CI #423

Workflow file for this run

	name: CI

	on:
	push:
	branches: [ main, develop ]
	pull_request:
	branches: [ main, develop ]
	schedule:
	# Run nightly at 2 AM UTC
	- cron: '0 2 * * *'

	env:
	# Use the latest stable Zig version
	ZIG_VERSION: 0.15.2
	# Pin LLVM/MLIR revision to keep CI deterministic and API-compatible.
	LLVM_REPO_URL: https://github.com/llvm/llvm-project.git
	LLVM_COMMIT: ee8c14be14deabace692ab51f5d5d432b0a83d58
	HOMEBREW_NO_AUTO_UPDATE: 1
	HOMEBREW_NO_INSTALL_CLEANUP: 1

	jobs:
	mlir-build:
	name: Build MLIR (once)
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest]
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	submodules: true

	- name: Setup Zig
	uses: goto-bus-stop/setup-zig@v2
	with:
	version: ${{ env.ZIG_VERSION }}

	- name: Install system dependencies
	shell: bash
	run: \|
	echo "🔧 Installing system dependencies for ${{ runner.os }}..."
	case "${{ runner.os }}" in
	Linux)
	sudo apt-get update -qq
	sudo apt-get install -y \
	build-essential \
	cmake \
	clang \
	libc++-dev \
	libc++abi-dev \
	libboost-all-dev \
	libssl-dev \
	pkg-config \
	z3 \
	libz3-dev \
	git
	echo "✅ Linux dependencies installed"
	;;
	macOS)
	brew install boost openssl cmake z3
	echo "✅ macOS dependencies installed"
	;;
	esac

	- name: Cache Zig artifacts
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/zig
	.zig-cache
	key: ${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-${{ hashFiles('build.zig', 'build.zig.zon') }}
	restore-keys: \|
	${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-

	- name: Fetch pinned LLVM/MLIR source
	shell: bash
	run: \|
	set -euo pipefail
	echo "📦 Fetching pinned LLVM/MLIR commit: ${{ env.LLVM_COMMIT }}"
	rm -rf vendor/llvm-project
	git init vendor/llvm-project
	git -C vendor/llvm-project remote add origin "${{ env.LLVM_REPO_URL }}"
	git -C vendor/llvm-project fetch --depth=1 origin "${{ env.LLVM_COMMIT }}"
	git -C vendor/llvm-project checkout --detach FETCH_HEAD
	echo "✅ LLVM/MLIR at $(git -C vendor/llvm-project rev-parse HEAD)"

	- name: Cache MLIR build
	uses: actions/cache@v4
	with:
	path: vendor/mlir/
	key: ${{ runner.os }}-${{ runner.arch }}-mlir-build-${{ env.LLVM_COMMIT }}-${{ hashFiles('build.zig', 'src/mlir/ora/', 'src/mlir/IR/') }}

	- name: Build MLIR libraries if needed
	shell: bash
	run: \|
	if [ -d "vendor/mlir/lib" ] && \
	(ls -A vendor/mlir/lib/libMLIROraDialectC.* >/dev/null 2>&1) && \
	(ls -A vendor/mlir/lib/libMLIRSIRDialect.* >/dev/null 2>&1); then
	echo "✅ MLIR + dialect libraries already built and cached"
	else
	echo "🔨 Building MLIR libraries..."
	zig build
	echo "✅ MLIR libraries built"
	fi

	- name: Upload MLIR artifact
	uses: actions/upload-artifact@v4
	with:
	name: mlir-${{ runner.os }}-${{ runner.arch }}
	path: vendor/mlir/
	retention-days: 7

	lint:
	name: Lint and Format
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest]
	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	submodules: true

	- name: Setup Zig
	uses: goto-bus-stop/setup-zig@v2
	with:
	version: ${{ env.ZIG_VERSION }}

	- name: Install system dependencies
	shell: bash
	run: \|
	echo "🔧 Installing system dependencies for ${{ runner.os }}..."
	case "${{ runner.os }}" in
	Linux)
	sudo apt-get update -qq
	sudo apt-get install -y \
	build-essential \
	cmake \
	clang \
	libc++-dev \
	libc++abi-dev \
	libboost-all-dev \
	libssl-dev \
	pkg-config \
	z3 \
	libz3-dev \
	git
	echo "✅ Linux dependencies installed"
	;;
	macOS)
	brew install boost openssl cmake z3
	echo "✅ macOS dependencies installed"
	;;
	# Windows)
	# # Install basic dependencies
	# choco install cmake openssl
	# # Install Boost via vcpkg for better CMake integration
	# vcpkg install boost-system boost-filesystem boost-program-options --triplet x64-windows
	# echo "✅ Windows dependencies installed"
	# ;;
	esac

	- name: Cache Zig artifacts
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/zig
	.zig-cache
	key: ${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-${{ hashFiles('build.zig', 'build.zig.zon') }}
	restore-keys: \|
	${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-

	- name: Check formatting
	run: \|
	echo "🔍 Checking code formatting..."
	zig fmt --check src/ \|\| {
	echo "❌ Code formatting issues found. Run 'zig fmt src/' to fix."
	exit 1
	}
	echo "✅ Code formatting is correct"

	- name: Lint code
	run: \|
	echo "🔍 Running linter..."
	find src/ -name "*.zig" -exec zig ast-check {} \; \|\| {
	echo "❌ Linting issues found"
	exit 1
	}
	echo "✅ All files pass linting"

	test:
	name: Test
	runs-on: ${{ matrix.os }}
	needs: [mlir-build]
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest]
	zig-version: [0.15.2]

	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	submodules: true

	- name: Setup Zig
	uses: goto-bus-stop/setup-zig@v2
	with:
	version: ${{ matrix.zig-version }}


	- name: Install system dependencies
	shell: bash
	run: \|
	echo "🔧 Installing system dependencies for ${{ runner.os }}..."
	case "${{ runner.os }}" in
	Linux)
	sudo apt-get update -qq
	sudo apt-get install -y \
	build-essential \
	cmake \
	clang \
	libc++-dev \
	libc++abi-dev \
	libboost-all-dev \
	libssl-dev \
	pkg-config \
	z3 \
	libz3-dev \
	git
	echo "✅ Linux dependencies installed"
	;;
	macOS)
	brew install boost openssl cmake z3
	echo "✅ macOS dependencies installed"
	;;
	# Windows)
	# # Install basic dependencies
	# choco install cmake openssl
	# # Install Boost via vcpkg for better CMake integration
	# vcpkg install boost-system boost-filesystem boost-program-options --triplet x64-windows
	# echo "✅ Windows dependencies installed"
	# ;;
	esac

	- name: Cache Zig artifacts
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/zig
	.zig-cache
	key: ${{ runner.os }}-zig-${{ matrix.zig-version }}-${{ hashFiles('build.zig', 'build.zig.zon') }}
	restore-keys: \|
	${{ runner.os }}-zig-${{ matrix.zig-version }}-

	- name: Download MLIR artifact
	uses: actions/download-artifact@v4
	with:
	name: mlir-${{ runner.os }}-${{ runner.arch }}
	path: vendor/mlir

	- name: Build project (cached MLIR)
	shell: bash
	run: \|
	echo "🔨 Building Ora compiler..."
	zig build -Dskip-mlir=true
	echo "✅ Build successful"

	- name: Run unit tests
	shell: bash
	run: \|
	echo "🧪 Running unit test suite..."
	zig build test -Dskip-mlir=true \|\| {
	echo "❌ Unit tests failed"
	exit 1
	}
	echo "✅ Unit tests completed"


	comprehensive-tests:
	name: Comprehensive Feature Tests
	runs-on: ${{ matrix.os }}
	needs: [lint, test, mlir-build]

	strategy:
	matrix:
	os: [ubuntu-latest, macos-latest]

	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	submodules: true

	- name: Setup Zig
	uses: goto-bus-stop/setup-zig@v2
	with:
	version: ${{ env.ZIG_VERSION }}

	- name: Install system dependencies
	shell: bash
	run: \|
	echo "🔧 Installing system dependencies for ${{ runner.os }}..."
	case "${{ runner.os }}" in
	Linux)
	sudo apt-get update -qq
	sudo apt-get install -y \
	build-essential \
	cmake \
	clang \
	libc++-dev \
	libc++abi-dev \
	libboost-all-dev \
	libssl-dev \
	pkg-config \
	z3 \
	libz3-dev \
	git
	echo "✅ Linux dependencies installed"
	;;
	macOS)
	brew install boost openssl cmake z3
	echo "✅ macOS dependencies installed"
	;;
	# Windows)
	# # Install basic dependencies
	# choco install cmake openssl
	# # Install Boost via vcpkg for better CMake integration
	# vcpkg install boost-system boost-filesystem boost-program-options --triplet x64-windows
	# echo "✅ Windows dependencies installed"
	# ;;
	esac

	- name: Cache Zig artifacts
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/zig
	.zig-cache
	key: ${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-${{ hashFiles('build.zig', 'build.zig.zon') }}
	restore-keys: \|
	${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-

	- name: Download MLIR artifact
	uses: actions/download-artifact@v4
	with:
	name: mlir-${{ runner.os }}-${{ runner.arch }}
	path: vendor/mlir

	- name: Build compiler (cached MLIR)
	shell: bash
	run: \|
	echo "🔨 Building Ora compiler..."
	zig build -Dskip-mlir=true
	echo "✅ Build successful"

	- name: Setup Python
	shell: bash
	run: \|
	echo "🐍 Setting up Python..."
	python3 --version \|\| echo "⚠️ Python3 not found, installing..."
	# Python3 should be pre-installed on GitHub runners, but verify
	if ! command -v python3 &> /dev/null; then
	echo "❌ Python3 is required but not found"
	exit 1
	fi
	echo "✅ Python3 available: $(python3 --version)"

	- name: Run Python feature tests (Ora + SIR)
	shell: bash
	run: \|
	echo "🐍 Running Python feature test script (Ora + SIR)..."
	if [ -f "scripts/test_ora_features_sir.py" ]; then
	python3 scripts/test_ora_features_sir.py --compiler ./zig-out/bin/ora --timeout 600 \|\| {
	echo "❌ Python feature tests failed"
	exit 1
	}
	echo "✅ Python feature tests completed"
	else
	echo "⚠️ test_ora_features_sir.py not found, skipping"
	fi

	- name: Upload test results
	uses: actions/upload-artifact@v4
	if: always()
	with:
	name: struct-test-results-${{ matrix.os }}
	path: test-results/
	retention-days: 30

	- name: Upload build artifacts
	uses: actions/upload-artifact@v4
	if: success()
	with:
	name: ora-compiler-${{ runner.os }}
	path: \|
	zig-out/bin/
	zig-out/lib/
	retention-days: 7

	security:
	name: Security Scan
	runs-on: macos-latest

	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	submodules: true

	- name: Run security scan
	shell: bash
	run: \|
	echo "🔍 Running basic security scan..."
	# Basic security checks - more comprehensive scans in security.yml

	- name: Check for security issues
	shell: bash
	run: \|
	echo "🔒 Running security checks..."

	# Check for common security patterns
	echo "🔍 Checking for unsafe patterns..."
	if grep -r "unsafe" src/ 2>/dev/null; then
	echo "❌ Found unsafe code patterns"
	exit 1
	fi
	echo "✅ No unsafe patterns found"

	# Check for TODO/FIXME security notes
	echo "🔍 Checking for security TODOs..."
	if grep -r -i "todo.security\\|fixme.security" src/ 2>/dev/null; then
	echo "❌ Found security-related TODOs"
	exit 1
	fi
	echo "✅ No security TODOs found"

	echo "✅ Security scan completed"

	performance:
	name: Performance Benchmarks
	runs-on: ${{ matrix.os }}
	if: github.event_name == 'schedule' \|\| contains(github.event.pull_request.labels.*.name, 'performance')
	needs: [mlir-build]
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest]

	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	submodules: true

	- name: Setup Zig
	uses: goto-bus-stop/setup-zig@v2
	with:
	version: ${{ env.ZIG_VERSION }}

	- name: Install system dependencies
	shell: bash
	run: \|
	echo "🔧 Installing system dependencies for ${{ runner.os }}..."
	case "${{ runner.os }}" in
	Linux)
	sudo apt-get update -qq
	sudo apt-get install -y \
	build-essential \
	cmake \
	clang \
	libc++-dev \
	libc++abi-dev \
	libboost-all-dev \
	libssl-dev \
	pkg-config \
	z3 \
	libz3-dev \
	git
	echo "✅ Linux dependencies installed"
	;;
	macOS)
	brew install boost openssl cmake z3
	echo "✅ macOS dependencies installed"
	;;
	Windows)
	choco install boost-msvc-14.3 cmake openssl
	echo "✅ Windows dependencies installed"
	;;
	esac

	- name: Cache Zig artifacts
	uses: actions/cache@v4
	with:
	path: \|
	~/.cache/zig
	.zig-cache
	key: ${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-${{ hashFiles('build.zig', 'build.zig.zon') }}
	restore-keys: \|
	${{ runner.os }}-zig-${{ env.ZIG_VERSION }}-

	- name: Download MLIR artifact
	uses: actions/download-artifact@v4
	with:
	name: mlir-${{ runner.os }}-${{ runner.arch }}
	path: vendor/mlir

	- name: Build with optimizations
	shell: bash
	run: \|
	echo "🚀 Building optimized version..."
	zig build -Dskip-mlir=true -Doptimize=ReleaseFast

	- name: Run performance tests
	shell: bash
	run: \|
	echo "⚡ Running performance benchmarks..."

	# Time compilation of test files
	if [ -f "zig-out/bin/ora" ]; then
	echo "📊 Timing compilation performance..."
	time ./zig-out/bin/ora --version 2>/dev/null \|\| echo "⚠️ Compiler version check failed"
	fi

	# Memory usage tests
	echo "💾 Checking memory usage..."
	/usr/bin/time -v zig build -Dskip-mlir=true 2>&1 \| grep -E "(Maximum resident set size\|User time\|System time)" \|\| echo "⚠️ Memory profiling failed"

	echo "✅ Performance benchmarks completed"

	release:
	name: Release Check
	runs-on: ${{ matrix.os }}
	if: github.ref == 'refs/heads/main'
	needs: [lint, test, comprehensive-tests, security]
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest]

	steps:
	- name: Checkout code
	uses: actions/checkout@v4
	with:
	submodules: true

	- name: Setup Zig
	uses: goto-bus-stop/setup-zig@v2
	with:
	version: ${{ env.ZIG_VERSION }}

	- name: Install system dependencies
	shell: bash
	run: \|
	echo "🔧 Installing system dependencies for ${{ runner.os }}..."
	case "${{ runner.os }}" in
	Linux)
	sudo apt-get update -qq
	sudo apt-get install -y \
	build-essential \
	cmake \
	clang \
	libc++-dev \
	libc++abi-dev \
	libboost-all-dev \
	libssl-dev \
	pkg-config \
	z3 \
	libz3-dev \
	git
	echo "✅ Linux dependencies installed"
	;;
	macOS)
	brew install boost openssl cmake z3
	echo "✅ macOS dependencies installed"
	;;
	Windows)
	choco install boost-msvc-14.3 cmake openssl
	echo "✅ Windows dependencies installed"
	;;
	esac

	- name: Fetch pinned LLVM/MLIR source
	shell: bash
	run: \|
	set -euo pipefail
	echo "📦 Fetching pinned LLVM/MLIR commit: ${{ env.LLVM_COMMIT }}"
	rm -rf vendor/llvm-project
	git init vendor/llvm-project
	git -C vendor/llvm-project remote add origin "${{ env.LLVM_REPO_URL }}"
	git -C vendor/llvm-project fetch --depth=1 origin "${{ env.LLVM_COMMIT }}"
	git -C vendor/llvm-project checkout --detach FETCH_HEAD
	echo "✅ LLVM/MLIR at $(git -C vendor/llvm-project rev-parse HEAD)"

	- name: Cache MLIR build
	uses: actions/cache@v4
	with:
	path: vendor/mlir/
	key: ${{ runner.os }}-${{ runner.arch }}-mlir-build-${{ env.LLVM_COMMIT }}-${{ hashFiles('build.zig', 'src/mlir/ora/', 'src/mlir/IR/') }}

	- name: Build release version
	shell: bash
	run: \|
	echo "🎯 Building release version..."
	zig build -Doptimize=ReleaseFast
	echo "✅ Release build completed for ${{ runner.os }}"

	- name: Create release summary
	shell: bash
	run: \|
	echo "📋 Release Summary:" > release-summary.md
	echo "- Commit: ${{ github.sha }}" >> release-summary.md
	echo "- Date: $(date)" >> release-summary.md
	echo "- Tests: ✅ Passed" >> release-summary.md
	echo "- Comprehensive Tests: ✅ Passed" >> release-summary.md
	echo "- Security: ✅ Scanned" >> release-summary.md

	echo "📋 Release summary created"
	cat release-summary.md

	- name: Upload release artifacts
	uses: actions/upload-artifact@v4
	with:
	name: ora-release-${{ runner.os }}-${{ github.sha }}
	path: \|
	zig-out/
	release-summary.md
	retention-days: 30

	notification:
	name: Notification
	runs-on: macos-latest
	if: always()
	needs: [lint, test, comprehensive-tests, security]

	steps:
	- name: Notify on success
	if: needs.lint.result == 'success' && needs.test.result == 'success' && needs.comprehensive-tests.result == 'success'
	run: \|
	echo "✅ 🎉 All CI checks passed successfully!"
	echo "📊 Results:"
	echo " - Lint: ✅"
	echo " - Test: ✅"
	echo " - Comprehensive Tests: ✅"
	echo " - Security: ✅"

	- name: Notify on failure
	if: needs.lint.result == 'failure' \|\| needs.test.result == 'failure' \|\| needs.comprehensive-tests.result == 'failure'
	run: \|
	echo "❌ Some CI checks failed"
	echo "📊 Results:"
	echo " - Lint: ${{ needs.lint.result }}"
	echo " - Test: ${{ needs.test.result }}"
	echo " - Comprehensive Tests: ${{ needs.comprehensive-tests.result }}"
	echo " - Security: ${{ needs.security.result }}"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CI #423

Workflow file

CI #423

Uh oh!

Workflow file for this run