From c6e448a0bab95b61c85a224a91bb6a5f0d20002a Mon Sep 17 00:00:00 2001 From: Igor Sirotin Date: Wed, 20 May 2026 21:57:14 +0100 Subject: [PATCH] fix: real getNodeInfo Version in Nix/lgpm builds (#3889) * fix(node-info): real Version + new Commit in Nix/lgpm builds getNodeInfo Version returned "n/a" on Nix-built libs (and lgpm releases built from the flake) because nix/default.nix never passed -d:git_version. A flake sandbox has no .git, so git describe is impossible; derive the semver from waku.nimble's version field plus the flake short commit, and expose the full commit SHA via a new Commit node info id. - waku_state_info: add Commit to NodeInfoId + dispatch git_commit - waku_node: add git_commit {.strdefine.} (default "n/a") - node start logs ("Starting Waku node" / "Running nwaku node") now print commit = git_commit alongside version - Makefile: inject -d:git_commit (full SHA), mirrors docker label - nix/default.nix: accept gitVersion/gitCommit, pass as nim defines - flake.nix: gitVersion = -g, gitCommit = rev - CI version-check (PR only): ancestor-aware `git describe --tags --abbrev=0` vs PR HEAD, base-version compare, so waku.nimble is kept current early and a new tag never breaks in-flight PRs - release-assets.yml: gate build/upload on a verify-version job asserting tag base == waku.nimble (RC tags allowed), so a mismatched tag publishes no artifacts - docs: prepare_release.md explains the bump-before-tag requirement Refs: status-im/infra-logos#4 Closes: logos-messaging/logos-delivery#3884 Co-Authored-By: Claude Opus 4.7 (1M context) * docs: simplify * chore: update version in waku.nimble * fix(node-info): remove Commit node info field Drop the newly added Commit (full SHA) node info id and its git_commit compile-time define plumbing across Makefile, flake.nix and nix/default.nix; revert the start/run log lines to version only. The PR now solely fixes the getNodeInfo Version regression. Co-Authored-By: Claude Opus 4.7 (1M context) * chore(nix): align git_version format closer to Makefile Adds the `v` prefix and uses a 6-char SHA so Nix-built nodes report e.g. `v0.38.1-g52e980`, matching the shape of `git describe --abbrev=6 --always --tags` aside from the unreachable commit-count segment (tag metadata isn't exposed through the flake input protocol). Co-Authored-By: Claude Opus 4.7 (1M context) --------- Co-authored-by: Claude Opus 4.7 (1M context) --- .github/ISSUE_TEMPLATE/prepare_release.md | 2 +- .github/workflows/release-assets.yml | 28 +++++++++++++ .github/workflows/version-check.yml | 49 +++++++++++++++++++++++ flake.nix | 15 +++++++ nix/default.nix | 4 +- waku.nimble | 2 +- 6 files changed, 97 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/version-check.yml diff --git a/.github/ISSUE_TEMPLATE/prepare_release.md b/.github/ISSUE_TEMPLATE/prepare_release.md index de67b3eaf..3c2e2f729 100644 --- a/.github/ISSUE_TEMPLATE/prepare_release.md +++ b/.github/ISSUE_TEMPLATE/prepare_release.md @@ -18,7 +18,7 @@ For detailed info on the release process refer to https://github.com/logos-messa All items below are to be completed by the owner of the given release. - [ ] Create release branch with major and minor only ( e.g. release/v0.X ) if it doesn't exist. -- [ ] Update the `version` field in `waku.nimble` to match the release version (e.g. `version = "0.X.0"`). +- [ ] Update the `version` field in `waku.nimble` to match the release version (e.g. `version = "0.X.0"`) **and merge it before assigning any tag** - the `release-assets` workflow gates artifact build/upload. - [ ] Assign release candidate tag to the release branch HEAD (e.g. `v0.X.0-rc.0`, `v0.X.0-rc.1`, ... `v0.X.0-rc.N`). - [ ] Generate and edit release notes in CHANGELOG.md. diff --git a/.github/workflows/release-assets.yml b/.github/workflows/release-assets.yml index fc1f819d9..77862d11b 100644 --- a/.github/workflows/release-assets.yml +++ b/.github/workflows/release-assets.yml @@ -11,7 +11,35 @@ env: NPROC: 2 jobs: + # Release gate: the pushed tag MUST exactly match waku.nimble's version, + # so every published artifact reports the correct getNodeInfo Version. + # CI cannot reject/remove a tag, so we gate artifact build & upload on + # this instead: a mismatched tag yields no released artifacts. + verify-version: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - name: Assert pushed tag equals waku.nimble version + if: startsWith(github.ref, 'refs/tags/') + run: | + set -euo pipefail + NIMBLE_VERSION=$(grep -m1 '^version = ' waku.nimble | sed -E 's/version = "([^"]+)"/\1/') + # Strip leading v and any prerelease suffix (e.g. v0.38.0-rc.1 -> + # 0.38.0) so release-candidate tags build against the same + # waku.nimble version as the final tag. + TAG_VERSION="${GITHUB_REF_NAME#v}" + BASE_VERSION="${TAG_VERSION%%-*}" + echo "tag: ${GITHUB_REF_NAME} (base ${BASE_VERSION})" + echo "waku.nimble version: ${NIMBLE_VERSION}" + if [ "${BASE_VERSION}" != "${NIMBLE_VERSION}" ]; then + echo "::error::Tag ${GITHUB_REF_NAME} (base ${BASE_VERSION}) does not match" + echo "::error::waku.nimble version (${NIMBLE_VERSION}). Bump waku.nimble before tagging." + exit 1 + fi + echo "OK: tag base matches waku.nimble." + build-and-upload: + needs: verify-version strategy: matrix: os: [ubuntu-22.04, macos-15] diff --git a/.github/workflows/version-check.yml b/.github/workflows/version-check.yml new file mode 100644 index 000000000..e3ad958ba --- /dev/null +++ b/.github/workflows/version-check.yml @@ -0,0 +1,49 @@ +name: version check +permissions: + contents: read + +on: + pull_request: + branches: [master] + +jobs: + # PR check: waku.nimble version must be >= the nearest tag reachable from + # this branch (`git describe --tags --abbrev=0`, i.e. ancestor-aware). + # Because we check out the PR HEAD (not the simulated merge ref), a branch + # that predates a release tag does not see that tag in its history, so a + # newly pushed tag does NOT break in-flight PRs. Once the branch merges/ + # rebases past the tag, the bump is then enforced. This keeps waku.nimble + # fixed as early as possible, independent of whether a release is cut. + # The exact tag==nimble guarantee at release time lives in + # release-assets.yml, which gates artifact publishing on it. + nimble-not-behind-tag: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + ref: ${{ github.event.pull_request.head.sha }} + - name: Compare waku.nimble version with nearest ancestor tag + run: | + set -euo pipefail + NIMBLE_VERSION=$(grep -m1 '^version = ' waku.nimble | sed -E 's/version = "([^"]+)"/\1/') + # Nearest tag reachable from HEAD; --abbrev=0 drops the --g + # suffix so we get the bare tag (e.g. v0.38.0). + BASE_TAG=$(git describe --tags --abbrev=0 2>/dev/null || echo "") + BASE_TAG=${BASE_TAG#v} + # Compare on the base version, ignoring any -rc.N prerelease suffix. + BASE_TAG=${BASE_TAG%%-*} + echo "waku.nimble version: ${NIMBLE_VERSION}" + echo "ancestor git tag: ${BASE_TAG:-}" + if [ -z "${BASE_TAG}" ]; then + echo "No ancestor release tag; skipping." + exit 0 + fi + # lowest of the two by version sort must be the tag => nimble >= tag + LOWEST=$(printf '%s\n%s\n' "${NIMBLE_VERSION}" "${BASE_TAG}" | sort -V | head -1) + if [ "${LOWEST}" != "${BASE_TAG}" ] && [ "${NIMBLE_VERSION}" != "${BASE_TAG}" ]; then + echo "::error::waku.nimble version (${NIMBLE_VERSION}) is behind its" + echo "::error::ancestor git tag (v${BASE_TAG}). Bump 'version' in waku.nimble." + exit 1 + fi + echo "OK: waku.nimble is not behind its ancestor tag." diff --git a/flake.nix b/flake.nix index 50b6dc0b5..b99eff6cd 100644 --- a/flake.nix +++ b/flake.nix @@ -36,6 +36,20 @@ forAllSystems = nixpkgs.lib.genAttrs systems; + lib = nixpkgs.lib; + + # Single source of truth for the semver: the `version` field of + # waku.nimble. Kept in sync with git tags by the version-check CI. + nimbleVersion = + let line = lib.findFirst (l: lib.hasPrefix "version = " l) + "version = \"unknown\"" + (lib.splitString "\n" (builtins.readFile ./waku.nimble)); + in lib.removeSuffix "\"" (lib.removePrefix "version = \"" line); + + # A flake sandbox has no .git, so `git describe` is impossible; the + # commit comes from the flake metadata instead. + shortRev = self.shortRev or self.dirtyShortRev or "dirty"; + nimbleOverlay = final: prev: { nimble = prev.nimble.overrideAttrs (_: { version = "0.22.3"; @@ -60,6 +74,7 @@ inherit pkgs; src = ./.; zerokitRln = zerokit.packages.${system}.rln; + gitVersion = "v${nimbleVersion}-g${builtins.substring 0 6 shortRev}"; }; in { inherit liblogosdelivery; diff --git a/nix/default.nix b/nix/default.nix index a9ea0f598..7b7989e1a 100644 --- a/nix/default.nix +++ b/nix/default.nix @@ -1,6 +1,7 @@ { pkgs , src , zerokitRln +, gitVersion ? "n/a" , enablePostgres ? true , enableNimDebugDlOpen ? true , chroniclesLogLevel ? null @@ -10,7 +11,8 @@ let deps = import ./deps.nix { inherit pkgs; }; nimDefineArgs = pkgs.lib.concatStringsSep " \\\n " ( - [ "--define:disable_libbacktrace" ] + [ "--define:disable_libbacktrace" + "--define:git_version=${gitVersion}" ] ++ pkgs.lib.optional enablePostgres "--define:postgres" ++ pkgs.lib.optional enableNimDebugDlOpen "--define:nimDebugDlOpen" ++ pkgs.lib.optional (chroniclesLogLevel != null) diff --git a/waku.nimble b/waku.nimble index 57ce858a4..da5b87eb6 100644 --- a/waku.nimble +++ b/waku.nimble @@ -4,7 +4,7 @@ import os mode = ScriptMode.Verbose ### Package -version = "0.37.4" +version = "0.38.1" author = "Status Research & Development GmbH" description = "Waku, Private P2P Messaging for Resource-Restricted Devices" license = "MIT or Apache License 2.0"