Skip to content

Only check end-entity certificate revocation status on Android #169

Only check end-entity certificate revocation status on Android

Only check end-entity certificate revocation status on Android #169

Workflow file for this run

on:
push:
branches:
- main
- "*_dev"
pull_request:
merge_group:
schedule:
- cron: '0 18 * * *'
name: CI
permissions:
contents: read
env:
RUSTFLAGS: -D warnings -F unused_must_use
jobs:
clippy:
name: Clippy
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- name: Clippy (${{ matrix.os }})
run: cargo clippy-ci
- name: Clippy (Android)
if: matrix.os == 'ubuntu-latest'
run: |
rustup target add aarch64-linux-android
cargo install cargo-ndk
cargo ndk -t arm64-v8a clippy-ci
- name: Clippy (iOS)
if: matrix.os == 'macos-latest'
run: |
rustup target add x86_64-apple-ios
cargo clippy-ci --target x86_64-apple-ios
# TODO: Should WASM be checked in CI? If so, with what tooling?
# - name: Clippy (WASM)
# if: matrix.os == 'ubuntu-latest'
# run: |
# rustup target add wasm32-unknown-unknown
# cargo clippy-ci --target wasm32-unknown-unknown
clippy-msrv:
name: Clippy (MSRV)
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.64.0" # MSRV
components: clippy
- name: Install cargo-ndk.
run: |
cargo install cargo-ndk --locked --version 2.12.7
rustup target add aarch64-linux-android
- name: Clippy (${{ matrix.os }})
run: cargo clippy-msrv-ci
- name: Clippy (Android)
if: matrix.os == 'ubuntu-latest'
run: |
cargo ndk -t arm64-v8a clippy-msrv-ci
- name: Clippy (iOS)
if: matrix.os == 'macos-latest'
run: |
rustup target add x86_64-apple-ios
cargo clippy-msrv-ci --target x86_64-apple-ios
# TODO: Consider WASM. See note on "clippy" job.
test:
name: Test
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
- name: Test (${{ matrix.os }})
run: cargo test
- name: Setup Android test environment
uses: actions/setup-java@v2
if: matrix.os == 'macos-latest'
with:
distribution: 'temurin'
java-version: '11'
- name: Test (Android)
uses: reactivecircus/android-emulator-runner@d7b53ddc6e44254e1f4cf4a6ad67345837027a66 # 2.26.0
if: matrix.os == 'macos-latest'
with:
api-level: 28 # Android 9, Pie.
arch: x86_64
profile: pixel
# Note: We use the `google_apis` target because the default one doesn't have access to
# the internet for the real-world test suite. The intermediate certificate doesn't have
# stapled revocation data, so the system must look it up instead.
#
# This can use the default target (which is less bloated) once
# https://github.com/ReactiveCircus/android-emulator-runner/issues/220 is resolved.
target: google_apis
emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
disable-animations: true
working-directory: ./android
script: |
rustup target add x86_64-linux-android
cargo install cargo-ndk
env | grep '^JAVA'
touch emulator.log
chmod 770 emulator.log
adb logcat >> emulator.log &
./gradlew connectedDebugAndroidTest
- name: Upload Android test results
uses: actions/upload-artifact@v3
# Upload test results if they fail
if: matrix.os == 'macos-latest' && failure()
with:
name: android-test-results
retention-days: 7
path: |
emulator.log
/Users/runner/work/rustls-platform-verifier/rustls-platform-verifier/android/rustls-platform-verifier/build/outputs/androidTest-results/connected/test-result.pb
# TODO: Test iOS in CI too.
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --all -- --check
android_fmt:
name: Ktlint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- name: Ktlint
run: |
cd ./android
./gradlew ktlint
verify_android:
name: Verify Android artifacts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
persist-credentials: false
- name: Verify release artifact
run: ./ci/verify_android_release.sh