Only check end-entity certificate revocation status on Android #169
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
- "*_dev" | |
pull_request: | |
merge_group: | |
schedule: | |
- cron: '0 18 * * *' | |
name: CI | |
permissions: | |
contents: read | |
env: | |
RUSTFLAGS: -D warnings -F unused_must_use | |
jobs: | |
clippy: | |
name: Clippy | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy | |
- name: Clippy (${{ matrix.os }}) | |
run: cargo clippy-ci | |
- name: Clippy (Android) | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
rustup target add aarch64-linux-android | |
cargo install cargo-ndk | |
cargo ndk -t arm64-v8a clippy-ci | |
- name: Clippy (iOS) | |
if: matrix.os == 'macos-latest' | |
run: | | |
rustup target add x86_64-apple-ios | |
cargo clippy-ci --target x86_64-apple-ios | |
# TODO: Should WASM be checked in CI? If so, with what tooling? | |
# - name: Clippy (WASM) | |
# if: matrix.os == 'ubuntu-latest' | |
# run: | | |
# rustup target add wasm32-unknown-unknown | |
# cargo clippy-ci --target wasm32-unknown-unknown | |
clippy-msrv: | |
name: Clippy (MSRV) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: "1.64.0" # MSRV | |
components: clippy | |
- name: Install cargo-ndk. | |
run: | | |
cargo install cargo-ndk --locked --version 2.12.7 | |
rustup target add aarch64-linux-android | |
- name: Clippy (${{ matrix.os }}) | |
run: cargo clippy-msrv-ci | |
- name: Clippy (Android) | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
cargo ndk -t arm64-v8a clippy-msrv-ci | |
- name: Clippy (iOS) | |
if: matrix.os == 'macos-latest' | |
run: | | |
rustup target add x86_64-apple-ios | |
cargo clippy-msrv-ci --target x86_64-apple-ios | |
# TODO: Consider WASM. See note on "clippy" job. | |
test: | |
name: Test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@stable | |
- name: Test (${{ matrix.os }}) | |
run: cargo test | |
- name: Setup Android test environment | |
uses: actions/setup-java@v2 | |
if: matrix.os == 'macos-latest' | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Test (Android) | |
uses: reactivecircus/android-emulator-runner@d7b53ddc6e44254e1f4cf4a6ad67345837027a66 # 2.26.0 | |
if: matrix.os == 'macos-latest' | |
with: | |
api-level: 28 # Android 9, Pie. | |
arch: x86_64 | |
profile: pixel | |
# Note: We use the `google_apis` target because the default one doesn't have access to | |
# the internet for the real-world test suite. The intermediate certificate doesn't have | |
# stapled revocation data, so the system must look it up instead. | |
# | |
# This can use the default target (which is less bloated) once | |
# https://github.com/ReactiveCircus/android-emulator-runner/issues/220 is resolved. | |
target: google_apis | |
emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none | |
disable-animations: true | |
working-directory: ./android | |
script: | | |
rustup target add x86_64-linux-android | |
cargo install cargo-ndk | |
env | grep '^JAVA' | |
touch emulator.log | |
chmod 770 emulator.log | |
adb logcat >> emulator.log & | |
./gradlew connectedDebugAndroidTest | |
- name: Upload Android test results | |
uses: actions/upload-artifact@v3 | |
# Upload test results if they fail | |
if: matrix.os == 'macos-latest' && failure() | |
with: | |
name: android-test-results | |
retention-days: 7 | |
path: | | |
emulator.log | |
/Users/runner/work/rustls-platform-verifier/rustls-platform-verifier/android/rustls-platform-verifier/build/outputs/androidTest-results/connected/test-result.pb | |
# TODO: Test iOS in CI too. | |
fmt: | |
name: Rustfmt | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- run: cargo fmt --all -- --check | |
android_fmt: | |
name: Ktlint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Ktlint | |
run: | | |
cd ./android | |
./gradlew ktlint | |
verify_android: | |
name: Verify Android artifacts | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
persist-credentials: false | |
- name: Verify release artifact | |
run: ./ci/verify_android_release.sh |