ci: per-platform build + cgo smoke matrix#1
Merged
jh-lee-cryptolab merged 4 commits intomainfrom Apr 21, 2026
Merged
Conversation
go test ./... already exercises internal/crypto cgo tests (context create, keygen, encrypt, decryptor open), which is the cheapest proof that the libevi + OpenSSL stack links and runs on each target. Wire that into a GitHub Actions matrix covering the five platforms the README claims to support: linux/amd64 ubuntu-latest linux/arm64 ubuntu-24.04-arm darwin/amd64 macos-13 darwin/arm64 macos-14 windows/amd64 windows-latest (MSYS2 mingw64) E2E is deliberately excluded — the test cluster is not stood up yet and tests/ is a separate module that ./... skips by default. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
macos-13 Intel runners are on the deprecation track; consolidate onto
macos-14 and produce the darwin/amd64 slice as a cross-build from the
Apple Silicon host instead:
- clang -arch x86_64 for cgo compile + link
- Intel Homebrew at /usr/local for x86_64 openssl@3 (the existing cgo
darwin,amd64 LDFLAGS already point there as the first -L candidate)
- Rosetta 2 to exec the x86_64 test binary that `go test` produces
Locally verified on a darwin/arm64 host that the link reaches libevi
cleanly and only fails on the missing x86_64 libssl — exactly the gap
the Intel brew step closes on CI.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
Lets us trigger the matrix on a feature branch before opening the PR, which is how we want to iterate on this workflow itself — tweak, dispatch, observe, repeat — without cluttering the history with "fix CI" commits on main. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
…chive On Windows, EVI/Export.hpp resolves EVI_API to __declspec(dllimport) unless EVI_STATIC is defined. That caused mingw to emit __imp_<mangled> references for every evi::KeyManager and evi::makeKeyManager call in keymanager_shim.cpp, which libevi_crypto.a does not provide — it exports the bare mangled symbols (confirmed via nm on the bundled Windows archive). Linux/macOS escaped the issue only because their Export.hpp branch is a no-op visibility attribute. Define EVI_STATIC globally in the cgo CPPFLAGS so the import/export annotation is neutralised on every platform, matching the fact that we always consume libevi as static archives. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
.github/workflows/ci.ymlwith a 5-platform matrix covering every slice inthird_party/evi/(linux/{amd64,arm64}, darwin/{amd64,arm64}, windows/amd64).go vet ./... && go build ./... && go test ./..., which already exercises theinternal/cryptocgo tests (context create, keygen, encrypt, decryptor open) — this is the per-platform cgo smoke.tests/is a separate Go module so./...skips it, and the e2e cluster is not stood up yet.Platform notes
macos-14(Apple Silicon) viaclang -arch x86_64+ Intel Homebrew's x86_64openssl@3at/usr/local/opt/openssl@3. The resulting x86_64 test binary runs through Rosetta 2. Locally verified that the link reaches libevi cleanly and only misses x86_64 libssl — which is exactly what the Intel brew step provisions.mingw-w64-x86_64-gcc+mingw-w64-x86_64-openssl), matching the README's Windows instructions.workflow_dispatchis wired up so we can re-run the matrix manually after this lands on main.Test plan