From 9df81b72836fa2d55d12d1383f6e61f52add3b4b Mon Sep 17 00:00:00 2001
From: Fabian Meumertzheim <meumertzheim@code-intelligence.com>
Date: Wed, 5 Jan 2022 13:24:34 +0100
Subject: Pin XCode config

---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index b2d5566d..d4f65438 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -16,7 +16,7 @@ jobs:
             bazel_args: "--config=toolchain --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-linux"
           - os: macos-10.15
             arch: "macos-x86_64"
-            bazel_args: "--config=toolchain --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-darwin"
+            bazel_args: "--config=toolchain --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-darwin --xcode_version_config=//.github:host_xcodes"
           - os: windows-2016
             arch: "windows"
             bazel_args: ""
-- 
cgit v1.2.3


From 997c203566350fa313dbd3d7119725387b190e3e Mon Sep 17 00:00:00 2001
From: Fabian Meumertzheim <fabian@meumertzhe.im>
Date: Thu, 20 Jan 2022 15:54:34 +0100
Subject: Rely on JAVA_HOME to select the JDK

Bazel defaults to using the local JDK to run tests and respects
JAVA_HOME, which we already set in the CI.

Also adds CI jobs that print the particular JDK used for verification.
---
 .github/workflows/release.yml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index d4f65438..e0d9b593 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,10 +31,14 @@ jobs:
 
       - name: Build
         run: |
-          bazelisk build --config=ci --remote_header=x-buildbuddy-api-key=${{ secrets.BUILDBUDDY_API_KEY }} --java_runtime_version=localjdk_${{ matrix.jdk }} ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
+          bazelisk build --config=ci --remote_header=x-buildbuddy-api-key=${{ secrets.BUILDBUDDY_API_KEY }} ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
           cp -L bazel-bin/agent/src/main/java/com/code_intelligence/jazzer/replay/Replayer_deploy.jar replayer.jar
           cp -L bazel-bin/jazzer_release.tar.gz release-${{ matrix.arch }}.tar.gz
 
+      - name: Print JDK used
+        if: matrix.os != 'windows-2016'
+        run: cat $(bazel info execution_root)/external/local_jdk/BUILD.bazel | grep java_home
+
       - name: Upload replayer
         uses: actions/upload-artifact@v2
         with:
-- 
cgit v1.2.3


From cb7cfc653565b02ab049085afc21935f558e2a4a Mon Sep 17 00:00:00 2001
From: Fabian Meumertzheim <fabian@meumertzhe.im>
Date: Thu, 27 Jan 2022 09:50:55 +0100
Subject: Disable BuildBuddy integration

GitHub Actions does not emit secrets into workflow started from forks,
which results in the BuildBuddy authorization header being empty for PRs
of external contributors. Rather than interpreting such requests as
unauthenticated, BuildBuddy errors out:
ERROR: The Build Event Protocol upload failed: Not retrying publishBuildEvents, no more attempts left: status='Status{code=UNAUTHENTICATED, description=failed to parse API key: missing API Key, cause=null}' UNAUTHENTICATED: UNAUTHENTICATED: failed to parse API key: missing API Key UNAUTHENTICATED: UNAUTHENTICATED: failed to parse API key: missing API Key

At this point (as we are not using Remote Build Execution, just build
result upload), I don't see a reason to further complicate our CI setup
by setting the header conditionally. Rather, just disable the upload for
now.
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index e0d9b593..10280370 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,7 +31,7 @@ jobs:
 
       - name: Build
         run: |
-          bazelisk build --config=ci --remote_header=x-buildbuddy-api-key=${{ secrets.BUILDBUDDY_API_KEY }} ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
+          bazelisk build ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
           cp -L bazel-bin/agent/src/main/java/com/code_intelligence/jazzer/replay/Replayer_deploy.jar replayer.jar
           cp -L bazel-bin/jazzer_release.tar.gz release-${{ matrix.arch }}.tar.gz
 
-- 
cgit v1.2.3


From fbbdfd5361176bbe0a34d003367ea848e27e9d82 Mon Sep 17 00:00:00 2001
From: Fabian Meumertzheim <fabian@meumertzhe.im>
Date: Thu, 27 Jan 2022 08:40:58 +0100
Subject: Re-enable pinning local JDK versions in CI

This ensures that Bazel indeed runs with the expected version of the
JDK. This previously didn't work because I missed a typo in the
migration notes (localjdk instead of local_jdk).
---
 .github/workflows/release.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 10280370..700f83b6 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -31,7 +31,7 @@ jobs:
 
       - name: Build
         run: |
-          bazelisk build ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
+          bazelisk build --java_runtime_version=local_jdk_8 ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
           cp -L bazel-bin/agent/src/main/java/com/code_intelligence/jazzer/replay/Replayer_deploy.jar replayer.jar
           cp -L bazel-bin/jazzer_release.tar.gz release-${{ matrix.arch }}.tar.gz
 
-- 
cgit v1.2.3


From 5c2495388edc6f7a27c2b18233041786f1d1526c Mon Sep 17 00:00:00 2001
From: Norbert Schneider <norbert.schneider@code-intelligence.com>
Date: Wed, 23 Feb 2022 09:10:47 +0100
Subject: Enable BuildBuddy integration

Enable BuildBuddy integration when the API key is available in the
workflow. Forks should still be able to execute the workflow without
piping logs to BuildBuddy.

This is done by setting the environment variable BUILD_BUDDY_CONFIG
based on the API secret. The script echoBuildBuddyConfig returns an
environment config stating the needed bazel settings if the API token is
passed in as first argument, otherwise an empty string is returned. The
return value is used to update the workflow environment settings.

The passed around secret is filtered out in the GitHub logs.
---
 .github/workflows/release.yml | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 700f83b6..4667727c 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -29,9 +29,13 @@ jobs:
         with:
           java-version: 8
 
+      - name: Set Build Buddy config
+        run: .github/scripts/echoBuildBuddyConfig.sh ${{ secrets.BUILDBUDDY_API_KEY }} >> $GITHUB_ENV
+        shell: bash
+
       - name: Build
         run: |
-          bazelisk build --java_runtime_version=local_jdk_8 ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
+          bazelisk build ${{env.BUILD_BUDDY_CONFIG}} --java_runtime_version=local_jdk_8 ${{ matrix.bazel_args }} //agent/src/main/java/com/code_intelligence/jazzer/replay:Replayer_deploy.jar //:jazzer_release
           cp -L bazel-bin/agent/src/main/java/com/code_intelligence/jazzer/replay/Replayer_deploy.jar replayer.jar
           cp -L bazel-bin/jazzer_release.tar.gz release-${{ matrix.arch }}.tar.gz
 
@@ -87,4 +91,3 @@ jobs:
         with:
           name: replayer
           path: replayer.jar
-
-- 
cgit v1.2.3


From 3b40a06f7296c0a5baf809a70b73afe1eff49f72 Mon Sep 17 00:00:00 2001
From: Norbert Schneider <norbert.schneider@code-intelligence.com>
Date: Thu, 28 Apr 2022 16:05:13 +0200
Subject: Use same runners in release as in test workflow

windows-2016 runners were
removed (https://github.com/actions/virtual-environments/issues/4312)
---
 .github/workflows/release.yml | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 4667727c..bde7ec68 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -4,12 +4,11 @@ on:
   workflow_dispatch:
 
 jobs:
-
   build_release:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
-        os: [ubuntu-latest, macos-10.15, windows-2016]
+        os: [ubuntu-latest, macos-10.15, windows-2019]
         include:
           - os: ubuntu-latest
             arch: "linux"
@@ -17,7 +16,7 @@ jobs:
           - os: macos-10.15
             arch: "macos-x86_64"
             bazel_args: "--config=toolchain --extra_toolchains=@llvm_toolchain//:cc-toolchain-x86_64-darwin --xcode_version_config=//.github:host_xcodes"
-          - os: windows-2016
+          - os: windows-2019
             arch: "windows"
             bazel_args: ""
 
-- 
cgit v1.2.3


From 42a5f511a2719c8ee289c24f396a11cf997753a8 Mon Sep 17 00:00:00 2001
From: Norbert Schneider <norbert.schneider@code-intelligence.com>
Date: Thu, 28 Apr 2022 16:33:35 +0200
Subject: Remove JDK debug output in workflows

---
 .github/workflows/release.yml | 4 ----
 1 file changed, 4 deletions(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index bde7ec68..6fa7db73 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -38,10 +38,6 @@ jobs:
           cp -L bazel-bin/agent/src/main/java/com/code_intelligence/jazzer/replay/Replayer_deploy.jar replayer.jar
           cp -L bazel-bin/jazzer_release.tar.gz release-${{ matrix.arch }}.tar.gz
 
-      - name: Print JDK used
-        if: matrix.os != 'windows-2016'
-        run: cat $(bazel info execution_root)/external/local_jdk/BUILD.bazel | grep java_home
-
       - name: Upload replayer
         uses: actions/upload-artifact@v2
         with:
-- 
cgit v1.2.3


From 3b473ad5b2a142150e3a9182b5670b160261f2c8 Mon Sep 17 00:00:00 2001
From: Norbert Schneider <norbert.schneider@code-intelligence.com>
Date: Thu, 28 Apr 2022 17:23:26 +0200
Subject: Fix replayer names in release workflow

---
 .github/workflows/release.yml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to '.github/workflows/release.yml')

diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
index 6fa7db73..2cbfbaae 100644
--- a/.github/workflows/release.yml
+++ b/.github/workflows/release.yml
@@ -8,6 +8,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     strategy:
       matrix:
+        # Keep arch names in sync with replayer download and merge
         os: [ubuntu-latest, macos-10.15, windows-2019]
         include:
           - os: ubuntu-latest
@@ -58,8 +59,8 @@ jobs:
       - name: Download macOS jar
         uses: actions/download-artifact@v2
         with:
-          name: replayer_darwin
-          path: replayer_darwin
+          name: replayer_macos-x86_64
+          path: replayer_macos-x86_64
 
       - name: Download Linux jar
         uses: actions/download-artifact@v2
@@ -76,7 +77,7 @@ jobs:
       - name: Merge jars
         run: |
           mkdir merged
-          unzip -o replayer_darwin/replayer.jar -d merged
+          unzip -o replayer_macos-x86_64/replayer.jar -d merged
           unzip -o replayer_linux/replayer.jar -d merged
           unzip -o replayer_windows/replayer.jar -d merged
           jar cvmf merged/META-INF/MANIFEST.MF replayer.jar -C merged .
-- 
cgit v1.2.3