oli/rdbms-playground
1
0
Fork 0
Code Issues 4 Pull Requests Actions Packages Projects Releases 1 Wiki Activity
Files
9a126782f17abdd4b34b4f1d1357212af3eb56fa
rdbms-playground/.gitea/workflows/macos-probe.yaml
T
claude@clouddev1 9a126782f1
macos-build-test / build (push) Successful in 2m11s
Details
build-ci-image / build (push) Successful in 9m49s
Details
ci / gate (push) Successful in 2m50s
Details
ci: de-nix macOS binary libiconv via install_name_tool + re-sign 
libiconv is the only /nix/store dep the darwin stdenv bakes in (everything
else is system frameworks + libSystem/libobjc). The smoke-test now rewrites
that load path to /usr/lib/libiconv.2.dylib (ABI-compatible, present on
every Mac), re-signs ad-hoc (install_name_tool breaks the sig; arm64
requires a valid one), then verifies no /nix/store paths remain, the
signature is valid, and the native binary launches. Flake comment updated
to reflect the propagated-libiconv reality.
2026-06-14 21:43:01 +00:00

61 lines
2.5 KiB
YAML
Raw Blame History

# THROWAWAY build smoke-test for the macOS (Tart) runner. Verifies both
# *-apple-darwin targets actually compile and link (incl. arboard's AppKit)
# through the flake on the real Mac, before the full release-macos workflow is
# wired. Delete once that lands.
#
# Push-triggered (workflow_dispatch only works for workflows on the default
# branch; our CI is on `ci`). Runs when the flake/toolchain or this file change.
# Bring the Mac up before pushing so the run isn't left queued.
name: macos-build-test
on:
push:
paths:
- '.gitea/workflows/macos-probe.yaml'
- 'flake.nix'
- 'rust-toolchain.toml'
workflow_dispatch:
jobs:
build:
# Label NAME only — `:host` in the runner registration is the execution
# backend (run on host), not part of the label.
runs-on: macos
env:
# Guarantee flakes regardless of the Mac's nix config.
NIX_CONFIG: "experimental-features = nix-command flakes"
steps:
- uses: actions/checkout@v4
- name: build, de-nix, sign, verify both darwin targets
run: |
set -e
for t in aarch64-apple-darwin x86_64-apple-darwin; do
echo "==================== $t ===================="
nix develop -c cargo build --release --target "$t"
f="target/$t/release/rdbms-playground"
# The darwin stdenv bakes a /nix/store libiconv load path into the
# binary. Rewrite it to the system libiconv (every Mac has it, ABI-
# compatible), then re-sign ad-hoc — install_name_tool invalidates
# the signature and arm64 won't run an unsigned/broken-sig binary.
for l in $(otool -L "$f" | awk '/\/nix\/store.*libiconv.*dylib/ {print $1}'); do
echo "rewrite $l -> /usr/lib/libiconv.2.dylib"
install_name_tool -change "$l" /usr/lib/libiconv.2.dylib "$f"
done
codesign --force --sign - "$f"
echo "--- linked libs ---"; otool -L "$f"
if otool -L "$f" | grep -q /nix/store; then
echo "ERROR: $t still links a /nix/store dylib"; exit 1
fi
codesign --verify --verbose=2 "$f" && echo "signature OK"
# Smoke-run the natively-runnable target (this VM is arm64).
if [ "$t" = "aarch64-apple-darwin" ]; then
echo "--- run --help ---"; "$f" --help | head -1
else
echo "(skip run: $t needs Rosetta)"
fi
echo "OK: $t portable"
done
echo "=== both darwin targets built, de-nixed, signed, verified ==="
Reference in New Issue View Git Blame Copy Permalink