Continuous integration #6096

Workflow file for this run

	name: Continuous integration

	on:
	pull_request:
	push:
	branches:
	- main

	jobs:
	shellcheck:
	name: Shellcheck
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- run: ci/shellcheck

	rust_actions:
	name: Rust Actions (Check/Fmt/Clippy)
	runs-on: ${{ matrix.os }}
	strategy:
	fail-fast: false
	matrix:
	os: [ubuntu-latest, macos-latest]
	tool: [check, fmt, clippy]
	include:
	- tool: check
	protobuf: true
	fuse: true
	components: ""
	command: ci/check
	- tool: fmt
	protobuf: true
	fuse: true
	components: "rustfmt"
	command: ci/fmt
	- tool: clippy
	protobuf: true
	fuse: true
	components: "clippy"
	command: ci/clippy
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	with:
	components: ${{matrix.components}}
	- name: Install Protobuf
	if: matrix.protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	if: matrix.fuse
	uses: ./.github/actions/install-fuse
	- name: Run ${{ matrix.tool }}
	run: ${{ matrix.command }}

	cargo-deny: # only runs on Linux
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	- name: Install Protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	uses: ./.github/actions/install-fuse
	- run: ci/deny

	test:
	name: Test Suite
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	- name: Install Protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	uses: ./.github/actions/install-fuse
	- name: Install nextest
	uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
	with:
	tool: [email protected]
	- run: ci/test

	integration-test:
	name: Integration Tests
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	- name: Install Protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	uses: ./.github/actions/install-fuse
	- run: ci/integration-test
	timeout-minutes: 30

	kani:
	name: Kani Proofs
	runs-on: ubuntu-latest
	strategy:
	matrix:
	crate: [lading_throttle, lading_payload]
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	- name: Install Protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	uses: ./.github/actions/install-fuse
	- name: Install kani
	run: cargo install kani-verifier
	- run: ci/kani ${{ matrix.crate }}
	timeout-minutes: 30

	fuzz-check:
	name: Check Fuzz Targets
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	with:
	toolchain: nightly
	components: rust-src
	- name: Install Protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	uses: ./.github/actions/install-fuse
	- name: Install cargo-fuzz
	run: cargo install cargo-fuzz
	- run: ci/fuzz --check lading_payload
	timeout-minutes: 10

	fingerprint:
	name: Payload Fingerprint Verification
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	- name: Install Protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	uses: ./.github/actions/install-fuse
	- name: Build payloadtool
	run: cargo build --release --bin payloadtool
	- run: ci/fingerprint
	timeout-minutes: 10

	buf:
	runs-on: ubuntu-latest
	steps:
	# Check our protobufs for lint cleanliness and for lack of breaking
	# changes
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10
	- name: Install Protobuf
	uses: ./.github/actions/install-protobuf
	- name: Install FUSE
	uses: ./.github/actions/install-fuse
	- name: buf-setup
	uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0
	- run: ci/buf

	actionlint:
	runs-on: ubuntu-latest
	steps:
	- name: set actionlint version & checksum
	id: version
	run: \|
	export ACTIONLINT="1.7.3"
	export ACTIONLINT_CHECKSUM="37252b4d440b56374b0fc1726e05fd7452d30d6d774f6e9b52e65bb64475f9db"

	echo "actionlint version: ${ACTIONLINT}"
	echo "actionlint checksum: ${ACTIONLINT_CHECKSUM}"

	echo "ACTIONLINT=${ACTIONLINT}" >> $GITHUB_OUTPUT
	echo "ACTIONLINT_CHECKSUM=${ACTIONLINT_CHECKSUM}" >> $GITHUB_OUTPUT

	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- name: Download actionlint
	shell: bash
	run: \|
	wget https://github.com/rhysd/actionlint/releases/download/v${{ steps.version.outputs.ACTIONLINT }}/actionlint_${{ steps.version.outputs.ACTIONLINT }}_linux_amd64.tar.gz

	echo "${{ steps.version.outputs.ACTIONLINT_CHECKSUM }} actionlint_${{ steps.version.outputs.ACTIONLINT }}_linux_amd64.tar.gz" >> CHECKSUMS
	sha256sum -c CHECKSUMS

	tar -xvf actionlint_${{ steps.version.outputs.ACTIONLINT }}_linux_amd64.tar.gz
	- name: Check workflow files
	shell: bash
	run: \|
	./actionlint -color \
	-ignore 'Double quote to prevent globbing and word splitting' \
	-ignore 'Consider using { cmd1; cmd2; } >> file instead of individual redirects' \
	-ignore 'Declare and assign separately to avoid masking return values'

	action-sha-pin-check:
	runs-on: ubuntu-latest
	steps:
	- name: Check out branch
	uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- name: Check all GitHub Actions in ".github/workflows" are pinned to SHAs
	uses: stacklok/frizbee-action@c7009cdb455a69ae0dab0c37f296e0f545b4211c # v0.0.5
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	actions: ".github/workflows"
	dockerfiles: ""
	fail_on_unpinned: true
	open_pr: false
	- name: Check all GitHub Actions in ".github/actions" are pinned to SHAs
	uses: stacklok/frizbee-action@c7009cdb455a69ae0dab0c37f296e0f545b4211c # v0.0.5
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
	with:
	actions: ".github/actions"
	dockerfiles: ""
	fail_on_unpinned: true
	open_pr: false

	cargo-machete:
	name: Check unused dependencies
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2
	with:
	cache: false
	- uses: taiki-e/install-action@44c6d64aa62cd779e873306675c7a58e86d6d532 # v2.62.49
	with:
	tool: [email protected]
	- run: cargo machete

	custom-lints:
	name: Custom Lints (ast-grep)
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
	- name: Install ast-grep
	run: \|
	wget https://github.com/ast-grep/ast-grep/releases/download/0.39.5/app-x86_64-unknown-linux-gnu.zip
	echo "9a1cab3e7916c98c6fe0079cc2c3b44d98832ba3bdb9db492d04a4e60e41fd0f app-x86_64-unknown-linux-gnu.zip" \| sha256sum -c
	unzip app-x86_64-unknown-linux-gnu.zip
	mv sg /usr/local/bin/sg
	mv ast-grep /usr/local/bin/ast-grep
	chmod +x /usr/local/bin/sg
	chmod +x /usr/local/bin/ast-grep
	sg --version
	- name: Test custom lints
	run: ci/test_custom_lints
	- name: Run custom lints
	run: ci/custom_lints

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Continuous integration #6096

Workflow file

Continuous integration #6096

Uh oh!

Jobs

Run details

Workflow file for this run