From 05ca53e1f0b94a944f12e03aeb39af5ae45abdd4 Mon Sep 17 00:00:00 2001 From: Jeff MAURY Date: Tue, 19 May 2026 19:00:59 +0200 Subject: [PATCH] feat: build CLI during pull request Fixes #1454 Signed-off-by: Jeff MAURY --- .github/workflows/branch-e2e.yml | 12 ++++++++++++ .github/workflows/docker-build.yml | 21 ++++++++++++++++++--- .github/workflows/rust-native-build.yml | 21 ++++++++++++++++----- 3 files changed, 46 insertions(+), 8 deletions(-) diff --git a/.github/workflows/branch-e2e.yml b/.github/workflows/branch-e2e.yml index d6419545a..2186aa234 100644 --- a/.github/workflows/branch-e2e.yml +++ b/.github/workflows/branch-e2e.yml @@ -48,6 +48,18 @@ jobs: platform: linux/arm64 publish-manifest: false + build-cli: + needs: [pr_metadata] + if: needs.pr_metadata.outputs.should_run == 'true' + permissions: + contents: read + packages: read + uses: ./.github/workflows/docker-build.yml + with: + component: cli + platform: linux/amd64 + secrets: inherit + e2e: needs: [pr_metadata, build-gateway, build-supervisor] if: needs.pr_metadata.outputs.should_run == 'true' diff --git a/.github/workflows/docker-build.yml b/.github/workflows/docker-build.yml index 3f98e7b6b..0acbe3da4 100644 --- a/.github/workflows/docker-build.yml +++ b/.github/workflows/docker-build.yml @@ -4,7 +4,7 @@ on: workflow_call: inputs: component: - description: "Component to build (gateway, supervisor)" + description: "Component to build (gateway, supervisor, cli)" required: true type: string timeout-minutes: @@ -71,6 +71,8 @@ jobs: binary_name: ${{ steps.resolve.outputs.binary_name }} artifact_prefix: ${{ steps.resolve.outputs.artifact_prefix }} image_tag_base: ${{ steps.resolve.outputs.image_tag_base }} + features: ${{ steps.resolve.outputs.features }} + has_image: ${{ steps.resolve.outputs.has_image }} steps: - name: Resolve component and platform matrix id: resolve @@ -82,10 +84,20 @@ jobs: gateway) binary_component=gateway binary_name=openshell-gateway + features="openshell-core/dev-settings" + has_image=true ;; supervisor) binary_component=sandbox binary_name=openshell-sandbox + features="openshell-core/dev-settings" + has_image=true + ;; + cli) + binary_component=cli + binary_name=openshell + features="bundled-z3" + has_image=false ;; *) echo "unsupported component: $component" >&2 @@ -144,6 +156,8 @@ jobs: echo "binary_name=$binary_name" echo "artifact_prefix=rust-binary-${component}-${binary_component}" echo "image_tag_base=$image_tag_base" + echo "features=$features" + echo "has_image=$has_image" } >> "$GITHUB_OUTPUT" rust-binary: @@ -162,13 +176,14 @@ jobs: cargo-version: ${{ inputs['cargo-version'] }} image-tag: ${{ needs.resolve.outputs.image_tag_base }} checkout-ref: ${{ inputs['checkout-ref'] }} - features: openshell-core/dev-settings + features: ${{ needs.resolve.outputs.features }} artifact-name: ${{ needs.resolve.outputs.artifact_prefix }}-linux-${{ matrix.arch }} secrets: inherit build: name: Build ${{ inputs.component }} (${{ matrix.arch }}) needs: [resolve, rust-binary] + if: needs.resolve.outputs.has_image == 'true' runs-on: ${{ matrix.runner }} timeout-minutes: ${{ inputs['timeout-minutes'] }} strategy: @@ -262,7 +277,7 @@ jobs: merge: name: Merge ${{ inputs.component }} manifest needs: [resolve, build] - if: ${{ inputs.push && inputs['publish-manifest'] }} + if: ${{ inputs.push && inputs['publish-manifest'] && needs.resolve.outputs.has_image == 'true' }} runs-on: linux-amd64-cpu8 timeout-minutes: 10 container: diff --git a/.github/workflows/rust-native-build.yml b/.github/workflows/rust-native-build.yml index 1086ee5e8..0fdc9e1c6 100644 --- a/.github/workflows/rust-native-build.yml +++ b/.github/workflows/rust-native-build.yml @@ -1,18 +1,18 @@ # SPDX-FileCopyrightText: Copyright (c) 2025-2026 NVIDIA CORPORATION & AFFILIATES. All rights reserved. # SPDX-License-Identifier: Apache-2.0 -name: Rust Image Binary Build (openshell-gateway / openshell-sandbox) +name: Rust Image Binary Build (openshell-gateway / openshell-sandbox / openshell-cli) # Build Rust binaries per Linux architecture before the Docker image build # consumes them as prebuilt artifacts. Gateway images use GNU-linked binaries -# for the NVIDIA distroless C/C++ runtime; supervisor images use musl/static +# for the NVIDIA distroless C/C++ runtime; supervisor and cli images use musl/static # binaries so the final image can remain scratch. on: workflow_call: inputs: component: - description: "Binary component to build (gateway or sandbox)" + description: "Binary component to build (gateway, sandbox, or cli)" required: true type: string arch: @@ -114,6 +114,11 @@ jobs: binary=openshell-sandbox zig_target= ;; + cli) + crate=openshell-cli + binary=openshell + zig_target= + ;; *) echo "unsupported component: $COMPONENT" >&2 exit 1 @@ -122,7 +127,7 @@ jobs: case "$ARCH" in amd64) - if [[ "$COMPONENT" == "sandbox" ]]; then + if [[ "$COMPONENT" == "sandbox" || "$COMPONENT" == "cli" ]]; then target=x86_64-unknown-linux-musl zig_target=x86_64-linux-musl else @@ -130,7 +135,7 @@ jobs: fi ;; arm64) - if [[ "$COMPONENT" == "sandbox" ]]; then + if [[ "$COMPONENT" == "sandbox" || "$COMPONENT" == "cli" ]]; then target=aarch64-unknown-linux-musl zig_target=aarch64-linux-musl else @@ -202,6 +207,12 @@ jobs: echo "CARGO_TARGET_${TARGET_ENV_UPPER}_LINKER=/tmp/zig-musl/cc" >> "$GITHUB_ENV" echo "CARGO_TARGET_${TARGET_ENV_UPPER}_RUSTFLAGS=-Clink-self-contained=no" >> "$GITHUB_ENV" + # z3 built with zig c++ uses libc++ symbols (std::__1::*). + # Override z3-sys default (stdc++) so Rust links the matching runtime. + if [[ "$COMPONENT" == "cli" ]]; then + echo "CXXSTDLIB=c++" >> "$GITHUB_ENV" + fi + - name: Build ${{ steps.target.outputs.binary }} (${{ steps.target.outputs.target }}) env: # Preserve the release-codegen setting used by the old Dockerfile