diff --git a/.gitea/workflows/build.yaml b/.gitea/workflows/build.yaml new file mode 100644 index 0000000..f993c40 --- /dev/null +++ b/.gitea/workflows/build.yaml @@ -0,0 +1,122 @@ +name: Build +run-name: Standard build, creates docker image and deploys on success +on: [push] +env: + ACTIONS_RUNTIME_TOKEN: ${{ secrets.GITHUB_TOKEN }} + ACTIONS_RUNTIME_URL: https://git.lerch.org/api/actions_pipeline/ + ZIG_URL: https://mirror.bazel.build/ziglang.org/builds/zig-linux-x86_64-0.11.0-dev.3886+0c1bfe271.tar.xz + BUILD_TARGET: x86_64-linux-gnu # Needs to be gnu since we're using dlopen + BUILD_OPTIMIZATION: ReleaseSafe # Safety is usually a good thing +jobs: + build: + runs-on: ubuntu-latest + steps: + - run: echo "Triggered by ${{ github.event_name }} event" + - name: Check out repository code + uses: actions/checkout@v3 + - name: Install zig + run: | + curl -s "$ZIG_URL" |tar -xJ -C /usr/local \ + && ln -s /usr/local/zig*/zig /usr/local/bin \ + && true + - name: Test + run: zig build test -Dtarget="$BUILD_TARGET" + - name: Build + run: zig build -Dtarget="$BUILD_TARGET" -Doptimize="$BUILD_OPTIMIZATION" + - name: Set outputs + id: vars + run: echo "shortsha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT + - name: Upload + uses: actions/upload-artifact@v3 + with: + name: flexilib + path: 'zig-out/bin/flexilib' + - name: Notify + uses: https://git.lerch.org/lobo/action-notify-ntfy@v1 + if: always() + with: + host: ${{ secrets.NTFY_HOST }} + topic: ${{ secrets.NTFY_TOPIC }} + user: ${{ secrets.NTFY_USER }} + password: ${{ secrets.NTFY_PASSWORD }} + - run: echo "Build status is ${{ job.status }}." + outputs: + shortsha: ${{ steps.vars.outputs.shortsha }} + sign: + runs-on: ubuntu-latest + needs: build + steps: + - name: Download Artifact + uses: actions/download-artifact@v3 + with: + name: flexilib + - name: "Position executable" + run: "chmod 755 flexilib/flexilib && mv flexilib art && mv art/flexilib . && rm -rf art" + - name: Sign + id: sign + uses: https://git.lerch.org/lobo/action-hsm-sign@v1 + with: + pin: ${{ secrets.HSM_USER_PIN }} + files: flexilib + public_key: 'https://emil.lerch.org/serverpublic.pem' + - run: echo "Signature URL is ${{ steps.sign.outputs.URL_0 }}" + - name: Upload Artifact + uses: actions/upload-artifact@v3 + with: + name: ${{ steps.sign.outputs.SIG_0 }} + # - run: | + # echo "Source 0 should be ./bar: ${{ steps.sign.outputs.SOURCE_0 }}" + # - run: | + # echo "Signature 0 should be ./bar.sig: ${{ steps.sign.outputs.SIG_0 }}" + # - run: echo "URL of bar (0) is ${{ steps.sign.outputs.URL_0 }}" + # - run: | + # echo "Source 1 should be ./foo: ${{ steps.sign.outputs.SOURCE_1 }}" + # - run: | + # echo "Signature 1 should be ./foo.sig: ${{ steps.sign.outputs.SIG_1 }}" + # - run: echo "URL of foo (1) is ${{ steps.sign.outputs.URL_1 }}" + - name: Notify + uses: https://git.lerch.org/lobo/action-notify-ntfy@v1 + if: always() + with: + host: ${{ secrets.NTFY_HOST }} + topic: ${{ secrets.NTFY_TOPIC }} + user: ${{ secrets.NTFY_USER }} + password: ${{ secrets.NTFY_PASSWORD }} + - run: echo "Sign status is ${{ job.status }}." + deploy: + runs-on: ubuntu-latest + container: + image: ghcr.io/catthehacker/ubuntu:act-22.04 + needs: build + steps: + - name: Download Artifact + uses: actions/download-artifact@v3 + with: + name: flexilib + - name: "Position executable" + run: "chmod 755 flexilib/flexilib && mv flexilib art && mv art/flexilib docker && rm -rf art" + - + name: Login to Gitea + uses: docker/login-action@v2 + with: + registry: git.lerch.org + username: ${{ github.actor }} + password: ${{ secrets.PACKAGE_PUSH }} + - + name: Build and push + uses: docker/build-push-action@v4 + with: + context: docker + push: true + #tags: git.lerch.org/${{ github.actor }}/${{ github.repository }}:${{ needs.build.outputs.shortsha }} + # Not sure what's up with the shortsha yet + tags: git.lerch.org/${{ github.actor }}/flexilib:latest + - name: Notify + uses: https://git.lerch.org/lobo/action-notify-ntfy@v1 + if: always() + with: + host: ${{ secrets.NTFY_HOST }} + topic: ${{ secrets.NTFY_TOPIC }} + user: ${{ secrets.NTFY_USER }} + password: ${{ secrets.NTFY_PASSWORD }} + - run: echo "Deploy status is ${{ job.status }}." diff --git a/docker/Dockerfile b/docker/Dockerfile new file mode 100644 index 0000000..ad7e301 --- /dev/null +++ b/docker/Dockerfile @@ -0,0 +1,3 @@ +FROM debian:bookworm + +COPY flexilib /usr/local/bin/flexilib diff --git a/proxy.ini b/proxy.ini index f4f9228..cf40a9b 100644 --- a/proxy.ini +++ b/proxy.ini @@ -9,3 +9,9 @@ Host: iam / = zig-out/lib/libflexilib-sample-lib.so /c = zig-out/lib/libflexilib-in-c.so / = zig-out/lib/libflexilib-sample-lib.so + +# JS-based Cloudflare worker: 0.051s +/- 0.002s (50ms) +# WASM-based: 0.060s +/- 0.01s (60ms) +# ms: 0.001s +# locally (nucman) wasmtime adds 3.4ms latency +# with a pre-compiled module, 2.7ms latency