From e64fb5433d6bcca21323017e88cdd1357b31faf9 Mon Sep 17 00:00:00 2001 From: Cong Wang Date: Sun, 31 May 2026 15:58:24 -0700 Subject: [PATCH 1/2] ci: build and publish riscv64 binaries in release workflow Signed-off-by: Cong Wang --- .github/workflows/release.yml | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 26f0509..6788ac6 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -13,11 +13,16 @@ jobs: # Build Rust binaries and shared library. # x86_64 is pinned to ubuntu-22.04 (glibc 2.35) so release binaries run on # older distros (Ubuntu 22.04+, Debian 12+, RHEL 9+). aarch64 builds on - # ubuntu-24.04-arm (glibc 2.39) — the runner matches the rest of CI; older + # ubuntu-24.04-arm (glibc 2.39): the runner matches the rest of CI; older # aarch64 distros can build from source until a 22.04-arm runner is wired in. + # riscv64 is cross-compiled on x86_64 (GitHub has no riscv64 runner). It is + # marked experimental: the binary is never run in CI (seccomp/Landlock do not + # emulate faithfully under qemu), so a cross-build break must not block the + # x86_64/aarch64 release or the crates.io/PyPI publish. build: name: Build (${{ matrix.target }}) runs-on: ${{ matrix.runs-on }} + continue-on-error: ${{ matrix.experimental || false }} strategy: fail-fast: false matrix: @@ -26,6 +31,11 @@ jobs: runs-on: ubuntu-22.04 - target: aarch64-unknown-linux-gnu runs-on: ubuntu-24.04-arm + - target: riscv64gc-unknown-linux-gnu + runs-on: ubuntu-latest + cross-cc: riscv64-linux-gnu-gcc + cross-pkg: gcc-riscv64-linux-gnu + experimental: true steps: - uses: actions/checkout@v4 @@ -34,6 +44,19 @@ jobs: with: targets: ${{ matrix.target }} + # Cross-targets need a C cross-toolchain and the matching linker/CC env + # vars (the names are derived from the target triple, per cargo and the + # cc crate conventions). Native targets skip this step. + - name: Set up cross toolchain + if: matrix.cross-cc + run: | + sudo apt-get update + sudo apt-get install -y ${{ matrix.cross-pkg }} + triple_upper=$(echo '${{ matrix.target }}' | tr 'a-z-' 'A-Z_') + triple_lower=$(echo '${{ matrix.target }}' | tr '-' '_') + echo "CARGO_TARGET_${triple_upper}_LINKER=${{ matrix.cross-cc }}" >> "$GITHUB_ENV" + echo "CC_${triple_lower}=${{ matrix.cross-cc }}" >> "$GITHUB_ENV" + - name: Build run: cargo build --release --target ${{ matrix.target }} From 394e73dd7d93403fe811df79b91ae412c9c46b3a Mon Sep 17 00:00:00 2001 From: Cong Wang Date: Sun, 31 May 2026 16:06:27 -0700 Subject: [PATCH 2/2] ci: only publish on tag push, not manual workflow_dispatch Signed-off-by: Cong Wang --- .github/workflows/release.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 6788ac6..2a351ad 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -163,6 +163,9 @@ jobs: publish-crates: name: Publish to crates.io needs: [build, test] + # Only publish on a real tag push. A manual workflow_dispatch (used to + # test the build/upload path) must never publish to crates.io. + if: github.event_name == 'push' runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 @@ -182,6 +185,8 @@ jobs: publish-pypi: name: Publish to PyPI needs: [sdist, wheels, test] + # Only publish on a real tag push, not on a manual workflow_dispatch. + if: github.event_name == 'push' runs-on: ubuntu-latest environment: pypi permissions: @@ -212,6 +217,9 @@ jobs: github-release: name: GitHub Release needs: [build, test] + # Only cut a GitHub Release on a real tag push, not on a manual + # workflow_dispatch (which has no tag to attach assets to). + if: github.event_name == 'push' runs-on: ubuntu-latest permissions: contents: write