Skip to content

Commit a415382

Browse files
committed
chore: Merge branch 'release/5.16.0'
2 parents 3ea3fc8 + f0560dd commit a415382

324 files changed

Lines changed: 269708 additions & 5083 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/scripts/README.md

Lines changed: 303 additions & 235 deletions
Large diffs are not rendered by default.

.github/scripts/build_ui.sh

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,8 @@ if [ -n "${FEATURES:-}" ]; then
1515
CARGO_FEATURES="--features ${FEATURES}"
1616
fi
1717

18+
WASM_PACK_VERSION="0.13.1"
19+
1820
# Install nodejs from nodesource if npm is not installed
1921
if ! command -v npm >/dev/null 2>&1; then
2022
SUDO="sudo"
@@ -33,9 +35,10 @@ if ! command -v npm >/dev/null 2>&1; then
3335
fi
3436
fi
3537

36-
# Install wasm-pack tool
37-
if ! command -v npm >/dev/null 2>&1; then
38-
cargo install wasm-pack
38+
# Install wasm-pack tool (pinned for compatibility with the WASM crate)
39+
if ! command -v wasm-pack >/dev/null 2>&1 || ! wasm-pack --version 2>/dev/null | grep -q "${WASM_PACK_VERSION}"; then
40+
cargo install --version "${WASM_PACK_VERSION}" wasm-pack --locked --force
41+
export PATH="$HOME/.cargo/bin:$PATH"
3942
fi
4043

4144
# Build WASM component

.github/scripts/common.sh

Lines changed: 73 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -95,9 +95,49 @@ ensure_macos_sdk_env() {
9595
fi
9696
}
9797

98+
# Ensure Apple SDK frameworks are linkable (important inside Nix shells).
99+
# In some environments, the compiler picks up headers from the Apple SDK but
100+
# fails to locate the corresponding frameworks at link time.
101+
ensure_macos_frameworks_ldflags() {
102+
if [ "$(uname -s)" != "Darwin" ]; then
103+
return 0
104+
fi
105+
106+
if [ -z "${SDKROOT:-}" ] || [ ! -d "${SDKROOT}" ]; then
107+
# Best-effort attempt to populate SDKROOT.
108+
ensure_macos_sdk_env || true
109+
fi
110+
111+
if [ -z "${SDKROOT:-}" ] || [ ! -d "${SDKROOT}" ]; then
112+
return 0
113+
fi
114+
115+
local frameworks_dir
116+
frameworks_dir="${SDKROOT}/System/Library/Frameworks"
117+
if [ ! -d "${frameworks_dir}" ]; then
118+
return 0
119+
fi
120+
121+
local fw_ldflags
122+
fw_ldflags="-F${frameworks_dir} -Wl,-F,${frameworks_dir}"
123+
124+
if [ -n "${LDFLAGS:-}" ]; then
125+
export LDFLAGS="${fw_ldflags} ${LDFLAGS}"
126+
else
127+
export LDFLAGS="${fw_ldflags}"
128+
fi
129+
130+
if [ -n "${RUSTFLAGS:-}" ]; then
131+
export RUSTFLAGS="-C link-arg=-F${frameworks_dir} -C link-arg=-Wl,-F,${frameworks_dir} ${RUSTFLAGS}"
132+
else
133+
export RUSTFLAGS="-C link-arg=-F${frameworks_dir} -C link-arg=-Wl,-F,${frameworks_dir}"
134+
fi
135+
}
136+
98137
# Unified nixpkgs pin (used by all scripts)
99138
# Keep a single source of truth for the pinned nixpkgs URL.
100-
export PIN_URL="https://github.com/NixOS/nixpkgs/archive/24.05.tar.gz"
139+
# Pin nixpkgs for a stable toolchain; Linux builds target GLIBC <= 2.34.
140+
export PIN_URL="https://github.com/NixOS/nixpkgs/archive/24.11.tar.gz"
101141
# Backward-compatible alias used by some scripts
102142
export PINNED_NIXPKGS_URL="$PIN_URL"
103143

@@ -206,6 +246,7 @@ init_build_env() {
206246
fi
207247

208248
ensure_macos_sdk_env
249+
ensure_macos_frameworks_ldflags
209250
export VARIANT VARIANT_NAME BUILD_PROFILE RELEASE_FLAG LINK
210251
}
211252

@@ -320,22 +361,42 @@ _run_workspace_tests() {
320361
;;
321362
esac
322363

323-
# shellcheck disable=SC2086
324-
cargo test --workspace --lib $RELEASE_FLAG ${FEATURES_FLAG[@]+"${FEATURES_FLAG[@]}"} -- $test_args $test_filter
325-
326-
# For database backends (postgresql, mysql, redis), also run the regular non-ignored tests
327-
# For sqlite, skip this step since all non-ignored tests already ran above
328-
if [ "$KMS_TEST_DB" != "sqlite" ]; then
329-
# shellcheck disable=SC2086
330-
cargo test --workspace --lib $RELEASE_FLAG ${FEATURES_FLAG[@]+"${FEATURES_FLAG[@]}"} --
364+
local -a cargo_test_args
365+
cargo_test_args=(--workspace --lib)
366+
if [ -n "${RELEASE_FLAG:-}" ]; then
367+
cargo_test_args+=("$RELEASE_FLAG")
331368
fi
332-
cargo test --workspace --lib $RELEASE_FLAG ${FEATURES_FLAG[@]+"${FEATURES_FLAG[@]}"} -- $test_args $test_filter
369+
if [ ${#FEATURES_FLAG[@]} -gt 0 ]; then
370+
cargo_test_args+=("${FEATURES_FLAG[@]}")
371+
fi
372+
cargo_test_args+=(--)
373+
cargo_test_args+=(--nocapture)
374+
case "$KMS_TEST_DB" in
375+
postgresql | mysql | redis-findex)
376+
cargo_test_args+=(--ignored)
377+
;;
378+
esac
379+
if [ -n "${test_filter:-}" ]; then
380+
# Split filter into tokens (Rust test name filters are space-separated here by design)
381+
read -r -a _test_filter_tokens <<<"$test_filter"
382+
cargo_test_args+=("${_test_filter_tokens[@]}")
383+
fi
384+
385+
cargo test "${cargo_test_args[@]}"
333386

334387
# For database backends (postgresql, mysql, redis), also run the regular non-ignored tests
335388
# For sqlite, skip this step since all non-ignored tests already ran above
336389
if [ "$KMS_TEST_DB" != "sqlite" ]; then
337-
# shellcheck disable=SC2086
338-
cargo test --workspace --lib $RELEASE_FLAG ${FEATURES_FLAG[@]+"${FEATURES_FLAG[@]}"} --
390+
local -a cargo_test_non_ignored_args
391+
cargo_test_non_ignored_args=(--workspace --lib)
392+
if [ -n "${RELEASE_FLAG:-}" ]; then
393+
cargo_test_non_ignored_args+=("$RELEASE_FLAG")
394+
fi
395+
if [ ${#FEATURES_FLAG[@]} -gt 0 ]; then
396+
cargo_test_non_ignored_args+=("${FEATURES_FLAG[@]}")
397+
fi
398+
cargo_test_non_ignored_args+=(--)
399+
cargo test "${cargo_test_non_ignored_args[@]}"
339400
fi
340401
}
341402

.github/scripts/docker-compose-with-load-balancer.yml

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -31,7 +31,7 @@ services:
3131
# If your server is TLS-only in your deployment, you can still keep this as plain HTTP
3232
# for local smoke tests, or update Nginx to proxy_pass https://... with cert config.
3333
kms1:
34-
image: ghcr.io/cosmian/kms:pr-690
34+
image: ${DOCKER_IMAGE_NAME}
3535
depends_on:
3636
postgres:
3737
condition: service_healthy
@@ -58,7 +58,7 @@ services:
5858
retries: 60
5959

6060
kms2:
61-
image: ghcr.io/cosmian/kms:pr-690
61+
image: ${DOCKER_IMAGE_NAME}
6262
depends_on:
6363
kms1:
6464
condition: service_healthy
@@ -78,7 +78,7 @@ services:
7878
retries: 60
7979

8080
kms3:
81-
image: ghcr.io/cosmian/kms:pr-690
81+
image: ${DOCKER_IMAGE_NAME}
8282
depends_on:
8383
kms1:
8484
condition: service_healthy
@@ -104,7 +104,7 @@ services:
104104
- kms2
105105
- kms3
106106
ports:
107-
- 8080:8080
107+
- 18080:8080
108108
volumes:
109109
- ./nginx.conf:/etc/nginx/nginx.conf:ro
110110

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
---
2+
# Simple example of docker-compose file to run the KMS server
3+
services:
4+
kms:
5+
image: ${DOCKER_IMAGE_NAME}
6+
ports:
7+
- 9998:9998
8+
restart: no

0 commit comments

Comments
 (0)