CI #754
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [main] | |
pull_request: | |
branches: [main] | |
schedule: | |
- cron: '0 15 * * 0,4' # Every Monday and Friday at 00:00 JST | |
env: | |
CARGO_INCREMENTAL: 0 | |
CARGO_NET_RETRY: 10 | |
CARGO_TERM_COLOR: always | |
RUST_BACKTRACE: 1 | |
RUSTDOCFLAGS: -D warnings | |
RUSTFLAGS: -D warnings | |
RUSTUP_MAX_RETRIES: 10 | |
defaults: | |
run: | |
shell: bash | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- run: cargo test --workspace --all-features --exclude example | |
features: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- name: Install cargo-hack | |
uses: taiki-e/install-action@cargo-hack | |
- run: cargo hack build --workspace --no-private --feature-powerset | |
- run: cargo hack build --workspace --no-private --feature-powerset --rust-version | |
fmt: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- run: cargo fmt --all --check | |
clippy: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- run: cargo clippy --workspace --all-features --all-targets | |
docs: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@stable | |
- run: cargo doc --workspace --all-features | |
fuzz: | |
env: | |
FUZZ_MAX_TOTAL_TIME: 60 # 1 minute | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dtolnay/rust-toolchain@nightly | |
- uses: taiki-e/cache-cargo-install-action@v1 | |
with: | |
tool: cargo-fuzz | |
# We cannot use cache for cargo-afl because afl.rs requires the cargo-afl binary and afl library to be built with the same compiler version. | |
- run: cargo install cargo-afl --debug --locked | |
- run: cargo fuzz build --features libfuzzer | |
- run: cargo afl build --release --features afl | |
working-directory: fuzz | |
# On scheduled job, run fuzzer $FUZZ_MAX_TOTAL_TIME seconds per target. | |
# TODO: This is currently skipped for libfuzzer due to https://github.com/rust-fuzz/cargo-fuzz/issues/270. | |
- name: Cache AFL++ output | |
uses: actions/cache@v4 | |
with: | |
path: fuzz/out | |
key: afl-out-${{ github.run_id }} | |
restore-keys: afl-out- | |
if: github.event_name == 'schedule' | |
- name: Fuzzing with AFL++ | |
run: | | |
set -eEuxo pipefail | |
echo 'core' | sudo tee /proc/sys/kernel/core_pattern | |
for target in $(ls | grep '.*\.rs$' | sed 's/\.rs$//'); do | |
cargo afl fuzz -i "seeds/${target}" -o "out/${target}" -V "${FUZZ_MAX_TOTAL_TIME}" "target/release/${target}" | |
rmdir "out/${target}"/default/crashes &>/dev/null || true | |
rmdir "out/${target}"/default/hangs &>/dev/null || true | |
if [[ -d "out/${target}"/default/crashes ]] || [[ -d "out/${target}"/default/hangs ]]; then | |
exit 1 | |
fi | |
done | |
working-directory: fuzz | |
if: github.event_name == 'schedule' | |
- name: Archive artifacts | |
run: | | |
set -eEuxo pipefail | |
if [[ -d out ]]; then | |
tar acvf ../afl-artifacts.tar.xz out | |
fi | |
working-directory: fuzz | |
if: failure() && github.event_name == 'schedule' | |
- name: Upload artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fuzz-artifacts | |
path: afl-artifacts.tar.xz | |
if: failure() && github.event_name == 'schedule' | |
spell-check: | |
runs-on: ubuntu-latest | |
timeout-minutes: 60 | |
steps: | |
- uses: actions/checkout@v4 | |
- run: tools/spell-check.sh |