enricobuehler
8265742e74
apple / swift (push) Successful in 53s
android / android (push) Has been cancelled
deb / build-publish (push) Has been cancelled
ci / rust (push) Has been cancelled
ci / web (push) Has been cancelled
ci / docs-site (push) Has been cancelled
ci / bench (push) Has been cancelled
decky / build-publish (push) Has been cancelled
docker / build-push (--build-arg FEDORA_VERSION=44, ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora44-rpm) (push) Has been cancelled
docker / build-push (., web/Dockerfile, punktfunk-web) (push) Has been cancelled
docker / build-push (ci, ci/fedora-rpm.Dockerfile, punktfunk-fedora-rpm) (push) Has been cancelled
docker / build-push (ci, ci/rust-ci.Dockerfile, punktfunk-rust-ci) (push) Has been cancelled
docker / build-push (docs-site, docs-site/Dockerfile, punktfunk-docs) (push) Has been cancelled
docker / deploy-docs (push) Has been cancelled
rpm / build-publish (bazzite, punktfunk-fedora-rpm) (push) Has been cancelled
rpm / build-publish (fedora-44, punktfunk-fedora44-rpm) (push) Has been cancelled
This session's push storm refilled the runner to 100% WITHIN the prune timer's 24h window (it only trims >24h), so a build hit ENOSPC and actions/cache saved a truncated target/ -> `error[E0463]: can't find crate for shlex` in ci.yml's clippy. Two fixes: - Bump cargo-target-v2- -> v3- in ci.yml + deb.yml so the poisoned tarball is bypassed (a suffix bump can't — restore-keys falls back to the old prefix; same as the v1->v2 fix). - Harden scripts/ci/docker-prune: run HOURLY (was 6h) with a burst guard — if the disk is still >85% after the normal until=12h trim, prune ALL idle images + build cache (in-use protected). A fast push-burst can fill 99 GB inside any time window, so the disk-pressure trigger, not the age filter, is the real backstop. Applied live on home-runner-1 (reclaimed 95%->66%) and checked in. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
144 lines
5.9 KiB
YAML
144 lines
5.9 KiB
YAML
# CI for punktfunk (Gitea Actions). Linux jobs run on the `ubuntu-latest` runner; the Rust
|
|
# job runs inside the prebuilt builder image (ci/rust-ci.Dockerfile — system FFmpeg 8,
|
|
# PipeWire, GL/GBM, libcuda link stub, pinned-channel rustup) so the workspace links the
|
|
# same libs as the dev boxes. Apple client CI lives in apple.yml (macOS runner).
|
|
name: ci
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
pull_request:
|
|
|
|
jobs:
|
|
rust:
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: git.unom.io/unom/punktfunk-rust-ci:latest
|
|
timeout-minutes: 90
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# punktfunk-client-linux link deps. Also baked into rust-ci.Dockerfile — but ci.yml
|
|
# runs against the image from the PREVIOUS push (docker.yml bootstrap note), so this
|
|
# keeps the job green across image-content changes; a no-op once the image has them.
|
|
- name: GTK4/libadwaita/SDL3 dev packages
|
|
run: |
|
|
apt-get update
|
|
apt-get install -y --no-install-recommends libgtk-4-dev libadwaita-1-dev libsdl3-dev
|
|
|
|
# Best-effort caches (act_runner's built-in cache server). Keyed on Cargo.lock:
|
|
# registry/git are download caches, target/ the incremental build. The target key
|
|
# carries the rustc version — rust-toolchain.toml pins the floating "stable"
|
|
# channel, so the file alone wouldn't invalidate stale incremental state.
|
|
- name: Cache keys
|
|
run: echo "rustc=$(rustc --version | cut -d' ' -f2)" >> "$GITHUB_ENV"
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: |
|
|
/usr/local/cargo/registry
|
|
/usr/local/cargo/git
|
|
key: cargo-home-${{ hashFiles('Cargo.lock') }}
|
|
restore-keys: cargo-home-
|
|
- uses: actions/cache@v4
|
|
with:
|
|
path: target
|
|
# -v3-: the prior `cargo-target-<rustc>-*` cache was poisoned when the runner ran
|
|
# out of disk mid-build and actions/cache saved a truncated target/ (a dep's .rmeta
|
|
# went missing -> E0463 "can't find crate"). A suffix bump wouldn't help — restore-keys
|
|
# would fall back to the poisoned prefix — so the prefix itself is versioned.
|
|
key: cargo-target-v3-${{ env.rustc }}-${{ hashFiles('Cargo.lock') }}
|
|
restore-keys: cargo-target-v3-${{ env.rustc }}-
|
|
|
|
- name: Format
|
|
run: cargo fmt --all --check
|
|
|
|
- name: Clippy (deny warnings)
|
|
run: cargo clippy --workspace --all-targets --locked -- -D warnings
|
|
|
|
- name: Build
|
|
run: cargo build --workspace --locked
|
|
|
|
- name: Test (unit + loopback + proptest + C ABI harness)
|
|
run: cargo test --workspace --locked
|
|
|
|
- name: C ABI harness (standalone link proof)
|
|
run: bash crates/punktfunk-core/tests/c/run.sh
|
|
|
|
- name: Verify generated header is committed & up to date
|
|
run: |
|
|
cargo build -p punktfunk-core --locked
|
|
git config --global --add safe.directory "$PWD"
|
|
git diff --exit-code include/punktfunk_core.h \
|
|
|| (echo "include/punktfunk_core.h is stale — commit the regenerated header" && exit 1)
|
|
|
|
web:
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: oven/bun:1
|
|
timeout-minutes: 30
|
|
defaults:
|
|
run:
|
|
working-directory: web
|
|
steps:
|
|
# oven/bun ships neither git nor a real node (only a bun shim) — actions/checkout
|
|
# needs both. The slim Debian base also lacks ca-certificates, so without it git's
|
|
# HTTPS fetch of the repo dies with "Problem with the SSL CA cert (path? access
|
|
# rights?)" — no CA bundle to validate git.unom.io's (public) Let's Encrypt cert.
|
|
- name: Install git + node + CA certs
|
|
working-directory: /
|
|
run: apt-get update && apt-get install -y --no-install-recommends ca-certificates git nodejs
|
|
- uses: actions/checkout@v4
|
|
- name: Install dependencies
|
|
run: bun install --frozen-lockfile --ignore-scripts
|
|
# Build first: it generates the orval API client + paraglide messages that
|
|
# typechecking imports.
|
|
- name: Build
|
|
run: bun run build
|
|
- name: Typecheck
|
|
run: bun run lint
|
|
|
|
docs-site:
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: oven/bun:1
|
|
timeout-minutes: 30
|
|
defaults:
|
|
run:
|
|
working-directory: docs-site
|
|
steps:
|
|
# ca-certificates: the slim Debian base lacks a CA bundle, so actions/checkout's
|
|
# HTTPS fetch otherwise fails with "Problem with the SSL CA cert" (see web job).
|
|
- name: Install git + CA certs
|
|
working-directory: /
|
|
run: apt-get update && apt-get install -y --no-install-recommends ca-certificates git
|
|
- uses: actions/checkout@v4
|
|
- name: Install dependencies
|
|
run: bun install --frozen-lockfile --ignore-scripts
|
|
# Build first: fumadocs-mdx emits the .source typegen the typecheck imports.
|
|
- name: Build
|
|
run: bun run build
|
|
- name: Typecheck
|
|
run: bun run lint
|
|
|
|
bench:
|
|
# Tier-1 (criterion microbenchmarks) + Tier-2 (FEC loss recovery) — GPU-free, so they run here.
|
|
# Report-only: prints the numbers + a diff vs the committed baseline to the job summary and never
|
|
# fails the build (shared CI hardware is too noisy to gate on). The tight regression gate + the
|
|
# real encode/stream path live on the self-hosted GPU runner (Tier 3, bench-gpu.yml).
|
|
runs-on: ubuntu-24.04
|
|
container:
|
|
image: git.unom.io/unom/punktfunk-rust-ci:latest
|
|
timeout-minutes: 30
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Prep
|
|
run: |
|
|
git config --global --add safe.directory "$PWD"
|
|
command -v python3 >/dev/null || { apt-get update && apt-get install -y --no-install-recommends python3; }
|
|
- name: Tier-1 microbenchmarks (criterion)
|
|
run: cargo bench -p punktfunk-core --bench pipeline -- --warm-up-time 1 --measurement-time 3
|
|
- name: Tier-2 FEC loss recovery (loss-harness)
|
|
run: cargo run -q -p loss-harness
|
|
- name: Compare vs baseline (report-only)
|
|
run: python3 scripts/bench/compare.py --threshold 0.5
|