From bea8f57f5a8a583e1b349899472693e0e5b709d6 Mon Sep 17 00:00:00 2001
From: Jason Gross <jgross@mit.edu>
Date: Sun, 12 Nov 2023 12:12:07 -0800
Subject: [PATCH] Only upload one copy of linux binaries to releases

We upload the statically-linked Alpine edge binaries, as these are
probably the most portable.

Note that the statically-linked Alpine binaries are actually smaller
than the Debian executables (~35 MB archive vs ~41 MB archive), though
the Debian ones are pie (position-independent executables, supporting
Address Space Layout Randomization).
---
 .github/workflows/coq-alpine.yml  | 10 ++++--
 .github/workflows/coq-debian.yml  | 32 +++++++++---------
 .github/workflows/coq-docker.yml  | 32 +++++++++---------
 .github/workflows/coq-macos.yml   |  7 +++-
 .github/workflows/coq-windows.yml |  9 ++++--
 etc/ci/find-arch.sh               | 54 +++++++++++++++++++++++++++++++
 6 files changed, 107 insertions(+), 37 deletions(-)
 create mode 100755 etc/ci/find-arch.sh

diff --git a/.github/workflows/coq-alpine.yml b/.github/workflows/coq-alpine.yml
index 7d938458e8..b0f8898eed 100644
--- a/.github/workflows/coq-alpine.yml
+++ b/.github/workflows/coq-alpine.yml
@@ -171,9 +171,15 @@ jobs:
     - name: Unpack files
       run: |
         mkdir dist
-        mv dist-edge/standalone.tar.gz dist/fiat-crypto-alpine-edge.tar.gz
+        echo "::group::find arch"
+        ( cd dist-edge && tar -xzvf standalone.tar.gz )
+        arch="$(etc/ci/find-arch.sh dist-edge/word_by_word_montgomery "unknown")"
+        tag="$(git describe --tags $(git rev-parse HEAD))"
+        fname="Fiat-Cryptography_${tag}_Linux_${arch}.tar.gz"
+        echo "$fname"
+        mv dist-edge/standalone.tar.gz "dist/$fname"
         find dist
-        tar -tvf dist/fiat-crypto-alpine-edge.tar.gz
+        tar -tvf "dist/$fname"
     - name: Upload artifacts to GitHub Release
       env:
         GITHUB_TOKEN: ${{ github.token }}
diff --git a/.github/workflows/coq-debian.yml b/.github/workflows/coq-debian.yml
index a35a08f898..12a6f4ab2e 100644
--- a/.github/workflows/coq-debian.yml
+++ b/.github/workflows/coq-debian.yml
@@ -149,7 +149,7 @@ jobs:
           echo "::endgroup::"
         done
 
-  publish-standalone:
+  publish-standalone-dry-run:
     runs-on: ubuntu-latest
     needs: build
     permissions:
@@ -169,31 +169,31 @@ jobs:
         mv dist-sid/standalone.tar.gz dist/fiat-crypto-sid.tar.gz
         find dist
         tar -tvf dist/fiat-crypto-sid.tar.gz
-    - name: Upload artifacts to GitHub Release
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-      # Upload to GitHub Release using the `gh` CLI.
-      # `dist/` contains the built packages
-      run: >-
-        gh release upload
-        '${{ github.ref_name }}' dist/**
-        --repo '${{ github.repository }}'
-      if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}
+#    - name: Upload artifacts to GitHub Release
+#      env:
+#        GITHUB_TOKEN: ${{ github.token }}
+#      # Upload to GitHub Release using the `gh` CLI.
+#      # `dist/` contains the built packages
+#      run: >-
+#        gh release upload
+#        '${{ github.ref_name }}' dist/**
+#        --repo '${{ github.repository }}'
+#      if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}
 
   debian-check-all:
     runs-on: ubuntu-latest
-    needs: [build, test-standalone, publish-standalone]
+    needs: [build, test-standalone, publish-standalone-dry-run]
     if: always()
     steps:
     - run: echo 'build passed'
       if: ${{ needs.build.result == 'success' }}
     - run: echo 'test-standalone passed'
       if: ${{ needs.test-standalone.result == 'success' }}
-    - run: echo 'publish-standalone passed'
-      if: ${{ needs.publish-standalone.result == 'success' }}
+    - run: echo 'publish-standalone-dry-run passed'
+      if: ${{ needs.publish-standalone-dry-run.result == 'success' }}
     - run: echo 'build failed' && false
       if: ${{ needs.build.result != 'success' }}
     - run: echo 'test-standalone failed' && false
       if: ${{ needs.test-standalone.result != 'success' }}
-    - run: echo 'publish-standalone failed' && false
-      if: ${{ needs.publish-standalone.result != 'success' }}
+    - run: echo 'publish-standalone-dry-run failed' && false
+      if: ${{ needs.publish-standalone-dry-run.result != 'success' }}
diff --git a/.github/workflows/coq-docker.yml b/.github/workflows/coq-docker.yml
index ef546988c6..dd542764cf 100644
--- a/.github/workflows/coq-docker.yml
+++ b/.github/workflows/coq-docker.yml
@@ -202,7 +202,7 @@ jobs:
             echo "::endgroup::"
           done
 
-  publish-standalone:
+  publish-standalone-dry-run:
     runs-on: ubuntu-latest
     needs: build
     permissions:
@@ -222,20 +222,20 @@ jobs:
         mv dist-docker-coq-dev/standalone.tar.gz dist/fiat-crypto-docker-coq-dev.tar.gz
         find dist
         tar -tvf dist/fiat-crypto-docker-coq-dev.tar.gz
-    - name: Upload artifacts to GitHub Release
-      env:
-        GITHUB_TOKEN: ${{ github.token }}
-      # Upload to GitHub Release using the `gh` CLI.
-      # `dist/` contains the built packages
-      run: >-
-        gh release upload
-        '${{ github.ref_name }}' dist/**
-        --repo '${{ github.repository }}'
-      if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}
+#    - name: Upload artifacts to GitHub Release
+#      env:
+#        GITHUB_TOKEN: ${{ github.token }}
+#      # Upload to GitHub Release using the `gh` CLI.
+#      # `dist/` contains the built packages
+#      run: >-
+#        gh release upload
+#        '${{ github.ref_name }}' dist/**
+#        --repo '${{ github.repository }}'
+#      if: ${{ startsWith(github.ref, 'refs/tags/') && github.event_name == 'release' }}
 
   docker-check-all:
     runs-on: ubuntu-latest
-    needs: [build, test-amd64, test-standalone, publish-standalone]
+    needs: [build, test-amd64, test-standalone, publish-standalone-dry-run]
     if: always()
     steps:
     - run: echo 'build passed'
@@ -244,13 +244,13 @@ jobs:
       if: ${{ needs.test-amd64.result == 'success' }}
     - run: echo 'test-standalone passed'
       if: ${{ needs.test-standalone.result == 'success' }}
-    - run: echo 'publish-standalone passed'
-      if: ${{ needs.publish-standalone.result == 'success' }}
+    - run: echo 'publish-standalone-dry-run passed'
+      if: ${{ needs.publish-standalone-dry-run.result == 'success' }}
     - run: echo 'build failed' && false
       if: ${{ needs.build.result != 'success' }}
     - run: echo 'test-amd64 failed' && false
       if: ${{ needs.test-amd64.result != 'success' }}
     - run: echo 'test-standalone failed' && false
       if: ${{ needs.test-standalone.result != 'success' }}
-    - run: echo 'publish-standalone failed' && false
-      if: ${{ needs.publish-standalone.result != 'success' }}
+    - run: echo 'publish-standalone-dry-run failed' && false
+      if: ${{ needs.publish-standalone-dry-run.result != 'success' }}
diff --git a/.github/workflows/coq-macos.yml b/.github/workflows/coq-macos.yml
index d4e907b68e..f69a194c51 100644
--- a/.github/workflows/coq-macos.yml
+++ b/.github/workflows/coq-macos.yml
@@ -157,7 +157,12 @@ jobs:
     - name: Unpack files
       run: |
         mkdir dist
-        mv dist-macos/standalone.tar.gz dist/fiat-crypto-macos.tar.gz
+        ( cd dist-macos && tar -xzvf standalone.tar.gz )
+        arch="$(etc/ci/find-arch.sh dist-macos/word_by_word_montgomery)"
+        tag="$(git describe --tags $(git rev-parse HEAD))"
+        fname="Fiat-Cryptography_${tag}_macOS_${arch}.tar.gz"
+        echo "$fname"
+        mv dist-macos/standalone.tar.gz "dist/$fname"
         find dist
         tar -tvf dist/fiat-crypto-macos.tar.gz
     - name: Upload artifacts to GitHub Release
diff --git a/.github/workflows/coq-windows.yml b/.github/workflows/coq-windows.yml
index 80adc3fdd0..4efe656317 100644
--- a/.github/workflows/coq-windows.yml
+++ b/.github/workflows/coq-windows.yml
@@ -182,9 +182,14 @@ jobs:
     - name: Unpack files
       run: |
         mkdir dist
-        mv dist-windows/standalone.zip dist/fiat-crypto-windows.zip
+        ( cd dist-windows && unzip standalone.zip )
+        arch="$(etc/ci/find-arch.sh dist-windows/word_by_word_montgomery "x86_64")"
+        tag="$(git describe --tags $(git rev-parse HEAD))"
+        fname="Fiat-Cryptography_${tag}_Windows_${arch}.zip"
+        echo "$fname"
+        mv dist-windows/standalone.zip "dist/$fname"
         find dist
-        unzip -l dist/fiat-crypto-windows.zip
+        unzip -l "dist/$fname"
     - name: Upload artifacts to GitHub Release
       env:
         GITHUB_TOKEN: ${{ github.token }}
diff --git a/etc/ci/find-arch.sh b/etc/ci/find-arch.sh
new file mode 100755
index 0000000000..d2758c93e8
--- /dev/null
+++ b/etc/ci/find-arch.sh
@@ -0,0 +1,54 @@
+#!/usr/bin/env bash
+
+usage() {
+    >&2 printf "%s FILENAME [DEFAULT_ARCH]\n" "$0"
+}
+
+fname="$1"
+default="$2"
+if [ -z "$fname" ] || [ "$fname" = "-h" ] || [ "$fname" = "--help" ]; then
+    usage
+fi
+if [ -z "$fname" ]; then
+    exit 1
+fi
+
+if [ ! -z "${SHELL}" ]; then
+    run() {
+        "${SHELL}" -c "$*" || true
+    }
+else
+    run() {
+        /bin/sh -c "$*" || true
+    }
+fi
+
+if [ ! -z "$CI" ]; then
+    group() {
+        echo "::group::$*"
+        run "$@"
+        echo "::endgroup::"
+    }
+else
+    group() { run "$@"; }
+fi
+
+>&2 group file "$fname"
+>&2 group otool -L "$fname" || true
+>&2 group lipo -info "$fname" || true
+file_info="$(file "$fname" 2>&1)"
+case "${file_info}" in
+    *x86_64*|*x86-64*)
+        arch=x86_64
+        ;;
+    *)
+        if [ -z "$default" ]; then
+            arch="$(printf "%s\n" "${file_info}" | awk '{print $NF}')"
+        else
+            arch="$default"
+        fi
+        >&2 echo "::warning::Unknown architecture ${file_info} (using ${arch})"
+        ;;
+esac
+
+printf "%s\n" "$arch"