Skip to content

Commit

Permalink
Only upload one copy of linux binaries to releases
Browse files Browse the repository at this point in the history
We upload the statically-linked Alpine edge binaries, as these are
probably the most portable.

Note that the statically-linked Alpine binaries are actually smaller
than the Debian executables (~35 MB archive vs ~41 MB archive), though
the Debian ones are pie (position-independent executables, supporting
Address Space Layout Randomization).
  • Loading branch information
JasonGross committed Nov 13, 2023
1 parent 4a67334 commit bea8f57
Show file tree
Hide file tree
Showing 6 changed files with 107 additions and 37 deletions.
10 changes: 8 additions & 2 deletions .github/workflows/coq-alpine.yml
Original file line number Diff line number Diff line change
Expand Up @@ -171,9 +171,15 @@ jobs:
- name: Unpack files
run: |
mkdir dist
mv dist-edge/standalone.tar.gz dist/fiat-crypto-alpine-edge.tar.gz
echo "::group::find arch"
( cd dist-edge && tar -xzvf standalone.tar.gz )
arch="$(etc/ci/find-arch.sh dist-edge/word_by_word_montgomery "unknown")"
tag="$(git describe --tags $(git rev-parse HEAD))"
fname="Fiat-Cryptography_${tag}_Linux_${arch}.tar.gz"
echo "$fname"
mv dist-edge/standalone.tar.gz "dist/$fname"
find dist
tar -tvf dist/fiat-crypto-alpine-edge.tar.gz
tar -tvf "dist/$fname"
- name: Upload artifacts to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
Expand Down
32 changes: 16 additions & 16 deletions .github/workflows/coq-debian.yml
Original file line number Diff line number Diff line change
Expand Up @@ -149,7 +149,7 @@ jobs:
echo "::endgroup::"
done
publish-standalone:
publish-standalone-dry-run:
runs-on: ubuntu-latest
needs: build
permissions:
Expand All @@ -169,31 +169,31 @@ jobs:
mv dist-sid/standalone.tar.gz dist/fiat-crypto-sid.tar.gz
find dist
tar -tvf dist/fiat-crypto-sid.tar.gz
- name: Upload artifacts to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}
# - name: Upload artifacts to GitHub Release
# env:
# GITHUB_TOKEN: ${{ github.token }}
# # Upload to GitHub Release using the `gh` CLI.
# # `dist/` contains the built packages
# run: >-
# gh release upload
# '${{ github.ref_name }}' dist/**
# --repo '${{ github.repository }}'
# if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}

debian-check-all:
runs-on: ubuntu-latest
needs: [build, test-standalone, publish-standalone]
needs: [build, test-standalone, publish-standalone-dry-run]
if: always()
steps:
- run: echo 'build passed'
if: ${{ needs.build.result == 'success' }}
- run: echo 'test-standalone passed'
if: ${{ needs.test-standalone.result == 'success' }}
- run: echo 'publish-standalone passed'
if: ${{ needs.publish-standalone.result == 'success' }}
- run: echo 'publish-standalone-dry-run passed'
if: ${{ needs.publish-standalone-dry-run.result == 'success' }}
- run: echo 'build failed' && false
if: ${{ needs.build.result != 'success' }}
- run: echo 'test-standalone failed' && false
if: ${{ needs.test-standalone.result != 'success' }}
- run: echo 'publish-standalone failed' && false
if: ${{ needs.publish-standalone.result != 'success' }}
- run: echo 'publish-standalone-dry-run failed' && false
if: ${{ needs.publish-standalone-dry-run.result != 'success' }}
32 changes: 16 additions & 16 deletions .github/workflows/coq-docker.yml
Original file line number Diff line number Diff line change
Expand Up @@ -202,7 +202,7 @@ jobs:
echo "::endgroup::"
done
publish-standalone:
publish-standalone-dry-run:
runs-on: ubuntu-latest
needs: build
permissions:
Expand All @@ -222,20 +222,20 @@ jobs:
mv dist-docker-coq-dev/standalone.tar.gz dist/fiat-crypto-docker-coq-dev.tar.gz
find dist
tar -tvf dist/fiat-crypto-docker-coq-dev.tar.gz
- name: Upload artifacts to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
# Upload to GitHub Release using the `gh` CLI.
# `dist/` contains the built packages
run: >-
gh release upload
'${{ github.ref_name }}' dist/**
--repo '${{ github.repository }}'
if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}
# - name: Upload artifacts to GitHub Release
# env:
# GITHUB_TOKEN: ${{ github.token }}
# # Upload to GitHub Release using the `gh` CLI.
# # `dist/` contains the built packages
# run: >-
# gh release upload
# '${{ github.ref_name }}' dist/**
# --repo '${{ github.repository }}'
# if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}

docker-check-all:
runs-on: ubuntu-latest
needs: [build, test-amd64, test-standalone, publish-standalone]
needs: [build, test-amd64, test-standalone, publish-standalone-dry-run]
if: always()
steps:
- run: echo 'build passed'
Expand All @@ -244,13 +244,13 @@ jobs:
if: ${{ needs.test-amd64.result == 'success' }}
- run: echo 'test-standalone passed'
if: ${{ needs.test-standalone.result == 'success' }}
- run: echo 'publish-standalone passed'
if: ${{ needs.publish-standalone.result == 'success' }}
- run: echo 'publish-standalone-dry-run passed'
if: ${{ needs.publish-standalone-dry-run.result == 'success' }}
- run: echo 'build failed' && false
if: ${{ needs.build.result != 'success' }}
- run: echo 'test-amd64 failed' && false
if: ${{ needs.test-amd64.result != 'success' }}
- run: echo 'test-standalone failed' && false
if: ${{ needs.test-standalone.result != 'success' }}
- run: echo 'publish-standalone failed' && false
if: ${{ needs.publish-standalone.result != 'success' }}
- run: echo 'publish-standalone-dry-run failed' && false
if: ${{ needs.publish-standalone-dry-run.result != 'success' }}
7 changes: 6 additions & 1 deletion .github/workflows/coq-macos.yml
Original file line number Diff line number Diff line change
Expand Up @@ -157,7 +157,12 @@ jobs:
- name: Unpack files
run: |
mkdir dist
mv dist-macos/standalone.tar.gz dist/fiat-crypto-macos.tar.gz
( cd dist-macos && tar -xzvf standalone.tar.gz )
arch="$(etc/ci/find-arch.sh dist-macos/word_by_word_montgomery)"
tag="$(git describe --tags $(git rev-parse HEAD))"
fname="Fiat-Cryptography_${tag}_macOS_${arch}.tar.gz"
echo "$fname"
mv dist-macos/standalone.tar.gz "dist/$fname"
find dist
tar -tvf dist/fiat-crypto-macos.tar.gz
- name: Upload artifacts to GitHub Release
Expand Down
9 changes: 7 additions & 2 deletions .github/workflows/coq-windows.yml
Original file line number Diff line number Diff line change
Expand Up @@ -182,9 +182,14 @@ jobs:
- name: Unpack files
run: |
mkdir dist
mv dist-windows/standalone.zip dist/fiat-crypto-windows.zip
( cd dist-windows && unzip standalone.zip )
arch="$(etc/ci/find-arch.sh dist-windows/word_by_word_montgomery "x86_64")"
tag="$(git describe --tags $(git rev-parse HEAD))"
fname="Fiat-Cryptography_${tag}_Windows_${arch}.zip"
echo "$fname"
mv dist-windows/standalone.zip "dist/$fname"
find dist
unzip -l dist/fiat-crypto-windows.zip
unzip -l "dist/$fname"
- name: Upload artifacts to GitHub Release
env:
GITHUB_TOKEN: ${{ github.token }}
Expand Down
54 changes: 54 additions & 0 deletions etc/ci/find-arch.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,54 @@
#!/usr/bin/env bash

usage() {
>&2 printf "%s FILENAME [DEFAULT_ARCH]\n" "$0"
}

fname="$1"
default="$2"
if [ -z "$fname" ] || [ "$fname" = "-h" ] || [ "$fname" = "--help" ]; then
usage
fi
if [ -z "$fname" ]; then
exit 1
fi

if [ ! -z "${SHELL}" ]; then
run() {
"${SHELL}" -c "$*" || true
}
else
run() {
/bin/sh -c "$*" || true
}
fi

if [ ! -z "$CI" ]; then
group() {
echo "::group::$*"
run "$@"
echo "::endgroup::"
}
else
group() { run "$@"; }
fi

>&2 group file "$fname"
>&2 group otool -L "$fname" || true
>&2 group lipo -info "$fname" || true
file_info="$(file "$fname" 2>&1)"
case "${file_info}" in
*x86_64*|*x86-64*)
arch=x86_64
;;
*)
if [ -z "$default" ]; then
arch="$(printf "%s\n" "${file_info}" | awk '{print $NF}')"
else
arch="$default"
fi
>&2 echo "::warning::Unknown architecture ${file_info} (using ${arch})"
;;
esac

printf "%s\n" "$arch"

0 comments on commit bea8f57

Please sign in to comment.