feat(terraphim_rlm): implement DockerExecutor for container-based iso… #1828
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI Native (GitHub Actions + Docker Buildx) | |
| on: | |
| push: | |
| branches: [main, CI_migration] | |
| tags: | |
| - "*.*.*" | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| workflow_dispatch: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| concurrency: | |
| group: ci-${{ github.ref }} | |
| # cancel-in-progress: true | |
| jobs: | |
| setup: | |
| runs-on: [self-hosted, bigbox] | |
| timeout-minutes: 15 | |
| outputs: | |
| cache-key: ${{ steps.cache.outputs.key }} | |
| ubuntu-versions: ${{ steps.ubuntu.outputs.versions }} | |
| rust-targets: ${{ steps.targets.outputs.targets }} | |
| steps: | |
| - name: Pre-checkout cleanup | |
| run: | | |
| # Clean up files that may have different permissions from previous runs | |
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | |
| sudo rm -rf "${WORKDIR}/desktop/dist" "${WORKDIR}/desktop/node_modules" || true | |
| sudo rm -rf "${WORKDIR}/terraphim_server/dist" || true | |
| sudo rm -rf "${WORKDIR}/target" || true | |
| # Also clean common build artifacts | |
| sudo find "${WORKDIR}" -name "dist" -type d -exec rm -rf {} + 2>/dev/null || true | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| clean: true | |
| fetch-depth: 0 | |
| - name: Clean target directory | |
| run: | | |
| rm -rf target || true | |
| mkdir -p target | |
| - name: Generate cache key | |
| id: cache | |
| run: | | |
| HASH=$(sha256sum Cargo.lock 2>/dev/null | cut -d' ' -f1 || echo "no-lock") | |
| echo "key=v1-${HASH:0:16}" >> $GITHUB_OUTPUT | |
| - name: Set Ubuntu versions | |
| id: ubuntu | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] || [[ "${{ github.ref }}" == refs/tags/* ]]; then | |
| echo 'versions=["18.04", "20.04", "22.04", "24.04"]' >> $GITHUB_OUTPUT | |
| else | |
| echo 'versions=["22.04"]' >> $GITHUB_OUTPUT | |
| fi | |
| - name: Set Rust targets | |
| id: targets | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]] || [[ "${{ github.ref }}" == refs/tags/* ]]; then | |
| echo 'targets=["x86_64-unknown-linux-gnu", "aarch64-unknown-linux-gnu", "x86_64-unknown-linux-musl"]' >> $GITHUB_OUTPUT | |
| else | |
| echo 'targets=["x86_64-unknown-linux-gnu"]' >> $GITHUB_OUTPUT | |
| fi | |
| lint-and-format: | |
| runs-on: [self-hosted, bigbox] | |
| timeout-minutes: 30 | |
| needs: [setup] | |
| # Optimal stack: bigbox + sccache+SeaweedFS + rch dispatch. | |
| # See .docs/walkthrough-ci-build-pipeline.md. | |
| env: | |
| RUSTC_WRAPPER: /home/alex/.local/bin/sccache | |
| SCCACHE_BUCKET: rust-cache | |
| SCCACHE_SERVER_PORT: "4231" | |
| SCCACHE_ENDPOINT: http://172.26.0.1:8333 | |
| SCCACHE_S3_USE_SSL: "false" | |
| SCCACHE_REGION: us-east-1 | |
| SCCACHE_S3_KEY_PREFIX: terraphim-ai | |
| AWS_ACCESS_KEY_ID: any | |
| AWS_SECRET_ACCESS_KEY: any | |
| CARGO_INCREMENTAL: "0" | |
| steps: | |
| - name: Pre-checkout cleanup | |
| run: | | |
| # Clean up files that may have different permissions from previous runs | |
| WORKDIR="${GITHUB_WORKSPACE:-$PWD}" | |
| sudo rm -rf "${WORKDIR}/desktop/dist" "${WORKDIR}/desktop/node_modules" || true | |
| sudo rm -rf "${WORKDIR}/terraphim_server/dist" || true | |
| sudo rm -rf "${WORKDIR}/target" || true | |
| sudo rm -rf "${WORKDIR}/.cargo" || true | |
| sudo find "${WORKDIR}" -name "dist" -type d -exec rm -rf {} + 2>/dev/null || true | |
| find "${WORKDIR}" -name "*.lock" -type f -delete 2>/dev/null || true | |
| - name: Checkout code | |
| uses: actions/checkout@v6 | |
| with: | |
| clean: true | |
| - name: Install build dependencies | |
| run: | | |
| sudo apt-get update -qq | |
| # Install webkit2gtk packages - try 4.1 first (Ubuntu 22.04+), fall back to 4.0 | |
| sudo apt-get install -yqq --no-install-recommends \ | |
| build-essential \ | |
| clang \ | |
| libclang-dev \ | |
| llvm-dev \ | |
| pkg-config \ | |
| libssl-dev \ | |
| libglib2.0-dev \ | |
| libgtk-3-dev \ | |
| libsoup2.4-dev \ | |
| librsvg2-dev || true | |
| # Try webkit 4.1 first (Ubuntu 22.04+), then 4.0 (Ubuntu 20.04) | |
| sudo apt-get install -yqq --no-install-recommends \ | |
| libwebkit2gtk-4.1-dev libjavascriptcoregtk-4.1-dev 2>/dev/null || \ | |
| sudo apt-get install -yqq --no-install-recommends \ | |
| libwebkit2gtk-4.0-dev libjavascriptcoregtk-4.0-dev | |
| # Try ayatana-appindicator (newer) or appindicator (older) | |
| sudo apt-get install -yqq --no-install-recommends \ | |
| libayatana-appindicator3-dev 2>/dev/null || \ | |
| sudo apt-get install -yqq --no-install-recommends \ | |
| libappindicator3-dev || true | |
| - name: Install Rust | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.87.0 | |
| components: rustfmt, clippy | |
| - name: Setup Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: '20' | |
| - name: Install yarn | |
| run: npm install -g yarn | |
| - name: Cache Cargo dependencies | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.cargo/registry | |
| ~/.cargo/git | |
| target | |
| key: ${{ needs.setup.outputs.cache-key }}-cargo-lint-${{ hashFiles('**/Cargo.lock') }} | |
| restore-keys: | | |
| ${{ needs.setup.outputs.cache-key }}-cargo-lint- | |
| - name: sccache start and zero stats | |
| run: | | |
| /home/alex/.local/bin/sccache --start-server || true | |
| /home/alex/.local/bin/sccache --zero-stats | |
| - name: Run format and linting checks | |
| # rch exec dispatches the underlying cargo invocations through | |
| # rchd's queue, sharing slots with ADF agents. | |
| run: /home/alex/.local/bin/rch exec -- ./scripts/ci-check-format.sh | |
| - name: sccache stats | |
| if: always() | |
| run: /home/alex/.local/bin/sccache --show-stats |