Skip to content

chore: cloud bindgen #114

Open
Open
chore: cloud bindgen#114
Assignees
ovitrif

Description

@ovitrif
ovitrif
opened on Jun 25, 2026

Context

We want bitkit-core to generate mobile bindings and release artifacts in GitHub Actions instead of relying on local developer machines.

The target model is:

  • Rust implementation PRs remain source-reviewable.
  • GitHub Actions proves Android and iOS bindings can be generated.
  • Android packages are built and published from the existing GitHub Actions publishing workflow.
  • Releases upload the iOS BitkitCore.xcframework.zip and Android native debug symbols.
  • Generated bindings, native libraries, archives, and debug symbols move out of the Git-tracked source tree after the GitHub Actions replacement path is proven.
  • Publish/release credentials are used only from trusted maintainer-controlled workflows.

Goal

Prepare bitkit-core for a cleaner GitHub Actions bindgen/release model while preserving the current mobile package flow during the migration.

Phase 1:
  keep existing checked-in generated files
  add .github/workflows/bindgen.yml
  regenerate Android + iOS artifacts in GitHub Actions
  upload generated artifacts for inspection
  verify the generated outputs are usable

Phase 2:
  update the existing Android publish workflow
  add an iOS release artifact workflow
  publish Android package from generated artifacts
  upload iOS XCFramework zip to GitHub releases
  verify consumers can use the GitHub Actions-built release outputs

Phase 3:
  remove checked-in generated bindings/native artifacts
  keep hand-authored package/build metadata
  add ignore rules for generated outputs

Requested changes

1. Add bindgen.yml

Add .github/workflows/bindgen.yml for PR/branch binding verification.

Required behavior:

  • Supports workflow_dispatch with a branch/ref input.
  • Runs PR verification with read-only permissions.
  • Generates Android bindings/artifacts on ubuntu-latest.
  • Generates iOS bindings/artifacts on macos-latest.
  • Uploads generated Android and iOS artifacts for inspection.
  • Uses minimal GitHub token permissions.

Keep checked-in generated bindings and native artifacts until this workflow regenerates equivalent Android and iOS outputs successfully.

2. Make scripts CI-portable

Make the build/release helper scripts usable from GitHub-hosted Linux and macOS runners.

Required changes:

  • Replace macOS-only sed -i '' usage in shared scripts.
  • Keep Android generation Linux-friendly.
  • Keep iOS generation macOS-only.
  • Ensure version sync works across Cargo.toml, Package.swift, and bindings/android/gradle.properties.
  • Ensure Android build dependencies are documented and installed by CI: Android SDK/NDK, cargo-ndk, libdbus-1-dev, pkg-config, protobuf-compiler, zip, unzip, etc.

3. Update existing Android publishing workflow

Update .github/workflows/gradle-publish.yml so the existing Android package publishing path works with generated outputs from the current workflow run.

Required behavior:

  • Runs from the existing release and workflow_dispatch entry points.
  • Generates Android Kotlin bindings and native libraries from source.
  • Builds the Android package from generated workflow outputs.
  • Publishes the Android package to GitHub Packages.
  • Uploads Android native debug symbols as a workflow artifact and release asset.

4. Add iOS release artifact workflow

Add a trusted macOS release workflow that generates the iOS release artifact.

Required behavior:

  • Runs on macos-latest.
  • Generates Swift UniFFI bindings.
  • Builds BitkitCore.xcframework.zip.
  • Computes the SwiftPM checksum for the generated BitkitCore.xcframework.zip.
  • Uploads BitkitCore.xcframework.zip to the GitHub release.

5. Verify consumer package flow

Verify that Android and iOS consumers can use the outputs produced by GitHub Actions before deleting generated files from Git.

Required checks:

  • Android can consume the GitHub Actions-published AAR/package from GitHub Packages.
  • The GitHub Actions-built BitkitCore.xcframework.zip works in the existing iOS package flow.
  • Checksums, tags, package versions, and release assets line up correctly.
  • Existing consumers can use released package outputs instead of committed generated files.

6. Remove checked-in generated bindings and artifacts from Git

After generation, publishing, release upload, and consumer package paths are working, remove generated files from the Git-tracked tree and add ignore rules so they are produced as local/CI build outputs.

Generated outputs to remove from Git tracking include:

  • Android generated Kotlin UniFFI bindings under bindings/android/lib/src/main/kotlin/com/synonym/bitkitcore/.
  • Android native libraries under bindings/android/lib/src/main/jniLibs/**/libbitkitcore.so.
  • Android native debug symbol archives such as bindings/android/native-debug-symbols.zip.
  • iOS generated Swift/FFI files under bindings/ios/, including bitkitcore.swift, bitkitcoreFFI.h, and module.modulemap.
  • iOS generated frameworks and archives, including bindings/ios/BitkitCore.xcframework/** and bindings/ios/BitkitCore.xcframework.zip.

Keep hand-authored files required to regenerate, build, and publish packages, such as:

  • Rust source and UniFFI config.
  • Android Gradle project/build metadata needed to publish the AAR.
  • Package.swift.
  • build/release scripts.

Document any required packaging exception explicitly and keep it narrow.

Document the final policy in README.md and/or build documentation so contributors know generated bindings are build outputs.

7. Define release/version flow

Document the expected release flow for Rust changes that affect generated mobile bindings.

The flow should cover:

  • when to bump Cargo.toml / Android / Swift package versions.
  • when and where bindings are regenerated.
  • how to prepare the Package.swift checksum from GitHub Actions.
  • how to create a GitHub release whose description follows the repository release-note style.
  • how Android/iOS consumers update to the new version.

8. Workflow security

Required workflow constraints:

  • PR bindgen workflow uses read-only permissions and uploads artifacts.
  • Publish/release workflows run from release tags, maintainer-triggered workflow_dispatch, or protected environments.
  • Jobs that create tags, upload release assets, or publish packages use trusted refs and scoped write permissions.
  • Workflow YAML is validated with actionlint.

Acceptance criteria

  • .github/workflows/bindgen.yml generates Android and iOS bindings/artifacts in GitHub Actions.
  • Existing checked-in generated files remain until GitHub Actions can regenerate equivalent Android and iOS outputs.
  • Android bindings/package artifacts are generated on GitHub-hosted Linux runners.
  • iOS bindings and BitkitCore.xcframework.zip are generated on GitHub-hosted macOS runners.
  • .github/workflows/gradle-publish.yml builds and publishes Android packages from generated workflow outputs.
  • GitHub releases upload the iOS XCFramework zip and Android native debug symbols.
  • The GitHub Actions-built BitkitCore.xcframework.zip works in the existing iOS package flow before committed iOS generated files are removed.
  • Android consumer package flow is verified before committed Android generated files are removed.
  • Generated Android/iOS bindings, native libraries, debug symbol archives, and framework archives are removed from the Git-tracked source tree after the replacement package/release path is proven, unless a narrow documented packaging exception is required.
  • .gitignore or equivalent ignore rules cover regenerated outputs after removal.
  • README.md and/or build documentation describes the new bindgen/release expectations.
  • Workflow YAML is validated with actionlint.
  • Workflow behavior is verified on GitHub Actions after merge.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions