-
Notifications
You must be signed in to change notification settings - Fork 9
ci: deterministic capnp codegen via pinned Docker image + drift check #132
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
7 commits
Select commit
Hold shift + click to select a range
27c569e
ci: guard committed capnp code against schema drift
DZakh b502e29
ci: drop internal-implementation comments from capnp job
DZakh fe599f7
ci: generate capnp code in a pinned Docker image for determinism
DZakh 617a1e5
ci: pin capnp codegen base image by digest
DZakh 936ed85
ci: generate capnp code in one docker build, on capnp 1.1.0
DZakh d253ec6
ci: least-privilege token and document .dockerignore
DZakh 8b57cf9
ci: verify pinned capnpc matches the capnp dependency
DZakh File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| # Keep the build context minimal: only the schema is needed for codegen. | ||
| # If the schema ever `import`s another .capnp file, un-ignore it here too. | ||
| * | ||
| !hypersync_net_types.capnp |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,8 @@ | ||
| .PHONY: generate_capnp_types clean_generated_capnp_types | ||
|
|
||
| generate_capnp_types: | ||
| capnp compile hypersync_net_types.capnp -o rust:./src/__generated__ | ||
| rustfmt src/__generated__/hypersync_net_types_capnp.rs | ||
| DOCKER_BUILDKIT=1 docker build -f capnp-codegen.Dockerfile --target export \ | ||
| --output type=local,dest=src/__generated__ . | ||
|
|
||
| clean_generated_capnp_types: | ||
| rm -f src/__generated__/hypersync_net_types_capnp.rs |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,25 @@ | ||
| # Pinned toolchain for deterministic Cap'n Proto code generation. Generating | ||
| # inside this image keeps the committed output byte-for-byte reproducible across | ||
| # developer machines and CI, regardless of the host's capnp/rustfmt versions. | ||
| FROM rust:1.94-slim-trixie@sha256:cf09adf8c3ebaba10779e5c23ff7fe4df4cccdab8a91f199b0c142c53fef3e1a AS codegen | ||
|
|
||
| # Must stay compatible with the `capnp` runtime dependency in Cargo.toml. | ||
| ARG CAPNPC_VERSION=0.23.2 | ||
| # The capnp compiler version affects the generated schema blobs, so pin it too. | ||
| ARG CAPNPROTO_VERSION=1.1.0-2 | ||
|
|
||
| RUN apt-get update \ | ||
| && apt-get install -y --no-install-recommends "capnproto=${CAPNPROTO_VERSION}" \ | ||
| && rm -rf /var/lib/apt/lists/* | ||
| RUN rustup component add rustfmt | ||
| RUN cargo install capnpc --version "=${CAPNPC_VERSION}" --locked | ||
|
|
||
| WORKDIR /work | ||
| COPY hypersync_net_types.capnp . | ||
| RUN mkdir -p out \ | ||
| && capnp compile hypersync_net_types.capnp -o rust:out \ | ||
| && rustfmt out/hypersync_net_types_capnp.rs | ||
|
|
||
| # Minimal stage so `docker build --output` exports only the generated file. | ||
| FROM scratch AS export | ||
| COPY --from=codegen /work/out/hypersync_net_types_capnp.rs / | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.