Android: Don't attempt to check revocation on non-public certificates #608
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: | |
push: | |
branches: | |
- main | |
- "*_dev" | |
pull_request: | |
merge_group: | |
schedule: | |
- cron: '0 18 * * *' | |
name: CI | |
permissions: | |
contents: read | |
env: | |
RUSTFLAGS: -D warnings -F unused_must_use | |
jobs: | |
clippy-build-std: | |
name: Clippy (-Zbuild-std) | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@nightly | |
with: | |
components: clippy | |
- name: Clippy (tvOS) | |
run: | | |
rustup component add rust-src --toolchain nightly-aarch64-apple-darwin | |
cargo +nightly clippy -Zbuild-std --target aarch64-apple-tvos | |
clippy: | |
name: Clippy (stable) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: clippy | |
- name: Clippy (${{ matrix.os }}) | |
run: cargo clippy-ci | |
- name: Clippy (Android) | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
rustup target add aarch64-linux-android | |
cargo install cargo-ndk | |
cargo ndk -t arm64-v8a clippy-ci | |
- name: Clippy (iOS) | |
if: matrix.os == 'macos-latest' | |
run: | | |
rustup target add x86_64-apple-ios | |
cargo clippy-ci --target x86_64-apple-ios | |
# TODO: Should WASM be checked in CI? If so, with what tooling? | |
# - name: Clippy (WASM) | |
# if: matrix.os == 'ubuntu-latest' | |
# run: | | |
# rustup target add wasm32-unknown-unknown | |
# cargo clippy-ci --target wasm32-unknown-unknown | |
clippy-msrv: | |
name: Clippy (MSRV) | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: "1.64.0" # MSRV | |
components: clippy | |
- name: Install cargo-ndk. | |
run: | | |
cargo install cargo-ndk --locked --version 2.12.7 | |
rustup target add aarch64-linux-android | |
- name: Clippy (${{ matrix.os }}) | |
run: cargo clippy-msrv-ci | |
- name: Clippy (Android) | |
if: matrix.os == 'ubuntu-latest' | |
run: | | |
cargo ndk -t arm64-v8a clippy-msrv-ci | |
- name: Clippy (iOS) | |
if: matrix.os == 'macos-latest' | |
run: | | |
rustup target add x86_64-apple-ios | |
cargo clippy-msrv-ci --target x86_64-apple-ios | |
# TODO: Consider WASM. See note on "clippy" job. | |
test: | |
name: Test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-latest | |
- macos-latest | |
- windows-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@stable | |
- name: Test (${{ matrix.os }}) | |
run: cargo test | |
test_android: | |
name: "Test (Android)" | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
# Turn on Linux KVM features/support for faster Android emulation. | |
# References: | |
# - https://github.com/DeterminateSystems/nix-installer-action/blob/de22e16c4711fca50c816cc9081563429d1cf563/src/main.ts#L756 | |
# - https://github.com/ReactiveCircus/android-emulator-runner#running-hardware-accelerated-emulators-on-linux-runners | |
- name: Enable KVM | |
run: | | |
echo 'KERNEL=="kvm", GROUP="kvm", MODE="0666", OPTIONS+="static_node=kvm"' | sudo tee /etc/udev/rules.d/99-kvm4all.rules | |
sudo udevadm control --reload-rules | |
sudo udevadm trigger --name-match=kvm | |
- name: Setup Java | |
uses: actions/setup-java@v4 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
- name: Run Android tests | |
uses: reactivecircus/android-emulator-runner@77986be26589807b8ebab3fde7bbf5c60dabec32 # 2.31.0 | |
with: | |
api-level: 28 # Android 9, Pie. | |
arch: x86_64 | |
profile: pixel | |
emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none | |
disable-animations: true | |
working-directory: ./android | |
script: | | |
rustup target add x86_64-linux-android | |
cargo install cargo-ndk | |
env | grep '^JAVA' | |
touch emulator.log | |
chmod 770 emulator.log | |
adb logcat --clear | |
adb logcat | grep 'rustls' | tee emulator.log & | |
./gradlew connectedDebugAndroidTest | |
- name: Upload Android test results | |
uses: actions/upload-artifact@v4 | |
# Upload test results if they fail | |
if: failure() | |
with: | |
name: android-test-results | |
retention-days: 7 | |
path: | | |
./android/emulator.log | |
/Users/runner/work/rustls-platform-verifier/rustls-platform-verifier/android/rustls-platform-verifier/build/outputs/androidTest-results/connected/test-result.pb | |
# TODO: Test iOS in CI too. | |
test-freebsd: | |
name: Test (FreeBSD) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- name: test on freebsd | |
uses: vmactions/freebsd-vm@v1 | |
# Settings adopted from https://github.com/quinn-rs/quinn | |
with: | |
usesh: true | |
mem: 4096 | |
copyback: false | |
prepare: | | |
pkg install -y curl | |
curl https://sh.rustup.rs -sSf --output rustup.sh | |
sh rustup.sh -y --profile minimal --default-toolchain stable | |
echo "~~~~ rustc --version ~~~~" | |
$HOME/.cargo/bin/rustc --version | |
echo "~~~~ freebsd-version ~~~~" | |
freebsd-version | |
run: $HOME/.cargo/bin/cargo test | |
fmt: | |
name: Rustfmt | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
components: rustfmt | |
- run: cargo fmt --all -- --check | |
android_fmt: | |
name: Ktlint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Ktlint | |
run: | | |
cd ./android | |
./gradlew ktlint | |
verify_android: | |
name: Verify Android artifacts | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Verify release artifact | |
run: ./ci/verify_android_release.sh | |
docs: | |
name: Check for documentation errors | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install rust toolchain | |
uses: dtolnay/rust-toolchain@stable | |
- name: Build documentation | |
run: cargo doc --locked --all-features --no-deps --document-private-items | |
env: | |
RUSTDOCFLAGS: -Dwarnings |