name: ci permissions: contents: read on: pull_request: push: jobs: rustfmt: runs-on: ubuntu-22.04 steps: - run: rustup --version - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: cargo fmt --all -- --check clippy: runs-on: ubuntu-22.04 steps: - run: rustup --version - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: mk/clippy.sh audit: runs-on: ubuntu-22.04 steps: - run: rustup --version - uses: briansmith/actions-cache@v3 with: path: | ~/.cargo/bin/cargo-audit ~/.cargo/.crates.toml ~/.cargo/.crates2.json key: ${{ runner.os }}-v2-cargo-audit-locked-0.18.3 - run: cargo install cargo-audit --locked --vers "0.18.3" - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: cargo generate-lockfile - run: cargo audit --deny warnings deny: runs-on: ubuntu-22.04 steps: - run: rustup --version - uses: briansmith/actions-cache@v3 with: path: | ~/.cargo/bin/cargo-deny ~/.cargo/.crates.toml ~/.cargo/.crates2.json key: ${{ runner.os }}-v2-cargo-deny-locked-0.14.3 - run: cargo install cargo-deny --locked --vers "0.14.3" - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: cargo deny check # Verify that documentation builds. rustdoc: runs-on: ubuntu-22.04 steps: - run: rustup --version - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: | cargo doc --all-features package: runs-on: ubuntu-22.04 steps: - run: rustup --version - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: cargo package test: runs-on: ${{ matrix.host_os }} strategy: matrix: features: - # Default - --features=alloc - --all-features target: # There is no platform-specific code in webpki. Choose a handful of # platforms mostly to smoketest that the build machinery in mk/ is # portable. # Specifically choose `aarch64-pc-windows-msvc` since it was new in # *ring* 0.17. - aarch64-apple-darwin - aarch64-pc-windows-msvc - arm-unknown-linux-gnueabihf - i686-pc-windows-msvc - riscv64gc-unknown-linux-gnu - wasm32-wasi - x86_64-unknown-linux-musl - x86_64-unknown-linux-gnu mode: - # debug - --release rust_channel: - stable - nightly - 1.61.0 - beta include: - target: aarch64-apple-darwin host_os: macos-14 - target: aarch64-pc-windows-msvc host_os: windows-latest # GitHub Actions doesn't have a way to run this target yet. cargo_options: --no-run - target: arm-unknown-linux-gnueabihf host_os: ubuntu-22.04 - target: i686-pc-windows-msvc host_os: windows-latest - target: riscv64gc-unknown-linux-gnu host_os: ubuntu-22.04 - target: wasm32-wasi host_os: ubuntu-22.04 - target: x86_64-unknown-linux-musl host_os: ubuntu-22.04 - target: x86_64-unknown-linux-gnu host_os: ubuntu-22.04 # rcgen requires *ring* 0.16 which doesn't support this target. - target: aarch64-pc-windows-msvc skip_rcgen: true - target: riscv64gc-unknown-linux-gnu skip_rcgen: true - target: wasm32-wasi skip_rcgen: true - rust_channel: 1.61.0 # rcgen requires Rust 1.67. skip_rcgen: true steps: - if: ${{ contains(matrix.host_os, 'ubuntu') }} run: sudo apt-get update -y - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: rustup toolchain add --profile=minimal ${{ matrix.rust_channel }} - run: rustup target add --toolchain=${{ matrix.rust_channel }} ${{ matrix.target }} - if: ${{ !contains(matrix.host_os, 'windows') }} run: mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - if: ${{ matrix.target == 'aarch64-pc-windows-msvc' }} run: | echo "C:\Program Files (x86)\Microsoft Visual Studio\2022\Enterprise\VC\Tools\Llvm\x64\bin" >> $GITHUB_PATH shell: bash - if: ${{ !contains(matrix.host_os, 'windows') }} run: | mk/cargo.sh +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} - if: ${{ contains(matrix.host_os, 'windows') }} run: | cargo +${{ matrix.rust_channel }} test -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} - if: ${{ !contains(matrix.host_os, 'windows') && !contains(matrix.skip_rcgen, 'true') }} run: | mk/cargo.sh +${{ matrix.rust_channel }} test -p rcgen-tests -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} # rcgen-based tests require Rust 1.67, and uses *ring* 0.16 which doesn't build for aarch64-pc-windows-msvc. - if: ${{ contains(matrix.host_os, 'windows') && !contains(matrix.skip_rcgen, 'true') }} run: | cargo +${{ matrix.rust_channel }} test -vv -p rcgen-tests --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} coverage: runs-on: ${{ matrix.host_os }} strategy: matrix: features: - --all-features # TODO: targets target: - x86_64-unknown-linux-musl mode: - # debug # Coverage collection is Nightly-only rust_channel: - nightly # TODO: targets include: - target: x86_64-unknown-linux-musl host_os: ubuntu-22.04 steps: - if: ${{ contains(matrix.host_os, 'ubuntu') }} run: sudo apt-get update -y - uses: briansmith/actions-checkout@v4 with: persist-credentials: false - run: rustup toolchain add --profile=minimal ${{ matrix.rust_channel }} - run: rustup target add --toolchain=${{ matrix.rust_channel }} ${{ matrix.target }} - if: ${{ !contains(matrix.host_os, 'windows') }} run: RING_COVERAGE=1 mk/install-build-tools.sh --target=${{ matrix.target }} ${{ matrix.features }} - if: ${{ !contains(matrix.host_os, 'windows') }} run: | RING_COVERAGE=1 mk/cargo.sh +${{ matrix.rust_channel }} test --workspace -vv --target=${{ matrix.target }} ${{ matrix.cargo_options }} ${{ matrix.features }} ${{ matrix.mode }} - uses: briansmith/codecov-codecov-action@v3 with: directory: ./target/${{ matrix.target }}/debug/coverage/reports fail_ci_if_error: true verbose: true