Add CONTRIBUTING.md doc #367
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Rust checks | |
permissions: {} | |
on: | |
push: | |
branches: [ main ] | |
pull_request: | |
branches: [ main ] | |
env: | |
CARGO_TERM_COLOR: always | |
RUSTDOCFLAGS: -D warnings | |
RUSTFLAGS: -D warnings | |
LANDLOCK_TEST_TOOLS_COMMIT: 6a3feeab0bbab204f06a5cf82485f2dff3d5d3da | |
# Ubuntu versions: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources | |
jobs: | |
commit_list: | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Get commit list (push) | |
id: get_commit_list_push | |
if: ${{ github.event_name == 'push' }} | |
run: | | |
echo "id0=$GITHUB_SHA" > $GITHUB_OUTPUT | |
echo "List of tested commits:" > $GITHUB_STEP_SUMMARY | |
sed -n 's,^id[0-9]\+=\(.*\),- https://github.com/landlock-lsm/rust-landlock/commit/\1,p' -- $GITHUB_OUTPUT >> $GITHUB_STEP_SUMMARY | |
- name: Get commit list (PR) | |
id: get_commit_list_pr | |
if: ${{ github.event_name == 'pull_request' }} | |
run: | | |
git rev-list --reverse refs/remotes/origin/${{ github.base_ref }}..${{ github.event.pull_request.head.sha }} | awk '{ print "id" NR "=" $1 }' > $GITHUB_OUTPUT | |
git diff --quiet ${{ github.event.pull_request.head.sha }} ${{ github.sha }} || echo "id0=$GITHUB_SHA" >> $GITHUB_OUTPUT | |
echo "List of tested commits:" > $GITHUB_STEP_SUMMARY | |
sed -n 's,^id[0-9]\+=\(.*\),- https://github.com/landlock-lsm/rust-landlock/commit/\1,p' -- $GITHUB_OUTPUT >> $GITHUB_STEP_SUMMARY | |
outputs: | |
commits: ${{ toJSON(steps.*.outputs.*) }} | |
kernel_list: | |
runs-on: ubuntu-22.04 | |
outputs: | |
kernels: ${{ toJSON(steps.id.outputs.*) }} | |
steps: | |
- name: Identify latest Linux versions | |
id: id | |
run: | | |
echo "List of tested kernels:" > $GITHUB_STEP_SUMMARY | |
abi=0 | |
for version in 5.10 5.15 6.1 6.4 6.7 6.10; do | |
commit="$(git ls-remote https://github.com/landlock-lsm/linux refs/heads/linux-${version}.y | awk 'NR == 1 { print $1 }')" | |
if [[ -z "${commit}" ]]; then | |
echo "ERROR: Failed to fetch Linux ${version}" >&2 | |
exit 1 | |
fi | |
echo "kernel_${abi}={ \"version\":\"${version}\", \"abi\":\"${abi}\", \"commit\":\"${commit}\" }" >> $GITHUB_OUTPUT | |
echo "- Linux ${version}.y with Landlock ABI ${abi}: https://github.com/landlock-lsm/linux/commit/${commit}" >> $GITHUB_STEP_SUMMARY | |
let abi++ || : | |
done | |
get_kernels: | |
runs-on: ubuntu-22.04 | |
needs: kernel_list | |
strategy: | |
fail-fast: false | |
matrix: | |
kernel: ${{ fromJSON(needs.kernel_list.outputs.kernels) }} | |
steps: | |
- name: Cache Linux ${{ fromJSON(matrix.kernel).version}}.y | |
id: cache_linux | |
uses: actions/cache@v4 | |
with: | |
path: linux-${{ fromJSON(matrix.kernel).version }} | |
key: linux-${{ fromJSON(matrix.kernel).commit }}-${{ env.LANDLOCK_TEST_TOOLS_COMMIT }} | |
- name: Clone Landlock test tools | |
if: steps.cache_linux.outputs.cache-hit != 'true' | |
uses: actions/checkout@v4 | |
with: | |
repository: landlock-lsm/landlock-test-tools | |
ref: ${{ env.LANDLOCK_TEST_TOOLS_COMMIT }} | |
path: landlock-test-tools | |
- name: Clone Linux ${{ fromJSON(matrix.kernel).version}}.y | |
if: steps.cache_linux.outputs.cache-hit != 'true' | |
uses: actions/checkout@v4 | |
with: | |
repository: landlock-lsm/linux | |
ref: ${{ fromJSON(matrix.kernel).commit }} | |
path: linux | |
- name: Build Linux ${{ fromJSON(matrix.kernel).version}}.y | |
if: steps.cache_linux.outputs.cache-hit != 'true' | |
working-directory: linux | |
run: | | |
O=. ../landlock-test-tools/check-linux.sh build_light | |
mv linux ../linux-${{ fromJSON(matrix.kernel).version}} | |
ubuntu_22_rust_msrv: | |
runs-on: ubuntu-22.04 | |
needs: commit_list | |
strategy: | |
fail-fast: false | |
matrix: | |
commit: ${{ fromJSON(needs.commit_list.outputs.commits) }} | |
env: | |
LANDLOCK_CRATE_TEST_ABI: 3 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.commit }} | |
- name: Clone Landlock test tools | |
uses: actions/checkout@v4 | |
with: | |
repository: landlock-lsm/landlock-test-tools | |
ref: ${{ env.LANDLOCK_TEST_TOOLS_COMMIT }} | |
path: landlock-test-tools | |
- name: Get MSRV | |
run: sed -n 's/^rust-version = "\([0-9.]\+\)"$/RUST_TOOLCHAIN=\1/p' Cargo.toml >> $GITHUB_ENV | |
- name: Install Rust MSRV | |
run: | | |
rm ~/.cargo/bin/{cargo-fmt,rustfmt} || : | |
rustup default ${{ env.RUST_TOOLCHAIN }} | |
rustup update ${{ env.RUST_TOOLCHAIN }} | |
- name: Build | |
run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --verbose | |
- name: Build tests | |
run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --tests --verbose | |
- name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }}) | |
run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --verbose | |
- name: Run tests against Linux 6.1 | |
run: CARGO="rustup run ${{ env.RUST_TOOLCHAIN }} cargo" ./landlock-test-tools/test-rust.sh linux-6.1 2 | |
ubuntu_20_rust_stable: | |
runs-on: ubuntu-20.04 | |
needs: commit_list | |
strategy: | |
fail-fast: false | |
matrix: | |
commit: ${{ fromJSON(needs.commit_list.outputs.commits) }} | |
env: | |
LANDLOCK_CRATE_TEST_ABI: 1 | |
steps: | |
- name: Install Rust stable | |
run: | | |
rm ~/.cargo/bin/{cargo-fmt,rustfmt} || : | |
rustup default stable | |
rustup component add rustfmt clippy | |
rustup update | |
- uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.commit }} | |
- name: Build | |
run: rustup run stable cargo build --verbose | |
- name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }}) | |
run: rustup run stable cargo test --verbose | |
- name: Check format | |
run: rustup run stable cargo fmt --all -- --check | |
- name: Check source with Clippy | |
run: rustup run stable cargo clippy -- --deny warnings | |
- name: Check tests with Clippy | |
run: rustup run stable cargo clippy --tests -- --deny warnings | |
- name: Check documentation | |
run: rustup run stable cargo doc --no-deps | |
ubuntu_22_rust_stable: | |
runs-on: ubuntu-22.04 | |
needs: [commit_list, kernel_list, get_kernels] | |
strategy: | |
fail-fast: false | |
matrix: | |
commit: ${{ fromJSON(needs.commit_list.outputs.commits) }} | |
kernel: ${{ fromJSON(needs.kernel_list.outputs.kernels) }} | |
env: | |
LANDLOCK_CRATE_TEST_ABI: 3 | |
# $CARGO is used by landlock-test-tools/test-rust.sh | |
CARGO: rustup run stable cargo | |
steps: | |
- name: Install Rust stable | |
run: | | |
rm ~/.cargo/bin/{cargo-fmt,rustfmt} || : | |
rustup default stable | |
rustup update | |
- name: Clone Landlock test tools | |
uses: actions/checkout@v4 | |
with: | |
repository: landlock-lsm/landlock-test-tools | |
ref: ${{ env.LANDLOCK_TEST_TOOLS_COMMIT }} | |
path: landlock-test-tools | |
- name: Clone rust-landlock | |
uses: actions/checkout@v4 | |
with: | |
ref: ${{ matrix.commit }} | |
path: rust-landlock | |
- name: Get Linux ${{ fromJSON(matrix.kernel).version}}.y | |
uses: actions/cache/restore@v4 | |
with: | |
path: linux-${{ fromJSON(matrix.kernel).version }} | |
key: linux-${{ fromJSON(matrix.kernel).commit }}-${{ env.LANDLOCK_TEST_TOOLS_COMMIT }} | |
fail-on-cache-miss: true | |
- name: Run tests against Linux ${{ fromJSON(matrix.kernel).version }}.y | |
working-directory: rust-landlock | |
run: ../landlock-test-tools/test-rust.sh ../linux-${{ fromJSON(matrix.kernel).version }} ${{ fromJSON(matrix.kernel).abi }} |