@@ -378,12 +378,168 @@ jobs:
378378 path : artifacts/*.tar.gz
379379 retention-days : 5
380380
381+ # ---------------------------------------------------------------------------
382+ # Build standalone gateway binaries (Linux GNU — native on each arch)
383+ # ---------------------------------------------------------------------------
384+ build-gateway-binary-linux :
385+ name : Build Gateway Binary (Linux ${{ matrix.arch }})
386+ needs : [compute-versions]
387+ strategy :
388+ matrix :
389+ include :
390+ - arch : amd64
391+ runner : build-amd64
392+ target : x86_64-unknown-linux-gnu
393+ - arch : arm64
394+ runner : build-arm64
395+ target : aarch64-unknown-linux-gnu
396+ runs-on : ${{ matrix.runner }}
397+ timeout-minutes : 60
398+ container :
399+ image : ghcr.io/nvidia/openshell/ci:latest
400+ credentials :
401+ username : ${{ github.actor }}
402+ password : ${{ secrets.GITHUB_TOKEN }}
403+ options : --privileged
404+ env :
405+ MISE_GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
406+ SCCACHE_MEMCACHED_ENDPOINT : ${{ vars.SCCACHE_MEMCACHED_ENDPOINT }}
407+ steps :
408+ - uses : actions/checkout@v4
409+ with :
410+ fetch-depth : 0
411+
412+ - name : Mark workspace safe for git
413+ run : git config --global --add safe.directory "$GITHUB_WORKSPACE"
414+
415+ - name : Fetch tags
416+ run : git fetch --tags --force
417+
418+ - name : Install tools
419+ run : mise install
420+
421+ - name : Cache Rust target and registry
422+ uses : Swatinem/rust-cache@779680da715d629ac1d338a641029a2f4372abb5 # v2
423+ with :
424+ shared-key : gateway-binary-gnu-${{ matrix.arch }}
425+ cache-directories : .cache/sccache
426+ cache-targets : " true"
427+
428+ - name : Scope workspace to gateway crates
429+ run : |
430+ set -euo pipefail
431+ sed -i 's|members = \["crates/\*"\]|members = ["crates/openshell-server", "crates/openshell-core", "crates/openshell-driver-kubernetes", "crates/openshell-policy", "crates/openshell-router"]|' Cargo.toml
432+
433+ name : Patch workspace version
434+ if : needs.compute-versions.outputs.cargo_version != ''
435+ run : |
436+ set -euo pipefail
437+ sed -i -E '/^\[workspace\.package\]/,/^\[/{s/^version[[:space:]]*=[[:space:]]*".*"/version = "'"${{ needs.compute-versions.outputs.cargo_version }}"'"/}' Cargo.toml
438+
439+ name : Build ${{ matrix.target }}
440+ run : |
441+ set -euo pipefail
442+ mise x -- cargo build --release --target ${{ matrix.target }} -p openshell-server --bin openshell-gateway
443+
444+ name : Verify packaged binary
445+ run : |
446+ set -euo pipefail
447+ OUTPUT="$(target/${{ matrix.target }}/release/openshell-gateway --version)"
448+ echo "$OUTPUT"
449+ grep -q '^openshell-gateway ' <<<"$OUTPUT"
450+
451+ name : sccache stats
452+ if : always()
453+ run : mise x -- sccache --show-stats
454+
455+ - name : Package binary
456+ run : |
457+ set -euo pipefail
458+ mkdir -p artifacts
459+ tar -czf artifacts/openshell-gateway-${{ matrix.target }}.tar.gz \
460+ -C target/${{ matrix.target }}/release openshell-gateway
461+ ls -lh artifacts/
462+
463+ name : Upload artifact
464+ uses : actions/upload-artifact@v4
465+ with :
466+ name : gateway-binary-linux-${{ matrix.arch }}
467+ path : artifacts/*.tar.gz
468+ retention-days : 5
469+
470+ # ---------------------------------------------------------------------------
471+ # Build standalone gateway binary (macOS aarch64 via osxcross)
472+ # ---------------------------------------------------------------------------
473+ build-gateway-binary-macos :
474+ name : Build Gateway Binary (macOS)
475+ needs : [compute-versions]
476+ runs-on : build-amd64
477+ timeout-minutes : 60
478+ container :
479+ image : ghcr.io/nvidia/openshell/ci:latest
480+ credentials :
481+ username : ${{ github.actor }}
482+ password : ${{ secrets.GITHUB_TOKEN }}
483+ options : --privileged
484+ volumes :
485+ - /var/run/docker.sock:/var/run/docker.sock
486+ env :
487+ MISE_GITHUB_TOKEN : ${{ secrets.GITHUB_TOKEN }}
488+ SCCACHE_MEMCACHED_ENDPOINT : ${{ vars.SCCACHE_MEMCACHED_ENDPOINT }}
489+ steps :
490+ - uses : actions/checkout@v4
491+ with :
492+ fetch-depth : 0
493+
494+ - name : Mark workspace safe for git
495+ run : git config --global --add safe.directory "$GITHUB_WORKSPACE"
496+
497+ - name : Fetch tags
498+ run : git fetch --tags --force
499+
500+ - name : Log in to GHCR
501+ run : echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u "${{ github.actor }}" --password-stdin
502+
503+ - name : Set up Docker Buildx
504+ uses : ./.github/actions/setup-buildx
505+
506+ - name : Build macOS binary via Docker
507+ run : |
508+ set -euo pipefail
509+ docker buildx build \
510+ --file deploy/docker/Dockerfile.gateway-macos \
511+ --build-arg OPENSHELL_CARGO_VERSION="${{ needs.compute-versions.outputs.cargo_version }}" \
512+ --build-arg CARGO_TARGET_CACHE_SCOPE="${{ github.sha }}" \
513+ --target binary \
514+ --output type=local,dest=out/ \
515+ .
516+
517+ name : Verify packaged binary shape
518+ run : |
519+ set -euo pipefail
520+ test -x out/openshell-gateway
521+
522+ name : Package binary
523+ run : |
524+ set -euo pipefail
525+ mkdir -p artifacts
526+ tar -czf artifacts/openshell-gateway-aarch64-apple-darwin.tar.gz \
527+ -C out openshell-gateway
528+ ls -lh artifacts/
529+
530+ name : Upload artifact
531+ uses : actions/upload-artifact@v4
532+ with :
533+ name : gateway-binary-macos
534+ path : artifacts/*.tar.gz
535+ retention-days : 5
536+
381537 # ---------------------------------------------------------------------------
382538 # Create / update the dev GitHub Release with CLI binaries and wheels
383539 # ---------------------------------------------------------------------------
384540 release-dev :
385541 name : Release Dev
386- needs : [compute-versions, build-cli-linux, build-cli-macos, build-python-wheels-linux, build-python-wheel-macos]
542+ needs : [compute-versions, build-cli-linux, build-cli-macos, build-gateway-binary-linux, build-gateway-binary-macos, build- python-wheels-linux, build-python-wheel-macos]
387543 runs-on : build-amd64
388544 timeout-minutes : 10
389545 outputs :
@@ -398,6 +554,13 @@ jobs:
398554 path : release/
399555 merge-multiple : true
400556
557+ - name : Download gateway binary artifacts
558+ uses : actions/download-artifact@v4
559+ with :
560+ pattern : gateway-binary-*
561+ path : release/
562+ merge-multiple : true
563+
401564 - name : Download wheel artifacts
402565 uses : actions/download-artifact@v4
403566 with :
@@ -417,8 +580,17 @@ jobs:
417580 run : |
418581 set -euo pipefail
419582 cd release
420- sha256sum *.tar.gz *.whl > openshell-checksums-sha256.txt
583+ sha256sum \
584+ openshell-x86_64-unknown-linux-musl.tar.gz \
585+ openshell-aarch64-unknown-linux-musl.tar.gz \
586+ openshell-aarch64-apple-darwin.tar.gz \
587+ *.whl > openshell-checksums-sha256.txt
421588 cat openshell-checksums-sha256.txt
589+ sha256sum \
590+ openshell-gateway-x86_64-unknown-linux-gnu.tar.gz \
591+ openshell-gateway-aarch64-unknown-linux-gnu.tar.gz \
592+ openshell-gateway-aarch64-apple-darwin.tar.gz > openshell-gateway-checksums-sha256.txt
593+ cat openshell-gateway-checksums-sha256.txt
422594
423595name : Prune stale wheel assets from dev release
424596 uses : actions/github-script@v7
@@ -492,12 +664,20 @@ jobs:
492664 curl -LsSf https://raw.githubusercontent.com/NVIDIA/OpenShell/main/install.sh | OPENSHELL_VERSION=dev sh
493665 ```
494666
667+ ### Standalone gateway binary
668+
669+ Manual-download `openshell-gateway` tarballs are attached for Linux amd64/arm64 and macOS ARM64. This release track does not yet include a gateway installer.
670+
495671files : |
496672 release/openshell-x86_64-unknown-linux-musl.tar.gz
497673 release/openshell-aarch64-unknown-linux-musl.tar.gz
498674 release/openshell-aarch64-apple-darwin.tar.gz
675+ release/openshell-gateway-x86_64-unknown-linux-gnu.tar.gz
676+ release/openshell-gateway-aarch64-unknown-linux-gnu.tar.gz
677+ release/openshell-gateway-aarch64-apple-darwin.tar.gz
499678 release/*.whl
500679 release/openshell-checksums-sha256.txt
680+ release/openshell-gateway-checksums-sha256.txt
501681
502682trigger-wheel-publish :
503683 name : Trigger Wheel Publish
0 commit comments