diff --git a/.github/workflows/libssl.yaml b/.github/workflows/libssl.yaml index 2f21355..9ce90c1 100644 --- a/.github/workflows/libssl.yaml +++ b/.github/workflows/libssl.yaml @@ -15,188 +15,67 @@ defaults: working-directory: rustls-libssl jobs: - build: - name: Build+test - runs-on: ${{ matrix.os }} + release_packages: + name: Produce release packages + runs-on: ubuntu-latest + container: ${{ matrix.container }}:${{ matrix.version }} strategy: matrix: - rust: - - stable - - beta - - nightly - # TODO(XXX): consider replacing ubuntu-24.04 w/ ubuntu-latest when appropriate - os: [ubuntu-24.04, ubuntu-22.04] - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld + include: + - container: fedora + version: 40 + package: rpm + - container: ubuntu + version: 22.04 + package: deb + - container: ubuntu + version: 24.04 + package: deb - - name: Install ${{ matrix.rust }} toolchain - uses: dtolnay/rust-toolchain@master - with: - toolchain: ${{ matrix.rust }} - - - run: make PROFILE=debug test - - run: make PROFILE=debug integration - # Note: we only check the client/server binaries here, assuming that - # is sufficient for any other test binaries. - - name: Verify debug builds were using ASAN - run: | - nm target/client | grep '__asan_init' - nm target/server | grep '__asan_init' - - name: Build release binaries - run: | - make clean - make PROFILE=release - - name: Verify release builds were not using ASAN - run: | - nm target/client | grep -v '__asan_init' - nm target/server | grep -v '__asan_init' - - valgrind: - name: Valgrind - runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@stable - - name: Install valgrind - run: sudo apt-get update && sudo apt-get install -y valgrind - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld - - run: VALGRIND="valgrind -q" make PROFILE=release test integration - - docs: - name: Check for documentation errors - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld - - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@nightly + - name: Install prerequisites (apt) + if: matrix.package == 'deb' + working-directory: / + run: | + apt-get update + apt-get install -y curl build-essential git - - name: cargo doc (all features) - run: cargo doc --all-features --no-deps --workspace - env: - RUSTDOCFLAGS: -Dwarnings + - name: Install prerequisites (yum) + if: matrix.package == 'rpm' + working-directory: / + run: | + yum install -y curl make automake gcc gcc-c++ kernel-devel - format: - name: Format - runs-on: ubuntu-latest - steps: - name: Checkout sources uses: actions/checkout@v4 with: persist-credentials: false - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@stable - with: - components: rustfmt - - name: Check Rust formatting - run: cargo fmt --all -- --check - - name: Check src/entry.rs formatting - run: ./admin/format --all -- --check - - name: Check C formatting - run: make format-check - - name: Check ordering of build.rs entrypoints - run: ./admin/sort-entrypoints.py - - name: Check MATRIX.md is up-to-date - run: ./admin/matrix.py > MATRIX.md.new && diff -su MATRIX.md MATRIX.md.new - clippy: - name: Clippy - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Install rust toolchain + - name: Install stable rust toolchain uses: dtolnay/rust-toolchain@stable - with: - components: clippy - - name: Check clippy - # We allow unknown lints here because sometimes the nightly job - # (below) will have a new lint that we want to suppress. - # If we suppress (e.g. #![allow(clippy::arc_with_non_send_sync)]), - # we would get an unknown-lint error from older clippy versions. - run: cargo clippy --locked --workspace --all-targets -- -D warnings -A unknown-lints - - clippy-nightly-optional: - name: Clippy nightly (optional) - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Install rust toolchain - uses: dtolnay/rust-toolchain@nightly - with: - components: clippy - - name: Check clippy - run: cargo clippy --locked --workspace --all-targets -- -D warnings - clang-tidy: - name: Clang Tidy - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - name: Clang tidy - run: clang-tidy tests/*.c -- -I src/ - - miri: - name: Miri - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install nightly Rust - uses: dtolnay/rust-toolchain@nightly - - run: rustup override set "nightly-$(curl -s https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" - - run: rustup component add miri - - run: cargo miri test - - packaging: - name: Packaging - runs-on: ubuntu-latest - steps: - - name: Checkout sources - uses: actions/checkout@v4 - with: - persist-credentials: false - - - name: Install build dependencies - run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld - - - name: Install cargo-get - run: cargo install cargo-get + - name: Install build dependencies (apt) + if: matrix.package == 'deb' + run: | + apt-get update + apt-get install -y openssl libssl3 libssl-dev lld golang-go + cargo install cargo-get + go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest - - name: Install nfpm + - name: Install build dependencies (yum) + if: matrix.package == 'rpm' run: | + yum install -y openssl openssl-devel lld go + cargo install cargo-get go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest - echo PATH=$PATH:$HOME/go/bin >> $GITHUB_ENV - - name: Build packages - run: make package PROFILE=release + - name: Build package + run: | + make package-${{ matrix.package }} PROFILE=release NFPM=$HOME/go/bin/nfpm - - name: Test packages - run: make test-package PROFILE=release + - name: Archive package + uses: actions/upload-artifact@v4 + with: + name: ${{ matrix.package }} package built on ${{ matrix.container }} ${{ matrix.version }} + path: rustls-libssl/target/dist/*.${{ matrix.package }} + if-no-files-found: error diff --git a/rustls-libssl/Makefile b/rustls-libssl/Makefile index 84298d0..728d7c2 100644 --- a/rustls-libssl/Makefile +++ b/rustls-libssl/Makefile @@ -1,4 +1,5 @@ CARGO ?= cargo +NFPM ?= nfpm CARGOFLAGS += --locked CFLAGS := -Werror -Wall -Wextra -Wpedantic -g $(shell pkg-config --cflags openssl) @@ -73,13 +74,13 @@ package-deb: dist/nfpm.yaml target/release/libssl.so.3 target/VERSION mkdir --parents target/dist env VERSION=$(shell $(CARGO) get package.version) \ VERSION_PRERELEASE=$(shell $(CARGO) get package.version --pre) \ - nfpm package --config $< --target target/dist --packager deb + $(NFPM) package --config $< --target target/dist --packager deb package-rpm: dist/nfpm.yaml target/release/libssl.so.3 target/VERSION mkdir --parents target/dist env VERSION=$(shell $(CARGO) get package.version) \ VERSION_PRERELEASE=$(shell $(CARGO) get package.version --pre) \ - nfpm package --config $< --target target/dist --packager rpm + $(NFPM) package --config $< --target target/dist --packager rpm target/VERSION: ALWAYS echo "This is rustls-libssl `git describe --always`\nDate: `date`\nIncorporating:" > $@