14 Commits

Author	SHA1	Message	Date
enricobuehler	bd3f417d4b	feat(windows-client): cross-compile + ship ARM64 (aarch64) off the x64 runner ... windows.yml + windows-msix.yml gain an x86_64/aarch64 target matrix. ARM64 is cross-compiled on the one x64 Windows runner — the x64 MSVC toolset ships the ARM64 cross compiler, aarch64-pc-windows-msvc is tier-2 with host tools, and SDL3/libopus (build-from-source) cross-compile cleanly. The only arch-specific external dep is FFmpeg's import libs: the matrix points FFMPEG_DIR at a per-arch tree (x64 C:\Users\Public\ffmpeg, arm64 C:\Users\Public\ffmpeg-arm64, both FFmpeg 7.x / avcodec-61). Per-arch short CARGO_TARGET_DIR avoids a shared target dir; fmt + test run only for x64 (aarch64 can't execute on the x64 host). pack-msix.ps1 gains -Arch x64|arm64 (stamps the manifest ProcessorArchitecture, arch-suffixes the .msix/.cer); windows-msix.yml matrixes both arches and publishes ..._x64.msix / ..._arm64.msix. setup-windows-runner.ps1 provisions the rustup target + the ARM64 FFmpeg tree (idempotent). Verified live on the runner (home-windows-1): debug+release cross-build green, clippy -D warnings green, and MSIX pack produces a valid arm64 package (manifest arch=arm64; bundled exe/SDL3/avcodec/reactor-bootstrap all PE machine 0xAA64). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-19 11:44:24 +00:00
enricobuehler	3074b30988	ci(runner): cap the act_runner cache + 30-min prune (fix recurring disk-full) ... The hourly docker-prune could never reclaim the real disk filler: the act_runner cache server's blob store (cache.dir:"" -> /root/.cache/actcache/cache) lives in the long-running runner container's WRITABLE LAYER, which docker prune can't see. It grew to ~66 GB and filled the 125 GB disk on its own. - New docker-prune.sh holds the logic (inline ExecStart= broke under systemd's own $-expansion, which emptied $SZ/$(...) before sh ran them — silently no-oping the burst guard). The unit now just calls the script. - Caps the actcache: clears the blobs once they exceed ~20 GB (act_runner repopulates; keys are content-hashed, so only stale entries drop). - Burst guard lowered 85%->80% and now also clears the actcache. - Timer hourly -> every 30 min; image/cache `until` 12h -> 6h. Live: cleared 66 GB on home-runner-1 (93% -> 20%), deployed + verified. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-19 07:53:08 +00:00
enricobuehler	16d3b7767e	feat(packaging): signed Inno Setup installer for the Windows host + CI ... MSIX (the client's format) can't install the host's LocalSystem secure-desktop service or the SudoVDA kernel driver, so the host ships as a signed Inno Setup setup.exe that runs elevated and delegates to the existing idempotent `punktfunk-host service install`. - packaging/windows/punktfunk-host.iss: lay exe into Program Files, optional SudoVDA driver task, run service install/start; [Code] stops+waits the service before file copy on upgrade; uninstall runs service uninstall. - pack-host-installer.ps1: cert (reuses MSIX_CERT_PFX_B64 / self-signed CN=unom), sign inner exe + setup.exe, fetch/stage SudoVDA, run ISCC, export public .cer. - fetch-sudovda.ps1 / install-sudovda.ps1: pinned SudoVDA + nefcon download, cert import, gated device-node create (no phantom dup), pnputil install (warn-not-abort). - nvenc/: synthesize nvencodeapi.lib via llvm-dlltool from a 2-export .def so --features nvenc links with no GPU/SDK at build time. - .gitea/workflows/windows-host.yml: build (nvenc) -> clippy -> ISCC -> sign -> publish setup.exe + .cer to the generic registry pkg punktfunk-host-windows. Tag host-win-v* -> X.Y.Z (+ latest/ alias); main push -> rolling 0.2.<run>. - setup-windows-runner.ps1: provision Inno Setup; docs: installer instructions. SudoVDA/nefcon release URLs+SHA-256s in fetch-sudovda.ps1 are placeholders (baseline v0.2.1) — fetch warns + prints the computed hash until pinned. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-18 23:05:20 +00:00
enricobuehler	372483abf0	ci(windows): use shell: pwsh (PowerShell 7) — fixes GITHUB_ENV BOM corruption ... Windows PowerShell 5.1's Out-File -Encoding utf8 prepends a UTF-8 BOM, corrupting the first GITHUB_ENV line so CARGO_WORKSPACE_DIR silently never got set -> windows-reactor build.rs panic -> CI build failed (runs 8765/8768). pwsh 7 writes UTF-8 without a BOM. Installed PowerShell 7.6.2 MSI on the runner and put C:\Program Files\PowerShell\7 on the daemon wrapper PATH so jobs find pwsh; switched all windows.yml steps to shell: pwsh. (Reproduced locally with CARGO_WORKSPACE_DIR set: the build is green in 2m37s — the BOM was the only issue.) Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-16 08:10:30 +00:00
enricobuehler	7a814b5f18	ci(windows): restore paths filter + document global runner scope ... Re-add the paths filter (the trigger was never the problem — the runner was registered at the wrong scope, so org-repo runs found 'no fitting runner' despite the runner showing idle). Document in setup-windows-runner.ps1 that the registration token must be GLOBAL (Site Administration -> Actions -> Runners), like the Linux runner. CARGO_WORKSPACE_DIR is set via GITHUB_ENV in a step (the job-env ${{ github.workspace }} form didn't resolve, leaving it unset -> reactor build.rs panic). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-16 07:38:08 +00:00
enricobuehler	dd9dfecbe4	ci(windows): drop paths filter (trigger reliability) + NO_COLOR runner logs ... The paths filter wasn't dispatching the run on the newly-added workflow (the runner is healthy and 'declare successfully', but received no task). Match apple.yml: trigger on every push to main + PRs. Also set NO_COLOR in the daemon wrapper so runner.log is plain text (the ANSI spinner garbled it). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-16 07:16:26 +00:00
enricobuehler	589b364c01	ci(windows): fix runner registration CWD + capture clean daemon logs ... Two fixes after live setup on home-windows-1: register from $RunnerHome (act_runner writes .runner relative to CWD, so it must run there — it had landed in the SSH home and the daemon couldn't find it), and run the daemon under cmd-level redirect (>> runner.log 2>&1) so its native stderr stays out of PowerShell's error stream. Runner is live: windows-amd64:host, SYSTEM scheduled task, "declare successfully" against git.unom.io. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-16 07:06:54 +00:00
enricobuehler	fb88b18fb4	ci(windows): make setup-windows-runner.ps1 ASCII-clean ... PowerShell 5.1 reads .ps1 in the system code page; an em-dash inside a string literal misparsed (its bytes look like a quote) and the non-ASCII username in the daemon wrapper would have been mangled. Drop the em-dash and copy rustup toolchains to C:\Users\Public\.rustup so the wrapper carries no non-ASCII path. Prep validated: act_runner 1.0.8 + Node 20 + config generated. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-16 07:01:37 +00:00
enricobuehler	627188b4b7	ci(windows): setup-windows-runner.ps1 — Gitea Actions host runner provisioner ... The Windows analogue of scripts/ci/setup-macos-runner.sh: downloads act_runner (gitea-runner) in host mode, bumps Node 20 via nvm4w (actions/checkout@v4), registers against git.unom.io with labels windows-amd64:host, and installs a SYSTEM scheduled task that keeps the daemon alive across reboots. The daemon's env wrapper hard-codes this box's MSVC/WinUI toolchain (cargo/rustup, NASM, CMake, LLVM, FFmpeg, the ASCII CARGO_HOME SDL3's PCH needs) so the Windows workflow inherits a working toolchain. Idempotent; token (from org unom -> Settings -> Actions -> Runners) not persisted. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>	2026-06-16 06:59:40 +00:00
enricobuehler	8265742e74	ci: bust the re-poisoned cargo cache (v3) + burst-guard the runner prune ... This session's push storm refilled the runner to 100% WITHIN the prune timer's 24h window (it only trims >24h), so a build hit ENOSPC and actions/cache saved a truncated target/ -> `error[E0463]: can't find crate for shlex` in ci.yml's clippy. Two fixes: - Bump cargo-target-v2- -> v3- in ci.yml + deb.yml so the poisoned tarball is bypassed (a suffix bump can't — restore-keys falls back to the old prefix; same as the v1->v2 fix). - Harden scripts/ci/docker-prune: run HOURLY (was 6h) with a burst guard — if the disk is still >85% after the normal until=12h trim, prune ALL idle images + build cache (in-use protected). A fast push-burst can fill 99 GB inside any time window, so the disk-pressure trigger, not the age filter, is the real backstop. Applied live on home-runner-1 (reclaimed 95%->66%) and checked in. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 14:25:40 +00:00
enricobuehler	bf65d264fd	ci: bound runner disk + bust the disk-full-corrupted cargo target cache ... The self-hosted runner filled its disk (95%, builds failing on ENOSPC): every CI push builds a sha-<commit>-tagged Docker image per pipeline, and since those tags are never dangling a plain `docker image prune` skips them — they piled up to 589 images / ~85 GB plus 18 GB of build cache. Two parts: - scripts/ci/docker-prune.{service,timer}: a host-level systemd timer (every 6h, Persistent) that prunes images/build-cache/containers older than 24h — in-use images stay protected. Checked in (the runner is hand-provisioned and shared across orgs) and already installed live; reclaimed 89 GB -> 39 GB (95% -> 42%). - ci.yml / deb.yml: bump the `cargo-target-<rustc>-*` cache key to `-v2-`. The disk-full build let actions/cache save a truncated target/ (a dep's .rmeta went missing -> "error[E0463]: can't find crate for pem_rfc7468" while compiling der). A suffix bump is useless here — restore-keys would fall back to the poisoned prefix — so the prefix is versioned to force one clean rebuild. cargo-home is untouched (sources were intact; the failure was a missing build artifact). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>	2026-06-15 09:10:56 +00:00
enricobuehler	57e7f9fe25	feat(release): production Apple builds — notarized macOS dmg + iOS TestFlight ... release.yml (v* tags / dispatch, macos-arm64 runner): universal mac + iOS xcframework -> xcodebuild archive -> Developer ID export -> notarytool + staple -> dmg on the Gitea release; iOS archive uploads to TestFlight (app-store-connect/upload). Per-run throwaway keychain; ASC API key authenticates notarization, upload, and automatic-signing profile fetch. macOS App Store lane deferred (needs App Sandbox); tvOS deferred (tier-3 Rust targets). All app targets now share bundle ID io.unom.punktfunk — ONE App Store listing with universal purchase (decided pre-submission; effectively unchangeable after). ITSAppUsesNonExemptEncryption=false declared (standard-algorithm AES-GCM, exempt). build-xcframework.sh resolves Apple toolchains itself: cargo's HOST artifacts (proc-macros, build scripts) are loaded by the running OS, and a newer-than-OS beta Xcode ld emits LINKEDIT layouts dyld rejects ("mis-aligned LINKEDIT string pool" -> misleading E0463) — so prefer a non-beta Xcode for everything, fall back to CLT for mac-only slices (env untouched: an explicit DEVELOPER_DIR=<CLT> trips xcrun's license check), refuse iOS/tvOS without a real Xcode (CLT has no iOS SDK). The runner plist no longer injects DEVELOPER_DIR for the same reason. punktfunk_Logo.icon: dropped the Xcode-27-beta-only Icon Composer features (refractivity, specular-location) — 26.5's actool crashes on them, and store builds must use release Xcode. Visual delta is the refraction/specular nuance only; re-author when 27 ships. Validated on home-mac-mini-1 with Xcode 26.5: mac+iOS xcframework slices, unified bundle IDs, signing-free app build. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 14:34:45 +00:00
enricobuehler	47a69a0063	fix(ci): match real runner labels + survivable Mac runner daemon ... runs-on: ubuntu-24.04 (the label the existing Linux runner actually advertises — ubuntu-latest queued forever). Mac runner: strip the docker:// default labels generate-config seeds (they override the host-mode registration labels and make the daemon demand a Docker engine), and ship the service as a root LaunchDaemon — macOS Local Network privacy silently blocks LAN dials from unbundled CLI binaries in gui/user launchd domains ("no route to host"), system daemons are exempt. Without sudo the script leaves an interim nohup daemon. CI surface documented in CLAUDE.md + docs-site ci.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 12:40:36 +00:00
enricobuehler	f1af74b403	feat(ci): Gitea Actions — dockerized web/docs/rust-ci images, Apple client CI, Mac runner ... Three workflows: ci.yml (Rust workspace inside the punktfunk-rust-ci builder image + web/docs-site build+typecheck), docker.yml (build+push punktfunk-web, punktfunk-docs, punktfunk-rust-ci to git.unom.io — host and native clients stay un-dockerized by design), apple.yml (host-mode macos-arm64 runner: Rust core -> PunktfunkCore.xcframework -> swift build + swift test). ci/rust-ci.Dockerfile: Ubuntu 26.04 with the workspace's link deps (FFmpeg 8, PipeWire, Opus, GL/EGL/GBM, xkbcommon, libcuda via the 580-server userspace as a link stub) + pinned rustup + node for the JS actions. Verified end to end in-container: build, 141/141 tests, C ABI harness; all three images seeded to the registry manually. scripts/ci/setup-macos-runner.sh provisions the Mac (rustup + darwin targets, Node tarball, gitea-runner 1.0.8 host mode, LaunchAgent with DEVELOPER_DIR auto-detect for sudo-free Xcode selection). Docs in docs-site/content/docs/ci.md. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>	2026-06-12 12:28:13 +00:00