|
|
|
|
- name: Stamp version
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
sed -i '/\[workspace\.package\]/,/\[/{ s/^version = ".*"/version = "'"${VERSION}"'"/ }' Cargo.toml
|
|
sed -i "s/^Version:.*/Version: ${VERSION}/" cortex.spec
|
|
sed -i "s/^Version:.*/Version: ${VERSION}/" helexa-neuron.spec
|
|
cargo check --workspace 2>/dev/null || true
|
|
|
|
- name: Generate cortex changelog entry
|
|
uses: https://git.lair.cafe/actions/rpm-changelog@v1
|
|
with:
|
|
spec: cortex.spec
|
|
version: ${{ steps.version.outputs.VERSION }}
|
|
|
|
- name: Generate helexa-neuron changelog entry
|
|
uses: https://git.lair.cafe/actions/rpm-changelog@v1
|
|
with:
|
|
spec: helexa-neuron.spec
|
|
version: ${{ steps.version.outputs.VERSION }}
|
|
|
|
- name: Commit and push
|
|
env:
|
|
GITEA_TOKEN: ${{ secrets.GITEA_TOKEN }}
|
|
run: |
|
|
VERSION="${{ steps.version.outputs.VERSION }}"
|
|
git config user.name "Gitea Actions"
|
|
git config user.email "actions@git.lair.cafe"
|
|
git add Cargo.toml Cargo.lock cortex.spec helexa-neuron.spec
|
|
if git diff --cached --quiet; then
|
|
echo "Nothing to commit for ${VERSION}"
|
|
else
|
|
git commit -m "chore: bump version to ${VERSION}"
|
|
git remote set-url origin "https://gitea-actions:${GITEA_TOKEN}@git.lair.cafe/helexa/cortex.git"
|
|
git push origin HEAD:main
|
|
fi
|