crypto: replace ring AEAD API for header protection #5801
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
on: [push, pull_request] | |
name: Stable | |
env: | |
RUSTFLAGS: "-D warnings" | |
RUSTTOOLCHAIN: "stable" | |
jobs: | |
quiche: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
tls-feature: | |
- "" # default, boringssl-vendored | |
- "boringssl-boring-crate" | |
- "openssl" | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTTOOLCHAIN }} | |
components: clippy | |
- name: Unused dependency check | |
if: ${{ matrix.tls-feature == '' }} | |
uses: bnjbvr/cargo-machete@main | |
- name: Build OpenSSL | |
if: ${{ matrix.tls-feature == 'openssl' }} | |
run: | | |
git clone https://github.com/quictls/openssl | |
cd openssl | |
./Configure --prefix="$PWD/install" | |
make -j"$(nproc)" | |
make install -j"$(nproc)" | |
echo "PKG_CONFIG_PATH=$PWD" >> "$GITHUB_ENV" | |
echo "LD_LIBRARY_PATH=$PWD" >> "$GITHUB_ENV" | |
- name: Run cargo test | |
run: cargo test --verbose --all-targets --features=ffi,qlog,${{ matrix.tls-feature }} | |
# Need to run doc tests separately. | |
# (https://github.com/rust-lang/cargo/issues/6669) | |
- name: Run cargo doc test | |
run: cargo test --verbose --doc --features=ffi,qlog,${{ matrix.tls-feature }} | |
# NOTE: this is disabled as it fails when building changes that bump | |
# version of local crates (e.g. when doing a `qlog` release) that have not | |
# been published yet, and we couldn't find a workaround. | |
# | |
# - name: Run cargo package | |
# run: cargo package --verbose --workspace --exclude=quiche_apps --allow-dirty | |
- name: Run cargo clippy | |
run: cargo clippy --features=ffi,qlog,${{ matrix.tls-feature }} -- -D warnings | |
- name: Run cargo clippy on examples | |
run: cargo clippy --examples --features=ffi,qlog,${{ matrix.tls-feature }} -- -D warnings | |
- name: Run cargo doc | |
run: cargo doc --no-deps --all-features --document-private-items | |
- name: Build C examples | |
run: | | |
sudo apt-get install libev-dev uthash-dev | |
make -C quiche/examples | |
quiche_macos: | |
strategy: | |
matrix: | |
target: | |
- "macos-13" # Intel (x86_64) | |
- "macos-latest" # Apple Silicon (M1) | |
runs-on: ${{ matrix.target }} | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTTOOLCHAIN }} | |
- name: Run cargo test | |
run: cargo test --verbose --all-targets --features ffi,qlog | |
- name: Build C examples | |
run: | | |
brew install libev uthash | |
make -C quiche/examples | |
quiche_ios: | |
runs-on: macos-latest | |
strategy: | |
matrix: | |
target: ["x86_64-apple-ios", "aarch64-apple-ios"] | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
env: | |
IPHONEOS_DEPLOYMENT_TARGET: "10.0" | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTTOOLCHAIN }} | |
targets: ${{ matrix.target }} | |
- name: Remove cdylib from iOS build | |
run: | | |
sed -i -e 's/, "cdylib"//g' quiche/Cargo.toml | |
- name: Run cargo build | |
run: cargo build --target=${{ matrix.target }} --verbose | |
quiche_windows: | |
runs-on: windows-2019 | |
strategy: | |
matrix: | |
target: ["x86_64-pc-windows-msvc", "i686-pc-windows-msvc", "x86_64-pc-windows-gnu", "i686-pc-windows-gnu"] | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTTOOLCHAIN }} | |
targets: ${{ matrix.target }} | |
- name: Set default toolchain | |
run: rustup default ${{ env.RUSTTOOLCHAIN }}-${{ matrix.target }} | |
- name: Set up MinGW for 64 bit | |
if: matrix.target == 'x86_64-pc-windows-gnu' | |
uses: bwoodsend/[email protected] | |
with: | |
tag: 12.2.0-16.0.0-10.0.0-msvcrt-r5 | |
- name: Set up MinGW for 32 bit | |
if: matrix.target == 'i686-pc-windows-gnu' | |
uses: bwoodsend/[email protected] | |
with: | |
architecture: i686 | |
tag: 12.2.0-16.0.0-10.0.0-msvcrt-r5 | |
- name: Install dependencies | |
uses: crazy-max/ghaction-chocolatey@v3 | |
with: | |
args: install nasm | |
- name: Run cargo build | |
if: endsWith(matrix.target, '-gnu') | |
run: cargo build --target=${{ matrix.target }} --verbose --all-targets --features=ffi,qlog | |
- name: Run cargo test | |
if: endsWith(matrix.target, '-msvc') | |
run: cargo test --target=${{ matrix.target }} --verbose --all-targets --features=ffi,qlog | |
quiche_multiarch: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
target: ["aarch64-unknown-linux-gnu","armv7-unknown-linux-gnueabihf","i686-unknown-linux-gnu"] | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTTOOLCHAIN }} | |
- name: Install cargo-binstall | |
uses: cargo-bins/cargo-binstall@main | |
- name: Install cross | |
run: cargo-binstall -y cross | |
- name: Run cargo test using cross | |
run: cross test --target=${{ matrix.target }} --verbose --all-targets --features=ffi,qlog | |
http3_test: | |
runs-on: ubuntu-latest | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Install stable toolchain | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTTOOLCHAIN }} | |
components: clippy | |
- name: Run cargo test | |
run: cargo test --no-run --verbose --manifest-path=tools/http3_test/Cargo.toml | |
- name: Run cargo clippy | |
run: cargo clippy --manifest-path=tools/http3_test/Cargo.toml -- -D warnings | |
docker: | |
runs-on: ubuntu-latest | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Build Docker images | |
run: make docker-build | |
android_ndk_lts: | |
runs-on: ubuntu-latest | |
env: | |
API_LEVEL: "21" | |
strategy: | |
matrix: | |
target: ["aarch64-linux-android","armv7-linux-androideabi","x86_64-linux-android","i686-linux-android"] | |
include: | |
- target: "aarch64-linux-android" | |
arch: "arm64-v8a" | |
- target: "armv7-linux-androideabi" | |
arch: "armeabi-v7a" | |
- target: "x86_64-linux-android" | |
arch: "x86_64" | |
- target: "i686-linux-android" | |
arch: "x86" | |
# Only run on "pull_request" event for external PRs. This is to avoid | |
# duplicate builds for PRs created from internal branches. | |
if: github.event_name == 'push' || github.event.pull_request.head.repo.full_name != github.repository | |
steps: | |
- name: Checkout sources | |
uses: actions/checkout@v4 | |
with: | |
submodules: 'recursive' | |
- name: Install stable toolchain for the target | |
uses: dtolnay/rust-toolchain@master | |
with: | |
toolchain: ${{ env.RUSTTOOLCHAIN }} | |
targets: ${{ matrix.target }} | |
- name: Install cargo-ndk | |
run: cargo install cargo-ndk | |
- name: Run cargo ndk | |
run: cargo ndk --manifest-path quiche/Cargo.toml -t ${{ matrix.arch }} -p ${{ env.API_LEVEL }} -- build --verbose --features ffi |