More robust handling of incompatible layout files #1674

Workflow file for this run

.github/workflows/codetracer.yml at 2ced36a

	name: Codetracer CI
	on:
	push:
	branches:
	- main
	pull_request:

	permissions:
	contents: read
	id-token: write

	jobs:
	lint-bash:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default -c ./ci/lint/bash.sh"

	lint-nim:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default -c ./ci/lint/nim.sh"

	lint-nix:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default -c ./ci/lint/nix.sh"

	lint-rust:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default -c ./ci/lint/rust.sh"

	lint-ui-tests:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default -c ./ci/lint/ui-tests.sh"

	test-frontend-js:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default -c ./ci/test/frontend-js.sh"

	push-gpg-public-key:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	- name: "Import GPG key for signing commits"
	id: import-gpg
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY_PASS }}
	git_config_global: true
	git_user_signingkey: true
	git_commit_gpgsign: true
	- name: "Upload public key"
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	nix develop .#devShells.x86_64-linux.default --command gpg --armor --export > CodeTracer.pub.asc
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer.pub.asc s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer.pub.asc

	push-install-script:
	runs-on: [self-hosted, nixos]
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	- name: Upload script
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp install-on-distributions.sh s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/install.sh

	dev-build:
	runs-on: [self-hosted, nixos]
	needs:
	- lint-bash
	- lint-nim
	- lint-nix
	- lint-rust
	- lint-ui-tests
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default --command ./ci/build/dev.sh"

	nix-build:
	runs-on: [self-hosted, nixos]
	needs:
	- lint-bash
	- lint-nim
	- lint-nix
	- lint-rust
	- lint-ui-tests
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default --command ./ci/build/nix.sh"

	build-python-packages:
	needs:
	- lint-bash
	- lint-nim
	- lint-nix
	- lint-rust
	- lint-ui-tests
	strategy:
	fail-fast: false
	matrix:
	include:
	- name: linux-amd64
	runner: ubuntu-latest
	target_os: linux
	arch: amd64
	plat_name: manylinux_2_17_x86_64
	# - name: linux-arm64
	# runner: ubuntu-22.04-arm64
	# target_os: linux
	# arch: arm64
	# plat_name: manylinux_2_17_aarch64

	- name: macos-amd64
	runner: macos-15-intel
	target_os: macos
	arch: amd64
	plat_name: macosx_10_9_x86_64
	- name: macos-arm64
	runner: macos-14
	target_os: macos
	arch: arm64
	plat_name: macosx_11_0_arm64

	runs-on: ${{ matrix.runner }}
	steps:
	- name: Check out repository
	uses: actions/checkout@v5
	with:
	submodules: 'true'


	- name: Set up Python
	uses: actions/setup-python@v6
	with:
	python-version: '3.11'

	- name: Install Python build backend
	run: python -m pip install --upgrade build

	- name: Install nim
	run: \|
	set -euo pipefail

	wget https://nim-lang.org/download/nim-1.6.20.tar.xz
	tar xf nim-1.6.20.tar.xz
	pushd nim-1.6.20
	sh build.sh
	bin/nim c koch
	./koch boot -d:release
	export PATH="$(pwd)/bin:${PATH}"
	popd

	- name: Get sqlite
	run: \|
	set -euo pipefail

	wget https://sqlite.org/2025/sqlite-amalgamation-3500400.zip
	unzip sqlite-amalgamation-3500400.zip
	cp sqlite-amalgamation-3500400/sqlite3.c .

	- name: Install libssl (Linux)
	if: ${{ matrix.target_os == 'linux' }}
	run: \|
	sudo apt-get update
	sudo apt-get install -y libssl-dev

	- name: Install libssl (MacOS)
	if: ${{ matrix.target_os == 'macos' }}
	run: \|
	git clone https://github.com/openssl/openssl
	pushd openssl
	git checkout openssl-3.5.4

	./Configure --prefix=$(pwd)/../openssl-res
	make -j$(sysctl -n hw.ncpu)
	make install_sw

	popd

	- name: Install zlib (Linux)
	if: ${{ matrix.target_os == 'linux' }}
	run: \|
	sudo apt-get update
	sudo apt-get install -y zlib1g-dev

	- name: Install zlib (MacOS)
	if: ${{ matrix.target_os == 'macos' }}
	run: \|
	wget https://zlib.net/zlib-1.3.1.tar.gz
	tar xf zlib-1.3.1.tar.gz
	pushd zlib-1.3.1

	./configure --static --prefix=$(pwd)/../zlib-res
	make -j$(sysctl -n hw.ncpu)
	make install

	popd

	- name: Build codetracer binaries (Linux)
	if: ${{ matrix.target_os == 'linux' }}
	shell: bash
	run: \|
	set -euo pipefail

	TARGET_DIR="build-python/src/ct/bin/${{ matrix.target_os }}-${{ matrix.arch }}"
	mkdir -p "${TARGET_DIR}"

	./nim-1.6.20/bin/nim -d:release \
	--d:asyncBackend=asyncdispatch \
	--dynlibOverride:std -d:staticStd \
	--gc:refc --hints:on --warnings:off \
	--boundChecks:on \
	-d:useOpenssl3 \
	-d:ssl \
	-d:chronicles_sinks=json -d:chronicles_line_numbers=true \
	-d:chronicles_timestamps=UnixTime \
	-d:ctTest -d:testing --hint"[XDeclaredButNotUsed]":off \
	-d:builtWithNix \
	-d:ctEntrypoint \
	-d:pythonPackage \
	-d:linksPathConst=.. \
	-d:libcPath=libc \
	-d:pathToNodeModules=../node_modules \
	--nimcache:nimcache \
	-d:staticSqlite \
	-d:useLibzipSrc \
	--passL:"-Wl,-Bstatic -L/usr/lib/x86_64-linux-gnu -l:libz.a -Wl,-Bdynamic" \
	--dynlibOverride:ssl --dynlibOverride:crypto \
	--passL:"-Wl,-Bstatic -L/usr/lib/x86_64-linux-gnu -l:libssl.a -l:libcrypto.a -Wl,-Bdynamic" \
	--out:"${TARGET_DIR}/ct" c ./src/ct/codetracer.nim

	./nim-1.6.20/bin/nim \
	-d:release -d:asyncBackend=asyncdispatch \
	--gc:refc --hints:off --warnings:off \
	--debugInfo --lineDir:on \
	--boundChecks:on --stacktrace:on --linetrace:on \
	-d:chronicles_sinks=json -d:chronicles_line_numbers=true \
	-d:chronicles_timestamps=UnixTime \
	-d:ssl \
	-d:ctTest -d:testing --hint"[XDeclaredButNotUsed]":off \
	-d:linksPathConst=.. \
	-d:libcPath=libc \
	-d:builtWithNix \
	-d:ctEntrypoint \
	-d:pythonPackage \
	--nimcache:nimcache \
	-d:staticSqlite \
	-d:useLibzipSrc \
	--passL:"-Wl,-Bstatic -L/usr/lib/x86_64-linux-gnu -l:libz.a -Wl,-Bdynamic" \
	--dynlibOverride:ssl --dynlibOverride:crypto \
	--passL:"-Wl,-Bstatic -L/usr/lib/x86_64-linux-gnu -l:libssl.a -l:libcrypto.a -Wl,-Bdynamic" \
	--out:"${TARGET_DIR}/db-backend-record" c ./src/ct/db_backend_record.nim

	./build-python/scripts/download_ct_remote.sh \
	"${{ matrix.target_os }}" \
	"${{ matrix.arch }}" \
	"${TARGET_DIR}"

	- name: Build codetracer binaries (MacOS)
	if: ${{ matrix.target_os == 'macos' }}
	run: \|
	set -euo pipefail

	TARGET_DIR="build-python/src/ct/bin/${{ matrix.target_os }}-${{ matrix.arch }}"
	mkdir -p "${TARGET_DIR}"

	./nim-1.6.20/bin/nim -d:release \
	--d:asyncBackend=asyncdispatch \
	--dynlibOverride:std -d:staticStd \
	--gc:refc --hints:on --warnings:off \
	--boundChecks:on \
	-d:useOpenssl3 \
	-d:ssl \
	-d:chronicles_sinks=json -d:chronicles_line_numbers=true \
	-d:chronicles_timestamps=UnixTime \
	-d:ctTest -d:testing --hint"[XDeclaredButNotUsed]":off \
	-d:builtWithNix \
	-d:ctEntrypoint \
	-d:pythonPackage \
	-d:linksPathConst=.. \
	-d:libcPath=libc \
	-d:pathToNodeModules=../node_modules \
	--nimcache:nimcache \
	-d:staticSqlite \
	-d:useLibzipSrc \
	--passL:"$(pwd)/zlib-res/lib/libz.a" \
	--dynlibOverride:ssl --dynlibOverride:crypto \
	--passL:"$(pwd)/openssl-res/lib/libssl.a $(pwd)/openssl-res/lib/libcrypto.a" \
	--out:"${TARGET_DIR}/ct" c ./src/ct/codetracer.nim

	./nim-1.6.20/bin/nim \
	-d:release -d:asyncBackend=asyncdispatch \
	--gc:refc --hints:off --warnings:off \
	--debugInfo --lineDir:on \
	--boundChecks:on --stacktrace:on --linetrace:on \
	-d:chronicles_sinks=json -d:chronicles_line_numbers=true \
	-d:chronicles_timestamps=UnixTime \
	-d:ssl \
	-d:ctTest -d:testing --hint"[XDeclaredButNotUsed]":off \
	-d:linksPathConst=.. \
	-d:libcPath=libc \
	-d:builtWithNix \
	-d:ctEntrypoint \
	-d:pythonPackage \
	--nimcache:nimcache \
	-d:staticSqlite \
	-d:useLibzipSrc \
	--passL:"$(pwd)/zlib-res/lib/libz.a" \
	--dynlibOverride:ssl --dynlibOverride:crypto \
	--passL:"$(pwd)/openssl-res/lib/libssl.a $(pwd)/openssl-res/lib/libcrypto.a" \
	--out:"${TARGET_DIR}/db-backend-record" c ./src/ct/db_backend_record.nim

	./build-python/scripts/download_ct_remote.sh \
	"${{ matrix.target_os }}" \
	"${{ matrix.arch }}" \
	"${TARGET_DIR}"

	- name: Build wheel
	run: \|
	set -euo pipefail

	pushd build-python
	python -m build --wheel -C--build-option=--plat-name=${{ matrix.plat_name }}
	popd

	- name: Upload distributions
	uses: actions/upload-artifact@v5
	with:
	name: python-dist-${{ matrix.name }}
	path: build-python/dist/*.whl
	if-no-files-found: error

	appimage-build:
	runs-on: [self-hosted, nixos]
	needs:
	- lint-bash
	- lint-nim
	- lint-nix
	- lint-rust
	- lint-ui-tests
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- name: "Import GPG key for signing commits"
	id: import-gpg
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY_PASS }}
	git_config_global: true
	git_user_signingkey: true
	git_commit_gpgsign: true

	- name: Build
	run: "nix develop .#devShells.x86_64-linux.default --command ./ci/build/appimage.sh"

	- name: Upload artifact
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	nix develop .#devShells.x86_64-linux.default --command gpg --armor --detach-sign CodeTracer.AppImage
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer.AppImage s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ github.ref_name }}-amd64.AppImage
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer.AppImage.asc s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ github.ref_name }}-amd64.AppImage.asc

	dmg-build:
	runs-on: macos-latest
	needs:
	- lint-bash
	- lint-nim
	- lint-nix
	- lint-rust
	- lint-ui-tests
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: "Import GPG key for signing commits"
	id: import-gpg
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY_PASS }}
	git_config_global: true
	git_user_signingkey: true
	git_commit_gpgsign: true

	- name: Build
	run: ./ci/build/dmg.sh

	- name: Install AWS CLI
	run: brew install awscli

	- name: Upload artifact
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	gpg --armor --detach-sign non-nix-build/CodeTracer.dmg
	# for now apply workaround from https://community.cloudflare.com/t/an-error-occurred-internalerror-when-calling-the-putobject-operation/764905/11:
	# adding `--checksum-algorithm CRC32`
	aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp ./non-nix-build/CodeTracer.dmg s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ github.ref_name }}-arm64.dmg --checksum-algorithm CRC32
	aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp ./non-nix-build/CodeTracer.dmg.asc s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ github.ref_name }}-arm64.dmg.asc --checksum-algorithm CRC32

	dmg-lib-check:
	runs-on: macos-latest
	needs:
	- dmg-build
	steps:
	- name: Install AWS CLI
	run: brew install awscli

	- name: Install 7zip
	run: brew install sevenzip

	- name: Download artifact
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ github.ref_name }}-arm64.dmg ./CodeTracer.dmg

	- name: Extract dmg
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	7zz x ./CodeTracer.dmg

	- name: Check if ct starts
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	./CodeTracer/CodeTracer.app/Contents/MacOS/bin/ct --version

	appimage-lib-check:
	runs-on: ubuntu-latest
	needs:
	- appimage-build
	steps:
	- name: Install AWS CLI
	if: ${{ startsWith(github.ref, 'refs/tags/') && !github.event['codetracer-ci'] }}
	run: sudo snap install aws-cli --classic

	- name: Install FUSE
	run: sudo apt-get install -y fuse libfuse2

	- name: Download artifact
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ github.ref_name }}-amd64.AppImage ./CodeTracer.AppImage

	- name: Check if ct starts
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	chmod +x ./CodeTracer.AppImage
	./CodeTracer.AppImage --version

	test-rust:
	runs-on: [self-hosted, nixos]
	needs:
	- dev-build
	- nix-build
	- appimage-build
	- dmg-build
	- build-python-packages
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default --command ./ci/test/rust.sh"

	test-python-recorder:
	runs-on: [self-hosted, nixos]
	needs:
	- dev-build
	- nix-build
	- appimage-build
	- dmg-build
	- build-python-packages
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default --command ./ci/test/python-recorder-smoke.sh"

	test-ui-tests:
	runs-on: [self-hosted, nixos]
	needs:
	- dev-build
	- nix-build
	- appimage-build
	- dmg-build
	- build-python-packages
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default --command ./ci/test/ui-tests.sh"

	publish-pypi:
	needs:
	- build-python-packages
	- test-rust
	- test-python-recorder
	- test-ui-tests
	- create-release
	if: startsWith(github.ref, 'refs/tags/')
	runs-on: ubuntu-latest
	steps:
	- name: Download built distributions
	uses: actions/download-artifact@v6
	with:
	path: dist
	merge-multiple: true

	- name: Publish to TestPyPI
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	packages_dir: dist
	repository-url: https://test.pypi.org/legacy/

	- name: Publish to PyPI
	uses: pypa/gh-action-pypi-publish@release/v1
	with:
	packages_dir: dist

	push-to-cachix:
	runs-on: [self-hosted, nixos]
	needs:
	- test-rust
	- test-python-recorder
	- test-ui-tests
	- appimage-lib-check
	- dmg-lib-check
	if: "github.ref == 'refs/heads/main' && ${{ !github.event.codetracer-ci }}"
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: "nix develop .#devShells.x86_64-linux.default --command ./ci/deploy/build-nix-and-push-to-cachix.sh"

	build-and-deploy-docs:
	runs-on: [self-hosted, nixos]
	needs: [push-to-cachix]
	if: ${{ github.ref == 'refs/heads/main' && !github.event['codetracer-ci'] }}
	permissions:
	contents: "write"
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive

	- name: Install Nix
	uses: ./.github/actions/setup-nix
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}

	- run: \|
	git config user.name "github-actions[bot]"
	git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
	git config init.defaultBranch main

	git remote set-url origin https://x-access-token:${{ secrets.CODETRACER_PUSH_GITHUB_TOKEN }}@github.com/metacraft-labs/codetracer

	nix develop .#devShells.x86_64-linux.default --command ./ci/deploy/docs.sh

	push-tag:
	runs-on: [ self-hosted, nixos ]
	needs: [ dev-build, nix-build, appimage-build, dmg-build ]
	permissions:
	contents: "write"
	outputs:
	tag: ${{ steps.tag.outputs.tag }}
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	with:
	submodules: recursive
	- name: Install Nix
	uses: metacraft-labs/nixos-modules/.github/install-nix@main
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}
	- name: Create tag
	if: ${{ github.ref == 'refs/heads/main' }}
	id: tag
	run: \|
	YEAR=$(bash -c 'grep "CodeTracerYear\" src/ct/version.nim \| sed "s/.CodeTracerYear\* = //g"')
	MONTH=$(bash -c "printf '%02d' \$(grep \"CodeTracerMonth\\" src/ct/version.nim \| sed \"s/.CodeTracerMonth\* = //g\")")
	BUILD=$(bash -c 'grep "CodeTracerBuild\" src/ct/version.nim \| sed "s/.CodeTracerBuild\* = //g"')

	git config user.name "github-actions[bot]"
	git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
	git config init.defaultBranch main

	git remote set-url origin https://x-access-token:${{ secrets.CODETRACER_PUSH_GITHUB_TOKEN }}@github.com/metacraft-labs/codetracer

	git tag -a "$YEAR.$MONTH.$BUILD" -m "Release $YEAR.$MONTH.$BUILD" \|\| echo "Tag already exists"
	(git push origin "$YEAR.$MONTH.$BUILD" && echo "tag=$YEAR.$MONTH.$BUILD" >> $GITHUB_OUTPUT) \|\| echo "Tag already exists"

	create-release:
	runs-on: [ self-hosted, nixos ]
	needs: [ push-tag ]
	if: ${{ ((startsWith(github.ref, 'refs/tags/') && !contains(github.ref_name, '-')) \|\| needs.push-tag.outputs.tag != '') && !github.event['codetracer-ci'] }}
	permissions:
	contents: "write"
	steps:
	- name: Checkout
	uses: actions/checkout@v5
	- name: Install Nix
	uses: metacraft-labs/nixos-modules/.github/install-nix@main
	with:
	cachix-auth-token: ${{ secrets.CACHIX_AUTH_TOKEN }}
	cachix-cache: ${{ vars.CACHIX_CACHE }}
	trusted-public-keys: ${{ vars.TRUSTED_PUBLIC_KEYS }}
	substituters: ${{ vars.SUBSTITUTERS }}
	- name: "Import GPG key for signing commits"
	id: import-gpg
	uses: crazy-max/ghaction-import-gpg@v6
	with:
	gpg_private_key: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY }}
	passphrase: ${{ secrets.CODETRACER_AUR_GPG_PRIVATE_KEY_PASS }}
	git_config_global: true
	git_user_signingkey: true
	git_commit_gpgsign: true
	- name: Create resource tarball
	run: \|
	nix develop .#devShells.x86_64-linux.default --command bash -c "tar cfJ resources.tar.xz resources/"
	nix develop .#devShells.x86_64-linux.default --command bash -c "gpg --detach-sign resources.tar.xz"
	- name: Upload latest
	env:
	AWS_ACCESS_KEY_ID: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY_ID }}
	AWS_SECRET_ACCESS_KEY: ${{ secrets.R2_CODETRACER_BUCKET_ACCESS_KEY }}
	run: \|
	nix develop .#devShells.x86_64-linux.default --command wget "https://downloads.codetracer.com/CodeTracer-main-arm64.dmg"
	nix develop .#devShells.x86_64-linux.default --command wget "https://downloads.codetracer.com/CodeTracer-main-arm64.dmg.asc"
	nix develop .#devShells.x86_64-linux.default --command wget "https://downloads.codetracer.com/CodeTracer-main-amd64.AppImage"
	nix develop .#devShells.x86_64-linux.default --command wget "https://downloads.codetracer.com/CodeTracer-main-amd64.AppImage.asc"

	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-arm64.dmg s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ needs.push-tag.outputs.tag }}-arm64.dmg --checksum-algorithm CRC32
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-arm64.dmg.asc s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ needs.push-tag.outputs.tag }}-arm64.dmg.asc --checksum-algorithm CRC32
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-amd64.AppImage s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ needs.push-tag.outputs.tag }}-amd64.AppImage --checksum-algorithm CRC32
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-amd64.AppImage.asc s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-${{ needs.push-tag.outputs.tag }}-amd64.AppImage.asc --checksum-algorithm CRC32

	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-arm64.dmg s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-latest-arm64.dmg --checksum-algorithm CRC32
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-arm64.dmg.asc s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-latest-arm64.dmg.asc --checksum-algorithm CRC32
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-amd64.AppImage s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-latest-amd64.AppImage --checksum-algorithm CRC32
	nix develop .#devShells.x86_64-linux.default --command aws --endpoint-url=${{ secrets.R2_CODETRACER_BUCKET_S3_ENDPOINT }} s3 cp CodeTracer-main-amd64.AppImage.asc s3://${{ vars.R2_CODETRACER_BUCKET_NAME }}/CodeTracer-latest-amd64.AppImage.asc --checksum-algorithm CRC32

	- name: Get changelog text
	id: changelog
	run: \|
	nix develop .#devShells.x86_64-linux.default --command bash -c "awk '/^## /{if (p) exit; p=1} p' CHANGELOG.md > release_changelog.md"
	echo "\

	We're actively working on multiple exciting features, which are not fully released yet. Stay tuned!

	Available downloads:

	<a href="https://downloads.codetracer.com/CodeTracer-${{ needs.push-tag.outputs.tag }}-arm64.dmg"><img width="75px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/1/1b/Apple_logo_grey.svg"></a>
	<a href="https://deb.codetracer.com/"><img width="100px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/9/9e/UbuntuCoF.svg"></a>
	<a href="https://deb.codetracer.com/"><img width="100px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/6/66/Openlogo-debianV2.svg"></a>
	<a href="https://rpm.codetracer.com/"><img width="100px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/d/d8/Red_Hat_logo.svg"></a>
	<a href="https://rpm.codetracer.com/"><img width="100px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/3/3f/Fedora_logo.svg"></a>
	<a href="https://github.com/metacraft-labs/metacraft-overlay"><img width="100px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/4/48/Gentoo_Linux_logo_matte.svg"></a>
	<a href="https://aur.archlinux.org/packages/codetracer"><img width="100px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/1/13/Arch_Linux_%22Crystal%22_icon.svg"></a>
	<a href="https://downloads.codetracer.com/CodeTracer-${{ needs.push-tag.outputs.tag }}-amd64.AppImage"><img width="100px" height="100px" src="https://upload.wikimedia.org/wikipedia/commons/7/73/App-image-logo.svg"></a>

	Key signatures:

	[![Download macOS Signature](https://img.shields.io/badge/Download-macOS%20Signature-blue?style=for-the-badge)](https://downloads.codetracer.com/CodeTracer-${{ needs.push-tag.outputs.tag }}-arm64.dmg.asc)
	[![Download AppImage Signature](https://img.shields.io/badge/Download-AppImage%20Signature-blue?style=for-the-badge)](https://downloads.codetracer.com/CodeTracer-${{ needs.push-tag.outputs.tag }}-amd64.AppImage.asc)
	[![Download PGP Key](https://img.shields.io/badge/Download-PGP%20key-blue?style=for-the-badge)](https://downloads.codetracer.com/CodeTracer.pub.asc)" >> release_changelog.md

	- name: Create Release
	uses: softprops/action-gh-release@v2
	with:
	body_path: "release_changelog.md"
	draft: true
	prerelease: false
	files: \|
	resources.tar.xz
	resources.tar.xz.asc
	generate_release_notes: false
	tag_name: "${{ needs.push-tag.outputs.tag }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

More robust handling of incompatible layout files #1674

Workflow file

More robust handling of incompatible layout files #1674

Uh oh!

Workflow file for this run