CI #11876
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| pull_request: | |
| merge_group: | |
| workflow_dispatch: | |
| env: | |
| CARGO_TERM_COLOR: always | |
| RUST_BACKTRACE: 1 | |
| RUST_TEST_TIME_UNIT: 10,30 | |
| RUST_TEST_TIME_INTEGRATION: 10,30 | |
| RUST_TEST_TIME_DOCTEST: 10,30 | |
| CARGO_PROFILE_RELEASE_LTO: true | |
| CARGO_PROFILE_RELEASE_CODEGEN_UNITS: 1 | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| permissions: | |
| contents: read | |
| defaults: | |
| run: | |
| shell: bash | |
| jobs: | |
| toolchains: | |
| name: Determine toolchains | |
| runs-on: ubuntu-24.04 | |
| outputs: | |
| toolchains: ${{ steps.toolchains.outputs.toolchains }} | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - id: toolchains | |
| uses: mozilla/actions/toolchains@7cca521fd0ace71bc6ee830c4a98297023e3402b # v1.1.18 | |
| check: | |
| name: Run checks | |
| needs: toolchains | |
| # TODO: Restore `environment: codecov` once GitHub supports filtering deployment messages. | |
| # environment: codecov | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-24.04, ubuntu-24.04-arm, macos-15, windows-2025] | |
| rust-toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} | |
| type: [debug] | |
| # Include some dynamically-linked release builds, to check that that works on all platforms. | |
| include: | |
| - os: ubuntu-24.04 | |
| rust-toolchain: stable | |
| type: release | |
| - os: macos-15 | |
| rust-toolchain: stable | |
| type: release | |
| - os: windows-2025 | |
| rust-toolchain: stable | |
| type: release | |
| # Also do some debug builds on the oldest OS versions. | |
| - os: ubuntu-22.04 | |
| rust-toolchain: stable | |
| type: debug | |
| - os: macos-14 | |
| rust-toolchain: stable | |
| type: debug | |
| - os: windows-2022 | |
| rust-toolchain: stable | |
| type: debug | |
| env: | |
| BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - uses: mozilla/actions/rust@7cca521fd0ace71bc6ee830c4a98297023e3402b # v1.1.18 | |
| with: | |
| version: ${{ matrix.rust-toolchain }} | |
| components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'rust-src ' || '' }} | |
| tools: cargo-hack ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'cargo-careful' || '' }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - id: nss-version | |
| uses: ./.github/actions/minimum-version | |
| with: | |
| directory: . | |
| - uses: mozilla/actions/nss@7cca521fd0ace71bc6ee830c4a98297023e3402b # v1.1.18 | |
| with: | |
| minimum-version: ${{ steps.nss-version.outputs.minimum }} | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Run tests and determine coverage | |
| env: | |
| RUST_LOG: trace | |
| RUST_BACKTRACE: 1 | |
| RUST_TEST_TIME_UNIT: 10,30 | |
| RUST_TEST_TIME_INTEGRATION: 10,30 | |
| RUST_TEST_TIME_DOCTEST: 10,30 | |
| TOOLCHAIN: ${{ matrix.rust-toolchain }} | |
| # FIXME: cargo-careful at the moment only works on amd64 Ubuntu | |
| CAREFUL: ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'careful' || '' }} | |
| run: | | |
| DUMP_SIMULATION_SEEDS="$(pwd)/simulation-seeds" | |
| export DUMP_SIMULATION_SEEDS | |
| # shellcheck disable=SC2086 | |
| if [ "$TOOLCHAIN" == "stable" ]; then | |
| cargo llvm-cov test $BUILD_TYPE --locked --include-ffi --codecov --output-path codecov.json | |
| if [ "$RUNNER_OS" == "Linux" ] && [ -z "$BUILD_TYPE" ]; then | |
| cargo llvm-cov report --lcov --include-ffi --output-path lcov.info | |
| fi | |
| elif [ -n "$CAREFUL" ]; then | |
| cargo careful test $BUILD_TYPE --locked --target "$(rustc --print host-tuple)" | |
| fi | |
| # Run tests across all meaningful feature combinations. | |
| # shellcheck disable=SC2086 | |
| cargo hack test $BUILD_TYPE --locked --feature-powerset --all-targets --exclude-features gecko,ci,bench,build-fuzzing-corpus,test-fixture --mutually-exclusive-features blapi,disable-encryption,default | |
| - name: Run client/server transfer | |
| run: | | |
| # shellcheck disable=SC2086 | |
| cargo build $BUILD_TYPE --locked --bin neqo-client --bin neqo-server | |
| "target/$BUILD_DIR/neqo-server" "$HOST:4433" & | |
| PID=$! | |
| # Give the server time to start. | |
| sleep 1 | |
| "target/$BUILD_DIR/neqo-client" --output-dir . "https://$HOST:4433/$SIZE" | |
| kill $PID | |
| [ "$(wc -c <"$SIZE")" -eq "$SIZE" ] || exit 1 | |
| env: | |
| HOST: localhost | |
| SIZE: 54321 | |
| RUST_LOG: warn | |
| BUILD_DIR: ${{ matrix.type == 'release' && 'release' || 'debug' }} | |
| - name: CodeCov Windows workaround | |
| if: ${{ startsWith(matrix.os, 'windows') && matrix.type == 'debug' && matrix.rust-toolchain == 'stable' }} | |
| run: | | |
| # FIXME: Without this, the codecov/codecov-action fails. No idea why it's looking under C:/msys64 now, it shouldn't. | |
| mkdir -p C:/msys64/home/runneradmin/ | |
| touch C:/msys64/home/runneradmin/.gitconfig | |
| - uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| if: matrix.os == 'ubuntu-24.04' && matrix.rust-toolchain == 'stable' && matrix.type == 'debug' | |
| with: | |
| name: lcov-coverage | |
| path: lcov.info | |
| retention-days: 1 | |
| - uses: codecov/codecov-action@e79a6962e0d4c0c17b229090214935d2e33f8354 # v6.0.1 | |
| with: | |
| files: codecov.json | |
| fail_ci_if_error: false | |
| token: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env] | |
| verbose: true | |
| flags: ${{ startsWith(matrix.os, 'ubuntu') && 'linux' || startsWith(matrix.os, 'macos') && 'macos' || 'windows' }} | |
| env: | |
| CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env] | |
| if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable' | |
| - name: Save simulation seeds artifact | |
| if: ${{ always() }} | |
| uses: actions/upload-artifact@043fb46d1a93c77aae656e7c1c64a875d1fc6a0a # v7.0.1 | |
| with: | |
| name: simulation-seeds-${{ matrix.os }}-${{ matrix.rust-toolchain }}-${{ matrix.type }} | |
| path: simulation-seeds | |
| compression-level: 9 | |
| crap: | |
| name: CRAP analysis | |
| needs: check | |
| if: ${{ !cancelled() }} | |
| runs-on: ubuntu-24.04 | |
| permissions: | |
| contents: read | |
| security-events: write # for uploading SARIF to code scanning | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - uses: actions/download-artifact@3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c # v8.0.1 | |
| with: | |
| name: lcov-coverage | |
| - uses: mozilla/actions/crap@7cca521fd0ace71bc6ee830c4a98297023e3402b # v1.1.18 | |
| with: | |
| lcov-path: lcov.info | |
| threshold: "30" | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: github/codeql-action/upload-sarif@87557b9c84dde89fdd9b10e88954ac2f4248e463 # v4.36.1 | |
| with: | |
| sarif_file: crap.sarif | |
| category: cargo-crap | |
| check-cargo-lock: | |
| name: Ensure `Cargo.lock` contains all required dependencies | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - uses: mozilla/actions/rust@7cca521fd0ace71bc6ee830c4a98297023e3402b # v1.1.18 | |
| with: | |
| version: stable | |
| tools: cargo-hack | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - run: | | |
| cargo update -w --locked | |
| cargo hack update -w --locked | |
| check-android: | |
| name: Check Android | |
| runs-on: ubuntu-24.04 | |
| strategy: | |
| matrix: | |
| target: ["x86_64-linux-android", "aarch64-linux-android"] | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - id: nss-version | |
| uses: ./.github/actions/minimum-version | |
| with: | |
| directory: . | |
| - uses: ./.github/actions/check-android | |
| with: | |
| target: ${{ matrix.target }} | |
| minimum-nss-version: ${{ steps.nss-version.outputs.minimum }} | |
| github-token: ${{ secrets.GITHUB_TOKEN }} | |
| check-vm: | |
| name: Run checks for VM-only platforms | |
| runs-on: ubuntu-24.04 | |
| # TODO: Restore `environment: codecov` once GitHub supports filtering deployment messages. | |
| # environment: codecov | |
| # OpenBSD, NetBSD and Solaris often have NSS packages that are too old. | |
| # Allow them to fail without aborting the merge queue. | |
| continue-on-error: ${{ github.event_name == 'merge_group' && matrix.os != 'freebsd' }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # TODO: NSS package on 'solaris' is too old (3.110). | |
| os: [freebsd, netbsd, openbsd] | |
| steps: | |
| - uses: actions/checkout@df4cb1c069e1874edd31b4311f1884172cec0e10 # v6.0.3 | |
| with: | |
| persist-credentials: false | |
| - uses: ./.github/actions/check-vm | |
| with: | |
| platform: ${{ matrix.os }} | |
| codecov-token: ${{ secrets.CODECOV_TOKEN }} # zizmor: ignore[secrets-outside-env] |