-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge remote-tracking branch 'ci/main'
- Loading branch information
Showing
8 changed files
with
576 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,33 @@ | ||
# Github config and workflows | ||
|
||
Copied from <https://github.com/jonhoo/rust-ci-conf/>. | ||
|
||
In this folder there is configuration for code coverage, dependabot, and ci | ||
workflows that check the library more deeply than the default configurations. | ||
|
||
This folder can be or was merged using a --allow-unrelated-histories merge | ||
strategy from <https://github.com/kod-kristoff/rust-ci-conf/> which provides a | ||
reasonably sensible base for writing your own ci on. By using this strategy | ||
the history of the CI repo is included in your repo, and future updates to | ||
the CI can be merged later. | ||
|
||
To perform this merge run: | ||
|
||
```shell | ||
git remote add ci https://github.com/kod-kristoff/rust-ci-conf.git | ||
git fetch ci | ||
git merge --allow-unrelated-histories ci/main | ||
``` | ||
|
||
or | ||
|
||
```shell | ||
git remote add ci [email protected]:kod-kristoff/rust-ci-conf.git | ||
git fetch ci | ||
git merge --allow-unrelated-histories ci/main | ||
``` | ||
|
||
An overview of the files in this project is available at: | ||
<https://www.youtube.com/watch?v=xUH-4y92jPg&t=491s>, which contains some | ||
rationale for decisions and runs through an example of solving minimal version | ||
and OpenSSL issues. |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,21 @@ | ||
# ref: https://docs.codecov.com/docs/codecovyml-reference | ||
coverage: | ||
# Hold ourselves to a high bar | ||
range: 85..100 | ||
round: down | ||
precision: 1 | ||
status: | ||
# ref: https://docs.codecov.com/docs/commit-status | ||
project: | ||
default: | ||
# Avoid false negatives | ||
threshold: 1% | ||
|
||
# Test files aren't important for coverage | ||
ignore: | ||
- "tests" | ||
|
||
# Make comments less noisy | ||
comment: | ||
layout: "files" | ||
require_changes: true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
version: 2 | ||
updates: | ||
- package-ecosystem: github-actions | ||
directory: / | ||
schedule: | ||
interval: daily | ||
- package-ecosystem: cargo | ||
directory: / | ||
schedule: | ||
interval: daily | ||
ignore: | ||
- dependency-name: "*" | ||
# patch and minor updates don't matter for libraries as consumers of this library build | ||
# with their own lockfile, rather than the version specified in this library's lockfile | ||
# remove this ignore rule if your package has binaries to ensure that the binaries are | ||
# built with the exact set of dependencies and those are up to date. | ||
update-types: | ||
- "version-update:semver-patch" | ||
- "version-update:semver-minor" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,130 @@ | ||
# This workflow runs whenever a PR is opened or updated, or a commit is pushed to main. It runs | ||
# several checks: | ||
# - fmt: checks that the code is formatted according to rustfmt | ||
# - clippy: checks that the code does not contain any clippy warnings | ||
# - doc: checks that the code can be documented without errors | ||
# - hack: check combinations of feature flags | ||
# - msrv: check that the msrv specified in the crate is correct | ||
permissions: | ||
contents: read | ||
# This configuration allows maintainers of this repo to create a branch and pull request based on | ||
# the new branch. Restricting the push trigger to the main branch ensures that the PR only gets | ||
# built once. | ||
on: | ||
push: | ||
branches: [main] | ||
pull_request: | ||
merge_group: | ||
# If new code is pushed to a PR branch, then cancel in progress workflows for that PR. Ensures that | ||
# we don't waste CI time, and returns results quicker https://github.com/jonhoo/rust-ci-conf/pull/5 | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
name: check | ||
jobs: | ||
fmt: | ||
runs-on: ubuntu-latest | ||
name: stable / fmt | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install stable | ||
uses: dtolnay/rust-toolchain@stable | ||
with: | ||
components: rustfmt | ||
- name: cargo fmt --check | ||
run: cargo fmt --check | ||
clippy: | ||
runs-on: ubuntu-latest | ||
name: ${{ matrix.toolchain }} / clippy | ||
permissions: | ||
contents: read | ||
checks: write | ||
strategy: | ||
fail-fast: false | ||
matrix: | ||
# Get early warning of new lints which are regularly introduced in beta channels. | ||
toolchain: [stable, beta] | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install ${{ matrix.toolchain }} | ||
uses: dtolnay/rust-toolchain@master | ||
with: | ||
toolchain: ${{ matrix.toolchain }} | ||
components: clippy | ||
- name: cargo clippy | ||
uses: auguwu/[email protected] | ||
with: | ||
token: ${{secrets.GITHUB_TOKEN}} | ||
doc: | ||
# run docs generation on nightly rather than stable. This enables features like | ||
# https://doc.rust-lang.org/beta/unstable-book/language-features/doc-cfg.html which allows an | ||
# API be documented as only available in some specific platforms. | ||
runs-on: ubuntu-latest | ||
name: nightly / doc | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install nightly | ||
uses: dtolnay/rust-toolchain@nightly | ||
- name: cargo doc | ||
run: cargo doc --no-deps --all-features | ||
env: | ||
RUSTDOCFLAGS: --cfg docsrs | ||
hack: | ||
# cargo-hack checks combinations of feature flags to ensure that features are all additive | ||
# which is required for feature unification | ||
runs-on: ubuntu-latest | ||
name: ubuntu / stable / features | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install stable | ||
uses: dtolnay/rust-toolchain@stable | ||
- name: cargo install cargo-hack | ||
uses: taiki-e/install-action@cargo-hack | ||
# intentionally no target specifier; see https://github.com/jonhoo/rust-ci-conf/pull/4 | ||
# --feature-powerset runs for every combination of features | ||
- name: cargo hack | ||
run: cargo hack --feature-powerset check | ||
msrv: | ||
# check that we can build using the minimal rust version that is specified by this crate | ||
runs-on: ubuntu-latest | ||
# we use a matrix here just because env can't be used in job names | ||
# https://docs.github.com/en/actions/learn-github-actions/contexts#context-availability | ||
strategy: | ||
matrix: | ||
msrv: ["1.56.1"] # 2021 edition requires 1.56 | ||
name: ubuntu / ${{ matrix.msrv }} | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install ${{ matrix.msrv }} | ||
uses: dtolnay/rust-toolchain@master | ||
with: | ||
toolchain: ${{ matrix.msrv }} | ||
- name: cargo +${{ matrix.msrv }} check | ||
run: cargo check | ||
|
||
# https://github.com/marketplace/actions/alls-green#why used for branch protection checks | ||
check-check: | ||
if: always() | ||
needs: | ||
- fmt | ||
- clippy | ||
- doc | ||
- hack | ||
- msrv | ||
runs-on: ubuntu-latest | ||
permissions: {} | ||
steps: | ||
- name: Decide whether the needed jobs succeeded or failed | ||
uses: re-actors/alls-green@release/v1 | ||
with: | ||
jobs: ${{ toJSON(needs) }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
# This workflow checks whether the library is able to run without the std library (e.g., embedded). | ||
# This entire file should be removed if this crate does not support no-std. See check.yml for | ||
# information about how the concurrency cancellation and workflow triggering works | ||
permissions: | ||
contents: read | ||
on: | ||
push: | ||
branches: [main] | ||
pull_request: | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
name: no-std | ||
jobs: | ||
nostd: | ||
runs-on: ubuntu-latest | ||
name: ${{ matrix.target }} | ||
strategy: | ||
matrix: | ||
target: [thumbv7m-none-eabi, aarch64-unknown-none] | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install stable | ||
uses: dtolnay/rust-toolchain@stable | ||
- name: rustup target add ${{ matrix.target }} | ||
run: rustup target add ${{ matrix.target }} | ||
- name: cargo check | ||
run: cargo check --target ${{ matrix.target }} --no-default-features |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,99 @@ | ||
# This workflow runs checks for unsafe code. In crates that don't have any unsafe code, this can be | ||
# removed. Runs: | ||
# - miri - detects undefined behavior and memory leaks | ||
# - address sanitizer - detects memory errors | ||
# - leak sanitizer - detects memory leaks | ||
# - loom - Permutation testing for concurrent code https://crates.io/crates/loom | ||
# See check.yml for information about how the concurrency cancellation and workflow triggering works | ||
permissions: | ||
contents: read | ||
on: | ||
push: | ||
branches: [main] | ||
pull_request: | ||
concurrency: | ||
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | ||
cancel-in-progress: true | ||
name: safety | ||
jobs: | ||
sanitizers: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install nightly | ||
uses: dtolnay/rust-toolchain@nightly | ||
- run: | | ||
# to get the symbolizer for debug symbol resolution | ||
sudo apt install llvm | ||
# to fix buggy leak analyzer: | ||
# https://github.com/japaric/rust-san#unrealiable-leaksanitizer | ||
# ensure there's a profile.dev section | ||
if ! grep -qE '^[ \t]*[profile.dev]' Cargo.toml; then | ||
echo >> Cargo.toml | ||
echo '[profile.dev]' >> Cargo.toml | ||
fi | ||
# remove pre-existing opt-levels in profile.dev | ||
sed -i '/^\s*\[profile.dev\]/,/^\s*\[/ {/^\s*opt-level/d}' Cargo.toml | ||
# now set opt-level to 1 | ||
sed -i '/^\s*\[profile.dev\]/a opt-level = 1' Cargo.toml | ||
cat Cargo.toml | ||
name: Enable debug symbols | ||
- name: cargo test -Zsanitizer=address | ||
# only --lib --tests b/c of https://github.com/rust-lang/rust/issues/53945 | ||
run: cargo test --lib --tests --all-features --target x86_64-unknown-linux-gnu | ||
env: | ||
ASAN_OPTIONS: "detect_odr_violation=0:detect_leaks=0" | ||
RUSTFLAGS: "-Z sanitizer=address" | ||
- name: cargo test -Zsanitizer=leak | ||
if: always() | ||
run: cargo test --all-features --target x86_64-unknown-linux-gnu | ||
env: | ||
LSAN_OPTIONS: "suppressions=lsan-suppressions.txt" | ||
RUSTFLAGS: "-Z sanitizer=leak" | ||
miri: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- run: | | ||
echo "NIGHTLY=nightly-$(curl -s https://rust-lang.github.io/rustup-components-history/x86_64-unknown-linux-gnu/miri)" >> $GITHUB_ENV | ||
- name: Install ${{ env.NIGHTLY }} | ||
uses: dtolnay/rust-toolchain@master | ||
with: | ||
toolchain: ${{ env.NIGHTLY }} | ||
components: miri | ||
- name: cargo miri test | ||
run: cargo miri test | ||
env: | ||
MIRIFLAGS: "" | ||
loom: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- uses: actions/checkout@v4 | ||
with: | ||
submodules: true | ||
- name: Install stable | ||
uses: dtolnay/rust-toolchain@stable | ||
- name: cargo test --test loom | ||
run: cargo test --release --test loom | ||
env: | ||
LOOM_MAX_PREEMPTIONS: 2 | ||
RUSTFLAGS: "--cfg loom" | ||
|
||
# https://github.com/marketplace/actions/alls-green#why used for branch protection checks | ||
safety-check: | ||
if: always() | ||
needs: | ||
- sanitizers | ||
- miri | ||
- loom | ||
runs-on: ubuntu-latest | ||
permissions: {} | ||
steps: | ||
- name: Decide whether the needed jobs succeeded or failed | ||
uses: re-actors/alls-green@release/v1 | ||
with: | ||
jobs: ${{ toJSON(needs) }} |
Oops, something went wrong.