rustls #185

Workflow file for this run

	name: rustls

	permissions:
	contents: read

	on:
	push:
	pull_request:
	merge_group:
	schedule:
	- cron: '0 18 * * *'

	jobs:
	build:
	name: Build+test
	runs-on: ${{ matrix.os }}
	strategy:
	matrix:
	rust:
	- stable
	- beta
	- nightly
	os:
	- ubuntu-latest
	- windows-latest
	- macos-latest
	exclude:
	# only stable on macos/windows (slower platforms)
	- os: windows-latest
	rust: beta
	- os: windows-latest
	rust: nightly
	- os: macos-latest
	rust: beta
	- os: macos-latest
	rust: nightly
	# and never use macos/windows for merge checks
	- os: ${{ github.event_name == 'merge_group' && 'windows-latest' }}
	- os: ${{ github.event_name == 'merge_group' && 'macos-latest' }}
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install ${{ matrix.rust }} toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ matrix.rust }}

	- name: Install NASM for aws-lc-rs on Windows
	if: runner.os == 'Windows'
	uses: ilammy/setup-nasm@v1

	- name: Install ninja-build tool for aws-lc-fips-sys on Windows
	if: runner.os == 'Windows'
	uses: seanmiddleditch/gha-setup-ninja@v4

	- name: cargo build (debug; default features)
	run: cargo build --locked

	# nb. feature sets that include "fips" should be --release --
	# this is required for fips on windows.
	# nb. "--all-targets" does not include doctests
	- name: cargo test (release; all features)
	run: cargo test --release --locked --all-features --all-targets
	env:
	RUST_BACKTRACE: 1

	# nb. this is separate so it can be skipped on macOS & windows, where
	# doctests don't work: https://github.com/rust-lang/cargo/issues/8531
	- name: cargo test --doc (release; all-features)
	if: ${{ runner.os != 'macOS' && runner.os != 'Windows' }}
	run: cargo test --release --locked --all-features --doc
	env:
	RUST_BACKTRACE: 1

	- name: cargo test (debug; aws-lc-rs)
	run: cargo test --no-default-features --features aws_lc_rs,tls12,read_buf,logging,std --all-targets
	env:
	RUST_BACKTRACE: 1

	- name: cargo test (release; fips)
	run: cargo test --release --no-default-features --features fips,tls12,read_buf,logging,std --all-targets
	env:
	RUST_BACKTRACE: 1

	- name: cargo build (debug; rustls-provider-example)
	run: cargo build --locked -p rustls-provider-example

	- name: cargo build (debug; rustls-provider-example lib in no-std mode)
	run: cargo build --locked -p rustls-provider-example --no-default-features

	msrv:
	name: MSRV
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- uses: dtolnay/rust-toolchain@master
	with:
	toolchain: "1.61"

	- run: cargo check --locked --lib --all-features -p rustls

	features:
	name: Features
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	target: x86_64-unknown-none

	- name: cargo build (debug; default features)
	run: cargo build --locked
	working-directory: rustls

	# this target does _not_ include the libstd crate in its sysroot
	# it will catch unwanted usage of libstd in _dependencies_
	- name: cargo build (debug; no default features; no-std)
	run: cargo build --locked --no-default-features --target x86_64-unknown-none
	working-directory: rustls

	- name: cargo build (debug; no default features; no-std, hashbrown)
	run: cargo build --locked --no-default-features --features hashbrown --target x86_64-unknown-none
	working-directory: rustls

	- name: cargo test (debug; default features)
	run: cargo test --locked
	working-directory: rustls
	env:
	RUST_BACKTRACE: 1

	- name: cargo test (debug; no default features)
	run: cargo test --locked --no-default-features
	working-directory: rustls

	- name: cargo test (debug; no default features; tls12)
	run: cargo test --locked --no-default-features --features tls12,std
	working-directory: rustls

	- name: cargo test (debug; no default features; aws-lc-rs,tls12)
	run: cargo test --no-default-features --features aws_lc_rs,tls12,std
	working-directory: rustls

	- name: cargo test (debug; no default features; fips,tls12)
	run: cargo test --no-default-features --features fips,tls12,std
	working-directory: rustls

	- name: cargo test (release; no run)
	run: cargo test --locked --release --no-run
	working-directory: rustls

	bogo:
	name: BoGo test suite
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@stable

	- name: Install golang toolchain
	uses: actions/setup-go@v5
	with:
	go-version: "1.20"
	cache: false

	- name: Run test suite (ring)
	working-directory: bogo
	run: ./runme
	env:
	BOGO_SHIM_PROVIDER: ring

	- name: Run test suite (aws-lc-rs)
	working-directory: bogo
	run: ./runme
	env:
	BOGO_SHIM_PROVIDER: aws-lc-rs


	fuzz:
	name: Smoke-test fuzzing targets
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install nightly toolchain
	uses: dtolnay/rust-toolchain@nightly

	- name: Install cargo fuzz
	run: cargo install cargo-fuzz

	- name: Smoke-test fuzz targets
	run: \|
	cargo fuzz build
	for target in $(cargo fuzz list) ; do
	cargo fuzz run $target -- -max_total_time=10
	done

	benchmarks:
	name: Run benchmarks
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install nightly toolchain
	uses: dtolnay/rust-toolchain@nightly

	- name: Smoke-test benchmark program (ring)
	run: cargo run -p rustls --profile=bench --locked --example bench

	- name: Smoke-test benchmark program (aws-lc-rs)
	run: cargo run -p rustls --profile=bench --locked --example bench --no-default-features --features aws_lc_rs,tls12,std

	- name: Smoke-test benchmark program (fips)
	run: cargo run -p rustls --profile=bench --locked --example bench --no-default-features --features fips,tls12,std

	- name: Run micro-benchmarks
	run: cargo bench --locked --all-features
	env:
	RUSTFLAGS: --cfg=bench

	docs:
	name: Check for documentation errors
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@nightly

	- name: cargo doc (rustls; all features)
	run: cargo doc --locked --all-features --no-deps --document-private-items --package rustls
	env:
	RUSTDOCFLAGS: -Dwarnings

	- name: Check README.md
	run: \|
	cargo build --locked --all-features
	./admin/pull-readme
	./admin/pull-usage
	git diff --exit-code

	coverage:
	name: Measure coverage
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	components: llvm-tools

	- name: Install cargo-llvm-cov
	run: cargo install cargo-llvm-cov

	- name: Measure coverage
	run: ./admin/coverage --lcov --output-path final.info

	- name: Report to codecov.io
	uses: codecov/codecov-action@v4
	with:
	file: final.info
	token: ${{ secrets.CODECOV_TOKEN }}
	fail_ci_if_error: false


	minver:
	name: Check minimum versions of direct dependencies
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@nightly

	- name: Install cargo-minimal-versions
	uses: taiki-e/install-action@cargo-minimal-versions

	# cargo-minimal-versions requires cargo-hack
	- name: Install cargo-hack
	uses: taiki-e/install-action@cargo-hack

	- name: Check direct-minimal-versions
	run: cargo minimal-versions --direct --ignore-private check
	working-directory: rustls/

	cross:
	name: Check cross compilation targets
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@stable
	- name: Install cross
	uses: taiki-e/install-action@cross
	- run: cross build --locked --target i686-unknown-linux-gnu

	semver:
	name: Check semver compatibility
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Check semver
	uses: obi1kenobi/cargo-semver-checks-action@v2

	format:
	name: Format
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false
	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	components: rustfmt
	- name: Check formatting
	run: cargo fmt --all -- --check
	- name: Check formatting (connect-tests workspace)
	run: cargo fmt --all --manifest-path=connect-tests/Cargo.toml -- --check
	- name: Check formatting (fuzz workspace)
	run: cargo fmt --all --manifest-path=fuzz/Cargo.toml -- --check

	format-unstable:
	name: Format (unstable)
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false
	- name: Install rust nightly toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	components: rustfmt
	toolchain: nightly-2024-02-21
	- name: Check formatting (unstable)
	run: cargo fmt --all -- --check --config-path .rustfmt.unstable.toml
	continue-on-error: true
	- name: Check formatting (unstable, connect-tests workspace)
	run: cargo fmt --all --manifest-path=connect-tests/Cargo.toml -- --check --config-path .rustfmt.unstable.toml
	continue-on-error: true
	- name: Check formatting (unstable, fuzz workspace)
	run: cargo fmt --all --manifest-path=fuzz/Cargo.toml -- --check --config-path .rustfmt.unstable.toml
	continue-on-error: true

	clippy:
	name: Clippy
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false
	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@stable
	with:
	components: clippy
	# because examples enable rustls' features, `--workspace --no-default-features` is not
	# the same as `--package rustls --no-default-features` so run it separately
	- run: cargo clippy --locked --package rustls --no-default-features --all-targets -- --deny warnings
	- run: cargo clippy --locked --workspace --all-features --all-targets -- --deny warnings
	# not part of the workspace
	- run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets -- --deny warnings

	clippy-nightly:
	name: Clippy (Nightly)
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false
	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@nightly
	with:
	components: clippy
	- run: cargo clippy --locked --package rustls --no-default-features --all-targets
	- run: cargo clippy --locked --workspace --all-features --all-targets
	- run: cargo clippy --locked --manifest-path=fuzz/Cargo.toml --all-features --all-targets

	check-external-types:
	name: Validate external types appearing in public API
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false
	- name: Install rust toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: nightly-2024-02-07
	# ^ sync with https://github.com/awslabs/cargo-check-external-types/blob/main/rust-toolchain.toml
	- run: cargo install --locked cargo-check-external-types
	- name: run cargo-check-external-types for rustls/
	working-directory: rustls/
	run: cargo check-external-types

	openssl-tests:
	name: Run openssl-tests
	runs-on: ubuntu-latest
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	persist-credentials: false

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@stable

	- name: openssl version
	run: openssl version

	- name: cargo test (in openssl-tests/)
	working-directory: openssl-tests/
	run: cargo test --locked -- --include-ignored
	env:
	RUST_BACKTRACE: 1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

rustls #185

Workflow file

rustls #185

Jobs

Run details

Workflow file for this run