ci: cross compile and publish #409
Conversation
|
You need to add a NOTE: This is a saved reply. Sorry if it reads as a cookie-cutter response, it was written so that newcomers understand what a "DCO" is and make the process for contributing a little less scary. |
thesayyn
force-pushed
the
main
branch
2 times, most recently
from
7a8936d
to
2f9b40b
Compare
|
Hey @cyphar, just a friendly ping. I have time to push this to get it landed. generated binaries seem to be working without any intervention. I have added platforms as I saw fit but I am afraid that we can’t support some of them due to the lack of a CI pipeline that tests for these platforms. Since you are the one who knows the codebase better could you take a look and point any errors that I am making? I would appreciate it a lot. |
Signed-off-by: Sahin <[email protected]>
thesayyn
force-pushed
the
main
branch
3 times, most recently
from
b4065d9
to
1762c82
Compare
Signed-off-by: Sahin <[email protected]>
|
@cyphar or anyone. (sorry for pinging again). could you PTAL? now, this is the pure bash script and uses some of the bits from runc repository. |
thesayyn
changed the title
|
Remaining points:
|
Codecov Report
@@ Coverage Diff @@
## main #409 +/- ##
==========================================
- Coverage 74.30% 74.12% -0.19%
==========================================
Files 59 59
Lines 4783 4830 +47
==========================================
+ Hits 3554 3580 +26
- Misses 884 898 +14
- Partials 345 352 +7
|
|
Sorry for not taking a look earlier, I was on leave for a while and there were other issues I had to work on. Thanks for reworking this to be a shell script. I will take a closer look at how this interacts with my release workflow. At the moment I do the build and signing on my local machine. I did think about coming up with a more complicated setup for both runc and umoci (trigger a binary build in CI which then creates a release with the unsigned artifacts, then run a locally script which pulls the artefacts, signs them, then re-uploads). But I'm not sure the time spent getting such a thing to work would be worth it. As an aside, in runc, I recently reworked the signing system so that the binaries are all built in a container (so we can cross-compile them) and a separate script does the signing. For runc we needed to use a container because we need to build libseccomp from scratch and only Debian lets you have a full cross-compiling environment for all the platforms we need for runc. Since umoci is pure-Go I suspect these problems don't affect us as much. EDIT: Ah, I see you switched to my new scripts from runc. That should make this simpler to review. Thanks! |
yep. mostly comes from there. just changed it in a way that could cross-compile for different os and arch pairs. also, naming of the binaries changed drastically so there might be people who are depending on linux/amd64 binary that is already part of the releases. so it might be a good idea to have two copies of
Though, I believe it could be helpful to build unsigned (signed by CI) binaries for HEAD whenever HEAD moves forward. possibly as part of CI artifacts. this could come in handy for testing unstable features and fixes out there in the wild.
Yeap. we don't need a container at all. compilation happens on the host machine. |
|
hey, @cyphar Sorry for pinging again. Did you have time to look at this? |
Addresses #332