Initial hyperlight-js commit

Co-authored-by: Dan Chiarlone <dchiarlone@microsoft.com>
Co-authored-by: David Justice <devigned@users.noreply.github.com>
Co-authored-by: Doru-Florin Blânzeanu <blanzeanu.doru@protonmail.com>
Co-authored-by: James Sturtevant <jstur@microsoft.com>
Co-authored-by: Jiaxiao Zhou <duibao55328@gmail.com>
Co-authored-by: Jorge Prendes <jorge.prendes@gmail.com>
Co-authored-by: Lucy Menon <168595099+syntactically@users.noreply.github.com>
Co-authored-by: Ludvig Liljenberg <lliljenberg@microsoft.com>
Co-authored-by: Mark Rossetti <marosset@microsoft.com>
Co-authored-by: Ralph Squillace <ralph@squillace.com>
Co-authored-by: Simon Davies <simongdavies@users.noreply.github.com>
Co-authored-by: Tomasz Andrzejak <andreiltd@gmail.com>

Author: 12 people

.devcontainer/devcontainer.json

@@ -0,0 +1,39 @@
+// For more info on the configuration below, check out the link:
+// https://code.visualstudio.com/docs/devcontainers/create-dev-container
+{
+  "name": "Hyperlight",
+
+  "image": "ghcr.io/hyperlight-dev/hyperlight-devcontainer:latest",
+
+  "containerUser": "vscode",
+  // Environment for the container also used by the `postCreateCommand`
+  "containerEnv": {
+    "DEVICE": "/dev/kvm",
+    "REMOTE_USER": "vscode",
+    "REMOTE_GROUP": "vscode"
+  },
+
+  "runArgs": [
+      "--device=/dev/kvm"
+  ],
+
+  // use `postStartCommand` for additional setup commands
+  // this is run after the container is created and the user has been added
+  "postStartCommand": "bash .devcontainer/setup.sh",
+
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "ms-vscode.cpptools-extension-pack",
+        "ms-vscode.cmake-tools",
+        "rust-lang.rust-analyzer",
+        "vadimcn.vscode-lldb"
+      ],
+      "settings": {
+        "rust-analyzer.rustfmt.extraArgs": [
+          "+nightly" // required for rustfmt.toml which uses nightly features
+        ]
+      }
+    }
+  }
+}

.devcontainer/setup.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+# Change device ownership
+sudo chown -R $REMOTE_USER:$REMOTE_GROUP $DEVICE
+

.gitattributes

@@ -0,0 +1,4 @@
+# Enforce LF line endings for all text files.
+# Prevents Windows `core.autocrlf = true` from checking out CRLF,
+# which breaks tools like Prettier that default to LF.
+* text=auto eol=lf

.github/codeql/codeql-config.yml

@@ -0,0 +1,7 @@
+name: "CodeQL config"
+queries:
+  - uses: security-and-quality
+
+query-filters:
+  - exclude:
+      id: actions/unpinned-tag

.github/dependabot.yml

@@ -0,0 +1,18 @@
+version: 2
+updates: 
+  - package-ecosystem: "github-actions"
+    directory: "/"
+    schedule:
+      interval: "daily"
+      time: "03:00"
+  - package-ecosystem: "cargo"
+    directories: 
+      - "/"
+    schedule:
+      interval: "daily"
+      time: "03:00"
+  - package-ecosystem: "npm"
+    directory: "/src/js-host-api"
+    schedule:
+      interval: "daily"
+      time: "03:00"

.github/release.yml

@@ -0,0 +1,36 @@
+# .github/release.yml
+
+changelog:
+  exclude:
+    labels:
+      - chore
+      - ignore
+  categories:
+    - title: 🛠 Breaking Changes 
+      labels:
+        - breaking-change
+    - title: 🎉 New Features 
+      labels:
+        - enhancement
+        - feature
+    - title: 🐛 Bug Fixes
+      labels:
+        - bug
+    - title: 🔒 Security Fixes
+      labels:
+        - security
+    - title: 🚀 Performance Improvements
+      labels:
+        - performance
+    - title: 👒 Dependencies
+      labels:
+        - dependencies
+    - title: 📚 Documentation
+      labels:
+        - documentation
+    - title: 🔬 Testing
+      labels:
+        - testing
+    - title: 📝 Other Changes
+      labels:
+        - "*"

.github/workflows/CargoAudit.yml

@@ -0,0 +1,26 @@
+name: Audit cargo dependencies for security vulnerabilities
+on:
+  schedule:
+    - cron: "0 9 * * 2" # run at 9am every Tuesday
+  workflow_dispatch: # allow manual triggering
+
+permissions:
+    issues: write # Creates issues for any vulnerabilities found
+    contents: read
+    checks: write # Needs to create check
+
+jobs:
+  audit:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v6
+
+      # We are not using the common workflow here because it installs a bunch of tools we don't need.
+      # TODO: Once the runner image is updated to include the necessary tools (without downloading), we can switch to the common workflow.
+      - uses: dtolnay/rust-toolchain@master
+        with:
+          toolchain: "1.89"
+
+      - uses: rustsec/audit-check@v2.0.0
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/CreateRelease.yml

@@ -0,0 +1,90 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+name: Create a Release
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [dev]
+
+permissions:
+  id-token: write
+  contents: write # needed to create a release
+
+jobs:
+  build:
+    uses: ./.github/workflows/dep_build.yml
+    secrets: inherit
+    with:
+        environment: release
+  benchmarks:
+    uses: ./.github/workflows/dep_benchmarks.yml
+    secrets: inherit
+    with:
+        download-benchmarks: true
+        upload-benchmarks: true
+        environment: release
+
+  publish-hyperlight-js-packages-and-create-release:
+    needs: [build, benchmarks]
+    environment: release
+    runs-on: [self-hosted, Linux, X64, "1ES.Pool=hld-kvm-amd"]
+    if: ${{ contains(github.ref, 'refs/heads/release/') }}
+
+    steps:
+      - uses: actions/checkout@v6
+        with:
+          fetch-depth: 0
+          fetch-tags: true
+
+      # Ensures just is installed using setup wokflow to ensure just version consistency
+      - name: Hyperlight setup
+        uses: hyperlight-dev/ci-setup-workflow@v1.8.0
+        with:
+          rust-toolchain: "1.89"
+
+      - name: Set crate versions
+        run: |
+          git fetch --tags || true
+          version=$(echo "${{ github.ref }}" | sed -E 's#refs/heads/release/v##')
+          echo "Setting version to 'v$version'"
+          echo "HYPERLIGHT_JS_VERSION=v$version" >> $GITHUB_ENV
+
+      - name: Publish hyperlight-js
+        run: |
+          cargo publish -p hyperlight-js-runtime
+          cargo publish -p hyperlight-js
+
+      - name: Download benchmarks (Windows)
+        uses: actions/download-artifact@v7
+        with:
+          name: benchmarks_Windows_whp
+          path: benchmarks_Windows_whp
+
+      - name: Download benchmarks (Linux kvm)
+        uses: actions/download-artifact@v7
+        with:
+          name: benchmarks_Linux_kvm
+          path: benchmarks_Linux_kvm
+
+      - name: Download benchmarks (Linux hyperv3)
+        uses: actions/download-artifact@v7
+        with:
+          name: benchmarks_Linux_hyperv3
+          path: benchmarks_Linux_hyperv3
+  
+      - name: Archive benchmarks
+        run: |
+          tar -zcvf benchmarks_Windows_whp.tar.gz benchmarks_Windows_whp
+          tar -zcvf benchmarks_Linux_kvm.tar.gz benchmarks_Linux_kvm
+          tar -zcvf benchmarks_Linux_hyperv3.tar.gz benchmarks_Linux_hyperv3
+
+      - name: Create GH Release
+        run: |
+            gh release create ${{ env.HYPERLIGHT_JS_VERSION }} \
+              --generate-notes \
+              benchmarks_Windows_whp.tar.gz \
+              benchmarks_Linux_kvm.tar.gz \
+              benchmarks_Linux_hyperv3.tar.gz
+        env:
+            GH_TOKEN: ${{ github.token }}

.github/workflows/CreateReleaseBranch.yml

@@ -0,0 +1,30 @@
+# yaml-language-server: $schema=https://json.schemastore.org/github-workflow.json
+
+# When a git tag with the prefix 'v' is pushed to the repository, this workflow will create a new release branch called release/<tag name>.
+
+name: Create a Release Branch
+
+on:
+  push:
+    tags:
+      - "v*"
+
+permissions:
+  contents: write # needed to push the new branch
+
+jobs:
+  create-branch:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v6
+
+      - uses: extractions/setup-just@v3
+        with:
+          just-version: "1.40"
+
+      - name: Create Release Branch
+        run: |
+          git checkout -b release/${GITHUB_REF_NAME}
+          git push --set-upstream origin release/${GITHUB_REF_NAME}
+        shell: bash

.github/workflows/IssueLabelChecker.yml

@@ -0,0 +1,22 @@
+name: Issue Labeler
+on:
+  issues:
+    types: [opened]
+
+permissions:
+  issues: write
+  contents: read
+
+jobs:
+  labeler:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6
+    - name: Check and Add label
+      run: |
+        LABELS=$(gh issue view ${{ github.event.issue.number }} --json labels -q '.labels[].name')
+        if [[ $LABELS != *"needs review"* ]]; then
+          gh issue edit ${{ github.event.issue.number }} --add-label "needs review"
+        fi
+      env:
+        GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}