More direct APIs to cryptographic primitives without VM init #1108

Workflow file for this run

	name: zenroom
	on:
	push:
	paths-ignore:
	- 'docs/**'
	- 'examples/**'
	- '*.md'
	branches:
	- master
	pull_request:
	paths-ignore:
	- 'docs/**'
	- 'examples/**'
	- '*.md'
	branches:
	- master

	concurrency:
	group: ${{ github.workflow }}-${{ github.ref_name }}
	cancel-in-progress: true

	jobs:
	reuse:
	name: 🚨 REUSE Compliance
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: fsfe/reuse-action@v3


	c-lint:
	name: 🚨 C lint
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	- uses: reviewdog/action-cpplint@master
	env:
	REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	github_token: ${{ secrets.GITHUB_TOKEN }}
	reporter: github-pr-check
	targets: --recursive src
	level: warning
	flags: --linelength=120 # Optional
	filter: "-readability/braces\
	,-readability/casting\
	,-whitespace/comma\
	,-whitespace/braces\
	,-whitespace/comments\
	,-whitespace/indent\
	,-whitespace/newline\
	,-whitespace/operators\
	,-whitespace/parens\
	,-whitespace/tab\
	" # Optional
	# - name: Fail fast?!
	# if: steps.linter.outputs.checks-failed > 0
	# run: \|
	# echo "😤 Some files failed the C linting checks!"

	lua-lint:
	name: 🚨 Lua lint
	runs-on: ubuntu-latest
	steps:
	# - uses: dorny/paths-filter@v2
	# with:
	# filters: \|
	# src:
	# - 'src/lua'
	# - if: steps.changes.outputs.src == 'true'
	- uses: actions/checkout@v4
	- name: Setup luacheck
	run: \|
	if ! hash luacheck &>/dev/null; then
	sudo apt-get install -yq luarocks 1>/dev/null \|\| exit 1
	sudo luarocks install luacheck 1>/dev/null \|\| exit 1
	sudo luarocks install lanes &>/dev/null \|\| true
	fi
	luacheck --version
	shell: bash
	- name: 🚨 LUA lint
	continue-on-error: true
	working-directory: src/lua
	run: \|
	luacheck --config .luacheckrc --std lua54 .

	meson-build:
	name: 🥷 meson/ninja build
	needs: [reuse, c-lint, lua-lint]
	if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_MESON')"
	strategy:
	matrix:
	command: [meson-ccache, meson-clang-ccache]
	fail-fast: false
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-python@v5
	with:
	python-version: '3.10'
	- uses: hendrikmuhs/ccache-action@v1.2
	- name: install dependencies
	run: \|
	sudo apt-get update
	sudo apt-get install -y vim zsh luajit lua-cjson
	pip3 install meson ninja
	- name: Compile with command ${{ matrix.command }}
	run: \|
	make ${{ matrix.command }}
	- run: make meson-test

	linux-build:
	name: 🐧 Linux build
	needs: [reuse, c-lint, lua-lint]
	if: "github.event_name == 'pull_request'"
	runs-on: "ubuntu-latest"
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: install dependencies
	run: sudo apt install -y zsh jq musl-dev meson libreadline-dev
	- name: Build mimalloc
	run: make mimalloc
	- name: Build x86_64 with musl-system
	run: \|
	make musl-system
	make clean
	- name: Build x86_64 shlib
	run: \|
	make linux-meson-clang-release

	windows-build:
	name: 🪟 Windows build
	needs: [reuse, c-lint, lua-lint]
	if: "github.event_name == 'pull_request'"
	runs-on: "ubuntu-latest"
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: install dependencies
	run : sudo apt install -y zsh jq gcc-mingw-w64 g++-mingw-w64
	- name: Build x86_64 windows .exe
	run: \|
	make win
	make win-dll

	macosx-build:
	name: 🍎 Macosx build
	needs: [reuse, c-lint, lua-lint]
	if: "github.event_name == 'pull_request'"
	runs-on: macos-latest
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- run: make osx

	go-build-check:
	name: 🐹 go build & checks
	needs: [reuse, c-lint, lua-lint]
	runs-on: ubuntu-latest
	if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_GO')"
	strategy:
	matrix:
	go: ['1.21', '1.22']
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-go@v5
	with:
	go-version: ${{ matrix.go }}
	cache: false
	- uses: actions/setup-python@v5
	with:
	python-version: '3.10'
	- run: \|
	pip3 install meson ninja
	sudo apt-get install --force-yes zsh libreadline-dev
	- run: \|
	make linux
	- run: cp src/zencode-exec /usr/local/bin/
	- name: 🧪 test bindings go-${{ matrix.go }}
	working-directory: bindings/golang/zenroom
	run: make test
	# - name: 🔐 check crypto with go-${{ matrix.go }}
	# run: make check-go

	rust-build-check:
	name: 🦀 rust build & checks
	needs: [reuse, c-lint, lua-lint]
	runs-on: ubuntu-latest
	if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_RUST')"
	strategy:
	matrix:
	rust: ['stable', 'nightly']
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: dtolnay/rust-toolchain@stable
	with:
	toolchain: ${{ matrix.rust }}
	- run: \|
	pip3 install meson ninja
	sudo apt-get install --force-yes zsh libreadline-dev
	- run: make linux
	- run: cp src/zencode-exec /usr/local/bin/
	- name: 🧪 test bindings rust-${{ matrix.rust }}
	working-directory: bindings/rust
	run: cargo test
	- name: 🔐 check crypto with rust-${{ matrix.rust }}
	run: make check-rs

	# cortex-m-build-check:
	# name: 📟 cortex-m build & checks
	# needs: [reuse, c-lint, lua-lint]
	# runs-on: ubuntu-latest
	# if: ${{ contains(github.event.pull_request.labels.*.name, 'run cortex') \|\| contains(github.event.head_commit.message, 'run cortex') }}
	# steps:
	# - uses: actions/checkout@v4
	# with:
	# fetch-depth: 0
	# - uses: numworks/setup-arm-toolchain@2021-10
	# - run: sudo apt install zsh qemu-system-arm
	# - name: Download cmsis
	# run: \|
	# curl -LO https://github.com/ARM-software/CMSIS_5/archive/refs/tags/5.7.0.tar.gz
	# tar xvf 5.7.0.tar.gz -C lib
	# mv lib/CMSIS_5-5.7.0 lib/cmsis
	# - run: make cortex-arm
	# - name: 🔐 check crypto with cortex-m
	# run: make check-cortex-m

	js-build-check:
	name: 🐯 js build & checks
	needs: [reuse, c-lint, lua-lint]
	runs-on: ubuntu-latest
	if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_JS')"
	strategy:
	matrix:
	node-version: [20.x]
	env:
	EM_VERSION: latest
	defaults:
	run:
	working-directory: bindings/javascript
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-node@v4
	with:
	node-version: ${{ matrix.node-version }}
	- uses: mymindstorm/setup-emsdk@v14
	with:
	version: ${{ env.EM_VERSION }}
	- run: sudo apt-get update; sudo apt-get install zsh meson ninja-build
	- run: yarn
	- run: yarn build
	env:
	EMSCRIPTEN: ${{ env.EMSDK }}/upstream/emscripten
	- name: 🧪 test bindings node-${{ matrix.node-version }}
	run: yarn test
	- name: 🔐 check crypto with node-${{ matrix.node-version }}
	working-directory: ./
	run: make check-js

	python-check:
	name: 🐍 Python checks
	needs: [reuse, c-lint, lua-lint]
	if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_PY') && github.event_name == 'pull_request'"
	runs-on: ${{ matrix.os }}
	defaults:
	run:
	working-directory: bindings/python3
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest]
	python-version: ["3.12"]
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-python@v5
	with:
	python-version: ${{ matrix.python-version }}
	- run: \|
	sudo apt update
	sudo apt install -y zsh cmake libreadline-dev
	if: runner.os == 'Linux'
	- run: brew install zsh
	if: runner.os == 'macOS'
	- run: \|
	cd ../..
	make linux
	cp src/zencode-exec /usr/local/bin/
	- run: \|
	./prepare.sh
	pipx install meson
	pipx install ninja
	pip3 install .[test]
	- run: pytest -s tests

	semantic-release:
	name: 🤖 Semantic release
	needs: [rust-build-check, go-build-check, meson-build, js-build-check]
	runs-on: ubuntu-latest
	if: ${{ github.ref_name == 'master' && github.event_name == 'push' }}
	outputs:
	release: ${{ steps.tag_release.outputs.release }}
	version: ${{ steps.tag_release.outputs.version }}
	steps:
	- uses: actions/checkout@v4
	- name: Setup Node.js
	uses: actions/setup-node@v4
	with:
	node-version: 20.x
	- run: yarn
	- name: Tag release
	id: tag_release
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	run: \|
	npx semantic-release \| tee semantic-release.log
	if [[ `git tag --points-at HEAD` == "" ]]; then
	echo "release=False" >> $GITHUB_OUTPUT
	else
	echo "release=True" >> $GITHUB_OUTPUT
	awk '/Published release/ { printf("version=v%s\n",$8) }' semantic-release.log >> $GITHUB_OUTPUT
	fi

	js-build-release:
	name: 🐯 js build release
	needs: [semantic-release]
	if: ${{ needs.semantic-release.outputs.release == 'True' }}
	runs-on: ubuntu-latest
	env:
	EM_VERSION: 3.1.59
	defaults:
	run:
	working-directory: bindings/javascript
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- uses: actions/setup-node@v4
	with:
	node-version: 20.x
	- uses: mymindstorm/setup-emsdk@v14
	with:
	version: ${{ env.EM_VERSION }}
	- run: sudo apt-get update; sudo apt-get install zsh meson ninja-build
	- run: yarn
	- run: yarn build
	env:
	EMSCRIPTEN: ${{ env.EMSDK }}/upstream/emscripten
	- uses: actions/upload-artifact@v4
	with:
	name: javascript-artifact
	path: \|
	./bindings/javascript/CHANGELOG.md
	./bindings/javascript/LICENSE
	./bindings/javascript/package.json
	./bindings/javascript/README.md
	./bindings/javascript/dist/

	build-release-on-ubuntu:
	name: 🐧 Binary builds on Ubuntu
	runs-on: ubuntu-latest
	needs: [semantic-release]
	if: ${{ needs.semantic-release.outputs.release == 'True' }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Upload release docs artifacts
	uses: actions/upload-artifact@v4
	with:
	name: documentation
	path: \|
	build/release-intro.md
	- name: Install build deps
	run: \|
	sudo apt install zsh tree jq cmake make gcc g++ musl-dev meson clang gcc-mingw-w64 g++-mingw-w64 libreadline-dev
	- name: Build mimalloc
	run: make mimalloc
	- name: Build x86_64 with musl-system
	run: make musl-system
	- name: Upload artifact linux-amd64
	uses: actions/upload-artifact@v4
	with:
	name: release-bin-linux-amd64
	path: \|
	src/zenroom
	src/zencode-exec
	- name: Clean for next build
	run: make clean
	- name: Build x86_64 shlib
	run: \|
	make linux-meson-clang-release
	- name: Upload artifact linux-lib-amd64
	uses: actions/upload-artifact@v4
	with:
	name: release-lib-linux-amd64
	path: \|
	meson/libzenroom.a
	meson/libzenroom.so
	- name: Clean for next build
	run: make clean
	- name: Build x86_64 windows .exe
	run: \|
	make win
	make win-dll
	- name: Upload artifact win x86_64
	uses: actions/upload-artifact@v4
	with:
	name: release-exe-win-w64
	path: \|
	src/zenroom.exe
	src/zencode-exec.exe
	src/libzenroom_dll.lib
	src/zenroom.dll

	file-changes:
	name: "🗃️ Check file changes"
	runs-on: ubuntu-latest
	needs: [semantic-release]
	if: "needs.semantic-release.outputs.release == 'True'"
	outputs:
	python3: ${{ steps.filter.outputs.python3 }}
	steps:
	- uses: actions/checkout@v4
	- uses: dorny/paths-filter@v3
	id: filter
	with:
	filters: \|
	python3:
	- 'bindings/python3/**'

	python-sdist:
	name: 🐍 Python create source distribution
	runs-on: ubuntu-latest
	needs: [semantic-release, file-changes]
	if: "needs.semantic-release.outputs.release == 'True' && needs.file-changes.outputs.python3 == 'true'"
	defaults:
	run:
	working-directory: bindings/python3
	steps:
	- uses: actions/checkout@v4
	with:
	ref: master
	fetch-depth: 0
	- run: \|
	pip install ninja twine
	./prepare.sh
	- run: pipx run build --sdist
	- run: twine check dist/*.tar.gz
	- uses: actions/upload-artifact@v4
	with:
	path: ./bindings/python3/dist/*.tar.gz

	build-release-on-osx:
	name: 🍎 mac osx release build
	needs: [semantic-release]
	runs-on: macos-latest
	if: ${{ needs.semantic-release.outputs.release == 'True' }}
	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- run: \|
	make osx
	- name: Upload artifact win x86_64
	uses: actions/upload-artifact@v4
	with:
	name: release-bin-osx
	path: \|
	src/zenroom.command
	src/zencode-exec.command

	npm-release:
	name: 📦 npm release
	runs-on: ubuntu-latest
	needs: [js-build-release, build-release-on-osx, build-release-on-ubuntu]
	steps:
	- uses: actions/checkout@v4
	with:
	ref: master
	fetch-depth: 0
	- uses: actions/setup-node@v4
	with:
	node-version: 20.x
	registry-url: 'https://registry.npmjs.org'
	- uses: actions/download-artifact@v4
	with:
	name: javascript-artifact
	path: .
	- run: \|
	version=$(git describe --tags --abbrev=0)
	yarn version --new-version ${version:1} --no-git-tag-version
	- run: npm publish . --tag latest
	env:
	NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}

	pypi-release:
	name: 📦 PyPI release
	needs: [js-build-release, python-sdist, build-release-on-osx, build-release-on-ubuntu]
	runs-on: ubuntu-latest
	steps:
	- uses: actions/download-artifact@v4
	with:
	name: artifact
	path: dist
	- uses: pypa/gh-action-pypi-publish@release/v1
	with:
	user: __token__
	password: ${{ secrets.PYPI_API_TOKEN }}

	draft-binary-release:
	name: 📦 Pack release
	needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu]
	runs-on: ubuntu-latest
	steps:
	- name: download binary artifacts
	uses: actions/download-artifact@v4
	with:
	path: \|
	zenroom-bin
	- name: show directory structure
	run: tree -dL 3
	- name: relase all binary artifacts
	uses: softprops/action-gh-release@v2
	with:
	files: \|
	zenroom-bin/release/
	tag_name: ${{ needs.semantic-release.outputs.version }}
	body_path: zenroom-bin/documentation/release-intro.md
	append_body: true
	draft: false
	prerelease: false
	fail_on_unmatched_files: true
	generate_release_notes: true

	remove-tag-on-fail:
	name: 🧻 Remove tag on fail
	needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu]
	runs-on: ubuntu-latest
	if: ${{ (failure() \|\| cancelled()) && needs.semantic-release.outputs.release == 'True' }}
	steps:
	- name: Checkout repository
	uses: actions/checkout@v4
	with:
	fetch-depth: 0
	- name: Remove tag
	uses: dev-drprasad/delete-tag-and-release@v1.0
	with:
	tag_name: ${{ needs.semantic-release.outputs.version }}
	github_token: ${{ secrets.GITHUB_TOKEN }}
	delete_release: false
	repo: dyne/zenroom

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

More direct APIs to cryptographic primitives without VM init #1108

Workflow file

More direct APIs to cryptographic primitives without VM init #1108

Jobs

Run details

Workflow file for this run