Skip to content

security(net): Stop sending peer addresses from handshakes directly t… #11

security(net): Stop sending peer addresses from handshakes directly t…

security(net): Stop sending peer addresses from handshakes directly t… #11

# Google Cloud docs updates that run when docs, Rust code, or dependencies are modified,
# but only on PRs from the ZcashFoundation/zebra repository. (External PRs are deployed by mergify.)
name: Docs
# Ensures that only one workflow task will run at a time. Previous deployments, if
# already in process, won't get cancelled. Instead, we let the first to complete
# then queue the latest pending workflow, cancelling any workflows in between
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
# Skip main branch updates where docs, Rust code, and dependencies aren't modified.
branches:
- main
paths:
# doc source files
- 'book/**'
- '**/firebase.json'
- '**/.firebaserc'
- 'katex-header.html'
# rustdoc source files
- '**/*.rs'
- '**/Cargo.toml'
- '**/Cargo.lock'
# configuration files
- '.cargo/config.toml'
- '**/clippy.toml'
# workflow definitions
- '.github/workflows/docs-deploy-firebase.yml'
pull_request:
# Skip PRs where docs, Rust code, and dependencies aren't modified.
paths:
# doc source files
- 'book/**'
- '**/firebase.json'
- '**/.firebaserc'
- 'katex-header.html'
# rustdoc source files
- '**/*.rs'
- '**/Cargo.toml'
- '**/Cargo.lock'
# configuration files
- '.cargo/config.toml'
- '**/clippy.toml'
# workflow definitions
- '.github/workflows/docs.yml'
env:
RUST_LOG: ${{ vars.RUST_LOG }}
RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }}
RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }}
COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }}
FIREBASE_CHANNEL: ${{ github.event_name == 'pull_request' && 'preview' || 'live' }}
# cargo doc doesn't support '-- -D warnings', so we have to add it here
# https://github.com/rust-lang/cargo/issues/8424#issuecomment-774662296
#
# The -A and -W settings must be the same as the `rustdocflags` in:
# https://github.com/ZcashFoundation/zebra/blob/main/.cargo/config.toml#L87
RUSTDOCFLAGS: --html-in-header katex-header.html -D warnings -A rustdoc::private_intra_doc_links
# IMPORTANT
#
# The job names in `docs-deploy-firebase.yml`, `docs-deploy-firebase.patch.yml` and
# `docs-deploy-firebase.patch-external.yml` must be kept in sync.
jobs:
build-docs-book:
name: Build and Deploy Zebra Book Docs
# Skip PRs from external repositories, let them pass, and then Mergify will check them
if: ${{ contains(github.head_ref || github.ref, 'refs/heads/') }}
timeout-minutes: 5
runs-on: ubuntu-latest
permissions:
checks: write
contents: 'read'
id-token: 'write'
pull-requests: write
steps:
- name: Checkout the source code
uses: actions/[email protected]
with:
persist-credentials: false
- uses: r7kamura/[email protected]
- name: Setup mdBook
uses: jontze/[email protected]
with:
token: ${{ secrets.GITHUB_TOKEN }}
mdbook-version: '~0.4'
use-linkcheck: true
use-mermaid: true
- name: Build Zebra book
run: |
mdbook build book --dest-dir "$(pwd)"/target/book
# Setup gcloud CLI
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/[email protected]
with:
retries: '3'
workload_identity_provider: '${{ vars.GCP_WIF }}'
service_account: '${{ vars.GCP_FIREBASE_SA }}'
# TODO: remove this step after issue https://github.com/FirebaseExtended/action-hosting-deploy/issues/174 is fixed
- name: Add $GCP_FIREBASE_SA_PATH to env
run: |
# shellcheck disable=SC2002
echo "GCP_FIREBASE_SA_PATH=$(cat ${{ steps.auth.outputs.credentials_file_path }} | tr -d '\n')" >> "$GITHUB_ENV"
- name: Deploy Zebra book to firebase
uses: FirebaseExtended/[email protected]
with:
firebaseServiceAccount: ${{ env.GCP_FIREBASE_SA_PATH }}
channelId: ${{ env.FIREBASE_CHANNEL }}
projectId: ${{ vars.GCP_FIREBASE_PROJECT }}
target: docs-book
build-docs-internal:
name: Build and Deploy Zebra Internal Docs
if: ${{ contains(github.head_ref || github.ref, 'refs/heads/') }}
timeout-minutes: 45
runs-on: ubuntu-latest
permissions:
checks: write
contents: 'read'
id-token: 'write'
pull-requests: write
steps:
- name: Checkout the source code
uses: actions/[email protected]
with:
persist-credentials: false
- uses: r7kamura/[email protected]
- name: Install last version of Protoc
uses: arduino/[email protected]
with:
version: '23.x'
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Setup Rust with beta toolchain and default profile (to include rust-docs)
- name: Setup Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=beta --profile=default
- uses: Swatinem/[email protected]
- name: Build internal docs
run: |
cargo doc --no-deps --workspace --all-features --document-private-items --target-dir "$(pwd)"/target/internal
# Setup gcloud CLI
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/[email protected]
with:
retries: '3'
workload_identity_provider: '${{ vars.GCP_WIF }}'
service_account: '${{ vars.GCP_FIREBASE_SA }}'
# TODO: remove this step after issue https://github.com/FirebaseExtended/action-hosting-deploy/issues/174 is fixed
- name: Add $GCP_FIREBASE_SA_PATH to env
run: |
# shellcheck disable=SC2002
echo "GCP_FIREBASE_SA_PATH=$(cat ${{ steps.auth.outputs.credentials_file_path }} | tr -d '\n')" >> "$GITHUB_ENV"
- name: Deploy internal docs to firebase
uses: FirebaseExtended/[email protected]
with:
firebaseServiceAccount: ${{ env.GCP_FIREBASE_SA_PATH }}
channelId: ${{ env.FIREBASE_CHANNEL }}
target: docs-internal
projectId: ${{ vars.GCP_FIREBASE_PROJECT }}