name: CI on: pull_request: branches: - master push: branches: - master env: RUSTFLAGS: -Dwarnings RUST_BACKTRACE: 1 jobs: rustfmt: name: rustfmt runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install Rust run: rustup update stable && rustup default stable - name: Check formatting run: cargo fmt --all -- --check clippy: name: clippy runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust run: rustup update stable && rustup default stable - name: Get rust version id: rust-version run: echo "::set-output name=version::$(rustc --version)" - name: Cache cargo index uses: actions/cache@v4 with: path: ~/.cargo/registry/index key: index-${{ runner.os }}-${{ github.run_number }} restore-keys: | index-${{ runner.os }}- - name: Create lockfile run: cargo generate-lockfile - name: Cache cargo registry uses: actions/cache@v4 with: path: ~/.cargo/registry/cache key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - name: Fetch dependencies run: cargo fetch - name: Cache target directory uses: actions/cache@v4 with: path: target key: clippy-target-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - name: Run clippy run: cargo clippy --all --all-targets - name: Check docs run: cargo doc --no-deps -p boring -p boring-sys --features rpk,pq-experimental,underscore-wildcards env: DOCS_RS: 1 test: name: Test runs-on: ${{ matrix.os }} strategy: matrix: thing: - stable - arm-android - arm64-android - i686-android - x86_64-android - aarch64-ios - aarch64-ios-sim - x86_64-ios - i686-linux - arm-linux - aarch64-linux - arm64-macos - x86_64-macos - x86_64-mingw - i686-msvc - x86_64-msvc include: - check_only: false - extra_test_args: '' - apt_packages: '' - custom_env: {} - thing: stable target: x86_64-unknown-linux-gnu rust: stable os: ubuntu-latest - thing: arm-android target: armv7-linux-androideabi rust: stable os: ubuntu-latest check_only: true - thing: arm64-android target: aarch64-linux-android rust: stable os: ubuntu-latest check_only: true - thing: i686-android target: i686-linux-android rust: stable os: ubuntu-latest check_only: true - thing: x86_64-android target: x86_64-linux-android rust: stable os: ubuntu-latest check_only: true - thing: aarch64-ios target: aarch64-apple-ios os: macos-latest check_only: true custom_env: IPHONEOS_DEPLOYMENT_TARGET: 17.5 # It's... theoretically possible to run tests on iPhone Simulator, # but for now, make sure that BoringSSL only builds. - thing: aarch64-ios-sim target: aarch64-apple-ios-sim os: macos-latest check_only: true custom_env: IPHONEOS_DEPLOYMENT_TARGET: 17.5 - thing: x86_64-ios target: x86_64-apple-ios os: macos-latest check_only: true custom_env: IPHONEOS_DEPLOYMENT_TARGET: 17.5 - thing: i686-linux target: i686-unknown-linux-gnu rust: stable os: ubuntu-latest apt_packages: gcc-multilib g++-multilib - thing: arm-linux target: arm-unknown-linux-gnueabi rust: stable os: ubuntu-latest apt_packages: gcc-arm-linux-gnueabi g++-arm-linux-gnueabi check_only: true custom_env: CC_arm-unknown-linux-gnueabi: arm-linux-gnueabi-gcc CXX_arm-unknown-linux-gnueabi: arm-linux-gnueabi-g++ CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABI_LINKER: arm-linux-gnueabi-g++ - thing: aarch64-linux target: aarch64-unknown-linux-gnu rust: stable os: ubuntu-latest apt_packages: crossbuild-essential-arm64 check_only: true custom_env: CC_aarch64_unknown_linux_gnu: aarch64-linux-gnu-gcc CXX_aarch64_unknown_linux_gnu: aarch64-linux-gnu-g++ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-g++ - thing: arm64-macos target: aarch64-apple-darwin rust: stable os: macos-latest check_only: true - thing: x86_64-macos target: x86_64-apple-darwin rust: stable os: macos-latest - thing: x86_64-mingw target: x86_64-pc-windows-gnu rust: stable os: windows-latest check_only: true # tests are flaky for unclear reasons custom_env: CC: gcc CXX: g++ C_INCLUDE_PATH: "C:\\msys64\\usr\\include" CPLUS_INCLUDE_PATH: "C:\\msys64\\usr\\include" LIBRARY_PATH: "C:\\msys64\\usr\\lib" # CI's Windows doesn't have required root certs extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring - thing: i686-msvc target: i686-pc-windows-msvc rust: stable-x86_64-msvc os: windows-latest # CI's Windows doesn't have required root certs extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring - thing: x86_64-msvc target: x86_64-pc-windows-msvc rust: stable-x86_64-msvc os: windows-latest # CI's Windows doesn't have required root certs extra_test_args: --workspace --exclude tokio-boring --exclude hyper-boring steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust (rustup) run: rustup update ${{ matrix.rust }} --no-self-update && rustup default ${{ matrix.rust }} shell: bash - run: rustup target add ${{ matrix.target }} - name: Install target-specific APT dependencies if: "matrix.apt_packages != ''" run: sudo apt update && sudo apt install -y ${{ matrix.apt_packages }} shell: bash - name: Install nasm if: startsWith(matrix.os, 'windows') run: choco install nasm shell: cmd - name: Install LLVM and Clang if: startsWith(matrix.os, 'windows') uses: KyleMayes/install-llvm-action@v1 with: version: "11.0" directory: ${{ runner.temp }}/llvm - name: Set LIBCLANG_PATH if: startsWith(matrix.os, 'windows') run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV - name: Set Android Linker path if: endsWith(matrix.thing, '-android') run: echo "CARGO_TARGET_$(echo ${{ matrix.target }} | tr \\-a-z _A-Z)_LINKER=$ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64/bin/$(echo ${{ matrix.target }} | sed s/armv7/armv7a/)21-clang++" >> "$GITHUB_ENV" - name: Build tests # We `build` because we want the linker to verify we are cross-compiling correctly for check-only targets. run: cargo build --target ${{ matrix.target }} --tests ${{ matrix.extra_test_args }} shell: bash env: ${{ matrix.custom_env }} - name: Run tests if: "!matrix.check_only" run: cargo test --target ${{ matrix.target }} ${{ matrix.extra_test_args }} shell: bash env: ${{ matrix.custom_env }} - name: Test boring-sys cargo publish # Running `cargo publish --dry-run` tests two things: # # 1. That `boring-sys` can build BoringSSL with just the files included # in the crates.io package (as determined by the `include` field in # the `Cargo.toml`). # 2. That the final `boring-sys` package size, including the BoringSSL # submodules, is not too large to be published to `crates.io`. # # Both of these may no longer be the case after updating the BoringSSL # submodules to a new revision, so it's important to test this on CI. run: cargo publish --dry-run -p boring-sys test-fips: name: Test FIPS integration runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust (rustup) run: rustup update stable --no-self-update && rustup default stable shell: bash - name: Install Clang-12 uses: KyleMayes/install-llvm-action@v1 with: version: "12.0.0" directory: ${{ runner.temp }}/llvm - name: Install golang uses: actions/setup-go@v5 with: go-version: '>=1.22.0' - name: Add clang++-12 link working-directory: ${{ runner.temp }}/llvm/bin run: ln -s clang clang++-12 - name: Run tests run: cargo test --features fips - name: Test boring-sys cargo publish (FIPS) # Running `cargo publish --dry-run` tests two things: # # 1. That `boring-sys` can build BoringSSL with just the files included # in the crates.io package (as determined by the `include` field in # the `Cargo.toml`). # 2. That the final `boring-sys` package size, including the BoringSSL # submodules, is not too large to be published to `crates.io`. # # Both of these may no longer be the case after updating the BoringSSL # submodules to a new revision, so it's important to test this on CI. run: cargo publish --dry-run -p boring-sys --features fips cross-build: name: Cross build from macOS to Linux runs-on: macos-latest strategy: matrix: include: - target: x86_64-unknown-linux-gnu steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust (rustup) run: rustup update stable --no-self-update && rustup default stable && rustup target add ${{ matrix.target }} shell: bash - name: Install ${{ matrix.target }} toolchain run: brew tap messense/macos-cross-toolchains && brew install ${{ matrix.target }} - name: Set BORING_BSSL_SYSROOT run: echo "BORING_BSSL_SYSROOT=$(brew --prefix ${{ matrix.target }})/toolchain/${{ matrix.target }}/sysroot" >> $GITHUB_ENV shell: bash - name: Set CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER run: echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=${{ matrix.target }}-gcc" >> $GITHUB_ENV - name: Build for ${{ matrix.target }} run: cargo build --target ${{ matrix.target }} --all-targets cross-build-fips: name: Cross build from macOS to Linux (FIPS) runs-on: macos-13 # Need an Intel (x86_64) runner for Clang 12.0.0 strategy: matrix: include: - target: x86_64-unknown-linux-gnu steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust (rustup) run: rustup update stable --no-self-update && rustup default stable && rustup target add ${{ matrix.target }} shell: bash - name: Install golang uses: actions/setup-go@v5 with: go-version: '>=1.22.0' - name: Install ${{ matrix.target }} toolchain run: brew tap messense/macos-cross-toolchains && brew install ${{ matrix.target }} && brew link x86_64-unknown-linux-gnu - name: Install Clang-12 uses: KyleMayes/install-llvm-action@v1 with: version: "12.0.0" directory: ${{ runner.temp }}/llvm - name: Add clang++-12 link working-directory: ${{ runner.temp }}/llvm/bin run: ln -s clang++ clang++-12 - name: Set BORING_BSSL_FIPS_COMPILER_EXTERNAL_TOOLCHAIN run: echo "BORING_BSSL_FIPS_COMPILER_EXTERNAL_TOOLCHAIN=$(brew --prefix ${{ matrix.target }})/toolchain" >> $GITHUB_ENV shell: bash - name: Set BORING_BSSL_FIPS_SYSROOT run: echo "BORING_BSSL_FIPS_SYSROOT=$BORING_BSSL_FIPS_COMPILER_EXTERNAL_TOOLCHAIN/${{ matrix.target }}/sysroot" >> $GITHUB_ENV shell: bash - name: Set CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER run: echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=${{ matrix.target }}-gcc" >> $GITHUB_ENV - name: Build for ${{ matrix.target }} run: cargo build --target ${{ matrix.target }} --all-targets --features fips test-features: name: Test features runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust (rustup) run: rustup update stable --no-self-update && rustup default stable shell: bash - run: cargo test --features rpk name: Run `rpk` tests - run: cargo test --features pq-experimental name: Run `pq-experimental` tests - run: cargo test --features underscore-wildcards name: Run `underscore-wildcards` tests - run: cargo test --features pq-experimental,rpk name: Run `pq-experimental,rpk` tests - run: cargo test --features kx-safe-default,pq-experimental name: Run `kx-safe-default` tests - run: cargo test --features pq-experimental,underscore-wildcards name: Run `pq-experimental,underscore-wildcards` tests - run: cargo test --features rpk,underscore-wildcards name: Run `rpk,underscore-wildcards` tests - run: cargo test --features pq-experimental,rpk,underscore-wildcards name: Run `pq-experimental,rpk,underscore-wildcards` tests - run: cargo test -p hyper-boring --features hyper1 name: Run hyper 1.0 tests for hyper-boring