diff --git a/.github/workflows/container-stack-smoke.yml b/.github/workflows/container-stack-smoke.yml new file mode 100644 index 0000000..d61db72 --- /dev/null +++ b/.github/workflows/container-stack-smoke.yml @@ -0,0 +1,63 @@ +# SPDX-License-Identifier: PMPL-1.0-or-later +# Smoke-builds every container-stack/ Containerfile with `podman build`. +# +# Rationale (stapeln#17): the container-stack/ subdirectories are advertised +# as the canonical Containerfiles for each component, yet four of five shipped +# a Containerfile that failed on a clean build (stale Alire URL, uncommitted +# Cargo.lock, npm/rescript-vs-Deno layout mismatch, un-parseable Deno install +# script). Every one of those bugs lives in an early build step, so a real +# `podman build` on each Containerfile is the durable guard that keeps the +# whole class from regressing. +name: container-stack smoke build +on: + push: + paths: + - 'container-stack/**' + - '.github/workflows/container-stack-smoke.yml' + pull_request: + paths: + - 'container-stack/**' + - '.github/workflows/container-stack-smoke.yml' + +permissions: + contents: read + +jobs: + build: + name: podman build (${{ matrix.component }}) + runs-on: ubuntu-latest + timeout-minutes: 45 + strategy: + fail-fast: false + matrix: + include: + - component: vordr + - component: svalinn + - component: rokur + - component: selur + # cerro-torre's full `alr build` depends on the upstream `proven` + # Ada library, which is not vendored into this snapshot and is + # tracked separately from stapeln#17. The Containerfile is still + # built every run so the Alire-download step (stapeln#13) and the + # rest of the early steps stay exercised and visible in the log; + # the deeper Ada link is non-blocking until `proven` is available. + - component: cerro-torre + continue-on-error: true + steps: + - uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4 + + # podman is no longer preinstalled on GitHub's ubuntu-latest runner + # image, so install it explicitly (the smoke build is podman-based + # per stapeln#17's recommendation). + - name: Install podman + run: | + sudo apt-get update + sudo apt-get install -y --no-install-recommends podman + + - name: podman version + run: podman version + + - name: podman build ${{ matrix.component }} + continue-on-error: ${{ matrix.continue-on-error == true }} + working-directory: container-stack/${{ matrix.component }} + run: podman build -f Containerfile -t "stapeln-smoke/${{ matrix.component }}:ci" . diff --git a/container-stack/cerro-torre/Containerfile b/container-stack/cerro-torre/Containerfile index b8e750f..a78a54b 100644 --- a/container-stack/cerro-torre/Containerfile +++ b/container-stack/cerro-torre/Containerfile @@ -48,8 +48,11 @@ ENV PATH="/root/.cargo/bin:${PATH}" WORKDIR /build COPY alire.toml cerro_torre.gpr ./ COPY src/ src/ -COPY config/ config/ +# config/ is intentionally NOT copied: Alire generates +# config/cerro_torre_config.gpr (referenced by cerro_torre.gpr) during +# `alr build`. The directory is gitignored and absent on a clean checkout, +# so `COPY config/ config/` broke builds from a fresh clone (stapeln#17). RUN alr build # Build the Rust signing utility diff --git a/container-stack/vordr/.gitignore b/container-stack/vordr/.gitignore index f5fa316..21c10e9 100644 --- a/container-stack/vordr/.gitignore +++ b/container-stack/vordr/.gitignore @@ -12,7 +12,9 @@ build/ build/ # Rust -Cargo.lock +# Cargo.lock is intentionally tracked: vordr ships a binary crate and the +# Containerfile builds with `cargo build --locked`. Ignoring it caused the +# clean-build failure tracked in stapeln#17. debug/ *.rlib *.rmeta