Skip to content

hotfix: egress rule for testgen #23

hotfix: egress rule for testgen

hotfix: egress rule for testgen #23

Workflow file for this run

name: Rust
on:
workflow_dispatch:
push:
branches: ["main"]
pull_request:
branches: ["main"]
permissions:
contents: read
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: "aarch64-linux-gnu-gcc"
CARGO_PROFILE_DEV_BUILD_OVERRIDE_DEBUG: "true"
jobs:
test-gen:
uses: ./.github/workflows/test-codegen.yml
test:
name: Test matrix
runs-on: ${{ matrix.os }}
needs: test-gen
strategy:
fail-fast: false
matrix:
toolchain:
- stable
- nightly
target_triple:
- aarch64-unknown-linux-gnu
- i686-pc-windows-gnu
- i686-pc-windows-msvc
- i686-unknown-linux-gnu
- x86_64-apple-darwin
- x86_64-pc-windows-gnu
- x86_64-pc-windows-msvc
- x86_64-unknown-linux-gnu
include:
- os: ubuntu-latest
target_triple:
aarch64-unknown-linux-gnu
# This target needs special setup.
prologue-script:
sudo apt update && sudo apt install gcc-aarch64-linux-gnu
# There is no standard GitHub os image that can execute ARM, we just build it.
can-run: false
rustflags: "--deny warnings"
- os: windows-latest
target_triple:
i686-pc-windows-gnu
# This target needs special setup with MinGW.
needs-mingw: x86
can-run: true
# lld on Windows uses extreme amounts of memory for debuginfo=2
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings"
- os: windows-latest
target_triple: i686-pc-windows-msvc
can-run: true
# lld on Windows uses extreme amounts of memory for debuginfo=2
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings"
- os: ubuntu-latest
target_triple:
i686-unknown-linux-gnu
# This target needs special setup.
prologue-script: sudo apt update && sudo apt install gcc-multilib
can-run: true
rustflags: "-C link-arg=-fuse-ld=lld --deny warnings"
- os: macos-latest
target_triple: x86_64-apple-darwin
can-run: true
rustflags: "--deny warnings"
- os: windows-latest
target_triple: x86_64-pc-windows-gnu
can-run: true
# lld on Windows uses extreme amounts of memory for debuginfo=2
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings"
- os: windows-latest
target_triple: x86_64-pc-windows-msvc
can-run: true
# lld on Windows uses extreme amounts of memory for debuginfo=2
rustflags: "-C link-arg=-fuse-ld=lld -C debuginfo=1 --deny warnings"
- os: ubuntu-latest
target_triple: x86_64-unknown-linux-gnu
can-run: true
rustflags: "-C link-arg=-fuse-ld=lld --deny warnings"
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: block
allowed-endpoints: >
github.com:443
api.github.com:443
azure.archive.ubuntu.com:80
esm.ubuntu.com:443
motd.ubuntu.com:443
crates.io:443
index.crates.io:443
static.crates.io:443
static.rust-lang.org:443
packages.microsoft.com:443
ppa.launchpadcontent.net:443
- name: Cache restore (MinGW)
id: cache-restore-mingw
if: matrix.needs-mingw != ''
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: |
C:\ProgramData\chocolatey\lib\mingw
key: ${{ matrix.os }}-mingw-${{ matrix.needs-mingw }}-11-2
- name: Set up MinGW ${{ matrix.needs-mingw }}
if: matrix.needs-mingw != '' && steps.cache-restore-mingw.outputs.cache-hit != 'true'
uses: egor-tensin/setup-mingw@84c781b557efd538dec66bde06988d81cd3138cf # v2.2.0
with:
platform: ${{ matrix.needs-mingw }}
version: 12.2.0 # https://github.com/egor-tensin/setup-mingw/issues/14
- name: Add MinGW to PATH
if: matrix.needs-mingw != '' && steps.cache-restore-mingw.outputs.cache-hit == 'true'
run: echo "C:\ProgramData\chocolatey\lib\mingw\tools\install\mingw32\bin" >> $env:GITHUB_PATH
- name: Run prologue script
if: matrix.prologue-script != ''
run: ${{ matrix.prologue-script }}
- name: Install lld (Unix)
if: matrix.os == 'ubuntu-latest'
run: sudo apt install lld
- name: Checkout sources
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Rust toolchain (${{ matrix.toolchain }})
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master
with:
toolchain: ${{ matrix.toolchain }}
target: ${{ matrix.target_triple }}
- name: Override toolchain
run: rustup override set ${{ matrix.toolchain }}
- name: Cache restore (Cargo)
id: cache-restore-cargo
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ${{ matrix.toolchain }}-${{ matrix.target_triple }}-cargo-${{ hashFiles('**/Cargo.toml') }}
- name: Install cargo-hack
if: steps.cache-restore-cargo.outputs.cache-hit != 'true'
run: cargo install cargo-hack
env:
CARGO_TARGET_DIR: target/
- name: Build all feature sets
run: cargo hack build --workspace --feature-powerset --skip default --target ${{ matrix.target_triple }} --features arbitrary --ignore-unknown-features
env:
RUSTFLAGS: ${{ matrix.rustflags }}
- name: Download rsonpath-test artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: ${{ needs.test-gen.outputs.artifact-name }}
path: ${{ needs.test-gen.outputs.artifact-path }}
- name: Test all feature sets
if: matrix.can-run
run: cargo hack test --workspace --feature-powerset --skip default --target ${{ matrix.target_triple }} --features arbitrary --ignore-unknown-features
env:
RUSTFLAGS: ${{ matrix.rustflags }}
test-x86-simd:
name: Test all x86 SIMD configurations
runs-on: ubuntu-latest
needs: test-gen
strategy:
fail-fast: false
matrix:
target_triple:
- x86_64-unknown-linux-gnu
- i686-unknown-linux-gnu
simd_override:
- avx2;fast_quotes;fast_popcnt
- ssse3;fast_quotes;fast_popcnt
- ssse3;fast_quotes;slow_popcnt
- ssse3;slow_quotes;fast_popcnt
- ssse3;slow_quotes;slow_popcnt
- sse2;fast_quotes;fast_popcnt
- sse2;fast_quotes;slow_popcnt
- sse2;slow_quotes;fast_popcnt
- sse2;slow_quotes;slow_popcnt
- nosimd;slow_quotes;slow_popcnt
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- name: Install lld
run: sudo apt update && sudo apt install lld gcc-multilib
- name: Checkout sources
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Rust toolchain (stable)
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master
with:
toolchain: stable
target: ${{ matrix.target_triple }}
- name: Cache restore (Cargo)
id: cache-restore-cargo
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: stable-${{ matrix.target_triple }}-cargo-${{ hashFiles('**/Cargo.toml') }}-x86-simd
- name: Build
run: cargo build --workspace --target ${{ matrix.target_triple }}
env:
RUSTFLAGS: "-C link-arg=-fuse-ld=lld --deny warnings"
- name: Download rsonpath-test artifact
uses: actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a # v3.0.2
with:
name: ${{ needs.test-gen.outputs.artifact-name }}
path: ${{ needs.test-gen.outputs.artifact-path }}
- name: Test
run: cargo test --workspace --target ${{ matrix.target_triple }}
env:
RSONPATH_UNSAFE_FORCE_SIMD: ${{ matrix.simd_override }}
RUSTFLAGS: "-C link-arg=-fuse-ld=lld --deny warnings"
clippy:
strategy:
fail-fast: false
matrix:
toolchain:
- stable
- nightly
permissions:
checks: write
name: Clippy (${{ matrix.toolchain }})
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install lld
run: sudo apt update && sudo apt install lld
- name: Install Rust toolchain (${{ matrix.toolchain }})
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master
with:
toolchain: ${{ matrix.toolchain }}
components: clippy, rustfmt
- name: Override toolchain
run: rustup override set ${{ matrix.toolchain }}
- name: Cache restore
id: cache-restore
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ubuntu-latest-${{ matrix.toolchain }}-cargo-${{ hashFiles('**/Cargo.toml') }}-clippy
- name: Build all features
run: cargo build --workspace --all-features --release
env:
RUSTFLAGS: "-C link-arg=-fuse-ld=lld --deny warnings"
- name: Clippy all features
uses: auguwu/clippy-action@58a1c6a4338a8dbe22d97bd3228a2690bba66009 # v1.3.0
with:
deny: warnings
all-features: true
token: ${{ secrets.GITHUB_TOKEN }}
env:
RUSTFLAGS: "-C link-arg=-fuse-ld=lld"
docs:
name: Documentation
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Rust toolchain (nightly)
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master
with:
toolchain: nightly
- name: Override toolchain
run: rustup override set nightly
- name: Install lld
run: sudo apt install lld
- name: Cache restore
id: cache-restore
uses: actions/cache@704facf57e6136b1bc63b828d79edcd491f0ee84 # v3.3.2
with:
path: |
~/.cargo/bin/
~/.cargo/registry/index/
~/.cargo/registry/cache/
~/.cargo/git/db/
target/
key: ubuntu-latest-nightly-avx2-cargo-${{ hashFiles('**/Cargo.toml') }}-doc
- name: cargo doc
run: cargo doc --package rsonpath-lib --all-features --no-deps --release
env:
RUSTDOCFLAGS: "-Dwarnings --cfg docsrs"
format:
name: Format
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: true
- name: Install Rust toolchain (stable)
uses: dtolnay/rust-toolchain@1482605bfc5719782e1267fd0c0cc350fe7646b8 # master
with:
toolchain: stable
components: rustfmt
- name: Override toolchain
run: rustup override set stable
- name: Format
run: cargo fmt --package rsonpath rsonpath-lib -- --check
cargo-deny:
name: Dependency scan (cargo-deny)
runs-on: ubuntu-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5 # v1.5.5