Skip to content

Commit 9dbfc36

Browse files
committed
CI: added basic set of workflows.
1 parent 23601ea commit 9dbfc36

File tree

4 files changed

+233
-0
lines changed

4 files changed

+233
-0
lines changed

.github/workflows/cargo-deny.yaml

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,24 @@
1+
name: cargo-deny
2+
on:
3+
push:
4+
branches:
5+
- main
6+
pull_request:
7+
8+
jobs:
9+
check:
10+
runs-on: ubuntu-latest
11+
strategy:
12+
matrix:
13+
checks:
14+
- advisories
15+
- bans licenses sources
16+
17+
# Prevent sudden announcement of a new advisory from failing ci:
18+
continue-on-error: ${{ matrix.checks == 'advisories' }}
19+
20+
steps:
21+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
22+
- uses: EmbarkStudios/cargo-deny-action@30f817c6f72275c6d54dc744fbca09ebc958599f # v2.0.12
23+
with:
24+
command: check ${{ matrix.checks }}

.github/workflows/ci.yaml

Lines changed: 109 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,109 @@
1+
name: CI
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
pull_request:
8+
9+
env:
10+
CARGO_TERM_COLOR: 'always'
11+
RUST_BACKTRACE: '1'
12+
NGINX_SOURCE_DIR: nginx
13+
14+
jobs:
15+
rust-version:
16+
name: Minimal supported Rust version
17+
outputs:
18+
version: ${{ steps.read_version.outputs.msrv }}
19+
runs-on: ubuntu-latest
20+
steps:
21+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
22+
- id: read_version
23+
run: |
24+
awk -F '=' \
25+
'/^rust-version[[:space:]]*=/ { gsub(/([" ]|#.*)/,"",$2); print ("msrv=" $2) }' \
26+
Cargo.toml \
27+
| tee -a "$GITHUB_OUTPUT"
28+
29+
unix:
30+
needs: rust-version
31+
32+
strategy:
33+
fail-fast: false
34+
matrix:
35+
runner:
36+
- ubuntu
37+
rust-version:
38+
- stable
39+
nginx-ref:
40+
- master
41+
- stable-1.28
42+
build:
43+
- debug
44+
- debug-static
45+
- release
46+
47+
include:
48+
- runner: ubuntu
49+
rust-version: ${{ needs.rust-version.outputs.version }}
50+
nginx-ref: stable-1.28
51+
build: debug
52+
53+
- runner: macos
54+
rust-version: stable
55+
nginx-ref: stable-1.28
56+
build: debug
57+
58+
runs-on: ${{ matrix.runner }}-latest
59+
60+
steps:
61+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
62+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
63+
with:
64+
ref: ${{ matrix.nginx-ref }}
65+
repository: 'nginx/nginx'
66+
path: 'nginx'
67+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
68+
with:
69+
repository: 'nginx/nginx-tests'
70+
path: 'nginx/tests'
71+
sparse-checkout: |
72+
lib
73+
74+
- uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b
75+
with:
76+
toolchain: ${{ matrix.rust-version }}
77+
components: clippy, rustfmt
78+
79+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
80+
with:
81+
path: |
82+
~/.cargo/bin/
83+
~/.cargo/registry/index/
84+
~/.cargo/registry/cache/
85+
~/.cargo/git/db/
86+
nginx/objs/**/CACHEDIR.TAG
87+
nginx/objs/**/ngx-debug
88+
nginx/objs/**/ngx-release
89+
key: ${{ runner.os }}-nginx-${{ hashFiles('**/Cargo.lock') }}
90+
restore-keys: ${{ runner.os }}-nginx-
91+
92+
- name: build
93+
id: build
94+
run: make BUILD=${{ matrix.build }} -j $(nproc) build
95+
96+
- name: check
97+
# always run if build succeeds
98+
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
99+
run: make BUILD=${{ matrix.build }} check
100+
101+
- name: run unit-tests
102+
# always run if build succeeds
103+
if: ${{ !cancelled() && steps.build.outcome == 'success' && runner.os != 'macOS' }}
104+
run: make BUILD=${{ matrix.build }} unittest
105+
106+
- name: run tests
107+
# always run if build succeeds
108+
if: ${{ !cancelled() && steps.build.outcome == 'success' }}
109+
run: make BUILD=${{ matrix.build }} TEST_PREREQ= test

.github/workflows/sanitizers.yaml

Lines changed: 78 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,78 @@
1+
name: sanitizers
2+
3+
on:
4+
push:
5+
branches:
6+
- main
7+
pull_request:
8+
9+
env:
10+
CARGO_TERM_COLOR: 'always'
11+
RUST_BACKTRACE: '1'
12+
NGINX_SOURCE_DIR: nginx
13+
BUILDREQUIRES: >-
14+
openssl-devel pcre2-devel zlib-devel
15+
cargo rust-src rustfmt
16+
clang compiler-rt llvm
17+
git-core
18+
make patch
19+
perl-FindBin
20+
perl-IO-Socket-SSL
21+
perl-Test-Harness
22+
perl-Test-Simple
23+
perl-lib
24+
25+
jobs:
26+
test:
27+
runs-on: ubuntu-latest
28+
container: ghcr.io/almalinux/almalinux:10
29+
30+
strategy:
31+
fail-fast: false
32+
matrix:
33+
nginx-ref:
34+
# master
35+
- stable-1.28
36+
37+
steps:
38+
- name: Install dependencies
39+
run: dnf install -y ${BUILDREQUIRES}
40+
41+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
42+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
43+
with:
44+
ref: ${{ matrix.nginx-ref }}
45+
repository: 'nginx/nginx'
46+
path: 'nginx'
47+
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
48+
with:
49+
repository: 'nginx/nginx-tests'
50+
path: 'nginx/tests'
51+
52+
- uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
53+
with:
54+
path: |
55+
~/.cargo/bin/
56+
~/.cargo/registry/index/
57+
~/.cargo/registry/cache/
58+
~/.cargo/git/db/
59+
nginx/objs/**/CACHEDIR.TAG
60+
nginx/objs/**/ngx-debug
61+
nginx/objs/**/ngx-release
62+
key: ${{ runner.os }}-cargo-asan-${{ hashFiles('**/Cargo.lock') }}
63+
restore-keys: ${{ runner.os }}-cargo-asan-
64+
65+
- name: Configure and build nginx
66+
run: |
67+
make -j$(nproc) BUILD=sanitize build
68+
69+
- name: Run tests
70+
env:
71+
# `container` job steps are running as root, and thus all the files
72+
# created by the test scripts are owned by root.
73+
# But the worker processes are spawned as "nobody" by default,
74+
# resulting in permission errors.
75+
TEST_NGINX_GLOBALS: >-
76+
user root;
77+
run: |
78+
make -j$(nproc) BUILD=sanitize test

deny.toml

Lines changed: 22 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,22 @@
1+
[bans]
2+
multiple-versions = "warn"
3+
4+
[graph]
5+
all-features = true
6+
7+
[licenses]
8+
allow = [
9+
"Apache-2.0",
10+
"BSD-3-Clause",
11+
"ISC",
12+
"MIT",
13+
"Unicode-3.0",
14+
]
15+
confidence-threshold = 0.8
16+
17+
[[licenses.clarify]]
18+
crate = "ring"
19+
expression = "MIT AND ISC AND OpenSSL"
20+
license-files = [
21+
{ path = "LICENSE", hash = 0xbd0eed23 }
22+
]

0 commit comments

Comments
 (0)