rustls #700
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: rustls | |
permissions: | |
contents: read | |
on: | |
push: | |
pull_request: | |
merge_group: | |
schedule: | |
- cron: '0 21 * * *' | |
jobs: | |
build: | |
name: Build + test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
# test a bunch of toolchains on ubuntu | |
rust: | |
- stable | |
- beta | |
- nightly | |
os: [ubuntu-latest] | |
# but only stable on macos/windows (slower platforms) | |
include: | |
- os: macos-latest | |
rust: stable | |
- os: windows-latest | |
rust: stable | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install ${{ matrix.rust }} toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ matrix.rust }} | |
- name: Install valgrind | |
if: runner.os == 'Linux' | |
run: sudo apt-get update && sudo apt-get install -y valgrind | |
- name: cargo test (debug; default features) | |
run: cargo test | |
env: | |
RUST_BACKTRACE: 1 | |
- name: cargo test (debug; all features) | |
run: cargo test --all-features | |
env: | |
RUST_BACKTRACE: 1 | |
- name: cargo test (debug; no default features; no run) | |
run: cargo test --no-default-features | |
env: | |
RUST_BACKTRACE: 1 | |
wasm_build: | |
name: Build wasm32 | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@stable | |
- name: Add wasm target | |
run: rustup target add wasm32-unknown-unknown | |
- name: wasm32 build (debug; default features) | |
run: cargo build --target wasm32-unknown-unknown --lib | |
env: | |
RUST_BACKTRACE: 1 | |
- name: wasm32 build (debug; all features) | |
run: cargo build --target wasm32-unknown-unknown --lib --all-features | |
env: | |
RUST_BACKTRACE: 1 | |
- name: wasm32 build (debug; no default features) | |
run: cargo build --target wasm32-unknown-unknown --lib --no-default-features | |
env: | |
RUST_BACKTRACE: 1 | |
msrv: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest, windows-latest] | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install MSRV toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: "1.60" | |
- run: cargo check --lib --all-features | |
format: | |
name: Format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install rust toolchain | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- name: Check formatting | |
run: cargo fmt --all -- --check | |
clippy: | |
name: Clippy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install rust toolchain | |
uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy | |
- run: cargo clippy --all-features -- --deny warnings | |
semver: | |
name: Check semver compatibility | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Check semver | |
uses: obi1kenobi/cargo-semver-checks-action@v2 | |
fuzz: | |
name: Smoke-test fuzzing targets | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install nightly toolchain | |
uses: dtolnay/rust-toolchain@nightly | |
- name: Install cargo fuzz | |
run: cargo install cargo-fuzz | |
- name: Smoke-test fuzz targets | |
run: | | |
cargo fuzz build | |
for target in $(cargo fuzz list) ; do | |
cargo fuzz run $target -- -max_total_time=10 | |
done | |
valgrind: | |
name: Check side-channels on base64 decoder | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@stable | |
- name: Install valgrind | |
if: runner.os == 'Linux' | |
run: sudo apt-get update && sudo apt-get install -y valgrind | |
- name: Build and run test | |
run: | | |
cargo test --all-features --lib | |
exe=$(cargo test --all-features --no-run --message-format json | \ | |
jq --slurp --raw-output '.[] | select(.reason == "compiler-artifact") | select(.target.name == "rustls_pki_types") | select(.profile.test) | .executable') | |
valgrind --error-exitcode=99 --exit-on-first-error=yes $exe | |