Skip to content

chore(GHA): allow OIDC aws credentials #7443

chore(GHA): allow OIDC aws credentials

chore(GHA): allow OIDC aws credentials #7443

Workflow file for this run

on:
push:
branches:
- main
pull_request:
branches:
- main
name: ci
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10
RUST_BACKTRACE: 1
# Pin the nightly toolchain to prevent breakage.
# This should be occasionally updated.
RUST_NIGHTLY_TOOLCHAIN: nightly-2024-10-09
CDN: https://dnglbrstg7yg.cloudfront.net
# enable unstable features for testing
S2N_UNSTABLE_CRYPTO_OPT_TX: 100
S2N_UNSTABLE_CRYPTO_OPT_RX: 100
# By default depandabot only receives read permissions. Explicitly give it write
# permissions which is needed by the ouzi-dev/commit-status-updater task.
#
# Updating status is relatively safe (doesnt modify source code) and caution
# should we taken before adding more permissions.
permissions:
statuses: write
id-token: write # This is required for requesting the JWT/OIDC
jobs:
env:
runs-on: ubuntu-latest
outputs:
rust-versions: ${{ steps.definitions.outputs.versions }}
msrv: ${{ steps.definitions.outputs.msrv }}
examples: ${{ steps.definitions.outputs.examples }}
crates: ${{ steps.definitions.outputs.crates }}
steps:
- uses: actions/checkout@v4
# examples is populated by
# find all child folders in the examples directory
# jq -R - raw content is passed in (not json, just strings)
# jq -s - slurp the content into an object
# jq '. += ' adds the s2n-quic-xdp and s2n-quic-dc crates to the list of crates we build
# Many of the xdp crates have much more complex build processes, so we
# don't try to build all of them.
# jq -c - output the object in (c)ompact mode on a single line, github
# will fail to parse multi line output
#
# the output is echo'd to make debugging easier
- name: Evaluate definitions
id: definitions
run: |
export MSRV=$(rustup show | awk 'NF' | awk 'END{print $2}')
echo "msrv=$MSRV"
echo "msrv=$MSRV" >> $GITHUB_OUTPUT
export RAW_VERSIONS="stable beta $RUST_NIGHTLY_TOOLCHAIN $MSRV"
export VERSIONS=$(echo $RAW_VERSIONS | jq -scR 'rtrimstr("\n")|split(" ")|.')
echo "versions=$VERSIONS"
echo "versions=$VERSIONS" >> $GITHUB_OUTPUT
export EXAMPLES=$(find examples/ -maxdepth 1 -mindepth 1 -type d | jq -R | jq -sc)
echo "examples=$EXAMPLES"
echo "examples=$EXAMPLES" >> $GITHUB_OUTPUT
export CRATES=$(find quic common -name *Cargo.toml | jq -R | jq -s | jq '. += ["tools/xdp/s2n-quic-xdp/Cargo.toml","dc/s2n-quic-dc/Cargo.toml"]' | jq -c)
echo "crates=$CRATES"
echo "crates=$CRATES" >> $GITHUB_OUTPUT
rustfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal --component rustfmt
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- name: Run cargo fmt
run: |
cargo fmt --all -- --check
clippy:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- toolchain: stable
# fail on stable warnings
args: "-D warnings"
- toolchain: beta
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ matrix.toolchain }} --profile minimal --component clippy
rustup override set ${{ matrix.toolchain }}
- uses: camshaft/rust-cache@v1
# TODO translate json reports to in-action warnings
- name: Run cargo clippy
run: |
# deriving Eq may break API compatibility so we disable it
# See https://github.com/rust-lang/rust-clippy/issues/9063
#
# manual_clamp will panic when min > max
# See https://github.com/rust-lang/rust-clippy/pull/10101
cargo clippy --all-features --all-targets --workspace -- -A clippy::derive_partial_eq_without_eq -A clippy::manual_clamp ${{ matrix.args }}
udeps:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- uses: camshaft/rust-cache@v1
- uses: camshaft/install@v1
with:
crate: cargo-udeps
- name: Run cargo udeps
run: cargo udeps --workspace --all-targets
env:
RUSTC_WRAPPER: ""
doc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- uses: camshaft/rust-cache@v1
- name: Run cargo doc
run: cargo doc --all-features --no-deps --workspace --exclude s2n-quic-qns
- uses: aws-actions/configure-aws-credentials@v4.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
role-session-name: S2nQuicGHAS3Session
aws-region: us-west-2
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/doc"
aws s3 sync target/doc "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/s2n_quic/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/commit-status-updater@v2.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "doc / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
test:
runs-on: ${{ matrix.os }}
needs: env
strategy:
fail-fast: false
matrix:
rust: ${{ fromJson(needs.env.outputs.rust-versions) }}
os: [ubuntu-latest, macOS-latest, windows-latest]
target: [native]
env: [default]
include:
- os: windows-latest
# s2n-tls and s2n-quic-dc don't currently build on windows
exclude: --exclude s2n-quic-tls --exclude s2n-quic-dc
- rust: stable
os: ubuntu-latest
target: aarch64-unknown-linux-gnu
# s2n-quic-dc doesn't currently build on aarch64
exclude: --exclude s2n-quic-dc
- rust: stable
os: ubuntu-latest
target: i686-unknown-linux-gnu
- rust: stable
os: ubuntu-latest
target: x86_64-unknown-linux-musl
args: --features aws-lc-bindgen
# test with different platform features
- rust: stable
os: ubuntu-latest
target: native
env: S2N_QUIC_PLATFORM_FEATURES_OVERRIDE=""
# s2n-quic-dc requires platform features
exclude: --exclude s2n-quic-dc
- rust: stable
os: ubuntu-latest
target: native
env: S2N_QUIC_PLATFORM_FEATURES_OVERRIDE="mtu_disc,pktinfo,tos,socket_msg" >> $GITHUB_ENV; echo S2N_QUIC_RUN_VERSION_SPECIFIC_TESTS=1
steps:
- uses: ilammy/setup-nasm@v1
- uses: actions/checkout@v4
with:
lfs: true
submodules: true
- name: Install cross target
if: ${{ matrix.target != 'native' }}
run: |
rustup target add ${{ matrix.target }}
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ matrix.rust }}
rustup override set ${{ matrix.rust }}
# if not 'native', this install the toolchain for target, otherwise it's a noop
rustup toolchain install ${{ matrix.rust }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }}
- name: Install cross
if: ${{ matrix.target != 'native' }}
uses: camshaft/install@v1
with:
crate: cross
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.target }}
- name: Restore fuzz corpus
shell: bash
run: |
find . -name 'corpus.tar.gz' -exec dirname {} ';' | xargs -L 1 bash -c 'cd "$0" && rm -rf corpus && tar xf corpus.tar.gz'
- name: Set environment variables
if: ${{ matrix.env != 'default' }}
run: echo ${{ matrix.env }} >> $GITHUB_ENV
# Build the tests before running to improve cross compilation speed
- name: Run cargo/cross build
run: |
${{ matrix.target != 'native' && 'cross' || 'cargo' }} build --tests --workspace ${{ matrix.exclude }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }} ${{ matrix.args }}
- name: Run cargo/cross test
run: |
${{ matrix.target != 'native' && 'cross' || 'cargo' }} test --workspace ${{ matrix.exclude }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }} ${{ matrix.args }}
fips:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust stable toolchain
id: stable-toolchain
run: |
rustup toolchain install stable
rustup override set stable
- uses: camshaft/rust-cache@v1
- name: Run test (rustls)
run: |
cargo test --no-default-features --features "provider-tls-fips provider-tls-rustls"
- name: Run test (s2n-tls)
run: |
cargo test --no-default-features --features "provider-tls-fips provider-tls-s2n"
miri:
# miri needs quite a bit of memory so use a larger instance
runs-on:
labels: s2n_ubuntu-20.04_8-core
strategy:
fail-fast: false
matrix:
crate: [quic/s2n-quic-core, quic/s2n-quic-platform]
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --component miri,rust-src
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.crate }}
- name: ${{ matrix.crate }}
# Disabling capture speeds up miri execution: https://github.com/rust-lang/miri/issues/1780#issuecomment-830664528
run: cd ${{ matrix.crate }} && cargo miri test -- --nocapture
env:
# needed to read corpus files from filesystem
MIRIFLAGS: -Zmiri-disable-isolation
no_std:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --component rust-src
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- uses: camshaft/rust-cache@v1
- name: Run cargo build
run: ./scripts/test_no_std ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
compliance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- uses: ./.github/actions/duvet
with:
report-script: ./scripts/compliance
report-path: ./target/compliance/report.html
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
role-session-name: S2nQuicGHAS3Session
aws-s3-region: us-west-2
aws-s3-bucket-name: s2n-quic-ci-artifacts
cdn: $CDN
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
lfs: true
submodules: true
- name: Restore fuzz corpus
run: |
find . -name 'corpus.tar.gz' -exec dirname {} ';' | xargs -L 1 bash -c 'cd "$0" && rm -rf corpus && tar xf corpus.tar.gz'
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --component llvm-tools-preview
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- uses: camshaft/rust-cache@v1
- name: Install cargo-llvm-cov
run: curl -LsSf https://github.com/taiki-e/cargo-llvm-cov/releases/latest/download/cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz | tar xzf - -C ~/.cargo/bin
- name: Run cargo llvm-cov
run: cargo llvm-cov --html --no-fail-fast --workspace --exclude s2n-quic-qns --exclude s2n-quic-events --all-features
- uses: aws-actions/configure-aws-credentials@v4.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
role-session-name: S2nQuicGHAS3Session
aws-region: us-west-2
- name: Upload results
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/coverage"
aws s3 sync target/llvm-cov/html "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/commit-status-updater@v2.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "coverage / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
# This CI step will directly build each crate in common/ and quic/ which is
# useful because it sidesteps the feature resolution that normally occurs in a
# workspace build. We make sure that the crates build with default features,
# otherwise release to crates.io will be blocked
crates:
needs: env
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
crate: ${{ fromJson(needs.env.outputs.crates) }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- name: Run cargo build
run: cargo build --manifest-path ${{ matrix.crate }}
examples:
needs: env
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
example: ${{ fromJson(needs.env.outputs.examples) }}
steps:
- uses: actions/checkout@v4
with:
submodules: true
# nightly features are used for formatting
- name: Install rust nightly toolchain
id: nightly-toolchain
run: |
rustup toolchain install nightly --component rustfmt
- name: Install rust stable toolchain
id: stable-toolchain
run: |
rustup toolchain install stable
rustup override set stable
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.example }}
- name: format
working-directory: ${{ matrix.example }}
run: cargo +nightly fmt --all -- --check
- name: lint
working-directory: ${{ matrix.example }}
run: cargo clippy --all-features --all-targets -- -A clippy::manual_clamp -A clippy::uninlined_format_args -D warnings
# not all examples will build with the --manifest-path argument, since the
# manifest-path argument will pull configuration from the current directory
# instead of the directory with the Cargo.toml file
- name: build
working-directory: ${{ matrix.example }}
# TODO make sure the example actually runs as well
run: cargo build
recovery-simulations:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- uses: camshaft/rust-cache@v1
- name: Run simulations
run: |
./scripts/recovery-sim
- uses: aws-actions/configure-aws-credentials@v4.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
role-session-name: S2nQuicGHAS3Session
aws-region: us-west-2
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/recovery-simulations"
aws s3 sync target/recovery-sim "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/commit-status-updater@v2.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "recovery-simulations / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
sims:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- uses: camshaft/rust-cache@v1
- name: Run cargo build
run: cargo build --bin s2n-quic-sim --release
- name: Run simulations
run: |
./scripts/sim
- uses: aws-actions/configure-aws-credentials@v4.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
role-session-name: S2nQuicGHAS3Session
aws-region: us-west-2
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/sim"
aws s3 sync target/s2n-quic-sim "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/commit-status-updater@v2.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "sims / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
copyright:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check
run: |
./scripts/copyright_check
# ensures the event codegen is up to date
events:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal --component rustfmt
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- uses: camshaft/rust-cache@v1
- name: Run events codegen
run: |
cargo run --bin s2n-quic-events
- name: Check to make sure the generated events are up-to-date
run: |
# If this fails you need to run `cargo run --bin s2n-quic-events`
git diff --exit-code
# ensures there are no unused snapshots
snapshots:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- name: Install cargo-insta
uses: camshaft/install@v1
with:
crate: cargo-insta
- uses: camshaft/rust-cache@v1
- name: Run cargo insta test
run: |
cargo insta test --all --delete-unreferenced-snapshots
- name: Check to make sure there are no unused snapshots
run: |
# If this fails, a test that was asserting a snapshot is no longer being executed.
git diff --exit-code
# generates a report of time spent in compilation
# https://doc.rust-lang.org/stable/cargo/reference/timings.html
timing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install ${{ env.RUST_NIGHTLY_TOOLCHAIN }} --profile minimal
rustup override set ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
- name: Run cargo build
run: |
cd examples/echo
cargo build --timings --release --workspace
- uses: aws-actions/configure-aws-credentials@v4.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
role-session-name: S2nQuicGHAS3Session
aws-region: us-west-2
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/timing/index.html"
aws s3 cp examples/echo/target/cargo-timings/cargo-timing.html "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/commit-status-updater@v2.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "timing / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
typos:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- uses: camshaft/install@v1
with:
crate: typos-cli
bins: typos
- name: Run typos
run: |
./scripts/typos --format json | tee /tmp/typos.json | jq -rs '.[] | "::error file=\(.path),line=\(.line_num),col=\(.byte_offset)::\(.typo) should be \"" + (.corrections // [] | join("\" or \"") + "\"")'
cat /tmp/typos.json
! grep -q '[^[:space:]]' /tmp/typos.json
kani:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
crate: [common/s2n-codec, quic/s2n-quic-core, quic/s2n-quic-platform]
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Kani run
uses: model-checking/kani-github-action@v1.1
with:
working-directory: ${{ matrix.crate }}
dhat:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- uses: camshaft/rust-cache@v1
- name: Run cargo build
working-directory: tools/memory-report
run: cargo build --release --workspace
- name: Run server
working-directory: tools/memory-report
run: ./target/release/memory-report server &
- name: Run client
working-directory: tools/memory-report
run: ./target/release/memory-report client > report.tsv
- name: Prepare artifacts
working-directory: tools/memory-report
run: |
mkdir -p target/report
mv report.tsv target/report/
mv dhat-heap.json target/report/
- uses: aws-actions/configure-aws-credentials@v4.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
role-to-assume: arn:aws:iam::024603541914:role/GitHubOIDCRole
role-session-name: S2nQuicGHAS3Session
aws-region: us-west-2
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
working-directory: tools/memory-report
run: |
TARGET="${{ github.sha }}/dhat"
aws s3 sync target/report "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/dhat/dh_view.html?url=/$TARGET/dhat-heap.json"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/commit-status-updater@v2.0.2
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "dhat / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
loom:
runs-on: ubuntu-latest
strategy:
matrix:
crate: [quic/s2n-quic-core]
steps:
- uses: actions/checkout@v4
with:
submodules: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal
rustup override set stable
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.crate }}
- name: ${{ matrix.crate }}
# run the tests with release mode since some of the loom models can be expensive
run: cd ${{ matrix.crate }} && cargo test --release loom
env:
RUSTFLAGS: --cfg loom -Cdebug-assertions
xdp:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
lfs: true
- name: Install rust toolchain
id: toolchain
run: |
rustup toolchain install stable --profile minimal --component clippy,rustfmt
rustup override set stable
- uses: camshaft/install@v1
with:
crate: bpf-linker
- uses: camshaft/rust-cache@v1
- name: Run clippy
working-directory: tools/xdp
run: cargo +stable clippy
- name: Build ebpf
working-directory: tools/xdp
env:
RUST_LOG: trace
run: cargo +stable xtask ci
dc-wireshark:
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macOS-latest]
steps:
- uses: actions/checkout@v4
with:
lfs: true
- name: Install rust toolchain
run: |
rustup toolchain install stable --profile minimal --component clippy,rustfmt
rustup override set stable
- uses: camshaft/install@v1
with:
crate: bindgen-cli
bins: bindgen
- uses: camshaft/rust-cache@v1
- name: Generate bindings
working-directory: dc/wireshark
run: cargo xtask bindings
- name: Run cargo fmt
working-directory: dc/wireshark
run: cargo fmt --all -- --check
- name: Run clippy
working-directory: dc/wireshark
run: cargo clippy --tests
- name: Run tests
working-directory: dc/wireshark
run: cargo xtask test
- name: Run build
working-directory: dc/wireshark
run: cargo xtask build