hotfix: egress rule for testgen #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Rust | |
on: | |
workflow_dispatch: | |
push: | |
branches: ["main"] | |
pull_request: | |
branches: ["main"] | |
permissions: | |
contents: read | |
env: | |
CARGO_TERM_COLOR: always | |
RUST_BACKTRACE: 1 | |
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: "aarch64-linux-gnu-gcc" | |
CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG: "true" | |
jobs: | |
test-gen: | |
uses: ./.github/workflows/test-codegen.yml | |
test: | |
name: Test matrix | |
runs-on: ${{ matrix.os }} | |
needs: test-gen | |
strategy: | |
fail-fast: false | |
matrix: | |
toolchain: | |
- stable | |
- nightly | |
target_triple: | |
- aarch64-unknown-linux-gnu | |
- i686-pc-windows-gnu | |
- i686-pc-windows-msvc | |
- i686-unknown-linux-gnu | |
- x86_64-apple-darwin | |
- x86_64-pc-windows-gnu | |
- x86_64-pc-windows-msvc | |
- x86_64-unknown-linux-gnu | |
include: | |
- os: ubuntu-latest | |
target_triple: | |
aarch64-unknown-linux-gnu | |
# This target needs special setup. | |
prologue-script: | |
sudo apt update && sudo apt install gcc-aarch64-linux-gnu | |
# There is no standard GitHub os image that can execute ARM, we just build it. | |
can-run: false | |
rustflags: "--deny warnings" | |
- os: windows-latest | |
target_triple: | |
i686-pc-windows-gnu | |
# This target needs special setup with MinGW. | |
needs-mingw: x86 | |
can-run: true | |
# lld on Windows uses extreme amounts of memory for debuginfo=2 | |
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings" | |
- os: windows-latest | |
target_triple: i686-pc-windows-msvc | |
can-run: true | |
# lld on Windows uses extreme amounts of memory for debuginfo=2 | |
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings" | |
- os: ubuntu-latest | |
target_triple: | |
i686-unknown-linux-gnu | |
# This target needs special setup. | |
prologue-script: sudo apt update && sudo apt install gcc-multilib | |
can-run: true | |
rustflags: "-C link-arg=-fuse-ld=lld --deny warnings" | |
- os: macos-latest | |
target_triple: x86_64-apple-darwin | |
can-run: true | |
rustflags: "--deny warnings" | |
- os: windows-latest | |
target_triple: x86_64-pc-windows-gnu | |
can-run: true | |
# lld on Windows uses extreme amounts of memory for debuginfo=2 | |
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings" | |
- os: windows-latest | |
target_triple: x86_64-pc-windows-msvc | |
can-run: true | |
# lld on Windows uses extreme amounts of memory for debuginfo=2 | |
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings" | |
- os: ubuntu-latest | |
target_triple: x86_64-unknown-linux-gnu | |
can-run: true | |
rustflags: "-C link-arg=-fuse-ld=lld --deny warnings" | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
egress-policy: block | |
allowed-endpoints: > | |
github.com:443 | |
api.github.com:443 | |
azure.archive.ubuntu.com:80 | |
esm.ubuntu.com:443 | |
motd.ubuntu.com:443 | |
crates.io:443 | |
index.crates.io:443 | |
static.crates.io:443 | |
static.rust-lang.org:443 | |
packages.microsoft.com:443 | |
ppa.launchpadcontent.net:443 | |
- name: Cache restore (MinGW) | |
id: cache-restore-mingw | |
if: matrix.needs-mingw != '' | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: | | |
C:\ProgramData\chocolatey\lib\mingw | |
key: ${{ matrix.os }}-mingw-${{ matrix.needs-mingw }}-11-2 | |
- name: Set up MinGW ${{ matrix.needs-mingw }} | |
if: matrix.needs-mingw != '' && steps.cache-restore-mingw.outputs.cache-hit != 'true' | |
uses: egor-tensin/setup-mingw@84c781b557efd538dec66bde06988d81cd3138cf # v2.2.0 | |
with: | |
platform: ${{ matrix.needs-mingw }} | |
version: 12.2.0 # https://github.com/egor-tensin/setup-mingw/issues/14 | |
- name: Add MinGW to PATH | |
if: matrix.needs-mingw != '' && steps.cache-restore-mingw.outputs.cache-hit == 'true' | |
run: echo "C:\ProgramData\chocolatey\lib\mingw\tools\install\mingw32\bin" >> $env:GITHUB_PATH | |
- name: Run prologue script | |
if: matrix.prologue-script != '' | |
run: ${{ matrix.prologue-script }} | |
- name: Install lld (Unix) | |
if: matrix.os == 'ubuntu-latest' | |
run: sudo apt install lld | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Rust toolchain (${{ matrix.toolchain }}) | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master | |
with: | |
toolchain: ${{ matrix.toolchain }} | |
target: ${{ matrix.target_triple }} | |
- name: Override toolchain | |
run: rustup override set ${{ matrix.toolchain }} | |
- name: Cache restore (Cargo) | |
id: cache-restore-cargo | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ${{ matrix.toolchain }}-${{ matrix.target_triple }}-cargo-${{ hashFiles('**/Cargo.toml') }} | |
- name: Install cargo-hack | |
if: steps.cache-restore-cargo.outputs.cache-hit != 'true' | |
run: cargo install cargo-hack | |
env: | |
CARGO_TARGET_DIR: target/ | |
- name: Build all feature sets | |
run: cargo hack build --workspace --feature-powerset --skip default --target ${{ matrix.target_triple }} --features arbitrary --ignore-unknown-features | |
env: | |
RUSTFLAGS: ${{ matrix.rustflags }} | |
- name: Download rsonpath-test artifact | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: ${{ needs.test-gen.outputs.artifact-name }} | |
path: ${{ needs.test-gen.outputs.artifact-path }} | |
- name: Test all feature sets | |
if: matrix.can-run | |
run: cargo hack test --workspace --feature-powerset --skip default --target ${{ matrix.target_triple }} --features arbitrary --ignore-unknown-features | |
env: | |
RUSTFLAGS: ${{ matrix.rustflags }} | |
test-x86-simd: | |
name: Test all x86 SIMD configurations | |
runs-on: ubuntu-latest | |
needs: test-gen | |
strategy: | |
fail-fast: false | |
matrix: | |
target_triple: | |
- x86_64-unknown-linux-gnu | |
- i686-unknown-linux-gnu | |
simd_override: | |
- avx2;fast_quotes;fast_popcnt | |
- ssse3;fast_quotes;fast_popcnt | |
- ssse3;fast_quotes;slow_popcnt | |
- ssse3;slow_quotes;fast_popcnt | |
- ssse3;slow_quotes;slow_popcnt | |
- sse2;fast_quotes;fast_popcnt | |
- sse2;fast_quotes;slow_popcnt | |
- sse2;slow_quotes;fast_popcnt | |
- sse2;slow_quotes;slow_popcnt | |
- nosimd;slow_quotes;slow_popcnt | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
egress-policy: audit | |
- name: Install lld | |
run: sudo apt update && sudo apt install lld gcc-multilib | |
- name: Checkout sources | |
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Rust toolchain (stable) | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master | |
with: | |
toolchain: stable | |
target: ${{ matrix.target_triple }} | |
- name: Cache restore (Cargo) | |
id: cache-restore-cargo | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: stable-${{ matrix.target_triple }}-cargo-${{ hashFiles('**/Cargo.toml') }}-x86-simd | |
- name: Build | |
run: cargo build --workspace --target ${{ matrix.target_triple }} | |
env: | |
RUSTFLAGS: "-C link-arg=-fuse-ld=lld --deny warnings" | |
- name: Download rsonpath-test artifact | |
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2 | |
with: | |
name: ${{ needs.test-gen.outputs.artifact-name }} | |
path: ${{ needs.test-gen.outputs.artifact-path }} | |
- name: Test | |
run: cargo test --workspace --target ${{ matrix.target_triple }} | |
env: | |
RSONPATH_UNSAFE_FORCE_SIMD: ${{ matrix.simd_override }} | |
RUSTFLAGS: "-C link-arg=-fuse-ld=lld --deny warnings" | |
clippy: | |
strategy: | |
fail-fast: false | |
matrix: | |
toolchain: | |
- stable | |
- nightly | |
permissions: | |
checks: write | |
name: Clippy (${{ matrix.toolchain }}) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install lld | |
run: sudo apt update && sudo apt install lld | |
- name: Install Rust toolchain (${{ matrix.toolchain }}) | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master | |
with: | |
toolchain: ${{ matrix.toolchain }} | |
components: clippy, rustfmt | |
- name: Override toolchain | |
run: rustup override set ${{ matrix.toolchain }} | |
- name: Cache restore | |
id: cache-restore | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ubuntu-latest-${{ matrix.toolchain }}-cargo-${{ hashFiles('**/Cargo.toml') }}-clippy | |
- name: Build all features | |
run: cargo build --workspace --all-features --release | |
env: | |
RUSTFLAGS: "-C link-arg=-fuse-ld=lld --deny warnings" | |
- name: Clippy all features | |
uses: auguwu/clippy-action@58a1c6a4338a8dbe22d97bd3228a2690bba66009 # v1.3.0 | |
with: | |
deny: warnings | |
all-features: true | |
token: ${{ secrets.GITHUB_TOKEN }} | |
env: | |
RUSTFLAGS: "-C link-arg=-fuse-ld=lld" | |
docs: | |
name: Documentation | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Rust toolchain (nightly) | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master | |
with: | |
toolchain: nightly | |
- name: Override toolchain | |
run: rustup override set nightly | |
- name: Install lld | |
run: sudo apt install lld | |
- name: Cache restore | |
id: cache-restore | |
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2 | |
with: | |
path: | | |
~/.cargo/bin/ | |
~/.cargo/registry/index/ | |
~/.cargo/registry/cache/ | |
~/.cargo/git/db/ | |
target/ | |
key: ubuntu-latest-nightly-avx2-cargo-${{ hashFiles('**/Cargo.toml') }}-doc | |
- name: cargo doc | |
run: cargo doc --package rsonpath-lib --all-features --no-deps --release | |
env: | |
RUSTDOCFLAGS: "-Dwarnings --cfg docsrs" | |
format: | |
name: Format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
with: | |
submodules: true | |
- name: Install Rust toolchain (stable) | |
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master | |
with: | |
toolchain: stable | |
components: rustfmt | |
- name: Override toolchain | |
run: rustup override set stable | |
- name: Format | |
run: cargo fmt --package rsonpath rsonpath-lib -- --check | |
cargo-deny: | |
name: Dependency scan (cargo-deny) | |
runs-on: ubuntu-latest | |
steps: | |
- name: Harden Runner | |
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
with: | |
egress-policy: audit | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5 # v1.5.5 |