From fc36fc45c24edeb881d6e4ad5af4d810afb9c7d1 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 22 Nov 2024 07:58:50 +0000 Subject: [PATCH 1/6] build(deps): Bump actions/upload-artifact from 3 to 4 Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](https://github.com/actions/upload-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 10 +++++----- .github/workflows/sync-labels.yml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 535298d8e..eb7aadfaf 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -411,7 +411,7 @@ jobs: echo "STAGED_CHANNEL_FILES_PATH=$staged_channel_files_path" >> "$GITHUB_ENV" - name: Upload staged-for-merge channel file artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 if: > needs.select-targets.outputs.merge-channel-files == 'true' && matrix.config.mergeable-channel-file == 'true' @@ -421,7 +421,7 @@ jobs: path: ${{ matrix.config.working-directory && format('{0}/{1}', matrix.config.working-directory, env.STAGED_CHANNEL_FILES_PATH) || env.STAGED_CHANNEL_FILES_PATH }} - name: Upload [GitHub Actions] - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ env.JOB_TRANSFER_ARTIFACT }} path: ${{ matrix.config.working-directory && format('{0}/{1}', matrix.config.working-directory, env.BUILD_ARTIFACTS_PATH) || env.BUILD_ARTIFACTS_PATH }} @@ -489,7 +489,7 @@ jobs: --input "${{ env.CHANNEL_FILES_PATH }}" - name: Upload merged channel files to job transfer artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: if-no-files-found: error name: ${{ env.JOB_TRANSFER_ARTIFACT }} @@ -515,7 +515,7 @@ jobs: path: ${{ env.JOB_TRANSFER_ARTIFACT }} - name: Upload tester build artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ matrix.artifact.name }} path: ${{ env.JOB_TRANSFER_ARTIFACT }}/${{ matrix.artifact.path }} @@ -563,7 +563,7 @@ jobs: - name: Upload Changelog [GitHub Actions] if: needs.build-type-determination.outputs.is-nightly == 'true' - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: ${{ env.JOB_TRANSFER_ARTIFACT }} path: CHANGELOG.txt diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 0ec11e7f3..7b255da9c 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -71,7 +71,7 @@ jobs: file-url: https://raw.githubusercontent.com/arduino/tooling-project-assets/main/workflow-templates/assets/sync-labels/${{ matrix.filename }} - name: Pass configuration files to next job via workflow artifact - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: path: | *.yaml From c064f2083caf7275594fba1678a6e09a5774f6bb Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 14 Dec 2023 19:56:22 +0000 Subject: [PATCH 2/6] build(deps): Bump actions/download-artifact from 3 to 4 Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](https://github.com/actions/download-artifact/compare/v3...v4) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 8 ++++---- .github/workflows/sync-labels.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index eb7aadfaf..c41e369ab 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -450,7 +450,7 @@ jobs: uses: actions/checkout@v4 - name: Download staged-for-merge channel files artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} path: ${{ env.CHANNEL_FILES_PATH }} @@ -509,7 +509,7 @@ jobs: steps: - name: Download job transfer artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.JOB_TRANSFER_ARTIFACT }} path: ${{ env.JOB_TRANSFER_ARTIFACT }} @@ -586,7 +586,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download [GitHub Actions] - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.JOB_TRANSFER_ARTIFACT }} path: ${{ env.JOB_TRANSFER_ARTIFACT }} @@ -618,7 +618,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Download [GitHub Actions] - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.JOB_TRANSFER_ARTIFACT }} path: ${{ env.JOB_TRANSFER_ARTIFACT }} diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 7b255da9c..5c3a0a7e9 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -109,7 +109,7 @@ jobs: uses: actions/checkout@v4 - name: Download configuration files artifact - uses: actions/download-artifact@v3 + uses: actions/download-artifact@v4 with: name: ${{ env.CONFIGURATIONS_ARTIFACT }} path: ${{ env.CONFIGURATIONS_FOLDER }} From 90d4e1f23ce8ad693287ef5ba072357ef169388b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 18 Mar 2024 19:37:50 +0000 Subject: [PATCH 3/6] build(deps): Bump geekyeggo/delete-artifact from 2 to 5 Bumps [geekyeggo/delete-artifact](https://github.com/geekyeggo/delete-artifact) from 2 to 5. - [Release notes](https://github.com/geekyeggo/delete-artifact/releases) - [Changelog](https://github.com/GeekyEggo/delete-artifact/blob/main/CHANGELOG.md) - [Commits](https://github.com/geekyeggo/delete-artifact/compare/v2...v5) --- updated-dependencies: - dependency-name: geekyeggo/delete-artifact dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/build.yml | 4 ++-- .github/workflows/sync-labels.yml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index c41e369ab..4a4204a7f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -456,7 +456,7 @@ jobs: path: ${{ env.CHANNEL_FILES_PATH }} - name: Remove no longer needed artifact - uses: geekyeggo/delete-artifact@v2 + uses: geekyeggo/delete-artifact@v5 with: name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} @@ -662,6 +662,6 @@ jobs: steps: - name: Remove unneeded job transfer artifact - uses: geekyeggo/delete-artifact@v2 + uses: geekyeggo/delete-artifact@v5 with: name: ${{ env.JOB_TRANSFER_ARTIFACT }} diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 5c3a0a7e9..6dfdaacbc 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -115,7 +115,7 @@ jobs: path: ${{ env.CONFIGURATIONS_FOLDER }} - name: Remove unneeded artifact - uses: geekyeggo/delete-artifact@v2 + uses: geekyeggo/delete-artifact@v5 with: name: ${{ env.CONFIGURATIONS_ARTIFACT }} From 996cbd361ae76390641804e35cfd427e24e6b830 Mon Sep 17 00:00:00 2001 From: per1234 Date: Wed, 20 Nov 2024 22:09:31 -0800 Subject: [PATCH 4/6] Don't upload multiple times to same artifact in label sync workflow The "Sync Labels" GitHub Actions workflow is configured to allow the use of multiple shared label configuration files. This is done by using a job matrix in the GitHub Actions workflow to download each of the files from the source repository in a parallel GitHub Actions workflow job. A GitHub Actions workflow artifact was used to transfer the generated files between sequential jobs in the workflow. The "actions/upload-artifact" and "actions/download-artifact" actions are used for this purpose. Previously, a single artifact was used for the transfer of all the shared label configuration files, with each of the parallel jobs uploading its own generated files to that artifact. However, support for uploading multiple times to a single artifact was dropped in version 4.0.0 of the "actions/upload-artifact" action. So it is now necessary to use a dedicated artifact for each of the builds. These can be downloaded in aggregate by using the artifact name globbing and merging features which were introduced in version 4.1.0 of the "actions/download-artifact" action. --- .github/workflows/sync-labels.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/sync-labels.yml b/.github/workflows/sync-labels.yml index 6dfdaacbc..22fa0d0e9 100644 --- a/.github/workflows/sync-labels.yml +++ b/.github/workflows/sync-labels.yml @@ -19,7 +19,7 @@ on: env: CONFIGURATIONS_FOLDER: .github/label-configuration-files - CONFIGURATIONS_ARTIFACT: label-configuration-files + CONFIGURATIONS_ARTIFACT_PREFIX: label-configuration-file- jobs: check: @@ -77,7 +77,7 @@ jobs: *.yaml *.yml if-no-files-found: error - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}${{ matrix.filename }} sync: needs: download @@ -108,16 +108,17 @@ jobs: - name: Checkout repository uses: actions/checkout@v4 - - name: Download configuration files artifact + - name: Download configuration file artifacts uses: actions/download-artifact@v4 with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + merge-multiple: true + pattern: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}* path: ${{ env.CONFIGURATIONS_FOLDER }} - - name: Remove unneeded artifact + - name: Remove unneeded artifacts uses: geekyeggo/delete-artifact@v5 with: - name: ${{ env.CONFIGURATIONS_ARTIFACT }} + name: ${{ env.CONFIGURATIONS_ARTIFACT_PREFIX }}* - name: Merge label configuration files run: | From 42a70a16d8fde5d935a84fb444a4acc89e4178c4 Mon Sep 17 00:00:00 2001 From: per1234 Date: Thu, 21 Nov 2024 00:04:20 -0800 Subject: [PATCH 5/6] Don't upload multiple times to same artifact in build workflow The build workflow produces binaries for a range of target hosts. This is done by using a job matrix in the GitHub Actions workflow that produces each build in a parallel job. GitHub Actions workflow artifacts are used to transfer the generated files between sequential jobs in the workflow. The "actions/upload-artifact" action is used for this purpose. Previously, a single artifact was used for this purpose, with each of the parallel jobs uploading its own generated files to that artifact. However, support for uploading multiple times to a single artifact was dropped in version 4.0.0 of the "actions/upload-artifact" action. So it is now necessary to use a dedicated artifact for each of the builds. These can be downloaded in aggregate by using the artifact name globbing and merging features which were introduced in version 4.1.0 of the "actions/download-artifact" action. --- .github/workflows/build.yml | 83 +++++++++++++++++++++++-------------- 1 file changed, 51 insertions(+), 32 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 4a4204a7f..cdc2b0f4e 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,9 +48,9 @@ env: GO_VERSION: '1.21' # See: https://github.com/actions/setup-node/#readme NODE_VERSION: '18.17' - JOB_TRANSFER_ARTIFACT: build-artifacts + JOB_TRANSFER_ARTIFACT_PREFIX: build-artifacts- CHANGELOG_ARTIFACTS: changelog - STAGED_CHANNEL_FILES_ARTIFACT: staged-channel-files + STAGED_CHANNEL_FILE_ARTIFACT_PREFIX: staged-channel-file- BASE_BUILD_DATA: | - config: # Human identifier for the job. @@ -68,6 +68,8 @@ env: certificate-extension: pfx # Container for windows cert signing certificate-container: INSTALLER_CERT_WINDOWS_CONTAINER + # Arbitrary identifier used to give the workflow artifact uploaded by each "build" matrix job a unique name. + job-transfer-artifact-suffix: Windows_64bit # Quoting on the value is required here to allow the same comparison expression syntax to be used for this # and the companion needs.select-targets.outputs.merge-channel-files property (output values always have string # type). @@ -91,6 +93,7 @@ env: { \"image\": \"ghcr.io/arduino/arduino-ide/linux:main\" } + job-transfer-artifact-suffix: Linux_64bit mergeable-channel-file: 'false' artifacts: - path: '*Linux_64bit.zip' @@ -107,6 +110,7 @@ env: certificate-secret: APPLE_SIGNING_CERTIFICATE_P12 certificate-password-secret: KEYCHAIN_PASSWORD certificate-extension: p12 + job-transfer-artifact-suffix: macOS_64bit mergeable-channel-file: 'true' artifacts: - path: '*macOS_64bit.dmg' @@ -121,6 +125,7 @@ env: certificate-secret: APPLE_SIGNING_CERTIFICATE_P12 certificate-password-secret: KEYCHAIN_PASSWORD certificate-extension: p12 + job-transfer-artifact-suffix: macOS_arm64 mergeable-channel-file: 'true' artifacts: - path: '*macOS_arm64.dmg' @@ -233,7 +238,7 @@ jobs: ) | \ yq \ --output-format json \ - '[.[].artifacts.[]]' + 'map(.artifacts[] + (.config | pick(["job-transfer-artifact-suffix"])))' )" # The build matrix produces two macOS jobs (x86 and ARM) so the "channel update info files" @@ -252,7 +257,7 @@ jobs: echo "${{ env.BASE_BUILD_DATA }}" | \ yq \ --output-format json \ - '[.[].artifacts.[]]' + 'map(.artifacts[] + (.config | pick(["job-transfer-artifact-suffix"])))' )" merge_channel_files="false" @@ -417,13 +422,13 @@ jobs: matrix.config.mergeable-channel-file == 'true' with: if-no-files-found: error - name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} + name: ${{ env.STAGED_CHANNEL_FILE_ARTIFACT_PREFIX }}${{ matrix.config.job-transfer-artifact-suffix }} path: ${{ matrix.config.working-directory && format('{0}/{1}', matrix.config.working-directory, env.STAGED_CHANNEL_FILES_PATH) || env.STAGED_CHANNEL_FILES_PATH }} - - name: Upload [GitHub Actions] + - name: Upload builds to job transfer artifact uses: actions/upload-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}${{ matrix.config.job-transfer-artifact-suffix }} path: ${{ matrix.config.working-directory && format('{0}/{1}', matrix.config.working-directory, env.BUILD_ARTIFACTS_PATH) || env.BUILD_ARTIFACTS_PATH }} - name: Manual Clean up for self-hosted runners @@ -449,16 +454,17 @@ jobs: - name: Checkout uses: actions/checkout@v4 - - name: Download staged-for-merge channel files artifact + - name: Download staged-for-merge channel file artifacts uses: actions/download-artifact@v4 with: - name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} + merge-multiple: true path: ${{ env.CHANNEL_FILES_PATH }} + pattern: ${{ env.STAGED_CHANNEL_FILE_ARTIFACT_PREFIX }}* - - name: Remove no longer needed artifact + - name: Remove no longer needed artifacts uses: geekyeggo/delete-artifact@v5 with: - name: ${{ env.STAGED_CHANNEL_FILES_ARTIFACT }} + name: ${{ env.STAGED_CHANNEL_FILE_ARTIFACT_PREFIX }}* - name: Install Node.js uses: actions/setup-node@v4 @@ -488,11 +494,11 @@ jobs: --channel "${{ needs.build-type-determination.outputs.channel-name }}" \ --input "${{ env.CHANNEL_FILES_PATH }}" - - name: Upload merged channel files to job transfer artifact + - name: Upload merged channel files job transfer artifact uses: actions/upload-artifact@v4 with: if-no-files-found: error - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}channel-files path: ${{ env.CHANNEL_FILES_PATH }} artifacts: @@ -503,22 +509,25 @@ jobs: if: always() && needs.build.result != 'skipped' runs-on: ubuntu-latest + env: + BUILD_ARTIFACTS_FOLDER: build-artifacts + strategy: matrix: artifact: ${{ fromJson(needs.select-targets.outputs.artifact-matrix) }} steps: - - name: Download job transfer artifact + - name: Download job transfer artifact that contains ${{ matrix.artifact.name }} tester build uses: actions/download-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}${{ matrix.artifact.job-transfer-artifact-suffix }} + path: ${{ env.BUILD_ARTIFACTS_FOLDER }} - name: Upload tester build artifact uses: actions/upload-artifact@v4 with: name: ${{ matrix.artifact.name }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }}/${{ matrix.artifact.path }} + path: ${{ env.BUILD_ARTIFACTS_FOLDER }}/${{ matrix.artifact.path }} changelog: needs: @@ -561,11 +570,11 @@ jobs: echo "$BODY" > CHANGELOG.txt - - name: Upload Changelog [GitHub Actions] + - name: Upload changelog job transfer artifact if: needs.build-type-determination.outputs.is-nightly == 'true' uses: actions/upload-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}changelog path: CHANGELOG.txt publish: @@ -584,18 +593,23 @@ jobs: needs.build-type-determination.outputs.publish-to-s3 == 'true' && needs.build-type-determination.outputs.is-nightly == 'true' runs-on: ubuntu-latest + + env: + ARTIFACTS_FOLDER: build-artifacts + steps: - - name: Download [GitHub Actions] + - name: Download all job transfer artifacts uses: actions/download-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }} + merge-multiple: true + path: ${{ env.ARTIFACTS_FOLDER }} + pattern: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}* - name: Publish Nightly [S3] uses: docker://plugins/s3 env: - PLUGIN_SOURCE: '${{ env.JOB_TRANSFER_ARTIFACT }}/*' - PLUGIN_STRIP_PREFIX: '${{ env.JOB_TRANSFER_ARTIFACT }}/' + PLUGIN_SOURCE: '${{ env.ARTIFACTS_FOLDER }}/*' + PLUGIN_STRIP_PREFIX: '${{ env.ARTIFACTS_FOLDER }}/' PLUGIN_TARGET: '/arduino-ide/nightly' PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -616,12 +630,17 @@ jobs: needs.changelog.result == 'success' && needs.build-type-determination.outputs.is-release == 'true' runs-on: ubuntu-latest + + env: + ARTIFACTS_FOLDER: build-artifacts + steps: - - name: Download [GitHub Actions] + - name: Download all job transfer artifacts uses: actions/download-artifact@v4 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} - path: ${{ env.JOB_TRANSFER_ARTIFACT }} + merge-multiple: true + path: ${{ env.ARTIFACTS_FOLDER }} + pattern: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}* - name: Get Tag id: tag_name @@ -633,7 +652,7 @@ jobs: with: repo_token: ${{ secrets.GITHUB_TOKEN }} release_name: ${{ steps.tag_name.outputs.TAG_NAME }} - file: ${{ env.JOB_TRANSFER_ARTIFACT }}/* + file: ${{ env.ARTIFACTS_FOLDER }}/* tag: ${{ github.ref }} file_glob: true body: ${{ needs.changelog.outputs.BODY }} @@ -642,8 +661,8 @@ jobs: if: needs.build-type-determination.outputs.publish-to-s3 == 'true' uses: docker://plugins/s3 env: - PLUGIN_SOURCE: '${{ env.JOB_TRANSFER_ARTIFACT }}/*' - PLUGIN_STRIP_PREFIX: '${{ env.JOB_TRANSFER_ARTIFACT }}/' + PLUGIN_SOURCE: '${{ env.ARTIFACTS_FOLDER }}/*' + PLUGIN_STRIP_PREFIX: '${{ env.ARTIFACTS_FOLDER }}/' PLUGIN_TARGET: '/arduino-ide' PLUGIN_BUCKET: ${{ secrets.DOWNLOADS_BUCKET }} AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} @@ -661,7 +680,7 @@ jobs: runs-on: ubuntu-latest steps: - - name: Remove unneeded job transfer artifact + - name: Remove unneeded job transfer artifacts uses: geekyeggo/delete-artifact@v5 with: - name: ${{ env.JOB_TRANSFER_ARTIFACT }} + name: ${{ env.JOB_TRANSFER_ARTIFACT_PREFIX }}* From 99df637c91f08e85b9ad79c4d014eb550f07adba Mon Sep 17 00:00:00 2001 From: per1234 Date: Thu, 21 Nov 2024 20:39:25 -0800 Subject: [PATCH 6/6] Use Ubuntu 18.10 in Linux build container Background ========== Shared Library Dependencies --------------------------- The Linux build of Arduino IDE has dynamic linkage against the libstdc++ and glibc shared libraries. This results in it having a dependency on the version of the libraries that happens to be present in the environment it is built in. Although newer versions of the shared libraries are compatible with executables linked against an older version, the reverse is not true. This means that building Arduino IDE on a Linux machine with a recent distro version installed causes the IDE to error on startup for users who have a distro with older versions of the dependencies. For example, if Arduino IDE were built on a machine with version 3.4.33 of libstdc++, then attempting to run it on a machine with an older version of libstdc++ would fail with an error like: ``` Error: /usr/lib/x86_64-linux-gnu/libstdc++.so.6: version `GLIBCXX_3.4.33' not found (required by /home/foo/arduino-ide/resources/app/lib/backend/native/nsfw.node) ``` Likewise, if Arduino IDE were built on a machine with version 2.39 of glibc, then attempting to run it on a machine with an older version of glibc would fail with an error like: ``` Error: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.39' not found (required by /home/foo/arduino-ide/resources/app/node_modules/nsfw/build/Release/nsfw.node) ``` Build Machine Requirements -------------------------- The IDE builds distributed by Arduino should be compatible with a reasonable range of Linux distribution versions. In order to achieve this, the builds must be performed in a machine with an older version of the shared libraries. The shared libraries are part of the Linux distro, and installing a different version is not feasible. So this imposes a maximum limit on the build machine's distro version. The distributed builds are generated via a GitHub Actions workflow. The most simple approach is to run the build in the machine of the GitHub-hosted runners provided for each operating system. However, GitHub provides a limited range of operating system versions in their runners, and removes the older versions as newer versions are added. This means that building in the GitHub-hosted runner machine would not allow for the desired range of Linux distro version compatibility. For this reason, the Linux build is performed in a Docker container that provides an older version of Ubuntu. The same situation of incompatibility with Linux distro versions that have a version of the shared library dependencies older than the version present on the build machine occurs for several of the tools and frameworks used by the build process (e.g., Node.js, Python). In this case, the tables are turned as we are now the user rather than the distributor and so are at the mercy of the Linux distro version compatibility range provided by the distributor. So this imposes a minimum limit on the build machine's distro version. Although several of the dependencies used by the standard build system have dependencies on versions of glibc higher than the version 2.27 present in Ubuntu 18.04, it was possible to use this distro version in the Linux build container by using alternative distributions and/or versions of these dependencies. Workflow Artifacts ------------------ The build workflow uses GitHub actions workflow artifacts to transfer the files generated by the build job to subsequent jobs in the workflow. The "actions/upload-artifact" action is used for this purpose. Problem ======= GitHub is dropping support for the workflow artifacts produced by the version 3.x of the "actions/upload-artifact" action that was previously used by the build job. So the action version used in the build workflow was updated to the current version 4.x. This version of the action uses a newer version of the Node.js runtime (20). Unfortunately the the Node.js 20 runtime used by the action has a dependency on glibc version 2.28, which causes the Linux build job to fail after the update of the "actions/upload-artifact" action: ``` Run actions/upload-artifact@v4 /__e/node20/bin/node: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /__e/node20/bin/node) ``` Unlike the other dependencies of the build process, it is no longer possible to work around this incompatibility by continuing to use the older compatible version of the "actions/upload-artifact" action. It is also impossible to replace the incompatible Node.js 20.x distribution used by the action, since it comes from the read-only file system of the runner image. Likewise, it is not possible to configure or force the action to use a Node.js installation at a different path on the runner machine. Resolution ========== Compatibility with the new version of the "actions/upload-artifact" action is attained by updating the version of Linux in the build container to 18.10, which is the oldest version that has glibc 2.28. The presence of a newer glibc version in the container also makes it compatible with several other dependencies of the build process, meaning the code in the Dockerfile and workflow for working around the incompatibilities of Ubuntu 18.04 can be removed. Consequences ============ Unfortunately this means the loss of compatibility of the Linux Arduino IDE builds with distros that use glibc 2.27 (e.g., Ubuntu 18.04). User of those distros will now find that Arduino IDE fails to start with an error like: ``` Error: node-loader: Error: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.28' not found (required by /home/foo/arduino-ide/resources/app/lib/backend/native/pty.node) at 85467 (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:2766) at __webpack_require__ (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:6663105) at 23571 (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:3374073) at __webpack_require__ (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:6663105) at 55444 (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:3369761) at __webpack_require__ (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:6663105) at 24290 (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:1780542) at __webpack_require__ (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:6663105) at 43416 (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:1770138) at __webpack_require__ (/home/foo/arduino-ide/resources/app/lib/backend/main.js:2:6663105) ``` --- .github/workflows/assets/linux.Dockerfile | 93 ++++++----------------- .github/workflows/build.yml | 39 ++++------ 2 files changed, 37 insertions(+), 95 deletions(-) diff --git a/.github/workflows/assets/linux.Dockerfile b/.github/workflows/assets/linux.Dockerfile index 35d546ca0..9124f0365 100644 --- a/.github/workflows/assets/linux.Dockerfile +++ b/.github/workflows/assets/linux.Dockerfile @@ -1,43 +1,28 @@ # The Arduino IDE Linux build workflow job runs in this container. # syntax=docker/dockerfile:1 -FROM ubuntu:18.04 - -# See: https://unofficial-builds.nodejs.org/download/release/ -ARG node_version="18.17.1" +# See: https://hub.docker.com/_/ubuntu/tags +FROM ubuntu:18.10 +# This is required in order to use the Ubuntu package repositories for EOL Ubuntu versions: +# https://help.ubuntu.com/community/EOLUpgrades#Update_sources.list RUN \ - apt-get \ - --yes \ - update + sed \ + --in-place \ + --regexp-extended \ + --expression='s/([a-z]{2}\.)?archive.ubuntu.com|security.ubuntu.com/old-releases.ubuntu.com/g' \ + "/etc/apt/sources.list" -# This is required to get add-apt-repository RUN \ apt-get \ --yes \ - install \ - "software-properties-common=0.96.24.32.22" + update -# Install Git -# The PPA is required to get a modern version of Git. The version in the Ubuntu 18.04 package repository is 2.17.1, -# while action/checkout@v3 requires 2.18 or higher. RUN \ - add-apt-repository \ - --yes \ - "ppa:git-core/ppa" && \ - apt-get \ - --yes \ - update && \ - \ apt-get \ --yes \ install \ - "git" && \ - \ - apt-get \ - --yes \ - purge \ - "software-properties-common" + "git" # The repository path must be added to safe.directory, otherwise any Git operations on it would fail with a # "dubious ownership" error. actions/checkout configures this, but it is not applied to containers. @@ -51,18 +36,12 @@ ENV \ # Install Python # The Python installed by actions/setup-python has dependency on a higher version of glibc than available in the -# ubuntu:18.04 container. +# container. RUN \ apt-get \ --yes \ install \ - "python3.8-minimal=3.8.0-3ubuntu1~18.04.2" && \ - \ - ln \ - --symbolic \ - --force \ - "$(which python3.8)" \ - "/usr/bin/python3" + "python3.7-minimal=3.7.3-2~18.10" # Install Theia's package dependencies # These are pre-installed in the GitHub Actions hosted runner machines. @@ -70,43 +49,15 @@ RUN \ apt-get \ --yes \ install \ - "libsecret-1-dev=0.18.6-1" \ - "libx11-dev=2:1.6.4-3ubuntu0.4" \ + "libsecret-1-dev=0.18.6-3" \ + "libx11-dev=2:1.6.7-1" \ "libxkbfile-dev=1:1.0.9-2" -# Install Node.js -# It is necessary to use the "unofficial" linux-x64-glibc-217 build because the official Node.js 18.x is dynamically -# linked against glibc 2.28, while Ubuntu 18.04 has glibc 2.27. -ARG node_installation_path="/tmp/node-installation" -ARG artifact_name="node-v${node_version}-linux-x64-glibc-217" -RUN \ - mkdir "$node_installation_path" && \ - cd "$node_installation_path" && \ - \ - apt-get \ - --yes \ - install \ - "wget=1.19.4-1ubuntu2.2" && \ - \ - archive_name="${artifact_name}.tar.xz" && \ - wget \ - "https://unofficial-builds.nodejs.org/download/release/v${node_version}/${archive_name}" && \ - \ - apt-get \ - --yes \ - purge \ - "wget" && \ - \ - tar \ - --file="$archive_name" \ - --extract && \ - rm "$archive_name" -ENV PATH="${PATH}:${node_installation_path}/${artifact_name}/bin" - -# Install Yarn -# Yarn is pre-installed in the GitHub Actions hosted runner machines. +# Target python3 symlink to Python 3.7 installation. It would otherwise target version 3.6 due to the installation of +# the `python3` package as a transitive dependency. RUN \ - npm \ - install \ - --global \ - "yarn@1.22.19" + ln \ + --symbolic \ + --force \ + "$(which python3.7)" \ + "/usr/bin/python3" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index cdc2b0f4e..e4e09b73f 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -48,6 +48,7 @@ env: GO_VERSION: '1.21' # See: https://github.com/actions/setup-node/#readme NODE_VERSION: '18.17' + YARN_VERSION: '1.22' JOB_TRANSFER_ARTIFACT_PREFIX: build-artifacts- CHANGELOG_ARTIFACTS: changelog STAGED_CHANNEL_FILE_ARTIFACT_PREFIX: staged-channel-file- @@ -316,21 +317,26 @@ jobs: if not exist "${{ matrix.config.working-directory }}" mklink /d "${{ matrix.config.working-directory }}" "C:\actions-runner\_work\arduino-ide\arduino-ide" - name: Checkout - if: fromJSON(matrix.config.container) == null uses: actions/checkout@v4 - - name: Checkout - # actions/checkout@v4 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null - uses: actions/checkout@v3 - name: Install Node.js - if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' + if: runner.name != 'WINDOWS-SIGN-PC' uses: actions/setup-node@v4 with: node-version: ${{ env.NODE_VERSION }} registry-url: 'https://registry.npmjs.org' - cache: 'yarn' + # Yarn is a prerequisite for the action's cache feature, so caching should be disabled when running in the + # container where Yarn is not pre-installed. + cache: ${{ fromJSON(matrix.config.container) == null && 'yarn' || null }} + + - name: Install Yarn + if: runner.name != 'WINDOWS-SIGN-PC' + run: | + npm \ + install \ + --global \ + "yarn@${{ env.YARN_VERSION }}" - name: Install Python 3.x if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' @@ -339,33 +345,18 @@ jobs: python-version: '3.11.x' - name: Install Go - if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' + if: runner.name != 'WINDOWS-SIGN-PC' uses: actions/setup-go@v5 with: go-version: ${{ env.GO_VERSION }} - - name: Install Go - # actions/setup-go@v5 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null && runner.name != 'WINDOWS-SIGN-PC' - uses: actions/setup-go@v4 - with: - go-version: ${{ env.GO_VERSION }} - - name: Install Taskfile - if: fromJSON(matrix.config.container) == null && runner.name != 'WINDOWS-SIGN-PC' + if: runner.name != 'WINDOWS-SIGN-PC' uses: arduino/setup-task@v2 with: repo-token: ${{ secrets.GITHUB_TOKEN }} version: 3.x - - name: Install Taskfile - # actions/setup-task@v2 has dependency on a higher version of glibc than available in the Linux container. - if: fromJSON(matrix.config.container) != null && runner.name != 'WINDOWS-SIGN-PC' - uses: arduino/setup-task@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - version: 3.x - - name: Package env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}