Add mswin binary package workflows#133
Open
hsbt wants to merge 4 commits into
Open
Conversation
Vendor binary-package.rb proposed for ruby/ruby, so that every target branch can be packaged the same way without patching its build system. Ruby 3.3 does not ship vcpkg.json, so a manifest mirroring the ruby_3_4 one is bundled for it. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
mswin-snapshot builds a dev zip of the master branch daily, and mswin-release builds a zip from an official release tarball on demand. Both call the shared mswin-build workflow, which stages `nmake install-nodoc` under DESTDIR, assembles a relocatable zip with tool/mswin/binary-package.rb, generates a sha256 checksum, and smoke-tests the result with PATH restricted to System32. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
vswhere -latest skips Build Tools products without -products *. The hosted runners install full Visual Studio, so this only matters for self-hosted or local runs, found while validating the workflow steps against a Build Tools only machine. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Re-sync the vendored binary-package.rb with ruby/ruby a7d813d0a5, which strips absolute-path tokens (notably the vcpkg --with-opt-dir) from configure_args in the staged rbconfig.rb. mkmf feeds those to every extension build, so a leaked runner path would break gem compilation on the destination machine. Only the staged copy is touched, never the build machine's own installation. The smoke test now asserts configure_args holds no absolute path, and a native json gem is compiled against the package to confirm the extension build pulls in no vcpkg path. Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
There was a problem hiding this comment.
Pull request overview
Adds GitHub Actions workflows to build and verify relocatable Windows (x64-mswin64_140) Ruby binary zip packages, using a shared reusable workflow and a vendored packaging script.
Changes:
- Introduces
mswin-snapshot(scheduled) andmswin-release(manual) workflows delegating to a reusablemswin-buildworkflow. - Adds
tool/mswin/binary-package.rbto assemble a staged install into a relocatable zip and scrub build-machine paths fromrbconfig.rb. - Adds a vcpkg manifest for Ruby 3.3 and documents the new workflows and package contract in
README.md.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
tool/mswin/vcpkg-ruby_3_3.json |
Adds a vcpkg manifest for Ruby 3.3 dependency installation. |
tool/mswin/binary-package.rb |
Adds the script that assembles the staged installation into the relocatable zip layout. |
README.md |
Documents the mswin binary package workflows, naming, and verification contract. |
.github/workflows/mswin-snapshot.yml |
Adds a scheduled workflow to build snapshot mswin packages from master. |
.github/workflows/mswin-release.yml |
Adds a manual workflow to build release mswin packages from official tarballs. |
.github/workflows/mswin-build.yml |
Adds the reusable build/package/verify workflow used by both snapshot and release. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| - name: Install tools with scoop | ||
| run: | | ||
| if ((vcpkg.exe help install) -match "manifest") { exit } |
Comment on lines
+235
to
+241
| & "$bin\gem.cmd" install json --no-document --version 2.20.0 | ||
| if ($LASTEXITCODE -ne 0) { throw "gem install json failed" } | ||
| $log = Get-ChildItem -Recurse "$env:GEM_HOME\extensions" -Filter gem_make.out | | ||
| Select-Object -First 1 | ||
| if ($log -and (Select-String -Path $log.FullName -Pattern 'vcpkg' -Quiet)) { | ||
| throw "vcpkg path leaked into the extension build" | ||
| } |
nobu
reviewed
Jul 5, 2026
Comment on lines
+88
to
+91
| src.sub!(/^(\s*CONFIG\["configure_args"\]\s*=\s*")(.*)(")/) do | ||
| pre, args, post = $1, $2, $3 | ||
| kept = args.scan(/\\".*?\\"|\S+/).reject {|t| t.match?(%r{[A-Za-z]:[/\\]})} | ||
| pre + kept.join(" ") + post |
Member
There was a problem hiding this comment.
Suggested change
| src.sub!(/^(\s*CONFIG\["configure_args"\]\s*=\s*")(.*)(")/) do | |
| pre, args, post = $1, $2, $3 | |
| kept = args.scan(/\\".*?\\"|\S+/).reject {|t| t.match?(%r{[A-Za-z]:[/\\]})} | |
| pre + kept.join(" ") + post | |
| src.sub!(/^\s*CONFIG\["configure_args"\]\s*=\s*"\K.*(?=")/) do |args| | |
| args.scan(/\\".*?\\"|\S+/).grep_v(%r{\b[A-Za-z]:[/\\]}).join(" ") |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
These workflows produce relocatable Ruby binary zip packages for Windows (
x64-mswin64_140).mswin-snapshotbuilds a dev package from the master branch on a daily schedule, andmswin-releasebuilds a package from an official release tarball for Ruby 3.3 and later. Both delegate to the sharedmswin-buildreusable workflow, which stagesnmake install-nodocunderDESTDIR, assembles the tree withtool/mswin/binary-package.rb, writes a.sha256next to the zip, and smoke-tests the result.The zip layout is a public contract for the tooling that consumes these packages. Each zip has a single root directory named after the package holding
bin/,lib/,include/,share/, andLICENSES/. Thebin/directory bundles the vcpkg runtime DLLs and the VC runtime (vcruntime140*.dll) so the tree runs from any location. Release packages are namedruby-<version>-x64-mswin64_140, and snapshot packages embed the commit date and hash so a dev build can never collide with a release name.tool/mswin/binary-package.rbis a vendored copy of the script proposed for ruby/ruby, pinned to a specific commit and synced by hand. Before archiving it scrubs build-machine paths such as the vcpkg--with-opt-dirfrom the stagedrbconfig.rbconfigure_args, sincemkmffeeds those to every extension build and a leaked absolute path would break gem compilation on the destination machine. Ruby 3.3 ships no in-treevcpkg.json, so the builder suppliestool/mswin/vcpkg-ruby_3_3.jsoninstead, mirroring the ruby_3_4 manifest.Every built zip is verified in the workflow before upload. The extracted
ruby.exeruns withPATHrestricted toSystem32while loadingopenssl,fiddle,psych, andzlib, itsconfigure_argsis asserted to carry no absolute path, and a nativejsongem is compiled against the package to confirm the extension build pulls in no vcpkg path. The zip and its checksum are uploaded as an Actions artifact. Publishing tocache.ruby-lang.orgis not wired up yet. All three series were built and verified end to end with these exact steps.https://bugs.ruby-lang.org/issues/22180
Generated with Claude Code