Skip to content

ci: require more interop tests to pass #6044

ci: require more interop tests to pass

ci: require more interop tests to pass #6044

Workflow file for this run

on:
push:
branches:
- main
pull_request:
branches:
- main
name: ci
env:
CARGO_INCREMENTAL: 0
CARGO_NET_RETRY: 10
RUSTUP_MAX_RETRIES: 10
RUST_BACKTRACE: 1
# Pin the nightly toolchain to prevent breakage.
# This should be occasionally updated.
RUST_NIGHTLY_TOOLCHAIN: nightly-2023-06-12
CDN: https://dnglbrstg7yg.cloudfront.net
# enable unstable features for testing
S2N_UNSTABLE_CRYPTO_OPT_TX: 100
S2N_UNSTABLE_CRYPTO_OPT_RX: 100
# By default depandabot only receives read permissions. Explicitly give it write
# permissions which is needed by the ouzi-dev/commit-status-updater task.
#
# Updating status is relatively safe (doesnt modify source code) and caution
# should we taken before adding more permissions.
permissions:
statuses: write
jobs:
env:
runs-on: ubuntu-latest
outputs:
rust-versions: ${{ steps.definitions.outputs.versions }}
msrv: ${{ steps.definitions.outputs.msrv }}
examples: ${{ steps.definitions.outputs.examples }}
crates: ${{ steps.definitions.outputs.crates }}
steps:
- uses: actions/checkout@v3
# examples is populated by
# find all child folders in the examples directory
# jq -R - raw content is passed in (not json, just strings)
# jq -s - slurp the content into an object
# jq '. += ' adds the s2n-quic-xdp crate to the list of crates we build
# Many of the xdp crates have much more complex build processes, so we
# don't try to build all of them.
# jq -c - output the object in (c)ompact mode on a single line, github
# will fail to parse multi line output
#
# the output is echo'd to make debugging easier
- name: Evaluate definitions
id: definitions
run: |
export MSRV=$(rustup show | awk 'NF' | awk 'END{print $2}')
echo "msrv=$MSRV"
echo "msrv=$MSRV" >> $GITHUB_OUTPUT
export RAW_VERSIONS="stable beta $RUST_NIGHTLY_TOOLCHAIN $MSRV"
export VERSIONS=$(echo $RAW_VERSIONS | jq -scR 'rtrimstr("\n")|split(" ")|.')
echo "versions=$VERSIONS"
echo "versions=$VERSIONS" >> $GITHUB_OUTPUT
export EXAMPLES=$(find examples/ -maxdepth 1 -mindepth 1 -type d | jq -R | jq -sc)
echo "examples=$EXAMPLES"
echo "examples=$EXAMPLES" >> $GITHUB_OUTPUT
export CRATES=$(find quic common -name *Cargo.toml | jq -R | jq -s | jq '. += ["tools/xdp/s2n-quic-xdp/Cargo.toml"]' | jq -c)
echo "crates=$CRATES"
echo "crates=$CRATES" >> $GITHUB_OUTPUT
rustfmt:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
profile: minimal
override: true
components: rustfmt
- name: Run cargo fmt
uses: actions-rs/[email protected]
with:
command: fmt
args: --all -- --check
clippy:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
include:
- toolchain: stable
# fail on stable warnings
args: "-D warnings"
- toolchain: beta
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ matrix.toolchain }}
profile: minimal
override: true
components: clippy
- uses: camshaft/rust-cache@v1
# TODO translate json reports to in-action warnings
- name: Run cargo clippy
uses: actions-rs/[email protected]
with:
command: clippy
# deriving Eq may break API compatibility so we disable it
# See https://github.com/rust-lang/rust-clippy/issues/9063
# manual_clamp will panic when min > max
# See https://github.com/rust-lang/rust-clippy/pull/10101
args: --all-features --all-targets -- -A clippy::derive_partial_eq_without_eq -A clippy::manual_clamp ${{ matrix.args }}
udeps:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
profile: minimal
override: true
- uses: camshaft/rust-cache@v1
- uses: camshaft/install@v1
with:
crate: cargo-udeps
- name: Run cargo udeps
run: cargo udeps --workspace --all-targets
env:
RUSTC_WRAPPER: ""
doc:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: stable
profile: minimal
override: true
- uses: camshaft/rust-cache@v1
- name: Run cargo doc
uses: actions-rs/[email protected]
with:
command: doc
args: --all-features --no-deps --workspace --exclude s2n-quic-qns
- uses: aws-actions/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-1
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/doc"
aws s3 sync target/doc "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/s2n_quic/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "doc / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
test:
runs-on: ${{ matrix.os }}
needs: env
strategy:
fail-fast: false
matrix:
rust: ${{ fromJson(needs.env.outputs.rust-versions) }}
os: [ubuntu-latest, macOS-latest, windows-latest]
target: [native]
env: [default]
include:
- os: windows-latest
# s2n-tls doesn't currently build on windows
exclude: --workspace --exclude s2n-quic-tls
- rust: stable
os: ubuntu-latest
target: aarch64-unknown-linux-gnu
- rust: stable
os: ubuntu-latest
target: i686-unknown-linux-gnu
# test with different platform features
- rust: stable
os: ubuntu-latest
target: native
env: S2N_QUIC_PLATFORM_FEATURES_OVERRIDE=""
- rust: stable
os: ubuntu-latest
target: native
env: S2N_QUIC_PLATFORM_FEATURES_OVERRIDE="mtu_disc,pktinfo,tos,socket_msg"
steps:
- uses: actions/checkout@v3
with:
lfs: true
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ matrix.rust }}
override: true
target: ${{ matrix.target != 'native' && matrix.target || '' }}
- name: Install cross
if: ${{ matrix.target != 'native' }}
uses: camshaft/install@v1
with:
crate: cross
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.target }}
- name: Restore fuzz corpus
shell: bash
run: |
find . -name 'corpus.tar.gz' -exec dirname {} ';' | xargs -L 1 bash -c 'cd "$0" && rm -rf corpus && tar xf corpus.tar.gz'
- name: Set environment variables
if: ${{ matrix.env != 'default' }}
run: echo ${{ matrix.env }} >> $GITHUB_ENV
# Build the tests before running to improve cross compilation speed
- name: Run cargo build
uses: actions-rs/[email protected]
with:
command: build
args: --tests ${{ matrix.exclude }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }}
use-cross: ${{ matrix.target != 'native' }}
- name: Run cargo test
uses: actions-rs/[email protected]
with:
command: test
args: ${{ matrix.exclude }} ${{ matrix.target != 'native' && format('--target {0}', matrix.target) || '' }}
use-cross: ${{ matrix.target != 'native' }}
miri:
# miri needs quite a bit of memory so use a larger instance
runs-on:
labels: s2n_ubuntu-20.04_8-core
strategy:
fail-fast: false
matrix:
crate: [quic/s2n-quic-core, quic/s2n-quic-platform]
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
override: true
components: miri, rust-src
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.crate }}
- name: ${{ matrix.crate }}
# Disabling capture speeds up miri execution: https://github.com/rust-lang/miri/issues/1780#issuecomment-830664528
run: cd ${{ matrix.crate }} && cargo miri test -- --nocapture
env:
# needed to read corpus files from filesystem
MIRIFLAGS: -Zmiri-disable-isolation
no_std:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
override: true
components: rust-src
- uses: camshaft/rust-cache@v1
- name: Run cargo build
run: ./scripts/test_no_std ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
compliance:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: ./.github/actions/duvet
with:
report-script: ./scripts/compliance
report-path: ./target/compliance/report.html
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-s3-bucket-name: s2n-quic-ci-artifacts
aws-s3-region: us-west-1
cdn: $CDN
coverage:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
lfs: true
submodules: true
- name: Restore fuzz corpus
run: |
find . -name 'corpus.tar.gz' -exec dirname {} ';' | xargs -L 1 bash -c 'cd "$0" && rm -rf corpus && tar xf corpus.tar.gz'
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
override: true
components: llvm-tools-preview
- uses: camshaft/rust-cache@v1
- name: Install cargo-llvm-cov
run: curl -LsSf https://github.com/taiki-e/cargo-llvm-cov/releases/latest/download/cargo-llvm-cov-x86_64-unknown-linux-gnu.tar.gz | tar xzf - -C ~/.cargo/bin
- name: Run cargo test
uses: actions-rs/[email protected]
with:
command: llvm-cov
args: --html --no-fail-fast --workspace --exclude s2n-quic-qns --exclude s2n-quic-events --all-features
- uses: aws-actions/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-1
- name: Upload results
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/coverage"
aws s3 sync target/llvm-cov/html "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "coverage / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
# This CI step will directly build each crate in common/ and quic/ which is
# useful because it sidesteps the feature resolution that normally occurs in a
# workspace build. We make sure that the crates build with default features,
# otherwise release to crates.io will be blocked
crates:
needs: env
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
crate: ${{ fromJson(needs.env.outputs.crates) }}
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ needs.env.outputs.msrv }}
profile: minimal
override: true
- name: build
uses: actions-rs/[email protected]
with:
command: build
args: --manifest-path ${{ matrix.crate }}
examples:
needs: env
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
example: ${{ fromJson(needs.env.outputs.examples) }}
steps:
- uses: actions/checkout@v3
with:
submodules: true
# nightly features are used for formatting
- uses: actions-rs/[email protected]
id: nightly-toolchain
with:
toolchain: nightly
components: rustfmt
- uses: actions-rs/[email protected]
id: stable-toolchain
with:
toolchain: stable
override: true
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.example }}
- name: format
working-directory: ${{ matrix.example }}
run: cargo +nightly fmt --all -- --check
- name: lint
working-directory: ${{ matrix.example }}
run: cargo clippy --all-features --all-targets -- -A clippy::manual_clamp -A clippy::uninlined_format_args -D warnings
# not all examples will build with the --manifest-path argument, since the
# manifest-path argument will pull configuration from the current directory
# instead of the directory with the Cargo.toml file
- name: build
working-directory: ${{ matrix.example }}
# TODO make sure the example actually runs as well
run: cargo build
recovery-simulations:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: stable
profile: minimal
override: true
- uses: camshaft/rust-cache@v1
- name: Run simulations
run: |
./scripts/recovery-sim
- uses: aws-actions/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-1
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/recovery-simulations"
aws s3 sync target/recovery-sim "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "recovery-simulations / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
sims:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: stable
profile: minimal
override: true
- uses: camshaft/rust-cache@v1
- name: Run cargo build
uses: actions-rs/[email protected]
with:
command: build
args: --bin s2n-quic-sim --release
- name: Run simulations
run: |
./scripts/sim
- uses: aws-actions/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-1
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/sim"
aws s3 sync target/s2n-quic-sim "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET/index.html"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "sims / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
copyright:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check
run: |
./scripts/copyright_check
# ensures the event codegen is up to date
events:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
profile: minimal
override: true
components: rustfmt
- uses: camshaft/rust-cache@v1
- name: Run events codegen
run: |
cargo run --bin s2n-quic-events
- name: Check to make sure the generated events are up-to-date
run: |
# If this fails you need to run `cargo run --bin s2n-quic-events`
git diff --exit-code
# ensures there are no unused snapshots
snapshots:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: stable
profile: minimal
override: true
- name: Install cargo-insta
uses: camshaft/install@v1
with:
crate: cargo-insta
- uses: camshaft/rust-cache@v1
- name: Run cargo insta test
run: |
cargo insta test --delete-unreferenced-snapshots
- name: Check to make sure there are no unused snapshots
run: |
# If this fails, a test that was asserting a snapshot is no longer being executed.
git diff --exit-code
# generates a report of time spent in compilation
# https://doc.rust-lang.org/stable/cargo/reference/timings.html
timing:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }}
profile: minimal
override: true
- name: Run cargo build
run: |
cd examples/echo
cargo build --timings --release
- uses: aws-actions/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-1
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
run: |
TARGET="${{ github.sha }}/timing/index.html"
aws s3 cp examples/echo/target/cargo-timings/cargo-timing.html "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/$TARGET"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "timing / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
typos:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: stable
profile: minimal
override: true
- uses: camshaft/install@v1
with:
crate: typos-cli
bins: typos
- name: Run typos
run: |
./scripts/typos --format json | tee /tmp/typos.json | jq -rs '.[] | "::error file=\(.path),line=\(.line_num),col=\(.byte_offset)::\(.typo) should be \"" + (.corrections // [] | join("\" or \"") + "\"")'
cat /tmp/typos.json
! grep -q '[^[:space:]]' /tmp/typos.json
kani:
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
crate: [quic/s2n-quic-core, quic/s2n-quic-platform, tools/xdp/s2n-quic-xdp]
steps:
- uses: actions/checkout@v3
with:
submodules: true
- name: Kani run
uses: model-checking/[email protected]
with:
working-directory: ${{ matrix.crate }}
args: --tests
dhat:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: stable
profile: minimal
override: true
- uses: camshaft/rust-cache@v1
- name: Run cargo build
working-directory: tools/memory-report
run: cargo build --release
- name: Run server
working-directory: tools/memory-report
run: ./target/release/memory-report server &
- name: Run client
working-directory: tools/memory-report
run: ./target/release/memory-report client > report.tsv
- name: Prepare artifacts
working-directory: tools/memory-report
run: |
mkdir -p target/report
mv report.tsv target/report/
mv dhat-heap.json target/report/
- uses: aws-actions/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: us-west-1
- name: Upload to S3
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
id: s3
working-directory: tools/memory-report
run: |
TARGET="${{ github.sha }}/dhat"
aws s3 sync target/report "s3://s2n-quic-ci-artifacts/$TARGET" --acl private --follow-symlinks
URL="$CDN/dhat/dh_view.html?url=/$TARGET/dhat-heap.json"
echo "URL=$URL" >> $GITHUB_OUTPUT
- uses: ouzi-dev/[email protected]
if: github.event_name == 'push' || github.repository == github.event.pull_request.head.repo.full_name
with:
name: "dhat / report"
status: "success"
url: "${{ steps.s3.outputs.URL }}"
loom:
runs-on: ubuntu-latest
strategy:
matrix:
crate: [quic/s2n-quic-core]
steps:
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: stable
profile: minimal
override: true
- uses: camshaft/rust-cache@v1
with:
key: ${{ matrix.crate }}
- name: ${{ matrix.crate }}
# run the tests with release mode since some of the loom models can be expensive
run: cd ${{ matrix.crate }} && cargo test --release loom
env:
RUSTFLAGS: --cfg loom -Cdebug-assertions
xdp:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
lfs: true
- uses: actions-rs/[email protected]
id: toolchain
with:
toolchain: 1.67.0
profile: minimal
override: true
components: clippy,rustfmt
- uses: camshaft/install@v1
with:
crate: bpf-linker
- uses: camshaft/rust-cache@v1
- name: Run clippy
working-directory: tools/xdp
run: cargo clippy
- name: Build ebpf
working-directory: tools/xdp
env:
RUST_LOG: trace
run: cargo xtask ci