mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 18:18:55 +00:00
3c55ddcd1e
We are _very much_ over our GHA cache limit of 10 GB so in an effort to keep evictions to a minimum, we update the Rust SCCACHE to only write on `main` and the Docker elixir and data plane image build steps to do the same. Fixes #10145
177 lines
7.1 KiB
YAML
177 lines
7.1 KiB
YAML
---
|
|
name: Rust
|
|
"on":
|
|
workflow_call:
|
|
|
|
defaults:
|
|
run:
|
|
working-directory: ./rust
|
|
|
|
permissions:
|
|
contents: "read"
|
|
id-token: "write"
|
|
|
|
# Never tolerate warnings. Duplicated in `_tauri.yml`
|
|
env:
|
|
RUSTFLAGS: "-Dwarnings --cfg tokio_unstable"
|
|
RUSTDOCFLAGS: "-D warnings"
|
|
|
|
jobs:
|
|
static-analysis:
|
|
name: static-analysis-${{ matrix.runs-on }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# TODO: https://github.com/rust-lang/cargo/issues/5220
|
|
runs-on: [ubuntu-22.04-xlarge, macos-14-xlarge, windows-2022-xlarge]
|
|
runs-on: ${{ matrix.runs-on }}
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-rust
|
|
id: setup-rust
|
|
with:
|
|
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
timeout-minutes: 10
|
|
- uses: taiki-e/install-action@d31232495ad76f47aad66e3501e47780b49f0f3e # v2.57.5
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: cargo-udeps,cargo-deny
|
|
- uses: taiki-e/install-action@d31232495ad76f47aad66e3501e47780b49f0f3e # v2.57.5
|
|
if: ${{ runner.os == 'Linux' }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: bpf-linker
|
|
|
|
- run: cargo clippy --all-targets --all-features ${{ steps.setup-rust.outputs.compile-packages }}
|
|
name: cargo clippy
|
|
shell: bash
|
|
- run: cargo doc --all-features --no-deps --document-private-items ${{ steps.setup-rust.outputs.compile-packages }}
|
|
name: cargo doc
|
|
shell: bash
|
|
- run: cargo fmt -- --check
|
|
- run: cargo +${{ steps.setup-rust.outputs.nightly_version }} udeps --all-targets --all-features ${{ steps.setup-rust.outputs.compile-packages }}
|
|
name: cargo udeps
|
|
- run: cargo deny check --hide-inclusion-graph --deny unnecessary-skip
|
|
shell: bash
|
|
|
|
test:
|
|
name: test-${{ matrix.runs-on }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
# TODO: https://github.com/rust-lang/cargo/issues/5220
|
|
runs-on:
|
|
[
|
|
ubuntu-22.04-xlarge,
|
|
ubuntu-24.04-xlarge,
|
|
macos-13-xlarge,
|
|
macos-14-xlarge,
|
|
macos-15-xlarge,
|
|
windows-2022-xlarge,
|
|
windows-2025-xlarge,
|
|
]
|
|
runs-on: ${{ matrix.runs-on }}
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-rust
|
|
id: setup-rust
|
|
with:
|
|
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
- uses: taiki-e/install-action@d31232495ad76f47aad66e3501e47780b49f0f3e # v2.57.5
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: ripgrep
|
|
- uses: taiki-e/install-action@d31232495ad76f47aad66e3501e47780b49f0f3e # v2.57.5
|
|
if: ${{ runner.os == 'Linux' }}
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: bpf-linker
|
|
- name: "cargo test"
|
|
shell: bash
|
|
run: |
|
|
|
|
set -x
|
|
|
|
# First, run all tests.
|
|
cargo test --all-features ${{ steps.setup-rust.outputs.test-packages }} -- --include-ignored --nocapture
|
|
|
|
# Poor man's test coverage testing: Grep the generated logs for specific patterns / lines.
|
|
rg --count --no-ignore SendIcmpPacket "$TESTCASES_DIR"
|
|
rg --count --no-ignore SendUdpPacket "$TESTCASES_DIR"
|
|
rg --count --no-ignore ConnectTcp "$TESTCASES_DIR"
|
|
rg --count --no-ignore SendDnsQueries "$TESTCASES_DIR"
|
|
rg --count --no-ignore "Packet for DNS resource" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "Packet for CIDR resource" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "Packet for Internet resource" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "Truncating DNS response" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "ICMP Error error=V4Unreachable" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "ICMP Error error=V6Unreachable" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "ICMP Error error=V4TimeExceeded" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "ICMP Error error=V6TimeExceeded" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "Forwarding query for DNS resource to corresponding site" "$TESTCASES_DIR"
|
|
rg --count --no-ignore "Revoking resource authorization" "$TESTCASES_DIR"
|
|
|
|
# Make sure we are recovering from ICE disconnect
|
|
rg --count --no-ignore "State change \(got new possible\): Disconnected -> Checking" "$TESTCASES_DIR"
|
|
|
|
env:
|
|
# <https://github.com/rust-lang/cargo/issues/5999>
|
|
# Needed to create tunnel interfaces in unit tests
|
|
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: "sudo --preserve-env"
|
|
PROPTEST_VERBOSE: 0 # Otherwise the output is very long.
|
|
PROPTEST_CASES: ${{ runner.os == 'Windows' && '0' || '256' }} # Default is only 256. Windows is very slow in GitHub Actions, so only run the regression cases there.
|
|
CARGO_PROFILE_TEST_OPT_LEVEL: 1 # Otherwise the tests take forever.
|
|
TESTCASES_DIR: "connlib/tunnel/testcases"
|
|
|
|
fuzz:
|
|
name: fuzz
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
fuzz-target: [ip_packet]
|
|
runs-on: ubuntu-24.04-xlarge
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-rust
|
|
id: setup-rust
|
|
with:
|
|
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
|
|
- uses: taiki-e/install-action@d31232495ad76f47aad66e3501e47780b49f0f3e # v2.57.5
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
with:
|
|
tool: cargo-fuzz
|
|
- run: rustup run ${{ steps.setup-rust.outputs.nightly_version }} cargo fuzz run --target x86_64-unknown-linux-gnu --fuzz-dir tests/fuzz ${{ matrix.fuzz-target }} -- -max_total_time=120
|
|
env:
|
|
CARGO_PROFILE_RELEASE_LTO: false
|
|
|
|
headless-client:
|
|
name: headless-client-${{ matrix.test }}-${{ matrix.runs-on }}
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
include:
|
|
- { runs-on: windows-2022-xlarge, test: token-path-windows.ps1 }
|
|
- { runs-on: windows-2025-xlarge, test: token-path-windows.ps1 }
|
|
- { runs-on: ubuntu-22.04-xlarge, test: linux-group.sh }
|
|
- { runs-on: ubuntu-24.04-xlarge, test: linux-group.sh }
|
|
- { runs-on: ubuntu-22.04-xlarge, test: token-path-linux.sh }
|
|
- { runs-on: ubuntu-24.04-xlarge, test: token-path-linux.sh }
|
|
runs-on: ${{ matrix.runs-on }}
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
- uses: ./.github/actions/setup-rust
|
|
with:
|
|
sccache_azure_connection_string: ${{ secrets.SCCACHE_AZURE_CONNECTION_STRING }}
|
|
- uses: ./.github/actions/setup-tauri-v2
|
|
timeout-minutes: 10
|
|
- run: scripts/tests/${{ matrix.test }}
|
|
name: "test script"
|
|
working-directory: ./
|