-
Notifications
You must be signed in to change notification settings - Fork 25
185 lines (154 loc) · 5.99 KB
/
ci.yml
File metadata and controls
185 lines (154 loc) · 5.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
name: CI
on:
merge_group:
pull_request:
# smoelius: Every Thursday at 3:00 UTC (Wednesday at 22:00 EST), run `cargo test -- --ignored`.
schedule:
- cron: "0 3 * * 4"
workflow_dispatch:
concurrency:
group: ci-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
GROUP_RUNNER: target.'cfg(all())'.runner='group-runner'
permissions:
contents: read
jobs:
check-up-to-dateness:
outputs:
is-up-to-date: ${{ steps.main.outputs.is-up-to-date }}
runs-on: ubuntu-latest
steps:
- id: main
uses: trailofbits/check-up-to-dateness@v1
test:
needs: [check-up-to-dateness]
if: needs.check-up-to-dateness.outputs.is-up-to-date != 'true'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
package: [third-party, other]
serde_format: [postcard, bincode]
toolchain: [stable, nightly]
sha1_filenames: [false, true]
steps:
# smoelius: `fetch-depth: 0` is needed for the `git diff` command below.
- uses: actions/checkout@v6
with:
fetch-depth: 0
- name: Dylint versions
run: cargo search dylint | grep '^dylint' | sort | tee dylint_versions.txt
# smoelius: The `~/.cargo/` entries are from:
# * https://github.com/actions/cache/blob/main/examples.md#rust---cargo.
# * https://doc.rust-lang.org/cargo/guide/cargo-home.html#caching-the-cargo-home-in-ci
# The rest were added by me.
- uses: actions/cache@v5
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
~/.dylint_drivers/
~/.local/share/afl.rs/
~/.rustup/toolchains/
target/dylint/
key: ${{ matrix.toolchain }}-dylint-${{ hashFiles('dylint_versions.txt') }}
# smoelius: The Substrate tests require the `rust-src` component and the wasm32 target.
- name: Set toolchain
run: |
rustup default ${{ matrix.toolchain }}
rustup component add rust-src
rustup target add wasm32-unknown-unknown
# smoelius: The Substrate tests require `protoc`.
- name: Install protoc
run: |
sudo apt-get update
sudo apt-get install protobuf-compiler
# smoelius: Some of the `install` tests run older versions of cargo-afl that still use the
# gold linker. However, the gold linker does not work with the nightly toolchain. See:
# https://github.com/rust-fuzz/afl.rs/pull/597
- name: Remove gold linker
run: |
sudo rm -f /usr/bin/ld.gold
sudo ln -s /usr/bin/ld /usr/bin/ld.gold
- name: Install cargo-afl
run: cargo install cargo-afl || true
- name: Run afl-system-config
run: cargo afl system-config
- uses: taiki-e/install-action@v2
with:
tool: cargo-llvm-cov, cargo-udeps
# smoelius: I expect this list to grow.
- name: Install tools
run: |
rustup +nightly component add clippy rustfmt
cargo install cargo-dylint dylint-link || true
cargo install cargo-license || true
cargo install cargo-supply-chain || true
cargo install cargo-unmaintained || true
cargo install group-runner || true
npm install -g prettier
- name: Free up space
run: |
# https://github.com/actions/runner-images/issues/2606#issuecomment-772683150
sudo rm -rf /usr/local/lib/android
sudo rm -rf /usr/share/dotnet
sudo rm -rf /usr/share/swift
# du -sh /usr/*/* 2>/dev/null | sort -h || true
- name: Setup
run: |
if [[ ${{ matrix.package }} = 'third-party' ]]; then
MAYBE_THIRD_PARTY='--package third-party'
if [[ ${{ github.event_name }} = 'schedule' ]] ||
git diff --name-only ${{ github.event.pull_request.base.sha }} | grep -w 'patches\|third_party' >/dev/null
then
MAYBE_THIRD_PARTY="$MAYBE_THIRD_PARTY --features=test-third-party-full"
fi
else
MAYBE_THIRD_PARTY='--workspace --exclude third-party --features=test-install'
fi
SERDE_FORMAT='test-fuzz/serde_${{ matrix.serde_format }}'
NIGHTLY_CARGO_TEST_OPTIONS=
NIGHTLY_LIBTEST_OPTIONS=
if [[ ${{ matrix.toolchain }} = nightly ]]; then
NIGHTLY_CARGO_TEST_OPTIONS='--bins --lib --tests'
NIGHTLY_LIBTEST_OPTIONS='-Z unstable-options --report-time --shuffle --test-threads=1'
fi
BUILD_CMD="cargo build $MAYBE_THIRD_PARTY --features $SERDE_FORMAT --all-targets"
TEST_CMD="cargo test $MAYBE_THIRD_PARTY --features $SERDE_FORMAT $NIGHTLY_CARGO_TEST_OPTIONS --config $GROUP_RUNNER -- $NIGHTLY_LIBTEST_OPTIONS"
echo "BUILD_CMD=$BUILD_CMD" >> "$GITHUB_ENV"
echo "TEST_CMD=$TEST_CMD" >> "$GITHUB_ENV"
if ${{ matrix.sha1_filenames }}; then
echo 'AFL_SHA1_FILENAMES=1' >> "$GITHUB_ENV"
fi
- name: Build
run: $BUILD_CMD
- name: Test
run: |
$TEST_CMD
env:
AFL_NO_AFFINITY: 1
RUST_BACKTRACE: 1
RUST_LOG: warn
- name: Check for non-SHA1 filenames
if: ${{ matrix.sha1_filenames }}
run: |
if find target -name 'id:*' | grep .; then
exit 1
fi
all-checks:
needs:
- test
runs-on: ubuntu-latest
# smoelius: From "Defining prerequisite jobs"
# (https://docs.github.com/en/actions/using-jobs/using-jobs-in-a-workflow#defining-prerequisite-jobs):
# > If you would like a job to run even if a job it is dependent on did not succeed, use the
# > `always()` conditional expression in `jobs.<job_id>.if`.
if: ${{ always() }}
steps:
- name: Check results
if: ${{ contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') }}
run: exit 1