refactor: hostname matching allows subdomain bypass via ends_with (#1… #4170
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: LLRT CI | |
| on: | |
| push: | |
| branches: | |
| - "main" | |
| pull_request: | |
| # Only run on the latest ref | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v6 | |
| - name: Setup Rust | |
| uses: actions-rust-lang/setup-rust-toolchain@v1 | |
| with: | |
| toolchain: stable | |
| components: clippy, rustfmt | |
| - name: Format | |
| run: cargo fmt --all -- --check | |
| - name: Clippy | |
| run: | #create mock js files | |
| mkdir -p bundle/js | |
| for i in {1..5}; do | |
| echo "console.log(123);" > "bundle/js/test$i.js" | |
| done | |
| cargo clippy --all-targets -- -D warnings | |
| build: | |
| needs: | |
| - check | |
| strategy: | |
| fail-fast: ${{ startsWith(github.ref, 'refs/tags/') }} | |
| matrix: | |
| include: | |
| # Ubuntu x64 | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: nightly | |
| crypto: ring | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: nightly | |
| crypto: aws-lc | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: nightly | |
| crypto: graviola | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: nightly | |
| crypto: openssl | |
| # Ubuntu arm64 | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: ring | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: aws-lc | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: graviola | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: openssl | |
| # macOS arm64 | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: ring | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: aws-lc | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: graviola | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: nightly | |
| crypto: openssl | |
| # Windows x64 (ring, openssl, graviola - no aws-lc) | |
| - os: windows-latest | |
| platform: windows | |
| arch: x86_64 | |
| toolchain: nightly-x86_64-pc-windows-gnu | |
| crypto: ring | |
| - os: windows-latest | |
| platform: windows | |
| arch: x86_64 | |
| toolchain: nightly-x86_64-pc-windows-gnu | |
| crypto: openssl | |
| - os: windows-latest | |
| platform: windows | |
| arch: x86_64 | |
| toolchain: nightly-x86_64-pc-windows-gnu | |
| crypto: graviola | |
| uses: ./.github/workflows/build.yml | |
| with: | |
| os: ${{ matrix.os }} | |
| platform: ${{ matrix.platform }} | |
| arch: ${{ matrix.arch }} | |
| toolchain: ${{ matrix.toolchain }} | |
| crypto: ${{ matrix.crypto }} | |
| modules: | |
| needs: | |
| - check | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| # Ubuntu x64 | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: stable | |
| crypto: ring | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: stable | |
| crypto: aws-lc | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: stable | |
| crypto: graviola | |
| - os: ubuntu-latest | |
| platform: linux | |
| arch: x86_64 | |
| toolchain: stable | |
| crypto: openssl | |
| # Ubuntu arm64 | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: ring | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: aws-lc | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: graviola | |
| - os: ubuntu-24.04-arm | |
| platform: linux | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: openssl | |
| # macOS arm64 | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: ring | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: aws-lc | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: graviola | |
| - os: macos-latest | |
| platform: darwin | |
| arch: aarch64 | |
| toolchain: stable | |
| crypto: openssl | |
| # Windows x64 (ring, openssl, graviola - no aws-lc) | |
| - os: windows-latest | |
| platform: windows | |
| arch: x86_64 | |
| toolchain: stable-x86_64-pc-windows-gnu | |
| crypto: ring | |
| - os: windows-latest | |
| platform: windows | |
| arch: x86_64 | |
| toolchain: stable-x86_64-pc-windows-gnu | |
| crypto: openssl | |
| - os: windows-latest | |
| platform: windows | |
| arch: x86_64 | |
| toolchain: stable-x86_64-pc-windows-gnu | |
| crypto: graviola | |
| uses: ./.github/workflows/build-modules.yml | |
| with: | |
| os: ${{ matrix.os }} | |
| platform: ${{ matrix.platform }} | |
| arch: ${{ matrix.arch }} | |
| toolchain: ${{ matrix.toolchain }} | |
| crypto: ${{ matrix.crypto }} |