Skip to content
rustls

rustls #234

Sign in to view logs

rustls

rustls #234

Workflow file for this run

.github/workflows/build.yml at e945935
name: rustls
permissions:
contents: read
on:
push:
branches-ignore:
- 'gh-readonly-queue/**'
tags:
- '**'
pull_request:
merge_group:
schedule:
- cron: '0 18 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
build:
name: Build+test
runs-on: ${{ matrix.os }}
strategy:
matrix:
rust:
- stable
- beta
- nightly
os:
- ubuntu-latest
- windows-latest
- macos-latest
exclude:
# only stable on macos/windows (slower platforms)
- os: windows-latest
rust: beta
- os: windows-latest
rust: nightly
- os: macos-latest
rust: beta
- os: macos-latest
rust: nightly
# and never use macos/windows for merge checks
- os: ${{ github.event_name == 'merge_group' && 'windows-latest' }}
- os: ${{ github.event_name == 'merge_group' && 'macos-latest' }}
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install ${{ matrix.rust }} toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
- name: Install NASM for aws-lc-rs on Windows
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@v1
- name: Install ninja-build tool for aws-lc-fips-sys on Windows
if: runner.os == 'Windows'
uses: seanmiddleditch/gha-setup-ninja@v5
- name: Install golang for aws-lc-fips-sys on macos
if: runner.os == 'MacOS'
uses: actions/setup-go@v5
with:
go-version: "1.22.2"
- name: cargo build (debug; default features)
run: cargo build --locked
# nb. feature sets that include "fips" should be --release --
# this is required for fips on windows.
# nb. "--all-targets" does not include doctests
- name: cargo test (release; all features)
run: cargo test --release --locked --all-features --all-targets
env:
RUST_BACKTRACE: 1
# nb. this is separate since `--doc` option cannot be combined with other target option(s) ref:
# - https://doc.rust-lang.org/cargo/commands/cargo-test.html
- name: cargo test --doc (release; all-features)
run: cargo test --release --locked --all-features --doc
env:
RUST_BACKTRACE: 1
- name: cargo test (debug; aws-lc-rs)
run: cargo test --no-default-features --features aws_lc_rs,tls12,read_buf,logging,std --all-targets
env:
RUST_BACKTRACE: 1
- name: cargo test (release; fips)
run: cargo test --release --no-default-features --features fips,tls12,read_buf,logging,std --all-targets
env:
RUST_BACKTRACE: 1
- name: cargo build (debug; rustls-provider-example)
run: cargo build --locked -p rustls-provider-example
- name: cargo build (debug; rustls-provider-example lib in no-std mode)
run: cargo build --locked -p rustls-provider-example --no-default-features
- name: cargo test (debug; rustls-provider-example; all features)
run: cargo test --all-features -p rustls-provider-example
- name: cargo build (debug; rustls-provider-test)
run: cargo build --locked -p rustls-provider-test
- name: cargo test (debug; rustls-provider-test; all features)
run: cargo test --all-features -p rustls-provider-test
- name: cargo package --all-features -p rustls
run: cargo package --all-features -p rustls
msrv:
name: MSRV
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.71"
# zlib-rs is optional and requires a later MSRV
- run: cargo check --locked --lib $(admin/all-features-except zlib rustls) -p rustls
- uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.75"
- run: cargo check --locked --lib --all-features -p rustls
features:
name: Features
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
with:
target: x86_64-unknown-none
- name: cargo build (debug; default features)
run: cargo build --locked
working-directory: rustls
# this target does _not_ include the libstd crate in its sysroot
# it will catch unwanted usage of libstd in _dependencies_
- name: cargo build (debug; no default features; no-std)
run: cargo build --locked --no-default-features --target x86_64-unknown-none
working-directory: rustls
- name: cargo build (debug; no default features; no-std, hashbrown)
run: cargo build --locked --no-default-features --features hashbrown --target x86_64-unknown-none
working-directory: rustls
- name: cargo test (debug; default features)
run: cargo test --locked
working-directory: rustls
env:
RUST_BACKTRACE: 1
- name: cargo test (debug; no default features)
run: cargo test --locked --no-default-features
working-directory: rustls
- name: cargo test (debug; no default features; tls12)
run: cargo test --locked --no-default-features --features tls12,std
working-directory: rustls
- name: cargo test (debug; no default features; aws-lc-rs,tls12)
run: cargo test --no-default-features --features aws_lc_rs,tls12,std
working-directory: rustls
- name: cargo test (debug; no default features; fips,tls12)
run: cargo test --no-default-features --features fips,tls12,std
working-directory: rustls
- name: cargo test (release; no run)
run: cargo test --locked --release --no-run
working-directory: rustls
bogo:
name: BoGo test suite
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install golang toolchain
uses: actions/setup-go@v5
with:
go-version: "1.21"
cache: false
- name: Run test suite (ring)
working-directory: bogo
run: ./runme
env:
BOGO_SHIM_PROVIDER: ring
- name: Run test suite (aws-lc-rs)
working-directory: bogo
run: ./runme
env:
BOGO_SHIM_PROVIDER: aws-lc-rs
- name: Run test suite (aws-lc-rs-fips)
working-directory: bogo
run: ./runme
env:
BOGO_SHIM_PROVIDER: aws-lc-rs-fips
- name: Run test suite (post-quantum)
working-directory: bogo
run: ./runme
env:
BOGO_SHIM_PROVIDER: post-quantum
fuzz:
name: Smoke-test fuzzing targets
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install nightly toolchain
uses: dtolnay/rust-toolchain@nightly
- name: Install cargo fuzz
run: cargo install cargo-fuzz
- name: Smoke-test fuzz targets
run: |
cargo fuzz build
for target in $(cargo fuzz list) ; do
cargo fuzz run $target -- -max_total_time=10
done
benchmarks:
name: Run benchmarks
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install nightly toolchain
uses: dtolnay/rust-toolchain@nightly
- name: Smoke-test benchmark program (ring)
run: cargo run -p rustls-bench --profile=bench --locked --features ring -- --multiplier 0.1
- name: Smoke-test benchmark program (aws-lc-rs)
run: cargo run -p rustls-bench --profile=bench --locked --features aws-lc-rs -- --multiplier 0.1
- name: Smoke-test benchmark program (fips)
run: cargo run -p rustls-bench --profile=bench --locked --features fips -- --provider aws-lc-rs-fips --multiplier 0.1
- name: Run micro-benchmarks
run: cargo bench --locked --all-features
env:
RUSTFLAGS: --cfg=bench
docs:
name: Check for documentation errors
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@nightly
- name: cargo doc (rustls; all features)
run: cargo doc --locked --all-features --no-deps --document-private-items --package rustls
env:
RUSTDOCFLAGS: -Dwarnings
- name: Check README.md
run: |
cargo build --locked --all-features
./admin/pull-readme
git diff --exit-code
coverage:
name: Measure coverage
runs-on: ubuntu-latest
if: github.event_name != 'merge_group'
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: llvm-tools
- name: Install cargo-llvm-cov
run: cargo install cargo-llvm-cov
- name: Measure coverage
run: ./admin/coverage --lcov --output-path final.info
- name: Report to codecov.io
uses: codecov/codecov-action@v5
with:
files: final.info
token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: false
minver:
name: Check minimum versions of direct dependencies
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@nightly
- name: Install cargo-minimal-versions
uses: taiki-e/install-action@cargo-minimal-versions
# cargo-minimal-versions requires cargo-hack
- name: Install cargo-hack
uses: taiki-e/install-action@cargo-hack
- name: Check direct-minimal-versions
run: cargo minimal-versions --direct --ignore-private check
working-directory: rustls/
cross:
name: cross-target testing
runs-on: ubuntu-latest
if: github.event_name != 'merge_group'
strategy:
matrix:
target:
# 32-bit Android (Linux) targets:
- armv7-linux-androideabi
- i686-linux-android
- thumbv7neon-linux-androideabi
# Other standard 32-bit (Linux) targets (SKIP bindgen for i686 only)
- i586-unknown-linux-gnu
- i686-unknown-linux-gnu
# exotic Linux targets:
- riscv64gc-unknown-linux-gnu
- s390x-unknown-linux-gnu
# additional target(s):
# NOTE: This could have some overlap with 64-bit ARM-style CPU on macOS CI host;
# may have similar ARM-style CPU overlap with standard Windows & possibly Linux in the future
- aarch64-linux-android
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cross (cross-rs) from GitHub
run: cargo install cross --git https://github.com/cross-rs/cross
- name: Install bindgen feature & CLI for aws-lc-sys (as needed for many cross targets)
if: ${{ matrix.target != 'i686-unknown-linux-gnu' }}
run: cargo add --dev --features bindgen 'aws-lc-sys@>0.20' --package rustls --verbose && cargo install bindgen-cli --verbose
- run: cross test --package rustls --target ${{ matrix.target }}
semver:
name: Check semver compatibility
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Check semver
uses: obi1kenobi/cargo-semver-checks-action@v2
format:
name: Format
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- name: Check formatting
run: cargo fmt --all -- --check
- name: Check formatting (connect-tests workspace)
run: cargo fmt --all --manifest-path=connect-tests/Cargo.toml -- --check
- name: Check formatting (fuzz workspace)
run: cargo fmt --all --manifest-path=fuzz/Cargo.toml -- --check
format-unstable:
name: Format (unstable)
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust nightly toolchain
uses: dtolnay/rust-toolchain@master
with:
components: rustfmt
toolchain: nightly-2024-02-21
- name: Check formatting (unstable)
run: cargo fmt --all -- --check --config-path .rustfmt.unstable.toml
continue-on-error: true
- name: Check formatting (unstable, connect-tests workspace)
run: cargo fmt --all --manifest-path=connect-tests/Cargo.toml -- --check --config-path .rustfmt.unstable.toml
continue-on-error: true
- name: Check formatting (unstable, fuzz workspace)
run: cargo fmt --all --manifest-path=fuzz/Cargo.toml -- --check --config-path .rustfmt.unstable.toml
continue-on-error: true
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install valgrind
if: runner.os == 'Linux'
run: sudo apt-get update && sudo apt-get install -y valgrind
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: clippy
# - we want to be free of any warnings, so deny them
# - disable incompatible_msrv as it does not understand that we apply our
# MSRV to the just the core crate.
- run: ./admin/clippy -- --deny warnings --allow clippy::incompatible_msrv
clippy-nightly:
name: Clippy (Nightly)
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install valgrind
if: runner.os == 'Linux'
run: sudo apt-get update && sudo apt-get install -y valgrind
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@nightly
with:
components: clippy
# do not deny warnings, as nightly clippy sometimes has false negatives
- run: ./admin/clippy
check-external-types:
name: Validate external types appearing in public API
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: nightly-2024-06-30
# ^ sync with https://github.com/awslabs/cargo-check-external-types/blob/main/rust-toolchain.toml
- run: cargo install --locked cargo-check-external-types
- name: run cargo-check-external-types for rustls/
working-directory: rustls/
run: cargo check-external-types
openssl-tests:
name: Run openssl-tests
runs-on: ubuntu-latest
env:
VERSION: openssl-3.4.0
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install stable toolchain
uses: dtolnay/rust-toolchain@stable
- name: Cache ${{ env.VERSION }}
uses: actions/cache@v4
id: cache-openssl
with:
path: ${{ env.VERSION }}
key: ${{ env.VERSION }}
- name: Fetch and build ${{ env.VERSION }}
if: steps.cache-openssl.outputs.cache-hit != 'true'
run: |
wget https://github.com/openssl/openssl/releases/download/$VERSION/$VERSION.tar.gz
tar -xzf $VERSION.tar.gz
cd $VERSION/
./Configure --prefix=$(pwd)/built/ --libdir=lib
make -j$(nproc)
make install
- name: Use ${{ env.VERSION }}
run: |
path=$(pwd)/$VERSION/built/
echo "$path/bin" >> $GITHUB_PATH
echo "LD_LIBRARY_PATH=$path/lib" >> $GITHUB_ENV
- name: openssl version
run: openssl version
- name: cargo test (in openssl-tests/)
working-directory: openssl-tests/
run: cargo test --locked -- --include-ignored
env:
RUST_BACKTRACE: 1