checks #2990
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: checks | |
| permissions: | |
| contents: read | |
| on: | |
| push: | |
| branches: | |
| - "release/**" | |
| pull_request: | |
| branches-ignore: | |
| - "release/**" | |
| schedule: | |
| - cron: "0 4 * * *" | |
| merge_group: | |
| types: [checks_requested] | |
| workflow_call: {} | |
| jobs: | |
| build: | |
| name: Build and test | |
| runs-on: "${{ matrix.os }}" | |
| strategy: | |
| matrix: | |
| include: | |
| - rust: stable | |
| os: ubuntu-latest | |
| features: "" | |
| target: "x86_64-unknown-linux-gnu" | |
| - rust: beta | |
| os: ubuntu-latest | |
| features: "" | |
| target: "x86_64-unknown-linux-gnu" | |
| - rust: "msrv" | |
| os: ubuntu-latest | |
| features: "" | |
| target: "x86_64-unknown-linux-gnu" | |
| - rust: "stable" | |
| os: ubuntu-latest | |
| features: "" | |
| target: "x86_64-unknown-linux-musl" | |
| - rust: "stable" | |
| os: macos-latest | |
| features: "" | |
| target: "aarch64-apple-darwin" | |
| - rust: "stable" | |
| os: ubuntu-latest | |
| features: "--all-features" | |
| target: "x86_64-unknown-linux-gnu" | |
| - rust: "msrv" | |
| os: ubuntu-latest | |
| features: "--all-features" | |
| target: "x86_64-unknown-linux-gnu" | |
| - rust: "stable" | |
| os: ubuntu-latest | |
| features: "--all-features" | |
| target: "x86_64-unknown-linux-musl" | |
| - rust: "stable" | |
| os: macos-latest | |
| features: "--all-features" | |
| target: "aarch64-apple-darwin" | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: false | |
| - name: Set target rust version | |
| run: echo "TARGET_RUST_VERSION=$(if [ "${{matrix.rust}}" = "msrv" ]; then grep rust-version Cargo.toml | grep MSRV | cut -d'"' -f2; else echo "${{matrix.rust}}"; fi)" >> $GITHUB_ENV | |
| - name: Install nightly toolchain for direct-minimal-versions | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: nightly | |
| targets: "${{ matrix.target }}" | |
| if: ${{ matrix.rust == 'msrv' }} | |
| - name: Install toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: "${TARGET_RUST_VERSION}" | |
| targets: "${{ matrix.target }}" | |
| - name: Downgrade direct dependencies to minimal versions | |
| run: cargo +nightly update -Z direct-minimal-versions | |
| if: ${{ matrix.rust == 'msrv' }} | |
| - name: Install cross-compilation tools | |
| uses: taiki-e/setup-cross-toolchain-action@84e58a47fc2bcd3821a2aa8c153595bbffb0e10f | |
| with: | |
| target: ${{ matrix.target }} | |
| - name: Install cargo-llvm-cov | |
| uses: taiki-e/install-action@e43a5023a747770bfcb71ae048541a681714b951 | |
| with: | |
| tool: cargo-llvm-cov | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 | |
| with: | |
| shared-key: "${{matrix.rust}}-${{matrix.target}}" | |
| - name: cargo build | |
| run: cargo build ${{ matrix.features }} | |
| - name: cargo test | |
| run: cargo llvm-cov --target ${{matrix.target}} ${{ matrix.features }} --lcov --output-path lcov.info | |
| env: | |
| RUST_BACKTRACE: 1 | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 # v5.5.1 | |
| if: matrix.rust == 'stable' | |
| with: | |
| files: ./lcov.info | |
| fail_ci_if_error: false | |
| flags: test-${{matrix.target}} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| name: test | |
| verbose: true | |
| unused: | |
| name: Check unused dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: false | |
| - name: Install nightly toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: nightly | |
| - name: Install udeps | |
| uses: taiki-e/install-action@e43a5023a747770bfcb71ae048541a681714b951 | |
| with: | |
| tool: cargo-udeps | |
| - name: cargo udeps | |
| run: cargo udeps --workspace --all-targets | |
| - name: cargo udeps (fuzzer) | |
| run: cargo udeps --manifest-path ./fuzz/Cargo.toml --all-targets | |
| #note: can't validate config/nts.*.toml because of intentionally missing files | |
| validate: | |
| name: Validate configs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: false | |
| - name: ./ntp.toml | |
| run: cargo run --bin ntp-ctl -- -c ./ntp.toml validate | |
| - name: ./ntp.server.toml | |
| run: cargo run --bin ntp-ctl -- -c ./ntp.server.toml validate | |
| - name: ./ntp-proto/test-keys/unsafe.nts.client.toml | |
| run: cargo run --bin ntp-ctl -- -c ./ntp-proto/test-keys/unsafe.nts.client.toml validate | |
| - name: ./ntp-proto/test-keys/unsafe.nts.server.toml | |
| run: cargo run --bin ntp-ctl -- -c ./ntp-proto/test-keys/unsafe.nts.server.toml validate | |
| - name: ./config/ntp.demobilize.toml | |
| run: cargo run --bin ntp-ctl -- -c ./config/ntp.demobilize.toml validate | |
| - name: ./pkg/common/ntp.toml.default | |
| run: cargo run --bin ntp-ctl -- -c ./docs/examples/conf/ntp.toml.default validate | |
| man-sync: | |
| name: Validate man pages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: false | |
| - name: Build man pages | |
| run: utils/generate-man.sh target/docs/man | |
| - name: Compare generated pages with precompiled | |
| run: diff -r -s --color "docs/precompiled/man" "target/docs/man" | |
| format: | |
| name: Format | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: false | |
| - name: Install rust toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| components: rustfmt | |
| - name: Check formatting | |
| run: cargo fmt --all --check | |
| - name: Check formatting (fuzzers) | |
| run: cargo fmt --manifest-path ./fuzz/Cargo.toml --all --check | |
| - name: Check formatting (fuzz_rand_shim) | |
| run: cargo fmt --manifest-path ./fuzz/fuzz_rand_shim/Cargo.toml --all --check | |
| clippy: | |
| name: Clippy | |
| strategy: | |
| matrix: | |
| include: | |
| - target: x86_64-unknown-linux-gnu | |
| runs_on: ubuntu-latest | |
| fuzzer: true | |
| - target: armv7-unknown-linux-gnueabihf | |
| runs_on: ubuntu-latest | |
| fuzzer: false | |
| - target: x86_64-unknown-linux-musl | |
| runs_on: ubuntu-latest | |
| fuzzer: false | |
| - target: aarch64-apple-darwin | |
| runs_on: macos-latest | |
| fuzzer: false | |
| runs-on: ${{matrix.runs_on}} | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: false | |
| - name: Install rust toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: stable | |
| components: clippy | |
| targets: ${{matrix.target}} | |
| - name: Setup tools for cross compilation | |
| uses: awalsh128/cache-apt-pkgs-action@acb598e5ddbc6f68a970c5da0688d2f3a9f04d05 # v1.6.0 | |
| with: | |
| packages: musl-tools qemu-user-static crossbuild-essential-armhf crossbuild-essential-arm64 crossbuild-essential-i386 | |
| version: 1 | |
| if: ${{matrix.runs_on == 'ubuntu-latest'}} | |
| - name: Install bindgen-cli | |
| uses: taiki-e/install-action@e43a5023a747770bfcb71ae048541a681714b951 | |
| with: | |
| tool: bindgen-cli | |
| if: ${{matrix.runs_on == 'ubuntu-latest'}} | |
| - name: Rust cache | |
| uses: Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1 | |
| with: | |
| shared-key: "stable-${{matrix.target}}" | |
| - name: Run clippy | |
| run: cargo clippy --target ${{matrix.target}} --workspace --all-targets --features hardware-timestamping,__internal-fuzz,__internal-test,__internal-api -- -D warnings | |
| - name: Run clippy (fuzzers) | |
| run: cargo clippy --target ${{matrix.target}} --manifest-path ./fuzz/Cargo.toml --all-targets -- -D warnings | |
| if: ${{matrix.fuzzer}} | |
| - name: Run clippy (fuzz_rand_shim) | |
| run: cargo clippy --target ${{matrix.target}} --manifest-path ./fuzz/fuzz_rand_shim/Cargo.toml --all-targets -- -D warnings | |
| if: ${{matrix.fuzzer}} | |
| fuzz-code-coverage: | |
| name: Fuzz with code coverage | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| include: | |
| - fuzz_target: cookie_parsing_sound | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: duration_from_float | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: encrypted_client_parsing | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: encrypted_server_parsing | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: ipfilter | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: key_exchange_response_parsing | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: key_exchange_request_parsing | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: packet_keyset | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: packet_parsing_sound | |
| corpus: "" | |
| features: '' | |
| - fuzz_target: record_encode_decode | |
| corpus: "" | |
| features: '' | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| with: | |
| persist-credentials: false | |
| - name: Install nightly toolchain | |
| uses: dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9 | |
| with: | |
| toolchain: nightly | |
| components: llvm-tools-preview | |
| - name: Install cargo fuzz & rustfilt | |
| uses: taiki-e/install-action@e43a5023a747770bfcb71ae048541a681714b951 | |
| with: | |
| tool: cargo-fuzz,rustfilt | |
| - name: Run `cargo fuzz` | |
| env: | |
| RUST_BACKTRACE: "1" | |
| # prevents `cargo fuzz coverage` from rebuilding everything | |
| RUSTFLAGS: "-C instrument-coverage" | |
| run: | | |
| cargo fuzz run --target $(rustc --print host-tuple) ${{matrix.features}} ${{matrix.fuzz_target}} ${{matrix.corpus}} -- -max_total_time=10 | |
| - name: Fuzz codecov | |
| run: | | |
| cargo fuzz coverage --target $(rustc --print host-tuple) ${{matrix.features}} ${{matrix.fuzz_target}} ${{matrix.corpus}} | |
| $(rustc --print sysroot)/lib/rustlib/$(rustc --print host-tuple)/bin/llvm-cov export -Xdemangler=rustfilt \ | |
| target/x86_64-unknown-linux-musl/coverage/$(rustc --print host-tuple)/release/${{matrix.fuzz_target}} \ | |
| -instr-profile=fuzz/coverage/${{matrix.fuzz_target}}/coverage.profdata \ | |
| --format=lcov \ | |
| -ignore-filename-regex="\.cargo|\.rustup" > lcov.info | |
| - name: Upload coverage to Codecov | |
| uses: codecov/codecov-action@5a1091511ad55cbe89839c7260b706298ca349f7 | |
| with: | |
| files: ./lcov.info | |
| fail_ci_if_error: false | |
| flags: fuzz-${{ matrix.fuzz_target }} | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| name: fuzz | |
| audit-dependencies: | |
| name: Audit dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 | |
| - uses: EmbarkStudios/cargo-deny-action@f2ba7abc2abebaf185c833c3961145a3c275caad | |
| with: | |
| arguments: --workspace --all-features | |
| - uses: EmbarkStudios/cargo-deny-action@f2ba7abc2abebaf185c833c3961145a3c275caad | |
| with: | |
| manifest-path: ./fuzz/Cargo.toml | |
| arguments: --all-features |