mirror of
https://github.com/outbackdingo/firezone.git
synced 2026-01-27 10:18:54 +00:00
9ad557f568
This PR improves the build process for the macOS / iOS apps by building connlib as part of the macOS / iOS app build. Fixes firezone/product#625. This is how the build would work after this PR: - `build-rust.sh` creates `libconnlib.a` for the appropriate target triples only. lipo is not used. When creating macOS debug builds, it’s built only for the native architecture. - The network extension targets in the Xcode project set a library search path as the cargo target dir, so that the Xcode build for a target triple can pickup the appropriate `libconnlib.a` at link time. Swift code reorganizations: - connlib’s Adapter has moved to the main app - connlib’s CallbackHandler’s logic has moved to Adapter, which is set as CallbackHandler’s delegate. The CallbackHandler serves as an interface to receive callbacks from the FFI. In case we need to change the FFI, CallbackHandler should change as well, so it remains in the connlib directory. In case of changes to the Rust FFI, as part of the Rust FFI change PR, we can modify the CallbackHandler class and leave the delegate unchanged, so that the app can continue to be built without errors. - `Connlib.xcodeproject` and build scripts for building `Connlib.xcframework` are removed - Connlib headers and Swift files are copied to `FirezoneNetworkExtension/Connlib` as part of the build process, and used from there. Rust build changes: - The rust target dir remains the same, but it’s ~~passed explicitly as `--target-dir`~~ used to set `CARGO_TARGET_DIR`, so that the same target dir can be used to populate Xcode’s library search paths - The `build.rs` for connlib-apple had lots of code to build Swift code as part of the Rust build. This PR reverts it to the previous simple version. With this PR, building connlib-apple (i.e. running `build-rust.sh`) only builds the Rust code. - ~~We set `cargo:rerun-if-env-changed=CONNLIB_MOCK`.~~ We don't set this because it's not required. - The Rust CI job for building connlib-apple is removed. It's built when the macOS / iOS apps are built in swift.yml. This means that with this PR, connlib-apple is tested only when `rust/connlib/**` changes, not when `rust/**` changes. Is that ok? Other changes not directly related to the build process change but part of this PR: - There’s a cleanup script: `./cleanup.sh` - Fixed a typo in `swift-pass-checks.yml`: “paths-ginore”
133 lines
4.3 KiB
YAML
133 lines
4.3 KiB
YAML
name: Rust
|
|
on:
|
|
merge_group:
|
|
types: [checks_requested]
|
|
pull_request:
|
|
paths:
|
|
- "rust/**"
|
|
- ".github/workflows/rust.yml"
|
|
workflow_call:
|
|
workflow_dispatch:
|
|
|
|
# Cancel old workflow runs if new code is pushed
|
|
concurrency:
|
|
group: "rust-${{ github.workflow }}-${{ github.ref }}"
|
|
cancel-in-progress: true
|
|
|
|
defaults:
|
|
run:
|
|
working-directory: ./rust
|
|
|
|
jobs:
|
|
rust_draft-release:
|
|
runs-on: ubuntu-latest
|
|
outputs:
|
|
tag_name: ${{ steps.release_drafter.outputs.tag_name }}
|
|
steps:
|
|
- uses: release-drafter/release-drafter@v5
|
|
with:
|
|
commitish: cloud
|
|
id: release_drafter
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
rust_test:
|
|
strategy:
|
|
fail-fast: false
|
|
matrix:
|
|
runs-on:
|
|
- ubuntu-20.04
|
|
- ubuntu-22.04
|
|
- macos-11
|
|
- macos-12
|
|
- windows-2019
|
|
- windows-2022
|
|
runs-on: ${{ matrix.runs-on }}
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
# This implicitly triggers installation of the toolchain in the `rust-toolchain.toml` file.
|
|
# If we don't do this here, our cache action will compute a cache key based on the Rust version shipped on GitHub's runner which might differ from the one we use.
|
|
- run: rustup show
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: ./rust
|
|
key: v2
|
|
prefix-key: rust-${{ matrix.runs-on }}
|
|
save-if: ${{ github.ref == 'refs/heads/cloud' }}
|
|
|
|
# TODO: Building *ring* from git requires us to install additional tools;
|
|
# once we're not using a forked *ring* these 2 steps can be removed.
|
|
- if: ${{ contains(matrix.runs-on, 'windows') }}
|
|
name: Install *ring* build tools
|
|
run: |
|
|
git clone `
|
|
--branch windows `
|
|
--depth 1 `
|
|
https://github.com/briansmith/ring-toolchain `
|
|
target/tools/windows
|
|
# The repo above is for a newer version of the *ring* build script which
|
|
# expects different paths; instead of going through the trouble of
|
|
# copying the older installation script let's just move the exe.
|
|
- if: ${{ contains(matrix.runs-on, 'windows') }}
|
|
name: Move *ring* build tools
|
|
run: |
|
|
mv target/tools/windows/nasm/nasm.exe target/tools/nasm.exe
|
|
|
|
- run: cargo fmt -- --check
|
|
- run: cargo doc --all-features --no-deps --document-private-items
|
|
env:
|
|
RUSTDOCFLAGS: "-D warnings"
|
|
- run: cargo clippy --all-targets --all-features -- -D warnings
|
|
- run: cargo test --all-features
|
|
|
|
rust_build-android:
|
|
needs:
|
|
- rust_draft-release
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
contents: read
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: ./rust
|
|
- name: Update toolchain
|
|
run: rustup show
|
|
- uses: actions/setup-java@v3
|
|
with:
|
|
java-version: '17'
|
|
distribution: 'adopt'
|
|
cache: gradle
|
|
- name: Validate Gradle wrapper
|
|
uses: gradle/wrapper-validation-action@v1
|
|
- name: Assemble Release
|
|
uses: gradle/gradle-build-action@v2
|
|
with:
|
|
arguments: build assembleRelease
|
|
build-root-directory: rust/connlib/clients/android
|
|
- name: Move artifact
|
|
run: |
|
|
mv ./connlib/clients/android/lib/build/outputs/aar/lib-release.aar ./connlib-${{ needs.draft-release.outputs.tag_name }}.aar
|
|
- uses: actions/upload-artifact@v3
|
|
with:
|
|
name: connlib-android
|
|
path: |
|
|
./rust/connlib-${{ needs.draft-release.outputs.tag_name }}.aar
|
|
|
|
rust_cross-compile-relay: # cross is separate from test because cross-compiling yields different artifacts and we cannot reuse the cache.
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
# This implicitly triggers installation of the toolchain in the `rust-toolchain.toml` file.
|
|
# If we don't do this here, our cache action will compute a cache key based on the Rust version shipped on GitHub's runner which might differ from the one we use.
|
|
- run: rustup show
|
|
|
|
- uses: Swatinem/rust-cache@v2
|
|
with:
|
|
workspaces: ./rust
|
|
- run: sudo apt-get install -y musl-tools
|
|
- run: cargo build --bin relay --target x86_64-unknown-linux-musl
|