-
Notifications
You must be signed in to change notification settings - Fork 109
325 lines (314 loc) · 17.4 KB
/
ci.yml
File metadata and controls
325 lines (314 loc) · 17.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
name: CI
permissions:
contents: read
on:
push:
branches:
- main
pull_request:
merge_group:
workflow_dispatch:
# If a new commit is pushed to the branch before ongoing runs finish, cancel the ongoing runs
concurrency:
group: ${{ github.workflow }}-${{ github.ref || github.run_id }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
jobs:
build_and_test:
name: Build and Test
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
RUSTDOCFLAGS: -Dwarnings
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Use Node.js
uses: actions/setup-node@v4
- name: Set up Rust
run: |
rustup toolchain install $(awk -F'"' '/channel/{print $2}' rust-toolchain.toml) --profile minimal --no-self-update --component rustfmt,clippy --target x86_64-unknown-linux-gnu
- name: Set up Nextest
run: |
curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin
- name: Set up tun
run: |
sudo ./litebox_platform_linux_userland/scripts/tun-setup.sh
- uses: Swatinem/rust-cache@v2
- name: Cache custom out directories
uses: actions/cache@v4
with:
path: |
target/*/build/litebox_runner_linux_userland-*/out
key: custom-out-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/litebox_syscall_rewriter/**/*.rs') }}
- run: ./.github/tools/github_actions_run_cargo fmt
- run: |
./.github/tools/github_actions_run_cargo clippy --all-targets --all-features --workspace --exclude litebox_platform_lvbs --exclude litebox_runner_lvbs --exclude litebox_runner_optee_on_linux_userland --exclude litebox_runner_snp --exclude litebox_platform_kernel --exclude litebox_runner_optee_on_machine
./.github/tools/github_actions_run_cargo clippy --all-targets --all-features -p litebox_runner_optee_on_linux_userland
# We exclude `litebox_platform_lvbs` and `litebox_runner_lvbs` because we cannot build them with a stable toolchain.
# They depend on the unstable `abi_x86_interrupt` feature. `build_and_test_nightly` cover them.
# `litebox_runner_optee_on_linux_userland` conflicts with `litebox_runner_linux_userland` due to
# feature unification (`optee_syscall` versus `linux_syscall`). Build it separately for now.
- run: |
./.github/tools/github_actions_run_cargo build
./.github/tools/github_actions_run_cargo build -p litebox_runner_optee_on_linux_userland
- run: |
./.github/tools/github_actions_run_cargo nextest
./.github/tools/github_actions_run_cargo nextest -p litebox_runner_optee_on_linux_userland
- run: |
./.github/tools/github_actions_run_cargo test --doc
# We need to run `cargo test --doc` separately because doc tests
# aren't included in nextest at the moment. See relevant discussion at
# https://github.com/nextest-rs/nextest/issues/16
- name: Build documentation (fail on warnings)
run: ./.github/tools/github_actions_run_cargo doc --no-deps --all-features --document-private-items --workspace --exclude litebox_platform_lvbs --exclude litebox_runner_lvbs --exclude litebox_runner_snp --exclude litebox_platform_kernel --exclude litebox_runner_optee_on_machine
build_and_test_32bit:
name: Build and Test (32-bit)
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
steps:
- name: Check out repo
uses: actions/checkout@v4
- run: sudo apt update && sudo apt install -y gcc-multilib
- name: Set up Rust
run: |
rustup toolchain install $(awk -F'"' '/channel/{print $2}' rust-toolchain.toml) --profile minimal --no-self-update --component rustfmt,clippy --target i686-unknown-linux-gnu
- name: Set up Nextest
run: |
curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin
- name: Set up tun
run: |
sudo ./litebox_platform_linux_userland/scripts/tun-setup.sh
- uses: Swatinem/rust-cache@v2
- name: Cache custom out directories
uses: actions/cache@v4
with:
path: |
target/*/build/litebox_runner_linux_userland-*/out
key: custom-out-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/litebox_syscall_rewriter/**/*.rs') }}
- run: ./.github/tools/github_actions_run_cargo build --target=i686-unknown-linux-gnu
- run: ./.github/tools/github_actions_run_cargo nextest --target=i686-unknown-linux-gnu
- run: |
./.github/tools/github_actions_run_cargo test --target=i686-unknown-linux-gnu --doc
# We need to run `cargo test --doc` separately because doc tests
# aren't included in nextest at the moment. See relevant discussion at
# https://github.com/nextest-rs/nextest/issues/16
build_and_test_lvbs:
name: Build and Test LVBS
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Set up Rust
run: |
RUST_CHANNEL=$(awk -F'"' '/channel/{print $2}' litebox_runner_lvbs/rust-toolchain.toml)
rustup toolchain install ${RUST_CHANNEL} --profile minimal --no-self-update --component rustfmt,clippy --target x86_64-unknown-none
rustup component add rust-src --toolchain ${RUST_CHANNEL}-x86_64-unknown-linux-gnu
rustup default ${RUST_CHANNEL}
rustup override set ${RUST_CHANNEL}
rustup show
- name: Set up Nextest
run: |
curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C ${CARGO_HOME:-~/.cargo}/bin
- name: Set up tun
run: |
sudo ./litebox_platform_linux_userland/scripts/tun-setup.sh
- uses: Swatinem/rust-cache@v2
- name: Cache custom out directories
uses: actions/cache@v4
with:
path: |
target/*/build/litebox_runner_linux_userland-*/out
key: custom-out-${{ runner.os }}-${{ github.job }}-${{ hashFiles('**/Cargo.lock') }}-${{ hashFiles('**/litebox_syscall_rewriter/**/*.rs') }}
- run: ./.github/tools/github_actions_run_cargo clippy --all-targets --all-features
- run: |
./.github/tools/github_actions_run_cargo build
./.github/tools/github_actions_run_cargo build -Z build-std-features=compiler-builtins-mem -Z build-std=core,alloc --manifest-path=litebox_runner_lvbs/Cargo.toml --target litebox_runner_lvbs/x86_64_vtl1.json
- run: ./.github/tools/github_actions_run_cargo nextest
- run: |
./.github/tools/github_actions_run_cargo test --doc
# We need to run `cargo test --doc` separately because doc tests
# aren't included in nextest at the moment. See relevant discussion at
# https://github.com/nextest-rs/nextest/issues/16
- name: Build documentation (fail on warnings)
run: ./.github/tools/github_actions_run_cargo doc --no-deps --all-features --document-private-items
build_and_test_windows:
name: Build and Test Windows
runs-on: windows-latest
env:
RUSTFLAGS: -Dwarnings
RUSTDOCFLAGS: -Dwarnings
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Set up Rust
run: |
rustup toolchain install $(awk -F'"' '/channel/{print $2}' rust-toolchain.toml) --profile minimal --no-self-update --component rustfmt,clippy --target x86_64-pc-windows-msvc
- name: Set up Nextest
uses: taiki-e/install-action@nextest
- uses: Swatinem/rust-cache@v2
- run: cargo clippy --locked --verbose --all-targets --all-features -p litebox_runner_linux_on_windows_userland
- run: cargo build --locked --verbose -p litebox_runner_linux_on_windows_userland
- run: cargo nextest run --locked --profile ci -p litebox_runner_linux_on_windows_userland
- run: cargo nextest run --locked --profile ci -p litebox_shim_linux --no-default-features --features platform_windows_userland
- run: |
cargo test --locked --verbose --doc -p litebox_runner_linux_on_windows_userland
# We need to run `cargo test --doc` separately because doc tests
# aren't included in nextest at the moment. See relevant discussion at
# https://github.com/nextest-rs/nextest/issues/16
- name: Build documentation (fail on warnings)
run: cargo doc --locked --verbose --no-deps --all-features --document-private-items -p litebox_runner_linux_on_windows_userland
build_and_test_snp:
name: Build and Test SNP
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Set up Rust
run: |
RUST_CHANNEL=$(awk -F'"' '/channel/{print $2}' litebox_runner_snp/rust-toolchain.toml)
rustup toolchain install ${RUST_CHANNEL} --profile minimal --no-self-update --component rustfmt,clippy --target x86_64-unknown-none
rustup component add rust-src --toolchain ${RUST_CHANNEL}-x86_64-unknown-linux-gnu
rustup default ${RUST_CHANNEL}
rustup override set ${RUST_CHANNEL}
rustup show
- uses: Swatinem/rust-cache@v2
- run: ./.github/tools/github_actions_run_cargo clippy --all-features --target litebox_runner_snp/target.json --manifest-path=litebox_runner_snp/Cargo.toml -Zbuild-std=core,compiler_builtins,alloc
- run: |
./.github/tools/github_actions_run_cargo build -Zbuild-std=core,compiler_builtins,alloc -Zbuild-std-features=compiler-builtins-mem --manifest-path=litebox_runner_snp/Cargo.toml --target litebox_runner_snp/target.json
- name: Build documentation (fail on warnings)
run: ./.github/tools/github_actions_run_cargo doc --no-deps --all-features --document-private-items
build_and_test_qemu:
name: Build and Test boot image with QEMU
runs-on: ubuntu-latest
env:
RUSTFLAGS: -Dwarnings
steps:
- name: Check out repo
uses: actions/checkout@v4
- run: sudo apt update && sudo apt install qemu-system-x86
- name: Set up Rust
run: |
RUST_CHANNEL=$(awk -F'"' '/channel/{print $2}' litebox_runner_optee_on_machine/rust-toolchain.toml)
rustup toolchain install ${RUST_CHANNEL} --profile minimal --no-self-update --component rustfmt,clippy --target x86_64-unknown-none
rustup component add rust-src --toolchain ${RUST_CHANNEL}-x86_64-unknown-linux-gnu
rustup default ${RUST_CHANNEL}
rustup override set ${RUST_CHANNEL}
rustup show
- uses: Swatinem/rust-cache@v2
- run: ./.github/tools/github_actions_run_cargo clippy --all-features --target litebox_runner_optee_on_machine/x86_64-unknown-litebox.json --manifest-path=litebox_runner_optee_on_machine/Cargo.toml -Zbuild-std=core,compiler_builtins,alloc
- run: |
./.github/tools/github_actions_run_cargo build -Zbuild-std=core,compiler_builtins,alloc -Zbuild-std-features=compiler-builtins-mem --manifest-path=litebox_runner_optee_on_machine/Cargo.toml --target litebox_runner_optee_on_machine/x86_64-unknown-litebox.json
- run: |
rustup component add rust-src --toolchain nightly-x86_64-unknown-linux-gnu
rustup component add llvm-tools-preview --toolchain nightly-x86_64-unknown-linux-gnu
cargo +nightly install bootimage
cargo +nightly bootimage -Zbuild-std=core,compiler_builtins,alloc -Zbuild-std-features=compiler-builtins-mem --manifest-path=litebox_runner_optee_on_machine/Cargo.toml --target litebox_runner_optee_on_machine/x86_64-unknown-litebox.json
qemu-system-x86_64 -machine q35 -cpu max -m 256M -drive format=raw,file=target/x86_64-unknown-litebox/debug/bootimage-litebox_runner_optee_on_machine.bin -nographic -no-reboot -device isa-debug-exit,iobase=0xf4,iosize=0x04 || true
- name: Build documentation (fail on warnings)
run: ./.github/tools/github_actions_run_cargo doc --no-deps --all-features --document-private-items
confirm_no_std:
name: Confirm no_std
runs-on: ubuntu-latest
steps:
- name: Check out repo
uses: actions/checkout@v4
- name: Set up Rust
run: |
rustup toolchain install $(awk -F'"' '/channel/{print $2}' rust-toolchain.toml) --profile minimal --no-self-update --target x86_64-unknown-none
- uses: Swatinem/rust-cache@v2
- name: Confirm that we haven't accidentally pulled in std into LiteBox
run: |
# Essentially, we run a build on a target that simply does NOT have
# `std` support at all. If that build succeeds, then we know that the
# litebox crate has not accidentally pulled in `std` from a dependency
# that is not a `#[no_std]` crate.
#
# This build will fail if any of the dependencies of `litebox` pull in
# `std`. Unfortunately, the error message is not very useful to point
# out _which_ dependency pulled in `std`, but otoh, hopefully it
# should be quite obvious by looking at the PR itself.
#
# The `find` invocation runs through every `Cargo.toml` in the
# repository, and runs a build with `x86_64-unknown-none` target
# (which does not support `std`), thereby catching any crate that
# pulls in an std-crate accidentally. The `-not -path` lines are an
# allow-list (i.e., crates that are allowed to have `std`).
#
# Reason for each item in allow-list:
#
# - `.` is itself special, since it would otherwise trigger a
# full-workspace check, which we don't want, thus we allow that one
# in particular to also have `std` in it.
#
# - `litebox_platform_linux_userland` is allowed to have `std` access,
# since it is a purely-userland implementation.
#
# - `litebox_platform_windows_userland` is allowed to have `std` access,
# since it is a purely-userland implementation.
#
# - `litebox_platform_lvbs` has a custom target (`no_std`), so it does
# not work with the current no_std checker.
#
# - `litebox_platform_multiplex` is allowed to have `std` access (in
# its default feature set) because `litebox_platform_linux_userland`
# has access, and this is just a multiplexer. Ideally, we'd do a
# more precise check, but as long as we are tracking the underlying
# platforms, we are unlikely to hit any significant issues here.
#
# - `litebox_runner_linux_on_windows_userland` is allowed to have `std`
# access since it needs to actually access the file-system, pull in
# relevant files, and then actually trigger LiteBox itself.
#
# - `litebox_runner_linux_userland` is allowed to have `std` access
# since it needs to actually access the file-system, pull in
# relevant files, and then actually trigger LiteBox itself.
#
# - `litebox_runner_lvbs` has a custom target (`no_std`), so it does
# not work with the current no_std checker.
#
# - `litebox_runner_optee_on_linux_userland` is allowed to have `std`
# access since it needs to actually access the file-system, pull in
# relevant files, and then actually trigger LiteBox itself.
#
# - `litebox_shim_linux` (in its default feature set) depends on
# `litebox_platform_multiplex`; similarly, ideally we'd do a more
# precise check.
#
# - `litebox_shim_optee` is expected to work with
# `litebox_platform_lvbs` (`no_std`) and
# `litebox_platform_linux_userland` (for debugging) which
# depends on `litebox_platform_multiplex`.
#
# - `litebox_syscall_rewriter` is allowed to have `std` access since
# it is a helper binary that runs in userland to AOT "compile" ELFs.
#
# - `litebox_runner_snp` is `no_std` but requires custom target to build
#
# - `dev_tests` is meant to only be used for tests, and thus can
# safely use std.
find . -type f -name 'Cargo.toml' \
-not -path './Cargo.toml' \
-not -path './litebox_platform_linux_userland/Cargo.toml' \
-not -path './litebox_platform_windows_userland/Cargo.toml' \
-not -path './litebox_runner_linux_on_windows_userland/Cargo.toml' \
-not -path './litebox_platform_lvbs/Cargo.toml' \
-not -path './litebox_platform_multiplex/Cargo.toml' \
-not -path './litebox_runner_linux_userland/Cargo.toml' \
-not -path './litebox_runner_lvbs/Cargo.toml' \
-not -path './litebox_runner_optee_on_linux_userland/Cargo.toml' \
-not -path './litebox_shim_linux/Cargo.toml' \
-not -path './litebox_shim_optee/Cargo.toml' \
-not -path './litebox_syscall_rewriter/Cargo.toml' \
-not -path './litebox_runner_snp/Cargo.toml' \
-not -path './litebox_platform_kernel/Cargo.toml' \
-not -path './litebox_runner_optee_on_machine/Cargo.toml' \
-not -path './dev_tests/Cargo.toml' \
-print0 | \
xargs -0 -I '{}' sh -c 'cd "$(dirname "{}")"; pwd; cargo build --locked --target x86_64-unknown-none || exit 1; echo; echo'