1name: CI 2on: 3 # Run CI for PRs to `main` and to release branches. 4 # 5 # Note that PRs to `main` will run a subset of tests and PRs to the 6 # `release-*` branches will run full CI. 7 pull_request: 8 branches: 9 - main 10 - 'release-*' 11 12 # This is the CI that runs for PRs-to-merge. 13 merge_group: 14 15 push: 16 branches: 17 # Right now merge queues can't be used with wildcards in branch protections 18 # so full CI runs both on PRs to release branches as well as merges to 19 # release branches. Note that the merge to a release branch may produce a 20 # tag at the end of CI if successful and the tag will trigger the artifact 21 # uploads as well as publication to crates.io. 22 - 'release-*' 23 24 # Allow manually triggering this request via a button or another workflow. 25 workflow_dispatch: 26 27defaults: 28 run: 29 shell: bash 30 31# Cancel any in-flight jobs for the same PR/branch so there's only one active 32# at a time 33concurrency: 34 group: ${{ github.workflow }}-${{ github.ref }}2 35 cancel-in-progress: true 36 37jobs: 38 # Check Code style quickly by running `rustfmt` over all code 39 rustfmt: 40 name: Rustfmt 41 runs-on: ubuntu-latest 42 steps: 43 - uses: actions/checkout@v4 44 with: 45 submodules: true 46 - uses: ./.github/actions/install-rust 47 - run: rustup component add rustfmt 48 - run: cargo fmt --all -- --check 49 50 # Quick JS formatting/linting checks for the little bits of JS we have for the 51 # `wasmtime explore` UI. 52 check_js: 53 name: Check JS 54 runs-on: ubuntu-latest 55 steps: 56 - uses: actions/checkout@v4 57 - run: npm install 58 working-directory: ./crates/explorer 59 - run: npm run lint 60 working-directory: ./crates/explorer 61 - run: npm run fmt-check 62 working-directory: ./crates/explorer 63 64 # Check Code style quickly by running `clang-format` over all the C/C++ code 65 # 66 # Note that `wasmtime-platform.h` is excluded here as it's auto-generated. 67 clangformat: 68 name: Clang format 69 runs-on: ubuntu-24.04 70 steps: 71 - uses: actions/checkout@v4 72 with: 73 submodules: true 74 - run: | 75 git ls-files '*.h' '*.c' '*.cpp' '*.hh' '*.cc' | \ 76 grep -v wasmtime-platform.h | \ 77 grep -v wasm.h | \ 78 xargs clang-format-18 --dry-run --Werror --verbose 79 # Make sure our `clangformat.sh` helper script keeps running and stays 80 # in-sync with the previous check. 81 - run: crates/c-api/clangformat.sh 82 - run: git diff --exit-code 83 84 # Lint dependency graph for security advisories, duplicate versions, and 85 # incompatible licences 86 cargo_deny: 87 name: Cargo deny 88 needs: determine 89 if: needs.determine.outputs.audit 90 runs-on: ubuntu-latest 91 steps: 92 - uses: actions/checkout@v4 93 with: 94 submodules: true 95 - uses: ./.github/actions/install-rust 96 - run: | 97 set -e 98 curl --retry 5 --retry-all-errors -L -o cargo-deny.tar.gz https://github.com/EmbarkStudios/cargo-deny/releases/download/0.18.2/cargo-deny-0.18.2-x86_64-unknown-linux-musl.tar.gz 99 tar xzf cargo-deny.tar.gz 100 rm cargo-deny.tar.gz 101 mv cargo-deny-*-x86_64-unknown-linux-musl/cargo-deny cargo-deny 102 echo `pwd` >> $GITHUB_PATH 103 - run: cargo deny check bans licenses 104 105 # Ensure dependencies are vetted. See https://mozilla.github.io/cargo-vet/ 106 # 107 # Note that this step, on PRs only, is allowed to fail. This is then followed 108 # up with the `cargo_vet_failure_for_prs` step below. The intention is to 109 # avoid causing this check to fail PRs while still enabling it to fail the 110 # merge queue checks. That way PRs can enter the merge queue when this step is 111 # failing if `main` has picked up `cargo vet` entries in the meantime for the 112 # failures. 113 cargo_vet: 114 name: Cargo vet 115 needs: determine 116 if: github.repository == 'bytecodealliance/wasmtime' && needs.determine.outputs.audit 117 runs-on: ubuntu-latest 118 outputs: 119 outcome: ${{ steps.vet.outcome }} 120 steps: 121 - uses: actions/checkout@v4 122 with: 123 submodules: true 124 - uses: ./.github/actions/install-rust 125 - uses: ./.github/actions/install-cargo-vet 126 - id: vet 127 run: cargo vet --locked 128 continue-on-error: ${{ github.event_name == 'pull_request' }} 129 130 # Double-check that if versions are bumped that `cargo vet` still works. 131 # This is intended to weed out mistakes such as #9115 from happening again. 132 - run: rustc scripts/publish.rs && ./publish bump-patch && cargo vet 133 name: Ensure `cargo vet` works if versions are bumped 134 135 cargo_vet_failure_for_prs: 136 name: Cargo vet failed on a Pull Request 137 needs: 138 - determine 139 - cargo_vet 140 if: | 141 needs.determine.outputs.audit 142 && github.event_name == 'pull_request' 143 && needs.cargo_vet.outputs.outcome == 'failure' 144 runs-on: ubuntu-latest 145 steps: 146 # NB: this message ideally would link back to the previous step, but I'm not 147 # sure how to easily do that. 148 - run: | 149 echo 'failed to run "cargo vet", see previous `Cargo vet` step' 150 echo 'exiting with a nonzero status now to alert PR authors' 151 echo 'note, though, that this PR can still enter the merge queue' 152 echo '' 153 echo 'See https://docs.wasmtime.dev/contributing-coding-guidelines.html#cargo-vet-for-contributors' 154 echo 'for more information about the vetting process for Wasmtime' 155 exit 1 156 157 # This job is a dependency of many of the jobs below. This calculates what's 158 # actually being run for this workflow. For example: 159 # 160 # * Pushes to branches, which is currently both pushes to merge queue branches 161 # as well as release branches, perform full CI. 162 # * PRs to release branches (not `main`) run full CI. 163 # * PRs to `main` will only run a few smoke tests above plus some elements of 164 # the test matrix. The test matrix here is determined dynamically by the 165 # `./ci/build-test-matrix.js` script given the commits that happened and 166 # the files modified. 167 determine: 168 name: Determine CI jobs to run 169 runs-on: ubuntu-latest 170 outputs: 171 run-full: ${{ steps.calculate.outputs.run-full }} 172 test-matrix: ${{ steps.calculate.outputs.test-matrix }} 173 build-matrix: ${{ steps.calculate.outputs.build-matrix }} 174 test-capi: ${{ steps.calculate.outputs.test-capi }} 175 test-nightly: ${{ steps.calculate.outputs.test-nightly }} 176 test-miri: ${{ steps.calculate.outputs.test-miri }} 177 audit: ${{ steps.calculate.outputs.audit }} 178 preview1-adapter: ${{ steps.calculate.outputs.preview1-adapter }} 179 run-dwarf: ${{ steps.calculate.outputs.run-dwarf }} 180 platform-checks: ${{ steps.calculate.outputs.platform-checks }} 181 steps: 182 - uses: actions/checkout@v4 183 - id: calculate 184 env: 185 GH_TOKEN: ${{ github.token }} 186 run: | 187 touch commits.log names.log 188 # Note that CI doesn't run on pushes to `main`, only pushes to merge 189 # queue branches and release branches, so this only runs full CI in 190 # those locations. 191 if [ "${{ github.event_name }}" != "pull_request" ]; then 192 run_full=true 193 else 194 pr=${{ github.event.number }} 195 gh pr view $pr --json commits | tee commits.log 196 gh pr diff $pr --name-only | tee names.log || echo "failed to get files" 197 if [ "${{ github.base_ref }}" != "main" ]; then 198 run_full=true 199 elif grep -q 'prtest:full' commits.log; then 200 run_full=true 201 elif grep -q 'prtest:debug' commits.log; then 202 echo run-dwarf=true >> $GITHUB_OUTPUT 203 elif grep -q 'prtest:platform-checks' commits.log; then 204 echo platform-checks=true >> $GITHUB_OUTPUT 205 elif grep -q 'prtest:miri' commits.log; then 206 echo test-miri=true >> $GITHUB_OUTPUT 207 elif grep -q 'prtest:capi' commits.log; then 208 echo test-capi=true >> $GITHUB_OUTPUT 209 fi 210 if grep -q crates.c-api names.log; then 211 echo test-capi=true >> $GITHUB_OUTPUT 212 fi 213 if grep -q fuzz names.log; then 214 echo test-nightly=true >> $GITHUB_OUTPUT 215 fi 216 if grep -q sys.custom names.log; then 217 echo test-nightly=true >> $GITHUB_OUTPUT 218 fi 219 if grep -q Cargo.lock names.log; then 220 echo audit=true >> $GITHUB_OUTPUT 221 fi 222 if grep -q supply-chain names.log; then 223 echo audit=true >> $GITHUB_OUTPUT 224 fi 225 if grep -q component-adapter names.log; then 226 echo preview1-adapter=true >> $GITHUB_OUTPUT 227 fi 228 if grep -q debug names.log; then 229 echo run-dwarf=true >> $GITHUB_OUTPUT 230 fi 231 if grep -q pulley names.log; then 232 echo test-nightly=true >> $GITHUB_OUTPUT 233 fi 234 fi 235 matrix="$(node ./ci/build-test-matrix.js ./commits.log ./names.log $run_full)" 236 echo "test-matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT 237 echo "$matrix" 238 239 matrix="$(node ./ci/build-build-matrix.js)" 240 echo "build-matrix={\"include\":$(echo $matrix)}" >> $GITHUB_OUTPUT 241 242 if [ "$run_full" = "true" ]; then 243 echo run-full=true >> $GITHUB_OUTPUT 244 echo test-capi=true >> $GITHUB_OUTPUT 245 echo test-nightly=true >> $GITHUB_OUTPUT 246 echo test-miri=true >> $GITHUB_OUTPUT 247 echo audit=true >> $GITHUB_OUTPUT 248 echo preview1-adapter=true >> $GITHUB_OUTPUT 249 echo run-dwarf=true >> $GITHUB_OUTPUT 250 echo platform-checks=true >> $GITHUB_OUTPUT 251 fi 252 253 # Build all documentation of Wasmtime, including the C API documentation, 254 # mdbook documentation, etc. This produces a `gh-pages` artifact which is what 255 # gets uploaded to the `gh-pages` branch later on. 256 doc: 257 needs: determine 258 if: needs.determine.outputs.run-full 259 name: Doc build 260 runs-on: ubuntu-latest 261 env: 262 MDBOOK_VERSION: 0.4.37 263 MDBOOK_LANGTABS_VERSION: 0.1.1 264 RUSTDOCFLAGS: -Dwarnings --cfg docsrs 265 OPENVINO_SKIP_LINKING: 1 266 steps: 267 - uses: actions/checkout@v4 268 with: 269 submodules: true 270 - uses: ./.github/actions/install-rust 271 with: 272 toolchain: wasmtime-ci-pinned-nightly 273 274 # Build C API documentation 275 - run: | 276 curl --retry 5 --retry-all-errors -o doxygen.tar.gz -L https://github.com/doxygen/doxygen/releases/download/Release_1_9_3/doxygen-1.9.3.linux.bin.tar.gz 277 tar xzf doxygen.tar.gz 278 rm doxygen.tar.gz 279 - run: echo "`pwd`/doxygen-1.9.3/bin" >> $GITHUB_PATH 280 - run: cmake -S crates/c-api -B target/c-api 281 - run: cmake --build target/c-api --target doc 282 283 # install mdbook, build the docs, and test the docs 284 - uses: actions/cache@v4 285 with: 286 path: ${{ runner.tool_cache }}/mdbook 287 key: cargo-mdbook-${{ env.MDBOOK_VERSION }}-langtabs-${{ env.MDBOOK_LANGTABS_VERSION }} 288 - run: | 289 echo "${{ runner.tool_cache }}/mdbook/bin" >> $GITHUB_PATH 290 cargo install --root ${{ runner.tool_cache }}/mdbook --version ${{ env.MDBOOK_VERSION }} mdbook --locked 291 cargo install --root ${{ runner.tool_cache }}/mdbook --version ${{ env.MDBOOK_LANGTABS_VERSION }} mdbook-langtabs --locked 292 - run: (cd docs && mdbook build) 293 294 # Build Rust API documentation. 295 # 296 # Enable extra features in crates as well to ensure they're documented 297 - run: | 298 cargo doc --no-deps --workspace \ 299 --exclude wasmtime-cli \ 300 --exclude test-programs \ 301 --exclude cranelift-codegen-meta \ 302 --exclude wasmtime-wasi-nn \ 303 --exclude wasmtime-fuzzing \ 304 --exclude wasm-spec-interpreter \ 305 --exclude calculator \ 306 --all-features 307 - run: cargo doc --package cranelift-codegen-meta --document-private-items 308 309 # Assemble the documentation, and always upload it as an artifact for 310 # inspection on PRs and such. 311 - run: | 312 mv docs/book gh-pages 313 mv crates/c-api/html gh-pages/c-api 314 mv target/doc gh-pages/api 315 tar czf gh-pages.tar.gz gh-pages 316 - uses: actions/upload-artifact@v4 317 with: 318 name: gh-pages 319 path: gh-pages.tar.gz 320 321 # Checks of various feature combinations and whether things compile. The goal 322 # here isn't to run tests, mostly just serve as a double-check that Rust code 323 # compiles and is likely to work everywhere else. 324 micro_checks: 325 name: Check ${{matrix.name}} 326 strategy: 327 fail-fast: ${{ github.event_name != 'pull_request' }} 328 matrix: 329 include: 330 - name: wasmtime 331 checks: | 332 -p wasmtime --no-default-features 333 -p wasmtime --no-default-features --features wat 334 -p wasmtime --no-default-features --features profiling 335 -p wasmtime --no-default-features --features cache 336 -p wasmtime --no-default-features --features async 337 -p wasmtime --no-default-features --features std 338 -p wasmtime --no-default-features --features pooling-allocator 339 -p wasmtime --no-default-features --features cranelift 340 -p wasmtime --no-default-features --features component-model 341 -p wasmtime --no-default-features --features component-model-async 342 -p wasmtime --no-default-features --features runtime,component-model 343 -p wasmtime --no-default-features --features cranelift,wat,async,std,cache 344 -p wasmtime --no-default-features --features winch 345 -p wasmtime --no-default-features --features wmemcheck 346 -p wasmtime --no-default-features --features wmemcheck,cranelift,runtime 347 -p wasmtime --no-default-features --features demangle 348 -p wasmtime --no-default-features --features addr2line 349 -p wasmtime --no-default-features --features gc 350 -p wasmtime --no-default-features --features runtime,gc 351 -p wasmtime --no-default-features --features cranelift,gc 352 -p wasmtime --no-default-features --features gc-drc 353 -p wasmtime --no-default-features --features runtime,gc-drc 354 -p wasmtime --no-default-features --features cranelift,gc-drc 355 -p wasmtime --no-default-features --features gc-null 356 -p wasmtime --no-default-features --features runtime,gc-null 357 -p wasmtime --no-default-features --features cranelift,gc-null 358 -p wasmtime --no-default-features --features runtime 359 -p wasmtime --no-default-features --features threads 360 -p wasmtime --no-default-features --features runtime,threads 361 -p wasmtime --no-default-features --features cranelift,threads 362 -p wasmtime --no-default-features --features stack-switching 363 -p wasmtime --no-default-features --features cranelift,stack-switching 364 -p wasmtime --no-default-features --features runtime,stack-switching 365 -p wasmtime --no-default-features --features debug 366 -p wasmtime --no-default-features --features debug,gc 367 -p wasmtime --no-default-features --features runtime,cache 368 -p wasmtime --features incremental-cache 369 -p wasmtime --features profile-pulley 370 -p wasmtime --all-features 371 372 - name: wasmtime-fiber 373 checks: | 374 -p wasmtime-internal-fiber --no-default-features 375 -p wasmtime-internal-fiber --no-default-features --features std 376 -p wasmtime-internal-fiber --all-features 377 378 - name: wasmtime-cli 379 checks: | 380 -p wasmtime-cli --no-default-features 381 -p wasmtime-cli --no-default-features --features pooling-allocator 382 -p wasmtime-cli --no-default-features --features run 383 -p wasmtime-cli --no-default-features --features run,component-model 384 -p wasmtime-cli --no-default-features --features run,pooling-allocator 385 -p wasmtime-cli --no-default-features --features compile 386 -p wasmtime-cli --no-default-features --features compile,cranelift 387 -p wasmtime-cli --no-default-features --features compile,cranelift,component-model 388 -p wasmtime-cli --no-default-features --features objdump 389 -p wasmtime-cli --no-default-features --features wizer 390 -p wasmtime-cli --all-features 391 -p wasmtime-cli --features component-model 392 393 - name: cranelift-codegen 394 checks: | 395 -p cranelift-codegen --benches 396 -p cranelift-codegen --no-default-features --features std,unwind,pulley 397 398 - name: cranelift-entity 399 checks: | 400 -p cranelift-entity --no-default-features 401 -p cranelift-entity --no-default-features --features enable-serde 402 403 - name: wasmtime-bench-api 404 checks: | 405 -p wasmtime-bench-api 406 407 - name: wasmtime-c-api 408 checks: | 409 -p wasmtime-c-api --no-default-features 410 -p wasmtime-c-api --no-default-features --features wat 411 -p wasmtime-c-api --no-default-features --features wasi 412 413 - name: wasmtime-wasi-http 414 checks: | 415 -p wasmtime-wasi-http --no-default-features 416 -p wasmtime-wasi-http --no-default-features --features p3 417 -p wasmtime-wasi-http --no-default-features --features p3 --all-targets 418 419 - name: wasmtime-wasi 420 checks: | 421 -p wasmtime-wasi --no-default-features 422 -p wasmtime-wasi --no-default-features --features p0 423 -p wasmtime-wasi --no-default-features --features p1 424 -p wasmtime-wasi --no-default-features --features p2 425 -p wasmtime-wasi --no-default-features --features p3 426 427 - name: wasmtime-wizer 428 checks: | 429 -p wasmtime-wizer --no-default-features 430 -p wasmtime-wizer --no-default-features --features wasmtime 431 -p wasmtime-wizer --no-default-features --features wasmprinter 432 -p wasmtime-wizer --no-default-features --features component-model 433 -p wasmtime-wizer --no-default-features --features rayon 434 -p wasmtime-wizer --no-default-features --all-features 435 runs-on: ubuntu-latest 436 steps: 437 - uses: actions/checkout@v4 438 with: 439 submodules: true 440 - uses: ./.github/actions/install-rust 441 442 # Run the check. 443 - run: | 444 checks=$(cat <<END 445 ${{ matrix.checks }} 446 END 447 ) 448 echo "$checks" | xargs -I CHECK sh -c 'echo "=== cargo check CHECK ==="; cargo check CHECK' 449 450 special_tests: 451 name: One-off special tests 452 runs-on: ubuntu-latest 453 needs: determine 454 if: needs.determine.outputs.run-full 455 steps: 456 - uses: actions/checkout@v4 457 with: 458 submodules: true 459 - uses: ./.github/actions/install-rust 460 - run: cargo test -p wasmtime-internal-fiber --no-default-features 461 - run: cargo test -p cranelift-tools --test logged-filetests 462 463 # Check that Clippy lints are passing. 464 clippy: 465 name: Clippy 466 runs-on: ubuntu-latest 467 env: 468 CARGO_NDK_VERSION: 2.12.2 469 steps: 470 - uses: actions/checkout@v4 471 with: 472 submodules: true 473 - uses: ./.github/actions/install-rust 474 475 - run: rustup component add clippy 476 - run: cargo clippy --workspace --all-targets --features p3,component-model-async 477 478 # Similar to `micro_checks` but where we need to install some more state 479 # (e.g. Android NDK) and we haven't factored support for those things out into 480 # a parallel jobs yet. 481 monolith_checks: 482 name: Monolith Checks 483 runs-on: ubuntu-latest 484 env: 485 CARGO_NDK_VERSION: 2.12.2 486 steps: 487 - uses: actions/checkout@v4 488 with: 489 submodules: true 490 - uses: ./.github/actions/install-rust 491 492 # Check that wasmtime compiles with panic=abort since there's some `#[cfg]` 493 # for specifically panic=abort there. 494 - run: cargo check -p wasmtime 495 env: 496 RUSTFLAGS: -Cpanic=abort 497 498 # Check a few builds of the cranelift backend 499 # - only x86 backend support, 500 # - only arm64 backend support, 501 # - no debug_assertions. 502 - run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util --no-default-features --features=cranelift-codegen/arm64 503 - run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util --no-default-features --features=cranelift-codegen/x86 504 - run: cargo check --manifest-path=./cranelift/Cargo.toml --bin clif-util 505 env: 506 CARGO_PROFILE_DEV_DEBUG_ASSERTIONS: false 507 508 # Re-vendor all WIT files and ensure that they're all up-to-date by ensuring 509 # that there's no git changes. 510 - name: Install wkg 511 run: | 512 curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash 513 cargo binstall --no-confirm [email protected] 514 - name: Re-vendor WIT 515 run: ./ci/vendor-wit.sh 516 - run: git diff --exit-code 517 518 # Re-vendor the C API and make sure it's up-to-date. 519 - name: Re-vendor C API 520 run: ./ci/vendor-c-api-headers.sh 521 - run: git diff --exit-code 522 523 # Various checks that Wasmtime builds for a variety of platforms. Each 524 # platform may not include the entire dependency tree and maybe just a few 525 # features here and there, see the `include` matrix for more details. 526 platform_checks: 527 needs: determine 528 if: needs.determine.outputs.platform-checks 529 name: "Platform: ${{ matrix.target }}" 530 runs-on: ${{ matrix.os }} 531 strategy: 532 fail-fast: ${{ github.event_name != 'pull_request' }} 533 matrix: 534 include: 535 - target: x86_64-unknown-freebsd 536 os: ubuntu-latest 537 test: cargo check 538 - target: aarch64-pc-windows-msvc 539 os: windows-latest 540 test: cargo check 541 # While we're here testing a windows target also test a feature'd build 542 # on Windows. Note that this isn't covered by `micro_checks` above since 543 # that's for unix platforms, not Windows, so include a small check here 544 # which isn't the full `micro_checks` matrix but hopefully enough bang 545 # for our buck. 546 - target: i686-pc-windows-msvc 547 os: windows-latest 548 test: cargo check && cargo build -p wasmtime --no-default-features --features runtime 549 # This is used for general compatibility with `#![no_std]` targets and a 550 # variety of crates are tested here. 551 - target: x86_64-unknown-none 552 os: ubuntu-latest 553 test: > 554 cargo check -p wasmtime --no-default-features --features runtime,component-model && 555 cargo check -p wasmtime --no-default-features --features runtime,gc,component-model,async,debug-builtins && 556 cargo check -p cranelift-control --no-default-features && 557 cargo check -p cranelift-assembler-x64 --lib && 558 cargo check -p pulley-interpreter --features encode,decode,disas,interp && 559 cargo check -p wasmtime-wasi-io --no-default-features 560 # Use `cross` for illumos to have a C compiler/linker available. 561 - target: x86_64-unknown-illumos 562 os: ubuntu-latest 563 cross: true 564 test: cross build 565 - target: wasm32-wasip1 566 os: ubuntu-latest 567 test: cargo build --no-default-features --features compile,cranelift,all-arch 568 - target: aarch64-apple-ios 569 os: macos-latest 570 test: cargo build 571 env: 572 IPHONEOS_DEPLOYMENT_TARGET: 13.0 573 # Test that when Cranelift has no support for an architecture, even a 574 # 64-bit one, that Wasmtime still compiles. Note that this is also 575 # intended to test various fallbacks in the codebase where we have no 576 # support at all for a particular architecture. In theory if someone 577 # adds powerpc64 support to Wasmtime this should get switched to some 578 # other architecture. 579 - target: powerpc64le-unknown-linux-gnu 580 os: ubuntu-latest 581 test: cargo build 582 apt_packages: gcc-powerpc64le-linux-gnu 583 env: 584 CARGO_TARGET_POWERPC64LE_UNKNOWN_LINUX_GNU_LINKER: powerpc64le-linux-gnu-gcc 585 # A no_std target without 64-bit atomics 586 - target: riscv32imac-unknown-none-elf 587 os: ubuntu-latest 588 test: cargo check -p wasmtime --no-default-features --features runtime,gc,component-model,async 589 env: ${{ matrix.env || fromJSON('{}') }} 590 steps: 591 - uses: actions/checkout@v4 592 with: 593 submodules: true 594 - uses: ./.github/actions/install-rust 595 - run: rustup target add ${{ matrix.target }} 596 - name: Install cross 597 run: | 598 curl -L --proto '=https' --tlsv1.2 -sSf https://raw.githubusercontent.com/cargo-bins/cargo-binstall/main/install-from-binstall-release.sh | bash 599 cargo binstall --no-confirm cross 600 if: ${{ matrix.cross }} 601 - name: Install apt packages 602 if: ${{ matrix.apt_packages }} 603 run: sudo apt-get update && sudo apt-get install -y ${{ matrix.apt_packages }} 604 - run: ${{ matrix.test }} 605 env: 606 CARGO_BUILD_TARGET: ${{ matrix.target }} 607 608 # Run tests that require a nightly compiler, such as building fuzz targets. 609 test_nightly: 610 needs: determine 611 if: needs.determine.outputs.test-nightly 612 name: Nightly tests 613 runs-on: ubuntu-latest 614 steps: 615 - uses: actions/checkout@v4 616 with: 617 submodules: true 618 - uses: ./.github/actions/install-rust 619 with: 620 # This is pinned to match the version of Rust used on OSS-Fuzz to build 621 # Wasmtime. Do not change this `toolchain` version. 622 toolchain: wasmtime-ci-oss-fuzz-pin 623 624 # Check that `pulley-interpreter` works with tail calls enabled. 625 - run: cargo test -p pulley-interpreter --all-features 626 env: 627 RUSTFLAGS: "--cfg pulley_tail_calls" 628 - run: cargo check -p pulley-interpreter --all-features 629 env: 630 RUSTFLAGS: "--cfg pulley_disable_interp_simd" 631 - run: cargo test -p pulley-interpreter --all-features --release 632 env: 633 RUSTFLAGS: "--cfg pulley_assume_llvm_makes_tail_calls" 634 635 # Run OOM tests with `Arc::try_new` usage enabled. 636 - run: cargo test -p wasmtime-fuzzing --test oom 637 env: 638 RUSTFLAGS: "--cfg arc_try_new" 639 640 # Ensure that fuzzers still build. 641 # 642 # Install the OCaml packages necessary for fuzz targets that use the 643 # `wasm-spec-interpreter`. 644 - run: cargo install cargo-fuzz --vers "^0.11" --locked 645 - run: sudo apt-get update && sudo apt install -y ocaml-nox ocamlbuild ocaml-findlib libzarith-ocaml-dev 646 - run: cargo fetch 647 working-directory: ./fuzz 648 - run: cargo fuzz check --dev 649 - run: cargo fuzz check --dev --fuzz-dir ./cranelift/isle/fuzz 650 - run: cargo fuzz check --dev --fuzz-dir ./crates/environ/fuzz --features component-model 651 - run: cargo fuzz check --dev --fuzz-dir ./cranelift/assembler-x64/fuzz 652 - run: cargo fuzz check --dev --fuzz-dir ./crates/wizer/fuzz 653 654 # Perform all tests of the c-api 655 test_capi: 656 needs: determine 657 name: Test C-API ${{ matrix.name }} 658 runs-on: ${{ matrix.os }} 659 if: needs.determine.outputs.test-capi 660 661 strategy: 662 fail-fast: ${{ github.event_name != 'pull_request' }} 663 matrix: 664 include: 665 # This configuration will build C/C++ tests, examples, and Rust tests. 666 # Everything is linked against the C shared library to speed up 667 # linking, and this is intended to be the "main set of tests". 668 # 669 # Run this on windows/mac/linux 670 - os: ubuntu-24.04 671 # Only run the "plugins" example on Linux 672 flags: -DBUILD_SHARED_LIBS=ON -DBUILD_TESTS=ON -DBUILD_RUST_EXAMPLES=ON -DBUILD_RUST_PLUGINS_EXAMPLE=ON 673 name: Linux 674 - os: macos-15 675 flags: -DBUILD_SHARED_LIBS=ON -DBUILD_TESTS=ON -DBUILD_RUST_EXAMPLES=ON 676 name: macOS 677 - os: windows-2025 678 # Note that dynamic linking is disabled here because I don't want to 679 # have to deal with figuring out how to get `wasmtime.dll` onto 680 # `PATH` for various tests. 681 flags: -DBUILD_SHARED_LIBS=OFF -DBUILD_TESTS=ON -DBUILD_RUST_EXAMPLES=ON 682 name: Windows 683 684 # This tests using static linking for examples but skips building the 685 # Rust examples as well as C/C++ tests. Intended to be a faster build 686 # which mostly just tests static linking. 687 - os: ubuntu-24.04 688 flags: -DBUILD_SHARED_LIBS=OFF -DBUILD_RUST_EXAMPLES=OFF 689 name: Linux (static linking) 690 691 # Run tests with ASAN for leak checking primarily. 692 - os: ubuntu-24.04 693 flags: -DCMAKE_C_FLAGS=-fsanitize=address -DCMAKE_CXX_FLAGS=-fsanitize=address -DBUILD_SHARED_LIBS=ON -DBUILD_TESTS=ON 694 name: Linux (ASAN) 695 steps: 696 - uses: actions/checkout@v4 697 with: 698 submodules: true 699 - uses: ./.github/actions/install-rust 700 - run: rustup target add wasm32-wasip2 701 702 - uses: ./.github/actions/install-plugins-prerequisites 703 if: runner.os == 'Linux' 704 705 - uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 706 # An ode to MinGW: man you're a pain to work around sometimes 707 - run: rm /usr/bin/link 708 if: runner.os == 'Windows' 709 710 - run: cmake -G Ninja -Sexamples -DCMAKE_BUILD_TYPE=Debug -Bexamples/build ${{ matrix.flags }} 711 - run: ninja -C examples/build 712 - run: ninja -C examples/build test 713 env: 714 CTEST_OUTPUT_ON_FAILURE: 1 715 CTEST_PARALLEL_LEVEL: 4 716 717 # Perform all tests (debug mode) for `wasmtime`. 718 # 719 # Note that the full matrix for what may run here is defined within 720 # `./ci/build-test-matrix.js` and the execution of the `determine` step will 721 # calculate whether the tests are actually run as part of PRs and such. 722 test: 723 needs: determine 724 name: ${{ matrix.name }} 725 runs-on: ${{ matrix.os }} 726 env: 727 QEMU_BUILD_VERSION: 10.0.3 728 SDE_BUILD_VERSION: 9.58.0-2025-06-16 729 strategy: 730 fail-fast: ${{ github.event_name != 'pull_request' }} 731 matrix: ${{ fromJson(needs.determine.outputs.test-matrix) }} 732 steps: 733 - uses: actions/checkout@v4 734 with: 735 submodules: true 736 - uses: ./.github/actions/install-rust 737 with: 738 toolchain: ${{ matrix.rust }} 739 740 # Install targets in order to build various tests throughout the repo 741 - run: rustup target add wasm32-wasip1 wasm32-unknown-unknown ${{ matrix.target }} 742 - run: echo CARGO_BUILD_TARGET=${{ matrix.target }} >> $GITHUB_ENV 743 if: matrix.target != '' 744 745 # Fix an ICE for now in gcc when compiling zstd with debuginfo (??) 746 - run: echo CFLAGS=-g0 >> $GITHUB_ENV 747 if: matrix.target == 'x86_64-pc-windows-gnu' 748 749 # Update binutils if MinGW due to https://github.com/rust-lang/rust/issues/112368 750 - run: C:/msys64/usr/bin/pacman.exe -S --needed mingw-w64-x86_64-gcc --noconfirm 751 if: matrix.target == 'x86_64-pc-windows-gnu' 752 - shell: pwsh 753 run: echo "C:\msys64\mingw64\bin" >> $Env:GITHUB_PATH 754 if: matrix.target == 'x86_64-pc-windows-gnu' 755 756 - run: cargo fetch --locked 757 758 - name: Install cross-compilation tools 759 run: | 760 set -ex 761 762 sudo apt-get update 763 sudo apt-get install -y ${{ matrix.gcc_package }} 764 765 # Configure Cargo for cross compilation and tell it how it can run 766 # cross executables 767 upcase=$(echo ${{ matrix.target }} | awk '{ print toupper($0) }' | sed 's/-/_/g') 768 echo CARGO_TARGET_${upcase}_LINKER=${{ matrix.gcc }} >> $GITHUB_ENV 769 if: matrix.gcc != '' 770 771 - uses: actions/cache@v4 772 with: 773 path: ${{ runner.tool_cache }}/qemu 774 key: qemu-${{ matrix.target }}-${{ env.QEMU_BUILD_VERSION }}-patchcpuinfo 775 if: matrix.qemu != '' 776 777 - uses: actions/cache@v4 778 with: 779 path: ${{ runner.tool_cache }}/sde 780 key: sde-${{ env.SDE_BUILD_VERSION }} 781 if: matrix.sde != '' 782 783 - name: Install qemu 784 run: | 785 set -ex 786 787 upcase=$(echo ${{ matrix.target }} | awk '{ print toupper($0) }' | sed 's/-/_/g') 788 echo CARGO_TARGET_${upcase}_RUNNER=${{ runner.tool_cache }}/qemu/bin/${{ matrix.qemu }} >> $GITHUB_ENV 789 790 # QEMU emulation is not always the speediest, so total testing time 791 # goes down if we build the libs in release mode when running tests. 792 echo CARGO_PROFILE_DEV_OPT_LEVEL=2 >> $GITHUB_ENV 793 794 # See comments in the source for why we enable this during QEMU 795 # emulation. 796 echo WASMTIME_TEST_NO_HOG_MEMORY=1 >> $GITHUB_ENV 797 798 # See if qemu is already in the cache 799 if [ -f ${{ runner.tool_cache }}/qemu/built ]; then 800 exit 0 801 fi 802 803 # Install build dependencies of QEMU itself. 804 sudo apt-get install -y libglib2.0-dev ninja-build 805 806 # Download and build qemu from source since the most recent release is 807 # way faster at arm emulation than the current version github actions' 808 # ubuntu image uses. Disable as much as we can to get it to build 809 # quickly. 810 curl --retry 5 --retry-all-errors -o qemu.tar.xz https://download.qemu.org/qemu-$QEMU_BUILD_VERSION.tar.xz 811 tar xJf qemu.tar.xz 812 rm qemu.tar.xz 813 cd qemu-$QEMU_BUILD_VERSION 814 ./configure --target-list=${{ matrix.qemu_target }} --prefix=${{ runner.tool_cache}}/qemu --disable-tools --disable-slirp --disable-fdt --disable-capstone --disable-docs 815 ninja -C build install 816 touch ${{ runner.tool_cache }}/qemu/built 817 if: matrix.qemu != '' 818 819 - name: Install Intel SDE 820 run: | 821 set -ex 822 823 # Set up SDE as runner for x86_64 targets 824 echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER=${{ runner.tool_cache }}/sde/sde64 -future --" >> $GITHUB_ENV 825 826 # SDE emulation is very slow, so use release mode for better performance 827 echo CARGO_PROFILE_DEV_OPT_LEVEL=2 >> $GITHUB_ENV 828 829 # Enable environment variable to indicate SDE is being used 830 echo WASMTIME_TEST_SDE=1 >> $GITHUB_ENV 831 832 # Generic variable for skipping tests that are problematic under SDE (performance, compatibility, etc.) 833 echo WASMTIME_TEST_NO_SDE=1 >> $GITHUB_ENV 834 835 # Similar to QEMU, reduce memory usage during SDE emulation 836 echo WASMTIME_TEST_NO_HOG_MEMORY=1 >> $GITHUB_ENV 837 838 # See if SDE is already in the cache 839 if [ -f ${{ runner.tool_cache }}/sde/sde64 ]; then 840 exit 0 841 fi 842 843 curl --retry 5 --retry-all-errors -o sde.tar.xz \ 844 https://downloadmirror.intel.com/859732/sde-external-${{ env.SDE_BUILD_VERSION }}-lin.tar.xz 845 846 mkdir -p ${{ runner.tool_cache }}/sde 847 tar xJf sde.tar.xz --strip-components=1 -C ${{ runner.tool_cache }}/sde 848 rm sde.tar.xz 849 850 chmod +x ${{ runner.tool_cache }}/sde/sde64 851 if: matrix.sde != '' 852 853 - name: Configure ASAN 854 run: | 855 echo CARGO_PROFILE_DEV_OPT_LEVEL=2 >> $GITHUB_ENV 856 echo CARGO_PROFILE_TEST_OPT_LEVEL=2 >> $GITHUB_ENV 857 echo RUSTFLAGS=-Zsanitizer=address >> $GITHUB_ENV 858 echo RUSTDOCFLAGS="-Zsanitizer=address -Copt-level=2 -Ccodegen-units=16" >> $GITHUB_ENV 859 if: ${{ contains(matrix.name, 'ASAN') }} 860 861 # Record some CPU details; this is helpful information if tests fail due 862 # to CPU-specific features. 863 - name: CPU information 864 run: lscpu 865 if: runner.os == 'Linux' 866 - name: CPU information 867 run: sysctl hw 868 if: runner.os == 'macOS' 869 - name: CPU information 870 run: Get-WmiObject Win32_Processor 871 shell: pwsh 872 if: runner.os == 'Windows' 873 874 # Since MPK (PKU) is not present on some GitHub runners, we check if it is 875 # available before force-enabling it. This occasional testing is better than 876 # none at all; ideally we would test in a system-mode QEMU VM. 877 - name: Force-run with MPK enabled, if available 878 if: ${{ contains(matrix.name, 'MPK') }} 879 run: | 880 if cargo run --example mpk-available; then 881 echo "::notice::This CI run will force-enable MPK; this ensures tests conditioned with the \`WASMTIME_TEST_FORCE_MPK\` environment variable will run with MPK-protected memory pool stripes." 882 echo WASMTIME_TEST_FORCE_MPK=1 >> $GITHUB_ENV 883 else 884 echo "::warning::This CI run will not test MPK; it has been detected as not available on this machine (\`cargo run --example mpk-available\`)." 885 fi 886 887 # Install VTune, see `cli_tests::profile_with_vtune`. 888 - name: Install VTune 889 if: matrix.filter == 'linux-x64' && contains(matrix.bucket, 'wasmtime-cli') 890 uses: abrown/install-vtune-action@v3 891 892 # Build and test all features. 893 # 894 # Note that this uses a different shell, notably not `bash` on Windows. In 895 # the past `bash` would add more items to `PATH` on Windows which would 896 # interfere and cause the `gcc.exe` executable to fail and exit with 1 and 897 # no output. It's believed that `bash` adds things like `/usr/bin` to PATH 898 # which is the wrong DLL or something like that. 899 - run: python3 ./ci/run-tests.py --locked ${{ matrix.bucket }} 900 if: runner.os == 'Windows' 901 shell: pwsh 902 - run: python3 ./ci/run-tests.py --locked ${{ matrix.bucket }} 903 if: runner.os != 'Windows' 904 905 # Test `wasmtime-wasi-nn` in its own job, as not all of its backends are 906 # compatible with all targets, and each must be tested separately anyways. 907 test_wasi_nn: 908 strategy: 909 matrix: 910 feature: ["openvino", "onnx-download"] 911 os: ["ubuntu-24.04", "windows-2025"] 912 include: 913 - os: windows-2025 914 feature: winml 915 name: Test wasi-nn (${{ matrix.feature }}, ${{ matrix.os }}) 916 runs-on: ${{ matrix.os }} 917 needs: determine 918 if: needs.determine.outputs.run-full 919 steps: 920 - uses: actions/checkout@v4 921 with: 922 submodules: true 923 - uses: ./.github/actions/install-rust 924 925 # Install OpenVINO 926 - uses: abrown/install-openvino-action@v10 927 if: runner.arch == 'X64' 928 929 # Install WinML for testing wasi-nn WinML backend. WinML is only available 930 # on Windows clients and Windows Server with desktop experience enabled. 931 # GitHub Actions Window Server image doesn't have desktop experience 932 # enabled, so we download the standalone library from ONNX Runtime project. 933 - uses: nuget/setup-nuget@v2 934 if: (runner.os == 'Windows') && (matrix.feature == 'winml') 935 - run: nuget install Microsoft.AI.MachineLearning 936 if: (runner.os == 'Windows') && (matrix.feature == 'winml') 937 938 # Install Rust targets. 939 - run: rustup target add wasm32-wasip1 940 941 # Run the tests! 942 - run: cargo test -p wasmtime-wasi-nn --features ${{ matrix.feature }} 943 944 # Test `wasmtime-wasi-tls-nativetls` & `wasmtime-wasi-tls-openssl` in their 945 # own job. This is because they depends on OpenSSL, which is not easily 946 # available on all platforms. 947 # 948 # The Windows base image has OpenSSL installed by default, but not in a way 949 # that is automatically discoverable by `openssl-sys`. We need to configure 950 # the OPENSSL_DIR & OPENSSL_LIB_DIR paths manually. 951 # Additionally, the GH actions Windows image does not ship with a CA cert 952 # bundle, so we use the one from cUrl. 953 test_wasi_tls: 954 name: Test wasi-tls using native-tls & openssl providers 955 needs: determine 956 if: needs.determine.outputs.run-full 957 runs-on: ${{ matrix.os }} 958 strategy: 959 matrix: 960 os: [ubuntu-latest, windows-latest, macos-latest] 961 steps: 962 - uses: actions/checkout@v4 963 with: 964 submodules: true 965 - uses: ./.github/actions/install-rust 966 - name: Configure OpenSSL (Windows) 967 if: runner.os == 'Windows' 968 shell: pwsh 969 run: | 970 mkdir "C:\Program Files\OpenSSL\certs" 971 $sslCertFile = "C:\Program Files\OpenSSL\certs\cacert.pem" 972 $opensslDir = "C:\Program Files\OpenSSL" 973 $opensslLibDir = "C:\Program Files\OpenSSL\lib\VC\x64\MD" 974 curl.exe -o $sslCertFile https://curl.se/ca/cacert.pem 975 "SSL_CERT_FILE=$sslCertFile" | Out-File -FilePath $env:GITHUB_ENV -Append 976 "OPENSSL_DIR=$opensslDir" | Out-File -FilePath $env:GITHUB_ENV -Append 977 "OPENSSL_LIB_DIR=$opensslLibDir" | Out-File -FilePath $env:GITHUB_ENV -Append 978 - run: cargo test -p wasmtime-wasi-tls-openssl 979 - run: cargo test -p wasmtime-wasi-tls-nativetls 980 981 # Test the `wasmtime-fuzzing` crate. Split out from the main tests because 982 # `--all-features` brings in OCaml, which is a pain to get setup for all 983 # targets. 984 test_fuzzing: 985 needs: determine 986 if: needs.determine.outputs.run-full 987 name: Test wasmtime-fuzzing 988 runs-on: 'ubuntu-latest' 989 steps: 990 - uses: actions/checkout@v4 991 with: 992 submodules: true 993 - uses: ./.github/actions/install-rust 994 995 # Run the tests 996 - run: | 997 cargo test -p wasmtime-fuzzing -p wasm-spec-interpreter 998 999 # Test debug (DWARF) related functionality. 1000 test_debug_dwarf: 1001 needs: determine 1002 if: needs.determine.outputs.run-dwarf 1003 name: Test DWARF debugging 1004 runs-on: ubuntu-24.04 1005 steps: 1006 - uses: actions/checkout@v4 1007 with: 1008 submodules: true 1009 - uses: ./.github/actions/install-rust 1010 - run: | 1011 rustup target add wasm32-wasip1 wasm32-unknown-unknown 1012 cd /tmp 1013 curl --retry 5 --retry-all-errors -OL https://github.com/WebAssembly/wasi-sdk/releases/download/wasi-sdk-30/wasi-sdk-30.0-x86_64-linux.tar.gz 1014 tar -xzf wasi-sdk-30.0-x86_64-linux.tar.gz 1015 mv wasi-sdk-30.0-x86_64-linux wasi-sdk 1016 - run: | 1017 sudo apt-get update && sudo apt-get install -y gdb lldb-18 llvm 1018 # workaround for https://bugs.launchpad.net/ubuntu/+source/llvm-defaults/+bug/1972855 1019 sudo mkdir -p /usr/lib/local/lib/python3.10/dist-packages/lldb 1020 sudo ln -s /usr/lib/llvm-15/lib/python3.10/dist-packages/lldb/* /usr/lib/python3/dist-packages/lldb/ 1021 # Only testing release since it is more likely to expose issues with our low-level symbol handling. 1022 cargo test --release --test all -- --ignored --test-threads 1 native_debug:: 1023 env: 1024 LLDB: lldb-18 1025 WASI_SDK_PATH: /tmp/wasi-sdk 1026 1027 build-preview1-component-adapter: 1028 name: Build wasi-preview1-component-adapter 1029 needs: determine 1030 if: needs.determine.outputs.preview1-adapter 1031 runs-on: ubuntu-latest 1032 permissions: 1033 deployments: write 1034 contents: write 1035 steps: 1036 - uses: actions/checkout@v4 1037 with: 1038 submodules: true 1039 - uses: ./.github/actions/install-rust 1040 - run: rustup target add wasm32-wasip1 wasm32-unknown-unknown 1041 1042 - name: Install wasm-tools 1043 run: | 1044 curl --retry 5 --retry-all-errors -o wasm-tools.tar.gz -L https://github.com/bytecodealliance/wasm-tools/releases/download/wasm-tools-1.0.27/wasm-tools-1.0.27-x86_64-linux.tar.gz 1045 tar xfz wasm-tools.tar.gz 1046 rm wasm-tools.tar.gz 1047 echo `pwd`/wasm-tools-1.0.27-x86_64-linux >> $GITHUB_PATH 1048 1049 - run: ./ci/build-wasi-preview1-component-adapter.sh 1050 env: 1051 VERSION: ${{ github.sha }} 1052 1053 - uses: actions/upload-artifact@v4 1054 with: 1055 name: bins-wasi-preview1-component-adapter 1056 path: target/wasm32-unknown-unknown/release/wasi_snapshot_preview1.*.wasm 1057 1058 build-preview1-component-adapter-provider: 1059 name: Build wasi-preview1-component-adapter-provider 1060 needs: build-preview1-component-adapter 1061 runs-on: ubuntu-latest 1062 steps: 1063 - uses: actions/checkout@v4 1064 with: 1065 submodules: true 1066 - uses: ./.github/actions/install-rust 1067 - uses: ./.github/actions/build-adapter-provider 1068 with: 1069 run-id: ${{ github.run_id }} 1070 1071 # Verify the "min platform" example still works. 1072 test-min-platform-example: 1073 name: Test the min-platform example 1074 needs: determine 1075 if: needs.determine.outputs.run-full 1076 runs-on: ubuntu-latest 1077 steps: 1078 - uses: actions/checkout@v4 1079 with: 1080 submodules: true 1081 - uses: ./.github/actions/install-rust 1082 - run: cargo install [email protected] --locked 1083 - run: rustup target add x86_64-unknown-none 1084 - run: rustup target add wasm32-wasip2 1085 - run: ./build.sh x86_64-unknown-none 1086 working-directory: ./examples/min-platform 1087 1088 # Afterwards make sure the generated header file is up to date by ensuring 1089 # that the regeneration process didn't change anything in-tree. 1090 - run: git diff --exit-code 1091 1092 # Test some other feature combinations 1093 - run: ./build.sh x86_64-unknown-none 1094 working-directory: ./examples/min-platform 1095 env: 1096 WASMTIME_SIGNALS_BASED_TRAPS: 1 1097 1098 - run: ./build.sh x86_64-unknown-none 1099 working-directory: ./examples/min-platform 1100 env: 1101 WASMTIME_SIGNALS_BASED_TRAPS: 1 1102 MIN_PLATFORM_TEST_DISABLE_WASI: 1 1103 1104 # Add the `wasmtime-platform.h` file as a release artifact 1105 - uses: actions/upload-artifact@v4 1106 with: 1107 name: wasmtime-platform-header 1108 path: examples/min-platform/embedding/wasmtime-platform.h 1109 1110 bench: 1111 needs: determine 1112 if: needs.determine.outputs.run-full 1113 name: Run benchmarks 1114 runs-on: ubuntu-latest 1115 steps: 1116 - uses: actions/checkout@v4 1117 with: 1118 submodules: true 1119 - uses: ./.github/actions/install-rust 1120 - run: rustup target add wasm32-wasip1 1121 - run: cargo test --benches --release 1122 1123 # Verify that cranelift's code generation is deterministic 1124 meta_deterministic_check: 1125 needs: determine 1126 if: needs.determine.outputs.run-full 1127 name: Meta deterministic check 1128 runs-on: ubuntu-latest 1129 steps: 1130 - uses: actions/checkout@v4 1131 with: 1132 submodules: true 1133 - uses: ./.github/actions/install-rust 1134 - run: cd cranelift/codegen && cargo build --features all-arch 1135 - run: ci/ensure_deterministic_build.sh 1136 1137 verify-publish: 1138 needs: determine 1139 if: github.repository == 'bytecodealliance/wasmtime' && needs.determine.outputs.run-full 1140 runs-on: ubuntu-latest 1141 steps: 1142 - uses: actions/checkout@v4 1143 with: 1144 submodules: true 1145 - uses: ./.github/actions/install-rust 1146 - run: | 1147 cd ${{ runner.tool_cache }} 1148 curl --retry 5 --retry-all-errors -L -o sccache.tar.gz \ 1149 https://github.com/mozilla/sccache/releases/download/0.2.13/sccache-0.2.13-x86_64-unknown-linux-musl.tar.gz 1150 tar xzf sccache.tar.gz 1151 rm sccache.tar.gz 1152 echo "`pwd`/sccache-0.2.13-x86_64-unknown-linux-musl" >> $GITHUB_PATH 1153 echo RUSTC_WRAPPER=sccache >> $GITHUB_ENV 1154 - run: rustc scripts/publish.rs 1155 # Make sure the tree is publish-able as-is 1156 - run: ./publish verify 1157 # Make sure we can bump version numbers for the next release 1158 - run: ./publish bump 1159 1160 # Run a subset of tests under MIRI on CI to help check the `unsafe` code in 1161 # Wasmtime to make sure it's at least not obviously incorrect for basic usage. 1162 # Note that this doesn't run the full test suite since MIRI can't actually run 1163 # WebAssembly itself at this time (aka it doesn't support a JIT). There are a 1164 # number of annotations throughout the code which gates some tests on MIRI not 1165 # being run. 1166 # 1167 # Note that `cargo nextest` is used here additionally to get parallel test 1168 # execution by default to help cut down on the time in CI. 1169 miri: 1170 strategy: 1171 matrix: 1172 include: 1173 - crate: "wasmtime" 1174 - crate: "wasmtime-cli" 1175 - crate: "wasmtime-environ --all-features" 1176 - crate: "pulley-interpreter --all-features" 1177 - crate: "wasmtime-internal-core" 1178 - crate: "wasmtime-internal-core --all-features" 1179 - script: ./ci/miri-provenance-test.sh 1180 - script: ./ci/miri-wast.sh ./tests/spec_testsuite/table.wast 1181 needs: determine 1182 if: needs.determine.outputs.test-miri && github.repository == 'bytecodealliance/wasmtime' 1183 name: Miri 1184 runs-on: ubuntu-latest 1185 env: 1186 CARGO_NEXTEST_VERSION: 0.9.88 1187 MIRIFLAGS: -Zmiri-permissive-provenance 1188 steps: 1189 - uses: actions/checkout@v4 1190 with: 1191 submodules: true 1192 - uses: ./.github/actions/install-rust 1193 with: 1194 toolchain: wasmtime-ci-pinned-nightly 1195 - run: rustup component add rust-src miri 1196 - uses: actions/cache@v4 1197 with: 1198 path: ${{ runner.tool_cache }}/cargo-nextest 1199 key: cargo-nextest-bin-${{ env.CARGO_NEXTEST_VERSION }} 1200 - run: echo "${{ runner.tool_cache }}/cargo-nextest/bin" >> $GITHUB_PATH 1201 - run: cargo install --root ${{ runner.tool_cache }}/cargo-nextest --version ${{ env.CARGO_NEXTEST_VERSION }} cargo-nextest --locked 1202 - run: | 1203 cargo miri nextest run -j4 --no-fail-fast -p ${{ matrix.crate }} 1204 if: ${{ matrix.crate }} 1205 - run: ${{ matrix.script }} 1206 if: ${{ matrix.script }} 1207 1208 # Perform release builds of `wasmtime` and `libwasmtime.so`. Builds a variety 1209 # of platforms and architectures and then uploads the release artifacts to 1210 # this workflow run's list of artifacts. 1211 # 1212 # Note that the full matrix is computed by `ci/build-build-matrix.js`. 1213 build: 1214 needs: determine 1215 if: needs.determine.outputs.run-full 1216 name: Release build for ${{ matrix.build }} 1217 runs-on: ${{ matrix.os }} 1218 strategy: 1219 fail-fast: ${{ github.event_name != 'pull_request' }} 1220 matrix: ${{ fromJson(needs.determine.outputs.build-matrix) }} 1221 env: ${{ matrix.env || fromJSON('{}') }} 1222 steps: 1223 - uses: actions/checkout@v4 1224 with: 1225 submodules: true 1226 1227 - uses: ./.github/actions/install-ninja 1228 - uses: ./.github/actions/install-rust 1229 with: 1230 toolchain: ${{ matrix.rust }} 1231 - run: | 1232 rustup component add rust-src 1233 rustup target add ${{ matrix.target }} 1234 1235 # On one builder produce the source tarball since there's no need to produce 1236 # it everywhere 1237 - run: ./ci/build-src-tarball.sh 1238 if: matrix.build == 'x86_64-linux' 1239 1240 - uses: ./.github/actions/android-ndk 1241 if: contains(matrix.target, 'android') 1242 with: 1243 target: ${{ matrix.target }} 1244 1245 - run: ./ci/build-release-artifacts.sh "${{ matrix.build }}" "${{ matrix.target }}" 1246 1247 # Assemble release artifacts appropriate for this platform, then upload them 1248 # unconditionally to this workflow's files so we have a copy of them. 1249 - run: ./ci/build-tarballs.sh "${{ matrix.build }}" "${{ matrix.target }}" 1250 1251 - uses: actions/upload-artifact@v4 1252 with: 1253 name: bins-${{ matrix.build }} 1254 path: dist 1255 1256 # This is a "join node" which depends on all prior workflows. The merge queue, 1257 # for example, gates on this to ensure that everything has executed 1258 # successfully. 1259 # 1260 # Note that this is required currently for odd reasons with github. Notably 1261 # the set of checks to enter the merge queue and leave the merge queue must 1262 # be the same which means that the "build" step for example shows as skipped 1263 # for PRs but expands to many different steps for merge-queue-based PRs. That 1264 # means that for that step there's no single name to gate on, so it's required 1265 # to have a "join" node here which joins everything. 1266 # 1267 # Note that this currently always runs to always report a status, even on 1268 # cancellation and even if dependency steps fail. Each dependency tries to 1269 # cancel the whole run if it fails, so if a test matrix entry fails, for 1270 # example, it cancels the build matrix entries too. This step then tries to 1271 # fail on cancellation to ensure that the dependency failures are propagated 1272 # correctly. 1273 ci-status: 1274 name: Record the result of testing and building steps 1275 runs-on: ubuntu-latest 1276 needs: 1277 - test 1278 - test_capi 1279 - test_debug_dwarf 1280 - test_fuzzing 1281 - test_wasi_nn 1282 - test_nightly 1283 - build 1284 - rustfmt 1285 - clangformat 1286 - cargo_deny 1287 - cargo_vet 1288 - doc 1289 - micro_checks 1290 - special_tests 1291 - test_wasi_tls 1292 - clippy 1293 - monolith_checks 1294 - platform_checks 1295 - bench 1296 - meta_deterministic_check 1297 - verify-publish 1298 - determine 1299 - miri 1300 - build-preview1-component-adapter 1301 - build-preview1-component-adapter-provider 1302 - test-min-platform-example 1303 - check_js 1304 if: always() 1305 steps: 1306 # Calculate the exit status of the whole CI workflow. 1307 # If all dependent jobs were successful, this exits with 0 (and the 1308 # outcome job continues successfully). If a some dependent job has 1309 # failed, this exits with 1. 1310 - name: calculate the correct exit status 1311 run: jq --exit-status 'all(.result == "success" or .result == "skipped")' <<< '${{ toJson(needs) }}' 1312 1313 # The purpose of this jobs is to watch for changes on the `release-*` 1314 # branches of this repository and look for the term 1315 # "automatically-tag-and-release-this-commit" within merged PRs/commits. Once 1316 # that term is found the current version of `Cargo.toml`, the `wasmtime-cli` 1317 # Cargo.toml, is created as a tag and the tag is pushed to the repo. 1318 # Currently the tag is created through the GitHub API with an access token to 1319 # ensure that CI is further triggered for the tag itself which performs the 1320 # full release process. 1321 # 1322 # Note that this depends on the `ci-status` step above which is the "join" 1323 # point of this workflow for when everything succeeds. the purpose of that is 1324 # so that the tag is only created after the aftifacts have been uploaded for 1325 # this workflow as the `publish-artifacts.yml` workflow will download these 1326 # artifacts and then publish them to the tag. 1327 push-tag: 1328 runs-on: ubuntu-latest 1329 needs: ci-status 1330 if: | 1331 always() 1332 && needs.ci-status.result == 'success' 1333 && github.event_name == 'push' 1334 && startsWith(github.ref, 'refs/heads/release-') 1335 && github.repository == 'bytecodealliance/wasmtime' 1336 steps: 1337 - uses: actions/checkout@v4 1338 with: 1339 submodules: true 1340 fetch-depth: 0 1341 - name: Test if tag is needed 1342 run: | 1343 git log ${{ github.event.before }}...${{ github.event.after }} | tee main.log 1344 version=$(grep '^version =' Cargo.toml | head -n 1 | sed 's/.*"\(.*\)"/\1/') 1345 echo "version: $version" 1346 echo "version=$version" >> $GITHUB_OUTPUT 1347 echo "sha=$(git rev-parse HEAD)" >> $GITHUB_OUTPUT 1348 if grep -q "automatically-tag-and-release-this-commit" main.log; then 1349 echo push-tag 1350 echo "push_tag=yes" >> $GITHUB_OUTPUT 1351 else 1352 echo no-push-tag 1353 echo "push_tag=no" >> $GITHUB_OUTPUT 1354 fi 1355 id: tag 1356 - name: Push the tag 1357 run: | 1358 git_refs_url=$(jq .repository.git_refs_url $GITHUB_EVENT_PATH | tr -d '"' | sed 's/{\/sha}//g') 1359 curl -iX POST $git_refs_url \ 1360 -H "Authorization: token ${{ secrets.PERSONAL_ACCESS_TOKEN }}" \ 1361 -d @- << EOF 1362 { 1363 "ref": "refs/tags/v${{ steps.tag.outputs.version }}", 1364 "sha": "${{ steps.tag.outputs.sha }}" 1365 } 1366 EOF 1367 if: steps.tag.outputs.push_tag == 'yes' 1368 1369 # File an issue on the repo if this run failed and was triggered via 1370 # `workflow_dispatch`, which mostly means that 1371 # `.github/workflows/trigger-release-branch-ci.yml` will file issues on 1372 # failure so we get to see a notification when a build fails for a historical 1373 # release branch. 1374 file-issue-on-error: 1375 name: File an issue if this build failed and was cron-triggered 1376 runs-on: ubuntu-latest 1377 needs: ci-status 1378 if: | 1379 always() 1380 && needs.ci-status.result != 'success' 1381 && github.event_name == 'workflow_dispatch' 1382 permissions: 1383 issues: write 1384 steps: 1385 - uses: actions/github-script@v7 1386 with: 1387 script: | 1388 github.rest.issues.create({ 1389 owner: context.repo.owner, 1390 repo: context.repo.repo, 1391 title: `Failed CI build for ${context.ref}`, 1392 body: `See https://github.com/${context.repo.owner}/${context.repo.repo}/actions/runs/${context.runId}`, 1393 }) 1394