Update static linking build step after GCM changes #40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| merge_group: | |
| workflow_dispatch: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| RUST_TEST_TIME_UNIT: 10,30 | |
| RUST_TEST_TIME_INTEGRATION: 10,30 | |
| RUST_TEST_TIME_DOCTEST: 10,30 | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref_name }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| toolchains: | |
| name: Determine toolchains | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| toolchains: ${{ steps.toolchains.outputs.toolchains }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| sparse-checkout: Cargo.toml | |
| persist-credentials: false | |
| - id: toolchains | |
| run: | | |
| msrv="$(grep rust-version Cargo.toml | tr -d '"' | cut -f3 -d\ )" | |
| echo "toolchains=[\"$msrv\", \"stable\", \"nightly\"]" >> "$GITHUB_OUTPUT" | |
| check: | |
| name: Run checks | |
| needs: toolchains | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-24.04, ubuntu-24.04-arm, macos-15, windows-2025] | |
| rust-toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} | |
| type: [debug] | |
| # Include some dynamically-linked release builds, to check that that works on all platforms. | |
| include: | |
| - os: ubuntu-24.04 | |
| rust-toolchain: stable | |
| type: release | |
| - os: macos-15 | |
| rust-toolchain: stable | |
| type: release | |
| - os: windows-2025 | |
| rust-toolchain: stable | |
| type: release | |
| # TODO: Remove once Neqo's MSRV is increased to 1.82.0. NSS build | |
| # fails on Windows with Rust 1.81.0. Firefox does not use Rust 1.81.0 | |
| # (except for testing, see | |
| # https://bugzilla.mozilla.org/show_bug.cgi?id=1968057#c1). Firefox | |
| # uses Rust 1.82.0. Thus this is not worth fixing. Let's explicitly | |
| # use Rust 1.82.0 here for now. | |
| - os: windows-2025 | |
| rust-toolchain: 1.82.0 | |
| type: debug | |
| # Also do some debug builds on the oldest OS versions. | |
| # FIXME: NSS compile fails? | |
| # - os: ubuntu-22.04 | |
| # rust-toolchain: stable | |
| # type: debug | |
| - os: macos-13 | |
| rust-toolchain: stable | |
| type: debug | |
| - os: windows-2022 | |
| rust-toolchain: stable | |
| type: debug | |
| exclude: | |
| # TODO: Remove once Neqo's MSRV is increased to 1.82.0. NSS build | |
| # fails on Windows with Rust 1.81.0. Firefox does not use Rust 1.81.0 | |
| # (except for testing, see | |
| # https://bugzilla.mozilla.org/show_bug.cgi?id=1968057#c1). Firefox | |
| # uses Rust 1.82.0. Thus this is not worth fixing. Let's explicitly | |
| # use Rust 1.82.0 here for now. | |
| - os: windows-2025 | |
| rust-toolchain: 1.81.0 | |
| type: debug | |
| env: | |
| BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/rust | |
| with: | |
| version: ${{ matrix.rust-toolchain }} | |
| components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools' || '' }} | |
| tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov' || '' }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - id: nss-version | |
| run: echo "minimum=$(cat min_version.txt)" >> "$GITHUB_OUTPUT" | |
| - uses: ./.github/actions/nss | |
| with: | |
| minimum-version: ${{ steps.nss-version.outputs.minimum }} | |
| - name: Check | |
| run: | | |
| # shellcheck disable=SC2086 | |
| cargo check $BUILD_TYPE --locked --all-targets | |
| - name: Run tests and determine coverage | |
| env: | |
| RUST_LOG: trace | |
| RUST_BACKTRACE: 1 | |
| RUST_TEST_TIME_UNIT: 10,30 | |
| RUST_TEST_TIME_INTEGRATION: 10,30 | |
| RUST_TEST_TIME_DOCTEST: 10,30 | |
| TOOLCHAIN: ${{ matrix.rust-toolchain }} | |
| run: | | |
| DUMP_SIMULATION_SEEDS="$(pwd)/simulation-seeds" | |
| export DUMP_SIMULATION_SEEDS | |
| # shellcheck disable=SC2086 | |
| if [ "$TOOLCHAIN" == "stable" ]; then | |
| cargo llvm-cov test $BUILD_TYPE --locked --include-ffi --codecov --output-path codecov.json | |
| else | |
| cargo test $BUILD_TYPE --locked | |
| fi | |
| - name: CodeCov Windows workaround | |
| if: matrix.os == 'windows-2025' && matrix.type == 'debug' && matrix.rust-toolchain == 'stable' | |
| run: | | |
| # FIXME: Without this, the codecov/codecov-action fails. No idea why it's looking under C:/msys64 now, it shouldn't. | |
| mkdir -p C:/msys64/home/runneradmin/ | |
| touch C:/msys64/home/runneradmin/.gitconfig | |
| - uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 | |
| with: | |
| files: codecov.json | |
| fail_ci_if_error: false | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| verbose: true | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
| if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable' | |
| - name: Save simulation seeds artifact | |
| if: ${{ always() }} | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 | |
| with: | |
| name: simulation-seeds-${{ matrix.os }}-${{ matrix.rust-toolchain }}-${{ matrix.type }} | |
| path: simulation-seeds | |
| compression-level: 9 | |
| check-cargo-lock: | |
| name: Ensure `Cargo.lock` contains all required dependencies | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/rust | |
| with: | |
| version: stable | |
| tools: cargo-hack | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: | | |
| cargo update -w --locked | |
| cargo hack update -w --locked | |
| check-android: | |
| name: Check Android | |
| if: github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| target: ['x86_64-linux-android', 'i686-linux-android'] # 'aarch64-linux-android' not currently working | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - id: nss-version | |
| run: echo "minimum=$(cat min_version.txt)" >> "$GITHUB_OUTPUT" | |
| - uses: ./.github/actions/check-android | |
| with: | |
| target: ${{ matrix.target }} | |
| minimum-nss-version: ${{ steps.nss-version.outputs.minimum }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| codecov-token: ${{ secrets.CODECOV_TOKEN }} | |
| check-vm: | |
| name: Run checks for VM-only platforms | |
| if: github.actor != 'dependabot[bot]' | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ freebsd, openbsd, netbsd ] # NSS package on 'solaris' is too old. | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/check-vm | |
| with: | |
| platform: ${{ matrix.os }} | |
| codecov-token: ${{ secrets.CODECOV_TOKEN }} | |