Revision control
Copy as Markdown
Other Tools
name: CI
on:
pull_request:
branches: ["main"]
merge_group:
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUST_TEST_TIME_UNIT: 10,30
RUST_TEST_TIME_INTEGRATION: 10,30
RUST_TEST_TIME_DOCTEST: 10,30
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
permissions:
contents: read
defaults:
run:
shell: bash
jobs:
toolchains:
name: Determine toolchains
runs-on: ubuntu-24.04
outputs:
toolchains: ${{ steps.toolchains.outputs.toolchains }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- id: toolchains
uses: ./.github/actions/toolchains
check:
name: Run checks
needs: toolchains
strategy:
fail-fast: false
matrix:
os: [ubuntu-24.04, ubuntu-24.04-arm, macos-15, windows-2025]
rust-toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }}
type: [debug]
# Include some dynamically-linked release builds, to check that that works on all platforms.
include:
- os: ubuntu-24.04
rust-toolchain: stable
type: release
- os: macos-15
rust-toolchain: stable
type: release
- os: windows-2025
rust-toolchain: stable
type: release
# Also do some debug builds on the oldest OS versions.
- os: ubuntu-22.04
rust-toolchain: stable
type: debug
- os: macos-14
rust-toolchain: stable
type: debug
- os: windows-2022
rust-toolchain: stable
type: debug
env:
BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: ./.github/actions/rust
with:
version: ${{ matrix.rust-toolchain }}
components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'rust-src ' || '' }}
tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov' || '' }} ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'cargo-careful ' || '' }}
token: ${{ secrets.GITHUB_TOKEN }}
- id: nss-version
run: echo "minimum=$(cat min_version.txt)" >> "$GITHUB_OUTPUT"
- uses: ./.github/actions/nss
with:
minimum-version: ${{ steps.nss-version.outputs.minimum }}
- name: Check
run: |
# shellcheck disable=SC2086
cargo check $BUILD_TYPE --locked --all-targets
- name: Run tests and determine coverage
env:
RUST_LOG: trace
RUST_BACKTRACE: 1
RUST_TEST_TIME_UNIT: 10,30
RUST_TEST_TIME_INTEGRATION: 10,30
RUST_TEST_TIME_DOCTEST: 10,30
TOOLCHAIN: ${{ matrix.rust-toolchain }}
# FIXME: cargo-careful at the moment only works on amd64 Ubuntu
CAREFUL: ${{ matrix.rust-toolchain == 'nightly' && startsWith(matrix.os, 'ubuntu') && !endsWith(matrix.os, 'arm') && 'careful' || '' }}
run: |
DUMP_SIMULATION_SEEDS="$(pwd)/simulation-seeds"
export DUMP_SIMULATION_SEEDS
# shellcheck disable=SC2086
if [ "$TOOLCHAIN" == "stable" ]; then
cargo llvm-cov test $BUILD_TYPE --locked --include-ffi --codecov --output-path codecov.json
else
if [ -n "$CAREFUL" ]; then
TRIPLE="--target $(rustc --print host-tuple)"
fi
cargo $CAREFUL test $BUILD_TYPE --locked $TRIPLE
fi
- name: CodeCov Windows workaround
if: ${{ startsWith(matrix.os, 'windows') && matrix.type == 'debug' && matrix.rust-toolchain == 'stable' }}
run: |
# FIXME: Without this, the codecov/codecov-action fails. No idea why it's looking under C:/msys64 now, it shouldn't.
mkdir -p C:/msys64/home/runneradmin/
touch C:/msys64/home/runneradmin/.gitconfig
- uses: codecov/codecov-action@671740ac38dd9b0130fbe1cec585b89eea48d3de # v5.5.2
with:
files: codecov.json
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
flags: ${{ startsWith(matrix.os, 'ubuntu') && 'linux' || startsWith(matrix.os, 'macos') && 'macos' || 'windows' }}
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable'
- name: Save simulation seeds artifact
if: ${{ always() }}
uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0
with:
name: simulation-seeds-${{ matrix.os }}-${{ matrix.rust-toolchain }}-${{ matrix.type }}
path: simulation-seeds
compression-level: 9
check-cargo-lock:
name: Ensure `Cargo.lock` contains all required dependencies
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: ./.github/actions/rust
with:
version: stable
tools: cargo-hack
token: ${{ secrets.GITHUB_TOKEN }}
- run: |
cargo update -w --locked
cargo hack update -w --locked
check-android:
name: Check Android
runs-on: ubuntu-24.04
strategy:
matrix:
target: ['x86_64-linux-android', 'i686-linux-android'] # 'aarch64-linux-android' not currently working
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- id: nss-version
run: echo "minimum=$(cat min_version.txt)" >> "$GITHUB_OUTPUT"
- uses: ./.github/actions/check-android
with:
target: ${{ matrix.target }}
minimum-nss-version: ${{ steps.nss-version.outputs.minimum }}
github-token: ${{ secrets.GITHUB_TOKEN }}
check-vm:
name: Run checks for VM-only platforms
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
os: [ freebsd, openbsd, netbsd ] # NSS package on 'solaris' is too old.
steps:
- uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
with:
persist-credentials: false
- uses: ./.github/actions/check-vm
with:
platform: ${{ matrix.os }}
codecov-token: ${{ secrets.CODECOV_TOKEN }}