connlib: moves it to the main firezone library

This brindgs connlib from its own separated repo to firezone's monorepo. On top of bringing connlib we also add and unify the Dockerfile for all rust binaries and add a docker-compose that can run a headless client, a relay and a gateway which eventually will test the whole flow between a client and a resource. For this to work we also incorporated some elixir scripts to generate portal tokens for those components.
2026-01-27 10:18:54 +00:00 · 2023-06-23 19:39:58 -03:00
parent e039f1919d
commit e9be4b9ef5
87 changed files with 7218 additions and 295 deletions
--- a/.github/workflows/publish_connlib.yml
+++ b/.github/workflows/publish_connlib.yml
@@ -0,0 +1,46 @@
+name: Publish packages to GitHub Packages
+on:
+  release:
+    types: [published]
+jobs:
+  # Noop: XCFramework is attached to release already in build workflow
+  # publish-apple:
+  publish-android:
+    runs-on: ubuntu-latest
+    defaults:
+      run:
+        working-directory: ./rust
+    permissions:
+      contents: read
+      packages: write
+
+    steps:
+      - uses: actions/checkout@v3
+      - uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+      - uses: Swatinem/rust-cache@v2
+        with:
+          workspaces: ./rust
+      - name: Setup toolchain
+        run: rustup show
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v1
+      - name: Sanity check tag equals AAR version
+        run: |
+          pkg_version=$(awk -F ' = ' '$1 ~ /version/ { gsub(/[\"]/, "", $2); printf("%s",$2); exit; }' connlib/android/lib/build.gradle.kts)
+          if [[ "${{ github.ref_name }}" = "$pkg_version" ]]; then
+            echo "Github ref name ${{ github.ref_name }} equals parsed package version $pkg_version. Continuing..."
+          else
+            echo "Github ref name ${{ github.ref_name }} differs from parsed package version $pkg_version! Aborting..."
+            exit 1
+          fi
+      - name: Publish package
+        uses: gradle/gradle-build-action@v2
+        with:
+          build-root-directory: android
+          arguments: publish
+        env:
+          GITHUB_ACTOR: ${{ secrets.GITHUB_ACTOR }}
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
--- a/.github/workflows/rust.yml
+++ b/.github/workflows/rust.yml
@@ -12,8 +12,18 @@ concurrency:
  cancel-in-progress: true

 jobs:
-  test:
-    name: Test all crates
+  draft-release:
+    runs-on: ubuntu-latest
+    outputs:
+      tag_name: ${{ steps.release_drafter.outputs.tag_name }}
+    steps:
+      - uses: release-drafter/release-drafter@v5
+        id: release_drafter
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+  test-relay:
+    name: Test relay
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -28,15 +38,130 @@ jobs:
      - uses: Swatinem/rust-cache@v2
        with:
          workspaces: ./rust
-      - run: cargo fmt -- --check
-      - run: cargo doc --no-deps --document-private-items
+      - run: cargo fmt -p relay -- --check
+      - run: cargo doc -p relay --no-deps --document-private-items
        env:
          RUSTDOCFLAGS: "-D warnings"
-      - run: cargo clippy --all-targets --all-features -- -D warnings
+      - run: cargo clippy -p relay --all-targets --all-features -- -D warnings
      - run: cargo test

-  cross: # cross is separate from test because cross-compiling yields different artifacts and we cannot reuse the cache.
-    name: Cross compile all crates
+  test-connlib:
+    needs: draft-release
+    name: Connlib checks
+    strategy:
+      matrix:
+        runs-on:
+          - ubuntu-20.04
+          - ubuntu-22.04
+          - macos-11
+          - macos-12
+          - windows-2019
+          - windows-2022
+    runs-on: ${{ matrix.runs-on }}
+    defaults:
+      run:
+        working-directory: ./rust
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Update toolchain
+        run: rustup show
+      - uses: Swatinem/rust-cache@v2
+      - name: Run connlib checks and tests
+        run: |
+          cargo check --workspace --exclude relay
+          cargo clippy --workspace --exclude relay -- -D clippy::all
+          cargo test --workspace --exclude relay
+
+  build-android:
+    needs:
+      - test-connlib
+      - draft-release
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        rust: [stable]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: Swatinem/rust-cache@v2
+      - name: Update toolchain
+        run: rustup show
+      - uses: actions/cache@v3
+        with:
+          path: |
+            ~/rust/connlib/clients/android/.gradle/caches
+            ~/rust/connlib/clients/android/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+      - uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v1
+      - name: Assemble Release
+        uses: gradle/gradle-build-action@v2
+        with:
+          arguments: build assembleRelease
+          build-root-directory: rust/connlib/clients/android
+      - name: Move artifact
+        run: |
+          mv ./rust/connlib/clients/android/lib/build/outputs/aar/lib-release.aar ./connlib-${{ needs.draft-release.outputs.tag_name }}.aar
+      - uses: actions/upload-artifact@v3
+        with:
+          name: connlib-android
+          path: |
+            ./connlib-${{ needs.draft-release.outputs.tag_name }}.aar
+
+  build-apple:
+    needs:
+      - test-connlib
+      - draft-release
+    runs-on: macos-latest
+    permissions:
+      contents: read
+    strategy:
+      matrix:
+        rust: [stable]
+    steps:
+      - uses: actions/checkout@v3
+      - uses: Swatinem/rust-cache@v2
+      - name: Update toolchain
+        run: rustup show
+      - name: Setup lipo
+        run: cargo install cargo-lipo
+      - uses: actions/cache@v3
+        with:
+          path: apple/.build
+          key: ${{ runner.os }}-spm-${{ hashFiles('**/Package.resolved') }}
+          restore-keys: |
+            ${{ runner.os }}-spm-
+
+      - name: Build Connlib.xcframework.zip
+        env:
+          CONFIGURATION: Release
+          PROJECT_DIR: .
+        working-directory: ./rust/connlib/clients/apple
+        run: |
+          # build-xcframework.sh calls build-rust.sh indirectly via `xcodebuild`, but it pollutes the environment
+          # to the point that it causes the `ring` build to fail for the aarch64-apple-darwin target. So, explicitly
+          # build first. See https://github.com/briansmith/ring/issues/1332
+          ./build-rust.sh
+          ./build-xcframework.sh
+          mv Connlib.xcframework.zip ../../../Connlib-${{ needs.draft-release.outputs.tag_name }}.xcframework.zip
+          mv Connlib.xcframework.zip.checksum.txt ../../../Connlib-${{ needs.draft-release.outputs.tag_name }}.xcframework.zip.checksum.txt
+      - uses: actions/upload-artifact@v3
+        with:
+          name: connlib-apple
+          path: |
+            ./Connlib-${{ needs.draft-release.outputs.tag_name }}.xcframework.zip
+            ./Connlib-${{ needs.draft-release.outputs.tag_name }}.xcframework.zip.checksum.txt
+
+  cross-relay: # cross is separate from test because cross-compiling yields different artifacts and we cannot reuse the cache.
+    name: Cross compile relay
    runs-on: ubuntu-latest
    defaults:
      run:
@@ -66,7 +191,6 @@ jobs:
      # This implicitly triggers installation of the toolchain in the `rust-toolchain.toml` file.
      # If we don't do this here, our cache action will compute a cache key based on the Rust version shipped on GitHub's runner which might differ from the one we use.
      - run: rustup show
-
      - uses: Swatinem/rust-cache@v2
        with:
          workspaces: ./rust