Skip to content

Commit 0dc08a1

Browse files
pimlockpimlock
authored
fix(release): build host Linux binaries with glibc floor (#1490)
1 parent 521eccd commit 0dc08a1

16 files changed

Lines changed: 607 additions & 46 deletions

.github/workflows/branch-checks.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,6 @@ env:
1010
CARGO_TERM_COLOR: always
1111
CARGO_INCREMENTAL: "0"
1212
MISE_GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
13-
SCCACHE_GHA_ENABLED: "true"
1413

1514
permissions:
1615
contents: read
@@ -88,6 +87,7 @@ jobs:
8887
runner: [linux-amd64-cpu8, linux-arm64-cpu8]
8988
runs-on: ${{ matrix.runner }}
9089
env:
90+
SCCACHE_GHA_ENABLED: "true"
9191
SCCACHE_GHA_VERSION: branch-checks-rust-${{ matrix.runner }}
9292
container:
9393
image: ghcr.io/nvidia/openshell/ci:latest
@@ -97,12 +97,12 @@ jobs:
9797
steps:
9898
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
9999

100-
- name: Install tools
101-
run: mise install --locked
102-
103100
- name: Configure GHA sccache backend
104101
uses: mozilla-actions/sccache-action@9e7fa8a12102821edf02ca5dbea1acd0f89a2696 # v0.0.10
105102

103+
- name: Install tools
104+
run: mise install --locked
105+
106106
- name: Cache Rust target and registry
107107
uses: Swatinem/rust-cache@c19371144df3bb44fab255c43d04cbc2ab54d1c4 # v2
108108
with:

.github/workflows/driver-vm-linux.yml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -81,11 +81,13 @@ jobs:
8181
- arch: arm64
8282
runner: linux-arm64-cpu8
8383
target: aarch64-unknown-linux-gnu
84+
zig_target: aarch64-unknown-linux-gnu.2.31
8485
platform: linux-aarch64
8586
guest_arch: aarch64
8687
- arch: amd64
8788
runner: linux-amd64-cpu8
8889
target: x86_64-unknown-linux-gnu
90+
zig_target: x86_64-unknown-linux-gnu.2.31
8991
platform: linux-x86_64
9092
guest_arch: x86_64
9193
runs-on: ${{ matrix.runner }}
@@ -163,19 +165,25 @@ jobs:
163165
set -euo pipefail
164166
sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${{ inputs['cargo-version'] }}"'"/}' Cargo.toml
165167
166-
- name: Build openshell-driver-vm
168+
- name: Build openshell-driver-vm with glibc 2.31 floor
167169
run: |
168170
set -euo pipefail
171+
mise x -- rustup target add ${{ matrix.target }}
169172
OPENSHELL_VM_RUNTIME_COMPRESSED_DIR="${PWD}/target/vm-runtime-compressed" \
170-
mise x -- cargo build --release -p openshell-driver-vm
173+
mise x -- cargo zigbuild --release --target ${{ matrix.zig_target }} -p openshell-driver-vm --bin openshell-driver-vm
174+
mkdir -p artifacts/bin
175+
install -m 0755 target/${{ matrix.target }}/release/openshell-driver-vm artifacts/bin/openshell-driver-vm
171176
172177
- name: Verify packaged binary
173178
run: |
174179
set -euo pipefail
175-
OUTPUT="$(target/release/openshell-driver-vm --version)"
180+
OUTPUT="$(artifacts/bin/openshell-driver-vm --version)"
176181
echo "$OUTPUT"
177182
grep -q '^openshell-driver-vm ' <<<"$OUTPUT"
178183
184+
- name: Verify glibc symbol floor
185+
run: tasks/scripts/verify-glibc-symbols.sh 2.31 artifacts/bin/openshell-driver-vm
186+
179187
- name: sccache stats
180188
if: always()
181189
run: mise x -- sccache --show-stats
@@ -185,7 +193,7 @@ jobs:
185193
set -euo pipefail
186194
mkdir -p artifacts
187195
tar -czf "artifacts/openshell-driver-vm-${{ matrix.target }}.tar.gz" \
188-
-C target/release openshell-driver-vm
196+
-C artifacts/bin openshell-driver-vm
189197
190198
- name: Upload artifact
191199
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7

.github/workflows/release-dev.yml

Lines changed: 49 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -376,7 +376,7 @@ jobs:
376376
retention-days: 5
377377

378378
# ---------------------------------------------------------------------------
379-
# Build standalone gateway binaries (Linux GNU — native on each arch)
379+
# Build standalone gateway binaries (Linux GNU — glibc 2.31 floor)
380380
# ---------------------------------------------------------------------------
381381
build-gateway-binary-linux:
382382
name: Build Gateway Binary (Linux ${{ matrix.arch }})
@@ -387,9 +387,11 @@ jobs:
387387
- arch: amd64
388388
runner: linux-amd64-cpu8
389389
target: x86_64-unknown-linux-gnu
390+
zig_target: x86_64-unknown-linux-gnu.2.31
390391
- arch: arm64
391392
runner: linux-arm64-cpu8
392393
target: aarch64-unknown-linux-gnu
394+
zig_target: aarch64-unknown-linux-gnu.2.31
393395
runs-on: ${{ matrix.runner }}
394396
timeout-minutes: 60
395397
container:
@@ -427,20 +429,26 @@ jobs:
427429
set -euo pipefail
428430
sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${{ needs.compute-versions.outputs.cargo_version }}"'"/}' Cargo.toml
429431
430-
- name: Build ${{ matrix.target }}
432+
- name: Build ${{ matrix.zig_target }}
431433
env:
432434
OPENSHELL_IMAGE_TAG: ${{ github.sha }}
433435
run: |
434436
set -euo pipefail
435-
mise x -- cargo build --release --target ${{ matrix.target }} -p openshell-server
437+
mise x -- rustup target add ${{ matrix.target }}
438+
mise x -- cargo zigbuild --release --target ${{ matrix.zig_target }} -p openshell-server --bin openshell-gateway
439+
mkdir -p artifacts/bin
440+
install -m 0755 target/${{ matrix.target }}/release/openshell-gateway artifacts/bin/openshell-gateway
436441
437442
- name: Verify packaged binary
438443
run: |
439444
set -euo pipefail
440-
OUTPUT="$(target/${{ matrix.target }}/release/openshell-gateway --version)"
445+
OUTPUT="$(artifacts/bin/openshell-gateway --version)"
441446
echo "$OUTPUT"
442447
grep -q '^openshell-gateway ' <<<"$OUTPUT"
443448
449+
- name: Verify glibc symbol floor
450+
run: tasks/scripts/verify-glibc-symbols.sh 2.31 artifacts/bin/openshell-gateway
451+
444452
- name: sccache stats
445453
if: always()
446454
run: mise x -- sccache --show-stats
@@ -450,7 +458,7 @@ jobs:
450458
set -euo pipefail
451459
mkdir -p artifacts
452460
tar -czf artifacts/openshell-gateway-${{ matrix.target }}.tar.gz \
453-
-C target/${{ matrix.target }}/release openshell-gateway
461+
-C artifacts/bin openshell-gateway
454462
ls -lh artifacts/
455463
456464
- name: Upload artifact
@@ -641,7 +649,7 @@ jobs:
641649

642650
build-rpm:
643651
name: Build RPM Packages
644-
needs: [compute-versions]
652+
needs: [compute-versions, build-cli-linux, build-gateway-binary-linux]
645653
uses: ./.github/workflows/rpm-package.yml
646654
with:
647655
checkout-ref: ${{ github.sha }}
@@ -650,12 +658,46 @@ jobs:
650658
cargo-version: ${{ needs.compute-versions.outputs.cargo_version }}
651659
secrets: inherit
652660

661+
smoke-linux-dev-artifacts:
662+
name: Smoke Linux Dev Artifacts (${{ matrix.name }})
663+
needs: [build-gateway-binary-linux, build-driver-vm-linux, build-deb]
664+
timeout-minutes: 20
665+
strategy:
666+
fail-fast: false
667+
matrix:
668+
include:
669+
- name: ubuntu-22.04-deb-amd64
670+
runner: linux-amd64-cpu8
671+
image: ubuntu:22.04
672+
artifact_arch: amd64
673+
- name: ubuntu-22.04-deb-arm64
674+
runner: linux-arm64-cpu8
675+
image: ubuntu:22.04
676+
artifact_arch: arm64
677+
runs-on: ${{ matrix.runner }}
678+
container:
679+
image: ${{ matrix.image }}
680+
steps:
681+
- name: Download Debian package artifact
682+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
683+
with:
684+
name: deb-linux-${{ matrix.artifact_arch }}
685+
path: package-input/
686+
687+
- name: Smoke Debian package on Ubuntu 22.04
688+
run: |
689+
set -euo pipefail
690+
apt-get update
691+
apt-get install -y --no-install-recommends ./package-input/*.deb
692+
openshell-gateway --version
693+
/usr/libexec/openshell/openshell-driver-vm --version
694+
653695
# ---------------------------------------------------------------------------
654696
# Create / update the dev GitHub Release with CLI, gateway, driver, and wheels
655697
# ---------------------------------------------------------------------------
656698
release-dev:
657699
name: Release Dev
658-
needs: [compute-versions, build-cli-linux, build-cli-macos, build-gateway-binary-linux, build-gateway-binary-macos, build-supervisor-binary-linux, build-python-wheels-linux, build-python-wheel-macos, build-driver-vm-linux, build-driver-vm-macos, build-deb, build-rpm]
700+
needs: [compute-versions, build-cli-linux, build-cli-macos, build-gateway-binary-linux, build-gateway-binary-macos, build-supervisor-binary-linux, build-python-wheels-linux, build-python-wheel-macos, build-driver-vm-linux, build-driver-vm-macos, build-deb, build-rpm, smoke-linux-dev-artifacts]
659701
runs-on: linux-amd64-cpu8
660702
timeout-minutes: 10
661703
permissions:

.github/workflows/release-tag.yml

Lines changed: 123 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -409,7 +409,7 @@ jobs:
409409
retention-days: 5
410410

411411
# ---------------------------------------------------------------------------
412-
# Build standalone gateway binaries (Linux GNU — native on each arch)
412+
# Build standalone gateway binaries (Linux GNU — glibc 2.31 floor)
413413
# ---------------------------------------------------------------------------
414414
build-gateway-binary-linux:
415415
name: Build Gateway Binary (Linux ${{ matrix.arch }})
@@ -420,9 +420,11 @@ jobs:
420420
- arch: amd64
421421
runner: linux-amd64-cpu8
422422
target: x86_64-unknown-linux-gnu
423+
zig_target: x86_64-unknown-linux-gnu.2.31
423424
- arch: arm64
424425
runner: linux-arm64-cpu8
425426
target: aarch64-unknown-linux-gnu
427+
zig_target: aarch64-unknown-linux-gnu.2.31
426428
runs-on: ${{ matrix.runner }}
427429
timeout-minutes: 60
428430
container:
@@ -461,20 +463,26 @@ jobs:
461463
set -euo pipefail
462464
sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${{ needs.compute-versions.outputs.cargo_version }}"'"/}' Cargo.toml
463465
464-
- name: Build ${{ matrix.target }}
466+
- name: Build ${{ matrix.zig_target }}
465467
env:
466468
OPENSHELL_IMAGE_TAG: ${{ needs.compute-versions.outputs.source_sha }}
467469
run: |
468470
set -euo pipefail
469-
mise x -- cargo build --release --target ${{ matrix.target }} -p openshell-server
471+
mise x -- rustup target add ${{ matrix.target }}
472+
mise x -- cargo zigbuild --release --target ${{ matrix.zig_target }} -p openshell-server --bin openshell-gateway
473+
mkdir -p artifacts/bin
474+
install -m 0755 target/${{ matrix.target }}/release/openshell-gateway artifacts/bin/openshell-gateway
470475
471476
- name: Verify packaged binary
472477
run: |
473478
set -euo pipefail
474-
OUTPUT="$(target/${{ matrix.target }}/release/openshell-gateway --version)"
479+
OUTPUT="$(artifacts/bin/openshell-gateway --version)"
475480
echo "$OUTPUT"
476481
grep -q '^openshell-gateway ' <<<"$OUTPUT"
477482
483+
- name: Verify glibc symbol floor
484+
run: tasks/scripts/verify-glibc-symbols.sh 2.31 artifacts/bin/openshell-gateway
485+
478486
- name: sccache stats
479487
if: always()
480488
run: mise x -- sccache --show-stats
@@ -484,7 +492,7 @@ jobs:
484492
set -euo pipefail
485493
mkdir -p artifacts
486494
tar -czf artifacts/openshell-gateway-${{ matrix.target }}.tar.gz \
487-
-C target/${{ matrix.target }}/release openshell-gateway
495+
-C artifacts/bin openshell-gateway
488496
ls -lh artifacts/
489497
490498
- name: Upload artifact
@@ -677,7 +685,7 @@ jobs:
677685

678686
build-rpm:
679687
name: Build RPM Packages
680-
needs: [compute-versions]
688+
needs: [compute-versions, build-cli-linux, build-gateway-binary-linux]
681689
uses: ./.github/workflows/rpm-package.yml
682690
with:
683691
checkout-ref: ${{ inputs.tag || github.ref }}
@@ -686,12 +694,120 @@ jobs:
686694
cargo-version: ${{ needs.compute-versions.outputs.cargo_version }}
687695
secrets: inherit
688696

697+
smoke-linux-release-artifacts:
698+
name: Smoke Linux Release Artifacts (${{ matrix.name }})
699+
needs: [build-gateway-binary-linux, build-driver-vm-linux, build-deb, build-rpm]
700+
timeout-minutes: 20
701+
strategy:
702+
fail-fast: false
703+
matrix:
704+
include:
705+
- name: ubuntu-20.04-binaries
706+
runner: linux-amd64-cpu8
707+
image: ubuntu:20.04
708+
kind: binary
709+
artifact_arch: amd64
710+
rpm_arch: x86_64
711+
target: x86_64-unknown-linux-gnu
712+
- name: ubuntu-20.04-binaries-arm64
713+
runner: linux-arm64-cpu8
714+
image: ubuntu:20.04
715+
kind: binary
716+
artifact_arch: arm64
717+
rpm_arch: aarch64
718+
target: aarch64-unknown-linux-gnu
719+
- name: ubuntu-22.04-deb
720+
runner: linux-amd64-cpu8
721+
image: ubuntu:22.04
722+
kind: deb
723+
artifact_arch: amd64
724+
rpm_arch: x86_64
725+
target: x86_64-unknown-linux-gnu
726+
- name: ubuntu-22.04-deb-arm64
727+
runner: linux-arm64-cpu8
728+
image: ubuntu:22.04
729+
kind: deb
730+
artifact_arch: arm64
731+
rpm_arch: aarch64
732+
target: aarch64-unknown-linux-gnu
733+
- name: rhel9-rpm
734+
runner: linux-amd64-cpu8
735+
image: rockylinux:9
736+
kind: rpm
737+
artifact_arch: amd64
738+
rpm_arch: x86_64
739+
target: x86_64-unknown-linux-gnu
740+
- name: rhel9-rpm-aarch64
741+
runner: linux-arm64-cpu8
742+
image: rockylinux:9
743+
kind: rpm
744+
artifact_arch: arm64
745+
rpm_arch: aarch64
746+
target: aarch64-unknown-linux-gnu
747+
runs-on: ${{ matrix.runner }}
748+
container:
749+
image: ${{ matrix.image }}
750+
steps:
751+
- name: Download gateway binary artifact
752+
if: matrix.kind == 'binary'
753+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
754+
with:
755+
name: gateway-binary-linux-${{ matrix.artifact_arch }}
756+
path: smoke-input/
757+
758+
- name: Download VM driver binary artifact
759+
if: matrix.kind == 'binary'
760+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
761+
with:
762+
name: driver-vm-linux-${{ matrix.artifact_arch }}
763+
path: smoke-input/
764+
765+
- name: Smoke binary artifacts
766+
if: matrix.kind == 'binary'
767+
run: |
768+
set -euo pipefail
769+
mkdir -p smoke-bin
770+
tar -xzf smoke-input/openshell-gateway-${{ matrix.target }}.tar.gz -C smoke-bin
771+
tar -xzf smoke-input/openshell-driver-vm-${{ matrix.target }}.tar.gz -C smoke-bin
772+
smoke-bin/openshell-gateway --version
773+
smoke-bin/openshell-driver-vm --version
774+
775+
- name: Download Debian package artifact
776+
if: matrix.kind == 'deb'
777+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
778+
with:
779+
name: deb-linux-${{ matrix.artifact_arch }}
780+
path: package-input/
781+
782+
- name: Smoke Debian package
783+
if: matrix.kind == 'deb'
784+
run: |
785+
set -euo pipefail
786+
apt-get update
787+
apt-get install -y --no-install-recommends ./package-input/*.deb
788+
openshell-gateway --version
789+
/usr/libexec/openshell/openshell-driver-vm --version
790+
791+
- name: Download RPM package artifacts
792+
if: matrix.kind == 'rpm'
793+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
794+
with:
795+
name: rpm-linux-${{ matrix.rpm_arch }}
796+
path: package-input/
797+
798+
- name: Smoke RPM packages
799+
if: matrix.kind == 'rpm'
800+
run: |
801+
set -euo pipefail
802+
dnf install -y ./package-input/*.rpm
803+
openshell-gateway --version
804+
689805
# ---------------------------------------------------------------------------
690806
# Create a tagged GitHub Release with CLI, gateway, driver, and wheels
691807
# ---------------------------------------------------------------------------
692808
release:
693809
name: Release
694-
needs: [compute-versions, build-cli-linux, build-cli-macos, build-gateway-binary-linux, build-gateway-binary-macos, build-supervisor-binary-linux, build-python-wheels-linux, build-python-wheel-macos, tag-ghcr-release, build-driver-vm-linux, build-driver-vm-macos, build-deb, build-rpm]
810+
needs: [compute-versions, build-cli-linux, build-cli-macos, build-gateway-binary-linux, build-gateway-binary-macos, build-supervisor-binary-linux, build-python-wheels-linux, build-python-wheel-macos, tag-ghcr-release, build-driver-vm-linux, build-driver-vm-macos, build-deb, build-rpm, smoke-linux-release-artifacts]
695811
runs-on: linux-amd64-cpu8
696812
timeout-minutes: 10
697813
permissions:

0 commit comments

Comments
 (0)