security(net): Stop sending peer addresses from handshakes directly t… #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build crates individually | |
# Ensures that only one workflow task will run at a time. Previous builds, if | |
# already in process, will get cancelled. Only the latest commit will be allowed | |
# to run, cancelling any workflows in between | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
paths: | |
# production code and test code | |
- '**/*.rs' | |
# dependencies | |
- '**/Cargo.toml' | |
- '**/Cargo.lock' | |
# configuration files | |
- '.cargo/config.toml' | |
- '**/clippy.toml' | |
# workflow definitions | |
- '.github/workflows/ci-build-crates.yml' | |
pull_request: | |
paths: | |
# production code and test code | |
- '**/*.rs' | |
# dependencies | |
- '**/Cargo.toml' | |
- '**/Cargo.lock' | |
# configuration files | |
- '.cargo/config.toml' | |
- '**/clippy.toml' | |
# workflow definitions | |
- '.github/workflows/ci-build-crates.yml' | |
env: | |
CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }} | |
RUST_LOG: ${{ vars.RUST_LOG }} | |
RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }} | |
RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }} | |
COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }} | |
jobs: | |
matrix: | |
name: Generate crates matrix | |
runs-on: ubuntu-latest | |
outputs: | |
matrix: ${{ steps.set-matrix.outputs.matrix }} | |
steps: | |
- uses: actions/[email protected] | |
- uses: r7kamura/[email protected] | |
# Setup Rust with stable toolchain and minimal profile | |
- name: Setup Rust | |
run: | | |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=minimal | |
# This step is meant to dynamically create a JSON containing the values of each crate | |
# available in this repo in the root directory. We use `cargo tree` to accomplish this task. | |
# | |
# The result from `cargo tree` is then transform to JSON values between double quotes, | |
# and separated by commas, then added to a `crates.txt` and assigned to a $JSON_CRATES variable. | |
# | |
# A JSON object is created and assigned to a $MATRIX variable, which is use to create an output | |
# named `matrix`, which is then used as the input in following steps, | |
# using ` ${{ fromJson(needs.matrix.outputs.matrix) }}` | |
- id: set-matrix | |
name: Dynamically build crates JSON | |
run: | | |
TEMP_DIR=$(mktemp -d) | |
echo "$(cargo tree --depth 0 --edges no-normal,no-dev,no-build,no-proc-macro --prefix none | cut -d ' ' -f1 | sed '/^$/d' | awk '{ printf "\"%s\",\n", $0 }' | sed '$ s/.$//')" > $TEMP_DIR/crates.txt | |
MATRIX=$( ( | |
echo '{ "crate" : [' | |
echo "$(cat $TEMP_DIR/crates.txt)" | |
echo " ]}" | |
) | jq -c .) | |
echo $MATRIX | |
echo $MATRIX | jq . | |
echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT" | |
check-matrix: | |
name: Check crates matrix | |
runs-on: ubuntu-latest | |
needs: [ matrix ] | |
steps: | |
- name: Install json2yaml | |
run: | | |
sudo npm install -g json2yaml | |
- name: Check matrix definition | |
run: | | |
matrix='${{ needs.matrix.outputs.matrix }}' | |
echo $matrix | |
echo $matrix | jq . | |
echo $matrix | json2yaml | |
build: | |
name: Build ${{ matrix.crate }} crate | |
timeout-minutes: 90 | |
needs: [ matrix, check-matrix ] | |
runs-on: ubuntu-latest | |
strategy: | |
# avoid rate-limit errors by only launching a few of these jobs at a time | |
max-parallel: 2 | |
fail-fast: true | |
matrix: ${{ fromJson(needs.matrix.outputs.matrix) }} | |
steps: | |
- uses: actions/[email protected] | |
with: | |
persist-credentials: false | |
- uses: r7kamura/[email protected] | |
- name: Install last version of Protoc | |
uses: arduino/[email protected] | |
with: | |
# TODO: increase to latest version after https://github.com/arduino/setup-protoc/issues/33 is fixed | |
version: '23.x' | |
repo-token: ${{ secrets.GITHUB_TOKEN }} | |
# Setup Rust with stable toolchain and minimal profile | |
- name: Setup Rust | |
run: | | |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=minimal | |
# We could use `features: ['', '--all-features', '--no-default-features']` as a matrix argument, | |
# but it's faster to run these commands sequentially, so they can re-use the local cargo cache. | |
# | |
# Some Zebra crates do not have any features, and most don't have any default features. | |
- name: Build ${{ matrix.crate }} crate with no default features | |
run: | | |
cargo build --package ${{ matrix.crate }} --no-default-features | |
- name: Build ${{ matrix.crate }} crate normally | |
run: | | |
cargo build --package ${{ matrix.crate }} | |
- name: Build ${{ matrix.crate }} crate with all features | |
run: | | |
cargo build --package ${{ matrix.crate }} --all-features | |
failure-issue: | |
name: Open or update issues for building crates individually failures | |
# When a new job is added to this workflow, add it to this list. | |
needs: [ matrix, build ] | |
# Only open tickets for failed or cancelled jobs that are not coming from PRs. | |
# (PR statuses are already reported in the PR jobs list, and checked by Mergify.) | |
if: (failure() && github.event.pull_request == null) || (cancelled() && github.event.pull_request == null) | |
runs-on: ubuntu-latest | |
steps: | |
- uses: jayqi/failed-build-issue-action@v1 | |
with: | |
title-template: "{{refname}} branch CI failed: {{eventName}} in {{workflow}}" | |
# New failures open an issue with this label. | |
label-name: S-ci-fail-build-crates-auto-issue | |
# If there is already an open issue with this label, any failures become comments on that issue. | |
always-create-new-issue: false | |
github-token: ${{ secrets.GITHUB_TOKEN }} |