Skip to content

Android: Don't attempt to check revocation on non-public certificates #608

Android: Don't attempt to check revocation on non-public certificates

Android: Don't attempt to check revocation on non-public certificates #608

Workflow file for this run

on:
push:
branches:
- main
- "*_dev"
pull_request:
merge_group:
schedule:
- cron: '0 18 * * *'
name: CI
permissions:
contents: read
env:
RUSTFLAGS: -D warnings -F unused_must_use
jobs:
clippy-build-std:
name: Clippy (-Zbuild-std)
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@nightly
with:
components: clippy
- name: Clippy (tvOS)
run: |
rustup component add rust-src --toolchain nightly-aarch64-apple-darwin
cargo +nightly clippy -Zbuild-std --target aarch64-apple-tvos
clippy:
name: Clippy (stable)
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- name: Clippy (${{ matrix.os }})
run: cargo clippy-ci
- name: Clippy (Android)
if: matrix.os == 'ubuntu-latest'
run: |
rustup target add aarch64-linux-android
cargo install cargo-ndk
cargo ndk -t arm64-v8a clippy-ci
- name: Clippy (iOS)
if: matrix.os == 'macos-latest'
run: |
rustup target add x86_64-apple-ios
cargo clippy-ci --target x86_64-apple-ios
# TODO: Should WASM be checked in CI? If so, with what tooling?
# - name: Clippy (WASM)
# if: matrix.os == 'ubuntu-latest'
# run: |
# rustup target add wasm32-unknown-unknown
# cargo clippy-ci --target wasm32-unknown-unknown
clippy-msrv:
name: Clippy (MSRV)
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.64.0" # MSRV
components: clippy
- name: Install cargo-ndk.
run: |
cargo install cargo-ndk --locked --version 2.12.7
rustup target add aarch64-linux-android
- name: Clippy (${{ matrix.os }})
run: cargo clippy-msrv-ci
- name: Clippy (Android)
if: matrix.os == 'ubuntu-latest'
run: |
cargo ndk -t arm64-v8a clippy-msrv-ci
- name: Clippy (iOS)
if: matrix.os == 'macos-latest'
run: |
rustup target add x86_64-apple-ios
cargo clippy-msrv-ci --target x86_64-apple-ios
# TODO: Consider WASM. See note on "clippy" job.
test:
name: Test
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- ubuntu-latest
- macos-latest
- windows-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
- name: Test (${{ matrix.os }})
run: cargo test
test_android:
name: "Test (Android)"
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Turn on Linux KVM features/support for faster Android emulation.
# References:
# - https://github.com/DeterminateSystems/nix-installer-action/blob/de22e16c4711fca50c816cc9081563429d1cf563/src/main.ts#L756
# - https://github.com/ReactiveCircus/android-emulator-runner#running-hardware-accelerated-emulators-on-linux-runners
- name: Enable KVM
run: |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules
sudo udevadm control --reload-rules
sudo udevadm trigger --name-match=kvm
- name: Setup Java
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: '11'
- name: Run Android tests
uses: reactivecircus/android-emulator-runner@77986be26589807b8ebab3fde7bbf5c60dabec32 # 2.31.0
with:
api-level: 28 # Android 9, Pie.
arch: x86_64
profile: pixel
emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none
disable-animations: true
working-directory: ./android
script: |
rustup target add x86_64-linux-android
cargo install cargo-ndk
env | grep '^JAVA'
touch emulator.log
chmod 770 emulator.log
adb logcat --clear
adb logcat | grep 'rustls' | tee emulator.log &
./gradlew connectedDebugAndroidTest
- name: Upload Android test results
uses: actions/upload-artifact@v4
# Upload test results if they fail
if: failure()
with:
name: android-test-results
retention-days: 7
path: |
./android/emulator.log
/Users/runner/work/rustls-platform-verifier/rustls-platform-verifier/android/rustls-platform-verifier/build/outputs/androidTest-results/connected/test-result.pb
# TODO: Test iOS in CI too.
test-freebsd:
name: Test (FreeBSD)
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: test on freebsd
uses: vmactions/freebsd-vm@v1
# Settings adopted from https://github.com/quinn-rs/quinn
with:
usesh: true
mem: 4096
copyback: false
prepare: |
pkg install -y curl
curl https://sh.rustup.rs -sSf --output rustup.sh
sh rustup.sh -y --profile minimal --default-toolchain stable
echo "~~~~ rustc --version ~~~~"
$HOME/.cargo/bin/rustc --version
echo "~~~~ freebsd-version ~~~~"
freebsd-version
run: $HOME/.cargo/bin/cargo test
fmt:
name: Rustfmt
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- run: cargo fmt --all -- --check
android_fmt:
name: Ktlint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Ktlint
run: |
cd ./android
./gradlew ktlint
verify_android:
name: Verify Android artifacts
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: Verify release artifact
run: ./ci/verify_android_release.sh
docs:
name: Check for documentation errors
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Build documentation
run: cargo doc --locked --all-features --no-deps --document-private-items
env:
RUSTDOCFLAGS: -Dwarnings