Add ARM64 Linux support to CI/CD pipeline#4
Merged
danielmeppiel merged 15 commits intomicrosoft:mainfrom Oct 28, 2025
Merged
Conversation
danielmeppiel
requested changes
Oct 17, 2025
Collaborator
danielmeppiel
left a comment
There was a problem hiding this comment.
Looks good. I am just getting the CI failing now on the smoke tests, specifically with codex on darwin, which is potentially unrelated. Let's address the 2 comments I made
| runs-on: ${{ matrix.os }} | ||
| strategy: | ||
| fail-fast: false | ||
| matrix: |
Collaborator
There was a problem hiding this comment.
The test phase will need to run also on the new ubuntu arm platform
Contributor
Author
There was a problem hiding this comment.
Thanks! I added a commit to fix this.
| "darwin_x86_64": "${{ steps.checksums.outputs.darwin-x86_64-sha }}", | ||
| "linux_x86_64": "${{ steps.checksums.outputs.linux-x86_64-sha }}" | ||
| "linux_x86_64": "${{ steps.checksums.outputs.linux-x86_64-sha }}", | ||
| "linux_arm64": "${{ steps.checksums.outputs.linux-arm64-sha }}" |
Collaborator
There was a problem hiding this comment.
We need to update the homebrew formula at danielmeppiel/homebrew-apm#5 so that it accepts the new binary and processes installation correctly
- Add ubuntu-24.04-arm runner for native ARM64 builds - Update build, integration-tests, and release-validation jobs - Add apm-linux-arm64 binary to release artifacts - Remove cross-compilation complexity in favor of native builds
- Add aarch64|arm64 architecture detection in setup-common.sh - Add linux-aarch64 -> aarch64-unknown-linux-gnu mapping in setup-codex.sh - Fixes smoke test failures on ARM64 Linux runners - Enables Codex runtime installation on ARM64 Linux systems Fixes smoke test error: 'Unsupported Linux architecture: aarch64'
- Add aarch64|arm64 -> apm-linux-aarch64 mapping in test-integration.sh - Fixes integration test failures on ARM64 Linux runners - Complements runtime setup ARM64 support This was the missing piece causing integration tests to fail with: 'Unsupported Linux architecture: aarch64'
c28ec98 to
42d2c85
Compare
- Runtime list command was failing with KeyError: 'cross' - cli.py line 2040 references STATUS_SYMBOLS['cross'] but it wasn't defined - Added 'cross': '❌' to STATUS_SYMBOLS in console.py Fixes integration test failures: - test_runtime_list_command - test_dual_runtime_installation Error was: 'Error listing runtimes: 'cross''
- Add GITHUB_APM_PAT as fallback for models token purpose - Ensure both GITHUB_TOKEN and GITHUB_APM_PAT are available to Codex script - Fixes 'Using unauthenticated GitHub API request' in CI smoke tests The smoke test environment only provides GITHUB_APM_PAT but not GITHUB_TOKEN. The token manager now properly falls back to GITHUB_APM_PAT for GitHub Models API access when GITHUB_TOKEN is not available, and ensures the Codex setup script has access to both tokens as expected.
- Change apm-linux-aarch64 to apm-linux-arm64 in test-integration.sh - Matches build script normalization: aarch64 -> arm64 - Fixes 'Binary not found: ./dist/apm-linux-aarch64/apm' error The build script normalizes aarch64 architecture to arm64, creating apm-linux-arm64 binary, but integration test was looking for apm-linux-aarch64. Now both use consistent arm64 naming.
- Add debug prints to _setup_codex_tokens to see what tokens are available - This will help diagnose why Codex setup is still using unauthenticated requests - Temporary debugging commit to understand token flow in CI Will remove debug prints once issue is identified and fixed.
- Add env=os.environ.copy() to subprocess.run() in run_command() - Ensures GITHUB_APM_PAT and other environment variables are properly passed to the shell scripts in smoke tests - Fixes authentication issue where runtime setup scripts couldn't access GitHub tokens set in CI workflow Root cause: subprocess.run() with shell=True may not always inherit all environment variables properly, especially in test environments.
- Revert debug logging added for troubleshooting - Keep only the core fix for subprocess environment passing
- Ensures tokens are available for GitHub API requests to fetch latest release - Fixes 'Using unauthenticated GitHub API request' in CI environments - API call at line ~97 needs tokens set up early, not at line 171 - Addresses timing issue where tokens were configured after API usage
- Smoke tests now have both GITHUB_TOKEN and GITHUB_APM_PAT like other test jobs - Maps GH_MODELS_PAT → GITHUB_TOKEN for GitHub API authentication - Maps GH_CLI_PAT → GITHUB_APM_PAT for APM module access - Fixes 'Using unauthenticated GitHub API request' in smoke test step - Makes smoke test environment consistent with integration-tests and release-validation
- Add detailed environment variable debugging to github-token-helper.sh - Show initial and final token state with character counts - Add debug logging to setup-codx.sh before GitHub API calls - Add environment debugging to test_runtime_smoke.py subprocess calls - Debug output will show exactly which tokens are available and being used - Helps diagnose why CI shows 'unauthenticated' despite token setup success This will reveal the exact root cause of authentication failure in CI.
- Change from pull_request to pull_request_target - Enables secrets access for fork PRs while maintaining security - Revert to proper secrets (GH_MODELS_PAT, GH_CLI_PAT, GH_PKG_PAT) - Add security documentation for pull_request_target usage Fixes GitHub Actions fork PR limitation where custom secrets are not available, while preserving full functionality for regular PRs and main branch builds.
- Revert from pull_request_target to pull_request for proper security - This prevents automatic secrets exposure to untrusted fork code - Fork PRs will now require manual approval workflow as intended - Maintains GitHub's security model for open source projects This addresses the security concern where pull_request_target would automatically grant secrets access without approval, bypassing GitHub's built-in fork protection mechanisms.
Collaborator
|
@pofallon thank you, first binary available here https://github.com/danielmeppiel/apm/actions/runs/18882334077/artifacts/4396277101 Will ship on 4.3 this week Related finding on fork PR testing #12 |
sergio-sisternes-epam
added a commit
to sergio-sisternes-epam/apm
that referenced
this pull request
Mar 2, 2026
…microsoft#5/microsoft#6) - Add _validate_inline_url() with https/http scheme allowlist - Add _install_inline_mcp_deps() delegating to ClientFactory adapters - VSCode: read-merge-write via adapter (full-overwrite API) - Copilot/Codex: pass merge dict via adapter update_config() - 15 new tests covering adapter delegation, URL validation, error cases - All 866 tests pass
This was referenced Mar 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
🚀 New Feature
Description
I want to use apm in a linux devcontainer running on an M-series Mac host.
Changes Made
Testing
Checklist
enhancementorfeaturelabel to this PRFixes # (issue)