DIP17: describe native build extensions

text/17-automated-build-and-submit-pipeline.md

@@ -60,6 +60,19 @@ changelog = "added Herobrine"
 version = "1.42.0"
 ```
 
+The following are optional extensions to allow for more complicated build scenarios, including native code:
+
+```toml
+[build]
+image = "extended"
+
+[[build.needs]]
+type = "file"
+url = "some_file_url"
+dest = "filename"
+sha512 = "sha512_hash_of_file"
+```
+
 For this to work, the repository must be structured to be amenable to automatic builds and packaging, and it must be accessible to the CI pipeline (which in turn means it must be accessible to the public). Details of this will be covered in [reference-level-explanation].
 
 The `owners` array controls which GitHub accounts are allowed to publish updates for this manifest:
@@ -70,6 +83,12 @@ owners = [
 ]
 ```
 
+The `build.image` property refers to the Docker image used for building. By default, this is a minimalistic image that can build C# code; the `extended` image includes MSVC build tools and Wine, allowing it to build native C++ code. Future images may be made available to build other code. The extended image is defined [here](https://github.com/goatcorp/plogon-builder). There are currently two supported images, hardcoded in [Plogon](https://github.com/goatcorp/Plogon); a formal mechanism for this may be added at some point. This image is unversioned, but this will be revisited when required.
+
+The `build.needs` array property describes files that should be downloaded by the build agent and made available to the build environment, ala NixOS or similar build environments. An arbitrary number of files can be downloaded, but this will be checked by members of the review team. This is intended for direct dependencies required for your build script. These files are downloaded before the rest of the build occurs.
+
+If the plugin requires additional non-C# code to be built (i.e. for the purposes of building native or web code), a `plogonbuild.sh` file can be created in `project_path`. This is specified further in the [reference-level explanation][reference-level-explanation].
+
 This DIP also proposes moving all properties associated with `plugin.json` (formerly `$plugin_name.json`) into the project's `csproj` (or equivalent project file, including `fsproj`), and having the `plugin.json` be generated by DalamudPackager using the information within the `csproj`. Developers would still be able to maintain their own `json` if they really want to, but the new process should be easier (only one place to update all project-related metadata).
 
 This change would result in a new section being added to all `csproj`s that choose to participate. An example is provided of what this change would look like for GatherBuddy:
@@ -142,9 +161,13 @@ Developers should add a DalamudPackager step to their `csproj`. It will generate
 
 Developers are also encouraged to ensure that the `csproj` is only responsible for building the plugin, and does not build anything unrelated (normal dependencies are fine). This may require developers to partition their project, or use a conditional build step. Additionally, if the plugin has a build-time dependency on a non-.NET build (e.g. JavaScript assets), it is best if that dependency is built ahead of time and the result committed to the repository, as the CI will not be able to build it.
 
+As new plugins have been introduced that include native components (i.e. C++ or other such languages), the build agent will also execute a `./plogonbuild.sh` script located at `project_path` to produce any native artifacts. As these native components are likely to require the MSVC toolchain, it is recommended that you use the `extended` build image, as described above. An example of a build script can be seen in the [xivr repository](https://github.com/ProjectMimer/xivr/blob/main/dip17build.sh).
+
+This script runs before MSBuild builds the rest of your project. It has no network access, so you must use `build.needs` to fetch any relevant dependencies. The script is intended to build any direct dependencies of your C# code (i.e. native code).
+
 To encourage CI compatibility, as well as making it easier to test, a goatcorp-blessed GitHub Action will be made available that plugin developers can include as part of their repository. This action will build the package, similarly to how the CI would do it, so that developers can test locally with [act](https://github.com/nektos/act) or similar. This action will be made part of the existing plugin samples/templates, so that a user creating a new plugin will be automatically ready to go with CI. This action should be the same as the action run by the CI, or as close as possible.
 
-Finally, build successes and/or failures will be published to the #github Discord channel, or its equivalent, to keep plugin developers in the loop. This is not a strict requirement, and may be adjusted to ensure that the signal-to-noise ratio stays high.
+Finally, build successes and/or failures will be published to the #plugin-stream channel to keep plugin developers in the loop. This is not a strict requirement, and may be adjusted to ensure that the signal-to-noise ratio stays high.
 
 # Drawbacks
 
@@ -265,3 +288,5 @@ This would form the backbone of any future CI we do around plugin submission. Id
   - This is not an immediate problem as the plugin security model is currently too open to allow for it, anyway. It's something we can revisit in a future DIP.
 - This RFC does not currently describe a way to disable a plugin. The metadata structure could be extended with an `enabled: bool` that will govern whether or not the plugin is blacklisted, thus allowing both goatcorp and plugin developers to blacklist plugins with ease.
 - This RFC does not address automated building and deployment for plugins with hidden source or secrets, which will continue to submit to DalamudPlugins. This should be addressed at some point to allow plugins under these categories to submit. The current solution in mind for secrets is for the secret to be provided to goatcorp, who will then supply it to the GitHub runner, but this requires more thought. For hidden source plugins, we may ask developers to provide access to their repository for the buildbot, but we will need to ensure that this is done securely.
+- The existence of a build script, as well as the ability to download network dependencies, suggests a potential future extension of secrets encrypted with a goatcorp public key and decrypted by a private key provided by the build agent.
+- The build images are currently hardcoded. It would be nice to define these more systematically so that anyone can contribute images. (PRs welcome!)