Skip to content

Add CONTRIBUTING.md doc #367

Add CONTRIBUTING.md doc

Add CONTRIBUTING.md doc #367

Workflow file for this run

name: Rust checks
permissions: {}
on:
push:
branches: [ main ]
pull_request:
branches: [ main ]
env:
CARGO_TERM_COLOR: always
RUSTDOCFLAGS: -D warnings
RUSTFLAGS: -D warnings
LANDLOCK_TEST_TOOLS_COMMIT: 6a3feeab0bbab204f06a5cf82485f2dff3d5d3da
# Ubuntu versions: https://docs.github.com/en/actions/using-github-hosted-runners/about-github-hosted-runners#supported-runners-and-hardware-resources
jobs:
commit_list:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get commit list (push)
id: get_commit_list_push
if: ${{ github.event_name == 'push' }}
run: |
echo "id0=$GITHUB_SHA" > $GITHUB_OUTPUT
echo "List of tested commits:" > $GITHUB_STEP_SUMMARY
sed -n 's,^id[0-9]\+=\(.*\),- https://github.com/landlock-lsm/rust-landlock/commit/\1,p' -- $GITHUB_OUTPUT >> $GITHUB_STEP_SUMMARY
- name: Get commit list (PR)
id: get_commit_list_pr
if: ${{ github.event_name == 'pull_request' }}
run: |
git rev-list --reverse refs/remotes/origin/${{ github.base_ref }}..${{ github.event.pull_request.head.sha }} | awk '{ print "id" NR "=" $1 }' > $GITHUB_OUTPUT
git diff --quiet ${{ github.event.pull_request.head.sha }} ${{ github.sha }} || echo "id0=$GITHUB_SHA" >> $GITHUB_OUTPUT
echo "List of tested commits:" > $GITHUB_STEP_SUMMARY
sed -n 's,^id[0-9]\+=\(.*\),- https://github.com/landlock-lsm/rust-landlock/commit/\1,p' -- $GITHUB_OUTPUT >> $GITHUB_STEP_SUMMARY
outputs:
commits: ${{ toJSON(steps.*.outputs.*) }}
kernel_list:
runs-on: ubuntu-22.04
outputs:
kernels: ${{ toJSON(steps.id.outputs.*) }}
steps:
- name: Identify latest Linux versions
id: id
run: |
echo "List of tested kernels:" > $GITHUB_STEP_SUMMARY
abi=0
for version in 5.10 5.15 6.1 6.4 6.7 6.10; do
commit="$(git ls-remote https://github.com/landlock-lsm/linux refs/heads/linux-${version}.y | awk 'NR == 1 { print $1 }')"
if [[ -z "${commit}" ]]; then
echo "ERROR: Failed to fetch Linux ${version}" >&2
exit 1
fi
echo "kernel_${abi}={ \"version\":\"${version}\", \"abi\":\"${abi}\", \"commit\":\"${commit}\" }" >> $GITHUB_OUTPUT
echo "- Linux ${version}.y with Landlock ABI ${abi}: https://github.com/landlock-lsm/linux/commit/${commit}" >> $GITHUB_STEP_SUMMARY
let abi++ || :
done
get_kernels:
runs-on: ubuntu-22.04
needs: kernel_list
strategy:
fail-fast: false
matrix:
kernel: ${{ fromJSON(needs.kernel_list.outputs.kernels) }}
steps:
- name: Cache Linux ${{ fromJSON(matrix.kernel).version}}.y
id: cache_linux
uses: actions/cache@v4
with:
path: linux-${{ fromJSON(matrix.kernel).version }}
key: linux-${{ fromJSON(matrix.kernel).commit }}-${{ env.LANDLOCK_TEST_TOOLS_COMMIT }}
- name: Clone Landlock test tools
if: steps.cache_linux.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: landlock-lsm/landlock-test-tools
ref: ${{ env.LANDLOCK_TEST_TOOLS_COMMIT }}
path: landlock-test-tools
- name: Clone Linux ${{ fromJSON(matrix.kernel).version}}.y
if: steps.cache_linux.outputs.cache-hit != 'true'
uses: actions/checkout@v4
with:
repository: landlock-lsm/linux
ref: ${{ fromJSON(matrix.kernel).commit }}
path: linux
- name: Build Linux ${{ fromJSON(matrix.kernel).version}}.y
if: steps.cache_linux.outputs.cache-hit != 'true'
working-directory: linux
run: |
O=. ../landlock-test-tools/check-linux.sh build_light
mv linux ../linux-${{ fromJSON(matrix.kernel).version}}
ubuntu_22_rust_msrv:
runs-on: ubuntu-22.04
needs: commit_list
strategy:
fail-fast: false
matrix:
commit: ${{ fromJSON(needs.commit_list.outputs.commits) }}
env:
LANDLOCK_CRATE_TEST_ABI: 3
steps:
- uses: actions/checkout@v4
with:
ref: ${{ matrix.commit }}
- name: Clone Landlock test tools
uses: actions/checkout@v4
with:
repository: landlock-lsm/landlock-test-tools
ref: ${{ env.LANDLOCK_TEST_TOOLS_COMMIT }}
path: landlock-test-tools
- name: Get MSRV
run: sed -n 's/^rust-version = "\([0-9.]\+\)"$/RUST_TOOLCHAIN=\1/p' Cargo.toml >> $GITHUB_ENV
- name: Install Rust MSRV
run: |
rm ~/.cargo/bin/{cargo-fmt,rustfmt} || :
rustup default ${{ env.RUST_TOOLCHAIN }}
rustup update ${{ env.RUST_TOOLCHAIN }}
- name: Build
run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --verbose
- name: Build tests
run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo build --tests --verbose
- name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }})
run: rustup run ${{ env.RUST_TOOLCHAIN }} cargo test --verbose
- name: Run tests against Linux 6.1
run: CARGO="rustup run ${{ env.RUST_TOOLCHAIN }} cargo" ./landlock-test-tools/test-rust.sh linux-6.1 2
ubuntu_20_rust_stable:
runs-on: ubuntu-20.04
needs: commit_list
strategy:
fail-fast: false
matrix:
commit: ${{ fromJSON(needs.commit_list.outputs.commits) }}
env:
LANDLOCK_CRATE_TEST_ABI: 1
steps:
- name: Install Rust stable
run: |
rm ~/.cargo/bin/{cargo-fmt,rustfmt} || :
rustup default stable
rustup component add rustfmt clippy
rustup update
- uses: actions/checkout@v4
with:
ref: ${{ matrix.commit }}
- name: Build
run: rustup run stable cargo build --verbose
- name: Run tests against the local kernel (Landlock ABI ${{ env.LANDLOCK_CRATE_TEST_ABI }})
run: rustup run stable cargo test --verbose
- name: Check format
run: rustup run stable cargo fmt --all -- --check
- name: Check source with Clippy
run: rustup run stable cargo clippy -- --deny warnings
- name: Check tests with Clippy
run: rustup run stable cargo clippy --tests -- --deny warnings
- name: Check documentation
run: rustup run stable cargo doc --no-deps
ubuntu_22_rust_stable:
runs-on: ubuntu-22.04
needs: [commit_list, kernel_list, get_kernels]
strategy:
fail-fast: false
matrix:
commit: ${{ fromJSON(needs.commit_list.outputs.commits) }}
kernel: ${{ fromJSON(needs.kernel_list.outputs.kernels) }}
env:
LANDLOCK_CRATE_TEST_ABI: 3
# $CARGO is used by landlock-test-tools/test-rust.sh
CARGO: rustup run stable cargo
steps:
- name: Install Rust stable
run: |
rm ~/.cargo/bin/{cargo-fmt,rustfmt} || :
rustup default stable
rustup update
- name: Clone Landlock test tools
uses: actions/checkout@v4
with:
repository: landlock-lsm/landlock-test-tools
ref: ${{ env.LANDLOCK_TEST_TOOLS_COMMIT }}
path: landlock-test-tools
- name: Clone rust-landlock
uses: actions/checkout@v4
with:
ref: ${{ matrix.commit }}
path: rust-landlock
- name: Get Linux ${{ fromJSON(matrix.kernel).version}}.y
uses: actions/cache/restore@v4
with:
path: linux-${{ fromJSON(matrix.kernel).version }}
key: linux-${{ fromJSON(matrix.kernel).commit }}-${{ env.LANDLOCK_TEST_TOOLS_COMMIT }}
fail-on-cache-miss: true
- name: Run tests against Linux ${{ fromJSON(matrix.kernel).version }}.y
working-directory: rust-landlock
run: ../landlock-test-tools/test-rust.sh ../linux-${{ fromJSON(matrix.kernel).version }} ${{ fromJSON(matrix.kernel).abi }}