Skip to content
CI

chore: Exclude mozilla/actions from Dependabot updates #11245

Sign in to view logs

chore: Exclude mozilla/actions from Dependabot updates

chore: Exclude mozilla/actions from Dependabot updates #11245

Workflow file for this run

.github/workflows/check.yml at 66ff8fd
name: CI
on:
pull_request:
merge_group:
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_TEST_TIME_UNIT: 10,30
RUST_TEST_TIME_INTEGRATION: 10,30
RUST_TEST_TIME_DOCTEST: 10,30
CARGO_PROFILE_RELEASE_LTO: true
CARGO_PROFILE_RELEASE_CODEGEN_UNITS: 1
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
defaults:
run:
shell: bash
jobs:
toolchains:
name: Determine toolchains
runs-on: ubuntu-24.04
outputs:
toolchains: ${{ steps.toolchains.outputs.toolchains }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- id: toolchains
uses: mozilla/actions/toolchains@27cbe8fb5d338c2861b787e5de10410559065db1 # v1.1.3
check:
name: Run checks
needs: toolchains
# TODO: Restore `environment: codecov` once GitHub supports filtering deployment messages.
# environment: codecov
strategy:
fail-fast: false
matrix:
os: [ubuntu-24.04, ubuntu-24.04-arm, macos-15, windows-2025]
rust-toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }}
type: [debug]
# Include some dynamically-linked release builds, to check that that works on all platforms.
include:
- os: ubuntu-24.04
rust-toolchain: stable
type: release
- os: macos-15
rust-toolchain: stable
type: release
- os: windows-2025
rust-toolchain: stable
type: release
# Also do some debug builds on the oldest OS versions.
- os: ubuntu-22.04
rust-toolchain: stable
type: debug
- os: macos-14
rust-toolchain: stable
type: debug
- os: windows-2022
rust-toolchain: stable
type: debug
env:
BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: mozilla/actions/rust@27cbe8fb5d338c2861b787e5de10410559065db1 # v1.1.3
with:
version: ${{ matrix.rust-toolchain }}
components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'rust-src ' || '' }}
tools: cargo-hack ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'cargo-careful' || '' }}
token: ${{ secrets.GITHUB_TOKEN }}
- id: nss-version
uses: ./.github/actions/minimum-version
with:
directory: .
- uses: mozilla/actions/nss@27cbe8fb5d338c2861b787e5de10410559065db1 # v1.1.3
with:
minimum-version: ${{ steps.nss-version.outputs.minimum }}
token: ${{ secrets.GITHUB_TOKEN }}
- name: Run tests and determine coverage
env:
RUST_LOG: trace
RUST_BACKTRACE: 1
RUST_TEST_TIME_UNIT: 10,30
RUST_TEST_TIME_INTEGRATION: 10,30
RUST_TEST_TIME_DOCTEST: 10,30
TOOLCHAIN: ${{ matrix.rust-toolchain }}
# FIXME: cargo-careful at the moment only works on amd64 Ubuntu
CAREFUL: ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'careful' || '' }}
run: |
DUMP_SIMULATION_SEEDS="$(pwd)/simulation-seeds"
export DUMP_SIMULATION_SEEDS
# shellcheck disable=SC2086
if [ "$TOOLCHAIN" == "stable" ]; then
cargo llvm-cov test $BUILD_TYPE --locked --include-ffi --codecov --output-path codecov.json
elif [ -n "$CAREFUL" ]; then
cargo careful test $BUILD_TYPE --locked --target "$(rustc --print host-tuple)"
fi
# Run tests across all meaningful feature combinations.
# shellcheck disable=SC2086
cargo hack test $BUILD_TYPE --locked --feature-powerset --all-targets --exclude-features gecko,ci,bench,build-fuzzing-corpus,test-fixture
- name: Run client/server transfer
run: |
# shellcheck disable=SC2086
cargo build $BUILD_TYPE --locked --bin neqo-client --bin neqo-server
"target/$BUILD_DIR/neqo-server" "$HOST:4433" &
PID=$!
# Give the server time to start.
sleep 1
"target/$BUILD_DIR/neqo-client" --output-dir . "https://$HOST:4433/$SIZE"
kill $PID
[ "$(wc -c <"$SIZE")" -eq "$SIZE" ] || exit 1
env:
HOST: localhost
SIZE: 54321
RUST_LOG: warn
BUILD_DIR: ${{ matrix.type == 'release' && 'release' || 'debug' }}
- name: CodeCov Windows workaround
if: ${{ startsWith(matrix.os, 'windows') && matrix.type == 'debug' && matrix.rust-toolchain == 'stable' }}
run: |
# FIXME: Without this, the codecov/codecov-action fails. No idea why it's looking under C:/msys64 now, it shouldn't.
mkdir -p C:/msys64/home/runneradmin/
touch C:/msys64/home/runneradmin/.gitconfig
- uses: codecov/codecov-action@57e3a136b779b570ffcdbf80b3bdc90e7fab3de2 # v6.0.0
with:
files: codecov.json
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env]
verbose: true
flags: ${{ startsWith(matrix.os, 'ubuntu') && 'linux' || startsWith(matrix.os, 'macos') && 'macos' || 'windows' }}
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env]
if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable'
- name: Save simulation seeds artifact
if: ${{ always() }}
uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1
with:
name: simulation-seeds-${{ matrix.os }}-${{ matrix.rust-toolchain }}-${{ matrix.type }}
path: simulation-seeds
compression-level: 9
check-cargo-lock:
name: Ensure `Cargo.lock` contains all required dependencies
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: mozilla/actions/rust@27cbe8fb5d338c2861b787e5de10410559065db1 # v1.1.3
with:
version: stable
tools: cargo-hack
token: ${{ secrets.GITHUB_TOKEN }}
- run: |
cargo update -w --locked
cargo hack update -w --locked
check-android:
name: Check Android
runs-on: ubuntu-24.04
strategy:
matrix:
target: ["x86_64-linux-android", "aarch64-linux-android"]
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- id: nss-version
uses: ./.github/actions/minimum-version
with:
directory: .
- uses: ./.github/actions/check-android
with:
target: ${{ matrix.target }}
minimum-nss-version: ${{ steps.nss-version.outputs.minimum }}
github-token: ${{ secrets.GITHUB_TOKEN }}
check-vm:
name: Run checks for VM-only platforms
runs-on: ubuntu-24.04
# TODO: Restore `environment: codecov` once GitHub supports filtering deployment messages.
# environment: codecov
# OpenBSD, NetBSD and Solaris often have NSS packages that are too old.
# Allow them to fail without aborting the merge queue.
continue-on-error: ${{ github.event_name == 'merge_group' && matrix.os != 'freebsd' }}
strategy:
fail-fast: false
matrix:
# TODO: Re-enable openbsd once OpenBSD > 7.8 ships; nss-3.101 (the version in 7.8) is too old.
# TODO: Re-enable NetBSD once NetBSD > 10.1 ships with NSS >= 3.121.
os: [freebsd] # NSS package on 'solaris' is too old.
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: ./.github/actions/check-vm
with:
platform: ${{ matrix.os }}
codecov-token: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env]