ci: validate pixi run test source-build (PR smoke + nightly GPU)#2185
Merged
Conversation
The bindings were regenerated against CUDA 13.3.0 (cc50515), adding NVRTC symbols (NVRTC_ERROR_BUSY, nvrtcBundledHeadersInfo, nvrtcGetBundledHeadersInfo), but the pixi cuda-version pins stayed at 13.2 in cuda_bindings/pixi.toml and cuda_core/pixi.toml. `pixi run test` then built 13.3-referencing Cython code against a 13.2 nvrtc.h and failed with "'nvrtcBundledHeadersInfo' was not declared in this scope". CI was unaffected because it builds wheels from ci/versions.yml (13.3.0) rather than via pixi run test. Bump the cuda-version pins (build-variants + feature.cu13) from 13.2.* to 13.3.* in both packages so the local toolkit matches the regenerated sources and ci/versions.yml. Re-solved pixi.lock files accordingly. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
tests/cython/build_tests.py runs `build_ext --inplace`, which writes the compiled .so relative to the current working directory. pixi runs the build-cython-tests task from the project root, so the .so landed in the package root instead of tests/cython/, where pytest imports it by bare module name. The test only passed previously because a correctly-placed .so from an earlier build persisted (gitignored); a clean checkout fails with ModuleNotFoundError. chdir to the script directory before build_ext --inplace so the .so lands next to its .pyx in both cuda_bindings and cuda_core (kept aligned per NVIDIA#1978). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Main CI tests prebuilt wheels and never exercises the pixi source build, so that developer path rots silently on CUDA-pin / generated-source / conda-forge / cython-build drift (NVIDIA#2182, NVIDIA#2183). Add a workflow that runs the pixi source build: - build-smoke (PRs touching the at-risk files): CPU-only. Source-builds bindings + core, imports them, builds the cython test extensions and checks placement. Catches the compile / ABI / .so-placement regressions without a GPU. - full-test (nightly + manual): GPU runner, full `pixi run test`. Shared pixi install factored into a composite action with an explicit, asserted version pin. Relates to NVIDIA#2183 (validate the source-build path over time); the regressions this guards against are NVIDIA#2182, fixed by NVIDIA#2180. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
…actionlint actionlint validates static runner labels against its known set; the new full-test job uses a literal GPU label (existing GPU jobs dodge this by building the label from a matrix expression). Declare it so pre-commit's actionlint hook passes. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
rparolin
force-pushed
the
ci/pixi-source-test
branch
from
837b5d5 to
c40ad78
Compare
github-actions
Bot
added
cuda.bindings
…ersion
A shallow checkout has no tags, so the source-built packages get
setuptools-scm's 0.1.dev1 fallback. cuda.core's import-time guard then
rejects cuda.bindings ("12.x or 13.x must be installed"). Use fetch-depth: 0
in both jobs so the build resolves the real 13.x version.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
mdboom
requested changes
Jun 9, 2026
mdboom
left a comment
mdboom
left a comment
Contributor
There was a problem hiding this comment.
LGTM, other that the strong security recommendation.
This comment has been minimized.
This comment has been minimized.
Addresses review (@mdboom): the composite action shelled out to `curl -fsSL https://pixi.sh/install.sh | bash`, an unverified installer (the codecov.io supply-chain failure mode). Replace it with prefix-dev/setup-pixi pinned to a commit SHA (v0.9.6) — its install logic is auditable and pinned — and delete the composite action file. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The prior commit only removed the composite action file; this commits the workflow change that actually uses prefix-dev/setup-pixi@<sha> in both jobs (and drops the now-unneeded curl from the container apt install). Without this the workflow referenced the deleted ./.github/actions/setup-pixi. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
mdboom
approved these changes
Jun 9, 2026
This comment has been minimized.
This comment has been minimized.
1 similar comment
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Main CI tests prebuilt wheels (
ci.yml/test-wheel-*.yml) and never exercises the pixi source build, so thepixi run testdeveloper path rots silently whenever the CUDA pin, generated bindings, conda-forge packages, or cython-test build mechanics drift. This adds the missing guard.Two tiers, to spend GPU minutes deliberately:
build-smoke(PRs touching the at-risk files): CPU-only onubuntu-latest. Source-builds bindings + core, imports them, builds the cython test extensions and checks the.solands intests/cython/. Catches the compile / ABI /.so-placement regressions without a GPU.full-test(nightly cron + manualworkflow_dispatch): GPU runner, fullpixi run test.Shared pixi install is factored into a composite action (
.github/actions/setup-pixi) with an explicit, asserted version pin.Why separate from #2180
This is the prevention mechanism; #2180 is the fix for the current breakage. Kept separate per review.
Sequencing / expected CI
This branch is based on
main, which still has the breakage until #2180 merges. Sobuild-smokeis expected to FAIL on this PR — that failure is the guard correctly catching #2182. Merge #2180 first (or rebase this on it) and it goes green.For reviewers to confirm
linux-amd64-gpu-l4-latest-1(fromci/test-matrix.yml) — swap if a nightly-reserved label is preferred.PIXI_VERSION;prefix-dev/setup-pixipinned to a SHA is a reasonable alternative.Relates to #2183 (validate the source-build path over time). Guards against #2182 (fixed by #2180).
🤖 Generated with Claude Code
Update: rebased onto the #2180 fix branch so the source build is green (this PR was previously based on clean
main, wherebuild-smokecorrectly caught #2182). It now stacks on #2180 — the pin/placement commits drop out once #2180 merges and this is rebased ontomain.