macOS builds (#5)

iliana · web-flow · commit afda0c16c882 · 2024-10-18T20:18:56.000Z
diff --git a/.github/buildomat/SHA256SUMS b/.github/buildomat/SHA256SUMS
@@ -1,3 +1,7 @@
 4cdd2bc664724dc7db94ad51b503512c5ae7220951cac568120f64f8e94399fc  go1.17.13.linux-amd64.tar.gz
+c101beaa232e0f448fab692dc036cd6b4677091ff89c4889cc8754b1b29c6608  go1.17.13.darwin-amd64.tar.gz
+e4ccc9c082d91eaa0b866078b591fc97d24b91495f12deb3dd2d8eda4e55a6ea  go1.17.13.darwin-arm64.tar.gz
 874463523f26ed528634580247f403d200ba17a31adf2de98a7b124c6eb33d87  node-v16.20.2-linux-x64.tar.xz
+107ae8d56a9c0aa85c8952231ac44d5e6df7c1ea3e9a36e2ef022ae36c98ccec  node-v16.20.2-darwin-x64.tar.xz
+fb87e01f0b2c8545afb8dd0769f7eb2439fb4fc8731efa956744fb0e0bc98105  node-v16.20.2-darwin-arm64.tar.xz
 1ba910c84256998c4bf4b925857c2693adebdc962a2e3075f4f8b67045f45105  yarn-1.22.22.js
diff --git a/.github/buildomat/fetch-gh-artifacts.sh b/.github/buildomat/fetch-gh-artifacts.sh
@@ -0,0 +1,61 @@
+#!/bin/bash
+
+# This Source Code Form is subject to the terms of the Mozilla Public
+# License, v. 2.0. If a copy of the MPL was not distributed with this
+# file, You can obtain one at https://mozilla.org/MPL/2.0/.
+#
+# Copyright Oxide Computer Company
+
+set -o errexit
+set -o pipefail
+set -o xtrace
+
+# We use `--netrc` in these calls in order to use the GitHub token Buildomat
+# provides us. This is not strictly necessary for all APIs we use, _except_ the
+# one to download artifacts. But using it for all calls keeps us from hitting
+# rate limits!
+
+API_BASE="https://api.github.com/repos/$GITHUB_REPOSITORY"
+
+# Buildomat creates at most one check suite per commit per repository, but
+# GitHub Actions will generally make several. We need to choose which run we
+# care about, ideally picking the one most closely related to this Buildomat
+# check suite. We first look for the most recently-created "push" run, but if
+# none are found we fall back to the most recently-created "pull_request" run.
+#
+# We check 10 times with 30 second pauses in between; if we don't have a check
+# run within about five minutes it'll probably never show up.
+for attempt in {1..10}; do
+    runs=$(curl -sSfL --netrc "$API_BASE/actions/runs?head_sha=$GITHUB_SHA" \
+        | jq -r --arg name "$1" '
+            .workflow_runs
+            | sort_by(.created_at) | reverse
+            | .[] | select(.name == $name)
+            | {id: .id, event: .event}
+        ')
+    for event in push pull_request; do
+        run_id=$(jq -r --arg event "$event" 'select(.event == $event) | .id' <<<"$runs" | head -n 1)
+        [[ -n "$run_id" ]] && break 2
+    done
+    sleep 30
+done
+if [[ -z "$run_id" ]]; then
+    echo >&2 "no check run found"
+    exit 1
+fi
+
+# Wait for the run to complete.
+until [[ $(curl -sSfL --netrc "$API_BASE/actions/runs/$run_id" | jq -r .status) == completed ]]; do
+    sleep 60
+done
+
+# Get information about artifacts and download them.
+artifacts=$(curl -sSfL --netrc "$API_BASE/actions/runs/$run_id/artifacts" \
+    | jq -r '.artifacts[] | {id: .id, name: .name}')
+for artifact_id in $(jq -r '.id' <<<"$artifacts"); do
+    artifact_name=$(jq -r --argjson id "$artifact_id" 'select(.id == $id) | .name' <<<"$artifacts")
+    # Artifact names are not allowed to contain special filesystem characters:
+    # https://github.com/actions/upload-artifact/issues/22
+    curl -sSfL --netrc -o "$artifact_name.zip" \
+        "$API_BASE/actions/artifacts/$artifact_id/zip"
+done
diff --git a/.github/buildomat/jobs/artifacts-macos.sh b/.github/buildomat/jobs/artifacts-macos.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+#:
+#: name = "artifacts-macos"
+#: variety = "basic"
+#: target = "ubuntu-22.04"
+#: output_rules = [
+#:	"=/work/oxidecomputer/cockroach/cockroach.tgz",
+#:	"=/work/oxidecomputer/cockroach/cockroach.tgz.sha256",
+#: ]
+#:
+#: [[publish]]
+#: series = "darwin-amd64"
+#: name = "cockroach.tgz"
+#: from_output = "=/work/oxidecomputer/cockroach/cockroach.tgz"
+#:
+#: [[publish]]
+#: series = "darwin-amd64"
+#: name = "cockroach.tgz.sha256"
+#: from_output = "=/work/oxidecomputer/cockroach/cockroach.tgz.sha256"
+
+set -o errexit
+set -o pipefail
+set -o xtrace
+
+sudo apt-get install -y jq unzip
+timeout 30m .github/buildomat/fetch-gh-artifacts.sh build-macos
+unzip build.zip
diff --git a/.github/workflows/build-macos.yml b/.github/workflows/build-macos.yml
@@ -0,0 +1,30 @@
+name: build-macos
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  build:
+    runs-on: macos-13
+    steps:
+      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        with:
+          ref: ${{ github.event.pull_request.head.sha }} # to match buildomat behavior
+      - name: Toolchain setup
+        run: |
+          set -o xtrace
+          source .github/workflows/macos-setup.sh
+          echo "PATH=$PATH" >>"$GITHUB_ENV"
+      - name: Build
+        run: gmake -j`sysctl -n hw.ncpu` cockroach.tgz BUILDTYPE=release
+        env:
+          BROWSERSLIST_IGNORE_OLD_DATA: 1
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
+        with:
+          name: build
+          path: |
+            cockroach.tgz
+            cockroach.tgz.sha256
+          if-no-files-found: error
+          compression-level: 0
diff --git a/.github/workflows/e66f895667cd51d0d28c42d369a803c12db8bb35.patch b/.github/workflows/e66f895667cd51d0d28c42d369a803c12db8bb35.patch
@@ -0,0 +1,52 @@
+From e66f895667cd51d0d28c42d369a803c12db8bb35 Mon Sep 17 00:00:00 2001
+From: Alex Brachet <abrachet@google.com>
+Date: Thu, 19 May 2022 16:58:46 +0000
+Subject: [PATCH] cmd/cgo: allow DW_TAG_variable's with no name
+
+https://reviews.llvm.org/D123534 is emitting DW_TAG_variable's
+that don't have a DW_AT_name. This is allowed in the DWARF
+standard. It is adding DIE's for string literals for better
+symbolization on buffer overlows etc on these strings. They
+no associated name because they are not user provided variables.
+
+Fixes #53000
+
+Change-Id: I2cf063160508687067c7672cef0517bccd707d7b
+Reviewed-on: https://go-review.googlesource.com/c/go/+/406816
+TryBot-Result: Gopher Robot <gobot@golang.org>
+Run-TryBot: Ian Lance Taylor <iant@google.com>
+Auto-Submit: Ian Lance Taylor <iant@google.com>
+Reviewed-by: Ian Lance Taylor <iant@google.com>
+---
+ src/cmd/cgo/gcc.go | 17 ++++++++++++++++-
+ 1 file changed, 16 insertions(+), 1 deletion(-)
+
+diff --git a/src/cmd/cgo/gcc.go b/src/cmd/cgo/gcc.go
+index 855309edfa255..4d1a5bd8de1f3 100644
+--- a/src/cmd/cgo/gcc.go
++++ b/src/cmd/cgo/gcc.go
+@@ -576,8 +576,23 @@ func (p *Package) loadDWARF(f *File, conv *typeConv, names []*Name) {
+ 		switch e.Tag {
+ 		case dwarf.TagVariable:
+ 			name, _ := e.Val(dwarf.AttrName).(string)
++			// As of https://reviews.llvm.org/D123534, clang
++			// now emits DW_TAG_variable DIEs that have
++			// no name (so as to be able to describe the
++			// type and source locations of constant strings
++			// like the second arg in the call below:
++			//
++			//     myfunction(42, "foo")
++			//
++			// If a var has no name we won't see attempts to
++			// refer to it via "C.<name>", so skip these vars
++			//
++			// See issue 53000 for more context.
++			if name == "" {
++				break
++			}
+ 			typOff, _ := e.Val(dwarf.AttrType).(dwarf.Offset)
+-			if name == "" || typOff == 0 {
++			if typOff == 0 {
+ 				if e.Val(dwarf.AttrSpecification) != nil {
+ 					// Since we are reading all the DWARF,
+ 					// assume we will see the variable elsewhere.
diff --git a/.github/workflows/macos-setup.sh b/.github/workflows/macos-setup.sh
@@ -0,0 +1,25 @@
+SOURCE_DIR=$PWD
+source .github/buildomat/versions.sh
+
+brew install coreutils make
+
+mkdir "$HOME/toolchain"
+pushd "$HOME/toolchain"
+curl -sSfL --retry 10 -O "https://go.dev/dl/go$GO_VERSION.darwin-amd64.tar.gz"
+curl -sSfL --retry 10 -O "https://nodejs.org/dist/v$NODE_VERSION/node-v$NODE_VERSION-darwin-x64.tar.xz"
+curl -sSfL --retry 10 -O "https://github.com/yarnpkg/yarn/releases/download/v$YARN_VERSION/yarn-$YARN_VERSION.js"
+sha256sum --ignore-missing -c "$OLDPWD/.github/buildomat/SHA256SUMS"
+tar xf "go$GO_VERSION.darwin-amd64.tar.gz"
+tar xf "node-v$NODE_VERSION-darwin-x64.tar.xz"
+mv "yarn-$YARN_VERSION.js" "node-v$NODE_VERSION-darwin-x64/bin/yarn"
+chmod a+x "node-v$NODE_VERSION-darwin-x64/bin/yarn"
+export PATH="$PWD/go/bin:$PWD/node-v$NODE_VERSION-darwin-x64/bin:$PATH"
+
+# Apply patch to fix golang/go#53000
+pushd go/src
+patch -p2 <"$SOURCE_DIR/.github/workflows/e66f895667cd51d0d28c42d369a803c12db8bb35.patch"
+go build cmd/cgo
+popd
+mv go/src/cgo go/pkg/tool/darwin_amd64/cgo
+
+popd
