Add CI job for building local artifacts and update documentation (#27)

* feat: add build-local-artifacts job to CI workflow and update dist configuration

* chore: keep docs updated

* chore: one last nit

Author: xosnrdev

.github/workflows/ci.yml

@@ -1,4 +1,4 @@
-name: 🔍 CI
+name: CI
 
 on:
   push:

.github/workflows/release.yml

@@ -86,10 +86,88 @@ jobs:
           name: artifacts-plan-dist-manifest
           path: plan-dist-manifest.json
 
+  # Build and packages all the platform-specific things
+  build-local-artifacts:
+    name: build-local-artifacts (${{ join(matrix.targets, ', ') }})
+    # Let the initial task tell us to not run (currently very blunt)
+    needs:
+      - plan
+    if: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix.include != null && (needs.plan.outputs.publishing == 'true' || fromJson(needs.plan.outputs.val).ci.github.pr_run_mode == 'upload') }}
+    strategy:
+      fail-fast: false
+      # Target platforms/runners are computed by dist in create-release.
+      # Each member of the matrix has the following arguments:
+      #
+      # - runner: the github runner
+      # - dist-args: cli flags to pass to dist
+      # - install-dist: expression to run to install dist on the runner
+      #
+      # Typically there will be:
+      # - 1 "global" task that builds universal installers
+      # - N "local" tasks that build each platform's binaries and platform-specific installers
+      matrix: ${{ fromJson(needs.plan.outputs.val).ci.github.artifacts_matrix }}
+    runs-on: ${{ matrix.runner }}
+    container: ${{ matrix.container && matrix.container.image || null }}
+    env:
+      GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+      BUILD_MANIFEST_NAME: target/distrib/${{ join(matrix.targets, '-') }}-dist-manifest.json
+    steps:
+      - name: enable windows longpaths
+        run: |
+          git config --global core.longpaths true
+      - uses: actions/checkout@v4
+        with:
+          submodules: recursive
+      - name: Install Rust non-interactively if not already installed
+        if: ${{ matrix.container }}
+        run: |
+          if ! command -v cargo > /dev/null 2>&1; then
+            curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
+            echo "$HOME/.cargo/bin" >> $GITHUB_PATH
+          fi
+      - name: Install dist
+        run: ${{ matrix.install_dist.run }}
+      # Get the dist-manifest
+      - name: Fetch local artifacts
+        uses: actions/download-artifact@v4
+        with:
+          pattern: artifacts-*
+          path: target/distrib/
+          merge-multiple: true
+      - name: Install dependencies
+        run: |
+          ${{ matrix.packages_install }}
+      - name: Build artifacts
+        run: |
+          # Actually do builds and make zips and whatnot
+          dist build ${{ needs.plan.outputs.tag-flag }} --print=linkage --output-format=json ${{ matrix.dist_args }} > dist-manifest.json
+          echo "dist ran successfully"
+      - id: cargo-dist
+        name: Post-build
+        # We force bash here just because github makes it really hard to get values up
+        # to "real" actions without writing to env-vars, and writing to env-vars has
+        # inconsistent syntax between shell and powershell.
+        shell: bash
+        run: |
+          # Parse out what we just built and upload it to scratch storage
+          echo "paths<<EOF" >> "$GITHUB_OUTPUT"
+          dist print-upload-files-from-manifest --manifest dist-manifest.json >> "$GITHUB_OUTPUT"
+          echo "EOF" >> "$GITHUB_OUTPUT"
+
+          cp dist-manifest.json "$BUILD_MANIFEST_NAME"
+      - name: "Upload artifacts"
+        uses: actions/upload-artifact@v4
+        with:
+          name: artifacts-build-local-${{ join(matrix.targets, '_') }}
+          path: |
+            ${{ steps.cargo-dist.outputs.paths }}
+            ${{ env.BUILD_MANIFEST_NAME }}
+
   # Build and package all the platform-agnostic(ish) things
   build-global-artifacts:
     needs:
       - plan
+      - build-local-artifacts
     runs-on: "ubuntu-latest"
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
@@ -134,9 +212,10 @@ jobs:
   host:
     needs:
       - plan
+      - build-local-artifacts
       - build-global-artifacts
     # Only run if we're "publishing", and only if local and global didn't fail (skipped is fine)
-    if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') }}
+    if: ${{ always() && needs.plan.outputs.publishing == 'true' && (needs.build-global-artifacts.result == 'skipped' || needs.build-global-artifacts.result == 'success') && (needs.build-local-artifacts.result == 'skipped' || needs.build-local-artifacts.result == 'success') }}
     env:
       GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
     runs-on: "ubuntu-latest"

Cargo.toml

@@ -2,7 +2,7 @@
 name = "rce-engine"
 version = "1.2.6"
 authors = ["ToolKitHub"]
-description = "HTTP API for running untrusted code inside isolated Docker containers."
+description = "A secure service for running untrusted code inside isolated Docker containers via a simple HTTP API"
 homepage = "https://github.com/ToolKitHub/rce-engine?tab=readme-ov-file#readme"
 repository = "https://github.com/ToolKitHub/rce-engine"
 edition = "2024"

README.md

@@ -1,6 +1,6 @@
-# rce-engine
+# RCE Engine
 
-**rce-engine** is a secure service for running untrusted code inside isolated Docker containers via a simple HTTP API. Execute code in 41 different programming languages with strong security guarantees.
+RCE Engine is a secure service for running untrusted code inside isolated Docker containers via a simple HTTP API. See [supported languages](https://github.com/ToolKitHub/rce-runner)
 
 [View full documentation](DOCUMENTATION.md)
 
@@ -51,45 +51,13 @@ Response:
 }
 ```
 
-## Supported Languages
-
-rce-engine currently supports these 41 programming languages:
-
-| Languages A-G | Languages G-N | Languages O-Z |
-|---------------|---------------|---------------|
-| Assembly      | Go            | OCaml         |
-| ATS           | Groovy        | Perl          |
-| Bash          | Haskell       | PHP           |
-| C             | Idris         | Python        |
-| C++           | Java          | Raku          |
-| C#            | JavaScript    | Ruby          |
-| Clojure       | Julia         | Rust          |
-| COBOL         | Kotlin        | Scala         |
-| CoffeeScript  | Lua           | Swift         |
-| Crystal       | Mercury       | TypeScript    |
-| D             | Nim           |               |
-| Dart          |               |               |
-| Elixir        |               |               |
-| Elm           |               |               |
-| Erlang        |               |               |
-| F#            |               |               |
-
-Don't see your language? [Open an issue](https://github.com/toolkithub/rce-engine/issues) and we'll consider adding it. New language support is continuously being added based on user demand.
-
 ## Documentation
 
 - [Full documentation](DOCUMENTATION.md)
 - [API Reference](docs/api/run.md)
 - [Installation guides](docs/install/)
 
-## Security
-
-rce-engine is designed with security in mind:
-- Fresh container for each execution
-- Container destroyed after completion
-- Resource limits to prevent abuse
-- Optional gVisor runtime for enhanced isolation
 
 ## License
 
-[See License](./LICENSE)
+See [License](./LICENSE)

dist-workspace.toml

@@ -15,8 +15,7 @@ targets = ["x86_64-unknown-linux-gnu"]
 install-path = "CARGO_HOME"
 # Whether to install an updater program
 install-updater = true
-# Whether CI should include auto-generated code to build local artifacts
-build-local-artifacts = false
 
 [dist.github-custom-runners]
 global = "ubuntu-latest"
+x86_64-unknown-linux-gnu = "ubuntu-latest"

docs/api/run.md

@@ -6,8 +6,7 @@ The `/run` endpoint is the core of the rce-engine API, allowing you to execute c
 
 - **URL**: `/run`
 - **Method**: `POST`
-- **Required Headers**:
-  - `X-Access-Token`: Your 
+- **Required Headers**: 
   - `X-Access-Token`: Your API access token (set in server configuration)
   - `Content-Type`: `application/json`
 

scripts/test.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/bash
 # RCE engine test script - Run code in multiple language containers
 set -eo pipefail