Temporarily use rustsec patch to fix openssl (#67)

* Use rustsec patch for vendored-openssl feature * Disable publish, use musl in self check
EmbarkStudios · Dec 19, 2019 · 3953c5b · 3953c5b
1 parent 4a6349b
commit 3953c5b
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 45 deletions.
diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -59,70 +59,87 @@ jobs:
 
   self:
     name: Self Check
-    runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        os: [ubuntu-latest]
+        include:
+          - os: ubuntu-latest
+            target: x86_64-unknown-linux-musl
+    runs-on: ${{ matrix.os }}
+    env:
+      TARGET: x86_64-unknown-linux-musl
     steps:
       - uses: actions/checkout@v1
       - uses: actions-rs/toolchain@v1
         with:
           toolchain: stable
           override: true
+          target: ${{ matrix.target }}
+      - name: Install musl tools
+        if: matrix.os == 'ubuntu-latest'
+        run: |
+          sudo apt-get install -y musl-tools
       - name: cargo fetch
         uses: actions-rs/cargo@v1
         with:
           command: fetch
+          args: --target ${{ matrix.target }}
       - name: cargo install
         uses: actions-rs/cargo@v1
         with:
           command: install
           # Install in debug mode since this part is sloooooow and
           # release doesn't really matter much for runtime
-          args: --path . --debug
+          # Also, build and run with musl, this lets us ensure that
+          # musl still works, which is important for the linux binaries
+          # we release, but wasn't exercised until now
+          args: --path . --debug --target ${{ matrix.target }}
       - name: self check
         uses: actions-rs/cargo@v1
         with:
           command: deny
           args: -L debug check
 
-  publish-check:
-    name: Publish Check
-    runs-on: ubuntu-latest
-    steps:
-    - uses: actions/checkout@v1
-    - uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-        override: true
-    - name: cargo fetch
-      uses: actions-rs/cargo@v1
-      with:
-        command: fetch
-    - name: cargo publish
-      uses: actions-rs/cargo@v1
-      with:
-        command: publish
-        args: --dry-run
+  # publish-check:
+  #   name: Publish Check
+  #   runs-on: ubuntu-latest
+  #   steps:
+  #   - uses: actions/checkout@v1
+  #   - uses: actions-rs/toolchain@v1
+  #     with:
+  #       toolchain: stable
+  #       override: true
+  #   - name: cargo fetch
+  #     uses: actions-rs/cargo@v1
+  #     with:
+  #       command: fetch
+  #   - name: cargo publish
+  #     uses: actions-rs/cargo@v1
+  #     with:
+  #       command: publish
+  #       args: --dry-run
 
-  publish:
-    name: Publish
-    needs: [test, self, publish-check]
-    runs-on: ubuntu-latest
-    if: startsWith(github.ref, 'refs/tags/')
-    steps:
-    - uses: actions/checkout@v1
-    - uses: actions-rs/toolchain@v1
-      with:
-        toolchain: stable
-        override: true
-    - name: cargo fetch
-      uses: actions-rs/cargo@v1
-      with:
-        command: fetch
-    - name: cargo publish
-      uses: actions-rs/cargo@v1
-      env:
-        CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
-      with:
-        command: publish
+  # publish:
+  #   name: Publish
+  #   needs: [test, self, publish-check]
+  #   runs-on: ubuntu-latest
+  #   if: startsWith(github.ref, 'refs/tags/')
+  #   steps:
+  #   - uses: actions/checkout@v1
+  #   - uses: actions-rs/toolchain@v1
+  #     with:
+  #       toolchain: stable
+  #       override: true
+  #   - name: cargo fetch
+  #     uses: actions-rs/cargo@v1
+  #     with:
+  #       command: fetch
+  #   - name: cargo publish
+  #     uses: actions-rs/cargo@v1
+  #     env:
+  #       CARGO_REGISTRY_TOKEN: ${{ secrets.CRATES_IO_TOKEN }}
+  #     with:
+  #       command: publish
 
   release:
     name: Release

diff --git a/Cargo.lock b/Cargo.lock
diff --git a/Cargo.toml b/Cargo.toml
@@ -42,7 +42,7 @@ parking_lot = "0.10.0"
 petgraph = "0.4.13"
 rayon = "1.2.1"
 regex = { version = "1.3.1", default-features = true }
-rustsec = "0.16.0"
+rustsec = { version = "0.16.0", features = ["vendored-openssl"] }
 semver = "0.9.0"
 serde = { version = "1.0.103", features = ["derive"] }
 serde_json = "1.0.44"
@@ -60,3 +60,6 @@ lazy_static = "1.4.0"
 # We use this for creating fake crate directories for
 # crawling license files on disk
 tempfile = "3.1.0"
+
+[patch.crates-io]
+rustsec = { git = "https://github.com/RustSec/rustsec-crate.git", rev = "aaba369" }