-
Notifications
You must be signed in to change notification settings - Fork 2
170 lines (158 loc) · 6.11 KB
/
ci.yml
File metadata and controls
170 lines (158 loc) · 6.11 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
name: CI
permissions:
contents: read
on:
pull_request:
branches: [main]
push:
branches: [main]
schedule:
- cron: '0 15 * * 0,4' # Every Monday and Friday at 00:00 JST
workflow_dispatch:
env:
CARGO_INCREMENTAL: 0
CARGO_NET_GIT_FETCH_WITH_CLI: true
CARGO_NET_RETRY: 10
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
RUSTDOCFLAGS: -D warnings
RUSTFLAGS: -D warnings
RUSTUP_MAX_RETRIES: 10
defaults:
run:
shell: bash
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
jobs:
test:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
- run: cargo test --workspace --all-features --exclude example
features:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
- name: Install cargo-hack
uses: taiki-e/install-action@cargo-hack
- run: cargo hack build --workspace --no-private --feature-powerset
- run: cargo hack build --workspace --no-private --feature-powerset --rust-version
fmt:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
- run: cargo fmt --all --check
clippy:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
- run: cargo clippy --workspace --all-features --all-targets
docs:
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@stable
- run: cargo doc --workspace --all-features
fuzz:
env:
FUZZ_MAX_TOTAL_TIME: 60 # 1 minute
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v6
- uses: dtolnay/rust-toolchain@nightly
- uses: taiki-e/cache-cargo-install-action@v3
with:
tool: cargo-fuzz
# We cannot use cache for cargo-afl because afl.rs requires the cargo-afl binary and afl library to be built with the same compiler version.
- run: cargo install cargo-afl --debug --locked
- run: cargo fuzz build --features libfuzzer
- run: cargo afl build --release --features afl
working-directory: fuzz
# On scheduled job, run fuzzer $FUZZ_MAX_TOTAL_TIME seconds per target.
# TODO: This is currently skipped for libfuzzer due to https://github.com/rust-fuzz/cargo-fuzz/issues/270.
- name: Cache AFL++ output
uses: actions/cache@v5
with:
path: fuzz/out
key: afl-out-${{ github.run_id }}
restore-keys: afl-out-
if: github.event_name == 'schedule'
- name: Fuzzing with AFL++
run: |
set -eEuxo pipefail
echo 'core' | sudo tee /proc/sys/kernel/core_pattern
for target in $(ls | grep '.*\.rs$' | sed 's/\.rs$//'); do
cargo afl fuzz -i "seeds/${target}" -o "out/${target}" -V "${FUZZ_MAX_TOTAL_TIME}" "target/release/${target}"
rmdir "out/${target}"/default/crashes &>/dev/null || true
rmdir "out/${target}"/default/hangs &>/dev/null || true
if [[ -d "out/${target}"/default/crashes ]] || [[ -d "out/${target}"/default/hangs ]]; then
exit 1
fi
done
working-directory: fuzz
if: github.event_name == 'schedule'
- name: Archive artifacts
run: |
set -eEuxo pipefail
if [[ -d out ]]; then
tar acvf ../afl-artifacts.tar.gz out
fi
working-directory: fuzz
if: failure() && github.event_name == 'schedule'
- name: Upload artifacts
uses: actions/upload-artifact@v6
with:
name: fuzz-artifacts
path: afl-artifacts.tar.gz
if: failure() && github.event_name == 'schedule'
spell-check:
runs-on: ubuntu-latest
timeout-minutes: 60
permissions:
contents: read
pull-requests: write # for gh pr edit --add-assignee
repository-projects: read # for gh pr edit --add-assignee
steps:
- uses: actions/checkout@v6
- run: echo "REMOVE_UNUSED_WORDS=1" >>"${GITHUB_ENV}"
if: github.repository_owner == 'openrr' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main')
- run: tools/spell-check.sh
- id: diff
run: |
set -euo pipefail
git config user.name "Taiki Endo"
git config user.email "taiki@smilerobotics.com"
project_dictionary=.github/.cspell/project-dictionary.txt
git add -N "${project_dictionary}"
if ! git diff --exit-code -- "${project_dictionary}"; then
git add "${project_dictionary}"
git commit -m "Remove unused words from cspell dictionary"
echo 'success=false' >>"${GITHUB_OUTPUT}"
fi
if: github.repository_owner == 'openrr' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main')
- id: create-pull-request
uses: peter-evans/create-pull-request@v8
with:
title: Remove unused words from cspell dictionary
body: |
Auto-generated by CI using [create-pull-request](https://github.com/peter-evans/create-pull-request).
branch: remove-unused-words-from-cspell-dictionary
token: ${{ secrets.CREATE_PR_TOKEN }}
if: github.repository_owner == 'openrr' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main') && steps.diff.outputs.success == 'false'
- name: Notify PR author by assigning PR
run: gh pr edit --add-assignee taiki-e "${PR_NUMBER:?}"
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
PR_NUMBER: ${{ steps.create-pull-request.outputs.pull-request-number }}
if: github.repository_owner == 'openrr' && (github.event_name == 'schedule' || github.event_name == 'push' && github.ref == 'refs/heads/main') && steps.diff.outputs.success == 'false'