-
Notifications
You must be signed in to change notification settings - Fork 0
247 lines (210 loc) · 8.35 KB
/
flutter-ci.yml
File metadata and controls
247 lines (210 loc) · 8.35 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
name: Flutter CI
on:
push:
branches: [main]
paths:
- 'crates/fula-flutter/**'
- 'crates/fula-js/**'
- 'crates/fula-client/**'
- 'crates/fula-crypto/**'
- 'packages/fula_client/**'
- 'flutter_rust_bridge.yaml'
- '.github/workflows/flutter-ci.yml'
pull_request:
paths:
- 'crates/fula-flutter/**'
- 'crates/fula-js/**'
- 'crates/fula-client/**'
- 'crates/fula-crypto/**'
- 'packages/fula_client/**'
- 'flutter_rust_bridge.yaml'
- '.github/workflows/flutter-ci.yml'
workflow_dispatch:
env:
CARGO_TERM_COLOR: always
FLUTTER_VERSION: '3.38.0'
jobs:
# Test Rust crates
test-rust:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
- name: Cache Cargo
uses: Swatinem/rust-cache@v2
with:
shared-key: rust-ci
- name: Run Rust tests
# `--workspace --all-targets` covers lib + integration tests under each
# crate's tests/ AND the workspace-root tests/. The previous
# `-p X --lib` form silently excluded tests/migration_tests.rs and the
# rest of the integration suite, so bugs that integration tests would
# have caught (including v1→v7 migration correctness on native) never
# gated PRs. `--no-fail-fast` lets every failure report on the first
# run with the broader scope.
run: cargo test --workspace --all-targets --no-fail-fast
# Test WASM compilation (fula-js npm package)
test-wasm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: wasm32-unknown-unknown
- name: Cache Cargo
uses: Swatinem/rust-cache@v2
with:
shared-key: rust-wasm
- name: Install wasm-pack
run: cargo install wasm-pack
- name: Build WASM (fula-js)
run: |
cd crates/fula-js
wasm-pack build --release --target web
- name: Verify WASM package exports
run: |
echo "Checking TypeScript definitions..."
grep -q "createEncryptedClient" crates/fula-js/pkg/fula_js.d.ts
grep -q "getDecrypted" crates/fula-js/pkg/fula_js.d.ts
grep -q "deriveKey" crates/fula-js/pkg/fula_js.d.ts
echo "All expected exports found!"
# Layer 1: ban panic-on-wasm stdlib time APIs at compile time.
# The disallowed-methods config lives at `.github/clippy-wasm/clippy.toml`
# and is loaded only here via `CLIPPY_CONF_DIR`, so native clippy never
# sees the bans (cfg(not(target_arch = "wasm32"))-gated heartbeat / WAL /
# retry-backoff code in encryption.rs is free to keep using SystemTime).
# Two clippy invocations are needed because fula-crypto's default features
# include `tokio-runtime`, which doesn't compile on wasm32. The other
# crates pull fula-crypto with `default-features = false, features = ["wasm"]`
# via target-conditional deps, but a direct `-p fula-crypto` would use its
# own defaults. We use `-D clippy::disallowed_methods` (not `-D warnings`)
# to scope the failure mode to the panic-on-wasm bug class only — pre-existing
# style/idiom warnings in the workspace shouldn't gate this PR.
#
# `--lib` only: integration tests under `tests/` pull in tokio with full
# features and don't compile on wasm32. The lint applies to library code,
# which is what actually ships into the browser bundle.
- name: WASM clippy — fula-client / fula-flutter / fula-js
env:
CLIPPY_CONF_DIR: ${{ github.workspace }}/.github/clippy-wasm
run: |
cargo clippy --target wasm32-unknown-unknown \
-p fula-client -p fula-flutter -p fula-js \
--lib -- -D clippy::disallowed_methods
- name: WASM clippy — fula-crypto (forced wasm features)
env:
CLIPPY_CONF_DIR: ${{ github.workspace }}/.github/clippy-wasm
run: |
cargo clippy --target wasm32-unknown-unknown \
-p fula-crypto --no-default-features --features wasm \
--lib -- -D clippy::disallowed_methods
# Layer 2: actually exercise the time wiring at runtime in a browser.
# Catches dependency-config regressions clippy can't see (e.g. someone
# later sets default-features = false on chrono and drops `wasmbind`).
- name: Install Firefox + geckodriver for wasm-pack test
uses: browser-actions/setup-firefox@v1
- name: WASM runtime smoke tests
run: wasm-pack test --headless --firefox crates/fula-flutter
# Generate and validate Dart bindings
generate-bindings:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup Flutter
uses: subosito/flutter-action@v2
with:
flutter-version: ${{ env.FLUTTER_VERSION }}
channel: stable
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
- name: Install LLVM/Clang
run: sudo apt-get update && sudo apt-get install -y libclang-dev llvm-dev
- name: Cache Cargo
uses: Swatinem/rust-cache@v2
with:
shared-key: rust-frb
- name: Install flutter_rust_bridge_codegen
run: cargo install flutter_rust_bridge_codegen
- name: Get Flutter dependencies
working-directory: packages/fula_client
run: flutter pub get
- name: Generate Dart bindings
run: flutter_rust_bridge_codegen generate
- name: Analyze Dart code
working-directory: packages/fula_client
run: flutter analyze
- name: Upload generated bindings
uses: actions/upload-artifact@v4
with:
name: dart-bindings
path: packages/fula_client/lib/src/
retention-days: 7
# Build Android native libraries (check compilation)
build-android:
runs-on: ubuntu-latest
strategy:
matrix:
include:
- target: aarch64-linux-android
cc: aarch64-linux-android21-clang
ar: llvm-ar
- target: armv7-linux-androideabi
cc: armv7a-linux-androideabi21-clang
ar: llvm-ar
- target: x86_64-linux-android
cc: x86_64-linux-android21-clang
ar: llvm-ar
steps:
- uses: actions/checkout@v4
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Setup Android NDK
uses: nttld/setup-ndk@v1
id: setup-ndk
with:
ndk-version: r25c
add-to-path: true
- name: Cache Cargo
uses: Swatinem/rust-cache@v2
with:
shared-key: rust-android-${{ matrix.target }}
- name: Configure linker for Android
run: |
mkdir -p .cargo
cat >> .cargo/config.toml << INNEREOF
[target.aarch64-linux-android]
linker = "${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin/aarch64-linux-android21-clang"
[target.armv7-linux-androideabi]
linker = "${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin/armv7a-linux-androideabi21-clang"
[target.x86_64-linux-android]
linker = "${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin/x86_64-linux-android21-clang"
INNEREOF
- name: Build for Android
env:
CC: ${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin/${{ matrix.cc }}
AR: ${{ steps.setup-ndk.outputs.ndk-path }}/toolchains/llvm/prebuilt/linux-x86_64/bin/${{ matrix.ar }}
run: cargo build -p fula-flutter --target ${{ matrix.target }} --release
# Build iOS native libraries (check compilation)
build-ios:
runs-on: macos-latest
strategy:
matrix:
target:
- aarch64-apple-ios
- x86_64-apple-ios
steps:
- uses: actions/checkout@v4
- name: Setup Rust
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Cache Cargo
uses: Swatinem/rust-cache@v2
with:
shared-key: rust-ios-${{ matrix.target }}
- name: Build for iOS
run: cargo build -p fula-flutter --target ${{ matrix.target }} --release