|
| 1 | +# Edge Python CI/CD |
| 2 | + |
| 3 | +One workflow, [`main.yml`](main.yml), drives the whole monorepo, so the Actions tab |
| 4 | +shows a single "CI / CD" run per push/PR with every job as a node in one graph. Each |
| 5 | +package's logic lives in a **composite action** under [`../actions/`](../actions); |
| 6 | +`main.yml` only wires the dependency graph. The composite actions are not workflows |
| 7 | +and do not appear in the Actions tab. |
| 8 | + |
| 9 | +``` |
| 10 | +compiler-check ┐ |
| 11 | +runtime-lint ─┴─► compiler ─► runtime ─┬─► host (matrix) ─┐ |
| 12 | + └─► std (matrix) ─┤ |
| 13 | +cli-release (matrix, starts at t=0) ───────────────────────┴─► cli-test |
| 14 | + │ (push to main) |
| 15 | + cdn ◄── demo ◄── docs ◄───────────┘ |
| 16 | + (docs builds on every run; deploys only on push to main) |
| 17 | +``` |
| 18 | + |
| 19 | +`compiler-check`, `runtime-lint` and `cli-release` start at t=0. If any job fails the |
| 20 | +dependents never run (`needs:`), so a red build stops the deploys, including the docs |
| 21 | +deploy. The |
| 22 | +`host` and `std` matrices use `fail-fast: false` so one capability / package failure |
| 23 | +still reports the others. `cli-release` is the slow heavy build, so it starts |
| 24 | +immediately and `cli-test` waits on `host`, `std`, and the release artifacts. |
| 25 | + |
| 26 | +## Composite actions |
| 27 | + |
| 28 | +| Action | Inputs | Role | |
| 29 | +|--------|--------|------| |
| 30 | +| `compiler` | `mode: check\|build` | check: `cargo shear` + clippy (host and wasm targets). build: build + optimize `compiler_lib.wasm`, test, upload the artifact (and attach it to the GitHub Release on tags) | |
| 31 | +| `runtime` | `mode: lint\|test` | lint: `deno lint runtime/`. test: Deno + Playwright suite (Chromium driving `createWorker` against the CDN wasm) | |
| 32 | +| `host` | `capability` | Deno-lints and smoke-tests one capability (`dom`, `network`, `storage`, `time`) in headless Chromium. All JS, no release | |
| 33 | +| `std` | `package` | Clippy + build + optimize + corpus test for one stdpkg (`json`, `re`, `math` as wasm; `test` is pure Edge Python, so it skips the wasm build and only runs the corpus). Stages `<pkg>.wasm` / `<pkg>.py`. No release | |
| 34 | +| `cli` | `mode: release\|test`, `target` | release: lint/check (once) + `cargo build --release` per target → tarball artifact. test: `cargo test` (drives a real Chromium) | |
| 35 | +| `demo` | CF token + account | Hashes deps into `version.json` (cache-busting), builds Tailwind, deploys `demo/` to `edge-python-demo` | |
| 36 | +| `docs` | `deploy`, CF token + account | `npm ci` + `next build` static export (`docs/out`, sitemap via `postbuild`). Deploys to `edge-python-docs` only when `deploy=true` | |
| 37 | +| `cdn-deploy` | CF token + account | Pulls every artifact, stages `./compiler ./runtime ./std ./host ./cli`, one `wrangler pages deploy` to `edge-python-cdn` | |
| 38 | + |
| 39 | +## Cloudflare Pages |
| 40 | + |
| 41 | +Three **Direct Upload** projects. Actions push prebuilt directories via |
| 42 | +`wrangler pages deploy`; Cloudflare doesn't clone or build. |
| 43 | + |
| 44 | +| Project | Source | Production URL | |
| 45 | +|---------|--------|----------------| |
| 46 | +| `edge-python-cdn` | `_site/{compiler,runtime,std,host,cli}` (consolidates the old per-package `-runtime` / `-host` / `-std` projects) | `https://edge-python-cdn.pages.dev` | |
| 47 | +| `edge-python-demo` | `demo/` (wasm hashed for `version.json`, not bundled) | `https://edge-python-demo.pages.dev` | |
| 48 | +| `edge-python-docs` | `docs/out` (Nextra static export) | `https://edgepython.com` (custom domain; also `https://edge-python-docs.pages.dev`) | |
| 49 | + |
| 50 | +All deploys run **only on pushes to `main`** and are pinned to the production `main` |
| 51 | +branch. PRs and tags never deploy; the next `main` push refreshes the projects. |
| 52 | + |
| 53 | +### Cloudflare and GitHub setup |
| 54 | + |
| 55 | +```bash |
| 56 | +# Wrangler CLI (Node 22+) |
| 57 | +npx wrangler login |
| 58 | +npx wrangler pages project create edge-python-cdn --production-branch=main |
| 59 | +npx wrangler pages project create edge-python-demo --production-branch=main |
| 60 | +npx wrangler pages project create edge-python-docs --production-branch=main |
| 61 | +``` |
| 62 | + |
| 63 | +`edge-python-docs` serves `edgepython.com` (replacing the old Mintlify docs): after |
| 64 | +the first deploy, add `edgepython.com` as a custom domain on the project |
| 65 | +(Pages -> Custom domains) and remove it from Mintlify. |
| 66 | + |
| 67 | +Repo secrets (*Settings -> Secrets and variables -> Actions*): |
| 68 | + |
| 69 | +- `CLOUDFLARE_API_TOKEN`, `Account -> Cloudflare Pages -> Edit`. Create via dashboard: <https://dash.cloudflare.com/profile/api-tokens>. |
| 70 | +- `CLOUDFLARE_ACCOUNT_ID`, from `npx wrangler whoami` or any dashboard sidebar. |
| 71 | + |
| 72 | +Rotate: create new token -> update secret -> revoke old token. |
| 73 | + |
| 74 | +## Releases |
| 75 | + |
| 76 | +Pushing a `v*` tag runs the pipeline; the `compiler` build job uploads |
| 77 | +`compiler_lib.wasm` to the matching Release. Tag must match workspace version. |
| 78 | + |
| 79 | +1. Bump `version` under `[workspace.package]` in root `Cargo.toml` (every crate inherits via `version.workspace = true`). Run `cargo check` to refresh `Cargo.lock`, commit. |
| 80 | +2. Tag and push: |
| 81 | + |
| 82 | +```bash |
| 83 | +git tag v0.1.0 |
| 84 | +git push origin v0.1.0 |
| 85 | +``` |
| 86 | + |
| 87 | +On tag push: `compiler-check` lints, then the `compiler` build job optimizes the |
| 88 | +artifact and attaches it to a fresh Release with auto-generated notes. The CDN, demo |
| 89 | +and docs deploys do not run on tags; they already deployed from the preceding `main` push. |
| 90 | + |
| 91 | +Nothing is published to crates.io, distribution is the `.wasm` on the Release. |
| 92 | +`starter-module` carries its own version and isn't bumped with the workspace. |
| 93 | + |
| 94 | +Consumer crates pick up the release automatically: `compiler/Cargo.toml` declares |
| 95 | +`links = "compiler_lib"` and `compiler/build.rs` downloads |
| 96 | +`<repository>/releases/download/v<version>/compiler_lib.wasm` into `OUT_DIR`. |
| 97 | +Downstreams read `DEP_COMPILER_LIB_WASM` in their own `build.rs`, see |
| 98 | +[root README](../../README.md#consume-the-release-from-a-rust-host). Tag bumps flow via `cargo update`. |
| 99 | + |
| 100 | +Gated behind the default-on `prebuilt` feature. Producer-side compiler steps pass |
| 101 | +`--no-default-features` to avoid fetching the asset that this same pipeline uploads later. |
0 commit comments