Peer port randomization #857
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: checks | |
permissions: | |
contents: read | |
on: | |
push: | |
branches: | |
- main | |
- 'release/**' | |
pull_request: | |
branches-ignore: | |
- 'release/**' | |
schedule: | |
- cron: '0 4 * * *' | |
merge_group: | |
branches: | |
- main | |
jobs: | |
build: | |
name: Build and test | |
runs-on: "${{ matrix.os }}" | |
strategy: | |
matrix: | |
include: | |
- rust: stable | |
os: ubuntu-latest | |
features: "" | |
target: "x86_64-unknown-linux-gnu" | |
- rust: beta | |
os: ubuntu-latest | |
features: "" | |
target: "x86_64-unknown-linux-gnu" | |
- rust: "msrv" | |
os: ubuntu-latest | |
features: "" | |
target: "x86_64-unknown-linux-gnu" | |
- rust: "stable" | |
os: ubuntu-latest | |
features: "" | |
target: "x86_64-unknown-linux-musl" | |
- rust: "stable" | |
os: macos-latest | |
features: "" | |
target: "x86_64-apple-darwin" | |
- rust: "stable" | |
os: ubuntu-latest | |
features: "--all-features" | |
target: "x86_64-unknown-linux-gnu" | |
- rust: "msrv" | |
os: ubuntu-latest | |
features: "--all-features" | |
target: "x86_64-unknown-linux-gnu" | |
- rust: "stable" | |
os: ubuntu-latest | |
features: "--all-features" | |
target: "x86_64-unknown-linux-musl" | |
- rust: "stable" | |
os: macos-latest | |
features: "--all-features" | |
target: "x86_64-apple-darwin" | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: false | |
- name: Set target rust version | |
run: echo "TARGET_RUST_VERSION=$(if [ "${{matrix.rust}}" = "msrv" ]; then grep rust-version Cargo.toml | grep MSRV | cut -d'"' -f2; else echo "${{matrix.rust}}"; fi)" >> $GITHUB_ENV | |
- name: Install toolchain | |
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
with: | |
toolchain: "${TARGET_RUST_VERSION}" | |
targets: "${{ matrix.target }}" | |
- name: Install cross-compilation tools | |
uses: taiki-e/setup-cross-toolchain-action@c31d54d08f2ab1b6c35447b32b3f0dcb829a5b4f | |
with: | |
target: ${{ matrix.target }} | |
- name: Install cargo-llvm-cov | |
uses: taiki-e/install-action@4abee32ddd6d3482e57ba21814317997e6268efe | |
with: | |
tool: cargo-llvm-cov | |
- name: Rust cache | |
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 | |
with: | |
shared-key: "${{matrix.rust}}-${{matrix.target}}" | |
- name: cargo build | |
run: cargo build ${{ matrix.features }} | |
- name: cargo test | |
run: cargo llvm-cov --target ${{matrix.target}} ${{ matrix.features }} --lcov --output-path lcov.info | |
env: | |
RUST_BACKTRACE: 1 | |
- name: Upload coverage to Codecov | |
uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab | |
with: | |
files: lcov.info | |
fail_ci_if_error: false | |
unused: | |
name: Check unused dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: false | |
- name: Install nightly toolchain | |
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
with: | |
toolchain: nightly | |
- name: Install udeps | |
uses: taiki-e/install-action@4abee32ddd6d3482e57ba21814317997e6268efe | |
with: | |
tool: cargo-udeps | |
- name: cargo udeps | |
run: cargo udeps --workspace --all-targets | |
- name: cargo udeps (fuzzer) | |
run: cargo udeps --manifest-path ./fuzz/Cargo.toml --all-targets | |
#note: can't validate config/nts.*.toml because of intentionally missing files | |
validate: | |
name: Validate configs | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: false | |
- name: ./ntp.toml | |
run: cargo run --bin ntp-ctl -- -c ./ntp.toml validate | |
- name: ./ntp.server.toml | |
run: cargo run --bin ntp-ctl -- -c ./ntp.server.toml validate | |
- name: ./ntp-proto/test-keys/unsafe.nts.client.toml | |
run: cargo run --bin ntp-ctl -- -c ./ntp-proto/test-keys/unsafe.nts.client.toml validate | |
- name: ./ntp-proto/test-keys/unsafe.nts.server.toml | |
run: cargo run --bin ntp-ctl -- -c ./ntp-proto/test-keys/unsafe.nts.server.toml validate | |
- name: ./config/ntp.demobilize.toml | |
run: cargo run --bin ntp-ctl -- -c ./config/ntp.demobilize.toml validate | |
- name: ./pkg/common/ntp.toml.default | |
run: cargo run --bin ntp-ctl -- -c ./docs/examples/conf/ntp.toml.default validate | |
man-sync: | |
name: Validate man pages | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: false | |
- name: Build man pages | |
run: utils/generate-man.sh target/docs/man | |
- name: Compare generated pages with precompiled | |
run: diff -r -s --color "docs/precompiled/man" "target/docs/man" | |
format: | |
name: Format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: false | |
- name: Install rust toolchain | |
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
with: | |
toolchain: stable | |
components: rustfmt | |
- name: Check formatting | |
run: cargo fmt --all --check | |
- name: Check formatting (fuzzers) | |
run: cargo fmt --manifest-path ./fuzz/Cargo.toml --all --check | |
- name: Check formatting (fuzz_rand_shim) | |
run: cargo fmt --manifest-path ./fuzz/fuzz_rand_shim/Cargo.toml --all --check | |
clippy: | |
name: Clippy | |
strategy: | |
matrix: | |
include: | |
- target: x86_64-unknown-linux-gnu | |
use_zig: false | |
fuzzer: true | |
zig_args: "" | |
- target: armv7-unknown-linux-gnueabihf | |
use_zig: true | |
fuzzer: false | |
zig_args: "-target arm-linux-gnueabihf -mcpu=generic+v7a+vfp3-d32+thumb2-neon -g" | |
- target: x86_64-unknown-linux-musl | |
use_zig: true | |
fuzzer: false | |
zig_args: "-target x86_64-linux-musl" | |
- target: x86_64-apple-darwin | |
use_zig: true | |
fuzzer: false | |
zig_args: "-target x86_64-macos-gnu -g" | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: false | |
- name: Install rust toolchain | |
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
with: | |
toolchain: stable | |
components: clippy | |
targets: ${{matrix.target}} | |
# Use zig as our C compiler for convenient cross-compilation. We run into rustls having a dependency on `ring`. | |
# This crate uses C and assembly code, and because of its build scripts, `cargo clippy` needs to be able to compile | |
# that code for our target. | |
- uses: goto-bus-stop/setup-zig@7ab2955eb728f5440978d5824358023be3a2802d | |
with: | |
version: 0.9.0 | |
if: ${{matrix.use_zig}} | |
- name: Install cargo-zigbuild | |
uses: taiki-e/install-action@4abee32ddd6d3482e57ba21814317997e6268efe | |
with: | |
tool: cargo-zigbuild | |
if: ${{matrix.use_zig}} | |
- name: Set TARGET_CC for zig | |
run: echo "TARGET_CC=/home/runner/.cargo/bin/cargo-zigbuild zig cc -- ${{matrix.zig_args}}" >> $GITHUB_ENV | |
if: ${{matrix.use_zig}} | |
- name: Rust cache | |
uses: Swatinem/rust-cache@23bce251a8cd2ffc3c1075eaa2367cf899916d84 | |
with: | |
shared-key: "stable-${{matrix.target}}" | |
- name: Run clippy | |
run: cargo clippy --target ${{matrix.target}} --workspace --all-targets --all-features -- -D warnings | |
- name: Run clippy (fuzzers) | |
run: cargo clippy --target ${{matrix.target}} --manifest-path ./fuzz/Cargo.toml --all-targets -- -D warnings | |
if: ${{matrix.fuzzer}} | |
- name: Run clippy (fuzz_rand_shim) | |
run: cargo clippy --target ${{matrix.target}} --manifest-path ./fuzz/fuzz_rand_shim/Cargo.toml --all-targets -- -D warnings | |
if: ${{matrix.fuzzer}} | |
fuzz: | |
name: Smoke-test fuzzing targets | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
features: | |
- "" | |
- "--all-features" | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
with: | |
persist-credentials: false | |
- name: Install nightly toolchain | |
uses: dtolnay/rust-toolchain@be73d7920c329f220ce78e0234b8f96b7ae60248 | |
with: | |
toolchain: nightly | |
- name: Install cargo fuzz | |
uses: taiki-e/install-action@4abee32ddd6d3482e57ba21814317997e6268efe | |
with: | |
tool: cargo-fuzz | |
- name: Smoke-test fuzz targets | |
run: | | |
cargo fuzz build ${{ matrix.features }} | |
for target in $(cargo fuzz list ${{ matrix.features }}) ; do | |
cargo fuzz run ${{ matrix.features }} $target -- -max_total_time=10 | |
done | |
audit-dependencies: | |
name: Audit dependencies | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 | |
- uses: EmbarkStudios/cargo-deny-action@5def368d93be6684ad20a0fdec5f23c8ea11e022 | |
with: | |
arguments: --workspace --all-features | |
- uses: EmbarkStudios/cargo-deny-action@5def368d93be6684ad20a0fdec5f23c8ea11e022 | |
with: | |
arguments: --manifest-path ./fuzz/Cargo.toml --all-features |