mirror of
https://github.com/openai/codex.git
synced 2026-03-05 21:45:28 +03:00
be5e8fbd37
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 6 to 7. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/actions/upload-artifact/releases">actions/upload-artifact's releases</a>.</em></p> <blockquote> <h2>v7.0.0</h2> <h2>v7 What's new</h2> <h3>Direct Uploads</h3> <p>Adds support for uploading single files directly (unzipped). Callers can set the new <code>archive</code> parameter to <code>false</code> to skip zipping the file during upload. Right now, we only support single files. The action will fail if the glob passed resolves to multiple files. The <code>name</code> parameter is also ignored with this setting. Instead, the name of the artifact will be the name of the uploaded file.</p> <h3>ESM</h3> <p>To support new versions of the <code>@actions/*</code> packages, we've upgraded the package to ESM.</p> <h2>What's Changed</h2> <ul> <li>Add proxy integration test by <a href="https://github.com/Link"><code>@Link</code></a>- in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> <li>Upgrade the module to ESM and bump dependencies by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/762">actions/upload-artifact#762</a></li> <li>Support direct file uploads by <a href="https://github.com/danwkennedy"><code>@danwkennedy</code></a> in <a href="https://redirect.github.com/actions/upload-artifact/pull/764">actions/upload-artifact#764</a></li> </ul> <h2>New Contributors</h2> <ul> <li><a href="https://github.com/Link"><code>@Link</code></a>- made their first contribution in <a href="https://redirect.github.com/actions/upload-artifact/pull/754">actions/upload-artifact#754</a></li> </ul> <p><strong>Full Changelog</strong>: <a href="https://github.com/actions/upload-artifact/compare/v6...v7.0.0">https://github.com/actions/upload-artifact/compare/v6...v7.0.0</a></p> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="bbbca2ddaa"><code>bbbca2d</code></a> Support direct file uploads (<a href="https://redirect.github.com/actions/upload-artifact/issues/764">#764</a>)</li> <li><a href="589182c5a4"><code>589182c</code></a> Upgrade the module to ESM and bump dependencies (<a href="https://redirect.github.com/actions/upload-artifact/issues/762">#762</a>)</li> <li><a href="47309c993a"><code>47309c9</code></a> Merge pull request <a href="https://redirect.github.com/actions/upload-artifact/issues/754">#754</a> from actions/Link-/add-proxy-integration-tests</li> <li><a href="02a8460834"><code>02a8460</code></a> Add proxy integration test</li> <li>See full diff in <a href="https://github.com/actions/upload-artifact/compare/v6...v7">compare view</a></li> </ul> </details> <br /> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Eric Traut <etraut@openai.com>
265 lines
10 KiB
YAML
265 lines
10 KiB
YAML
name: rust-release-windows
|
|
|
|
on:
|
|
workflow_call:
|
|
inputs:
|
|
release-lto:
|
|
required: true
|
|
type: string
|
|
secrets:
|
|
AZURE_TRUSTED_SIGNING_CLIENT_ID:
|
|
required: true
|
|
AZURE_TRUSTED_SIGNING_TENANT_ID:
|
|
required: true
|
|
AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID:
|
|
required: true
|
|
AZURE_TRUSTED_SIGNING_ENDPOINT:
|
|
required: true
|
|
AZURE_TRUSTED_SIGNING_ACCOUNT_NAME:
|
|
required: true
|
|
AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME:
|
|
required: true
|
|
|
|
jobs:
|
|
build-windows-binaries:
|
|
name: Build Windows binaries - ${{ matrix.runner }} - ${{ matrix.target }} - ${{ matrix.bundle }}
|
|
runs-on: ${{ matrix.runs_on }}
|
|
timeout-minutes: 60
|
|
permissions:
|
|
contents: read
|
|
defaults:
|
|
run:
|
|
working-directory: codex-rs
|
|
env:
|
|
CARGO_PROFILE_RELEASE_LTO: ${{ inputs.release-lto }}
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runner: windows-x64
|
|
target: x86_64-pc-windows-msvc
|
|
bundle: primary
|
|
build_args: --bin codex --bin codex-responses-api-proxy
|
|
runs_on:
|
|
group: codex-runners
|
|
labels: codex-windows-x64
|
|
- runner: windows-arm64
|
|
target: aarch64-pc-windows-msvc
|
|
bundle: primary
|
|
build_args: --bin codex --bin codex-responses-api-proxy
|
|
runs_on:
|
|
group: codex-runners
|
|
labels: codex-windows-arm64
|
|
- runner: windows-x64
|
|
target: x86_64-pc-windows-msvc
|
|
bundle: helpers
|
|
build_args: --bin codex-windows-sandbox-setup --bin codex-command-runner
|
|
runs_on:
|
|
group: codex-runners
|
|
labels: codex-windows-x64
|
|
- runner: windows-arm64
|
|
target: aarch64-pc-windows-msvc
|
|
bundle: helpers
|
|
build_args: --bin codex-windows-sandbox-setup --bin codex-command-runner
|
|
runs_on:
|
|
group: codex-runners
|
|
labels: codex-windows-arm64
|
|
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
- name: Print runner specs (Windows)
|
|
shell: powershell
|
|
run: |
|
|
$computer = Get-CimInstance Win32_ComputerSystem
|
|
$cpu = Get-CimInstance Win32_Processor | Select-Object -First 1
|
|
$ramGiB = [math]::Round($computer.TotalPhysicalMemory / 1GB, 1)
|
|
Write-Host "Runner: $env:RUNNER_NAME"
|
|
Write-Host "OS: $([System.Environment]::OSVersion.VersionString)"
|
|
Write-Host "CPU: $($cpu.Name)"
|
|
Write-Host "Logical CPUs: $($computer.NumberOfLogicalProcessors)"
|
|
Write-Host "Physical CPUs: $($computer.NumberOfProcessors)"
|
|
Write-Host "Total RAM: $ramGiB GiB"
|
|
Write-Host "Disk usage:"
|
|
Get-PSDrive -PSProvider FileSystem | Format-Table -AutoSize Name, @{Name='Size(GB)';Expression={[math]::Round(($_.Used + $_.Free) / 1GB, 1)}}, @{Name='Free(GB)';Expression={[math]::Round($_.Free / 1GB, 1)}}
|
|
- uses: dtolnay/rust-toolchain@1.93.0
|
|
with:
|
|
targets: ${{ matrix.target }}
|
|
|
|
- name: Cargo build (Windows binaries)
|
|
shell: bash
|
|
run: |
|
|
cargo build --target ${{ matrix.target }} --release --timings ${{ matrix.build_args }}
|
|
|
|
- name: Upload Cargo timings
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: cargo-timings-rust-release-windows-${{ matrix.target }}-${{ matrix.bundle }}
|
|
path: codex-rs/target/**/cargo-timings/cargo-timing.html
|
|
if-no-files-found: warn
|
|
|
|
- name: Stage Windows binaries
|
|
shell: bash
|
|
run: |
|
|
output_dir="target/${{ matrix.target }}/release/staged-${{ matrix.bundle }}"
|
|
mkdir -p "$output_dir"
|
|
if [[ "${{ matrix.bundle }}" == "primary" ]]; then
|
|
cp target/${{ matrix.target }}/release/codex.exe "$output_dir/codex.exe"
|
|
cp target/${{ matrix.target }}/release/codex-responses-api-proxy.exe "$output_dir/codex-responses-api-proxy.exe"
|
|
else
|
|
cp target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe "$output_dir/codex-windows-sandbox-setup.exe"
|
|
cp target/${{ matrix.target }}/release/codex-command-runner.exe "$output_dir/codex-command-runner.exe"
|
|
fi
|
|
|
|
- name: Upload Windows binaries
|
|
uses: actions/upload-artifact@v7
|
|
with:
|
|
name: windows-binaries-${{ matrix.target }}-${{ matrix.bundle }}
|
|
path: |
|
|
codex-rs/target/${{ matrix.target }}/release/staged-${{ matrix.bundle }}/*
|
|
|
|
build-windows:
|
|
needs:
|
|
- build-windows-binaries
|
|
name: Build - ${{ matrix.runner }} - ${{ matrix.target }}
|
|
runs-on: ${{ matrix.runs_on }}
|
|
timeout-minutes: 60
|
|
permissions:
|
|
contents: read
|
|
id-token: write
|
|
defaults:
|
|
run:
|
|
working-directory: codex-rs
|
|
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- runner: windows-x64
|
|
target: x86_64-pc-windows-msvc
|
|
runs_on:
|
|
group: codex-runners
|
|
labels: codex-windows-x64
|
|
- runner: windows-arm64
|
|
target: aarch64-pc-windows-msvc
|
|
runs_on:
|
|
group: codex-runners
|
|
labels: codex-windows-arm64
|
|
|
|
steps:
|
|
- uses: actions/checkout@v6
|
|
|
|
- name: Download prebuilt Windows primary binaries
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: windows-binaries-${{ matrix.target }}-primary
|
|
path: codex-rs/target/${{ matrix.target }}/release
|
|
|
|
- name: Download prebuilt Windows helper binaries
|
|
uses: actions/download-artifact@v8
|
|
with:
|
|
name: windows-binaries-${{ matrix.target }}-helpers
|
|
path: codex-rs/target/${{ matrix.target }}/release
|
|
|
|
- name: Verify binaries
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
ls -lh target/${{ matrix.target }}/release/codex.exe
|
|
ls -lh target/${{ matrix.target }}/release/codex-responses-api-proxy.exe
|
|
ls -lh target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe
|
|
ls -lh target/${{ matrix.target }}/release/codex-command-runner.exe
|
|
|
|
- name: Sign Windows binaries with Azure Trusted Signing
|
|
uses: ./.github/actions/windows-code-sign
|
|
with:
|
|
target: ${{ matrix.target }}
|
|
client-id: ${{ secrets.AZURE_TRUSTED_SIGNING_CLIENT_ID }}
|
|
tenant-id: ${{ secrets.AZURE_TRUSTED_SIGNING_TENANT_ID }}
|
|
subscription-id: ${{ secrets.AZURE_TRUSTED_SIGNING_SUBSCRIPTION_ID }}
|
|
endpoint: ${{ secrets.AZURE_TRUSTED_SIGNING_ENDPOINT }}
|
|
account-name: ${{ secrets.AZURE_TRUSTED_SIGNING_ACCOUNT_NAME }}
|
|
certificate-profile-name: ${{ secrets.AZURE_TRUSTED_SIGNING_CERTIFICATE_PROFILE_NAME }}
|
|
|
|
- name: Stage artifacts
|
|
shell: bash
|
|
run: |
|
|
dest="dist/${{ matrix.target }}"
|
|
mkdir -p "$dest"
|
|
|
|
cp target/${{ matrix.target }}/release/codex.exe "$dest/codex-${{ matrix.target }}.exe"
|
|
cp target/${{ matrix.target }}/release/codex-responses-api-proxy.exe "$dest/codex-responses-api-proxy-${{ matrix.target }}.exe"
|
|
cp target/${{ matrix.target }}/release/codex-windows-sandbox-setup.exe "$dest/codex-windows-sandbox-setup-${{ matrix.target }}.exe"
|
|
cp target/${{ matrix.target }}/release/codex-command-runner.exe "$dest/codex-command-runner-${{ matrix.target }}.exe"
|
|
|
|
- name: Install DotSlash
|
|
uses: facebook/install-dotslash@v2
|
|
|
|
- name: Compress artifacts
|
|
shell: bash
|
|
run: |
|
|
# Path that contains the uncompressed binaries for the current
|
|
# ${{ matrix.target }}
|
|
dest="dist/${{ matrix.target }}"
|
|
repo_root=$PWD
|
|
|
|
# For compatibility with environments that lack the `zstd` tool we
|
|
# additionally create a `.tar.gz` and `.zip` for every Windows binary.
|
|
# The end result is:
|
|
# codex-<target>.zst
|
|
# codex-<target>.tar.gz
|
|
# codex-<target>.zip
|
|
for f in "$dest"/*; do
|
|
base="$(basename "$f")"
|
|
# Skip files that are already archives (shouldn't happen, but be
|
|
# safe).
|
|
if [[ "$base" == *.tar.gz || "$base" == *.zip || "$base" == *.dmg ]]; then
|
|
continue
|
|
fi
|
|
|
|
# Don't try to compress signature bundles.
|
|
if [[ "$base" == *.sigstore ]]; then
|
|
continue
|
|
fi
|
|
|
|
# Create per-binary tar.gz
|
|
tar -C "$dest" -czf "$dest/${base}.tar.gz" "$base"
|
|
|
|
# Create zip archive for Windows binaries.
|
|
# Must run from inside the dest dir so 7z won't embed the
|
|
# directory path inside the zip.
|
|
if [[ "$base" == "codex-${{ matrix.target }}.exe" ]]; then
|
|
# Bundle the sandbox helper binaries into the main codex zip so
|
|
# WinGet installs include the required helpers next to codex.exe.
|
|
# Fall back to the single-binary zip if the helpers are missing
|
|
# to avoid breaking releases.
|
|
bundle_dir="$(mktemp -d)"
|
|
runner_src="$dest/codex-command-runner-${{ matrix.target }}.exe"
|
|
setup_src="$dest/codex-windows-sandbox-setup-${{ matrix.target }}.exe"
|
|
if [[ -f "$runner_src" && -f "$setup_src" ]]; then
|
|
cp "$dest/$base" "$bundle_dir/$base"
|
|
cp "$runner_src" "$bundle_dir/codex-command-runner.exe"
|
|
cp "$setup_src" "$bundle_dir/codex-windows-sandbox-setup.exe"
|
|
# Use an absolute path so bundle zips land in the real dist
|
|
# dir even when 7z runs from a temp directory.
|
|
(cd "$bundle_dir" && 7z a "$repo_root/$dest/${base}.zip" .)
|
|
else
|
|
echo "warning: missing sandbox binaries; falling back to single-binary zip"
|
|
echo "warning: expected $runner_src and $setup_src"
|
|
(cd "$dest" && 7z a "${base}.zip" "$base")
|
|
fi
|
|
rm -rf "$bundle_dir"
|
|
else
|
|
(cd "$dest" && 7z a "${base}.zip" "$base")
|
|
fi
|
|
|
|
# Keep raw executables and produce .zst alongside them.
|
|
"${GITHUB_WORKSPACE}/.github/workflows/zstd" -T0 -19 "$dest/$base"
|
|
done
|
|
|
|
- uses: actions/upload-artifact@v7
|
|
with:
|
|
name: ${{ matrix.target }}
|
|
path: |
|
|
codex-rs/dist/${{ matrix.target }}/*
|