From d092deef388d39f71511eb8d0a18bebbad9ba95c Mon Sep 17 00:00:00 2001 From: Hilko Bengen Date: Sun, 19 May 2024 01:45:36 +0200 Subject: [PATCH] Build release targets in non-release workflows --- .cargo/config.toml | 2 + .github/workflows/build.yml | 291 +++++++++++++++++++++--------------- 2 files changed, 173 insertions(+), 120 deletions(-) diff --git a/.cargo/config.toml b/.cargo/config.toml index f77bece..90477cf 100644 --- a/.cargo/config.toml +++ b/.cargo/config.toml @@ -1,3 +1,5 @@ [target."aarch64-unknown-linux-gnu"] linker = "aarch64-linux-gnu-gcc" +[target."armv7-unknown-linux-gnueabihf"] +linker = "arm-linux-gnueabihf-gcc" diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 39d75a7..6f357e7 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -22,77 +22,165 @@ jobs: check_fmt: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v2 - - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - - - name: check formatting - run: cargo fmt --check + - uses: actions/checkout@v2 + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + + - name: check formatting + run: cargo fmt --check - build_n_test: + build-test: runs-on: ubuntu-latest container: ubuntu:latest steps: - - uses: actions/checkout@v2 - - name: Install dependency - run: | - apt-get -qq update - apt-get -qqy dist-upgrade - apt-get -qqy install curl build-essential libclang-dev libacl1-dev selinux-policy-dev libgoogle-perftools-dev - - - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - - - uses: actions/cache@v3 - with: - path: | - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" - - - run: cargo build - - run: cargo test --no-default-features - - run: cargo test - - run: cargo bench --no-run - - run: make -C contrib/selinux - - build_aarch64: + - uses: actions/checkout@v2 + - name: Install dependency + run: | + apt-get -qq update + apt-get -qqy dist-upgrade + apt-get -qqy install curl build-essential libclang-dev libacl1-dev selinux-policy-dev libgoogle-perftools-dev + + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + + - uses: actions/cache@v3 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" + + - run: cargo build + - run: cargo test --no-default-features + - run: cargo test + - run: cargo bench --no-run + - run: make -C contrib/selinux + + build-x86_64-gnu: runs-on: ubuntu-latest container: debian:bullseye steps: - - uses: actions/checkout@v2 - - name: Install dependency - run: | - dpkg --add-architecture arm64 - apt-get -qq update - apt-get -qqy dist-upgrade - apt-get -qqy install curl build-essential libclang-dev gcc-aarch64-linux-gnu libacl1-dev:arm64 - - - uses: actions-rs/toolchain@v1 - with: - toolchain: stable - target: aarch64-unknown-linux-gnu - - - uses: actions/cache@v3 - with: - path: | - ~/.cargo/bin/ - ~/.cargo/registry/index/ - ~/.cargo/registry/cache/ - ~/.cargo/git/db/ - target/ - key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" - - - run: cargo build --target=aarch64-unknown-linux-gnu + - uses: actions/checkout@v2 + - name: Install dependency + run: | + apt-get -qq update + apt-get -qqy dist-upgrade + apt-get -qqy install curl build-essential libclang-dev libacl1-dev + + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + + - uses: actions/cache@v3 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" + + - run: cargo build --target=x86_64-unknown-linux-gnu --release + + - uses: actions/upload-artifact@v4 + with: + name: laurel-x86_64-gnu + path: target/x86_64-unknown-linux-gnu/release/laurel + - uses: actions/upload-artifact@v4 + with: + name: laurel2audit-x86_64-gnu + path: target/x86_64-unknown-linux-gnu/release/laurel2audit - build_static_musl: + build-aarch64-gnu: runs-on: ubuntu-latest - container: alpine:3.18 + container: debian:bullseye + steps: + - uses: actions/checkout@v2 + - name: Install dependency + run: | + dpkg --add-architecture arm64 + apt-get -qq update + apt-get -qqy dist-upgrade + apt-get -qqy install curl build-essential libclang-dev gcc-aarch64-linux-gnu libacl1-dev:arm64 + + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + target: aarch64-unknown-linux-gnu + + - uses: actions/cache@v3 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" + + - run: cargo build --target=aarch64-unknown-linux-gnu --release + + - uses: actions/upload-artifact@v4 + with: + name: laurel-aarch64-gnu + path: target/aarch64-unknown-linux-gnu/release/laurel + - uses: actions/upload-artifact@v4 + with: + name: laurel2audit-aarch64-gnu + path: target/aarch64-unknown-linux-gnu/release/laurel2audit + + build-armv7-gnueabihf: + runs-on: ubuntu-latest + container: debian:bullseye + steps: + - uses: actions/checkout@v2 + - name: Install dependency + run: | + dpkg --add-architecture armhf + apt-get -qq update + apt-get -qqy dist-upgrade + apt-get -qqy install curl build-essential libclang-dev gcc-arm-linux-gnueabihf libacl1-dev:armhf + + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + profile: minimal + target: armv7-unknown-linux-gnueabihf + + - uses: actions/cache@v3 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + target/ + key: "${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}" + + - run: cargo build --target=armv7-unknown-linux-gnueabihf --release + + - uses: actions/upload-artifact@v4 + with: + name: laurel-armv7-gnueabihf + path: target/armv7-unknown-linux-gnueabihf/release/laurel + - uses: actions/upload-artifact@v4 + with: + name: laurel2audit-armv7-gnueabihf + path: target/armv7-unknown-linux-gnueabihf/release/laurel2audit + + build-x86_64-musl: + runs-on: ubuntu-latest + container: alpine:3.19 steps: - name: Prepare run: | @@ -102,74 +190,29 @@ jobs: - name: Build run: | RUSTFLAGS='-C target-feature=+crt-static -L /lib -l static=acl' \ - cargo build --target x86_64-alpine-linux-musl + cargo build --target x86_64-alpine-linux-musl --release make -C man - name: Show binary charcteristics run: | set -x - file target/x86_64-alpine-linux-musl/debug/laurel - ldd target/x86_64-alpine-linux-musl/debug/laurel - objdump -x target/x86_64-alpine-linux-musl/debug/laurel | grep NEEDED || true + file target/x86_64-alpine-linux-musl/release/laurel + ldd target/x86_64-alpine-linux-musl/release/laurel + objdump -x target/x86_64-alpine-linux-musl/release/laurel | grep NEEDED || true set +x if [ -n "$(objdump -x target/x86_64-alpine-linux-musl/debug/laurel | grep NEEDED)" ]; then echo "laurel is linked against shared libraries" >&2 exit 1 fi - - build_dynamic_glibc: - runs-on: ubuntu-latest - container: debian:trixie-slim - steps: - - name: Prepare - run: | - apt-get -qq update - apt-get -qqy upgrade - apt-get -qqy install ca-certificates clang libacl1-dev jq file curl - - name: Install Rust toolchain (stable) - uses: actions-rs/toolchain@v1 + - uses: actions/upload-artifact@v4 with: - profile: minimal - toolchain: stable - - uses: actions/checkout@v2 - - name: Build - run: | - cargo build - - name: Show binary charcteristics - run: | - set -x - file target/debug/laurel - ldd target/debug/laurel - objdump -x target/debug/laurel | grep NEEDED || true - - - name: Launch test - run: | - pid1=$$ - pid2=$(($$ + 1000)) - pid3=$(($$ + 2000)) - now=$(date +%s) - - ./target/debug/laurel <