name: CI on: push: tags: ["v*"] pull_request: paths-ignore: - 'docs/**' - '*.md' - '.github/**' - 'README.md' workflow_dispatch: env: RUSTFLAGS: -Dwarnings RUST_BACKTRACE: 1 permissions: contents: write packages: write jobs: rustfmt: name: rustfmt runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Install Rust run: rustup update stable && rustup default stable - name: Check formatting run: cargo fmt --all -- --check clippy: name: clippy runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust run: rustup update stable && rustup default stable - name: Get rust version id: rust-version run: echo "::set-output name=version::$(rustc --version)" - name: Cache cargo index uses: actions/cache@v4 with: path: ~/.cargo/registry/index key: index-${{ runner.os }}-${{ github.run_number }} restore-keys: | index-${{ runner.os }}- - name: Create lockfile run: cargo generate-lockfile - name: Cache cargo registry uses: actions/cache@v4 with: path: ~/.cargo/registry/cache key: registry-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - name: Fetch dependencies run: cargo fetch - name: Cache target directory uses: actions/cache@v4 with: path: target key: clippy-target-${{ runner.os }}-${{ steps.rust-version.outputs.version }}-${{ hashFiles('Cargo.lock') }} - name: Run clippy run: cargo clippy --all --all-targets - name: Check docs run: cargo doc --no-deps -p boring2 -p boring-sys2 --features pq-experimental,underscore-wildcards env: DOCS_RS: 1 test: name: Test runs-on: ${{ matrix.os }} strategy: matrix: thing: - stable - arm-android - arm64-android - i686-android - x86_64-android - aarch64-ios - aarch64-ios-sim - x86_64-ios - i686-linux - arm-linux - aarch64-linux - arm64-macos - x86_64-macos - x86_64-mingw - i686-msvc - x86_64-msvc include: - check_only: false - extra_test_args: '' - apt_packages: '' - custom_env: {} - thing: stable target: x86_64-unknown-linux-gnu rust: stable os: ubuntu-latest - thing: arm-android target: armv7-linux-androideabi rust: stable os: ubuntu-latest check_only: true extra_test_args: --workspace --exclude quinn-boring2 - thing: arm64-android target: aarch64-linux-android rust: stable os: ubuntu-latest check_only: true extra_test_args: --workspace --exclude quinn-boring2 - thing: i686-android target: i686-linux-android rust: stable os: ubuntu-latest check_only: true extra_test_args: --workspace --exclude quinn-boring2 - thing: x86_64-android target: x86_64-linux-android rust: stable os: ubuntu-latest check_only: true extra_test_args: --workspace --exclude quinn-boring2 - thing: aarch64-ios target: aarch64-apple-ios os: macos-latest check_only: true custom_env: IPHONEOS_DEPLOYMENT_TARGET: 17.5 # It's... theoretically possible to run tests on iPhone Simulator, # but for now, make sure that BoringSSL only builds. - thing: aarch64-ios-sim target: aarch64-apple-ios-sim os: macos-latest check_only: true custom_env: IPHONEOS_DEPLOYMENT_TARGET: 17.5 - thing: x86_64-ios target: x86_64-apple-ios os: macos-latest check_only: true custom_env: IPHONEOS_DEPLOYMENT_TARGET: 17.5 - thing: i686-linux target: i686-unknown-linux-gnu rust: stable os: ubuntu-latest apt_packages: gcc-multilib g++-multilib extra_test_args: --workspace --exclude compio-boring2 - thing: arm-linux target: arm-unknown-linux-gnueabi rust: stable os: ubuntu-latest apt_packages: gcc-arm-linux-gnueabi g++-arm-linux-gnueabi check_only: true custom_env: CC: arm-linux-gnueabi-gcc CXX: arm-linux-gnueabi-g++ CARGO_TARGET_ARM_UNKNOWN_LINUX_GNUEABI_LINKER: arm-linux-gnueabi-g++ extra_test_args: --workspace --exclude compio-boring2 - thing: aarch64-linux target: aarch64-unknown-linux-gnu rust: stable os: ubuntu-latest apt_packages: crossbuild-essential-arm64 check_only: true custom_env: CC: aarch64-linux-gnu-gcc CXX: aarch64-linux-gnu-g++ CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-g++ - thing: arm64-macos target: aarch64-apple-darwin rust: stable os: macos-latest check_only: true - thing: x86_64-macos target: x86_64-apple-darwin rust: stable os: macos-latest - thing: x86_64-mingw target: x86_64-pc-windows-gnu rust: stable os: windows-latest check_only: true # tests are flaky for unclear reasons custom_env: CC: gcc CXX: g++ C_INCLUDE_PATH: "C:\\msys64\\usr\\include" CPLUS_INCLUDE_PATH: "C:\\msys64\\usr\\include" LIBRARY_PATH: "C:\\msys64\\usr\\lib" # CI's Windows doesn't have required root certs extra_test_args: --workspace --exclude tokio-boring2 --exclude compio-boring2 - thing: i686-msvc target: i686-pc-windows-msvc rust: stable-x86_64-msvc os: windows-latest # CI's Windows doesn't have required root certs extra_test_args: --workspace --exclude tokio-boring2 --exclude compio-boring2 - thing: x86_64-msvc target: x86_64-pc-windows-msvc rust: stable-x86_64-msvc os: windows-latest # CI's Windows doesn't have required root certs extra_test_args: --workspace --exclude tokio-boring2 --exclude compio-boring2 steps: - uses: actions/checkout@v4 with: submodules: 'recursive' # - name: Install Rust (rustup) # run: rustup update ${{ matrix.rust }} --no-self-update && rustup default ${{ matrix.rust }} # shell: bash - run: rustup target add ${{ matrix.target }} - name: Install target-specific APT dependencies if: "matrix.apt_packages != ''" run: sudo apt update && sudo apt install -y ${{ matrix.apt_packages }} shell: bash - name: Install nasm if: startsWith(matrix.os, 'windows') run: choco install nasm shell: cmd - name: Install LLVM and Clang if: startsWith(matrix.os, 'windows') uses: KyleMayes/install-llvm-action@v1 with: version: "11.0" directory: ${{ runner.temp }}/llvm - name: Set LIBCLANG_PATH if: startsWith(matrix.os, 'windows') run: echo "LIBCLANG_PATH=$((gcm clang).source -replace "clang.exe")" >> $env:GITHUB_ENV - name: Set Android Linker path if: endsWith(matrix.thing, '-android') run: echo "CARGO_TARGET_$(echo ${{ matrix.target }} | tr \\-a-z _A-Z)_LINKER=$ANDROID_NDK/toolchains/llvm/prebuilt/linux-x86_64/bin/$(echo ${{ matrix.target }} | sed s/armv7/armv7a/)21-clang++" >> "$GITHUB_ENV" - name: Build tests # We `build` because we want the linker to verify we are cross-compiling correctly for check-only targets. run: cargo build --target ${{ matrix.target }} --tests ${{ matrix.extra_test_args }} shell: bash env: ${{ matrix.custom_env }} - name: Run tests if: "!matrix.check_only" run: cargo test --target ${{ matrix.target }} ${{ matrix.extra_test_args }} shell: bash env: ${{ matrix.custom_env }} - name: Test boring-sys2 cargo publish # Running `cargo publish --dry-run` tests two things: # # 1. That `boring-sys2` can build BoringSSL with just the files included # in the crates.io package (as determined by the `include` field in # the `Cargo.toml`). # 2. That the final `boring-sys2` package size, including the BoringSSL # submodules, is not too large to be published to `crates.io`. # # Both of these may no longer be the case after updating the BoringSSL # submodules to a new revision, so it's important to test this on CI. run: cargo publish --dry-run -p boring-sys2 cross-build: name: Cross build from macOS to Linux runs-on: macos-latest strategy: matrix: include: - target: x86_64-unknown-linux-gnu steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust (rustup) run: rustup update stable --no-self-update && rustup default stable && rustup target add ${{ matrix.target }} shell: bash - name: Install ${{ matrix.target }} toolchain run: brew tap messense/macos-cross-toolchains && brew install ${{ matrix.target }} - name: Set BORING_BSSL_SYSROOT run: echo "BORING_BSSL_SYSROOT=$(brew --prefix ${{ matrix.target }})/toolchain/${{ matrix.target }}/sysroot" >> $GITHUB_ENV shell: bash - name: Set CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER run: echo "CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_LINKER=${{ matrix.target }}-gcc" >> $GITHUB_ENV - name: Build for ${{ matrix.target }} run: cargo build --target ${{ matrix.target }} --all-targets test-features: name: Test features runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 with: submodules: 'recursive' - name: Install Rust (rustup) run: rustup update stable --no-self-update && rustup default stable - run: cargo test --features pq-experimental name: Run `pq-experimental` tests - run: cargo test --features kx-safe-default,pq-experimental name: Run `kx-safe-default` tests - run: cargo test --features pq-experimental,underscore-wildcards name: Run `pq-experimental,underscore-wildcards` tests - run: cargo test --features underscore-wildcards name: Run `underscore-wildcards` tests crates: name: crates needs: [rustfmt, clippy, test, cross-build, test-features] runs-on: ubuntu-latest if: startsWith(github.ref, 'refs/tags/') steps: - uses: actions/checkout@v4 - uses: actions-rs/toolchain@v1 with: toolchain: stable override: true - name: Prebuild boring-sys2 run: cargo build -p boring-sys2 - name: publish crates run: | cargo login ${{ secrets.CARGO_REGISTRY_TOKEN }} echo "=== Publishing boring-sys2... ===" (cd boring-sys && cargo publish) sleep 10 echo "=== Publishing boring2... ===" (cd boring && cargo publish) sleep 10 echo "=== Publishing tokio-boring2... ===" (cd tokio-boring && cargo publish) sleep 10 echo "=== Publishing compio-boring2... ===" (cd compio-boring && cargo publish) echo "=== Publishing quinn-boring2... ===" (cd quinn-boring && cargo publish) - name: Upload binaries to GitHub Release uses: softprops/action-gh-release@v2 with: token: ${{ secrets.GITHUB_TOKEN }} prerelease: ${{ contains(github.ref, 'alpha') || contains(github.ref, 'beta') || contains(github.ref, 'rc') }} generate_release_notes: true