Skip to content
CI

build: Use system NSS when possible #1804

Sign in to view logs

build: Use system NSS when possible

build: Use system NSS when possible #1804

Workflow file for this run

.github/workflows/check.yml at 96112ba
name: CI
on:
push:
branches: ["main"]
paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"]
pull_request:
branches: ["main"]
paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"]
merge_group:
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
check:
name: Build & test
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-14, windows-latest]
# Don't increase beyond what Firefox is currently using:
# https://firefox-source-docs.mozilla.org/writing-rust-code/update-policy.html#schedule
rust-toolchain: [1.74.0, stable, nightly]
type: [debug]
include:
- os: ubuntu-latest
rust-toolchain: stable
type: release
env:
BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }}
runs-on: ${{ matrix.os }}
defaults:
run:
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install dependencies (Linux)
if: runner.os == 'Linux'
env:
DEBIAN_FRONTEND: noninteractive
run: |
sudo apt-get update
sudo apt-get install -y --no-install-recommends lld libnss3-dev
echo "RUSTFLAGS=-C link-arg=-fuse-ld=lld" >> "$GITHUB_ENV"
- name: Install dependencies (MacOS)
if: runner.os == 'MacOS'
run: |
brew update
brew install llvm nss
echo "/opt/homebrew/opt/llvm/bin" >> "$GITHUB_PATH"
echo "RUSTFLAGS=-C link-arg=-fuse-ld=lld" >> "$GITHUB_ENV"
- name: Install dependencies (Windows)
if: runner.os == 'Windows'
run: |
/c/msys64/usr/bin/pacman -Suy
/c/msys64/usr/bin/pacman -Ss nss
/c/msys64/usr/bin/pacman -S --noconfirm mingw-w64-x86_64-nss
- name: Set up MSVC build environment (Windows)
if: runner.os == 'Windows'
uses: ilammy/msvc-dev-cmd@v1
- name: Install Rust
uses: ./.github/actions/rust
with:
version: ${{ matrix.rust-toolchain }}
components: rustfmt, clippy, llvm-tools-preview
- name: Build
run: |
# shellcheck disable=SC2086
cargo +${{ matrix.rust-toolchain }} build $BUILD_TYPE --all-targets --features ci
- name: Run tests and determine coverage
run: |
# shellcheck disable=SC2086
cargo +${{ matrix.rust-toolchain }} llvm-cov nextest $BUILD_TYPE --all-targets --features ci --no-fail-fast --lcov --output-path lcov.info
cargo +${{ matrix.rust-toolchain }} bench --features bench --no-run
- name: Run client/server transfer
run: |
# shellcheck disable=SC2086
cargo +${{ matrix.rust-toolchain }} build $BUILD_TYPE --bin neqo-client --bin neqo-server
"target/$BUILD_DIR/neqo-server" "$HOST:4433" &
PID=$!
"target/$BUILD_DIR/neqo-client" --output-dir . "https://$HOST:4433/$SIZE"
kill $PID
[ "$(wc -c <"$SIZE")" -eq "$SIZE" ] || exit 1
env:
HOST: localhost
SIZE: 54321
RUST_LOG: warn
BUILD_DIR: ${{ matrix.type == 'release' && 'release' || 'debug' }}
- name: Check formatting
run: |
if [ "${{ matrix.rust-toolchain }}" != "nightly" ]; then
CONFIG_PATH="--config-path=$(mktemp)"
fi
# shellcheck disable=SC2086
cargo +${{ matrix.rust-toolchain }} fmt --all -- --check $CONFIG_PATH
if: success() || failure()
- name: Clippy
run: |
# Use cargo-hack to run clippy on each crate individually with its
# respective default features only. Can reveal warnings otherwise
# hidden given that a plain cargo clippy combines all features of the
# workspace. See e.g. https://github.com/mozilla/neqo/pull/1695.
cargo +${{ matrix.rust-toolchain }} hack clippy --all-targets -- -D warnings || ${{ matrix.rust-toolchain == 'nightly' }}
if: success() || failure()
- name: Check rustdoc links
run: cargo +${{ matrix.rust-toolchain }} doc --workspace --no-deps --document-private-items
env:
RUSTDOCFLAGS: "--deny rustdoc::broken_intra_doc_links --deny warnings"
if: success() || failure()
- name: Upload coverage reports to Codecov
uses: codecov/codecov-action@v4
with:
file: lcov.info
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable'
bench:
name: "Benchmark"
needs: [check]
uses: ./.github/workflows/bench.yml