Skip to content

ci: no --locked for fuzzing #115

ci: no --locked for fuzzing

ci: no --locked for fuzzing #115

Workflow file for this run

name: CI
on:
push:
branches: ['**']
pull_request:
branches: [master]
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
# Default to a read-only token. Jobs that need to upload artifacts or
# create check-runs should opt in explicitly with their own `permissions:`
# block; today nothing on this workflow writes back to the repo.
permissions:
contents: read
jobs:
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- name: Check formatting
run: cargo fmt --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
strategy:
matrix:
include:
- features: ""
name: default
- features: ttl-nix
name: ttl-nix
- features: ttl-pnet
name: ttl-pnet
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- uses: Swatinem/rust-cache@v2
with:
key: clippy-${{ matrix.name }}
- name: Clippy (${{ matrix.name }})
run: |
if [ -n "${{ matrix.features }}" ]; then
cargo clippy --all --tests --features ${{ matrix.features }} -- -D warnings
else
cargo clippy --all --tests -- -D warnings
fi
shell: bash
test:
name: Test (${{ matrix.os }}, ${{ matrix.rust }})
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-latest
rust: stable
features: --all-features
- os: ubuntu-latest
rust: beta
features: --all-features
- os: macos-latest
rust: stable
features: ""
# No Windows test job: the lib test binary statically links
# pnet's Packet.dll / wpcap.dll, which neither windows-latest
# nor windows-2022 ship any more (windows-2025 rollover
# dropped it; the Npcap installer hangs on /S silent mode in
# CI). Build coverage for Windows is preserved by the
# `build-release` matrix below. The long-term fix is gating
# pnet behind a Cargo feature on Windows so the default
# binary doesn't link it at all — tracked for 0.8.1.
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
- uses: Swatinem/rust-cache@v2
with:
key: test-${{ matrix.os }}-${{ matrix.rust }}
- name: Run tests
run: cargo test --verbose ${{ matrix.features }}
test-features:
name: Test Features
runs-on: ubuntu-latest
strategy:
matrix:
include:
- features: ""
name: default
- features: ttl-nix
name: ttl-nix
- features: ttl-pnet
name: ttl-pnet
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
key: test-features-${{ matrix.name }}
- name: Test (${{ matrix.name }})
run: |
if [ -n "${{ matrix.features }}" ]; then
cargo test --verbose --features ${{ matrix.features }}
else
cargo test --verbose
fi
shell: bash
build-release:
name: Build Release (${{ matrix.target }})
runs-on: ${{ matrix.os }}
strategy:
matrix:
include:
- os: ubuntu-latest
target: x86_64-unknown-linux-gnu
- os: macos-latest
target: x86_64-apple-darwin
# See pin rationale on the test job above.
- os: windows-2022
target: x86_64-pc-windows-msvc
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- uses: Swatinem/rust-cache@v2
with:
key: release-${{ matrix.target }}
- name: Install Npcap SDK (Windows)
if: matrix.os == 'windows-2022'
shell: pwsh
run: |
Invoke-WebRequest -Uri "https://npcap.com/dist/npcap-sdk-1.13.zip" -OutFile "$env:TEMP/npcap-sdk.zip"
Expand-Archive -Path "$env:TEMP/npcap-sdk.zip" -DestinationPath "C:/npcap-sdk"
echo "LIB=C:/npcap-sdk/Lib/x64" >> $env:GITHUB_ENV
- name: Build release
run: cargo build --release --target ${{ matrix.target }}
msrv:
name: MSRV Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@1.93.0
- uses: Swatinem/rust-cache@v2
with:
key: msrv
- name: Check MSRV
run: cargo check --all-features
doc:
name: Documentation
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
key: doc
- name: Build documentation
run: cargo doc --no-deps --all-features
env:
RUSTDOCFLAGS: -D warnings
package-deb:
name: Package DEB
runs-on: ubuntu-latest
needs: [test]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
key: package-deb
- name: Install cargo-deb
run: cargo install cargo-deb --locked
- name: Build DEB package
run: cargo deb
- name: Verify DEB package
run: |
DEB=$(ls target/debian/*.deb)
echo "=== Package info ==="
dpkg-deb --info "$DEB"
echo "=== Package contents ==="
dpkg-deb --contents "$DEB"
dpkg-deb --contents "$DEB" | grep -q usr/bin/stamp-suite
dpkg-deb --contents "$DEB" | grep -q lib/systemd/system/stamp-suite.service
dpkg-deb --contents "$DEB" | grep -q usr/share/snmp/mibs/STAMP-SUITE-MIB.mib
echo "All expected files present in DEB package."
package-rpm:
name: Package RPM
runs-on: ubuntu-latest
needs: [test]
steps:
- uses: actions/checkout@v4
- uses: dtolnay/rust-toolchain@stable
- uses: Swatinem/rust-cache@v2
with:
key: package-rpm
- name: Install RPM tools
run: sudo apt-get update && sudo apt-get install -y rpm
- name: Install cargo-generate-rpm
run: cargo install cargo-generate-rpm --locked
- name: Build release binary
run: cargo build --release --all-features
- name: Build RPM package
run: cargo generate-rpm
- name: Verify RPM package
run: |
RPM=$(ls target/generate-rpm/*.rpm)
echo "=== Package info ==="
rpm -qip "$RPM"
echo "=== Package contents ==="
rpm -qlp "$RPM"
rpm -qlp "$RPM" | grep -q /usr/bin/stamp-suite
rpm -qlp "$RPM" | grep -q stamp-suite.service
rpm -qlp "$RPM" | grep -q STAMP-SUITE-MIB.mib
echo "All expected files present in RPM package."
nix-build:
name: Nix Build
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: cachix/install-nix-action@v31
with:
nix_path: nixpkgs=channel:nixpkgs-unstable
- name: Build with Nix
run: nix build --print-build-logs
security-audit:
name: Security Audit
runs-on: ubuntu-latest
# Override the workflow-default contents-read token so the
# rustsec/audit-check action can post its findings as a check-run
# (it needs checks:write) and open issues for new advisories
# (issues:write — optional but harmless).
permissions:
contents: read
checks: write
issues: write
steps:
- uses: actions/checkout@v4
- uses: rustsec/audit-check@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
mib-lint:
name: MIB Lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install libsmi tools
# The package supplying `smilint` is named `smitools` on Ubuntu
# 24.04+ and `libsmi2-bin` on older Debian/Ubuntu. Try the new
# name first; fall back so the job survives a base-image bump.
run: |
sudo apt-get update
sudo apt-get install -y smitools || sudo apt-get install -y libsmi2-bin
- name: Lint STAMP-SUITE-MIB
# Lint level 4 = errors and major warnings (style nits like missing
# DESCRIPTION clauses are ignored). Raise to -l 6 once the MIB is
# clean at level 5.
run: smilint -l 4 mibs/STAMP-SUITE-MIB.mib