ci: new ci

Taowyoo · Taowyoo · commit 5cab60d692fa · 2023-09-12T13:41:52.000-07:00
Use GitHub Action.
Add windows target.
diff --git a/.github/workflows/publish-crates.yml b/.github/workflows/publish-crates.yml
@@ -0,0 +1,56 @@
+name: Publish Crates
+
+on:
+  release:
+    types: [created]
+  workflow_dispatch:
+    inputs:
+      crate_name:
+        description: 'Name of crate to be published'
+        required: true
+        type: string
+permissions:
+  contents: read
+
+jobs:
+  crate_publish:
+    environment: "publish to crates.io"
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+      - name: Install Rust toolchain
+        uses: actions-rs/toolchain@v1
+        with:
+            toolchain: stable
+            override: true
+            profile: minimal
+      - name: Install build dependencies
+        run: |
+          wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
+          echo "deb http://apt.llvm.org/focal/ llvm-toolchain-focal-11 main" | sudo tee -a /etc/apt/sources.list
+          sudo apt-get update
+          sudo apt-get install -y clang-11 cmake
+          if [ -f mbedtls-sys/vendor/scripts/basic.requirements.txt ]; then
+            sudo apt-get install -y python3-pip
+            python3 -m pip install -r mbedtls-sys/vendor/scripts/basic.requirements.txt
+          fi
+      - name: Get name of crate to be published
+        run: |
+          if [[ -z "${{ inputs.crate_name }}" ]]; then
+            # Extract the crate name from the GITHUB_REF environment variable
+            # GITHUB_REF contains the GitHub reference (e.g., refs/tags/mbedtls-sys-auto_v3.5.0) associated with the event
+            export CRATE_NAME=$(python3 -c "print('$GITHUB_REF'.split('/')[2].rsplit('_v', 1)[0])")
+          else
+            export CRATE_NAME="${{ inputs.crate_name }}"
+          fi
+          echo "CRATE_NAME=$CRATE_NAME" >> $GITHUB_ENV
+      - name: Publish crate to crates.io
+        run: |
+          echo "Publishing crate: $CRATE_NAME"
+          cargo publish --locked --token ${CARGO_REGISTRY_TOKEN} --package "$CRATE_NAME"
+        env:
+          CARGO_REGISTRY_TOKEN: ${{ secrets.CARGO_REGISTRY_TOKEN }}
+          RUSTFLAGS: "-A ambiguous_glob_reexports"
+          RUST_BACKTRACE: "1"
+          PYTHONDONTWRITEBYTECODE: "1"
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,88 @@
+name: CI
+
+on:
+  push:
+    branches:
+      - 'v0.*'
+      - staging
+      - trying
+  pull_request:
+    branches:
+      - master
+      - 'v0.*'
+  merge_group:
+
+env:
+  RUST_BACKTRACE: 1
+  CARGO_TERM_COLOR: always
+  CARGO_INCREMENTAL: 0
+  CARGO_NET_RETRY: 10
+
+jobs:
+  test:
+    name: Test
+    strategy:
+      matrix:
+        include:
+          - rust: stable
+            target: x86_64-unknown-linux-gnu
+            os: ubuntu-20.04
+          - rust: stable
+            target: x86_64-fortanix-unknown-sgx
+            os: ubuntu-20.04
+          - rust: stable
+            target: x86_64-pc-windows-msvc
+            os: windows-latest
+          - rust: stable
+            target: aarch64-unknown-linux-musl
+            os: ubuntu-20.04
+          - rust: beta
+            target: x86_64-unknown-linux-gnu
+            os: ubuntu-20.04
+          - rust: nightly
+            target: x86_64-unknown-linux-gnu
+            os: ubuntu-20.04
+
+    runs-on: ${{ matrix.os }}
+
+    steps:
+    - uses: actions/checkout@v2
+
+    - name: Install dependencies
+      if: matrix.target == 'aarch64-unknown-linux-musl'
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y qemu-user
+
+    - name: Cache Dependencies
+      uses: Swatinem/rust-cache@988c164c3d0e93c4dbab36aaf5bbeb77425b2894
+      with:
+        key: ${{ matrix.rust }}
+
+    - name: Setup Rust toolchain
+      uses: actions-rs/toolchain@v1
+      with:
+        toolchain: ${{ matrix.rust }}
+        target: ${{ matrix.target }}
+        override: true
+
+    - name: Run tests
+      run: |
+        ./ci_tools.sh
+        ./ci.sh
+      env:
+        TRAVIS_RUST_VERSION: ${{ matrix.rust }}
+        TARGET: ${{ matrix.target }}
+        ZLIB_INSTALLED: ${{ matrix.target == 'x86_64-unknown-linux-gnu' && 'true' || '' }}
+        AES_NI_SUPPORT: ${{ matrix.target == 'x86_64-unknown-linux-gnu' && 'true' || '' }}
+      shell: bash
+  ci-success:
+    name: ci
+    if: always()
+    needs:
+      - test
+    runs-on: ubuntu-20.04
+    steps:
+      - run: jq --exit-status 'all(.result == "success")' <<< '${{ toJson(needs) }}'
+      - name: Done
+        run: exit 0
diff --git a/.travis.yml b/.travis.yml
diff --git a/bors.toml b/bors.toml
@@ -1,4 +1,4 @@
 status = [
-  "continuous-integration/travis-ci/push",
+  "ci",
 ]
-timeout_sec = 36000 # ten hours
+timeout_sec = 3600 # 1 hours
diff --git a/ci.sh b/ci.sh
@@ -0,0 +1,64 @@
+#!/bin/bash
+set -ex
+cd "$(dirname "$0")"
+
+repo_root=$(readlink -f $(dirname "${BASH_SOURCE[0]}"))
+
+if [ -z $TRAVIS_RUST_VERSION ]; then
+    echo "Expected TRAVIS_RUST_VERSION to be set in env"
+    exit 1
+fi
+
+# Test logic start from here
+export CFLAGS_x86_64_fortanix_unknown_sgx="-isystem/usr/include/x86_64-linux-gnu -mlvi-hardening -mllvm -x86-experimental-lvi-inline-asm-hardening"
+export CC_x86_64_fortanix_unknown_sgx=clang-11
+export CC_aarch64_unknown_linux_musl=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
+export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_LINKER=/tmp/aarch64-linux-musl-cross/bin/aarch64-linux-musl-gcc
+export CARGO_TARGET_AARCH64_UNKNOWN_LINUX_MUSL_RUNNER=qemu-aarch64
+
+cd "${repo_root}/mbedtls"
+case "$TRAVIS_RUST_VERSION" in
+    stable|beta|nightly)
+        # Install the rust toolchain
+        rustup default $TRAVIS_RUST_VERSION
+        rustup target add --toolchain $TRAVIS_RUST_VERSION $TARGET
+        printenv
+
+        # The SGX target cannot be run under test like a ELF binary
+        if [ "$TARGET" != "x86_64-fortanix-unknown-sgx" ]; then
+            # make sure that explicitly providing the default target works
+            cargo nextest run --target $TARGET --release
+            cargo nextest run --features pkcs12 --target $TARGET
+            cargo nextest run --features pkcs12_rc2 --target $TARGET
+            cargo nextest run --features dsa --target $TARGET
+            cargo nextest run --test async_session --features=async-rt --target $TARGET
+            cargo nextest run --test async_session --features=async-rt,legacy_protocols --target $TARGET
+
+            # If zlib is installed, test the zlib feature
+            if [ -n "$ZLIB_INSTALLED" ]; then
+                cargo nextest run --features zlib --target $TARGET
+                cargo nextest run --test async_session --features=async-rt,zlib --target $TARGET
+                cargo nextest run --test async_session --features=async-rt,zlib,legacy_protocols --target $TARGET
+            fi
+
+            # If AES-NI is supported, test the feature
+            if [ -n "$AES_NI_SUPPORT" ]; then
+                cargo nextest run --features force_aesni_support --target $TARGET
+            fi
+
+            # no_std tests only are able to run on x86 platform
+            if [ "$TARGET" == "x86_64-unknown-linux-gnu" ] || [[ "$TARGET" =~ ^x86_64-pc-windows- ]]; then
+                cargo nextest run --no-default-features --features no_std_deps,rdrand,time --target $TARGET
+                cargo nextest run --no-default-features --features no_std_deps --target $TARGET
+            fi
+
+        else
+            cargo +$TRAVIS_RUST_VERSION test --no-run --target=$TARGET
+        fi
+        ;;
+    *)
+        # Default case: If TRAVIS_RUST_VERSION does not match any of the above
+        echo "Unknown version $TRAVIS_RUST_VERSION"
+        exit 1
+        ;;
+esac
diff --git a/ci_tools.sh b/ci_tools.sh
@@ -0,0 +1,82 @@
+#!/bin/bash
+set -ex
+cd "$(dirname "$0")"
+
+repo_root=$(readlink -f $(dirname "${BASH_SOURCE[0]}"))
+
+# Setup dependencies and tools
+
+# checks if a file has a specific sha512 hash
+check_sha512() {
+    local hash="$1"
+    local file="$2"
+    local platform=$(uname)
+    case $platform in
+        Linux)
+            sha512sum -c <<< "$hash *$file"
+            ;;
+        Darwin)
+            shasum -a 512 -c <<< "$hash *$file"
+            ;;
+        MINGW64_NT-*)
+            sha512sum -c <<< "$hash *$file"
+            ;;
+        *)
+            echo "Unsupported platform '$platfom'"
+            exit 1
+            ;;
+    esac
+}
+
+# function for downloading pre-built `cargo-nextest` on various platforms
+download_cargo_nextest() {
+    local platform="$1"
+    local cargo_nextest_hash="$2"
+    local url="$3"
+    echo "Check if need to download pre-built $platform 'cargo-nextest'"
+    if ! check_sha512 "${cargo_nextest_hash}" "${CARGO_HOME:-$HOME/.cargo}/bin/cargo-nextest"; then
+        case $platform in
+            MINGW64-*)
+                curl -LsSf "$url" -o temp.zip && unzip -d "${CARGO_HOME:-$HOME/.cargo}/bin" temp.zip && rm temp.zip
+                ;;
+            *)
+                curl -LsSf "$url" | tar zxf - -C "${CARGO_HOME:-$HOME/.cargo}/bin"
+                ;;
+        esac
+        check_sha512 "${cargo_nextest_hash}" "${CARGO_HOME:-$HOME/.cargo}/bin/cargo-nextest"
+    fi
+}
+
+aarch64_cross_toolchain_hash=c8ee0e7fd58f5ec6811e3cec5fcdd8fc47cb2b49fb50e9d7717696ddb69c812547b5f389558f62dfbf9db7d6ad808a5a515cc466b8ea3e9ab3daeb20ba1adf33
+# save to directory that will be cached
+aarch64_cross_toolchain_save_path=${repo_root}/target/aarch64-linux-musl-cross.tgz
+mkdir -p ${repo_root}/target
+if [ "$TARGET" == "aarch64-unknown-linux-musl" ]; then
+    if ! check_sha512 ${aarch64_cross_toolchain_hash} ${aarch64_cross_toolchain_save_path}; then
+        wget https://more.musl.cc/10-20210301/x86_64-linux-musl/aarch64-linux-musl-cross.tgz -O ${aarch64_cross_toolchain_save_path}
+        check_sha512 ${aarch64_cross_toolchain_hash} ${aarch64_cross_toolchain_save_path}
+    fi
+    tar -xf ${aarch64_cross_toolchain_save_path} -C /tmp;
+fi
+
+# download pre-built `cargo-nextest`
+kernel=$(uname)
+architecture=$(uname -m)
+case "$kernel-$architecture" in
+  Linux-x86_64 | Linux-amd64)
+    download_cargo_nextest "amd64" "d22ce5799f3056807fd0cd8223a290c7153a5f084d5ab931fce755c2cabd33f79c0f75542eb724fe07a7ca083f415ec1f84edc46584b06df43d97a0ff91018da" "https://get.nexte.st/0.9.52/linux"
+    ;;
+  Linux-arm64)
+    download_cargo_nextest "arm64" "cff3297c84560de8693e7f887fcf6cf33ab0036e27a9debf2b0a0832094555335f34dc30d0f9d1128ce8472dcb4594a3cf33be2357b19dcc94269b58090cc1a9" "https://get.nexte.st/0.9.52/linux-arm"
+    ;;
+  Darwin-x86_64)
+    download_cargo_nextest "Darwin-amd64" "0bb8b77ce019de3d06ee6b7382d830ed67309f187781e0de3866a0635879b494c7db48d55eee7553cfaa0bfca59abd8f8540a6d81ed703f06f9c81514d20073d" "https://get.nexte.st/0.9.52/mac"
+    ;;
+  MINGW64_NT-*-x86_64)
+    download_cargo_nextest "MINGW64-amd64" "3ffd504a4ef0b4b5e988457e6c525e62bd030d46b8f303f1c4e83a9a8ba89aef34bb239e23f391d1dddb75bea6ff074499153b2c71b06338a05d74916408de9c" "https://get.nexte.st/0.9.52/windows"
+    ;;
+  *)
+    echo "Unknown platform '$kernel-$architecture'"
+    exit 1
+    ;;
+esac
diff --git a/ct.sh b/ct.sh

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`	`1`	`status = [`
`2`		`- "continuous-integration/travis-ci/push",`
	`2`	`+ "ci",`
`3`	`3`	`]`
`4`		`-timeout_sec = 36000 # ten hours`
	`4`	`+timeout_sec = 3600 # 1 hours`