Use cargo-careful w/ CI tests (#312) #1249
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: | |
- '*' | |
env: | |
RUST_BACKTRACE: 1 | |
# We can pin the version if nightly is too unstable. | |
# Otherwise, we test against the latest version. | |
RUST_NIGHTLY_TOOLCHAIN: nightly | |
# Mirai version tag, updates this whenever a new version | |
# is released. | |
MIRAI_TOOLCHAIN: nightly-2023-05-09 | |
MIRAI_TAG: v1.1.8 | |
jobs: | |
rustfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
components: rustfmt | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo fmt | |
run : cargo fmt -- --check --verbose | |
clippy: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ] | |
features: | |
- "--features bindgen" | |
- "--features bindgen,fips" | |
exclude: | |
- crate_dir: aws-lc-sys | |
features: "--features bindgen,fips" | |
- crate_dir: aws-lc-fips-sys | |
features: "--features bindgen,fips" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
components: clippy | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo clippy | |
working-directory: ${{ matrix.crate_dir }} | |
run: cargo clippy ${{ matrix.features }} --all-targets -- -W clippy::all -W clippy::pedantic -D warnings | |
apidiff: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ] | |
diff_target: [ "branch", "published" ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: nightly-2023-08-25 | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Install cargo-public-api | |
run: cargo install cargo-public-api | |
- name: Perform API Diff (Target Branch) | |
if: matrix.diff_target == 'branch' | |
working-directory: ${{ matrix.crate_dir }} | |
run: cargo public-api diff --deny changed --deny removed ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | |
- name: Perform API Diff (Published) | |
if: matrix.diff_target == 'published' | |
working-directory: ${{ matrix.crate_dir }} | |
shell: bash | |
run: | | |
CRATE_NAME="${{ matrix.crate_dir }}" | |
CRATE_VERSION=$(cargo search --limit 1 ${CRATE_NAME} | head -n 1 | sed -e 's/[^"]*"\([^"]*\)".*/\1/') | |
cargo public-api diff --deny changed --deny removed "${CRATE_VERSION}" | |
dependency-review: | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout Repository' | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: 'Dependency Review' | |
uses: actions/dependency-review-action@v3 | |
with: | |
allow-licenses: Apache-2.0, ISC, MIT, MIT-0 | |
udeps: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Install cargo-udeps | |
run: cargo install cargo-udeps | |
- name: Run cargo udeps | |
# we only use openssl when the openssl-benchmarks feature is enabled. | |
# openssl is a dev-dependency so it can't be optional. | |
run: cargo udeps --workspace --all-targets --features openssl-benchmarks | |
env: | |
RUSTC_WRAPPER: "" | |
aws-lc-rs-cross-test: | |
name: aws-lc-rs cross tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ 1.72.1 ] # TODO: return to stable | |
os: [ ubuntu-latest ] | |
target: | |
- arm-unknown-linux-gnueabihf | |
- aarch64-unknown-linux-gnu | |
- i686-unknown-linux-gnu | |
- powerpc64le-unknown-linux-gnu | |
- riscv64gc-unknown-linux-gnu | |
- arm-linux-androideabi | |
- armv7-linux-androideabi | |
- aarch64-linux-android | |
- powerpc64-unknown-linux-gnu | |
- powerpc-unknown-linux-gnu | |
- x86_64-unknown-linux-musl | |
- aarch64-unknown-linux-musl | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
target: ${{ matrix.target }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Install cross | |
run: cargo install cross --git https://github.com/cross-rs/cross | |
- name: Cross-compilation | |
if: ${{ matrix.target == 'aarch64-unknown-linux-gnu' || matrix.target == 'i686-unknown-linux-gnu' }} | |
working-directory: ./aws-lc-rs | |
run: cross test --features unstable --target ${{ matrix.target }} | |
- name: Cross-compilation w/ bindgen | |
working-directory: ./aws-lc-rs | |
run: cross test --release --features bindgen,unstable --target ${{ matrix.target }} | |
aws-lc-rs-platform-build: | |
name: Cross-platform build | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ macos-13-xlarge ] | |
target: [ aarch64-apple-ios-sim ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
target: ${{ matrix.target }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
run: cargo test --features bindgen,unstable --target ${{ matrix.target }} | |
env: | |
DYLD_ROOT_PATH: "/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime/Contents/Resources/RuntimeRoot" | |
sys-crate-tests: | |
name: sys crate tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macos-12 ] | |
features: [ aws-lc-sys, aws-lc-fips-sys ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@stable | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo test | |
working-directory: ./sys-testing | |
run: cargo test --features ${{ matrix.features }} --no-default-features | |
- name: Run cargo run | |
working-directory: ./sys-testing | |
run: cargo run --features ${{ matrix.features }} --no-default-features | |
aws-lc-rs-test: | |
name: aws-lc-rs tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
args: | |
- --all-targets --features unstable | |
- --release --all-targets --features unstable | |
- --no-default-features --features non-fips,unstable | |
- --no-default-features --features non-fips,ring-io,unstable | |
- --no-default-features --features non-fips,ring-sig-verify,unstable | |
- --no-default-features --features non-fips,alloc,unstable | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} | |
- name: Run extra tests | |
working-directory: ./aws-lc-rs-testing | |
run: cargo test --all-targets | |
fips-test: | |
name: aws-lc-rs fips-tests | |
runs-on: ${{ matrix.os }} | |
env: | |
CC: clang | |
CXX: clang++ | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
args: | |
- --release --all-targets --features fips,unstable | |
- --no-default-features --features fips,unstable | |
- --no-default-features --features fips,ring-io,unstable | |
- --no-default-features --features fips,ring-sig-verify,unstable | |
- --no-default-features --features fips,alloc,unstable | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.18' | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
# Doc-tests fail to link with dynamic build | |
# See: https://github.com/rust-lang/cargo/issues/8531 | |
run: cargo test --tests ${{ matrix.args }} | |
bindgen-test: | |
name: aws-lc-rs bindgen-tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
args: | |
- --no-default-features --features aws-lc-sys,bindgen,unstable | |
- --release --all-targets --features bindgen,unstable | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} | |
windows-test: | |
name: aws-lc-rs windows-tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ windows-2019 ] | |
args: | |
- --all-targets --features unstable | |
- --all-targets --features bindgen,unstable | |
- --release --all-targets --features unstable | |
- --no-default-features --features non-fips,unstable | |
- --no-default-features --features non-fips,ring-io,unstable | |
- --no-default-features --features non-fips,ring-sig-verify,unstable | |
- --no-default-features --features non-fips,alloc,unstable | |
steps: | |
- uses: ilammy/setup-nasm@v1 | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} | |
publish-dry-run: | |
name: publish dry-run | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ windows-2019, ubuntu-latest, macos-12, macos-13-xlarge ] | |
args: | |
- publish --dry-run | |
steps: | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.18' | |
- run: go version | |
- if: ${{ matrix.os == 'windows-2019' }} | |
uses: ilammy/setup-nasm@v1 | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: aws-lc-sys | |
working-directory: ./aws-lc-sys | |
run: cargo ${{ matrix.args }} | |
- name: aws-lc-fips-sys | |
if: ${{ matrix.os != 'windows-2019' }} | |
working-directory: ./aws-lc-fips-sys | |
run: cargo ${{ matrix.args }} | |
- name: aws-lc-rs | |
working-directory: ./aws-lc-rs | |
run: cargo ${{ matrix.args }} | |
aws-lc-rs-coverage: | |
name: aws-ls-rs coverage | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
components: llvm-tools-preview | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Install cargo-llvm-cov | |
run: cargo install cargo-llvm-cov | |
- name: Run coverage | |
working-directory: ./aws-lc-rs | |
run: cargo llvm-cov --workspace --features unstable --no-fail-fast --ignore-filename-regex "aws-lc-(fips-)?sys/.*" --lcov --output-path ${{ runner.temp }}/lcov.info | |
- name: Upload coverage reports to Codecov | |
uses: codecov/codecov-action@v3 | |
env: | |
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} | |
with: | |
file: ${{ runner.temp }}/lcov.info | |
mirai-analysis: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ env.MIRAI_TOOLCHAIN }} | |
components: rust-src, rustc-dev, llvm-tools-preview | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Cache Cargo | |
uses: actions/[email protected] | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-mirai-${{ env.MIRAI_TAG }} | |
# https://github.com/facebookexperimental/MIRAI/blob/main/documentation/InstallationGuide.md#installing-mirai-into-cargo | |
- name: Install MIRAI | |
run: | | |
MIRAI_TMP_SRC=$(mktemp -d) | |
git clone --depth 1 --branch ${{ env.MIRAI_TAG }} https://github.com/facebookexperimental/MIRAI.git ${MIRAI_TMP_SRC} | |
pushd ${MIRAI_TMP_SRC} | |
cargo install --force --path ./checker --no-default-features | |
popd | |
rm -rf ${MIRAI_TMP_SRC} | |
- name: Run MIRAI | |
working-directory: ./aws-lc-rs | |
run: | | |
cargo mirai | |
aws-lc-rs-asan: | |
name: aws-lc-rs asan | |
strategy: | |
matrix: | |
args: | |
- | |
- --release | |
features: | |
- --features asan | |
- --no-default-features --features fips,asan | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@master | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run address sanitizers | |
env: | |
ASAN_OPTIONS: detect_leaks=1 | |
RUSTFLAGS: -Zsanitizer=address | |
RUSTDOCFLAGS: -Zsanitizer=address | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan | |
s2n-quic-integration: | |
name: s2n-quic-integration | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@stable | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run s2n-quic integration | |
working-directory: ./aws-lc-rs | |
run: | | |
./scripts/run-s2n-quic-integration.sh | |
rustls-integration: | |
name: rustls-integration | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@stable | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Install cargo-download | |
run: cargo install cargo-download | |
- name: Run rustls integration | |
working-directory: ./aws-lc-rs | |
run: | | |
./scripts/run-rustls-integration.sh | |
semver-checks: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: Check semver (Default Features) | |
uses: obi1kenobi/cargo-semver-checks-action@v2 | |
with: | |
package: aws-lc-rs | |
feature-group: default-features | |
- name: Check semver (FIPS) | |
uses: obi1kenobi/cargo-semver-checks-action@v2 | |
with: | |
package: aws-lc-rs | |
feature-group: only-explicit-features | |
features: fips | |
copyright: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check | |
run: | | |
./scripts/tools/copyright_check.sh | |
build-env-test: | |
name: aws-lc-rs build-env-test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
static: [ 0, 1 ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@stable | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
# Doc-tests fail to link with dynamic build | |
# See: https://github.com/rust-lang/cargo/issues/8531 | |
run: AWS_LC_SYS_STATIC=${{ matrix.static }} cargo test --tests | |
build-env-fips-test: | |
name: aws-lc-rs build-env-fips-test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macos-12, macos-13-xlarge ] | |
static: [ 0, 1 ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: dtolnay/rust-toolchain@stable | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.18' | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
if: ${{ matrix.os == 'ubuntu-latest' || matrix.static != 1 }} | |
# Doc-tests fail to link with dynamic build | |
# See: https://github.com/rust-lang/cargo/issues/8531 | |
run: AWS_LC_FIPS_SYS_STATIC=${{ matrix.static }} cargo test --tests --features fips | |
msrv: | |
name: Minimum Supported Rust Version | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- uses: dtolnay/rust-toolchain@stable | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Install cargo-msrv | |
run: cargo install cargo-msrv | |
- name: Verify msrv | |
working-directory: ./aws-lc-rs | |
run: cargo msrv verify | |
minimal-versions: | |
name: Resolve the dependencies to the minimum SemVer version | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- uses: dtolnay/rust-toolchain@nightly | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Setup to use minimal versions | |
working-directory: ./aws-lc-rs | |
run: cargo update -Z minimal-versions | |
- name: Build with minimal versions | |
working-directory: ./aws-lc-rs | |
run: cargo --locked check | |
careful: | |
name: Run carefully | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-12 | |
- macos-13-xlarge | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- uses: dtolnay/rust-toolchain@nightly | |
id: toolchain | |
- name: Set Rust toolchain override | |
run: rustup override set ${{ steps.toolchain.outputs.name }} | |
- name: Install cargo-careful | |
run: cargo install cargo-careful | |
- uses: actions/setup-go@v4 | |
with: | |
go-version: '>=1.18' | |
- name: Run tests | |
working-directory: ./aws-lc-rs | |
run: cargo +nightly careful test | |
- name: Run tests w/ FIPS | |
working-directory: ./aws-lc-rs | |
# Rust doc tests dislike dynamic linking | |
run: cargo +nightly careful test --tests --features fips,bindgen |