rust-cryptoki/.github/workflows/ci.yml at main · parallaxsecond/rust-cryptoki · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
name: Continuous Integration

on: [push, pull_request, workflow_dispatch]

jobs:
  # Use the following command to fix words locally:
  # codespell --write-changes
  check-spelling:
    name: Check spelling
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check spelling
        uses: codespell-project/actions-codespell@v1

  formatting:
    name: Check formatting
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check formatting
        run: cargo fmt --all -- --check

  lints:
    name: Check lints with clippy
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check formatting
        run: cargo clippy --all-targets -- -D clippy::all -D clippy::cargo

  docs:
    name: Check documentation
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Check documentation
        run: RUSTDOCFLAGS="-Dwarnings" cargo doc --document-private-items --no-deps

  check:
    name: Check for errors
    runs-on: ubuntu-latest
    continue-on-error: true
    strategy:
      matrix:
        target:
          - x86_64-unknown-linux-gnu
          - armv7-unknown-linux-gnueabi
          - armv7-unknown-linux-gnueabihf
          - arm-unknown-linux-gnueabi
          - aarch64-unknown-linux-gnu
          - i686-unknown-linux-gnu
          - loongarch64-unknown-linux-gnu
          - powerpc64-unknown-linux-gnu
          - powerpc64le-unknown-linux-gnu
          - x86_64-pc-windows-msvc
          - x86_64-apple-darwin
          - aarch64-apple-darwin
          - x86_64-unknown-freebsd
          - riscv64gc-unknown-linux-gnu
        toolchain:
          - stable
          - "1.77" # MSRV
    steps:
      - uses: actions/checkout@v4
      - name: Setup Rust toolchain
        uses: actions-rs/toolchain@v1
        with:
          toolchain: ${{ matrix.toolchain }}
          default: true
      - name: Install Rust target
        run: rustup target add ${{ matrix.target }}
      - name: Check source
        run: cargo check --target ${{ matrix.target }} --workspace --all-targets
      - name: Check all features source
        run: cargo check --target ${{ matrix.target }} --all-features --workspace --all-targets

  check-matrix:
    name: Check if all checks succeeded
    if: always()
    needs:
      - check
    runs-on: ubuntu-latest
    steps:
      - name: Decide whether the needed jobs succeeded or failed
        uses: re-actors/alls-green@release/v1
        with:
          jobs: ${{ toJSON(needs) }}

  tests-softhsm:
    name: Run tests against SoftHSM
    continue-on-error: true
    strategy:
      matrix:
        target:
          - x86_64-unknown-linux-gnu
          - i686-unknown-linux-gnu
          - aarch64-unknown-linux-gnu
        toolchain:
          - stable
          - "1.77" # MSRV
        include:
          - target: x86_64-unknown-linux-gnu
            runner: ubuntu-latest
          - target: i686-unknown-linux-gnu
            runner: ubuntu-latest
          - target: aarch64-unknown-linux-gnu
            runner: ubuntu-24.04-arm
    runs-on: ${{ matrix.runner }}
    env:
      TEST_PKCS11_MODULE: /usr/lib/softhsm/libsofthsm2.so
      SOFTHSM2_CONF: /tmp/softhsm2.conf
      RUSTFLAGS: "-D warnings"
      RUST_BACKTRACE: 1
    steps:
      - uses: actions/checkout@v4
      - name: Setup Rust toolchain
        uses: actions-rs/toolchain@v1
        with:
          toolchain: ${{ matrix.toolchain }}
          default: true
      - name: Install SoftHSM
        run: |
          if [ "${{ matrix.target }}" = "i686-unknown-linux-gnu" ]; then
            # the default image is bloated so remove set of needless packages that we would have to update
            sudo apt-get purge -yqq libmono* moby* mono* php* libgdiplus libpcre2-posix3 libzip4 firefox snapd mysql*
            sudo dpkg --add-architecture i386
            sudo apt-get update -y -qq
            sudo apt-get upgrade -y -qq
            sudo apt-get install -y -qq gcc-multilib:i386 libsofthsm2:i386 gcc:i386
          else
            sudo apt-get update -y -qq
            sudo apt-get install -y -qq libsofthsm2
          fi
          mkdir /tmp/tokens
          echo "directories.tokendir = /tmp/tokens" > /tmp/softhsm2.conf
      - name: Install Rust target
        run: rustup target add ${{ matrix.target }}
      - name: Check
        run: cargo check --target ${{ matrix.target }} --workspace --all-targets
      - name: Test script
        run: cargo test --target ${{ matrix.target }}
      # "Run examples" assumes that:
      #   - there is one example per file.
      #   - the run does not take any arguments.
      #   - the run is relatively fast.
      #   - the return code is non-zero if the example fails.
      - name: Run examples
        run: |
          EXAMPLES=$(ls cryptoki/examples/*.rs | sed 's/\.rs$//' | xargs -n 1 basename)
          for example in $EXAMPLES; do
            cargo run --target ${{ matrix.target }} --example "$example"
          done

  build-windows:
    name: Build on Windows
    runs-on: windows-latest
    steps:
      - uses: actions/checkout@v4
      - run: cargo check --all-features --workspace --all-targets

  links:
    name: Check links
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Link Checker
        uses: peter-evans/link-checker@v1
        with:
          args: -v -r *.md
      - name: Fail if there were link errors
        run: exit ${{ steps.lc.outputs.exit_code }}