Add support of Octet String and X509 bytes encoding (#255) #898
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: | |
- '*' | |
env: | |
RUST_BACKTRACE: 1 | |
# We can pin the version if nightly is too unstable. | |
# Otherwise, we test against the latest version. | |
RUST_NIGHTLY_TOOLCHAIN: nightly | |
# Mirai version tag, updates this whenever a new version | |
# is released. | |
MIRAI_TOOLCHAIN: nightly-2023-05-09 | |
MIRAI_TAG: v1.1.8 | |
jobs: | |
rustfmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
profile: minimal | |
override: true | |
components: rustfmt | |
- name: Run cargo fmt | |
uses: actions-rs/cargo@v1.0.3 | |
with: | |
command: fmt | |
args: -- --check --verbose | |
clippy: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ] | |
features: | |
- "--features bindgen" | |
- "--features bindgen,fips" | |
exclude: | |
- crate_dir: aws-lc-sys | |
features: "--features bindgen,fips" | |
- crate_dir: aws-lc-fips-sys | |
features: "--features bindgen,fips" | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
profile: minimal | |
override: true | |
components: clippy | |
- name: Run cargo clippy | |
working-directory: ${{ matrix.crate_dir }} | |
run: cargo clippy ${{ matrix.features }} --all-targets -- -W clippy::all -W clippy::pedantic -D warnings | |
apidiff: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
crate_dir: [ "aws-lc-sys", "aws-lc-fips-sys", "aws-lc-rs" ] | |
diff_target: [ "branch", "published" ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: nightly-2023-08-25 | |
profile: minimal | |
override: true | |
- name: Install cargo-public-api | |
uses: actions-rs/cargo@v1.0.3 | |
with: | |
command: install | |
args: cargo-public-api | |
- name: Perform API Diff (Target Branch) | |
if: matrix.diff_target == 'branch' | |
working-directory: ${{ matrix.crate_dir }} | |
run: cargo public-api diff --deny changed --deny removed ${{ github.event.pull_request.base.sha }}..${{ github.event.pull_request.head.sha }} | |
- name: Perform API Diff (Published) | |
if: matrix.diff_target == 'published' | |
working-directory: ${{ matrix.crate_dir }} | |
shell: bash | |
run: | | |
CRATE_NAME="${{ matrix.crate_dir }}" | |
CRATE_VERSION=$(cargo search --limit 1 ${CRATE_NAME} | head -n 1 | sed -e 's/[^"]*"\([^"]*\)".*/\1/') | |
cargo public-api diff --deny changed --deny removed "${CRATE_VERSION}" | |
dependency-review: | |
runs-on: ubuntu-latest | |
steps: | |
- name: 'Checkout Repository' | |
uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: 'Dependency Review' | |
uses: actions/dependency-review-action@v3 | |
with: | |
allow-licenses: Apache-2.0, ISC, MIT, MIT-0 | |
udeps: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
profile: minimal | |
override: true | |
- name: Install cargo-udeps | |
uses: actions-rs/cargo@v1.0.3 | |
with: | |
command: install | |
args: cargo-udeps | |
- name: Run cargo udeps | |
# we only use openssl when the openssl-benchmarks feature is enabled. | |
# openssl is a dev-dependency so it can't be optional. | |
run: cargo udeps --workspace --all-targets --features openssl-benchmarks | |
env: | |
RUSTC_WRAPPER: "" | |
aws-lc-rs-cross-test: | |
name: aws-lc-rs cross tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ 1.72.1 ] # TODO: return to stable | |
os: [ ubuntu-latest ] | |
target: | |
- arm-unknown-linux-gnueabihf | |
- aarch64-unknown-linux-gnu | |
- i686-unknown-linux-gnu | |
- powerpc64le-unknown-linux-gnu | |
- riscv64gc-unknown-linux-gnu | |
- arm-linux-androideabi | |
- armv7-linux-androideabi | |
- aarch64-linux-android | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
override: true | |
target: ${{ matrix.target }} | |
- name: Install cross | |
uses: actions-rs/cargo@v1.0.3 | |
with: | |
command: install | |
args: cross --git https://github.com/cross-rs/cross | |
- name: Cross-compilation | |
if: ${{ matrix.target == 'aarch64-unknown-linux-gnu' || matrix.target == 'i686-unknown-linux-gnu' }} | |
working-directory: ./aws-lc-rs | |
run: cross test --target ${{ matrix.target }} | |
- name: Cross-compilation w/ bindgen | |
working-directory: ./aws-lc-rs | |
run: cross test --release --features bindgen --target ${{ matrix.target }} | |
aws-lc-rs-platform-build: | |
name: Cross-platform build | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ macos-latest ] | |
target: [ aarch64-apple-ios ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
override: true | |
target: ${{ matrix.target }} | |
- name: Run cargo build | |
working-directory: ./aws-lc-rs | |
run: cargo build --features bindgen --target ${{ matrix.target }} | |
aws-lc-rs-test: | |
name: aws-lc-rs tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ ubuntu-latest, macOS-latest ] | |
args: | |
- --all-targets | |
- --release --all-targets | |
- --no-default-features --features non-fips | |
- --no-default-features --features non-fips,ring-io | |
- --no-default-features --features non-fips,ring-sig-verify | |
- --no-default-features --features non-fips,alloc | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
override: true | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} | |
- name: Run extra tests | |
working-directory: ./aws-lc-rs-testing | |
run: cargo test --all-targets | |
fips-test: | |
name: aws-lc-rs fips-tests | |
runs-on: ${{ matrix.os }} | |
env: | |
CC: clang | |
CXX: clang++ | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ ubuntu-latest, macOS-latest ] | |
args: | |
- --release --all-targets --features fips | |
- --no-default-features --features fips | |
- --no-default-features --features fips,ring-io | |
- --no-default-features --features fips,ring-sig-verify | |
- --no-default-features --features fips,alloc | |
- --no-default-features --features fips,bindgen | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
override: true | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
# Doc-tests fail to link with dynamic build | |
# See: https://github.com/rust-lang/cargo/issues/8531 | |
run: cargo test --tests ${{ matrix.args }} | |
bindgen-test: | |
name: aws-lc-rs bindgen-tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ ubuntu-latest, macOS-latest ] | |
args: | |
- --no-default-features --features aws-lc-sys,bindgen | |
- --release --all-targets --features bindgen | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
override: true | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} | |
windows-test: | |
name: aws-lc-rs windows-tests | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ windows-2019 ] | |
args: | |
- --all-targets | |
- --all-targets --features bindgen | |
- --release --all-targets | |
- --no-default-features --features non-fips | |
- --no-default-features --features non-fips,ring-io | |
- --no-default-features --features non-fips,ring-sig-verify | |
- --no-default-features --features non-fips,alloc | |
steps: | |
- uses: ilammy/setup-nasm@v1 | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
override: true | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} | |
publish-dry-run: | |
name: publish dry-run | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
rust: [ stable ] | |
os: [ windows-2019, ubuntu-latest, macOS-latest ] | |
args: | |
- publish --dry-run | |
steps: | |
- if: ${{ matrix.os == 'windows-2019' }} | |
uses: ilammy/setup-nasm@v1 | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ matrix.rust }} | |
override: true | |
- name: aws-lc-sys | |
working-directory: ./aws-lc-sys | |
run: cargo ${{ matrix.args }} | |
- name: aws-lc-fips-sys | |
if: ${{ matrix.os != 'windows-2019' }} | |
working-directory: ./aws-lc-fips-sys | |
run: cargo ${{ matrix.args }} | |
- name: aws-lc-rs | |
working-directory: ./aws-lc-rs | |
run: cargo ${{ matrix.args }} | |
aws-lc-rs-coverage: | |
name: aws-ls-rs coverage | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
override: true | |
components: llvm-tools-preview | |
- name: Install cargo-llvm-cov | |
uses: actions-rs/cargo@v1.0.3 | |
with: | |
command: install | |
args: cargo-llvm-cov | |
# TODO: add bot to post coverage details to PR, or upload results to AWS | |
# account. Using --html can give us more insight which regions are missing | |
# coverage immediately. | |
- name: Run coverage | |
working-directory: ./aws-lc-rs | |
run: cargo llvm-cov --workspace --no-fail-fast --fail-under-lines 95 --ignore-filename-regex "aws-lc-(fips-)?sys/.*" | |
mirai-analysis: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ env.MIRAI_TOOLCHAIN }} | |
profile: minimal | |
components: rust-src, rustc-dev, llvm-tools-preview | |
- name: Cache Cargo | |
uses: actions/cache@v3.0.5 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ runner.os }}-mirai-${{ env.MIRAI_TAG }} | |
# https://github.com/facebookexperimental/MIRAI/blob/main/documentation/InstallationGuide.md#installing-mirai-into-cargo | |
- name: Install MIRAI | |
run: | | |
MIRAI_TMP_SRC=$(mktemp -d) | |
git clone --depth 1 --branch ${{ env.MIRAI_TAG }} https://github.com/facebookexperimental/MIRAI.git ${MIRAI_TMP_SRC} | |
pushd ${MIRAI_TMP_SRC} | |
cargo install --force --path ./checker --no-default-features | |
popd | |
rm -rf ${MIRAI_TMP_SRC} | |
- name: Run MIRAI | |
working-directory: ./aws-lc-rs | |
run: | | |
cargo mirai | |
aws-lc-rs-asan: | |
name: aws-lc-rs asan | |
strategy: | |
matrix: | |
args: | |
- | |
- --release | |
features: | |
- --features asan | |
- --no-default-features --features fips,asan | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: ${{ env.RUST_NIGHTLY_TOOLCHAIN }} | |
override: true | |
- name: Run address sanitizers | |
env: | |
ASAN_OPTIONS: detect_leaks=1 | |
RUSTFLAGS: -Zsanitizer=address | |
RUSTDOCFLAGS: -Zsanitizer=address | |
working-directory: ./aws-lc-rs | |
run: cargo test ${{ matrix.args }} --lib --bins --tests --examples --target x86_64-unknown-linux-gnu --features asan | |
s2n-quic-integration: | |
name: s2n-quic-integration | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macOS-latest ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: stable | |
override: true | |
- name: Run s2n-quic integration | |
working-directory: ./aws-lc-rs | |
run: | | |
./scripts/run-s2n-quic-integration.sh | |
rustls-integration: | |
name: rustls-integration | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macOS-latest ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: stable | |
override: true | |
- name: Run rustls integration | |
working-directory: ./aws-lc-rs | |
run: | | |
./scripts/run-rustls-integration.sh | |
copyright: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check | |
run: | | |
./scripts/tools/copyright_check.sh | |
build-env-test: | |
name: aws-lc-rs build-env-test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macOS-latest ] | |
static: [ 0, 1 ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: stable | |
override: true | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
# Doc-tests fail to link with dynamic build | |
# See: https://github.com/rust-lang/cargo/issues/8531 | |
run: AWS_LC_SYS_STATIC=${{ matrix.static }} cargo test --tests | |
build-env-fips-test: | |
name: aws-lc-rs build-env-fips-test | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ ubuntu-latest, macOS-latest ] | |
static: [ 0, 1 ] | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- uses: actions-rs/toolchain@v1.0.7 | |
id: toolchain | |
with: | |
toolchain: stable | |
override: true | |
- name: Run cargo test | |
working-directory: ./aws-lc-rs | |
if: ${{ matrix.os != 'macOS-latest' || matrix.static != 1 }} | |
# Doc-tests fail to link with dynamic build | |
# See: https://github.com/rust-lang/cargo/issues/8531 | |
run: AWS_LC_FIPS_SYS_STATIC=${{ matrix.static }} cargo test --tests --features fips | |
msrv: | |
name: Minimum Supported Rust Version | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
lfs: true | |
- name: Install cargo-msrv | |
uses: actions-rs/cargo@v1.0.3 | |
with: | |
command: install | |
args: cargo-msrv | |
- name: Verify msrv | |
working-directory: ./aws-lc-rs | |
run: cargo msrv verify |