Skip to content

Add mswin binary package workflows#133

Merged
hsbt merged 6 commits into
masterfrom
claude/sweet-poincare-35290a
Jul 11, 2026
Merged

Add mswin binary package workflows#133
hsbt merged 6 commits into
masterfrom
claude/sweet-poincare-35290a

Conversation

@hsbt

@hsbt hsbt commented Jul 5, 2026

Copy link
Copy Markdown
Member

These workflows produce relocatable Ruby binary zip packages for Windows (x64-mswin64_140). mswin-snapshot builds a dev package from the master branch on a daily schedule, and mswin-release builds a package from an official release tarball for Ruby 3.3 and later. Both delegate to the shared mswin-build reusable workflow, which stages nmake install-nodoc under DESTDIR, assembles the tree with ruby/ruby's tool/binary-package.rb, writes a .sha256 next to the zip, and smoke-tests the result.

The zip layout is a public contract for the tooling that consumes these packages. Each zip has a single root directory named after the package holding bin/, lib/, include/, share/, and LICENSES/. The bin/ directory bundles the vcpkg runtime DLLs. The VC runtime (vcruntime140*.dll) is deliberately not bundled, because app-local copies are never serviced by Windows Update, so the package assumes the VC++ Redistributable is installed on the destination machine. Release packages are named ruby-<version>-x64-mswin64_140, and snapshot packages embed the commit date and hash so a dev build can never collide with a release name.

The packaging script is downloaded from ruby/ruby at the commit pinned in BINARY_PACKAGE_REF (the merge commit of ruby/ruby#17662), so there is no vendored copy to drift out of sync and bumping that SHA is the whole sync. The script is applied from the outside to the staged install rather than via the in-tree nmake binary-package target, so that already-released tarballs (which predate the script) can be packaged and the snapshot naming stays under this repository's control. Before archiving it scrubs build-machine paths such as the vcpkg --with-opt-dir from the staged rbconfig.rb configure_args, since mkmf feeds those to every extension build and a leaked absolute path would break gem compilation on the destination machine. Ruby 3.3 ships no in-tree vcpkg.json, so the builder supplies tool/mswin/vcpkg-ruby_3_3.json instead, mirroring the ruby_3_4 manifest.

Every built zip is verified in the workflow before upload. The extracted ruby.exe runs with PATH restricted to System32 while loading openssl, fiddle, psych, and zlib, the package is asserted to bundle no vcruntime140.dll, its configure_args is asserted to carry no absolute path, and a native json gem is compiled against the package to confirm the extension build pulls in no vcpkg path. The zip and its checksum are uploaded as an Actions artifact. Publishing to cache.ruby-lang.org is not wired up yet. All three release series were built and verified end to end with these exact steps.

gh workflow run mswin-release.yml -f TARGET_VERSION=3.4.5

https://bugs.ruby-lang.org/issues/22180

Generated with Claude Code

hsbt and others added 4 commits July 4, 2026 06:09
Vendor binary-package.rb proposed for ruby/ruby, so that every
target branch can be packaged the same way without patching its
build system. Ruby 3.3 does not ship vcpkg.json, so a manifest
mirroring the ruby_3_4 one is bundled for it.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
mswin-snapshot builds a dev zip of the master branch daily, and
mswin-release builds a zip from an official release tarball on
demand. Both call the shared mswin-build workflow, which stages
`nmake install-nodoc` under DESTDIR, assembles a relocatable zip
with tool/mswin/binary-package.rb, generates a sha256 checksum,
and smoke-tests the result with PATH restricted to System32.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
vswhere -latest skips Build Tools products without -products *.
The hosted runners install full Visual Studio, so this only matters
for self-hosted or local runs, found while validating the workflow
steps against a Build Tools only machine.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Re-sync the vendored binary-package.rb with ruby/ruby a7d813d0a5,
which strips absolute-path tokens (notably the vcpkg --with-opt-dir)
from configure_args in the staged rbconfig.rb. mkmf feeds those to
every extension build, so a leaked runner path would break gem
compilation on the destination machine. Only the staged copy is
touched, never the build machine's own installation.

The smoke test now asserts configure_args holds no absolute path,
and a native json gem is compiled against the package to confirm the
extension build pulls in no vcpkg path.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
Copilot AI review requested due to automatic review settings July 5, 2026 03:36

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds GitHub Actions workflows to build and verify relocatable Windows (x64-mswin64_140) Ruby binary zip packages, using a shared reusable workflow and a vendored packaging script.

Changes:

  • Introduces mswin-snapshot (scheduled) and mswin-release (manual) workflows delegating to a reusable mswin-build workflow.
  • Adds tool/mswin/binary-package.rb to assemble a staged install into a relocatable zip and scrub build-machine paths from rbconfig.rb.
  • Adds a vcpkg manifest for Ruby 3.3 and documents the new workflows and package contract in README.md.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.

Show a summary per file
File Description
tool/mswin/vcpkg-ruby_3_3.json Adds a vcpkg manifest for Ruby 3.3 dependency installation.
tool/mswin/binary-package.rb Adds the script that assembles the staged installation into the relocatable zip layout.
README.md Documents the mswin binary package workflows, naming, and verification contract.
.github/workflows/mswin-snapshot.yml Adds a scheduled workflow to build snapshot mswin packages from master.
.github/workflows/mswin-release.yml Adds a manual workflow to build release mswin packages from official tarballs.
.github/workflows/mswin-build.yml Adds the reusable build/package/verify workflow used by both snapshot and release.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.


- name: Install tools with scoop
run: |
if ((vcpkg.exe help install) -match "manifest") { exit }
Comment on lines +235 to +241
& "$bin\gem.cmd" install json --no-document --version 2.20.0
if ($LASTEXITCODE -ne 0) { throw "gem install json failed" }
$log = Get-ChildItem -Recurse "$env:GEM_HOME\extensions" -Filter gem_make.out |
Select-Object -First 1
if ($log -and (Select-String -Path $log.FullName -Pattern 'vcpkg' -Quiet)) {
throw "vcpkg path leaked into the extension build"
}
Comment thread tool/mswin/binary-package.rb Outdated
Comment on lines +88 to +91
src.sub!(/^(\s*CONFIG\["configure_args"\]\s*=\s*")(.*)(")/) do
pre, args, post = $1, $2, $3
kept = args.scan(/\\".*?\\"|\S+/).reject {|t| t.match?(%r{[A-Za-z]:[/\\]})}
pre + kept.join(" ") + post

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
src.sub!(/^(\s*CONFIG\["configure_args"\]\s*=\s*")(.*)(")/) do
pre, args, post = $1, $2, $3
kept = args.scan(/\\".*?\\"|\S+/).reject {|t| t.match?(%r{[A-Za-z]:[/\\]})}
pre + kept.join(" ") + post
src.sub!(/^\s*CONFIG\["configure_args"\]\s*=\s*"\K.*(?=")/) do |args|
args.scan(/\\".*?\\"|\S+/).grep_v(%r{\b[A-Za-z]:[/\\]}).join(" ")

hsbt and others added 2 commits July 11, 2026 08:29
Re-sync the vendored binary-package.rb with ruby/ruby#17662 at
b66c4a8120. App-local vcruntime140*.dll copies are never serviced by
Windows Update, so the package now assumes the VC++ Redistributable
is installed on the destination machine. The upstream script also
dropped the --arch option and prefers the inbox System32 tar.exe over
a GNU tar earlier in PATH. The smoke test now rejects a bundled
vcruntime140.dll instead of requiring it.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
ruby/ruby#17662 has been merged, so the vendored copy would only
invite drift. It already lagged two upstream fixes at removal time.
The workflow now downloads the script from ruby/ruby at the commit
pinned in BINARY_PACKAGE_REF, and bumping that SHA is the whole sync.
The script stays applied from the outside because released tarballs
predate it and the snapshot naming must stay under this repository's
control.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
@hsbt hsbt merged commit 7807707 into master Jul 11, 2026
@hsbt hsbt deleted the claude/sweet-poincare-35290a branch July 11, 2026 10:04
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants