Skip to content

Commit 95fe5a3

Browse files
pimlockpimlock
committed
fix(release): build host Linux binaries with glibc floor
Signed-off-by: Piotr Mlocek <pmlocek@nvidia.com>
1 parent 2a065a5 commit 95fe5a3

16 files changed

Lines changed: 562 additions & 41 deletions

.github/workflows/deb-package.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -28,12 +28,12 @@ jobs:
2828
runner: linux-amd64-cpu8
2929
deb_arch: amd64
3030
cli_target: x86_64-unknown-linux-musl
31-
gnu_target: x86_64-unknown-linux-gnu
31+
host_target: x86_64-unknown-linux-gnu
3232
- arch: arm64
3333
runner: linux-arm64-cpu8
3434
deb_arch: arm64
3535
cli_target: aarch64-unknown-linux-musl
36-
gnu_target: aarch64-unknown-linux-gnu
36+
host_target: aarch64-unknown-linux-gnu
3737
runs-on: ${{ matrix.runner }}
3838
timeout-minutes: 20
3939
container:
@@ -69,8 +69,8 @@ jobs:
6969
set -euo pipefail
7070
mkdir -p package-binaries
7171
tar -xzf "package-input/openshell-${{ matrix.cli_target }}.tar.gz" -C package-binaries
72-
tar -xzf "package-input/openshell-gateway-${{ matrix.gnu_target }}.tar.gz" -C package-binaries
73-
tar -xzf "package-input/openshell-driver-vm-${{ matrix.gnu_target }}.tar.gz" -C package-binaries
72+
tar -xzf "package-input/openshell-gateway-${{ matrix.host_target }}.tar.gz" -C package-binaries
73+
tar -xzf "package-input/openshell-driver-vm-${{ matrix.host_target }}.tar.gz" -C package-binaries
7474
ls -lah package-binaries
7575
7676
- name: Build Debian package

.github/workflows/driver-vm-linux.yml

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -81,11 +81,13 @@ jobs:
8181
- arch: arm64
8282
runner: linux-arm64-cpu8
8383
target: aarch64-unknown-linux-gnu
84+
zig_target: aarch64-unknown-linux-gnu.2.31
8485
platform: linux-aarch64
8586
guest_arch: aarch64
8687
- arch: amd64
8788
runner: linux-amd64-cpu8
8889
target: x86_64-unknown-linux-gnu
90+
zig_target: x86_64-unknown-linux-gnu.2.31
8991
platform: linux-x86_64
9092
guest_arch: x86_64
9193
runs-on: ${{ matrix.runner }}
@@ -163,19 +165,25 @@ jobs:
163165
set -euo pipefail
164166
sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${{ inputs['cargo-version'] }}"'"/}' Cargo.toml
165167
166-
- name: Build openshell-driver-vm
168+
- name: Build openshell-driver-vm with glibc 2.31 floor
167169
run: |
168170
set -euo pipefail
171+
mise x -- rustup target add ${{ matrix.target }}
169172
OPENSHELL_VM_RUNTIME_COMPRESSED_DIR="${PWD}/target/vm-runtime-compressed" \
170-
mise x -- cargo build --release -p openshell-driver-vm
173+
mise x -- cargo zigbuild --release --target ${{ matrix.zig_target }} -p openshell-driver-vm --bin openshell-driver-vm
174+
mkdir -p artifacts/bin
175+
install -m 0755 target/${{ matrix.target }}/release/openshell-driver-vm artifacts/bin/openshell-driver-vm
171176
172177
- name: Verify packaged binary
173178
run: |
174179
set -euo pipefail
175-
OUTPUT="$(target/release/openshell-driver-vm --version)"
180+
OUTPUT="$(artifacts/bin/openshell-driver-vm --version)"
176181
echo "$OUTPUT"
177182
grep -q '^openshell-driver-vm ' <<<"$OUTPUT"
178183
184+
- name: Verify glibc symbol floor
185+
run: tasks/scripts/verify-glibc-symbols.sh 2.31 artifacts/bin/openshell-driver-vm
186+
179187
- name: sccache stats
180188
if: always()
181189
run: mise x -- sccache --show-stats
@@ -185,7 +193,7 @@ jobs:
185193
set -euo pipefail
186194
mkdir -p artifacts
187195
tar -czf "artifacts/openshell-driver-vm-${{ matrix.target }}.tar.gz" \
188-
-C target/release openshell-driver-vm
196+
-C artifacts/bin openshell-driver-vm
189197
190198
- name: Upload artifact
191199
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7

.github/workflows/release-dev.yml

Lines changed: 14 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -376,7 +376,7 @@ jobs:
376376
retention-days: 5
377377

378378
# ---------------------------------------------------------------------------
379-
# Build standalone gateway binaries (Linux GNU — native on each arch)
379+
# Build standalone gateway binaries (Linux GNU — glibc 2.31 floor)
380380
# ---------------------------------------------------------------------------
381381
build-gateway-binary-linux:
382382
name: Build Gateway Binary (Linux ${{ matrix.arch }})
@@ -387,9 +387,11 @@ jobs:
387387
- arch: amd64
388388
runner: linux-amd64-cpu8
389389
target: x86_64-unknown-linux-gnu
390+
zig_target: x86_64-unknown-linux-gnu.2.31
390391
- arch: arm64
391392
runner: linux-arm64-cpu8
392393
target: aarch64-unknown-linux-gnu
394+
zig_target: aarch64-unknown-linux-gnu.2.31
393395
runs-on: ${{ matrix.runner }}
394396
timeout-minutes: 60
395397
container:
@@ -427,20 +429,26 @@ jobs:
427429
set -euo pipefail
428430
sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${{ needs.compute-versions.outputs.cargo_version }}"'"/}' Cargo.toml
429431
430-
- name: Build ${{ matrix.target }}
432+
- name: Build ${{ matrix.zig_target }}
431433
env:
432434
OPENSHELL_IMAGE_TAG: ${{ github.sha }}
433435
run: |
434436
set -euo pipefail
435-
mise x -- cargo build --release --target ${{ matrix.target }} -p openshell-server
437+
mise x -- rustup target add ${{ matrix.target }}
438+
mise x -- cargo zigbuild --release --target ${{ matrix.zig_target }} -p openshell-server --bin openshell-gateway
439+
mkdir -p artifacts/bin
440+
install -m 0755 target/${{ matrix.target }}/release/openshell-gateway artifacts/bin/openshell-gateway
436441
437442
- name: Verify packaged binary
438443
run: |
439444
set -euo pipefail
440-
OUTPUT="$(target/${{ matrix.target }}/release/openshell-gateway --version)"
445+
OUTPUT="$(artifacts/bin/openshell-gateway --version)"
441446
echo "$OUTPUT"
442447
grep -q '^openshell-gateway ' <<<"$OUTPUT"
443448
449+
- name: Verify glibc symbol floor
450+
run: tasks/scripts/verify-glibc-symbols.sh 2.31 artifacts/bin/openshell-gateway
451+
444452
- name: sccache stats
445453
if: always()
446454
run: mise x -- sccache --show-stats
@@ -450,7 +458,7 @@ jobs:
450458
set -euo pipefail
451459
mkdir -p artifacts
452460
tar -czf artifacts/openshell-gateway-${{ matrix.target }}.tar.gz \
453-
-C target/${{ matrix.target }}/release openshell-gateway
461+
-C artifacts/bin openshell-gateway
454462
ls -lh artifacts/
455463
456464
- name: Upload artifact
@@ -641,7 +649,7 @@ jobs:
641649

642650
build-rpm:
643651
name: Build RPM Packages
644-
needs: [compute-versions]
652+
needs: [compute-versions, build-cli-linux, build-gateway-binary-linux]
645653
uses: ./.github/workflows/rpm-package.yml
646654
with:
647655
checkout-ref: ${{ github.sha }}

.github/workflows/release-tag.yml

Lines changed: 123 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -409,7 +409,7 @@ jobs:
409409
retention-days: 5
410410

411411
# ---------------------------------------------------------------------------
412-
# Build standalone gateway binaries (Linux GNU — native on each arch)
412+
# Build standalone gateway binaries (Linux GNU — glibc 2.31 floor)
413413
# ---------------------------------------------------------------------------
414414
build-gateway-binary-linux:
415415
name: Build Gateway Binary (Linux ${{ matrix.arch }})
@@ -420,9 +420,11 @@ jobs:
420420
- arch: amd64
421421
runner: linux-amd64-cpu8
422422
target: x86_64-unknown-linux-gnu
423+
zig_target: x86_64-unknown-linux-gnu.2.31
423424
- arch: arm64
424425
runner: linux-arm64-cpu8
425426
target: aarch64-unknown-linux-gnu
427+
zig_target: aarch64-unknown-linux-gnu.2.31
426428
runs-on: ${{ matrix.runner }}
427429
timeout-minutes: 60
428430
container:
@@ -461,20 +463,26 @@ jobs:
461463
set -euo pipefail
462464
sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${{ needs.compute-versions.outputs.cargo_version }}"'"/}' Cargo.toml
463465
464-
- name: Build ${{ matrix.target }}
466+
- name: Build ${{ matrix.zig_target }}
465467
env:
466468
OPENSHELL_IMAGE_TAG: ${{ needs.compute-versions.outputs.source_sha }}
467469
run: |
468470
set -euo pipefail
469-
mise x -- cargo build --release --target ${{ matrix.target }} -p openshell-server
471+
mise x -- rustup target add ${{ matrix.target }}
472+
mise x -- cargo zigbuild --release --target ${{ matrix.zig_target }} -p openshell-server --bin openshell-gateway
473+
mkdir -p artifacts/bin
474+
install -m 0755 target/${{ matrix.target }}/release/openshell-gateway artifacts/bin/openshell-gateway
470475
471476
- name: Verify packaged binary
472477
run: |
473478
set -euo pipefail
474-
OUTPUT="$(target/${{ matrix.target }}/release/openshell-gateway --version)"
479+
OUTPUT="$(artifacts/bin/openshell-gateway --version)"
475480
echo "$OUTPUT"
476481
grep -q '^openshell-gateway ' <<<"$OUTPUT"
477482
483+
- name: Verify glibc symbol floor
484+
run: tasks/scripts/verify-glibc-symbols.sh 2.31 artifacts/bin/openshell-gateway
485+
478486
- name: sccache stats
479487
if: always()
480488
run: mise x -- sccache --show-stats
@@ -484,7 +492,7 @@ jobs:
484492
set -euo pipefail
485493
mkdir -p artifacts
486494
tar -czf artifacts/openshell-gateway-${{ matrix.target }}.tar.gz \
487-
-C target/${{ matrix.target }}/release openshell-gateway
495+
-C artifacts/bin openshell-gateway
488496
ls -lh artifacts/
489497
490498
- name: Upload artifact
@@ -677,7 +685,7 @@ jobs:
677685

678686
build-rpm:
679687
name: Build RPM Packages
680-
needs: [compute-versions]
688+
needs: [compute-versions, build-cli-linux, build-gateway-binary-linux]
681689
uses: ./.github/workflows/rpm-package.yml
682690
with:
683691
checkout-ref: ${{ inputs.tag || github.ref }}
@@ -686,12 +694,120 @@ jobs:
686694
cargo-version: ${{ needs.compute-versions.outputs.cargo_version }}
687695
secrets: inherit
688696

697+
smoke-linux-release-artifacts:
698+
name: Smoke Linux Release Artifacts (${{ matrix.name }})
699+
needs: [build-gateway-binary-linux, build-driver-vm-linux, build-deb, build-rpm]
700+
timeout-minutes: 20
701+
strategy:
702+
fail-fast: false
703+
matrix:
704+
include:
705+
- name: ubuntu-20.04-binaries
706+
runner: linux-amd64-cpu8
707+
image: ubuntu:20.04
708+
kind: binary
709+
artifact_arch: amd64
710+
rpm_arch: x86_64
711+
target: x86_64-unknown-linux-gnu
712+
- name: ubuntu-20.04-binaries-arm64
713+
runner: linux-arm64-cpu8
714+
image: ubuntu:20.04
715+
kind: binary
716+
artifact_arch: arm64
717+
rpm_arch: aarch64
718+
target: aarch64-unknown-linux-gnu
719+
- name: ubuntu-22.04-deb
720+
runner: linux-amd64-cpu8
721+
image: ubuntu:22.04
722+
kind: deb
723+
artifact_arch: amd64
724+
rpm_arch: x86_64
725+
target: x86_64-unknown-linux-gnu
726+
- name: ubuntu-22.04-deb-arm64
727+
runner: linux-arm64-cpu8
728+
image: ubuntu:22.04
729+
kind: deb
730+
artifact_arch: arm64
731+
rpm_arch: aarch64
732+
target: aarch64-unknown-linux-gnu
733+
- name: rhel9-rpm
734+
runner: linux-amd64-cpu8
735+
image: rockylinux:9
736+
kind: rpm
737+
artifact_arch: amd64
738+
rpm_arch: x86_64
739+
target: x86_64-unknown-linux-gnu
740+
- name: rhel9-rpm-aarch64
741+
runner: linux-arm64-cpu8
742+
image: rockylinux:9
743+
kind: rpm
744+
artifact_arch: arm64
745+
rpm_arch: aarch64
746+
target: aarch64-unknown-linux-gnu
747+
runs-on: ${{ matrix.runner }}
748+
container:
749+
image: ${{ matrix.image }}
750+
steps:
751+
- name: Download gateway binary artifact
752+
if: matrix.kind == 'binary'
753+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
754+
with:
755+
name: gateway-binary-linux-${{ matrix.artifact_arch }}
756+
path: smoke-input/
757+
758+
- name: Download VM driver binary artifact
759+
if: matrix.kind == 'binary'
760+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
761+
with:
762+
name: driver-vm-linux-${{ matrix.artifact_arch }}
763+
path: smoke-input/
764+
765+
- name: Smoke binary artifacts
766+
if: matrix.kind == 'binary'
767+
run: |
768+
set -euo pipefail
769+
mkdir -p smoke-bin
770+
tar -xzf smoke-input/openshell-gateway-${{ matrix.target }}.tar.gz -C smoke-bin
771+
tar -xzf smoke-input/openshell-driver-vm-${{ matrix.target }}.tar.gz -C smoke-bin
772+
smoke-bin/openshell-gateway --version
773+
smoke-bin/openshell-driver-vm --version
774+
775+
- name: Download Debian package artifact
776+
if: matrix.kind == 'deb'
777+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
778+
with:
779+
name: deb-linux-${{ matrix.artifact_arch }}
780+
path: package-input/
781+
782+
- name: Smoke Debian package
783+
if: matrix.kind == 'deb'
784+
run: |
785+
set -euo pipefail
786+
apt-get update
787+
apt-get install -y --no-install-recommends ./package-input/*.deb
788+
openshell-gateway --version
789+
/usr/libexec/openshell/openshell-driver-vm --version
790+
791+
- name: Download RPM package artifacts
792+
if: matrix.kind == 'rpm'
793+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
794+
with:
795+
name: rpm-linux-${{ matrix.rpm_arch }}
796+
path: package-input/
797+
798+
- name: Smoke RPM packages
799+
if: matrix.kind == 'rpm'
800+
run: |
801+
set -euo pipefail
802+
dnf install -y ./package-input/*.rpm
803+
openshell-gateway --version
804+
689805
# ---------------------------------------------------------------------------
690806
# Create a tagged GitHub Release with CLI, gateway, driver, and wheels
691807
# ---------------------------------------------------------------------------
692808
release:
693809
name: Release
694-
needs: [compute-versions, build-cli-linux, build-cli-macos, build-gateway-binary-linux, build-gateway-binary-macos, build-supervisor-binary-linux, build-python-wheels-linux, build-python-wheel-macos, tag-ghcr-release, build-driver-vm-linux, build-driver-vm-macos, build-deb, build-rpm]
810+
needs: [compute-versions, build-cli-linux, build-cli-macos, build-gateway-binary-linux, build-gateway-binary-macos, build-supervisor-binary-linux, build-python-wheels-linux, build-python-wheel-macos, tag-ghcr-release, build-driver-vm-linux, build-driver-vm-macos, build-deb, build-rpm, smoke-linux-release-artifacts]
695811
runs-on: linux-amd64-cpu8
696812
timeout-minutes: 10
697813
permissions:

.github/workflows/rpm-package.yml

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,9 +37,15 @@ jobs:
3737
matrix:
3838
include:
3939
- arch: x86_64
40+
artifact_arch: amd64
4041
runner: linux-amd64-cpu8
42+
cli_target: x86_64-unknown-linux-musl
43+
host_target: x86_64-unknown-linux-gnu
4144
- arch: aarch64
45+
artifact_arch: arm64
4246
runner: linux-arm64-cpu8
47+
cli_target: aarch64-unknown-linux-musl
48+
host_target: aarch64-unknown-linux-gnu
4349
runs-on: ${{ matrix.runner }}
4450
timeout-minutes: 60
4551
container:
@@ -59,6 +65,26 @@ jobs:
5965
ref: ${{ inputs.checkout-ref }}
6066
fetch-depth: 0
6167

68+
- name: Download CLI artifact
69+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
70+
with:
71+
name: cli-linux-${{ matrix.artifact_arch }}
72+
path: package-input/
73+
74+
- name: Download gateway artifact
75+
uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1
76+
with:
77+
name: gateway-binary-linux-${{ matrix.artifact_arch }}
78+
path: package-input/
79+
80+
- name: Extract package inputs
81+
run: |
82+
set -euo pipefail
83+
mkdir -p package-binaries
84+
tar -xzf "package-input/openshell-${{ matrix.cli_target }}.tar.gz" -C package-binaries
85+
tar -xzf "package-input/openshell-gateway-${{ matrix.host_target }}.tar.gz" -C package-binaries
86+
ls -lah package-binaries
87+
6288
- name: Mark workspace safe for git
6389
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"
6490

@@ -70,6 +96,7 @@ jobs:
7096
OPENSHELL_RPM_VERSION: ${{ inputs['rpm-version'] }}
7197
OPENSHELL_RPM_RELEASE: ${{ inputs['rpm-release'] }}
7298
OPENSHELL_CARGO_VERSION: ${{ inputs['cargo-version'] }}
99+
OPENSHELL_PREBUILT_BINARIES_DIR: ${{ github.workspace }}/package-binaries
73100
run: packit build locally
74101

75102
- name: Collect RPM artifacts

0 commit comments

Comments
 (0)