tracexec 0.17.0

Tracer for execve{,at} and pre-exec behavior, launcher for debuggers.
# The MIT License (MIT)

# Copyright (c) 2016-2022 Florian Dehau
# Copyright (c) 2023-2024 The Ratatui Developers
# Copyright (c) 2024      Levi Zim

# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:

# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.

# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.

name: Continuous Integration

permissions:
  contents: read

on:
  # Allows you to run this workflow manually from the Actions tab
  workflow_dispatch:
  push:
    branches:
      - main
  pull_request:
  merge_group:

# ensure that the workflow is only triggered once per PR,  subsequent pushes to the PR will cancel
# and restart the workflow. See https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
  group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
  cancel-in-progress: true

env:
  CARGO_TERM_COLOR: always

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Check typos
        uses: crate-ci/typos@master
      - name: Lint dependencies
        uses: EmbarkStudios/cargo-deny-action@v2.0.14
        with:
          rust-version: 1.88

  clippy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable
        with:
          components: clippy,rustfmt
      - name: Install native dependencies
        run: |
          sudo apt-get update -y
          sudo apt-get install -y libelf-dev zlib1g-dev build-essential protobuf-compiler
      - name: Cache Cargo dependencies
        uses: Swatinem/rust-cache@v2
        with:
          add-job-id-key: false
          save-if: false
          key: clippy
      - name: Run clippy
        run: cargo clippy --workspace -- -D warnings

  style:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install Rust nightly
        uses: dtolnay/rust-toolchain@nightly
        with:
          components: rustfmt
      - name: Check style
        run: cargo +nightly fmt --all -- --check

  test-coverage:
    runs-on: ubuntu-24.04
    steps:
      - uses: actions/checkout@v6
      - name: Install Rust stable
        uses: dtolnay/rust-toolchain@stable
        with:
          components: rustfmt
      - uses: taiki-e/install-action@v2
        with:
          tool: cargo-llvm-cov
      - name: Install native dependencies
        if: runner.os == 'Linux'
        run: |
          sudo apt update -y
          sudo apt install -y {binutils,gcc}-{aarch64,riscv64}-linux-gnu \
          build-essential autopoint gettext libelf-dev zlib1g-dev libseccomp-dev \
          protobuf-compiler
      - name: Cache Cargo dependencies
        uses: Swatinem/rust-cache@v2
        with:
          add-job-id-key: false
          key: coverage
      - name: Generate code coverage
        run: cargo llvm-cov --all-features --workspace --lcov --output-path lcov.info
      - name: Upload coverage to Codecov
        uses: codecov/codecov-action@v5
        with:
          token: ${{ secrets.CODECOV_TOKEN }} # required for private repos or protected branches
          files: lcov.info
          fail_ci_if_error: true

  check_and_test:
    strategy:
      fail-fast: false
      matrix:
        include:
          - os: ubuntu-24.04
            os-arch: amd64
            target: x86_64-unknown-linux-gnu
            arch: x86_64
            libpath: usr/lib/x86_64-linux-gnu
            no-default-features: false
          # Test with eBPF feature disabled
          - os: ubuntu-24.04
            os-arch: amd64
            target: x86_64-unknown-linux-gnu
            arch: x86_64
            libpath: usr/lib/x86_64-linux-gnu
            no-default-features: true
          - os: ubuntu-24.04
            os-arch: amd64
            target: x86_64-unknown-linux-gnu
            arch: x86_64
            libpath: usr/lib/x86_64-linux-gnu
            no-default-features: false
            args: '-F static,vendored'
            rust_flags: -C target-feature=+crt-static
            static_libseccomp: true
          - os: ubuntu-24.04
            os-arch: arm64
            target: aarch64-unknown-linux-gnu
            arch: aarch64
            libpath: usr/lib/aarch64-linux-gnu
            no-default-features: false
          - os: ubuntu-24.04
            os-arch: arm64
            target: aarch64-unknown-linux-gnu
            arch: aarch64
            libpath: usr/lib/aarch64-linux-gnu
            no-default-features: false
            args: '-F static,vendored'
            rust_flags: -C target-feature=+crt-static
            static_libseccomp: true
          - os: ubuntu-24.04
            os-arch: riscv64
            target: riscv64gc-unknown-linux-gnu
            arch: riscv64
            libpath: usr/lib/riscv64-linux-gnu
            args: '-F ebpf,vendored-libbpf'
            no-default-features: true
          - os: ubuntu-24.04
            os-arch: riscv64
            target: riscv64gc-unknown-linux-gnu
            arch: riscv64
            libpath: usr/lib/riscv64-linux-gnu
            args: '-F ebpf,static,vendored'
            no-default-features: true
            rust_flags: -C target-feature=+crt-static
            static_libseccomp: true
    runs-on: ${{ matrix.os }}
    env:
      RUSTFLAGS: ${{ matrix.rust_flags }}
      LIBSECCOMP_LINK_TYPE: ${{ matrix.static_libseccomp && 'static' || 'dylib' }}
      LIBSECCOMP_LIB_PATH: ${{ matrix.static_libseccomp && format('/{0}', matrix.libpath) || '/this/path/does/not/exist' }}
    #   LIBBPF_SYS_LIBRARY_PATH: ${{ github.workspace }}/3rdparty/${{ matrix.arch }}/${{ matrix.libpath }}
    #   LIBBPF_SYS_EXTRA_CFLAGS: -I ${{ github.workspace }}/3rdparty/${{ matrix.arch }}/usr/include
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Install Rust
        uses: dtolnay/rust-toolchain@master
        with:
          toolchain: "1.88"
          targets: ${{ matrix.target }}
          components: rustfmt
      - name: Install cross-compilation tools
        uses: taiki-e/setup-cross-toolchain-action@v1
        with:
          target: ${{ matrix.target }}
      - name: Add apt sources for ${{ matrix.os-arch }}
        if: matrix.os-arch != 'amd64'
        run: |
          dpkg --add-architecture ${{ matrix.os-arch }}

          release=$(. /etc/os-release && echo "$UBUNTU_CODENAME")
          sed -i '/Types: deb/aArchitectures: amd64' /etc/apt/sources.list.d/ubuntu.sources
          printf 'deb [arch=${{ matrix.os-arch }}] http://ports.ubuntu.com/ %s main restricted\n' \
              $release $release-updates $release-security \
              >> /etc/apt/sources.list
        shell: sudo sh -e {0}
      - name: Install build dependencies
        run: |
          sudo apt-get update -y
          sudo apt-get install -y build-essential autopoint gettext libelf-dev zlib1g-dev \
            libelf-dev:${{ matrix.os-arch }} zlib1g-dev:${{ matrix.os-arch }} \
            protobuf-compiler
          sudo apt-get install -y libseccomp-dev:${{ matrix.os-arch }}
          if ! [ "${{ matrix.static_libseccomp }}" = "true" ]; then
            sudo apt-get install -y libseccomp2:${{ matrix.os-arch }}
          fi
      - name: Cache Cargo dependencies
        uses: Swatinem/rust-cache@v2
        with:
          add-job-id-key: false
          key: ${{ matrix.target }}
      - name: Run cargo build with default features
        run: env RUSTFLAGS="$RUSTFLAGS -D warnings" cargo build --workspace --bins --tests --target ${{ matrix.target }} ${{ matrix.args }}
        env:
          RUST_BACKTRACE: full
      - name: Run cargo test with default features
        if: matrix.target == 'x86_64-unknown-linux-gnu' || matrix.target == 'x86_64-unknown-linux-musl'
        run: cargo test --workspace --target ${{ matrix.target }} ${{ matrix.args }}
        env:
          RUST_BACKTRACE: full