refactor: Rewrite and cleanup

.github/actions/build/action.yml

@@ -0,0 +1,78 @@
+name: Build Project
+description: Build and install project
+
+inputs:
+  # ignored
+  coverage:
+    default: 'false'
+  # ignored
+  options:
+    default: ''
+  # ignored
+  prefix:
+    default: ${{ github.workspace }}/opt
+  # ignored
+  pkgconfig-prefix:
+    default: ''
+  build-path:
+    default: 'build'
+  source-path:
+    default: '.'
+  # ignored
+  build-type:
+    default: 'plain'
+  # ignored
+  build:
+    default: ''
+  install:
+    default: 'false'
+  dist:
+    default: 'false'
+  # ignored
+  subprojects:
+    default: 'true'
+  # ignored
+  dist-tests:
+    default: 'false'
+  # ignored
+  install-deb:
+    default: 'false'
+
+outputs:
+  dist-path:
+    value: ${{ steps.dist.outputs.dist-path }}
+
+runs:
+  using: composite
+  steps:
+    - name: Create python virtual env
+      working-directory: ${{ inputs.source-path }}
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y python3-venv libffi-dev
+        python3 -m venv .venv
+      shell: bash
+
+    - name: Install dependencies
+      working-directory: ${{ inputs.source-path }}
+      run: |
+        ./.venv/bin/pip install --upgrade pip
+        ./.venv/bin/pip install build abi3audit
+      shell: bash
+
+    - name: Generate distribution artifacts
+      id: dist
+      working-directory: ${{ inputs.source-path }}
+      if: ${{ inputs.dist == 'true' }}
+      run: |
+        ./.venv/bin/python3 -m build -o "${{ inputs.build-path }}"
+        ./.venv/bin/abi3audit -v \
+          $(find "${{ inputs.build-path }}" -name "*.whl")
+        echo "dist-path=${{ inputs.build-path }}" >> "$GITHUB_OUTPUT"
+      shell: bash
+
+    - name: Install project
+      working-directory: ${{ inputs.source-path }}
+      if: ${{ inputs.install == 'true' }}
+      run: ./.venv/bin/pip install .
+      shell: bash

.github/actions/run-examples/action.yml

@@ -0,0 +1,29 @@
+name: Run Examples
+description: Run vaccel examples
+
+inputs:
+  # ignored
+  prefix:
+    default: ${{ github.workspace }}/opt
+  # ignored
+  valgrind:
+    default: 'false'
+  # ignored
+  package:
+    default: 'vaccel'
+
+runs:
+  using: composite
+  steps:
+    - name: Ensure run dir exists
+      run: |
+        uid=$(id -u)
+        [ -d "/run/user/${uid}" ] && exit 0
+        sudo mkdir -p "/run/user/${uid}"
+        sudo chown -R  "${uid}" "/run/user/${uid}"
+      shell: bash
+
+    - name: Run examples
+      run: |
+        ./.venv/bin/python3 run-examples.py
+      shell: bash

.github/actions/run-tests/action.yml

@@ -0,0 +1,49 @@
+name: Run Tests
+description: Run project tests and generate coverage report
+
+inputs:
+  build-path:
+    default: 'build'
+  source-path:
+    default: '.'
+  # ignored
+  valgrind:
+    default: 'false'
+  coverage:
+    default: 'false'
+  # ignored
+  gcov:
+    default: 'gcov'
+
+runs:
+  using: composite
+  steps:
+    - name: Install dependencies
+      working-directory: ${{ inputs.source-path }}
+      run: |
+        # FIXME: This should be in the vaccel coverage workflow
+        if ! dpkg -s vaccel &> /dev/null; then
+          wget "https://s3.nbfc.io/nbfc-assets/github/vaccel/rev/main/x86_64/release/vaccel_latest_amd64.deb"
+          sudo apt install ./vaccel_latest_amd64.deb
+          rm vaccel_latest_amd64.deb
+        fi
+        ./.venv/bin/pip install .[test]
+      shell: bash
+
+    - name: Run tests
+      working-directory: ${{ inputs.source-path }}
+      run: ./.venv/bin/python3 -m pytest
+      shell: bash
+
+    - name: Calculate coverage
+      working-directory: ${{ inputs.source-path }}
+      if: ${{ inputs.coverage == 'true' }}
+      run: |
+        ./.venv/bin/pip install tomli
+        pkg_name=$(./.venv/bin/python3 -c \
+          "import tomli; print(tomli.load(open('pyproject.toml', 'rb'))['project']['name'])")
+        ./.venv/bin/python3 -m pytest \
+          --cov-report term \
+          --cov-report xml:"${{ inputs.build-path }}/coverage.xml" \
+          --cov="${pkg_name}" tests/
+      shell: bash

.github/actions/upload-to-s3/action.yml

@@ -0,0 +1,74 @@
+name: Upload to s3
+description: Upload artifacts to s3
+
+inputs:
+  arch:
+    default: 'x86_64'
+  build-type:
+    default: 'release'
+  local-path:
+    default: 'build'
+  remote-basepath:
+    default: 'nbfc-assets/github/vaccel'
+  remote-subpath:
+    default: ''
+  access-key:
+    required: true
+  secret-key:
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Determine SHA and branch
+      id: get-rev-info
+      uses: ./.github/actions/get-revision-info
+
+    - name: Generate paths
+      id: get-artifact-vars
+      run: |
+        branch=${{ steps.get-rev-info.outputs.branch }} 
+        local_path=$(realpath -s --relative-to="${{ github.workspace }}" \
+          "${{ inputs.local-path }}")
+        echo "local-path=${local_path}" >> "$GITHUB_OUTPUT"
+        base_path="${{ inputs.remote-basepath }}"
+        if [ -n "${{ inputs.remote-subpath }}" ]; then
+          base_path="${base_path}/${{ inputs.remote-subpath }}"
+        fi
+        remote_path="${base_path}/rev/${branch}/${{inputs.arch}}/${{inputs.build-type}}/"
+        echo "remote-path=${remote_path}" >> "$GITHUB_OUTPUT"
+      shell: bash
+
+    # TODO: Split this into a separate action upstream, so we don't have to
+    # override whole upload process
+    - name: Generate \"latest\" artifacts
+      run: |
+        # attempt to match filenames of the form
+        # pkg-A.B.C[.devD][.gE{7}][.dF{8}][moretext].extension
+        # where capital letters are numbers and E is 8 digits long
+        VERSION_REGEX="(.+)\d+\.\d+\.\d+(\.dev\d+\+g[\da-z].{6})*(\.d[\d].{7})*([^.]*\..+)"
+        if [ -d "${{ inputs.local-path }}" ]; then
+          echo "Local path is a directory, skipping"
+          exit 0
+        fi
+        dir=$(dirname "${{ inputs.local-path }}")
+        files=$(basename "${{ inputs.local-path }}")
+        pushd "${dir}"
+        for f in $(find . -maxdepth 1 -type f -name "${files}"); do
+          latest_filename=$(echo "$f" | \
+            perl -pe "s/${VERSION_REGEX}/\1latest\4/g")
+          echo "Copying $f to ${latest_filename}"
+          cp "$f" "${latest_filename}"
+        done
+        popd
+      shell: bash
+
+    - name: Upload artifact to s3
+      uses: cloudkernels/minio-upload@v5
+      with:
+        url: https://s3.nubificus.co.uk
+        access-key: ${{ inputs.access-key }}
+        secret-key: ${{ inputs.secret-key }}
+        local-path: ${{ steps.get-artifact-vars.outputs.local-path }}
+        remote-path: ${{ steps.get-artifact-vars.outputs.remote-path }}
+        policy: 1

.github/dependabot.yml

@@ -0,0 +1,8 @@
+version: 2
+updates:
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "monthly"
+    commit-message:
+      prefix: "ci(deps)"

.github/workflows/generate-api-reference.yml

@@ -0,0 +1,142 @@
+name: Generate API Reference
+
+on:
+  workflow_call:
+    inputs:
+      actions-repo:
+        type: string
+        default: 'nubificus/vaccel'
+      actions-rev:
+        type: string
+        default: 'main'
+      deploy:
+        type: boolean
+        default: false
+      target-repo-owner:
+        type: string
+        default: 'nubificus'
+      target-repo-name:
+        type: string
+        default: 'vaccel-docs'
+      target-workflow:
+        type: string
+        default: 'dispatch-update-external-repo.yml'
+    secrets:
+      GIT_CLONE_PAT:
+        required: false
+      VACCEL_BOT_PRIVATE_KEY:
+        required: true
+
+jobs:
+  generate-reference:
+    name: Generate API Reference
+    runs-on: [base-dind-2204-amd64]
+    permissions:
+      contents: write
+
+    steps:
+      - name: Checkout .github directory
+        uses: actions/checkout@v4
+        with:
+          sparse-checkout: .github
+          repository: ${{ inputs.actions-repo }}
+          ref: ${{ inputs.actions-rev }}
+
+      - name: Initialize workspace
+        uses: ./.github/actions/initialize-workspace
+        with:
+          submodules: 'false'
+          remote-actions-repo: ${{ inputs.actions-repo }}
+          token: ${{ secrets.GIT_CLONE_PAT || github.token }}
+          fetch-depth: 0
+
+      - name: Determine SHA and branch
+        id: get-rev-info
+        uses: ./.github/actions/get-revision-info
+
+      - name: Generate vaccel-bot token
+        id: generate-token
+        uses: actions/create-github-app-token@v1
+        with:
+          app-id: ${{ vars.VACCEL_BOT_APP_ID }}
+          private-key: ${{ secrets.VACCEL_BOT_PRIVATE_KEY }}
+          owner: ${{ inputs.target-repo-owner }}
+          repositories: ${{ inputs.target-repo-name }}
+          permission-actions: write
+
+      - name: Trigger docs update
+        id: trigger-update
+        uses: the-actions-org/workflow-dispatch@v4
+        env:
+          RUN_NAME: >-
+            Update External Repo ${{ github.repository }}
+            [Run ID: ${{ github.run_id }}]
+        with:
+          workflow: ${{ inputs.target-workflow }}
+          ref: main
+          repo: ${{ inputs.target-repo-owner }}/${{ inputs.target-repo-name }}
+          token: ${{ steps.generate-token.outputs.token }}
+          run-name: ${{ env.RUN_NAME }}
+          inputs: >-
+            {
+              "run-name": "${{ env.RUN_NAME }}",
+              "trigger-id": "${{ github.run_id }}",
+              "ref": "${{ steps.get-rev-info.outputs.sha }}",
+              "branch": "${{ steps.get-rev-info.outputs.branch }}",
+              "repo": "${{ github.repository }}",
+              "deploy": "${{ inputs.deploy }}"
+            }
+          display-workflow-run-url-interval: 10s
+          display-workflow-run-url-timeout: 2m
+          wait-for-completion-interval: 30s
+          wait-for-completion-timeout: 20m
+          workflow-logs: json-output
+
+      - name: Print remote request info
+        env:
+          LOGS: ${{ steps.trigger-update.outputs.workflow-logs }}
+        run: |
+          remote_repo="${{ inputs.target-repo-owner }}/${{ inputs.target-repo-name }}"
+          remote_id="${{ steps.trigger-update.outputs.workflow-id }}"
+          remote_url="${{ steps.trigger-update.outputs.workflow-url }}"
+          echo "## Remote request info" >> "$GITHUB_STEP_SUMMARY"
+          echo "- Triggered **${remote_repo}** run [#${remote_id}](${remote_url})" \
+            >> "$GITHUB_STEP_SUMMARY"
+          [[ "${{ inputs.deploy }}" == 'false' ]] && exit 0
+
+          pr_number=$(
+            echo "$LOGS" | jq -r '
+              .["Update Repo / Verify Build"]
+              | map(select(
+                  .message != null
+                  and (.message | test("Pull request number"))
+                ))
+              | map(.message | capture("Pull request number: (?<val>[^\\s]+)").val)
+              | .[1]
+            '
+          )
+          pr_operation=$(
+            echo "$LOGS" | jq -r '
+              .["Update Repo / Verify Build"]
+              | map(select(
+                  .message != null
+                  and (.message | test("Pull request operation"))
+                ))
+              | map(.message | capture("Pull request operation: (?<val>[^\\s]+)").val)
+              | .[1]
+            '
+          )
+          pr_url=$(
+            echo "$LOGS" | jq -r '
+              .["Update Repo / Verify Build"]
+              | map(select(
+                  .message != null
+                  and (.message | test("Pull request URL"))
+                ))
+              | map(.message | capture("Pull request URL: (?<val>[^\\s]+)").val)
+              | .[1]
+            '
+          )
+          echo "${pr_operation^} PR: ${pr_url}"
+          echo "- ${pr_operation^} PR [${remote_repo}#${pr_number}](${pr_url})" \
+            >> "$GITHUB_STEP_SUMMARY"