chore: grant more permissions to the qns release workflow #7511
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
pull_request: | |
branches: | |
- main | |
name: ci | |
env: | |
CARGO_INCREMENTAL: 0 | |
CARGO_NET_RETRY: 10 | |
RUSTUP_MAX_RETRIES: 10 | |
RUST_BACKTRACE: 1 | |
# Pin the nightly toolchain to prevent breakage. | |
# This should be occasionally updated. | |
RUST_NIGHTLY_TOOLCHAIN: nightly-2024-10-09 | |
CDN: https://dnglbrstg7yg.cloudfront.net | |
# enable unstable features for testing | |
S2N_UNSTABLE_CRYPTO_OPT_TX: 100 | |
S2N_UNSTABLE_CRYPTO_OPT_RX: 100 | |
# By default depandabot only receives read permissions. Explicitly give it write | |
# permissions which is needed by the ouzi-dev/commit-status-updater task. | |
# | |
# Updating status is relatively safe (doesnt modify source code) and caution | |
# should we taken before adding more permissions. | |
permissions: | |
statuses: write | |
id-token: write # This is required for requesting the JWT/OIDC | |
jobs: | |
env: | |
runs-on: ubuntu-latest | |
outputs: | |
rust-versions: ${{ steps.definitions.outputs.versions }} | |
msrv: ${{ steps.definitions.outputs.msrv }} | |
examples: ${{ steps.definitions.outputs.examples }} | |
crates: ${{ steps.definitions.outputs.crates }} | |
steps: | |
- uses: actions/checkout@v4 | |
# examples is populated by | |
# find all child folders in the examples directory | |
# jq -R - raw content is passed in (not json, just strings) | |
# jq -s - slurp the content into an object | |
# jq '. += ' adds the s2n-quic-xdp and s2n-quic-dc crates to the list of crates we build | |
# Many of the xdp crates have much more complex build processes, so we | |
# don't try to build all of them. | |
# jq -c - output the object in (c)ompact mode on a single line, github | |
# will fail to parse multi line output | |
# | |
# the output is echo'd to make debugging easier | |
- name: Evaluate definitions | |
id: definitions | |
run: | | |
export MSRV=$(rustup show | awk 'NF' | awk 'END{print $2}') | |
echo "msrv=$MSRV" | |
echo "msrv=$MSRV" >> $GITHUB_OUTPUT | |
export RAW_VERSIONS="stable beta $RUST_NIGHTLY_TOOLCHAIN $MSRV" | |
export VERSIONS=$(echo $RAW_VERSIONS | jq -scR 'rtrimstr("\n")|split(" ")|.') | |
echo "versions=$VERSIONS" | |
echo "versions=$VERSIONS" >> $GITHUB_OUTPUT | |
export EXAMPLES=$(find examples/ -maxdepth 1 -mindepth 1 -type d | jq -R | jq -sc) | |
echo "examples=$EXAMPLES" | |
echo "examples=$EXAMPLES" >> $GITHUB_OUTPUT | |
export CRATES=$(find quic common -name *Cargo.toml | jq -R | jq -s | jq '. += ["tools/xdp/s2n-quic-xdp/Cargo.toml","dc/s2n-quic-dc/Cargo.toml"]' | jq -c) | |
echo "crates=$CRATES" | |
echo "crates=$CRATES" >> $GITHUB_OUTPUT | |
rustfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal --component rustfmt | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- name: Run cargo fmt | |
run: | | |
cargo fmt --all -- --check | |
clippy: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- toolchain: stable | |
# fail on stable warnings | |
args: "-D warnings" | |
- toolchain: beta | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ matrix.toolchain }} --profile minimal --component clippy | |
rustup override set ${{ matrix.toolchain }} | |
- uses: camshaft/rust-cache@v1 | |
# TODO translate json reports to in-action warnings | |
- name: Run cargo clippy | |
run: | | |
# deriving Eq may break API compatibility so we disable it | |
# See https://github.com/rust-lang/rust-clippy/issues/9063 | |
# | |
# manual_clamp will panic when min > max | |
# See https://github.com/rust-lang/rust-clippy/pull/10101 | |
cargo clippy --all-features --all-targets --workspace -- -A clippy::derive_partial_eq_without_eq -A clippy::manual_clamp ${{ matrix.args }} | |
udeps: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- uses: camshaft/rust-cache@v1 | |
- uses: camshaft/install@v1 | |
with: | |
crate: cargo-udeps | |
- name: Run cargo udeps | |
run: cargo udeps --workspace --all-targets | |
env: | |
RUSTC_WRAPPER: "" | |
doc: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
- name: Run cargo doc | |
run: cargo doc --all-features --no-deps --workspace --exclude s2n-quic-qns | |
- uses: aws-actions/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole | |
role-session-name: S2nQuicGHAS3Session | |
aws-region: us-west-2 | |
- name: Upload to S3 | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
id: s3 | |
run: | | |
TARGET="${{ github.sha }}/doc" | |
aws s3 sync target/doc "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
URL="$CDN/$TARGET/s2n_quic/index.html" | |
echo "URL=$URL" >> $GITHUB_OUTPUT | |
- uses: ouzi-dev/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
name: "doc / report" | |
status: "success" | |
url: "${{ steps.s3.outputs.URL }}" | |
test: | |
runs-on: ${{ matrix.os }} | |
needs: env | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: ${{ fromJson(needs.env.outputs.rust-versions) }} | |
os: [ubuntu-latest, macOS-latest, windows-latest] | |
target: [native] | |
env: [default] | |
include: | |
- os: windows-latest | |
# s2n-tls and s2n-quic-dc don't currently build on windows | |
exclude: --exclude s2n-quic-tls --exclude s2n-quic-dc | |
- rust: stable | |
os: ubuntu-latest | |
target: aarch64-unknown-linux-gnu | |
# s2n-quic-dc doesn't currently build on aarch64 | |
exclude: --exclude s2n-quic-dc | |
- rust: stable | |
os: ubuntu-latest | |
target: i686-unknown-linux-gnu | |
- rust: stable | |
os: ubuntu-latest | |
target: x86_64-unknown-linux-musl | |
args: --features aws-lc-bindgen | |
# test with different platform features | |
- rust: stable | |
os: ubuntu-latest | |
target: native | |
env: S2N_QUIC_PLATFORM_FEATURES_OVERRIDE="" | |
# s2n-quic-dc requires platform features | |
exclude: --exclude s2n-quic-dc | |
- rust: stable | |
os: ubuntu-latest | |
target: native | |
env: S2N_QUIC_PLATFORM_FEATURES_OVERRIDE="mtu_disc,pktinfo,tos,socket_msg" >> $GITHUB_ENV; echo S2N_QUIC_RUN_VERSION_SPECIFIC_TESTS=1 | |
steps: | |
- uses: ilammy/setup-nasm@v1 | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
submodules: true | |
- name: Install cross target | |
if: ${{ matrix.target != 'native' }} | |
run: | | |
rustup target add ${{ matrix.target }} | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ matrix.rust }} | |
rustup override set ${{ matrix.rust }} | |
# if not 'native', this install the toolchain for target, otherwise it's a noop | |
rustup toolchain install ${{ matrix.rust }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }} | |
- name: Install cross | |
if: ${{ matrix.target != 'native' }} | |
uses: camshaft/install@v1 | |
with: | |
crate: cross | |
- uses: camshaft/rust-cache@v1 | |
with: | |
key: ${{ matrix.target }} | |
- name: Restore fuzz corpus | |
shell: bash | |
run: | | |
find . -name 'corpus.tar.gz' -exec dirname {} ';' | xargs -L 1 bash -c 'cd "$0" && rm -rf corpus && tar xf corpus.tar.gz' | |
- name: Set environment variables | |
if: ${{ matrix.env != 'default' }} | |
run: echo ${{ matrix.env }} >> $GITHUB_ENV | |
# Build the tests before running to improve cross compilation speed | |
- name: Run cargo/cross build | |
run: | | |
${{ matrix.target != 'native' && 'cross' || 'cargo' }} build --tests --workspace ${{ matrix.exclude }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }} ${{ matrix.args }} | |
- name: Run cargo/cross test | |
run: | | |
${{ matrix.target != 'native' && 'cross' || 'cargo' }} test --workspace ${{ matrix.exclude }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }} ${{ matrix.args }} | |
fips: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust stable toolchain | |
id: stable-toolchain | |
run: | | |
rustup toolchain install stable | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
- name: Run test (rustls) | |
run: | | |
cargo test --no-default-features --features "provider-tls-fips provider-tls-rustls" | |
- name: Run test (s2n-tls) | |
run: | | |
cargo test --no-default-features --features "provider-tls-fips provider-tls-s2n" | |
miri: | |
# miri needs quite a bit of memory so use a larger instance | |
runs-on: | |
labels: s2n_ubuntu-20.04_8-core | |
strategy: | |
fail-fast: false | |
matrix: | |
crate: [quic/s2n-quic-core, quic/s2n-quic-platform] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --component miri,rust-src | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- uses: camshaft/rust-cache@v1 | |
with: | |
key: ${{ matrix.crate }} | |
- name: ${{ matrix.crate }} | |
# Disabling capture speeds up miri execution: https://github.com/rust-lang/miri/issues/1780#issuecomment-830664528 | |
run: cd ${{ matrix.crate }} && cargo miri test -- --nocapture | |
env: | |
# needed to read corpus files from filesystem | |
MIRIFLAGS: -Zmiri-disable-isolation | |
no_std: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --component rust-src | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- uses: camshaft/rust-cache@v1 | |
- name: Run cargo build | |
run: ./scripts/test_no_std ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
compliance: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- uses: ./.github/actions/duvet | |
with: | |
report-script: ./scripts/compliance | |
report-path: ./target/compliance/report.html | |
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole | |
role-session-name: S2nQuicGHAS3Session | |
aws-s3-region: us-west-2 | |
aws-s3-bucket-name: s2n-quic-ci-artifacts | |
cdn: $CDN | |
coverage: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
submodules: true | |
- name: Restore fuzz corpus | |
run: | | |
find . -name 'corpus.tar.gz' -exec dirname {} ';' | xargs -L 1 bash -c 'cd "$0" && rm -rf corpus && tar xf corpus.tar.gz' | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --component llvm-tools-preview | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- uses: camshaft/rust-cache@v1 | |
- name: Install cargo-llvm-cov | |
run: curl -LsSf https://github.com/taiki-e/cargo-llvm-cov/releases/latest/download/cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz | tar xzf - -C ~/.cargo/bin | |
- name: Run cargo llvm-cov | |
run: cargo llvm-cov --html --no-fail-fast --workspace --exclude s2n-quic-qns --exclude s2n-quic-events --all-features | |
- uses: aws-actions/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole | |
role-session-name: S2nQuicGHAS3Session | |
aws-region: us-west-2 | |
- name: Upload results | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
id: s3 | |
run: | | |
TARGET="${{ github.sha }}/coverage" | |
aws s3 sync target/llvm-cov/html "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
URL="$CDN/$TARGET/index.html" | |
echo "URL=$URL" >> $GITHUB_OUTPUT | |
- uses: ouzi-dev/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
name: "coverage / report" | |
status: "success" | |
url: "${{ steps.s3.outputs.URL }}" | |
# This CI step will directly build each crate in common/ and quic/ which is | |
# useful because it sidesteps the feature resolution that normally occurs in a | |
# workspace build. We make sure that the crates build with default features, | |
# otherwise release to crates.io will be blocked | |
crates: | |
needs: env | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
crate: ${{ fromJson(needs.env.outputs.crates) }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- name: Run cargo build | |
run: cargo build --manifest-path ${{ matrix.crate }} | |
examples: | |
needs: env | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
example: ${{ fromJson(needs.env.outputs.examples) }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
# nightly features are used for formatting | |
- name: Install rust nightly toolchain | |
id: nightly-toolchain | |
run: | | |
rustup toolchain install nightly --component rustfmt | |
- name: Install rust stable toolchain | |
id: stable-toolchain | |
run: | | |
rustup toolchain install stable | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
with: | |
key: ${{ matrix.example }} | |
- name: format | |
working-directory: ${{ matrix.example }} | |
run: cargo +nightly fmt --all -- --check | |
- name: lint | |
working-directory: ${{ matrix.example }} | |
run: cargo clippy --all-features --all-targets -- -A clippy::manual_clamp -A clippy::uninlined_format_args -D warnings | |
# not all examples will build with the --manifest-path argument, since the | |
# manifest-path argument will pull configuration from the current directory | |
# instead of the directory with the Cargo.toml file | |
- name: build | |
working-directory: ${{ matrix.example }} | |
# TODO make sure the example actually runs as well | |
run: cargo build | |
recovery-simulations: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
- name: Run simulations | |
run: | | |
./scripts/recovery-sim | |
- uses: aws-actions/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole | |
role-session-name: S2nQuicGHAS3Session | |
aws-region: us-west-2 | |
- name: Upload to S3 | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
id: s3 | |
run: | | |
TARGET="${{ github.sha }}/recovery-simulations" | |
aws s3 sync target/recovery-sim "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
URL="$CDN/$TARGET/index.html" | |
echo "URL=$URL" >> $GITHUB_OUTPUT | |
- uses: ouzi-dev/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
name: "recovery-simulations / report" | |
status: "success" | |
url: "${{ steps.s3.outputs.URL }}" | |
sims: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
- name: Run cargo build | |
run: cargo build --bin s2n-quic-sim --release | |
- name: Run simulations | |
run: | | |
./scripts/sim | |
- uses: aws-actions/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole | |
role-session-name: S2nQuicGHAS3Session | |
aws-region: us-west-2 | |
- name: Upload to S3 | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
id: s3 | |
run: | | |
TARGET="${{ github.sha }}/sim" | |
aws s3 sync target/s2n-quic-sim "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
URL="$CDN/$TARGET/index.html" | |
echo "URL=$URL" >> $GITHUB_OUTPUT | |
- uses: ouzi-dev/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
name: "sims / report" | |
status: "success" | |
url: "${{ steps.s3.outputs.URL }}" | |
copyright: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Check | |
run: | | |
./scripts/copyright_check | |
# ensures the event codegen is up to date | |
events: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal --component rustfmt | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- uses: camshaft/rust-cache@v1 | |
- name: Run events codegen | |
run: | | |
cargo run --bin s2n-quic-events | |
- name: Check to make sure the generated events are up-to-date | |
run: | | |
# If this fails you need to run `cargo run --bin s2n-quic-events` | |
git diff --exit-code | |
# ensures there are no unused snapshots | |
snapshots: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- name: Install cargo-insta | |
uses: camshaft/install@v1 | |
with: | |
crate: cargo-insta | |
- uses: camshaft/rust-cache@v1 | |
- name: Run cargo insta test | |
run: | | |
cargo insta test --all --delete-unreferenced-snapshots | |
- name: Check to make sure there are no unused snapshots | |
run: | | |
# If this fails, a test that was asserting a snapshot is no longer being executed. | |
git diff --exit-code | |
# generates a report of time spent in compilation | |
# https://doc.rust-lang.org/stable/cargo/reference/timings.html | |
timing: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal | |
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
- name: Run cargo build | |
run: | | |
cd examples/echo | |
cargo build --timings --release --workspace | |
- uses: aws-actions/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole | |
role-session-name: S2nQuicGHAS3Session | |
aws-region: us-west-2 | |
- name: Upload to S3 | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
id: s3 | |
run: | | |
TARGET="${{ github.sha }}/timing/index.html" | |
aws s3 cp examples/echo/target/cargo-timings/cargo-timing.html "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
URL="$CDN/$TARGET" | |
echo "URL=$URL" >> $GITHUB_OUTPUT | |
- uses: ouzi-dev/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
name: "timing / report" | |
status: "success" | |
url: "${{ steps.s3.outputs.URL }}" | |
typos: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- uses: camshaft/install@v1 | |
with: | |
crate: typos-cli | |
bins: typos | |
- name: Run typos | |
run: | | |
./scripts/typos --format json | tee /tmp/typos.json | jq -rs '.[] | "::error file=\(.path),line=\(.line_num),col=\(.byte_offset)::\(.typo) should be \"" + (.corrections // [] | join("\" or \"") + "\"")' | |
cat /tmp/typos.json | |
! grep -q '[^[:space:]]' /tmp/typos.json | |
kani: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
crate: [common/s2n-codec, quic/s2n-quic-core, quic/s2n-quic-platform] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Kani run | |
uses: model-checking/[email protected] | |
with: | |
working-directory: ${{ matrix.crate }} | |
dhat: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
- name: Run cargo build | |
working-directory: tools/memory-report | |
run: cargo build --release --workspace | |
- name: Run server | |
working-directory: tools/memory-report | |
run: ./target/release/memory-report server & | |
- name: Run client | |
working-directory: tools/memory-report | |
run: ./target/release/memory-report client > report.tsv | |
- name: Prepare artifacts | |
working-directory: tools/memory-report | |
run: | | |
mkdir -p target/report | |
mv report.tsv target/report/ | |
mv dhat-heap.json target/report/ | |
- uses: aws-actions/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole | |
role-session-name: S2nQuicGHAS3Session | |
aws-region: us-west-2 | |
- name: Upload to S3 | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
id: s3 | |
working-directory: tools/memory-report | |
run: | | |
TARGET="${{ github.sha }}/dhat" | |
aws s3 sync target/report "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks | |
URL="$CDN/dhat/dh_view.html?url=/$TARGET/dhat-heap.json" | |
echo "URL=$URL" >> $GITHUB_OUTPUT | |
- uses: ouzi-dev/[email protected] | |
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name | |
with: | |
name: "dhat / report" | |
status: "success" | |
url: "${{ steps.s3.outputs.URL }}" | |
loom: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
crate: [quic/s2n-quic-core] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal | |
rustup override set stable | |
- uses: camshaft/rust-cache@v1 | |
with: | |
key: ${{ matrix.crate }} | |
- name: ${{ matrix.crate }} | |
# run the tests with release mode since some of the loom models can be expensive | |
run: cd ${{ matrix.crate }} && cargo test --release loom | |
env: | |
RUSTFLAGS: --cfg loom -Cdebug-assertions | |
xdp: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: Install rust toolchain | |
id: toolchain | |
run: | | |
rustup toolchain install stable --profile minimal --component clippy,rustfmt | |
rustup override set stable | |
- uses: camshaft/install@v1 | |
with: | |
crate: bpf-linker | |
- uses: camshaft/rust-cache@v1 | |
- name: Run clippy | |
working-directory: tools/xdp | |
run: cargo +stable clippy | |
- name: Build ebpf | |
working-directory: tools/xdp | |
env: | |
RUST_LOG: trace | |
run: cargo +stable xtask ci | |
dc-wireshark: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macOS-latest] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
lfs: true | |
- name: Install rust toolchain | |
run: | | |
rustup toolchain install stable --profile minimal --component clippy,rustfmt | |
rustup override set stable | |
- uses: camshaft/install@v1 | |
with: | |
crate: bindgen-cli | |
bins: bindgen | |
- uses: camshaft/rust-cache@v1 | |
- name: Generate bindings | |
working-directory: dc/wireshark | |
run: cargo xtask bindings | |
- name: Run cargo fmt | |
working-directory: dc/wireshark | |
run: cargo fmt --all -- --check | |
- name: Run clippy | |
working-directory: dc/wireshark | |
run: cargo clippy --tests | |
- name: Run tests | |
working-directory: dc/wireshark | |
run: cargo xtask test | |
- name: Run build | |
working-directory: dc/wireshark | |
run: cargo xtask build |