change perms (#6) #5
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json | |
name: Create a Release | |
on: | |
workflow_dispatch: | |
push: | |
branches: [dev] | |
permissions: | |
contents: write | |
packages: write # This is needed to publish nuget packages | |
id-token: write # Needed for federated auth to our ADO feeds | |
pull-requests: read | |
jobs: | |
build-rust-ubuntu: | |
# see https://github.com/orgs/community/discussions/26286#discussioncomment-3251208 for why we need to check the ref | |
if: ${{ contains(github.ref, 'refs/heads/release/') }} || ${{ github.ref=='refs/heads/dev' }} | |
runs-on: [self-hosted, Linux, X64, "1ES.Pool=hld-kvm-amd"] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install az-cli (Linux mariner) (move into hyperlight-workflow-setup!) | |
if: ${{ (runner.os == 'Linux') }} | |
run: | | |
if command -v dnf > /dev/null 2>&1; then | |
sudo dnf install azure-cli -y | |
fi | |
shell: bash | |
- uses: hyperlight-dev/[email protected] | |
with: | |
rust-toolchain: "1.81.0" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Debug | |
run: cargo build --verbose | |
- name: Build Release | |
run: cargo build --verbose --release | |
build-rust-windows: | |
# see https://github.com/orgs/community/discussions/26286#discussioncomment-3251208 for why we need to check the ref | |
if: ${{ contains(github.ref, 'refs/heads/release/') }} || ${{ github.ref=='refs/heads/dev' }} | |
runs-on: windows-2022 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: hyperlight-dev/[email protected] | |
with: | |
rust-toolchain: "1.81.0" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build Debug | |
run: cargo build --verbose | |
- name: Build Release | |
run: cargo build --verbose --release | |
build-guest-binaries: | |
uses: ./.github/workflows/dep_build_guest_binaries.yml | |
secrets: inherit | |
fuzzing: | |
uses: ./.github/workflows/dep_fuzzing.yml | |
with: | |
max_total_time: 3600 # 1 hour in seconds | |
secrets: inherit | |
benchmarks: | |
needs: [build-guest-binaries] | |
uses: ./.github/workflows/Benchmarks.yml | |
secrets: inherit | |
permissions: | |
id-token: write | |
contents: read | |
cargo-publish: | |
needs: [publish] | |
uses: ./.github/workflows/CargoPublish.yml | |
secrets: inherit | |
permissions: | |
id-token: write | |
contents: read | |
publish: | |
# see https://github.com/orgs/community/discussions/26286#discussioncomment-3251208 for why we need to check the ref | |
if: ${{ contains(github.ref, 'refs/heads/release/') }} || ${{ github.ref=='refs/heads/dev' }} | |
runs-on: windows-2022 | |
outputs: | |
HYPERLIGHT_VERSION: ${{ steps.set_hyperlight_version.outputs.HYPERLIGHT_VERSION }} | |
needs: | |
[ | |
build-rust-ubuntu, | |
build-rust-windows, | |
build-guest-binaries, | |
benchmarks, | |
] | |
env: | |
PLATFORM: x64 | |
FRAMEWORK: net6.0 | |
DOTNET_INSTALL_DIR: "./.dotnet" | |
steps: | |
- name: Set Debug Configuration | |
if: ${{ github.ref=='refs/heads/dev' }} | |
run: echo "CONFIG=debug" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append | |
shell: pwsh | |
- name: Set Release Configuration | |
if: ${{ contains(github.ref, 'refs/heads/release/') }} | |
run: echo "CONFIG=release" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append | |
shell: pwsh | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
fetch-tags: true | |
- uses: hyperlight-dev/[email protected] | |
with: | |
rust-toolchain: "1.81.0" | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Setup dotnet | |
uses: actions/[email protected] | |
with: | |
dotnet-version: 6.0.x | |
- name: Add msbuild to PATH | |
uses: microsoft/setup-msbuild@v2 | |
with: | |
msbuild-architecture: x64 | |
- name: Install minver cli | |
run: dotnet tool install minver-cli --global | |
shell: pwsh | |
- name: Set HYPERLIGHT_VERSION | |
id: set_hyperlight_version | |
run: | | |
git fetch --tags | |
minver -vd -tv -p preview -a minor | |
echo "HYPERLIGHT_VERSION=$(minver -vd -tv -p preview -a minor)" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append | |
echo "HYPERLIGHT_VERSION=$(minver -vd -tv -p preview -a minor)" | Out-File -FilePath $Env:GITHUB_OUTPUT -Encoding utf-8 -Append | |
shell: pwsh | |
- name: Ensure path exists for debug build | |
if: ${{ env.CONFIG }} == "debug" | |
run: mkdir -p target\debug | |
shell: pwsh | |
- name: Ensure path exists for release build | |
if: ${{ env.CONFIG }} == "release" | |
run: mkdir -p target\release | |
shell: pwsh | |
- name: Download Guest Binaries | |
uses: actions/download-artifact@v3 | |
with: | |
name: guest-binaries-${{ env.CONFIG }} | |
path: ./downloaded-guest-binaries-${{ env.CONFIG }} | |
- name: Copy Guest Binaries | |
run: | | |
cp ./downloaded-guest-binaries-${{ env.CONFIG }}/callbackguest ./src/tests/rust_guests/bin/${{ env.CONFIG }}/callbackguest | |
cp ./downloaded-guest-binaries-${{ env.CONFIG }}/callbackguest.exe ./src/tests/rust_guests/bin/${{ env.CONFIG }}/callbackguest.exe | |
cp ./downloaded-guest-binaries-${{ env.CONFIG }}/simpleguest ./src/tests/rust_guests/bin/${{ env.CONFIG }}/simpleguest | |
cp ./downloaded-guest-binaries-${{ env.CONFIG }}/simpleguest.exe ./src/tests/rust_guests/bin/${{ env.CONFIG }}/simpleguest.exe | |
cp ./downloaded-guest-binaries-${{ env.CONFIG }}/dummyguest ./src/tests/rust_guests/bin/${{ env.CONFIG }}/dummyguest | |
- name: Build and archive guest library + header files | |
run: | | |
just tar-headers | |
just tar-static-lib | |
- name: Determine if we should publish github packages | |
run: | | |
echo "github.ref=${{ github.ref }}" | |
echo "HYPERLIGHT_VERSION=$Env:HYPERLIGHT_VERSION" | |
if (('${{ github.ref }}'.contains('refs/heads/release')) -or | |
(('${{ github.ref }}'.contains('refs/heads/dev')) -and | |
($Env:HYPERLIGHT_VERSION.contains('-preview')))) { | |
echo "Setting SHOULD_PUBLISH in GITHUB_ENV" | |
echo "SHOULD_PUBLISH=true" | Out-File -FilePath $Env:GITHUB_ENV -Encoding utf-8 -Append | |
} | |
- name: Download benchmarks (Windows) | |
uses: actions/download-artifact@v3 | |
with: | |
name: benchmarks_Windows_none | |
path: benchmarks_Windows_none | |
- name: Download benchmarks (Linux hyperv) | |
uses: actions/download-artifact@v3 | |
with: | |
name: benchmarks_Linux_hyperv | |
path: benchmarks_Linux_hyperv | |
- name: Download benchmarks (Linux kvm) | |
uses: actions/download-artifact@v3 | |
with: | |
name: benchmarks_Linux_kvm | |
path: benchmarks_Linux_kvm | |
- name: Archive benchmarks | |
run: | | |
tar -zcvf benchmarks_Windows_none.tar.gz benchmarks_Windows_none | |
tar -zcvf benchmarks_Linux_hyperv.tar.gz benchmarks_Linux_hyperv | |
tar -zcvf benchmarks_Linux_kvm.tar.gz benchmarks_Linux_kvm | |
- name: Install github-cli | |
run: | | |
$ProgressPreference = 'SilentlyContinue' | |
# check if gh cli is installed | |
$installed = [bool](Get-Command -ErrorAction Ignore -Type Application gh) | |
if ($installed) { Write-Host "gh cli already installed"; exit 0 } | |
# download and install gh cli | |
Invoke-WebRequest https://github.com/cli/cli/releases/download/v2.50.0/gh_2.50.0_windows_amd64.msi -OutFile gh.msi | |
msiexec.exe /i gh.msi /quiet /l log.txt | Out-Null | |
Write-Host "msiexec exited with code $LASTEXITCCODE" | |
if ($LASTEXITCODE -ne 0) { cat log.txt; exit 1 } | |
# Publish the native guests so that its possible to use Hyperlight without building it. | |
- name: Create release | |
# Only create a release from tag if we are on a release branch | |
if: ${{ contains(github.ref, 'refs/heads/release/') }} | |
run: | | |
gh release create v${{ env.HYPERLIGHT_VERSION }} -t "Release v${{ env.HYPERLIGHT_VERSION }}" --generate-notes ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/callbackguest ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/callbackguest.exe ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/simpleguest ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/simpleguest.exe ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/dummyguest ` | |
benchmarks_Windows_none.tar.gz ` | |
benchmarks_Linux_hyperv.tar.gz ` | |
benchmarks_Linux_kvm.tar.gz ` | |
hyperlight-guest-c-api-linux.tar.gz ` | |
hyperlight-guest-c-api-windows.tar.gz ` | |
include.tar.gz | |
env: | |
GH_TOKEN: ${{ github.token }} | |
- name: Create release (dev) | |
# Only create a dev release if we are on the dev branch | |
if: ${{ github.ref=='refs/heads/dev' }} | |
run: | | |
gh release delete dev-latest -y --cleanup-tag || $true | |
gh release create dev-latest -t "Latest Development Build From Dev Branch" --latest=false -p ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/callbackguest ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/callbackguest.exe ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/simpleguest ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/simpleguest.exe ` | |
src/tests/rust_guests/bin/${{ env.CONFIG }}/dummyguest ` | |
benchmarks_Windows_none.tar.gz ` | |
benchmarks_Linux_hyperv.tar.gz ` | |
benchmarks_Linux_kvm.tar.gz ` | |
hyperlight-guest-c-api-linux.tar.gz ` | |
hyperlight-guest-c-api-windows.tar.gz ` | |
include.tar.gz | |
env: | |
GH_TOKEN: ${{ github.token }} | |