Skip to content

refactor: use libseccomp crate #235

refactor: use libseccomp crate

refactor: use libseccomp crate #235

Workflow file for this run

# The MIT License (MIT)
# Copyright (c) 2016-2022 Florian Dehau
# Copyright (c) 2023-2024 The Ratatui Developers
# Copyright (c) 2024 Levi Zim
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal
# in the Software without restriction, including without limitation the rights
# to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
# copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in all
# copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
# SOFTWARE.
name: Continuous Integration
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
push:
branches:
- main
pull_request:
merge_group:
# ensure that the workflow is only triggered once per PR, subsequent pushes to the PR will cancel
# and restart the workflow. See https://docs.github.com/en/actions/using-jobs/using-concurrency
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
jobs:
lint:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- name: Cache Cargo dependencies
uses: Swatinem/rust-cache@v2
- name: Check typos
uses: crate-ci/typos@master
- name: Lint dependencies
uses: EmbarkStudios/cargo-deny-action@v1
clippy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust stable
uses: dtolnay/rust-toolchain@stable
with:
components: clippy,rustfmt
- name: Install native dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y libelf-dev zlib1g-dev build-essential
- name: Cache Cargo dependencies
uses: Swatinem/rust-cache@v2
- name: Run clippy
run: cargo clippy
check_and_test:
strategy:
fail-fast: false
matrix:
include:
- os: ubuntu-24.04
os-arch: amd64
target: x86_64-unknown-linux-gnu
arch: x86_64
libpath: usr/lib/x86_64-linux-gnu
no-default-features: false
# Test with eBPF feature disabled
- os: ubuntu-24.04
os-arch: amd64
target: x86_64-unknown-linux-gnu
arch: x86_64
libpath: usr/lib/x86_64-linux-gnu
no-default-features: true
args: '-F seccomp-bpf'
- os: ubuntu-24.04
os-arch: amd64
target: x86_64-unknown-linux-gnu
arch: x86_64
libpath: usr/lib/x86_64-linux-gnu
no-default-features: false
args: '-F static,vendored'
rust_flags: -C target-feature=+crt-static
static_libseccomp: true
- os: ubuntu-24.04
os-arch: arm64
target: aarch64-unknown-linux-gnu
arch: aarch64
libpath: usr/lib/aarch64-linux-gnu
no-default-features: false
- os: ubuntu-24.04
os-arch: arm64
target: aarch64-unknown-linux-gnu
arch: aarch64
libpath: usr/lib/aarch64-linux-gnu
no-default-features: false
args: '-F static,vendored'
rust_flags: -C target-feature=+crt-static
static_libseccomp: true
- os: ubuntu-24.04
os-arch: riscv64
target: riscv64gc-unknown-linux-gnu
arch: riscv64
libpath: usr/lib/riscv64-linux-gnu
args: '-F ebpf,vendored-libbpf'
no-default-features: true
- os: ubuntu-24.04
os-arch: riscv64
target: riscv64gc-unknown-linux-gnu
arch: riscv64
libpath: usr/lib/riscv64-linux-gnu
args: '-F ebpf,static,vendored'
no-default-features: true
rust_flags: -C target-feature=+crt-static
static_libseccomp: true
runs-on: ${{ matrix.os }}
env:
RUSTFLAGS: ${{ matrix.rust_flags }}
LIBSECCOMP_LINK_TYPE: ${{ matrix.static_libseccomp && 'static' || 'dylib' }}
LIBSECCOMP_LIB_PATH: ${{ matrix.static_libseccomp && format('/{0}', matrix.libpath) || '/this/path/does/not/exist' }}
# LIBBPF_SYS_LIBRARY_PATH: ${{ github.workspace }}/3rdparty/${{ matrix.arch }}/${{ matrix.libpath }}
# LIBBPF_SYS_EXTRA_CFLAGS: -I ${{ github.workspace }}/3rdparty/${{ matrix.arch }}/usr/include
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Rust
uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.80"
targets: ${{ matrix.target }}
components: rustfmt
- name: Install cross-compilation tools
uses: taiki-e/setup-cross-toolchain-action@v1
with:
target: ${{ matrix.target }}
- name: Add apt sources for ${{ matrix.os-arch }}
if: matrix.os-arch != 'amd64'
run: |
dpkg --add-architecture ${{ matrix.os-arch }}
release=$(. /etc/os-release && echo "$UBUNTU_CODENAME")
sed -i '/Types: deb/aArchitectures: amd64' /etc/apt/sources.list.d/ubuntu.sources
printf 'deb [arch=${{ matrix.os-arch }}] http://ports.ubuntu.com/ %s main restricted\n' \
$release $release-updates $release-security \
>> /etc/apt/sources.list
shell: sudo sh -e {0}
- name: Install build dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y build-essential autopoint gettext libelf-dev zlib1g-dev \
&& apt-get download -y
libelf-dev:${{ matrix.os-arch }} zlib1g-dev:${{ matrix.os-arch }} \
libseccomp2:${{ matrix.os-arch }} libseccomp-dev:${{ matrix.os-arch }} \
&& find -name '*.deb' -exec sudo dpkg --force-depends -i {} \;
# - name: Prepare libelf and zlib
# run: 3rdparty/prepare-native-dependencies.sh ${{ matrix.arch }}
- name: Cache Cargo dependencies
uses: Swatinem/rust-cache@v2
- name: Run cargo build with default features
run: cargo build --bins --tests --target ${{ matrix.target }} ${{ matrix.args }}
- name: Run cargo check with default features
run: cargo check --target ${{ matrix.target }} ${{ matrix.args }}
env:
RUST_BACKTRACE: full
- name: Run cargo test with default features
if: matrix.target == 'x86_64-unknown-linux-gnu' || matrix.target == 'x86_64-unknown-linux-musl'
run: cargo test --target ${{ matrix.target }} ${{ matrix.args }}
env:
RUST_BACKTRACE: full