diff --git a/.github/workflows/libssl.yaml b/.github/workflows/libssl.yaml index 2f21355..2774ce2 100644 --- a/.github/workflows/libssl.yaml +++ b/.github/workflows/libssl.yaml @@ -15,188 +15,49 @@ defaults: working-directory: rustls-libssl jobs: - build: - name: Build+test - runs-on: ${{ matrix.os }} + release_packages: + name: Produce release packages + runs-on: ubuntu-latest + container: ${{ matrix.container }} strategy: matrix: - rust: - - stable - - beta - - nightly - # TODO(XXX): consider replacing ubuntu-24.04 w/ ubuntu-latest when appropriate - os: [ubuntu-24.04, ubuntu-22.04] - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld - - - name: Install ${{ matrix.rust }} toolchain - uses: dtolnay/rust-toolchain@master - with: - toolchain: ${{ matrix.rust }} - - - run: make PROFILE=debug test - - run: make PROFILE=debug integration - # Note: we only check the client/server binaries here, assuming that - # is sufficient for any other test binaries. - - name: Verify debug builds were using ASAN - run: | - nm target/client | grep '__asan_init' - nm target/server | grep '__asan_init' - - name: Build release binaries - run: | - make clean - make PROFILE=release - - name: Verify release builds were not using ASAN - run: | - nm target/client | grep -v '__asan_init' - nm target/server | grep -v '__asan_init' - - valgrind: - name: Valgrind - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@stable - - name: Install valgrind - run: sudo apt-get update && sudo apt-get install -y valgrind - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld - - run: VALGRIND="valgrind -q" make PROFILE=release test integration + include: + - container: ubuntu:22.04 + package: deb + - container: ubuntu:24.04 + package: deb + # - container: fedora:40 + # package: rpm - docs: - name: Check for documentation errors - runs-on: ubuntu-latest steps: - name: Checkout sources uses: actions/checkout@v4 with: persist-credentials: false - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld - - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@nightly - - - name: cargo doc (all features) - run: cargo doc --all-features --no-deps --workspace - env: - RUSTDOCFLAGS: -Dwarnings - - format: - name: Format - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@stable - with: - components: rustfmt - - name: Check Rust formatting - run: cargo fmt --all -- --check - - name: Check src/entry.rs formatting - run: ./admin/format --all -- --check - - name: Check C formatting - run: make format-check - - name: Check ordering of build.rs entrypoints - run: ./admin/sort-entrypoints.py - - name: Check MATRIX.md is up-to-date - run: ./admin/matrix.py > MATRIX.md.new && diff -su MATRIX.md MATRIX.md.new + - name: Install rustup requirements (debian-like) + if: matrix.package == 'deb' + run: | + apt-get update + apt-get install -y curl build-essential - clippy: - name: Clippy - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Install rust toolchain + - name: Install stable rust toolchain uses: dtolnay/rust-toolchain@stable - with: - components: clippy - - name: Check clippy - # We allow unknown lints here because sometimes the nightly job - # (below) will have a new lint that we want to suppress. - # If we suppress (e.g. #![allow(clippy::arc_with_non_send_sync)]), - # we would get an unknown-lint error from older clippy versions. - run: cargo clippy --locked --workspace --all-targets -- -D warnings -A unknown-lints - - clippy-nightly-optional: - name: Clippy nightly (optional) - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@nightly - with: - components: clippy - - name: Check clippy - run: cargo clippy --locked --workspace --all-targets -- -D warnings - - clang-tidy: - name: Clang Tidy - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Clang tidy - run: clang-tidy tests/*.c -- -I src/ - miri: - name: Miri - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install nightly Rust - uses: dtolnay/rust-toolchain@nightly - - run: rustup override set "nightly-$(curl -s https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" - - run: rustup component add miri - - run: cargo miri test - - packaging: - name: Packaging - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld - - - name: Install cargo-get - run: cargo install cargo-get - - - name: Install nfpm + - name: Install build dependencies (debian-like) + if: matrix.package == 'deb' run: | + apt-get update + apt-get install -y openssl libssl3 libssl-dev lld + cargo install cargo-get go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest echo PATH=$PATH:$HOME/go/bin >> $GITHUB_ENV - - name: Build packages - run: make package PROFILE=release + - name: Build package + run: make package-${{ matrix.package }} PROFILE=release - - name: Test packages - run: make test-package PROFILE=release + - name: Archive package + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.package }} package built on ${{ matrix.container }} + path: target/dist/*.${{ matrix.package }}