wasi-adapter: Implement provider crate that embeds the adapter binaries [v2] #8874
Conversation
There was a problem hiding this comment.
Thanks for doing this! My biggest worry with this though is that there's nontrivial logic which will only get exercised once-a-month at a time and place where no one's really watching CI for failures and it's difficult to fix. Notably this is the publish-to-cratesio.yml workflow with logic there.
The viability of this approach of synthesizing a crate on-the-fly to publish in my mind hinges on that being as simple as possible. For example the sed command there is duplicated with the one in build-wasi-preview1-component-adapter.sh. I understand why it's duplicated, but it's increasing the risk of a publish-only failure that isn't otherwise caught during development.
One example is that publish.rs runs in "verify" mode on all PRs and only does publication errors later on. This has caught a significant number of errors where they would have only otherwise appeared later on during publication.
I'll admit though that I'm at a bit of a loss of how best to do this. Without native support in Cargo for something like this I've never come across a great way to orchestrate this. Here's some loose thoughts though:
- Could
publish.rsperhaps be leveraged for this? That way delta in logic-on-each PR and logic-on-publish is as small as possible. - I like the idea of downloading the adapter binaries as artifacts rather than rebuilding them as it guarantees they're the same as the published ones. Downloading from the tag though feels like it might be brittle and run a risk of racing with the job that's uploading artifacts per-tag. Could the artifact instead be downloaded with the
actions/download-artifactaction? Also, could the logic to download this and package it be shared with the per-PR CI too?
Also ideally this could be done with a "dry run" of sorts to ensure that everything actually works once we hit the publication of all this. Would you be up for getting this running on your fork of Wasmtime for example? You'll probably have to comment/tweak some other things to not publish to crates.io for example, though.
Sorry I understand I'm asking for a fair bit here. Much of this to me stems from Cargo not having native support for a feature like this and otherwise I don't think there's a non-brittle way to orchestrate this.
|
I absolutely understand your concerns.
That's a good idea! I don't have experience with workflow artefacts yet but I'll see how they work.
That would be one option. Alternatively, we could have a common CI script, which is invoked in the normal CI and during publish, which downloads the artefact and does rustfmt+check+clippy+package checks (skipped during publish, so this would be a codepath that's not exercised during publish)? Then the publish action would call the same script as CI, and only the cargo publish to crates.io would only happen in the publish action. If
I hadn't thought of this, but yes of course! In theory, adding I hope I can implement your ideas tomorrow and then do a test run on Friday, so there is enough time before the next publish cycle kicks off (if things take longer, we'll just take the next train) |
|
I tried to run the full publish cycle in my own repo but have come across some issues (I'm yet at the stage where I can actually test the adapter):
The tests were run on top of juntyr#10, which includes the extra commit juntyr@cbb0a0a to run the full tests / publish cycle in my repo and without actually executing any cargo publish. Do you have any ideas? Also, what do you think of the current implementation? |
There was a problem hiding this comment.
my latest release attempt failed without any logs at all
For this I check the summary page which shows:
GitHub Actions has encountered an internal error when running your job.
So I think that's just a transient error.
Also, what do you think of the current implementation?
I'm liking how it's shaping up! I left a few comments related to composite actions how I think this can refactor out a bit more, but otherwise looks good 👍
| - run: | | ||
| sha=${{ github.sha }} | ||
| # Remember to update this logic in publish-artifacts.yml as well | ||
| echo ARTIFACT_RUN_ID=$( | ||
| gh api -H 'Accept: application/vnd.github+json' \ | ||
| /repos/${{ github.repository }}/actions/workflows/main.yml/runs\?exclude_pull_requests=true \ | ||
| | jq '.workflow_runs' \ | ||
| | jq "map(select(.head_commit.id == \"$sha\"))[0].id" \ | ||
| ) >> "$GITHUB_ENV" |
There was a problem hiding this comment.
I think this might be missing github.token being pulled from secrets and set in the environment? I think that would mean that this might not have the right permissions and might be why it's failing for you
Also since this is duplicated with publish-artifacts.yml it might be a good candidate for a composite action we could store in .github/actions/*
.github/workflows/main.yml
Outdated
| - uses: actions/download-artifact@v4 | ||
| with: | ||
| name: bins-wasi-preview1-component-adapter | ||
| path: crates/wasi-preview1-component-adapter/provider/artefacts | ||
|
|
||
| - run: ./ci/build-wasi-preview1-component-adapter-provider.sh | ||
| env: | ||
| CHECK: 1 |
There was a problem hiding this comment.
Could these steps be pulled into a composite action as well? That way this could be shared with the publish step, notably the configuration of the download-artifact step. Also I think it's ok to remove the CHECK variable and run the same checks on publication since it's a quick-to-build crate and we can throw some more tools like clippy on the publish step.
In theory that means that the publish step is:
- Run the composite action to figure out the run-id
- Run the composite action to setup the artifacts and perform checks
- Run a publish
That feels like a good state to me -- aka I like this refactoring 👍
There was a problem hiding this comment.
So this would be two new composite actions?
There was a problem hiding this comment.
Yeah, one for acquiring the run-id matching github.sha used during publish-artifacts and publish-to-cratesio. Another for verifying the adapter shared between main.yml and publish-to-cratesio
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
This comment was marked as outdated.
|
@alexcrichton I got a full release process run to succeed:
I hope the implementation and full try-run of the release process are now good to go :) |
|
Is there any chance this PR could still be reviewed before the v23 cutoff? |
|
@juntyr Alex is on vacation this week, so the review will take a bit longer still. I can't really comment on what that'll do to the timing relative to the release, however |
Ok thanks - I hope Alex has a refreshing holiday :) I'll be on holiday myself for the two weeks after that, so perhaps we can finalize and merge the PR in the v24 cycle |
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
|
@alexcrichton Thank you so much for your guidance and I'm excited to (hopefully) be released with v23 soon :D |
…es [v2] (bytecodealliance#8874) * Add wasi adapter provider template which is materialised in CI * Add rustfmt component to adapter CI * Draft an extra publish step for the adapter provider * Check adapter provider in a separate step with adapter artifacts * Use artifact downloads in the publish action as well * Record results from adapter provider step as well * Refactor to use composite actions * Add missing shell property * Fix spelling mistake * Try using the env context
…er binaries (#8916) * wasi-adapter: Implement provider crate that embeds the adapter binaries [v2] (#8874) * Add wasi adapter provider template which is materialised in CI * Add rustfmt component to adapter CI * Draft an extra publish step for the adapter provider * Check adapter provider in a separate step with adapter artifacts * Use artifact downloads in the publish action as well * Record results from adapter provider step as well * Refactor to use composite actions * Add missing shell property * Fix spelling mistake * Try using the env context * Add release note --------- Co-authored-by: Juniper Tyree <50025784+juntyr@users.noreply.github.com>
Follow-up to #8792, which was reverted in #8856. The new design follows @alexcrichton's suggestions in #8856 (comment).
The provider repo is materialised into the workspace to ensure that it is built with the same version, lints, etc as the other crates.