name: Continuous Integration
permissions:
contents: read
on:
workflow_dispatch:
push:
branches:
- main
pull_request:
merge_group:
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Check typos
uses: crate-ci/typos@master
- name: Lint dependencies
uses: EmbarkStudios/cargo-deny-action@v2.0.14
with:
rust-version: 1.88
clippy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
components: clippy,rustfmt
- name: Install native dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y libelf-dev zlib1g-dev build-essential protobuf-compiler
- name: Cache Cargo dependencies
uses: Swatinem/rust-cache@v2
with:
add-job-id-key: false
save-if: false
key: clippy
- name: Run clippy
run: cargo clippy --workspace -- -D warnings
style:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust nightly
uses: dtolnay/rust-toolchain@nightly
with:
components: rustfmt
- name: Check style
run: cargo +nightly fmt --all -- --check
test-coverage:
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v6
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- uses: taiki-e/install-action@v2
with:
tool: cargo-llvm-cov
- name: Install native dependencies
if: runner.os == 'Linux'
run: |
sudo apt update -y
sudo apt install -y {binutils,gcc}-{aarch64,riscv64}-linux-gnu \
build-essential autopoint gettext libelf-dev zlib1g-dev libseccomp-dev \
protobuf-compiler
- name: Cache Cargo dependencies
uses: Swatinem/rust-cache@v2
with:
add-job-id-key: false
key: coverage
- name: Generate code coverage
run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v5
with:
token: ${{ secrets.CODECOV_TOKEN }} files: lcov.info
fail_ci_if_error: true
check_and_test:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-24.04
os-arch: amd64
target: x86_64-unknown-linux-gnu
arch: x86_64
libpath: usr/lib/x86_64-linux-gnu
no-default-features: false
- os: ubuntu-24.04
os-arch: amd64
target: x86_64-unknown-linux-gnu
arch: x86_64
libpath: usr/lib/x86_64-linux-gnu
no-default-features: true
- os: ubuntu-24.04
os-arch: amd64
target: x86_64-unknown-linux-gnu
arch: x86_64
libpath: usr/lib/x86_64-linux-gnu
no-default-features: false
args: '-F static,vendored'
rust_flags: -C target-feature=+crt-static
static_libseccomp: true
- os: ubuntu-24.04
os-arch: arm64
target: aarch64-unknown-linux-gnu
arch: aarch64
libpath: usr/lib/aarch64-linux-gnu
no-default-features: false
- os: ubuntu-24.04
os-arch: arm64
target: aarch64-unknown-linux-gnu
arch: aarch64
libpath: usr/lib/aarch64-linux-gnu
no-default-features: false
args: '-F static,vendored'
rust_flags: -C target-feature=+crt-static
static_libseccomp: true
- os: ubuntu-24.04
os-arch: riscv64
target: riscv64gc-unknown-linux-gnu
arch: riscv64
libpath: usr/lib/riscv64-linux-gnu
args: '-F ebpf,vendored-libbpf'
no-default-features: true
- os: ubuntu-24.04
os-arch: riscv64
target: riscv64gc-unknown-linux-gnu
arch: riscv64
libpath: usr/lib/riscv64-linux-gnu
args: '-F ebpf,static,vendored'
no-default-features: true
rust_flags: -C target-feature=+crt-static
static_libseccomp: true
runs-on: ${{ matrix.os }}
env:
RUSTFLAGS: ${{ matrix.rust_flags }}
LIBSECCOMP_LINK_TYPE: ${{ matrix.static_libseccomp && 'static' || 'dylib' }}
LIBSECCOMP_LIB_PATH: ${{ matrix.static_libseccomp && format('/{0}', matrix.libpath) || '/this/path/does/not/exist' }}
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.88"
targets: ${{ matrix.target }}
components: rustfmt
- name: Install cross-compilation tools
uses: taiki-e/setup-cross-toolchain-action@v1
with:
target: ${{ matrix.target }}
- name: Add apt sources for ${{ matrix.os-arch }}
if: matrix.os-arch != 'amd64'
run: |
dpkg --add-architecture ${{ matrix.os-arch }}
release=$(. /etc/os-release && echo "$UBUNTU_CODENAME")
sed -i '/Types: deb/aArchitectures: amd64' /etc/apt/sources.list.d/ubuntu.sources
printf 'deb [arch=${{ matrix.os-arch }}] http://ports.ubuntu.com/ %s main restricted\n' \
$release $release-updates $release-security \
>> /etc/apt/sources.list
shell: sudo sh -e {0}
- name: Install build dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y build-essential autopoint gettext libelf-dev zlib1g-dev \
libelf-dev:${{ matrix.os-arch }} zlib1g-dev:${{ matrix.os-arch }} \
protobuf-compiler
sudo apt-get install -y libseccomp-dev:${{ matrix.os-arch }}
if ! [ "${{ matrix.static_libseccomp }}" = "true" ]; then
sudo apt-get install -y libseccomp2:${{ matrix.os-arch }}
fi
- name: Cache Cargo dependencies
uses: Swatinem/rust-cache@v2
with:
add-job-id-key: false
key: ${{ matrix.target }}
- name: Run cargo build with default features
run: env RUSTFLAGS="$RUSTFLAGS -D warnings" cargo build --workspace --bins --tests --target ${{ matrix.target }} ${{ matrix.args }}
env:
RUST_BACKTRACE: full
- name: Run cargo test with default features
if: matrix.target == 'x86_64-unknown-linux-gnu' || matrix.target == 'x86_64-unknown-linux-musl'
run: cargo test --workspace --target ${{ matrix.target }} ${{ matrix.args }}
env:
RUST_BACKTRACE: full