From 0f481bc99a46a4b2aafbd372ee3097929a4bd8ff Mon Sep 17 00:00:00 2001 From: Marc Prud'hommeaux Date: Tue, 16 Dec 2025 17:09:19 -0500 Subject: [PATCH 01/10] Enable websockets for libcurl build --- swift-ci/sdks/android/scripts/build.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/swift-ci/sdks/android/scripts/build.sh b/swift-ci/sdks/android/scripts/build.sh index 4b0e0159..b36f08ba 100755 --- a/swift-ci/sdks/android/scripts/build.sh +++ b/swift-ci/sdks/android/scripts/build.sh @@ -410,6 +410,7 @@ for arch in $archs; do -DCURL_USE_OPENSSL=ON \ -DCURL_USE_LIBSSH2=OFF \ -DCURL_USE_LIBPSL=OFF \ + -DENABLE_WEBSOCKETS=ON \ -DTHREADS_PREFER_PTHREAD_FLAG=OFF \ -DCMAKE_THREAD_PREFER_PTHREAD=OFF \ -DCMAKE_THREADS_PREFER_PTHREAD_FLAG=OFF \ From f08c5ed4c85bc5ee7f554015113f1b0e13e19bb0 Mon Sep 17 00:00:00 2001 From: Marc Prud'hommeaux Date: Tue, 23 Dec 2025 09:34:06 -0500 Subject: [PATCH 02/10] Add Android CI --- .github/workflows/android_sdk.yml | 163 ++++++++++++++++++++++++++++++ 1 file changed, 163 insertions(+) create mode 100644 .github/workflows/android_sdk.yml diff --git a/.github/workflows/android_sdk.yml b/.github/workflows/android_sdk.yml new file mode 100644 index 00000000..189a39aa --- /dev/null +++ b/.github/workflows/android_sdk.yml @@ -0,0 +1,163 @@ +name: Build Android SDK +on: [pull_request] + +jobs: + build: + name: Android ${{ matrix.build-type }} ${{ matrix.swift-version }} ${{ matrix.arch }} ${{ matrix.runner }} (compiler=${{ matrix.build-compiler }}) + strategy: + fail-fast: false + matrix: + include: + - swift-version: 'tag:swift-DEVELOPMENT-SNAPSHOT-2025-12-19-a' + #- swift-version: 'tag:swift-6.2-DEVELOPMENT-SNAPSHOT-2025-09-10-a' + #- swift-version: 'tag:swift-6.2-RELEASE' + # build-type: 'local' + # runner: 'ubuntu-24.04' + build-type: 'docker' + # build-compiler: '1' + # runner: 'self-hosted' + runs-on: ${{ matrix.runner }} + # 16 hour timeout + timeout-minutes: 960 + steps: + - name: Free Disk Space + if: ${{ matrix.runner != 'self-hosted' }} + run: | + df -h + # brings available space from 25G to 32G + # otherwise we sometimes run out of space during the build + sudo rm -rf /opt/microsoft /opt/google /opt/az /usr/share/miniconda /usr/share/az* /usr/share/glade* /usr/local/share/chromium /usr/local/share/powershell /usr/share/dotnet /opt/ghc /opt/hostedtoolcache /usr/local/graalvm/ /usr/local/.ghcup/ /usr/local/lib/node_modules /usr/local/share/boost + sudo docker image prune --all --force + sudo docker builder prune -a + df -h + - name: Setup + id: config + run: | + # these variabes are used by build-docker and build-local + # to determine which Swift version to build for + echo "SWIFT_VERSION=${{ matrix.swift-version }}" >> $GITHUB_ENV + # pass the build-compiler matrix through to the build script + echo "BUILD_COMPILER=${{ matrix.build-compiler }}" >> $GITHUB_ENV + echo "TARGET_ARCHS=${{ matrix.arch }}" >> $GITHUB_ENV + echo "WORKDIR=${{ runner.temp }}/swift-android-sdk" >> $GITHUB_ENV + - name: Checkout repository + uses: actions/checkout@v4 + - name: Build Android SDK (Local) + if: ${{ matrix.build-type == 'local' }} + working-directory: swift-ci/sdks/android + run: | + sudo apt install -q patchelf build-essential cmake ninja-build python3 golang git gnupg2 libcurl4-openssl-dev libedit-dev libicu-dev libncurses5-dev libpython3-dev libsqlite3-dev libxml2-dev rsync uuid-dev uuid-runtime tzdata curl unzip + ./build-local ${SWIFT_VERSION} ${WORKDIR} + - name: Build Android SDK (Docker) + if: ${{ matrix.build-type == 'docker' }} + working-directory: swift-ci/sdks/android + run: | + ./build-docker ${SWIFT_VERSION} ${WORKDIR} + - name: Install Host Toolchain + if: ${{ matrix.build-type == 'docker' }} + working-directory: swift-ci/sdks/android + run: | + # when building in a Docker container, we don't have a local host toolchain, + # but we need one in order to run the SDK validation tests, so we install it now + HOST_OS=ubuntu$(lsb_release -sr) + source ./scripts/toolchain-vars.sh + mkdir -p ${WORKDIR}/host-toolchain + ./scripts/install-swift.sh ${WORKDIR}/host-toolchain/$SWIFT_BASE/usr + ls ${WORKDIR}/host-toolchain + ${WORKDIR}/host-toolchain/*/usr/bin/swift --version + - name: Get artifact info + id: info + shell: bash + run: | + set -ex + SWIFT_ROOT=$(dirname ${WORKDIR}/host-toolchain/*/usr) + echo "swift-root=${SWIFT_ROOT}" >> $GITHUB_OUTPUT + echo "swift-path=${SWIFT_ROOT}/usr/bin/swift" >> $GITHUB_OUTPUT + + ARTIFACT_PATH=$(realpath ${WORKDIR}/products/*.artifactbundle.tar.gz) + echo "artifact-path=${ARTIFACT_PATH}" >> $GITHUB_OUTPUT + echo "sdk-id=x86_64-unknown-linux-android28" >> $GITHUB_OUTPUT + + ARTIFACT_EXT=".artifactbundle.tar.gz" + ARTIFACT_NAME="$(basename ${ARTIFACT_PATH} ${ARTIFACT_EXT})" + # depending on whether we are building locally or in a container, add a maker to the name + if [[ "${{ matrix.build-type }}" == 'local' ]]; then + ARTIFACT_NAME="${ARTIFACT_NAME}-local" + fi + if [[ "${{ matrix.build-compiler }}" == '1' ]]; then + ARTIFACT_NAME="${ARTIFACT_NAME}-hostbuild" + fi + # artifacts need a unique name so we suffix with the matrix arch(s) + if [[ ! -z "${{ matrix.arch }}" ]]; then + ARTIFACT_NAME="${ARTIFACT_NAME}-$(echo ${{ matrix.arch }} | tr ',' '-')" + fi + ARTIFACT_NAME="${ARTIFACT_NAME}${ARTIFACT_EXT}" + + # There is no way to prevent even a single-file artifact from being zipped: + # https://github.com/actions/upload-artifact?tab=readme-ov-file#zip-archives + # so the actual artifact download will look like: + # swift-6.1-RELEASE_android-0.1-x86_64.artifactbundle.tar.gz.zip + echo "artifact-name=${ARTIFACT_NAME}" >> $GITHUB_OUTPUT + - name: Upload SDK artifactbundle + uses: actions/upload-artifact@v4 + with: + compression-level: 0 + name: ${{ steps.info.outputs.artifact-name }} + path: ${{ steps.info.outputs.artifact-path }} + - name: Cleanup + if: ${{ matrix.runner != 'self-hosted' }} + run: | + # need to free up some space or else when installing we get: No space left on device + df -h + rm -rf ${WORKDIR}/{build,source} + sudo docker image prune --all --force + sudo docker builder prune -a + df -h + - name: Install artifactbundle + if: ${{ matrix.runner != 'self-hosted' }} + shell: bash + run: | + set -ex + ${{ steps.info.outputs.swift-path }} sdk install ${{ steps.info.outputs.artifact-path }} + ${{ steps.info.outputs.swift-path }} sdk configure --show-configuration $(${{ steps.info.outputs.swift-path }} sdk list | head -n 1) ${{ steps.info.outputs.sdk-id }} + # recent releases require that ANDROID_NDK_ROOT *not* be set + # see https://github.com/swiftlang/swift-driver/pull/1879 + echo "ANDROID_NDK_ROOT=" >> $GITHUB_ENV + + - name: Create Demo Project + if: ${{ matrix.runner != 'self-hosted' }} + run: | + cd ${{ runner.temp }} + mkdir DemoProject + cd DemoProject + ${{ steps.info.outputs.swift-path }} --version + ${{ steps.info.outputs.swift-path }} package init + echo 'import Foundation' >> Sources/DemoProject/DemoProject.swift + echo 'import FoundationEssentials' >> Sources/DemoProject/DemoProject.swift + echo 'import FoundationXML' >> Sources/DemoProject/DemoProject.swift + echo 'import FoundationNetworking' >> Sources/DemoProject/DemoProject.swift + echo 'import Dispatch' >> Sources/DemoProject/DemoProject.swift + echo 'import Android' >> Sources/DemoProject/DemoProject.swift + - name: Test Demo Project on Android + uses: skiptools/swift-android-action@main + if: ${{ matrix.runner != 'self-hosted' }} + with: + # only test for the complete arch SDK build to speed up CI + #run-tests: ${{ matrix.arch == '' }} + package-path: ${{ runner.temp }}/DemoProject + installed-sdk: ${{ steps.info.outputs.sdk-id }} + installed-swift: ${{ steps.info.outputs.swift-root }} + + - name: Checkout swift-algorithms + if: ${{ matrix.runner != 'self-hosted' }} + uses: actions/checkout@v4 + with: + repository: apple/swift-algorithms + path: swift-algorithms + - name: Test swift-algorithms + if: ${{ matrix.runner != 'self-hosted' }} + uses: skiptools/swift-android-action@main + with: + package-path: swift-algorithms + installed-sdk: ${{ steps.info.outputs.sdk-id }} + installed-swift: ${{ steps.info.outputs.swift-root }} From 66ed4388b61b01e7d24dfabf32bf127d770b97d9 Mon Sep 17 00:00:00 2001 From: Marc Prud'hommeaux Date: Tue, 23 Dec 2025 09:35:19 -0500 Subject: [PATCH 03/10] Fix Android CI --- .github/workflows/android_sdk.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/android_sdk.yml b/.github/workflows/android_sdk.yml index 189a39aa..f6200b96 100644 --- a/.github/workflows/android_sdk.yml +++ b/.github/workflows/android_sdk.yml @@ -8,12 +8,12 @@ jobs: fail-fast: false matrix: include: - - swift-version: 'tag:swift-DEVELOPMENT-SNAPSHOT-2025-12-19-a' + - runner: 'ubuntu-24.04' + swift-version: 'tag:swift-DEVELOPMENT-SNAPSHOT-2025-12-19-a' #- swift-version: 'tag:swift-6.2-DEVELOPMENT-SNAPSHOT-2025-09-10-a' #- swift-version: 'tag:swift-6.2-RELEASE' - # build-type: 'local' - # runner: 'ubuntu-24.04' build-type: 'docker' + # build-type: 'local' # build-compiler: '1' # runner: 'self-hosted' runs-on: ${{ matrix.runner }} From cc75e69f450c8db7f42162c9f34fc123410b00e7 Mon Sep 17 00:00:00 2001 From: Marc Prud'hommeaux Date: Tue, 23 Dec 2025 12:51:08 -0500 Subject: [PATCH 04/10] Build the 6.2.3 release --- .github/workflows/android_sdk.yml | 13 ++++++++----- 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/.github/workflows/android_sdk.yml b/.github/workflows/android_sdk.yml index f6200b96..96deef74 100644 --- a/.github/workflows/android_sdk.yml +++ b/.github/workflows/android_sdk.yml @@ -10,12 +10,15 @@ jobs: include: - runner: 'ubuntu-24.04' swift-version: 'tag:swift-DEVELOPMENT-SNAPSHOT-2025-12-19-a' - #- swift-version: 'tag:swift-6.2-DEVELOPMENT-SNAPSHOT-2025-09-10-a' - #- swift-version: 'tag:swift-6.2-RELEASE' + #swift-version: 'tag:swift-6.2-DEVELOPMENT-SNAPSHOT-2025-09-10-a' + #swift-version: 'tag:swift-6.2-RELEASE' + build-type: 'docker' + #build-type: 'local' + #build-compiler: '1' + #runner: 'self-hosted' + - runner: 'ubuntu-24.04' + swift-version: 'tag:swift-6.2.3-RELEASE' build-type: 'docker' - # build-type: 'local' - # build-compiler: '1' - # runner: 'self-hosted' runs-on: ${{ matrix.runner }} # 16 hour timeout timeout-minutes: 960 From 15f923183760a2d5e8c94e39fe87c812086ff3ac Mon Sep 17 00:00:00 2001 From: Marc Prud'hommeaux Date: Tue, 23 Dec 2025 15:34:46 -0500 Subject: [PATCH 05/10] Remove android_sdk.yml workflow in preparation for PR --- .github/workflows/android_sdk.yml | 166 ------------------------------ 1 file changed, 166 deletions(-) delete mode 100644 .github/workflows/android_sdk.yml diff --git a/.github/workflows/android_sdk.yml b/.github/workflows/android_sdk.yml deleted file mode 100644 index 96deef74..00000000 --- a/.github/workflows/android_sdk.yml +++ /dev/null @@ -1,166 +0,0 @@ -name: Build Android SDK -on: [pull_request] - -jobs: - build: - name: Android ${{ matrix.build-type }} ${{ matrix.swift-version }} ${{ matrix.arch }} ${{ matrix.runner }} (compiler=${{ matrix.build-compiler }}) - strategy: - fail-fast: false - matrix: - include: - - runner: 'ubuntu-24.04' - swift-version: 'tag:swift-DEVELOPMENT-SNAPSHOT-2025-12-19-a' - #swift-version: 'tag:swift-6.2-DEVELOPMENT-SNAPSHOT-2025-09-10-a' - #swift-version: 'tag:swift-6.2-RELEASE' - build-type: 'docker' - #build-type: 'local' - #build-compiler: '1' - #runner: 'self-hosted' - - runner: 'ubuntu-24.04' - swift-version: 'tag:swift-6.2.3-RELEASE' - build-type: 'docker' - runs-on: ${{ matrix.runner }} - # 16 hour timeout - timeout-minutes: 960 - steps: - - name: Free Disk Space - if: ${{ matrix.runner != 'self-hosted' }} - run: | - df -h - # brings available space from 25G to 32G - # otherwise we sometimes run out of space during the build - sudo rm -rf /opt/microsoft /opt/google /opt/az /usr/share/miniconda /usr/share/az* /usr/share/glade* /usr/local/share/chromium /usr/local/share/powershell /usr/share/dotnet /opt/ghc /opt/hostedtoolcache /usr/local/graalvm/ /usr/local/.ghcup/ /usr/local/lib/node_modules /usr/local/share/boost - sudo docker image prune --all --force - sudo docker builder prune -a - df -h - - name: Setup - id: config - run: | - # these variabes are used by build-docker and build-local - # to determine which Swift version to build for - echo "SWIFT_VERSION=${{ matrix.swift-version }}" >> $GITHUB_ENV - # pass the build-compiler matrix through to the build script - echo "BUILD_COMPILER=${{ matrix.build-compiler }}" >> $GITHUB_ENV - echo "TARGET_ARCHS=${{ matrix.arch }}" >> $GITHUB_ENV - echo "WORKDIR=${{ runner.temp }}/swift-android-sdk" >> $GITHUB_ENV - - name: Checkout repository - uses: actions/checkout@v4 - - name: Build Android SDK (Local) - if: ${{ matrix.build-type == 'local' }} - working-directory: swift-ci/sdks/android - run: | - sudo apt install -q patchelf build-essential cmake ninja-build python3 golang git gnupg2 libcurl4-openssl-dev libedit-dev libicu-dev libncurses5-dev libpython3-dev libsqlite3-dev libxml2-dev rsync uuid-dev uuid-runtime tzdata curl unzip - ./build-local ${SWIFT_VERSION} ${WORKDIR} - - name: Build Android SDK (Docker) - if: ${{ matrix.build-type == 'docker' }} - working-directory: swift-ci/sdks/android - run: | - ./build-docker ${SWIFT_VERSION} ${WORKDIR} - - name: Install Host Toolchain - if: ${{ matrix.build-type == 'docker' }} - working-directory: swift-ci/sdks/android - run: | - # when building in a Docker container, we don't have a local host toolchain, - # but we need one in order to run the SDK validation tests, so we install it now - HOST_OS=ubuntu$(lsb_release -sr) - source ./scripts/toolchain-vars.sh - mkdir -p ${WORKDIR}/host-toolchain - ./scripts/install-swift.sh ${WORKDIR}/host-toolchain/$SWIFT_BASE/usr - ls ${WORKDIR}/host-toolchain - ${WORKDIR}/host-toolchain/*/usr/bin/swift --version - - name: Get artifact info - id: info - shell: bash - run: | - set -ex - SWIFT_ROOT=$(dirname ${WORKDIR}/host-toolchain/*/usr) - echo "swift-root=${SWIFT_ROOT}" >> $GITHUB_OUTPUT - echo "swift-path=${SWIFT_ROOT}/usr/bin/swift" >> $GITHUB_OUTPUT - - ARTIFACT_PATH=$(realpath ${WORKDIR}/products/*.artifactbundle.tar.gz) - echo "artifact-path=${ARTIFACT_PATH}" >> $GITHUB_OUTPUT - echo "sdk-id=x86_64-unknown-linux-android28" >> $GITHUB_OUTPUT - - ARTIFACT_EXT=".artifactbundle.tar.gz" - ARTIFACT_NAME="$(basename ${ARTIFACT_PATH} ${ARTIFACT_EXT})" - # depending on whether we are building locally or in a container, add a maker to the name - if [[ "${{ matrix.build-type }}" == 'local' ]]; then - ARTIFACT_NAME="${ARTIFACT_NAME}-local" - fi - if [[ "${{ matrix.build-compiler }}" == '1' ]]; then - ARTIFACT_NAME="${ARTIFACT_NAME}-hostbuild" - fi - # artifacts need a unique name so we suffix with the matrix arch(s) - if [[ ! -z "${{ matrix.arch }}" ]]; then - ARTIFACT_NAME="${ARTIFACT_NAME}-$(echo ${{ matrix.arch }} | tr ',' '-')" - fi - ARTIFACT_NAME="${ARTIFACT_NAME}${ARTIFACT_EXT}" - - # There is no way to prevent even a single-file artifact from being zipped: - # https://github.com/actions/upload-artifact?tab=readme-ov-file#zip-archives - # so the actual artifact download will look like: - # swift-6.1-RELEASE_android-0.1-x86_64.artifactbundle.tar.gz.zip - echo "artifact-name=${ARTIFACT_NAME}" >> $GITHUB_OUTPUT - - name: Upload SDK artifactbundle - uses: actions/upload-artifact@v4 - with: - compression-level: 0 - name: ${{ steps.info.outputs.artifact-name }} - path: ${{ steps.info.outputs.artifact-path }} - - name: Cleanup - if: ${{ matrix.runner != 'self-hosted' }} - run: | - # need to free up some space or else when installing we get: No space left on device - df -h - rm -rf ${WORKDIR}/{build,source} - sudo docker image prune --all --force - sudo docker builder prune -a - df -h - - name: Install artifactbundle - if: ${{ matrix.runner != 'self-hosted' }} - shell: bash - run: | - set -ex - ${{ steps.info.outputs.swift-path }} sdk install ${{ steps.info.outputs.artifact-path }} - ${{ steps.info.outputs.swift-path }} sdk configure --show-configuration $(${{ steps.info.outputs.swift-path }} sdk list | head -n 1) ${{ steps.info.outputs.sdk-id }} - # recent releases require that ANDROID_NDK_ROOT *not* be set - # see https://github.com/swiftlang/swift-driver/pull/1879 - echo "ANDROID_NDK_ROOT=" >> $GITHUB_ENV - - - name: Create Demo Project - if: ${{ matrix.runner != 'self-hosted' }} - run: | - cd ${{ runner.temp }} - mkdir DemoProject - cd DemoProject - ${{ steps.info.outputs.swift-path }} --version - ${{ steps.info.outputs.swift-path }} package init - echo 'import Foundation' >> Sources/DemoProject/DemoProject.swift - echo 'import FoundationEssentials' >> Sources/DemoProject/DemoProject.swift - echo 'import FoundationXML' >> Sources/DemoProject/DemoProject.swift - echo 'import FoundationNetworking' >> Sources/DemoProject/DemoProject.swift - echo 'import Dispatch' >> Sources/DemoProject/DemoProject.swift - echo 'import Android' >> Sources/DemoProject/DemoProject.swift - - name: Test Demo Project on Android - uses: skiptools/swift-android-action@main - if: ${{ matrix.runner != 'self-hosted' }} - with: - # only test for the complete arch SDK build to speed up CI - #run-tests: ${{ matrix.arch == '' }} - package-path: ${{ runner.temp }}/DemoProject - installed-sdk: ${{ steps.info.outputs.sdk-id }} - installed-swift: ${{ steps.info.outputs.swift-root }} - - - name: Checkout swift-algorithms - if: ${{ matrix.runner != 'self-hosted' }} - uses: actions/checkout@v4 - with: - repository: apple/swift-algorithms - path: swift-algorithms - - name: Test swift-algorithms - if: ${{ matrix.runner != 'self-hosted' }} - uses: skiptools/swift-android-action@main - with: - package-path: swift-algorithms - installed-sdk: ${{ steps.info.outputs.sdk-id }} - installed-swift: ${{ steps.info.outputs.swift-root }} From b73cd513315de5fb0280c6630fe7dc5ad1e092bf Mon Sep 17 00:00:00 2001 From: Alex Hoppen Date: Fri, 2 Jan 2026 18:11:44 +0100 Subject: [PATCH 06/10] Move `CODEOWNERS` to `.github/CODEOWNERS` (#521) The Contributor Experience Workgroup is currently formalizing the Code Owner role and as part of that standardizes the definition of code owners in a .github/CODEOWNERS file across the swiftlang organization (https://github.com/swiftlang/swift-org-website/pull/1269). Move the existing `CODEOWNERS` file at the root of the repository into the `.github` folder to reflect this standard. --- CODEOWNERS => .github/CODEOWNERS | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename CODEOWNERS => .github/CODEOWNERS (100%) diff --git a/CODEOWNERS b/.github/CODEOWNERS similarity index 100% rename from CODEOWNERS rename to .github/CODEOWNERS From 85c62a037bc738c191a8cb77cbcd669e8194041e Mon Sep 17 00:00:00 2001 From: Justice Adams <107649528+justice-adams-apple@users.noreply.github.com> Date: Mon, 5 Jan 2026 11:39:38 -0800 Subject: [PATCH 07/10] add 6.3 fedora 41 images (#523) --- nightly-6.3/fedora/41/Dockerfile | 70 ++++++++++++++++++++++ nightly-6.3/fedora/41/buildx/Dockerfile | 80 +++++++++++++++++++++++++ 2 files changed, 150 insertions(+) create mode 100644 nightly-6.3/fedora/41/Dockerfile create mode 100644 nightly-6.3/fedora/41/buildx/Dockerfile diff --git a/nightly-6.3/fedora/41/Dockerfile b/nightly-6.3/fedora/41/Dockerfile new file mode 100644 index 00000000..34db8ff8 --- /dev/null +++ b/nightly-6.3/fedora/41/Dockerfile @@ -0,0 +1,70 @@ +FROM fedora:41 +LABEL maintainer="Swift Infrastructure " +LABEL description="Docker Container for the Swift programming language" + +RUN yum -y install \ + binutils \ + gcc \ + git \ + zip \ + unzip \ + libcurl-devel \ + libedit-devel \ + libicu-devel \ + sqlite-devel \ + libuuid-devel \ + libxml2-devel \ + python3-devel \ + libstdc++-devel \ + libstdc++-static \ + gnupg + + +ARG SWIFT_SIGNING_KEY=E813C892820A6FA13755B268F167DF1ACF9CE069 +ARG SWIFT_PLATFORM=fedora41 +ARG SWIFT_VERSION=6.3 +ARG SWIFT_BRANCH=swift-${SWIFT_VERSION}-release +ARG SWIFT_TAG=swift-${SWIFT_VERSION}-RELEASE +ARG SWIFT_WEBROOT=https://download.swift.org/swift-6.3-branch +ARG SWIFT_WEBROOT="$SWIFT_WEBROOT/$SWIFT_PLATFORM" +ARG SWIFT_PREFIX=/opt/swift/${SWIFT_VERSION} + +ENV SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \ + SWIFT_PLATFORM=$SWIFT_PLATFORM \ + SWIFT_VERSION=$SWIFT_VERSION \ + SWIFT_BRANCH=$SWIFT_BRANCH \ + SWIFT_TAG=$SWIFT_TAG \ + SWIFT_WEBROOT=$SWIFT_WEBROOT \ + SWIFT_PREFIX=$SWIFT_PREFIX + +RUN set -e; \ + ARCH_NAME="$(rpm --eval '%{_arch}')"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + OS_ARCH_SUFFIX=''; \ + ;; \ + 'aarch64') \ + OS_ARCH_SUFFIX='-aarch64'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac; \ + export $(curl -s ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/latest-build.yml | grep 'download:' | sed 's/:[^:\/\/]/=/g') \ + && export $(curl -s ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/latest-build.yml | grep 'download_signature:' | sed 's/:[^:\/\/]/=/g') \ + && export DOWNLOAD_DIR=$(echo $download | sed "s/-${SWIFT_PLATFORM}${OS_ARCH_SUFFIX}.tar.gz//g") \ + && echo $DOWNLOAD_DIR > .swift_tag \ + # - Download the GPG keys, Swift toolchain, and toolchain signature, and verify. + && export GNUPGHOME="$(mktemp -d)" \ + && curl -fsSL ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/${DOWNLOAD_DIR}/${download} -o latest_toolchain.tar.gz \ + ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/${DOWNLOAD_DIR}/${download} -o latest_toolchain.tar.gz.sig \ + && curl -fSsL --compressed https://swift.org/keys/all-keys.asc | gpg --import - \ + # - Unpack the toolchain, set libs permissions, and clean up. + && mkdir -p $SWIFT_PREFIX \ + && tar -xzf latest_toolchain.tar.gz --directory $SWIFT_PREFIX --strip-components=1 \ + && chmod -R o+r $SWIFT_PREFIX/usr/lib/swift \ + && rm -rf "$GNUPGHOME" latest_toolchain.tar.gz.sig latest_toolchain.tar.gz + +ENV PATH="${SWIFT_PREFIX}/usr/bin:${PATH}" + +# Print Installed Swift Version +RUN swift --version \ No newline at end of file diff --git a/nightly-6.3/fedora/41/buildx/Dockerfile b/nightly-6.3/fedora/41/buildx/Dockerfile new file mode 100644 index 00000000..f8132ce8 --- /dev/null +++ b/nightly-6.3/fedora/41/buildx/Dockerfile @@ -0,0 +1,80 @@ +FROM fedora:41 AS base +LABEL maintainer="Swift Infrastructure " +LABEL description="Docker Container for the Swift programming language" + +RUN yum -y install \ + binutils \ + gcc \ + git \ + zip \ + unzip \ + libcurl-devel \ + libedit-devel \ + libicu-devel \ + sqlite-devel \ + libuuid-devel \ + libxml2-devel \ + python3-devel \ + libstdc++-devel \ + libstdc++-static \ + gnupg + + +ARG SWIFT_SIGNING_KEY=E813C892820A6FA13755B268F167DF1ACF9CE069 +ARG SWIFT_PLATFORM=fedora41 +ARG SWIFT_VERSION=6.3 +ARG SWIFT_BRANCH=swift-${SWIFT_VERSION}-release +ARG SWIFT_TAG=swift-${SWIFT_VERSION}-RELEASE +ARG SWIFT_WEBROOT=https://download.swift.org/swift-6.3-branch +ARG SWIFT_WEBROOT="$SWIFT_WEBROOT/$SWIFT_PLATFORM" +ARG SWIFT_PREFIX=/opt/swift/${SWIFT_VERSION} + +# This is a small trick to enable if/else for arm64 and amd64. +# Because of https://bugs.swift.org/browse/SR-14872 we need adjust tar options. +FROM base AS base-amd64 +ARG OS_ARCH_SUFFIX= + +FROM base AS base-arm64 +ARG OS_ARCH_SUFFIX=-aarch64 + +FROM base-$TARGETARCH AS final + +ENV SWIFT_SIGNING_KEY=$SWIFT_SIGNING_KEY \ + SWIFT_PLATFORM=$SWIFT_PLATFORM \ + SWIFT_VERSION=$SWIFT_VERSION \ + SWIFT_BRANCH=$SWIFT_BRANCH \ + SWIFT_TAG=$SWIFT_TAG \ + SWIFT_WEBROOT=$SWIFT_WEBROOT \ + SWIFT_PREFIX=$SWIFT_PREFIX + +RUN set -e; \ + ARCH_NAME="$(rpm --eval '%{_arch}')"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + OS_ARCH_SUFFIX=''; \ + ;; \ + 'aarch64') \ + OS_ARCH_SUFFIX='-aarch64'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac; \ + export $(curl -s ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/latest-build.yml | grep 'download:' | sed 's/:[^:\/\/]/=/g') \ + && export $(curl -s ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/latest-build.yml | grep 'download_signature:' | sed 's/:[^:\/\/]/=/g') \ + && export DOWNLOAD_DIR=$(echo $download | sed "s/-${SWIFT_PLATFORM}${OS_ARCH_SUFFIX}.tar.gz//g") \ + && echo $DOWNLOAD_DIR > .swift_tag \ + # - Download the GPG keys, Swift toolchain, and toolchain signature, and verify. + && export GNUPGHOME="$(mktemp -d)" \ + && curl -fsSL ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/${DOWNLOAD_DIR}/${download} -o latest_toolchain.tar.gz \ + ${SWIFT_WEBROOT}${OS_ARCH_SUFFIX}/${DOWNLOAD_DIR}/${download} -o latest_toolchain.tar.gz.sig \ + && curl -fSsL --compressed https://swift.org/keys/all-keys.asc | gpg --import - \ + # - Unpack the toolchain, set libs permissions, and clean up. + && mkdir -p $SWIFT_PREFIX \ + && tar -xzf latest_toolchain.tar.gz --directory $SWIFT_PREFIX --strip-components=1 \ + && chmod -R o+r $SWIFT_PREFIX/usr/lib/swift \ + && rm -rf "$GNUPGHOME" latest_toolchain.tar.gz.sig latest_toolchain.tar.gz + +ENV PATH="${SWIFT_PREFIX}/usr/bin:${PATH}" + +# Print Installed Swift Version +RUN swift --version \ No newline at end of file From ea31a3331dd0a3346ae7cc114daffe4f6be35415 Mon Sep 17 00:00:00 2001 From: Alastair Houghton Date: Fri, 23 Jan 2026 16:22:15 +0000 Subject: [PATCH 08/10] Update the Static SDK for Linux (#488) * Update the Static SDK for Linux Updated the versions of: - libxml2 (2.14.5) - curl (8.15.0) - BoringSSL (newer SHA) and added: - bzip2 (1.0.8) - xz-utils (5.8.1) - libarchive (3.8.1) - mimalloc (2.2.4) Plus two security patches for musl to fix CVE-2025-26519. Also link mimalloc by default, so programs using the Static SDK for Linux get a better memory allocator out of the box. rdar://156423711 * [Static SDK] Tweak build script slightly. We need to run the build and install of bzip2 together, otherwise bzip2 tries to run tests, which won't necessarily work when cross compiling for a different architecture. We also want to remove various directories from the final result. Oh, and we don't want to build libxml2 with lzma support either, otherwise we'll have to link with liblxma whenever we use libxml2. * [Static SDK] Replace malloc with mimalloc. To do this properly, we remove all of the allocator implementation from `libc.a` and `libc++abi.a`, and add `mimalloc.o`, mimalloc's static implementation, directly to `libc.a`. --- ...ous-input-validation-in-EUC-KR-decod.patch | 38 ++++ ...-8-output-code-path-against-input-de.patch | 38 ++++ swift-ci/sdks/static-linux/scripts/build.sh | 183 +++++++++++++++++- .../sdks/static-linux/scripts/fetch-source.sh | 77 +++++++- 4 files changed, 321 insertions(+), 15 deletions(-) create mode 100644 swift-ci/sdks/static-linux/resources/patches/musl/0001-iconv-fix-erroneous-input-validation-in-EUC-KR-decod.patch create mode 100644 swift-ci/sdks/static-linux/resources/patches/musl/0002-iconv-harden-UTF-8-output-code-path-against-input-de.patch diff --git a/swift-ci/sdks/static-linux/resources/patches/musl/0001-iconv-fix-erroneous-input-validation-in-EUC-KR-decod.patch b/swift-ci/sdks/static-linux/resources/patches/musl/0001-iconv-fix-erroneous-input-validation-in-EUC-KR-decod.patch new file mode 100644 index 00000000..e62d28d4 --- /dev/null +++ b/swift-ci/sdks/static-linux/resources/patches/musl/0001-iconv-fix-erroneous-input-validation-in-EUC-KR-decod.patch @@ -0,0 +1,38 @@ +>From e5adcd97b5196e29991b524237381a0202a60659 Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Sun, 9 Feb 2025 10:07:19 -0500 +Subject: [PATCH] iconv: fix erroneous input validation in EUC-KR decoder + +as a result of incorrect bounds checking on the lead byte being +decoded, certain invalid inputs which should produce an encoding +error, such as "\xc8\x41", instead produced out-of-bounds loads from +the ksc table. + +in a worst case, the loaded value may not be a valid unicode scalar +value, in which case, if the output encoding was UTF-8, wctomb would +return (size_t)-1, causing an overflow in the output pointer and +remaining buffer size which could clobber memory outside of the output +buffer. + +bug report was submitted in private by Nick Wellnhofer on account of +potential security implications. +--- + src/locale/iconv.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/locale/iconv.c b/src/locale/iconv.c +index 9605c8e9..008c93f0 100644 +--- a/src/locale/iconv.c ++++ b/src/locale/iconv.c +@@ -502,7 +502,7 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (c >= 93 || d >= 94) { + c += (0xa1-0x81); + d += 0xa1; +- if (c >= 93 || c>=0xc6-0x81 && d>0x52) ++ if (c > 0xc6-0x81 || c==0xc6-0x81 && d>0x52) + goto ilseq; + if (d-'A'<26) d = d-'A'; + else if (d-'a'<26) d = d-'a'+26; +-- +2.21.0 + diff --git a/swift-ci/sdks/static-linux/resources/patches/musl/0002-iconv-harden-UTF-8-output-code-path-against-input-de.patch b/swift-ci/sdks/static-linux/resources/patches/musl/0002-iconv-harden-UTF-8-output-code-path-against-input-de.patch new file mode 100644 index 00000000..9b64508c --- /dev/null +++ b/swift-ci/sdks/static-linux/resources/patches/musl/0002-iconv-harden-UTF-8-output-code-path-against-input-de.patch @@ -0,0 +1,38 @@ +>From c47ad25ea3b484e10326f933e927c0bc8cded3da Mon Sep 17 00:00:00 2001 +From: Rich Felker +Date: Wed, 12 Feb 2025 17:06:30 -0500 +Subject: [PATCH] iconv: harden UTF-8 output code path against input decoder + bugs + +the UTF-8 output code was written assuming an invariant that iconv's +decoders only emit valid Unicode Scalar Values which wctomb can encode +successfully, thereby always returning a value between 1 and 4. + +if this invariant is not satisfied, wctomb returns (size_t)-1, and the +subsequent adjustments to the output buffer pointer and remaining +output byte count overflow, moving the output position backwards, +potentially past the beginning of the buffer, without storing any +bytes. +--- + src/locale/iconv.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/locale/iconv.c b/src/locale/iconv.c +index 008c93f0..52178950 100644 +--- a/src/locale/iconv.c ++++ b/src/locale/iconv.c +@@ -545,6 +545,10 @@ size_t iconv(iconv_t cd, char **restrict in, size_t *restrict inb, char **restri + if (*outb < k) goto toobig; + memcpy(*out, tmp, k); + } else k = wctomb_utf8(*out, c); ++ /* This failure condition should be unreachable, but ++ * is included to prevent decoder bugs from translating ++ * into advancement outside the output buffer range. */ ++ if (k>4) goto ilseq; + *out += k; + *outb -= k; + break; +-- +2.21.0 + + diff --git a/swift-ci/sdks/static-linux/scripts/build.sh b/swift-ci/sdks/static-linux/scripts/build.sh index 22c3a966..1ce2f3d7 100755 --- a/swift-ci/sdks/static-linux/scripts/build.sh +++ b/swift-ci/sdks/static-linux/scripts/build.sh @@ -97,7 +97,7 @@ function declare_package } declare_package static_linux_sdk \ - "Swift statically linked SDK for Linux" \ + "Swift Static SDK for Linux" \ "Apache-2.0" "https://swift.org/install/sdk" declare_package swift "swift" "Apache-2.0" "https://swift.org" declare_package musl "musl" "MIT" "https://musl.org" @@ -109,9 +109,13 @@ declare_package curl "curl" "MIT" "https://curl.se" declare_package boringssl "boringssl" "OpenSSL AND ISC AND MIT" \ "https://boringssl.googlesource.com/boringssl/" declare_package zlib "zlib" "Zlib" "https://zlib.net" +declare_package bzip2 "bzip2" "bzip2-1.0.6" "https://sourceware.org/bzip2/" +declare_package xz "XZ Utils" "0BSD" "https://tukaani.org/xz" +declare_package libarchive "libarchive" "BSD-2-Clause" "https://www.libarchive.org" +declare_package mimalloc "mimalloc" "MIT" "https://microsoft.github.io/mimalloc/" # Parse command line arguments -static_linux_sdk_version=0.0.1 +static_linux_sdk_version=0.1.0 sdk_name= archs=x86_64,aarch64 build_type=RelWithDebInfo @@ -233,6 +237,15 @@ boringssl_version=$(describe ${source_dir}/boringssl) zlib_version=$(versionFromTag ${source_dir}/zlib) +bzip2_desc=$(describe ${source_dir}/bzip2) +bzip2_version=${bzip2_desc#bzip2-} + +libarchive_version=$(versionFromTag ${source_dir}/libarchive) + +mimalloc_version=$(versionFromTag ${source_dir}/mimalloc) + +xz_version=$(versionFromTag ${source_dir}/xz) + function quiet_pushd { pushd "$1" >/dev/null 2>&1 } @@ -258,6 +271,10 @@ echo " - libxml2 ${libxml2_version}" echo " - curl ${curl_version}" echo " - BoringSSL ${boringssl_version}" echo " - zlib ${zlib_version}" +echo " - bzip2 ${bzip2_version}" +echo " - xz ${xz_version}" +echo " - libarchive ${libarchive_version}" +echo " - mimalloc ${mimalloc_version}" function run() { echo "$@" @@ -297,6 +314,19 @@ else exit 1 fi +echo "Applying Musl security patches... " +for patch in $(realpath "${resource_dir}/patches/musl")/*; do + echo -n " $(basename $patch)..." + if git -C ${source_dir}/musl apply --reverse --check "$patch" >/dev/null 2>&1; then + echo "already patched" + elif git -C ${source_dir}/musl apply "$patch" >/dev/null 2>&1; then + echo "done" + else + echo "failed" + exit 1 + fi +done + # ----------------------------------------------------------------------- header "Patching BoringSSL" @@ -367,7 +397,7 @@ for arch in $archs; do cat > $sdk_root/SDKSettings.json < info.json <|--swift-tag |--swift-version ] - [--musl-version ] [--libxml2-version ] - [--curl-version ] [--boringssl-version ] + [--bzip2-version ] + [--curl-version ] + [--libarchive-version ] + [--libxml2-version ] + [--mimalloc-version ] + [--musl-version ] + [--xz-version ] [--zlib-version ] [--clone-with-ssh] [--source-dir ] @@ -72,10 +77,14 @@ SDK for Swift. Options are: If starts with "scheme:" or "tag:", it will select a scheme or tag; otherwise it will be treated as a version number. - --musl-version - --libxml2-version - --curl-version --boringssl-version + --bzip2-version + --curl-version + --libarchive-version + --libxml2-version + --mimalloc-version + --musl-version + --xz-version --zlib-version Select the versions of other dependencies. EOF @@ -89,17 +98,29 @@ if [[ -z "${MUSL_VERSION}" ]]; then MUSL_VERSION=1.2.5 fi if [[ -z "${LIBXML2_VERSION}" ]]; then - LIBXML2_VERSION=2.12.7 + LIBXML2_VERSION=2.14.5 fi if [[ -z "${CURL_VERSION}" ]]; then - CURL_VERSION=8.7.1 + CURL_VERSION=8.15.0 fi if [[ -z "${BORINGSSL_VERSION}" ]]; then - BORINGSSL_VERSION=fips-20220613 + BORINGSSL_VERSION=817ab07ebb53da35afea409ab9328f578492832d fi if [[ -z "${ZLIB_VERSION}" ]]; then ZLIB_VERSION=1.3.1 fi +if [[ -z "${BZIP2_VERSION}" ]]; then + BZIP2_VERSION=1.0.8 +fi +if [[ -z "${LIBARCHIVE_VERSION}" ]]; then + LIBARCHIVE_VERSION=3.8.1 +fi +if [[ -z "${MIMALLOC_VERSION}" ]]; then + MIMALLOC_VERSION=2.2.4 +fi +if [[ -z "${XZ_VERSION}" ]]; then + XZ_VERSION=5.8.1 +fi clone_with_ssh=false while [ "$#" -gt 0 ]; do @@ -120,6 +141,14 @@ while [ "$#" -gt 0 ]; do BORINGSSL_VERSION="$2"; shift ;; --zlib-version) ZLIB_VERSION="$2"; shift ;; + --bzip2-version) + BZIP2_VERSION="$2"; shift ;; + --libarchive-version) + LIBARCHIVE_VERSION="$2"; shift ;; + --mimalloc-version) + MIMALLOC_VERSION="$2"; shift ;; + --xz-version) + XZ_VERSION="$2"; shift ;; --clone-with-ssh) clone_with_ssh=true ;; --source-dir) @@ -208,3 +237,35 @@ header "Fetching zlib" pushd zlib >/dev/null 2>&1 git checkout v${ZLIB_VERSION} popd >/dev/null 2>&1 + +# Fetch bzip2 +header "Fetching bzip2" + +[[ -d bzip2 ]] | git clone git://sourceware.org/git/bzip2.git +pushd bzip2 >/dev/null 2>&1 +git checkout bzip2-${BZIP2_VERSION} +popd >/dev/null 2>&1 + +# Fetch libarchive +header "Fetching libarchive" + +[[ -d libarchive ]] | git clone ${github}libarchive/libarchive.git +pushd libarchive >/dev/null 2>&1 +git checkout v${LIBARCHIVE_VERSION} +popd >/dev/null 2>&1 + +# Fetch mimalloc +header "Fetching mimalloc" + +[[ -d mimalloc ]] | git clone ${github}microsoft/mimalloc.git +pushd mimalloc >/dev/null 2>&1 +git checkout v${MIMALLOC_VERSION} +popd + +# Fetch xz-utils +header "Fetching xz" + +[[ -d xz ]] | git clone ${github}tukaani-project/xz.git +pushd xz >/dev/null 2>&1 +git checkout v${XZ_VERSION} +popd From 1f988e423f8cd69b79db92fce233febca0ef11b6 Mon Sep 17 00:00:00 2001 From: Justice Adams <107649528+justice-adams-apple@users.noreply.github.com> Date: Tue, 10 Feb 2026 11:01:45 -0800 Subject: [PATCH 09/10] Add Bootstrap Verification Images (#525) * [ubuntu 2404] add image for 6.2 bootstrap verification * [amazonlinux2023] add image for 6.2 bootstrap verification * use aarch suffix so dockerfile can be reused * install which in 2023 verification image * fix newline in ubuntu --- .../2023/Verification/6.2/Dockerfile | 78 +++++++++++++++++++ .../ubuntu/24.04/Verification/6.2/Dockerfile | 78 +++++++++++++++++++ 2 files changed, 156 insertions(+) create mode 100644 swift-ci/main/amazon-linux/2023/Verification/6.2/Dockerfile create mode 100644 swift-ci/main/ubuntu/24.04/Verification/6.2/Dockerfile diff --git a/swift-ci/main/amazon-linux/2023/Verification/6.2/Dockerfile b/swift-ci/main/amazon-linux/2023/Verification/6.2/Dockerfile new file mode 100644 index 00000000..2e085787 --- /dev/null +++ b/swift-ci/main/amazon-linux/2023/Verification/6.2/Dockerfile @@ -0,0 +1,78 @@ +FROM amazonlinux:2023 + +RUN yum install shadow-utils -y + +RUN groupadd -g 998 build-user && \ + useradd -m -r -u 42 -g build-user build-user + +RUN yum -y group install "development tools" +RUN yum -y install \ + cmake \ + ninja-build \ + curl-devel \ + gcc-c++ \ + clang \ + git \ + libbsd-devel \ + libedit-devel \ + libicu-devel \ + libuuid-devel \ + libxml2-devel \ + ncurses-devel \ + pkgconfig \ + procps-ng \ + python3 \ + python3-devel \ + python3-distro \ + python3-setuptools \ + python-pip \ + rsync \ + sqlite-devel \ + swig \ + tzdata \ + unzip \ + zip \ + lld \ + diffutils \ + which + +RUN mkdir -p /usr/local/lib/python3.7/site-packages/ + +COPY swift-ci/dependencies/requirements.txt /dependencies/ +RUN pip3 install -r /dependencies/requirements.txt +RUN pip3 install six + +ARG SWIFT_PLATFORM=amazon-linux2023 +ARG SWIFT_VERSION=6.2 +ARG SWIFT_WEBROOT=https://download.swift.org +ARG SWIFT_PREFIX=/opt/swift/${SWIFT_VERSION} + +ENV SWIFT_PLATFORM=$SWIFT_PLATFORM \ + SWIFT_VERSION=$SWIFT_VERSION \ + SWIFT_WEBROOT=$SWIFT_WEBROOT \ + SWIFT_PREFIX=$SWIFT_PREFIX + +RUN set -e; \ + ARCH_NAME="$(rpm --eval '%{_arch}')"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'x86_64') \ + OS_ARCH_SUFFIX=''; \ + ;; \ + 'aarch64') \ + OS_ARCH_SUFFIX='-aarch64'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac; \ + SWIFT_BIN_URL="$SWIFT_WEBROOT/tmp-ci-nightly/development/swift-6.2-bootstrap/amazonlinux2023$OS_ARCH_SUFFIX/latest.tar.gz" \ + && curl -fsSL "$SWIFT_BIN_URL" -o swift.tar.gz \ + && mkdir -p $SWIFT_PREFIX \ + && tar -xzf swift.tar.gz --directory $SWIFT_PREFIX \ + && ls -la $SWIFT_PREFIX/usr/lib/ \ + && chmod -R o+r $SWIFT_PREFIX/usr/lib/swift \ + && rm -rf "$GNUPGHOME" swift.tar.gz + +ENV PATH="${SWIFT_PREFIX}/usr/bin:${PATH}" + +USER build-user +WORKDIR /home/build-user diff --git a/swift-ci/main/ubuntu/24.04/Verification/6.2/Dockerfile b/swift-ci/main/ubuntu/24.04/Verification/6.2/Dockerfile new file mode 100644 index 00000000..d23df390 --- /dev/null +++ b/swift-ci/main/ubuntu/24.04/Verification/6.2/Dockerfile @@ -0,0 +1,78 @@ +# This docker image is used to verify the output of the 6.2 bootstrap artifacts by building +# swift on the main branch. They are not bootstrapping a branches source directly +FROM ubuntu:24.04 + +RUN groupadd -g 998 build-user && \ + useradd -m -r -u 998 -g build-user build-user + +ENV DEBIAN_FRONTEND="noninteractive" + +RUN apt-get -y update && apt-get -y install \ + build-essential \ + cmake \ + git \ + icu-devtools \ + libc++-18-dev \ + libc++abi-18-dev \ + libcurl4-openssl-dev \ + libedit-dev \ + libicu-dev \ + libncurses5-dev \ + libpython3-dev \ + libsqlite3-dev \ + libxml2-dev \ + ninja-build \ + pkg-config \ + python3-six \ + python3-pip \ + python3-pkg-resources \ + python3-psutil \ + python3-setuptools \ + rsync \ + swig \ + systemtap-sdt-dev \ + tzdata \ + uuid-dev \ + zip + +COPY swift-ci/dependencies/requirements.txt /dependencies/ +RUN pip3 install -r /dependencies/requirements.txt --break-system-packages + +ARG SWIFT_PLATFORM=ubuntu24.04 +ARG SWIFT_VERSION=6.2 +ARG SWIFT_WEBROOT=https://download.swift.org +ARG SWIFT_PREFIX=/opt/swift/${SWIFT_VERSION} + +ENV SWIFT_PLATFORM=$SWIFT_PLATFORM \ + SWIFT_VERSION=$SWIFT_VERSION \ + SWIFT_WEBROOT=$SWIFT_WEBROOT \ + SWIFT_PREFIX=$SWIFT_PREFIX + +RUN set -e; \ + ARCH_NAME="$(dpkg --print-architecture)"; \ + url=; \ + case "${ARCH_NAME##*-}" in \ + 'amd64') \ + OS_ARCH_SUFFIX=''; \ + ;; \ + 'arm64') \ + OS_ARCH_SUFFIX='-aarch64'; \ + ;; \ + *) echo >&2 "error: unsupported architecture: '$ARCH_NAME'"; exit 1 ;; \ + esac; \ + SWIFT_BIN_URL="$SWIFT_WEBROOT/tmp-ci-nightly/development/swift-6.2-bootstrap/ubuntu2404$OS_ARCH_SUFFIX/latest.tar.gz" \ + && export DEBIAN_FRONTEND=noninteractive \ + && apt-get -q update && apt-get -q install -y curl && rm -rf /var/lib/apt/lists/* \ + && curl -fsSL "$SWIFT_BIN_URL" -o swift.tar.gz \ + && mkdir -p $SWIFT_PREFIX \ + && tar -xzf swift.tar.gz --directory $SWIFT_PREFIX \ + && ls -la $SWIFT_PREFIX/usr/lib/ \ + && chmod -R o+r $SWIFT_PREFIX/usr/lib/swift \ + && rm -rf "$GNUPGHOME" swift.tar.gz \ + && apt-get purge --auto-remove -y curl + +ENV PATH="${SWIFT_PREFIX}/usr/bin:${PATH}" + +USER build-user + +WORKDIR /home/build-user From 5f03bfe625ae1901b322dc8c63f886e225ac80c0 Mon Sep 17 00:00:00 2001 From: Finagolfin Date: Wed, 11 Feb 2026 22:09:11 +0530 Subject: [PATCH 10/10] Build against API 24 with NDK 28 on the github CI Also, cut build time by not unnecessarily removing the corelibs build directories for the linux host each time. --- .github/workflows/pull_request.yml | 153 +++++++++++++++++++++++++ swift-ci/sdks/android/build-docker | 4 +- swift-ci/sdks/android/build-local | 4 +- swift-ci/sdks/android/scripts/build.sh | 2 +- 4 files changed, 158 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pull_request.yml b/.github/workflows/pull_request.yml index 4a0f0046..eede1be9 100644 --- a/.github/workflows/pull_request.yml +++ b/.github/workflows/pull_request.yml @@ -25,3 +25,156 @@ jobs: name: docker-logs path: | *.log + + android-build: + name: Android ${{ matrix.build-type }} ${{ matrix.swift-version }} ${{ matrix.arch }} ${{ matrix.runner }} (compiler=${{ matrix.build-compiler }}) + strategy: + fail-fast: false + matrix: + include: + - swift-version: 'tag:swift-DEVELOPMENT-SNAPSHOT-2026-02-06-a' + build-type: 'docker' + build-compiler: '1' + runner: 'ubuntu-24.04' + - swift-version: 'tag:swift-6.3-DEVELOPMENT-SNAPSHOT-2026-01-29-a' + build-type: 'local' + build-compiler: '1' + runner: 'ubuntu-24.04' + runs-on: ${{ matrix.runner }} + # 16 hour timeout + timeout-minutes: 1080 + steps: + - name: Free Disk Space + run: | + df -h + # brings available space from 25G to 32G + # otherwise we sometimes run out of space during the build + sudo rm -rf /usr/share/miniconda /usr/share/az* /usr/share/glade* /usr/local/share/chromium /usr/local/share/powershell /usr/share/dotnet /opt/ghc /opt/hostedtoolcache /usr/local/graalvm/ /usr/local/.ghcup/ /usr/local/lib/node_modules /usr/local/share/boost + sudo docker image prune --all --force + sudo docker builder prune -a + df -h + - name: Setup + id: config + run: | + # these variabes are used by build-docker and build-local + # to determine which Swift version to build for + echo "SWIFT_VERSION=${{ matrix.swift-version }}" >> $GITHUB_ENV + # pass the build-compiler matrix through to the build script + echo "BUILD_COMPILER=${{ matrix.build-compiler }}" >> $GITHUB_ENV + echo "TARGET_ARCHS=${{ matrix.arch }}" >> $GITHUB_ENV + echo "WORKDIR=${{ runner.temp }}/swift-android-sdk" >> $GITHUB_ENV + - name: Checkout repository + uses: actions/checkout@v4 + - name: Build Android SDK (Local) + if: ${{ matrix.build-type == 'local' }} + working-directory: swift-ci/sdks/android + run: | + sudo apt install -q patchelf build-essential cmake ninja-build python3 golang git gnupg2 libcurl4-openssl-dev libedit-dev libicu-dev libncurses5-dev libpython3-dev libsqlite3-dev libxml2-dev rsync uuid-dev uuid-runtime tzdata curl unzip + ./build-local ${SWIFT_VERSION} ${WORKDIR} + - name: Build Android SDK (Docker) + if: ${{ matrix.build-type == 'docker' }} + working-directory: swift-ci/sdks/android + run: | + ./build-docker ${SWIFT_VERSION} ${WORKDIR} + - name: Install Host Toolchain + if: ${{ matrix.build-type == 'docker' }} + working-directory: swift-ci/sdks/android + run: | + # when building in a Docker container, we don't have a local host toolchain, + # but we need one in order to run the SDK validation tests, so we install it now + HOST_OS=ubuntu$(lsb_release -sr) + source ./scripts/toolchain-vars.sh + mkdir -p ${WORKDIR}/host-toolchain + ./scripts/install-swift.sh ${WORKDIR}/host-toolchain/$SWIFT_BASE/usr + ls ${WORKDIR}/host-toolchain + ${WORKDIR}/host-toolchain/*/usr/bin/swift --version + - name: Get artifact info + id: info + shell: bash + run: | + set -ex + SWIFT_ROOT=$(dirname ${WORKDIR}/host-toolchain/*/usr) + echo "swift-root=${SWIFT_ROOT}" >> $GITHUB_OUTPUT + echo "swift-path=${SWIFT_ROOT}/usr/bin/swift" >> $GITHUB_OUTPUT + + ARTIFACT_PATH=$(realpath ${WORKDIR}/products/*.artifactbundle.tar.gz) + echo "artifact-path=${ARTIFACT_PATH}" >> $GITHUB_OUTPUT + echo "sdk-id=x86_64-unknown-linux-android28" >> $GITHUB_OUTPUT + + ARTIFACT_EXT=".artifactbundle.tar.gz" + ARTIFACT_NAME="$(basename ${ARTIFACT_PATH} ${ARTIFACT_EXT})" + # depending on whether we are building locally or in a container, add a maker to the name + if [[ "${{ matrix.build-type }}" == 'local' ]]; then + ARTIFACT_NAME="${ARTIFACT_NAME}-local" + fi + if [[ "${{ matrix.build-compiler }}" == '1' ]]; then + ARTIFACT_NAME="${ARTIFACT_NAME}-hostbuild" + fi + # artifacts need a unique name so we suffix with the matrix arch(s) + if [[ ! -z "${{ matrix.arch }}" ]]; then + ARTIFACT_NAME="${ARTIFACT_NAME}-$(echo ${{ matrix.arch }} | tr ',' '-')" + fi + ARTIFACT_NAME="${ARTIFACT_NAME}${ARTIFACT_EXT}" + + # There is no way to prevent even a single-file artifact from being zipped: + # https://github.com/actions/upload-artifact?tab=readme-ov-file#zip-archives + # so the actual artifact download will look like: + # swift-6.1-RELEASE_android-0.1-x86_64.artifactbundle.tar.gz.zip + echo "artifact-name=${ARTIFACT_NAME}" >> $GITHUB_OUTPUT + - name: Upload SDK artifactbundle + uses: actions/upload-artifact@v4 + with: + compression-level: 0 + name: ${{ steps.info.outputs.artifact-name }} + path: ${{ steps.info.outputs.artifact-path }} + - name: Cleanup + run: | + # need to free up some space or else when installing we get: No space left on device + df -h + rm -rf ${WORKDIR}/{build,source} + sudo docker image prune --all --force + sudo docker builder prune -a + df -h + - name: Install artifactbundle + shell: bash + run: | + set -ex + ${{ steps.info.outputs.swift-path }} sdk install ${{ steps.info.outputs.artifact-path }} + ${{ steps.info.outputs.swift-path }} sdk configure --show-configuration $(${{ steps.info.outputs.swift-path }} sdk list | head -n 1) ${{ steps.info.outputs.sdk-id }} + # recent releases require that ANDROID_NDK_ROOT *not* be set + # see https://github.com/swiftlang/swift-driver/pull/1879 + echo "ANDROID_NDK_ROOT=" >> $GITHUB_ENV + + - name: Create Demo Project + run: | + cd ${{ runner.temp }} + mkdir DemoProject + cd DemoProject + ${{ steps.info.outputs.swift-path }} --version + ${{ steps.info.outputs.swift-path }} package init + echo 'import Foundation' >> Sources/DemoProject/DemoProject.swift + echo 'import FoundationEssentials' >> Sources/DemoProject/DemoProject.swift + echo 'import FoundationXML' >> Sources/DemoProject/DemoProject.swift + echo 'import FoundationNetworking' >> Sources/DemoProject/DemoProject.swift + echo 'import Dispatch' >> Sources/DemoProject/DemoProject.swift + echo 'import Android' >> Sources/DemoProject/DemoProject.swift + - name: Test Demo Project on Android + uses: skiptools/swift-android-action@main + with: + # only test for the complete arch SDK build to speed up CI + #run-tests: ${{ matrix.arch == '' }} + package-path: ${{ runner.temp }}/DemoProject + installed-sdk: ${{ steps.info.outputs.sdk-id }} + installed-swift: ${{ steps.info.outputs.swift-root }} + + - name: Checkout swift-algorithms + uses: actions/checkout@v4 + with: + repository: apple/swift-algorithms + path: swift-algorithms + - name: Test swift-algorithms + uses: skiptools/swift-android-action@main + with: + package-path: swift-algorithms + installed-sdk: ${{ steps.info.outputs.sdk-id }} + installed-swift: ${{ steps.info.outputs.swift-root }} diff --git a/swift-ci/sdks/android/build-docker b/swift-ci/sdks/android/build-docker index 3b88952c..ba177336 100755 --- a/swift-ci/sdks/android/build-docker +++ b/swift-ci/sdks/android/build-docker @@ -17,8 +17,8 @@ # default architectures to build for TARGET_ARCHS=${TARGET_ARCHS:-aarch64,x86_64,armv7} -ANDROID_NDK_VERSION=android-ndk-r27d -ANDROID_API=28 +ANDROID_NDK_VERSION=android-ndk-r28c +ANDROID_API=24 BASEPATH=$(dirname $(realpath $0)) cd ${BASEPATH} diff --git a/swift-ci/sdks/android/build-local b/swift-ci/sdks/android/build-local index b5f078c5..3e84ff7d 100755 --- a/swift-ci/sdks/android/build-local +++ b/swift-ci/sdks/android/build-local @@ -17,8 +17,8 @@ # default architectures to build for TARGET_ARCHS=${TARGET_ARCHS:-aarch64,x86_64,armv7} -ANDROID_NDK_VERSION=android-ndk-r27d -ANDROID_API=28 +ANDROID_NDK_VERSION=android-ndk-r28c +ANDROID_API=24 BASEPATH=$(dirname $(realpath $0)) cd ${BASEPATH} diff --git a/swift-ci/sdks/android/scripts/build.sh b/swift-ci/sdks/android/scripts/build.sh index b36f08ba..5d9e796d 100755 --- a/swift-ci/sdks/android/scripts/build.sh +++ b/swift-ci/sdks/android/scripts/build.sh @@ -484,7 +484,7 @@ for arch in $archs; do ${build_cmark} \ ${local_build} \ --host-test \ - --skip-test-linux \ + --skip-test-linux --skip-clean-libdispatch --skip-clean-foundation --skip-clean-xctest --skip-clean-testing \ --skip-test-xctest --skip-test-foundation \ --build-swift-static-stdlib \ --swift-install-components='compiler;clang-resource-dir-symlink;license;stdlib;sdk-overlay' \