From 14eaa6069e45b765bf71a1b3d6770c4c48b26b7e Mon Sep 17 00:00:00 2001 From: Pranav Rathi <4427674+pranavrth@users.noreply.github.com> Date: Sat, 16 May 2026 01:53:47 +0530 Subject: [PATCH 1/3] CI: build wheels from librdkafka branch on demo-current-15-may-branch-wheel - build-wheels.sh: use build-librdkafka-branch.sh when LIBRDKAFKA_BRANCH is set (macOS builds on host; Linux builds inside manylinux via CIBW_BEFORE_BUILD for glibc compatibility) - build-librdkafka-branch.sh: detect yum/apt-get so it works both on the host and inside the manylinux container - semaphore.yml: trim to 3 wheel-build + 2 wheel-verify blocks scoped to this branch; point LIBRDKAFKA_BRANCH at demo-current-london-2026 --- .semaphore/semaphore.yml | 527 ++---------------------- tools/wheels/build-librdkafka-branch.sh | 6 +- tools/wheels/build-wheels.sh | 10 +- 3 files changed, 37 insertions(+), 506 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 5379845a8..d1b05923d 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -9,67 +9,17 @@ global_job_config: env_vars: - name: LIBRDKAFKA_VERSION value: v2.14.0 - # TODO KIP-932: Remove LIBRDKAFKA_BRANCH once LIBRDKAFKA_VERSION includes share consumer support - name: LIBRDKAFKA_BRANCH - value: dev_kip-932_queues-for-kafka + value: demo-current-london-2026 prologue: commands: - checkout - mkdir artifacts blocks: - - name: "Wheels: OSX x64 - Python 3.8-3.12" + - name: "Wheels: OSX arm64 (branch) - Python 3.8-3.12" run: - when: "tag =~ '.*'" - dependencies: - - "Pre-release Validation" - task: - agent: - machine: - type: s1-macos-15-amd64-6 - env_vars: - - name: OS_NAME - value: osx - jobs: - - name: Build - commands: - - export ARCH=x64 - - sem-version python 3.11 - - pip install uv - # TODO KIP-932: Add LIBRDKAFKA_BRANCH fallback for share consumer support - - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse 2.16.2 - - tar -czf wheelhouse-macOS-${ARCH}.tgz wheelhouse - - artifact push workflow wheelhouse-macOS-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/ - - name: "Wheels: OSX x64 - Python 3.13-3.14" - run: - when: "tag =~ '.*'" - dependencies: - - "Pre-release Validation" - task: - agent: - machine: - type: s1-macos-15-amd64-6 - env_vars: - - name: OS_NAME - value: osx - - name: CIBW_SKIP - value: cp36-* cp37-* cp38-* cp39-* cp310-* cp311-* cp312-* - - name: CIBW_ENVIRONMENT_MACOS - value: MACOSX_DEPLOYMENT_TARGET=13 - jobs: - - name: Build - commands: - - export ARCH=x64 - - sem-version python 3.13 - - pip install uv - # TODO KIP-932: Add LIBRDKAFKA_BRANCH fallback for share consumer support - - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse - - tar -czf wheelhouse-macOS-${ARCH}-py313-plus.tgz wheelhouse - - artifact push workflow wheelhouse-macOS-${ARCH}-py313-plus.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}-py313-plus.tgz/ - - name: "Wheels: OSX arm64 - Python 3.8-3.12" - run: - when: "tag =~ '.*'" - dependencies: - - "Pre-release Validation" + when: "branch = 'demo-current-15-may-branch-wheel'" + dependencies: [] task: agent: machine: @@ -85,15 +35,13 @@ blocks: - export ARCH=arm64 - sem-version python 3.11 - pip install uv - # TODO KIP-932: Add LIBRDKAFKA_BRANCH fallback for share consumer support - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse 2.16.2 - tar -czf wheelhouse-macOS-${ARCH}.tgz wheelhouse - artifact push workflow wheelhouse-macOS-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/ - - name: "Wheels: OSX arm64 - Python 3.13-3.14" + - name: "Wheels: OSX arm64 (branch) - Python 3.13-3.14" run: - when: "tag =~ '.*'" - dependencies: - - "Pre-release Validation" + when: "branch = 'demo-current-15-may-branch-wheel'" + dependencies: [] task: agent: machine: @@ -113,37 +61,13 @@ blocks: - export ARCH=arm64 - sem-version python 3.13 - pip install uv - # TODO KIP-932: Add LIBRDKAFKA_BRANCH fallback for share consumer support - PIP_INSTALL_OPTIONS="--user" tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse - tar -czf wheelhouse-macOS-${ARCH}-py313-plus.tgz wheelhouse - artifact push workflow wheelhouse-macOS-${ARCH}-py313-plus.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}-py313-plus.tgz/ - - name: "Wheels: Linux arm64" + - name: "Wheels: Linux x64 (branch)" run: - when: "tag =~ '.*'" - dependencies: - - "Pre-release Validation" - task: - agent: - machine: - type: s1-prod-ubuntu24-04-arm64-1 - env_vars: - - name: OS_NAME - value: linux - jobs: - - name: Build - commands: - - export ARCH=arm64 - - sem-version python 3.13 - - pip install uv - # TODO KIP-932: Add LIBRDKAFKA_BRANCH fallback for share consumer support - - ./tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse - - tar -czf wheelhouse-linux-${ARCH}.tgz wheelhouse - - artifact push workflow wheelhouse-linux-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/ - - name: "Wheels: Linux x64" - run: - when: "tag =~ '.*'" - dependencies: - - "Pre-release Validation" + when: "branch = 'demo-current-15-may-branch-wheel'" + dependencies: [] task: agent: machine: @@ -157,338 +81,15 @@ blocks: - export ARCH=x64 - sem-version python 3.11 - pip install uv - # TODO KIP-932: Add LIBRDKAFKA_BRANCH fallback for share consumer support - ./tools/wheels/build-wheels.sh "${LIBRDKAFKA_VERSION#v}" wheelhouse - tar -czf wheelhouse-linux-${ARCH}.tgz wheelhouse - artifact push workflow wheelhouse-linux-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/ - - name: "Wheels: Windows" + - name: "Wheel Verification: OSX arm64 (branch)" run: - when: "tag =~ '.*'" + when: "branch = 'demo-current-15-may-branch-wheel'" dependencies: - - "Pre-release Validation" - task: - agent: - machine: - type: s1-prod-windows - env_vars: - - name: OS_NAME - value: windows - - name: ARCH - value: x64 - prologue: - commands: - - ".\\tools\\mingw-w64\\setup-msys2.ps1" - - $env:PATH = 'C:\msys64\usr\bin;' + $env:PATH - - bash -lc './tools/mingw-w64/msys2-dependencies.sh' - jobs: - - name: Build - env_vars: - - name: CHERE_INVOKING - value: 'yes' - - name: MSYSTEM - value: UCRT64 - commands: - - sem-version python 3.11.9 - - bash tools/mingw-w64/semaphore_commands.sh - # TODO KIP-932: Add LIBRDKAFKA_BRANCH fallback for share consumer support - - bash tools/wheels/install-librdkafka.sh $env:LIBRDKAFKA_VERSION.TrimStart("v") dest - - tools/wheels/build-wheels.bat x64 win_amd64 dest wheelhouse - - tar -czf wheelhouse-windows-${Env:ARCH}.tgz wheelhouse - - artifact push workflow wheelhouse-windows-${Env:ARCH}.tgz --destination artifacts/wheels-${Env:OS_NAME}-${Env:ARCH}.tgz/ - - name: "Source package verification and Integration tests with Python 3 (Linux x64)" - dependencies: [] - task: - agent: - machine: - type: s1-prod-ubuntu24-04-amd64-3 - env_vars: - - name: OS_NAME - value: linux - prologue: - commands: - - export ARCH=x64 - - '[[ -z $DOCKERHUB_APIKEY ]] || docker login --username $DOCKERHUB_USER --password $DOCKERHUB_APIKEY' - - sudo apt-get update -qq && sudo apt-get install -y -qq clang-format - # TODO KIP-932: matrix the Python version (3.12, 3.13, 3.14) - # across these jobs. Currently every job pins 3.11, which leaves - # version-specific issues in the C extension undetected until users hit - # them. - jobs: - - name: Build and Tests with 'classic' group protocol - commands: - - sem-version python 3.11 - - sem-version java 17 - - pip install uv - # use a virtualenv - - uv venv _venv --python "$(command -v python)" && source _venv/bin/activate - - chmod u+r+x tools/source-package-verification.sh - - tools/source-package-verification.sh - - name: Build and Tests with 'consumer' group protocol - commands: - - sem-version python 3.11 - - sem-version java 17 - - pip install uv - # use a virtualenv - - uv venv _venv --python "$(command -v python)" && source _venv/bin/activate - - chmod u+r+x tools/source-package-verification.sh - - export TEST_CONSUMER_GROUP_PROTOCOL=consumer - - tools/source-package-verification.sh - - name: Build, Test, and Report coverage - commands: - - sem-version python 3.11 - - sem-version java 17 - - pip install uv - # use a virtualenv - - uv venv _venv --python "$(command -v python)" && source _venv/bin/activate - - chmod u+r+x tools/source-package-verification.sh - - export RUN_COVERAGE=true - - tools/source-package-verification.sh - - mkdir test-output - - cp test-report.xml test-output - - test-results publish test-output - - artifact push workflow coverage.xml - - name: "Source package verification with Python 3 (Linux arm64)" - dependencies: [] - task: - agent: - machine: - type: s1-prod-ubuntu24-04-arm64-1 - env_vars: - - name: OS_NAME - value: linux - jobs: - - name: Build - commands: - - export ARCH=arm64 - - sem-version python 3.11 - - sem-version java 17 - - pip install uv - # use a virtualenv - - uv venv _venv --python "$(command -v python)" && source _venv/bin/activate - - chmod u+r+x tools/source-package-verification.sh - - tools/source-package-verification.sh - - name: "Source package verification with Python 3 (OSX x64) +docs" - dependencies: [] - task: - agent: - machine: - type: s1-macos-15-amd64-6 - env_vars: - - name: OS_NAME - value: osx - jobs: - - name: Build - commands: - - export ARCH=x64 - - sem-version python 3.11 - - pip install uv - # use a virtualenv - - uv venv _venv --python "$(command -v python)" && source _venv/bin/activate - - chmod u+r+x tools/source-package-verification.sh - - tools/source-package-verification.sh - - name: "Source package verification with Python 3 (OSX arm64) +docs" - dependencies: [] - task: - agent: - machine: - type: s1-macos-15-arm64-8 - env_vars: - - name: OS_NAME - value: osx - jobs: - - name: Build - commands: - - export ARCH=arm64 - - sem-version python 3.11 - - pip install uv - # use a virtualenv - - uv venv _venv --python "$(command -v python)" && source _venv/bin/activate - - chmod u+r+x tools/source-package-verification.sh - - tools/source-package-verification.sh - - name: "Ducktape Performance Tests (Linux x64)" - dependencies: [] - task: - agent: - machine: - type: s1-prod-ubuntu24-04-amd64-3 - env_vars: - - name: OS_NAME - value: linux - - name: BENCHMARK_BOUNDS_CONFIG - value: tests/ducktape/producer_benchmark_bounds.json - - name: BENCHMARK_ENVIRONMENT - value: ci - prologue: - commands: - - '[[ -z $DOCKERHUB_APIKEY ]] || docker login --username $DOCKERHUB_USER --password $DOCKERHUB_APIKEY' - jobs: - - name: Build and Tests - commands: - # Setup Python environment - - export ARCH=x64 - - sem-version python 3.11 - - pip install uv - - uv venv _venv --python "$(command -v python)" && source _venv/bin/activate - - # Install ducktape framework and additional dependencies - - uv pip install ducktape psutil - - # Install existing test requirements - - uv pip install -r requirements/requirements-tests-install.txt - - # TODO KIP-932: Remove LIBRDKAFKA_BRANCH fallback once LIBRDKAFKA_VERSION includes share consumer support - # Build and install confluent-kafka from source - - lib_dir=dest/runtimes/$OS_NAME-$ARCH/native - - | - if [[ -n $LIBRDKAFKA_BRANCH ]]; then - tools/wheels/build-librdkafka-branch.sh "$LIBRDKAFKA_BRANCH" dest - else - tools/wheels/install-librdkafka.sh "${LIBRDKAFKA_VERSION#v}" dest - fi - - export CFLAGS="$CFLAGS -I${PWD}/dest/build/native/include" - - export LDFLAGS="$LDFLAGS -L${PWD}/${lib_dir}" - - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:$PWD/$lib_dir" - - uv pip install -e . - - # Store project root for reliable navigation - - PROJECT_ROOT="${PWD}" - - # Start Kafka cluster and Schema Registry using dedicated ducktape compose file (KRaft mode) - - cd "${PROJECT_ROOT}/tests/docker" - - docker-compose -f docker-compose.ducktape.yml up -d kafka schema-registry - - # Debug: Check container status and logs - - echo "=== Container Status ===" - - docker-compose -f docker-compose.ducktape.yml ps - - echo "=== Kafka Logs ===" - - docker-compose -f docker-compose.ducktape.yml logs kafka | tail -50 - - # Wait for Kafka to be ready (using PLAINTEXT listener for external access) - - | - timeout 1800 bash -c ' - counter=0 - until docker-compose -f docker-compose.ducktape.yml exec -T kafka kafka-topics --bootstrap-server localhost:9092 --list >/dev/null 2>&1; do - echo "Waiting for Kafka... (attempt $((counter+1)))" - - # Show logs every 4th attempt (every 20 seconds) - if [ $((counter % 4)) -eq 0 ] && [ $counter -gt 0 ]; then - echo "=== Recent Kafka Logs ===" - docker-compose -f docker-compose.ducktape.yml logs --tail=10 kafka - echo "=== Container Status ===" - docker-compose -f docker-compose.ducktape.yml ps kafka - fi - - counter=$((counter+1)) - sleep 5 - done - ' - - echo "Kafka cluster is ready!" - - # Wait for Schema Registry to be ready - - echo "=== Waiting for Schema Registry ===" - - | - timeout 300 bash -c ' - counter=0 - until curl -f http://localhost:8081/subjects >/dev/null 2>&1; do - echo "Waiting for Schema Registry... (attempt $((counter+1)))" - - # Show logs every 3rd attempt (every 15 seconds) - if [ $((counter % 3)) -eq 0 ] && [ $counter -gt 0 ]; then - echo "=== Recent Schema Registry Logs ===" - docker-compose -f docker-compose.ducktape.yml logs --tail=10 schema-registry - echo "=== Schema Registry Container Status ===" - docker-compose -f docker-compose.ducktape.yml ps schema-registry - fi - - counter=$((counter+1)) - sleep 5 - done - ' - - echo "Schema Registry is ready!" - - # Run standard ducktape tests with CI bounds - - cd "${PROJECT_ROOT}" && PYTHONPATH="${PROJECT_ROOT}" python tests/ducktape/run_ducktape_test.py - - # Cleanup - - cd "${PROJECT_ROOT}/tests/docker" && docker-compose -f docker-compose.ducktape.yml down -v || true - - name: "Wheel Verification: Linux x64" - run: - when: "tag =~ '.*'" - dependencies: - - "Wheels: Linux x64" - task: - agent: - machine: - type: s1-prod-ubuntu24-04-amd64-3 - env_vars: - - name: OS_NAME - value: linux - jobs: - - name: Verify - commands: - - export ARCH=x64 - - sem-version python 3.9 - - artifact pull workflow artifacts - - cd artifacts && ls *.tgz |xargs -n1 tar -xvf && cd .. - - tools/test-wheels.sh artifacts/wheelhouse - - name: "Wheel Verification: Linux arm64" - run: - when: "tag =~ '.*'" - dependencies: - - "Wheels: Linux arm64" - task: - agent: - machine: - type: s1-prod-ubuntu24-04-arm64-1 - env_vars: - - name: OS_NAME - value: linux - jobs: - - name: Verify - commands: - - export ARCH=arm64 - - sem-version python 3.9 - - artifact pull workflow artifacts - - cd artifacts && ls *.tgz |xargs -n1 tar -xvf && cd .. - - tools/test-wheels.sh artifacts/wheelhouse - - name: "Wheel Verification: OSX x64" - run: - when: "tag =~ '.*'" - dependencies: - - "Wheels: OSX x64 - Python 3.8-3.12" - - "Wheels: OSX x64 - Python 3.13-3.14" - task: - agent: - machine: - type: s1-macos-15-amd64-6 - env_vars: - - name: OS_NAME - value: osx - jobs: - - name: Verify - commands: - - export ARCH=x64 - - checkout - - sem-version python 3.11 - - pip install uv - - uv pip install --system pytest - - uv pip install --system -r requirements/requirements-tests-install.txt - - artifact pull workflow artifacts - - cd artifacts && ls *.tgz |xargs -n1 tar -xvf && cd .. - - uv pip install --system --no-index --find-links artifacts/wheelhouse confluent-kafka - - python -c "import confluent_kafka; print('version:', confluent_kafka.version())" - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''ssl.cipher.suites'':''DEFAULT''}); print(''OK: OpenSSL'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''gzip''}); print(''OK: gzip'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''lz4''}); print(''OK: lz4'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''snappy''}); print(''OK: snappy'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''zstd''}); print(''OK: zstd'')"' - - pytest tests/test_error.py - - name: "Wheel Verification: OSX arm64" - run: - when: "tag =~ '.*'" - dependencies: - - "Wheels: OSX arm64 - Python 3.8-3.12" - - "Wheels: OSX arm64 - Python 3.13-3.14" + - "Wheels: OSX arm64 (branch) - Python 3.8-3.12" + - "Wheels: OSX arm64 (branch) - Python 3.13-3.14" task: agent: machine: @@ -515,105 +116,23 @@ blocks: - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''snappy''}); print(''OK: snappy'')"' - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''zstd''}); print(''OK: zstd'')"' - pytest tests/test_error.py - - name: "Wheel Verification: Windows" + - name: "Wheel Verification: Linux x64 (branch)" run: - when: "tag =~ '.*'" + when: "branch = 'demo-current-15-may-branch-wheel'" dependencies: - - "Wheels: Windows" + - "Wheels: Linux x64 (branch)" task: agent: machine: - type: s1-prod-windows + type: s1-prod-ubuntu24-04-amd64-3 env_vars: - name: OS_NAME - value: windows - - name: ARCH - value: x64 + value: linux jobs: - name: Verify commands: - - sem-version python 3.11.9 - - python -m pip install --upgrade pip pytest - - python -m pip install -r requirements/requirements-tests-install.txt - - artifact pull workflow artifacts - - cd artifacts - - Get-ChildItem *.tgz | ForEach-Object { tar -xf $_.Name } - - cd .. - - python -m pip install --no-index --find-links artifacts\wheelhouse confluent-kafka - - python -c "import confluent_kafka; print('version:', confluent_kafka.version())" - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''ssl.cipher.suites'':''DEFAULT''}); print(''OK: OpenSSL'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''gzip''}); print(''OK: gzip'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''lz4''}); print(''OK: lz4'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''snappy''}); print(''OK: snappy'')"' - - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''zstd''}); print(''OK: zstd'')"' - - pytest tests\test_error.py - - name: "Pre-release Validation" - run: - when: "tag =~ '.*'" - dependencies: [] - task: - agent: - machine: - type: s1-prod-ubuntu24-04-amd64-1 - jobs: - - name: Validate - commands: - - sem-version python 3.11 - - tools/pre-release-validation.sh - - name: "Source Distribution" - run: - when: "tag =~ '.*'" - dependencies: - - "Wheel Verification: Linux x64" - - "Wheel Verification: Linux arm64" - - "Wheel Verification: OSX x64" - - "Wheel Verification: OSX arm64" - - "Wheel Verification: Windows" - task: - agent: - machine: - type: s1-prod-ubuntu24-04-amd64-1 - jobs: - - name: Build - commands: - - sem-version python 3.11 - - pip install build - - python -m build -s - - ls dist/ - - artifact push workflow dist/ --destination artifacts/sdist/ - - name: "Packaging" - run: - when: "tag =~ '.*'" - dependencies: - - "Source Distribution" - task: - agent: - machine: - type: s1-prod-ubuntu24-04-amd64-3 - jobs: - - name: "Packaging all artifacts" - commands: + - export ARCH=x64 + - sem-version python 3.9 - artifact pull workflow artifacts - - cd artifacts - - ls *.tgz |xargs -n1 tar -xvf - - cp sdist/*.tar.gz wheelhouse/ 2>/dev/null || true - - tar cvf confluent-kafka-python-wheels-${SEMAPHORE_GIT_TAG_NAME}-${SEMAPHORE_WORKFLOW_ID}.tgz wheelhouse/ - - ls -la - - sha256sum confluent-kafka-python-wheels-${SEMAPHORE_GIT_TAG_NAME}-${SEMAPHORE_WORKFLOW_ID}.tgz - - cd .. - - artifact push project artifacts/confluent-kafka-python-wheels-${SEMAPHORE_GIT_TAG_NAME}-${SEMAPHORE_WORKFLOW_ID}.tgz --destination confluent-kafka-python-wheels-${SEMAPHORE_GIT_TAG_NAME}-${SEMAPHORE_WORKFLOW_ID}.tgz - - echo Thank you -promotions: - - name: "Publish to Test PyPI" - pipeline_file: publish-test-pypi.yml -after_pipeline: - task: - agent: - machine: - type: s1-prod-ubuntu24-04-amd64-1 - jobs: - - name: SonarQube - commands: - - checkout - - artifact pull workflow coverage.xml - - emit-sonarqube-data --run_only_sonar_scan + - cd artifacts && ls *.tgz |xargs -n1 tar -xvf && cd .. + - tools/test-wheels.sh artifacts/wheelhouse \ No newline at end of file diff --git a/tools/wheels/build-librdkafka-branch.sh b/tools/wheels/build-librdkafka-branch.sh index 17f8b9388..9c67c79b8 100755 --- a/tools/wheels/build-librdkafka-branch.sh +++ b/tools/wheels/build-librdkafka-branch.sh @@ -43,7 +43,11 @@ git clone --depth 1 --branch "$BRANCH" \ https://github.com/confluentinc/librdkafka.git "$SRC" if [[ $OSTYPE == linux* ]]; then - sudo apt-get update -qq && sudo apt-get install -y -qq libssl-dev libsasl2-dev liblz4-dev libzstd-dev + if command -v yum &>/dev/null; then + yum install -y openssl-devel cyrus-sasl-devel lz4-devel libzstd-devel gcc-c++ git + elif command -v apt-get &>/dev/null; then + sudo apt-get update -qq && sudo apt-get install -y -qq libssl-dev libsasl2-dev liblz4-dev libzstd-dev + fi elif [[ $OSTYPE == darwin* ]]; then # openssl@3 is keg-only in Homebrew (the system ships LibreSSL/Apple # crypto with no -lcrypto headers), so configure's compile-probe for diff --git a/tools/wheels/build-wheels.sh b/tools/wheels/build-wheels.sh index b6cdfe46c..b3a852643 100755 --- a/tools/wheels/build-wheels.sh +++ b/tools/wheels/build-wheels.sh @@ -49,7 +49,15 @@ case $OSTYPE in ;; esac -$this_dir/install-librdkafka.sh $librdkafka_version dest +if [[ -n $LIBRDKAFKA_BRANCH ]]; then + if [[ $os == "linux" ]]; then + export CIBW_BEFORE_BUILD="tools/wheels/build-librdkafka-branch.sh $LIBRDKAFKA_BRANCH dest" + else + $this_dir/build-librdkafka-branch.sh "$LIBRDKAFKA_BRANCH" dest + fi +else + $this_dir/install-librdkafka.sh $librdkafka_version dest +fi install_pkgs=cibuildwheel==$cibuildwheel_version From 201f2c465b3f23f1b54df1d8fdc531c76e0593cf Mon Sep 17 00:00:00 2001 From: Pranav Rathi <4427674+pranavrth@users.noreply.github.com> Date: Sat, 16 May 2026 02:08:50 +0530 Subject: [PATCH 2/3] CI: drop branch filter from wheel blocks Semaphore sets branch=pull-request-NNNN in PR builds, so the previous branch = 'demo-current-15-may-branch-wheel' filter never matched and all blocks got skipped. Remove the when filter entirely so blocks run on every pipeline trigger on this branch. --- .semaphore/semaphore.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index d1b05923d..a02829028 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -17,8 +17,6 @@ global_job_config: - mkdir artifacts blocks: - name: "Wheels: OSX arm64 (branch) - Python 3.8-3.12" - run: - when: "branch = 'demo-current-15-may-branch-wheel'" dependencies: [] task: agent: @@ -39,8 +37,6 @@ blocks: - tar -czf wheelhouse-macOS-${ARCH}.tgz wheelhouse - artifact push workflow wheelhouse-macOS-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/ - name: "Wheels: OSX arm64 (branch) - Python 3.13-3.14" - run: - when: "branch = 'demo-current-15-may-branch-wheel'" dependencies: [] task: agent: @@ -65,8 +61,6 @@ blocks: - tar -czf wheelhouse-macOS-${ARCH}-py313-plus.tgz wheelhouse - artifact push workflow wheelhouse-macOS-${ARCH}-py313-plus.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}-py313-plus.tgz/ - name: "Wheels: Linux x64 (branch)" - run: - when: "branch = 'demo-current-15-may-branch-wheel'" dependencies: [] task: agent: @@ -85,8 +79,6 @@ blocks: - tar -czf wheelhouse-linux-${ARCH}.tgz wheelhouse - artifact push workflow wheelhouse-linux-${ARCH}.tgz --destination artifacts/wheels-${OS_NAME}-${ARCH}.tgz/ - name: "Wheel Verification: OSX arm64 (branch)" - run: - when: "branch = 'demo-current-15-may-branch-wheel'" dependencies: - "Wheels: OSX arm64 (branch) - Python 3.8-3.12" - "Wheels: OSX arm64 (branch) - Python 3.13-3.14" @@ -117,8 +109,6 @@ blocks: - 'python -c "import confluent_kafka; confluent_kafka.Producer({''compression.codec'':''zstd''}); print(''OK: zstd'')"' - pytest tests/test_error.py - name: "Wheel Verification: Linux x64 (branch)" - run: - when: "branch = 'demo-current-15-may-branch-wheel'" dependencies: - "Wheels: Linux x64 (branch)" task: From 52701d19d9af89324a61acbe59faf04ed9f971a2 Mon Sep 17 00:00:00 2001 From: Pranav Rathi <4427674+pranavrth@users.noreply.github.com> Date: Sat, 16 May 2026 02:21:01 +0530 Subject: [PATCH 3/3] CI: fix macOS arm64 deployment-target mismatch The 3.13-3.14 block's wheel repair (delocate) failed because brew bottles for openssl/zstd/lz4 and the from-source librdkafka.dylib all had min target 15 (the runner's OS), while the wheel targeted macOS 13. - build-librdkafka-branch.sh: drop brew install on macOS; export MACOSX_DEPLOYMENT_TARGET=13 and pass --install-deps --source-deps-only to configure so openssl/zstd/lz4 are built from source under the pinned target. - semaphore.yml: also set MACOSX_DEPLOYMENT_TARGET=13 on the 3.8-3.12 block (cibuildwheel 2.16.2 default for arm64 is 11.0, which would still mismatch our target-13 dylibs). --- .semaphore/semaphore.yml | 2 ++ tools/wheels/build-librdkafka-branch.sh | 16 +++++++--------- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index a02829028..5ccf50690 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -27,6 +27,8 @@ blocks: value: osx - name: CIBW_ARCHS value: arm64 + - name: CIBW_ENVIRONMENT_MACOS + value: MACOSX_DEPLOYMENT_TARGET=13 jobs: - name: Build commands: diff --git a/tools/wheels/build-librdkafka-branch.sh b/tools/wheels/build-librdkafka-branch.sh index 9c67c79b8..c5db85f53 100755 --- a/tools/wheels/build-librdkafka-branch.sh +++ b/tools/wheels/build-librdkafka-branch.sh @@ -49,15 +49,11 @@ if [[ $OSTYPE == linux* ]]; then sudo apt-get update -qq && sudo apt-get install -y -qq libssl-dev libsasl2-dev liblz4-dev libzstd-dev fi elif [[ $OSTYPE == darwin* ]]; then - # openssl@3 is keg-only in Homebrew (the system ships LibreSSL/Apple - # crypto with no -lcrypto headers), so configure's compile-probe for - # libcrypto silently fails unless we add brew's path. Same for zstd / - # lz4 / pkg-config on a fresh runner. - brew install pkg-config openssl@3 zstd lz4 - OPENSSL_PREFIX="$(brew --prefix openssl@3)" - export PKG_CONFIG_PATH="$OPENSSL_PREFIX/lib/pkgconfig${PKG_CONFIG_PATH:+:$PKG_CONFIG_PATH}" - export CPPFLAGS="-I$OPENSSL_PREFIX/include${CPPFLAGS:+ $CPPFLAGS}" - export LDFLAGS="-L$OPENSSL_PREFIX/lib${LDFLAGS:+ $LDFLAGS}" + # Pin the deployment target so that openssl/zstd/lz4 (built from source + # by mklove via --source-deps-only below) inherit it instead of the + # runner's macOS version. Brew bottles are always built for the runner's + # OS, so they trip delocate when the wheel targets an older macOS. + export MACOSX_DEPLOYMENT_TARGET=13 fi pushd "$SRC" @@ -69,6 +65,8 @@ pushd "$SRC" CONFIGURE_OPTS="--prefix=$INSTALL --disable-debug-symbols --enable-ssl --enable-lz4-ext --enable-zstd" if [[ $OSTYPE == linux* ]]; then CONFIGURE_OPTS="$CONFIGURE_OPTS --disable-gssapi" +elif [[ $OSTYPE == darwin* ]]; then + CONFIGURE_OPTS="$CONFIGURE_OPTS --install-deps --source-deps-only" fi ./configure $CONFIGURE_OPTS