scottk/firezone
1
0
Fork 0
mirror of https://github.com/outbackdingo/firezone.git synced 2026-03-22 12:41:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
a3aa6721c02d36745247b20fbf4bffecdfd2ee69
firezone/.github/workflows/rust.yml
Jamil 23444ee845 fix(apple): Add build on macOS 13 (ci); Fix Xcode version to 14 (ci); Update deps and fix _SwiftUINavigationState reference (#2148) 
* Removes FirezoneKit/Package.resolved -- this file was unused
* Removes `iphonesimulator` as a build target -- this is just not
supported at all with NetworkExtensions
* Update dependencies
* Rename `_SwiftUINavigationState` to `SwiftUINavigationCore` due to
update
* Removes CONNLIB_MOCK from `build-rust.sh`
* Minor cleanup of `build-rust.sh` to simplify env vars
* Fixes the below issue when building on developer machines on Xcode 15
(GH runner Xcode 15 is buggy, leaving that pinned to 14 for now):

```
 = note: ld: warning: no platform load command found in '/private/var/folders/02/4nz6gzkx5wj81dkc4pf9jyyh0000gn/T/rustcRAtGnz/symbols.o', assuming: iOS
          ld: building for 'iOS', but linking in dylib (/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/lib/libobjc.A.tbd) built for 'macOS macCatalyst zippered(macOS/Catalyst)'
          clang: error: linker command failed with exit code 1 (use -v to see invocation)
```
2023-09-26 12:35:38 +00:00

224 lines
8.0 KiB
YAML
Raw Blame History

name: Rust
on:
merge_group:
types: [checks_requested]
pull_request:
paths:
- "rust/**"
- ".github/workflows/rust.yml"
workflow_call:
workflow_dispatch:
# Cancel old workflow runs if new code is pushed
concurrency:
group: "rust-${{ github.workflow }}-${{ github.ref }}"
cancel-in-progress: true
defaults:
run:
working-directory: ./rust
jobs:
rust_test:
strategy:
fail-fast: false
matrix:
runs-on:
- ubuntu-20.04
- ubuntu-22.04
- macos-11
- macos-12
- macos-13
- windows-2019
- windows-2022
# TODO: https://github.com/rust-lang/cargo/issues/5220
include:
- runs-on: ubuntu-20.04
packages: -p headless -p gateway
- runs-on: ubuntu-22.04
packages: -p headless -p gateway
- runs-on: macos-11
packages: -p connlib-apple
- runs-on: macos-12
packages: -p connlib-apple
- runs-on: macos-13
packages: -p connlib-apple
- runs-on: windows-2019
packages: -p firezone-client-connlib
- runs-on: windows-2022
packages: -p firezone-client-connlib
runs-on: ${{ matrix.runs-on }}
steps:
- uses: actions/checkout@v4
# This implicitly triggers installation of the toolchain in the `rust-toolchain.toml` file.
# If we don't do this here, our cache action will compute a cache key based on the Rust version shipped on GitHub's runner which might differ from the one we use.
- run: rustup show
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./rust
key: v2
prefix-key: rust-${{ matrix.runs-on }}
save-if: ${{ github.ref == 'refs/heads/main' }}
# TODO: Building *ring* from git requires us to install additional tools;
# once we're not using a forked *ring* these 2 steps can be removed.
- if: ${{ contains(matrix.runs-on, 'windows') }}
name: Install *ring* build tools
run: |
git clone `
--branch windows `
--depth 1 `
https://github.com/briansmith/ring-toolchain `
target/tools/windows
# The repo above is for a newer version of the *ring* build script which
# expects different paths; instead of going through the trouble of
# copying the older installation script let's just move the exe.
- if: ${{ contains(matrix.runs-on, 'windows') }}
name: Move *ring* build tools
run: |
mv target/tools/windows/nasm/nasm.exe target/tools/nasm.exe
- run: cargo fmt -- --check
- run: cargo doc --all-features --no-deps --document-private-items ${{ matrix.packages }}
env:
RUSTDOCFLAGS: "-D warnings"
- run: cargo clippy --all-targets --all-features ${{ matrix.packages }} -- -D warnings
- run: cargo test --all-features ${{ matrix.packages }}
rust_smoke-test-relay:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./rust/relay
steps:
- uses: actions/checkout@v4
# This implicitly triggers installation of the toolchain in the `rust-toolchain.toml` file.
# If we don't do this here, our cache action will compute a cache key based on the Rust version shipped on GitHub's runner which might differ from the one we use.
- run: rustup show
- uses: Swatinem/rust-cache@v2
with:
workspaces: ./rust
- run: ./run_smoke_test.sh
rust_relay-container-build:
runs-on: ubuntu-latest
needs:
- rust_test
- rust_smoke-test-relay
permissions:
contents: read
id-token: "write"
env:
PACKAGE: relay
REGISTRY: us-east1-docker.pkg.dev
GCLOUD_PROJECT: firezone-staging
GOOGLE_CLOUD_PROJECT: firezone-staging
CLOUDSDK_PROJECT: firezone-staging
CLOUDSDK_CORE_PROJECT: firezone-staging
GCP_PROJECT: firezone-staging
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v1
with:
token_format: "access_token"
workload_identity_provider: "projects/397012414171/locations/global/workloadIdentityPools/github-actions/providers/github-actions"
service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com"
export_environment_variables: false
- name: Change current gcloud account
run: gcloud --quiet config set project ${GCLOUD_PROJECT}
- name: Login to Google Artifact Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Build Tag and Version ID
id: vsn
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
run: |
TAG=$(echo ${BRANCH_NAME} | sed 's/\//_/g' | sed 's/\:/_/g')
echo "TAG=branch-${TAG}" >> $GITHUB_ENV
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
platforms: linux/amd64
build-args: |
PACKAGE=${{ env.PACKAGE }}
context: rust/
cache-from: type=gha,scope=${{ env.PACKAGE }}-${{ github.sha }}
cache-to: type=gha,mode=max,scope=${{ env.PACKAGE }}-${{ github.sha }}
file: rust/Dockerfile
push: true
tags:
${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{
env.PACKAGE }}:${{ env.TAG }} , ${{ env.REGISTRY }}/${{
env.GCLOUD_PROJECT }}/firezone/${{ env.PACKAGE }}:${{ github.sha }}
rust_gateway-container-build:
runs-on: ubuntu-latest
needs:
- rust_test
permissions:
contents: read
id-token: "write"
env:
PACKAGE: gateway
REGISTRY: us-east1-docker.pkg.dev
GCLOUD_PROJECT: firezone-staging
GOOGLE_CLOUD_PROJECT: firezone-staging
CLOUDSDK_PROJECT: firezone-staging
CLOUDSDK_CORE_PROJECT: firezone-staging
GCP_PROJECT: firezone-staging
steps:
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- uses: actions/checkout@v4
- id: auth
uses: google-github-actions/auth@v1
with:
token_format: "access_token"
workload_identity_provider: "projects/397012414171/locations/global/workloadIdentityPools/github-actions/providers/github-actions"
service_account: "github-actions@github-iam-387915.iam.gserviceaccount.com"
export_environment_variables: false
- name: Change current gcloud account
run: gcloud --quiet config set project ${GCLOUD_PROJECT}
- name: Login to Google Artifact Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Build Tag and Version ID
id: vsn
env:
BRANCH_NAME: ${{ github.head_ref || github.ref_name }}
run: |
TAG=$(echo ${BRANCH_NAME} | sed 's/\//_/g' | sed 's/\:/_/g')
echo "TAG=branch-${TAG}" >> $GITHUB_ENV
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
platforms: linux/amd64
build-args: |
PACKAGE=${{ env.PACKAGE }}
context: rust/
cache-from: type=gha,scope=${{ env.PACKAGE }}-${{ github.sha }}
cache-to: type=gha,mode=max,scope=${{ env.PACKAGE }}-${{ github.sha }}
file: rust/Dockerfile
push: true
tags:
${{ env.REGISTRY }}/${{ env.GCLOUD_PROJECT }}/firezone/${{
env.PACKAGE }}:${{ env.TAG }} , ${{ env.REGISTRY }}/${{
env.GCLOUD_PROJECT }}/firezone/${{ env.PACKAGE }}:${{ github.sha }}
Reference in New Issue View Git Blame Copy Permalink