Skip to content

Add NixOS packaging #280

Add NixOS packaging

Add NixOS packaging #280

Workflow file for this run

name: rustls-libssl
permissions:
contents: read
on:
push:
pull_request:
merge_group:
schedule:
- cron: '15 12 * * 3'
jobs:
build:
name: Build+test
runs-on: ${{ matrix.os }}
strategy:
matrix:
rust:
- stable
- beta
- nightly
# TODO(XXX): consider replacing ubuntu-24.04 w/ ubuntu-latest when appropriate
os: [ubuntu-24.04, ubuntu-22.04]
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install build dependencies
run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld
- name: Install ${{ matrix.rust }} toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
- run: make PROFILE=debug test
- run: make PROFILE=debug integration
# Note: we only check the client/server binaries here, assuming that
# is sufficient for any other test binaries.
- name: Verify debug builds were using ASAN
run: |
nm target/client | grep '__asan_init'
nm target/server | grep '__asan_init'
- name: Build release binaries
run: |
make clean
make PROFILE=release
- name: Verify release builds were not using ASAN
run: |
nm target/client | grep -v '__asan_init'
nm target/server | grep -v '__asan_init'
valgrind:
name: Valgrind
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install valgrind
run: sudo apt-get update && sudo apt-get install -y valgrind
- name: Install build dependencies
run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld
- run: VALGRIND="valgrind -q" make PROFILE=release test integration
docs:
name: Check for documentation errors
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install build dependencies
run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@nightly
- name: cargo doc (all features)
run: cargo doc --all-features --no-deps --workspace
env:
RUSTDOCFLAGS: -Dwarnings
format:
name: Format
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- name: Check Rust formatting
run: cargo fmt --all -- --check
- name: Check src/entry.rs formatting
run: ./admin/format --all -- --check
- name: Check C formatting
run: make format-check
- name: Check ordering of build.rs entrypoints
run: ./admin/sort-entrypoints.py
- name: Check MATRIX.md is up-to-date
run: ./admin/matrix.py > MATRIX.md.new && diff -su MATRIX.md MATRIX.md.new
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- name: Check clippy
# We allow unknown lints here because sometimes the nightly job
# (below) will have a new lint that we want to suppress.
# If we suppress (e.g. #![allow(clippy::arc_with_non_send_sync)]),
# we would get an unknown-lint error from older clippy versions.
run: cargo clippy --locked --workspace --all-targets -- -D warnings -A unknown-lints
clippy-nightly-optional:
name: Clippy nightly (optional)
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@nightly
with:
components: clippy
- name: Check clippy
run: cargo clippy --locked --workspace --all-targets -- -D warnings
clang-tidy:
name: Clang Tidy
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Clang tidy
run: clang-tidy tests/*.c -- -I src/
miri:
name: Miri
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install nightly Rust
uses: dtolnay/rust-toolchain@nightly
- run: rustup override set "nightly-$(curl -s https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)"
- run: rustup component add miri
- run: cargo miri test
packaging:
name: Packaging
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install build dependencies
run: sudo apt-get update && sudo apt-get install -y openssl libssl3 libssl-dev lld
- name: Install cargo-get
run: cargo install cargo-get
- name: Install nfpm
run: |
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
echo PATH=$PATH:$HOME/go/bin >> $GITHUB_ENV
- name: Build packages
run: make package PROFILE=release
- name: Test packages
run: make test-package PROFILE=release
release_packages:
name: Produce release packages
runs-on: ubuntu-latest
container: ${{ matrix.container }}:${{ matrix.version }}
strategy:
matrix:
include:
- container: fedora
version: 40
package: rpm
- container: ubuntu
version: 24.04
package: deb
# nb. ubuntu:22.04 has a too-old golang to build nfpm
# we could install an upstream golang if we want to
# package there.
steps:
- name: Install prerequisites (apt)
if: matrix.package == 'deb'
working-directory: /
run: |
apt-get update
apt-get install -y curl build-essential git
- name: Install prerequisites (yum)
if: matrix.package == 'rpm'
working-directory: /
run: |
yum install -y curl make automake gcc gcc-c++ kernel-devel git
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install stable rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install build dependencies (apt)
if: matrix.package == 'deb'
run: |
apt-get update
apt-get install -y openssl libssl3 libssl-dev lld golang-go
cargo install cargo-get
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
- name: Install build dependencies (yum)
if: matrix.package == 'rpm'
run: |
yum install -y openssl openssl-devel lld go
cargo install cargo-get
go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest
- name: Build package
run: |
make package-${{ matrix.package }} PROFILE=release NFPM=$HOME/go/bin/nfpm
- name: Archive package
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.package }} package built on ${{ matrix.container }} ${{ matrix.version }}
path: target/dist/*.${{ matrix.package }}
if-no-files-found: error