prebuilt-refresh #4

Workflow file for this run

.github/workflows/prebuilt-refresh.yml at 16ad0ba

	name: prebuilt-refresh

	on:
	schedule:
	- cron: "0 4 * * 0"
	workflow_dispatch:

	concurrency:
	group: prebuilt-refresh
	cancel-in-progress: false

	permissions:
	contents: write
	actions: write
	id-token: write

	env:
	BUILD_TYPE: Release
	CMAKE_GENERATOR: Ninja
	WEBVULKAN_REFRESH_CACHE_VERSION: v1
	WEBVULKAN_CCACHE_VERSION: v1
	LLVM_RELEASE_TAG: llvm-wasm-prebuilt-latest
	PACKAGE_RELEASE_TAG: webvulkan-package-latest

	jobs:
	refresh_prebuilt:
	name: refresh prebuilt bundles
	runs-on: ubuntu-latest
	timeout-minutes: 360
	env:
	CCACHE_DIR: ${{ github.workspace }}/.ccache
	CCACHE_BASEDIR: ${{ github.workspace }}
	CCACHE_COMPILERCHECK: content
	CCACHE_NOHASHDIR: "true"
	EM_COMPILER_WRAPPER: ccache
	CC: ccache gcc
	CXX: ccache g++

	steps:
	- uses: actions/checkout@v4
	with:
	fetch-depth: 1

	- name: Install host tools
	run: \|
	sudo apt-get update
	sudo apt-get install -y ninja-build flex bison python3-pip glslang-tools ccache
	python3 -m pip install --upgrade pip
	python3 -m pip install cmake==4.2.0

	- name: Restore third-party cache
	id: cache_thirdparty
	uses: actions/cache/restore@v4
	with:
	path: \|
	.3rdparty
	key: ${{ runner.os }}-webvulkan-refresh-3rdparty-${{ env.WEBVULKAN_REFRESH_CACHE_VERSION }}-${{ hashFiles('CMakeLists.txt', 'cmake/FetchWebVulkanSources.cmake', 'cmake/BuildMesaLlvmpipeWasm.cmake') }}
	restore-keys: \|
	${{ runner.os }}-webvulkan-refresh-3rdparty-${{ env.WEBVULKAN_REFRESH_CACHE_VERSION }}-

	- name: Restore refresh build cache
	id: cache_build
	uses: actions/cache/restore@v4
	with:
	path: \|
	build_refresh/_webvulkan
	build_refresh/.webvulkan_llvmpipe.stamp
	key: ${{ runner.os }}-webvulkan-refresh-build-${{ env.WEBVULKAN_REFRESH_CACHE_VERSION }}-${{ hashFiles('CMakeLists.txt', 'cmake/BuildMesaLlvmpipeWasm.cmake', 'tests/CMakeLists.txt', 'tests/RunLavapipeRuntimeSmoke.cmake') }}
	restore-keys: \|
	${{ runner.os }}-webvulkan-refresh-build-${{ env.WEBVULKAN_REFRESH_CACHE_VERSION }}-

	- name: Restore ccache
	id: cache_ccache
	uses: actions/cache/restore@v4
	with:
	path: \|
	.ccache
	key: ${{ runner.os }}-webvulkan-refresh-ccache-${{ env.WEBVULKAN_CCACHE_VERSION }}-${{ hashFiles('cmake/BuildMesaLlvmpipeWasm.cmake', 'cmake/toolchains/WebVulkanEmscripten.cmake') }}-${{ github.run_id }}
	restore-keys: \|
	${{ runner.os }}-webvulkan-refresh-ccache-${{ env.WEBVULKAN_CCACHE_VERSION }}-${{ hashFiles('cmake/BuildMesaLlvmpipeWasm.cmake', 'cmake/toolchains/WebVulkanEmscripten.cmake') }}-
	${{ runner.os }}-webvulkan-refresh-ccache-${{ env.WEBVULKAN_CCACHE_VERSION }}-

	- name: Configure ccache
	shell: bash
	run: \|
	mkdir -p "${CCACHE_DIR}"
	ccache --set-config=cache_dir="${CCACHE_DIR}"
	ccache --set-config=max_size=10G
	ccache --set-config=compression=true
	ccache --zero-stats
	ccache --show-stats

	- name: Configure latest source refresh build
	run: \|
	cmake -S . -B build_refresh -G "${CMAKE_GENERATOR}" \
	-DCMAKE_BUILD_TYPE="${BUILD_TYPE}" \
	-DWEBVULKAN_BUILD_TESTS=ON \
	-DWEBVULKAN_ALLOW_DEP_UPDATES=ON \
	-DWASM_EMSDK_GIT_REF=main \
	-DWASM_EMSDK_VERSION=latest \
	-DMESA_GIT_REF=main \
	-DLLVM_PROVIDER=source \
	-DLLVM_GIT_REF=main

	- name: Build and run runtime smoke
	run: \|
	cmake --build build_refresh --target runtime_smoke --config "${BUILD_TYPE}"

	- name: Install relocatable package
	run: \|
	cmake --install build_refresh --prefix package_refresh

	- name: Print ccache stats
	if: always()
	run: \|
	ccache --show-stats

	- name: Pack LLVM and package bundles
	run: \|
	python3 - <<'PY'
	import hashlib
	import os
	import zipfile
	from pathlib import Path

	root = Path(os.environ["GITHUB_WORKSPACE"])
	out = root / "release_artifacts"
	out.mkdir(exist_ok=True)

	bundles = [
	("llvm-wasm-install.zip", root / ".3rdparty" / "llvm-wasm-install"),
	("webvulkan-package.zip", root / "package_refresh"),
	]

	for zip_name, src_dir in bundles:
	zip_path = out / zip_name
	if zip_path.exists():
	zip_path.unlink()
	with zipfile.ZipFile(zip_path, "w", compression=zipfile.ZIP_DEFLATED, compresslevel=9) as zf:
	for file_path in src_dir.rglob("*"):
	if file_path.is_file():
	zf.write(file_path, file_path.relative_to(src_dir).as_posix())

	digest = hashlib.sha256(zip_path.read_bytes()).hexdigest()
	(out / f"{zip_name}.sha256").write_text(f"{digest} {zip_name}\n", encoding="utf-8")
	PY

	- name: Install cosign
	uses: sigstore/cosign-installer@v3

	- name: Sign release bundles
	run: \|
	cosign sign-blob --yes \
	--output-signature release_artifacts/llvm-wasm-install.zip.sig \
	--output-certificate release_artifacts/llvm-wasm-install.zip.pem \
	release_artifacts/llvm-wasm-install.zip
	cosign sign-blob --yes \
	--output-signature release_artifacts/webvulkan-package.zip.sig \
	--output-certificate release_artifacts/webvulkan-package.zip.pem \
	release_artifacts/webvulkan-package.zip

	- name: Prepare release notes
	shell: bash
	run: \|
	mkdir -p release_notes

	cp .github/release-notes/llvm-wasm-prebuilt-latest.md release_notes/llvm-wasm-prebuilt-latest.md
	{
	echo
	echo "Build metadata:"
	echo "- Commit: \`${GITHUB_SHA}\`"
	echo "- Workflow run: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
	} >> release_notes/llvm-wasm-prebuilt-latest.md

	cp .github/release-notes/webvulkan-package-latest.md release_notes/webvulkan-package-latest.md
	{
	echo
	echo "Build metadata:"
	echo "- Commit: \`${GITHUB_SHA}\`"
	echo "- Workflow run: https://github.com/${GITHUB_REPOSITORY}/actions/runs/${GITHUB_RUN_ID}"
	} >> release_notes/webvulkan-package-latest.md

	- name: Upload refresh artifacts
	uses: actions/upload-artifact@v4
	with:
	name: prebuilt-refresh-bundles
	path: release_artifacts
	if-no-files-found: error

	- name: Publish LLVM prebuilt release
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	LLVM_ZIP="release_artifacts/llvm-wasm-install.zip"
	LLVM_SHA="release_artifacts/llvm-wasm-install.zip.sha256"
	LLVM_SIG="release_artifacts/llvm-wasm-install.zip.sig"
	LLVM_PEM="release_artifacts/llvm-wasm-install.zip.pem"
	LLVM_NOTES="release_notes/llvm-wasm-prebuilt-latest.md"
	if gh release view "${LLVM_RELEASE_TAG}" >/dev/null 2>&1; then
	gh release upload "${LLVM_RELEASE_TAG}" "${LLVM_ZIP}" "${LLVM_SHA}" "${LLVM_SIG}" "${LLVM_PEM}" --clobber
	gh release edit "${LLVM_RELEASE_TAG}" \
	--title "LLVM wasm prebuilt latest" \
	--notes-file "${LLVM_NOTES}"
	else
	gh release create "${LLVM_RELEASE_TAG}" "${LLVM_ZIP}" "${LLVM_SHA}" "${LLVM_SIG}" "${LLVM_PEM}" \
	--title "LLVM wasm prebuilt latest" \
	--notes-file "${LLVM_NOTES}"
	fi

	- name: Publish package release
	env:
	GH_TOKEN: ${{ github.token }}
	run: \|
	PKG_ZIP="release_artifacts/webvulkan-package.zip"
	PKG_SHA="release_artifacts/webvulkan-package.zip.sha256"
	PKG_SIG="release_artifacts/webvulkan-package.zip.sig"
	PKG_PEM="release_artifacts/webvulkan-package.zip.pem"
	PKG_NOTES="release_notes/webvulkan-package-latest.md"
	if gh release view "${PACKAGE_RELEASE_TAG}" >/dev/null 2>&1; then
	gh release upload "${PACKAGE_RELEASE_TAG}" "${PKG_ZIP}" "${PKG_SHA}" "${PKG_SIG}" "${PKG_PEM}" --clobber
	gh release edit "${PACKAGE_RELEASE_TAG}" \
	--title "WebVulkan package latest" \
	--notes-file "${PKG_NOTES}"
	else
	gh release create "${PACKAGE_RELEASE_TAG}" "${PKG_ZIP}" "${PKG_SHA}" "${PKG_SIG}" "${PKG_PEM}" \
	--title "WebVulkan package latest" \
	--notes-file "${PKG_NOTES}"
	fi

	- name: Update repository variables
	env:
	GH_TOKEN: ${{ github.token }}
	continue-on-error: true
	shell: bash
	run: \|
	LLVM_SHA="$(cut -d' ' -f1 release_artifacts/llvm-wasm-install.zip.sha256)"
	LLVM_URL="https://github.com/${GITHUB_REPOSITORY}/releases/download/${LLVM_RELEASE_TAG}/llvm-wasm-install.zip"
	PKG_SHA="$(cut -d' ' -f1 release_artifacts/webvulkan-package.zip.sha256)"
	PKG_URL="https://github.com/${GITHUB_REPOSITORY}/releases/download/${PACKAGE_RELEASE_TAG}/webvulkan-package.zip"

	set +e
	gh variable set WEBVULKAN_LLVM_PREBUILT_URL --repo "${GITHUB_REPOSITORY}" --body "${LLVM_URL}"
	STATUS_A=$?
	gh variable set WEBVULKAN_LLVM_PREBUILT_SHA256 --repo "${GITHUB_REPOSITORY}" --body "${LLVM_SHA}"
	STATUS_B=$?
	gh variable set WEBVULKAN_PACKAGE_URL --repo "${GITHUB_REPOSITORY}" --body "${PKG_URL}"
	STATUS_C=$?
	gh variable set WEBVULKAN_PACKAGE_SHA256 --repo "${GITHUB_REPOSITORY}" --body "${PKG_SHA}"
	STATUS_D=$?
	set -e

	if [ "${STATUS_A}" -ne 0 ] \|\| [ "${STATUS_B}" -ne 0 ] \|\| [ "${STATUS_C}" -ne 0 ] \|\| [ "${STATUS_D}" -ne 0 ]; then
	echo "::warning::Repository variable update was skipped due to permission policy. Releases were still updated."
	fi

	- name: Save refresh build cache
	if: always() && steps.cache_build.outputs.cache-hit != 'true'
	uses: actions/cache/save@v4
	with:
	path: \|
	build_refresh/_webvulkan
	build_refresh/.webvulkan_llvmpipe.stamp
	key: ${{ steps.cache_build.outputs.cache-primary-key }}

	- name: Save ccache
	if: always()
	uses: actions/cache/save@v4
	with:
	path: \|
	.ccache
	key: ${{ steps.cache_ccache.outputs.cache-primary-key }}

	- name: Save third-party cache
	if: always() && steps.cache_thirdparty.outputs.cache-hit != 'true'
	uses: actions/cache/save@v4
	with:
	path: \|
	.3rdparty
	key: ${{ steps.cache_thirdparty.outputs.cache-primary-key }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

prebuilt-refresh #4

Workflow file

prebuilt-refresh #4

Uh oh!

Workflow file for this run