Skip to content

don't pin protoc version #59

don't pin protoc version

don't pin protoc version #59

name: Build and Test
on:
push:
branches: [ main ]
pull_request: # all target branches
env:
CARGO_TERM_COLOR: always
NDK_VERSION: 27.0.12077973
RUST_BACKTRACE: 1
LIBSIGNAL_MINIMUM_SUPPORTED_RUST_VERSION: 1.75
# For dev builds, include limited debug info in the output. See
# https://doc.rust-lang.org/cargo/reference/profiles.html#debug
CARGO_PROFILE_DEV_DEBUG: limited
jobs:
changes:
name: Classify changes
permissions:
# Needed for dorny/paths-filter
contents: read
pull-requests: read
runs-on: ubuntu-20.04
outputs:
rust: ${{ steps.filter.outputs.rust }}
java: ${{ steps.filter.outputs.java }}
node: ${{ steps.filter.outputs.node }}
swift: ${{ steps.filter.outputs.swift }}
rust_ios: ${{ steps.filter.outputs.rust_ios }}
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- uses: dorny/paths-filter@0bc4621a3135347011ad047f9ecf449bf72ce2bd # v3.0
id: filter
with:
filters: |
all: &all
- '.github/workflows/build_and_test.yml'
- 'bin/**'
- 'rust/*'
- 'rust/!(bridge|protocol)/**'
- 'rust/bridge/shared/**'
- 'rust/protocol/*'
- 'rust/protocol/!(cross-version-testing)/**'
- 'rust-toolchain'
- 'Cargo.toml'
- 'Cargo.lock'
rust:
- *all
- '.clippy.toml'
- '.rustfmt.license-template'
- '.rustfmt.toml'
- 'acknowledgments/**'
- 'rust/**' # deliberately re-include rust/bridge/* and rust/protocol/cross-version-testing
java:
- *all
- '.dockerignore'
- 'java/**'
- 'rust/bridge/jni/**'
node:
- *all
- '.nvmrc'
- '.prettierrc.js'
- 'node/**'
- 'rust/bridge/node/**'
rust_ios: &rust_ios
- *all
- 'rust/bridge/ffi/**'
swift:
- *rust_ios
- 'swift/**'
- 'LibSignalClient.podspec'
ignored:
- 'LICENSE'
- '*.md'
- '.github/FUNDING.yml'
- '.github/stale.yml'
- '.github/workflows/**'
- '.gitignore'
- '.gitattributes'
- '.editorconfig'
- 'justfile'
- name: Check pattern completeness
run: echo "::error file=.github/workflows/build_and_test.yml::File not included in any filter" && false
if: ${{ !contains(steps.filter.outputs.*, 'true') }}
rust:
name: Rust
runs-on: ubuntu-20.04
needs: changes
if: ${{ needs.changes.outputs.rust == 'true' }}
strategy:
fail-fast: false
matrix:
version: [nightly, stable]
include:
- version: nightly
toolchain: "$(cat rust-toolchain)"
cargo-keep-going: "--keep-going"
- version: stable
toolchain: "${LIBSIGNAL_MINIMUM_SUPPORTED_RUST_VERSION}"
# Remove this switch once our MSRV is at least 1.74, which stablilized the --keep-going flag.
cargo-keep-going: ""
timeout-minutes: 45
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- run: sudo apt-get update && sudo apt-get install protobuf-compiler
- run: rustup toolchain install ${{ matrix.toolchain }} --profile minimal --component rustfmt,clippy
- name: Cache locally-built tools
uses: actions/cache@ab5e6d0c87105b4c9c2047343972218f562e4319 # v4.0.1
with:
path: local-tools
key: ${{ runner.os }}-local-tools-${{ matrix.version }}-${{ hashFiles('acknowledgments/cargo-about-version', '.taplo-cli-version') }}
- name: Build cargo-about if needed
run: cargo +stable install --version $(cat acknowledgments/cargo-about-version) --locked cargo-about --root local-tools
if: matrix.version == 'nightly'
- name: Build taplo-cli if needed
run: cargo +stable install --version $(cat .taplo-cli-version) --locked taplo-cli --root local-tools
if: matrix.version == 'nightly'
# This should be done before anything else
# because it also checks that the lockfile is up to date.
- name: Check for duplicate dependencies
run: ./bin/verify_duplicate_crates
if: matrix.version == 'nightly'
- name: Cargo.toml formatting check
run: PATH="$PATH:$PWD/local-tools/bin" taplo format -c .taplo.toml --check
if: matrix.version == 'nightly'
- name: Rustfmt check
run: cargo fmt --all -- --check
if: matrix.version == 'nightly'
- name: Rustfmt check for cross-version-testing
run: cargo fmt --all -- --check
working-directory: rust/protocol/cross-version-testing
if: matrix.version == 'nightly'
- name: Check bridge versioning
run: ./bin/update_versions.py
if: matrix.version == 'nightly'
- name: Check acknowledgments
run: PATH="$PATH:$PWD/local-tools/bin" ./bin/regenerate_acknowledgments.sh && git diff --name-status --exit-code acknowledgments
if: matrix.version == 'nightly'
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Build
run: cargo +${{ matrix.toolchain }} build --workspace --features libsignal-ffi/signal-media --verbose ${{ matrix.cargo-keep-going }}
- name: Run tests
run: cargo +${{ matrix.toolchain }} test --workspace --all-features --verbose --no-fail-fast -- --include-ignored
- name: Test run benches
run: cargo +${{ matrix.toolchain }} test --workspace --benches --all-features --verbose --no-fail-fast
- name: Build bins and examples
run: cargo +${{ matrix.toolchain }} build --workspace --bins --examples --all-features --verbose ${{ matrix.cargo-keep-going }}
- name: Clippy
run: cargo clippy --workspace --all-targets --all-features ${{ matrix.cargo-keep-going }} -- -D warnings
if: matrix.version == 'nightly'
- name: Rust docs
run: cargo +${{ matrix.toolchain }} doc --workspace --all-features ${{ matrix.cargo-keep-going }}
if: matrix.version == 'stable'
env:
RUSTFLAGS: -D warnings
# We check the fuzz targets on stable because they don't have lockfiles,
# and crates don't generally support arbitrary nightly versions.
# See https://github.com/dtolnay/proc-macro2/issues/307 for an example.
- name: Check that the protocol fuzz target still builds
run: cargo +${{ matrix.toolchain }} check --all-targets ${{ matrix.cargo-keep-going }}
working-directory: rust/protocol/fuzz
env:
RUSTFLAGS: --cfg fuzzing
if: matrix.version == 'stable'
- name: Check that the attest fuzz target still builds
run: cargo +${{ matrix.toolchain }} check --all-targets ${{ matrix.cargo-keep-going }}
working-directory: rust/attest/fuzz
env:
RUSTFLAGS: --cfg fuzzing
if: matrix.version == 'stable'
rust32:
name: Rust (32-bit testing)
runs-on: ubuntu-20.04
needs: changes
if: ${{ needs.changes.outputs.rust == 'true' }}
strategy:
fail-fast: false
matrix:
version: [nightly, stable]
include:
- version: nightly
toolchain: "$(cat rust-toolchain)"
- version: stable
toolchain: "${LIBSIGNAL_MINIMUM_SUPPORTED_RUST_VERSION}"
timeout-minutes: 45
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- run: sudo apt-get update && sudo apt-get install gcc-multilib g++-multilib protobuf-compiler
- run: rustup toolchain install ${{ matrix.toolchain }} --profile minimal --target i686-unknown-linux-gnu
- name: Run tests (32-bit)
# Exclude signal-neon-futures because those tests run Node
run: cargo +${{ matrix.toolchain }} test --workspace --all-features --verbose --target i686-unknown-linux-gnu --exclude signal-neon-futures --no-fail-fast -- --include-ignored
java:
name: Java
runs-on: ubuntu-20.04
needs: changes
permissions:
# Needed for check_code_size.py to examine previous runs.
actions: read
contents: read
if: ${{ needs.changes.outputs.java == 'true' }}
timeout-minutes: 45
steps:
- run: echo "JAVA_HOME=$JAVA_HOME_17_X64" >> "$GITHUB_ENV"
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
# Download all commits so we can search for the merge base with origin/main.
fetch-depth: 0
- name: Install NDK
run: sudo ${ANDROID_SDK_ROOT}/cmdline-tools/latest/bin/sdkmanager --install "ndk;${NDK_VERSION}"
- run: sudo apt-get update && sudo apt-get install protobuf-compiler
- run: cargo +stable install cbindgen
- run: rustup toolchain install $(cat rust-toolchain) --profile minimal --target aarch64-linux-android,armv7-linux-androideabi,x86_64-linux-android,i686-linux-android
- name: Install Protoc
uses: arduino/setup-protoc@v3
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Verify that the JNI bindings are up to date
run: rust/bridge/jni/bin/gen_java_decl.py --verify
- run: ./gradlew build assembleDebugAndroidTest android:lintDebug -PandroidArchs=arm,arm64 | tee ./gradle-output.txt
working-directory: java
shell: bash # Explicitly setting the shell turns on pipefail in GitHub Actions
# Check for -Xcheck:jni warnings manually; Gradle doesn't capture them for some reason.
- run: "! grep WARNING ./gradle-output.txt"
working-directory: java
- run: java/check_code_size.py | tee ./check_code_size-output.txt
env:
GH_TOKEN: ${{ github.token }}
- run: grep -v -F '***' ./check_code_size-output.txt >> $GITHUB_STEP_SUMMARY
node:
name: Node
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-20.04, windows-latest, macos-latest]
needs: changes
if: ${{ needs.changes.outputs.node == 'true' }}
timeout-minutes: 45
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- run: rustup toolchain install $(cat rust-toolchain) --profile minimal
# install nasm compiler for boring
- name: Install nasm
if: startsWith(matrix.os, 'windows')
run: choco install nasm
shell: cmd
- run: sudo apt-get update && sudo apt-get install protobuf-compiler
if: matrix.os == 'ubuntu-20.04'
- run: choco install protoc
if: matrix.os == 'windows-latest'
- run: brew install protobuf
if: matrix.os == 'macos-latest'
- uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4.0.2
with:
node-version-file: '.nvmrc'
- name: Verify that the Node bindings are up to date
run: rust/bridge/node/bin/gen_ts_decl.py --verify
if: matrix.os == 'ubuntu-20.04'
- run: npm ci
working-directory: node
- run: npx node-gyp rebuild
working-directory: node
- run: npm run tsc
working-directory: node
- run: npm run lint
if: matrix.os == 'ubuntu-20.04'
working-directory: node
- run: npm run format -c
if: matrix.os == 'ubuntu-20.04'
working-directory: node
- run: npm run test
working-directory: node
swift_package:
name: Swift Package
runs-on: ubuntu-20.04
needs: changes
if: ${{ needs.changes.outputs.swift == 'true' }}
timeout-minutes: 45
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- run: rustup toolchain install $(cat rust-toolchain) --profile minimal
- run: sudo apt-get update && sudo apt-get install protobuf-compiler
- run: cargo +stable install cbindgen
- run: swift/verify_error_codes.sh
- name: Build libsignal-ffi
run: swift/build_ffi.sh -d -v --verify-ffi
- name: Build Swift and run tests
run: swift test -v
working-directory: swift
- name: Build and run Swift benchmarks (in debug mode)
run: swift run -v Benchmarks --allow-debug-build
working-directory: swift/Benchmarks
# Disabled for now, broken on Linux in the Swift 6.0 release.
# See https://forums.swift.org/t/generate-documentation-failing-for-swift-6-pre-release/74534
# - name: Build Swift package documentation
# run: swift package plugin generate-documentation --analyze --warnings-as-errors
# working-directory: swift
swift_cocoapod:
name: Swift CocoaPod
runs-on: macos-latest
needs: changes
if: ${{ needs.changes.outputs.swift == 'true' }}
timeout-minutes: 45
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
with:
submodules: recursive
- run: brew install protobuf swiftlint
- name: Check formatting
run: swiftformat --swiftversion 5 --reporter github-actions-log --lint .
working-directory: swift
- name: Run lint
run: swiftlint lint --strict --reporter github-actions-logging
working-directory: swift
- run: rustup toolchain install $(cat rust-toolchain) --profile minimal --target x86_64-apple-ios,aarch64-apple-ios-sim
# Build only the targets that `pod lib lint` will test building.
- name: Build for x86_64-apple-ios
run: swift/build_ffi.sh --release
env:
CARGO_BUILD_TARGET: x86_64-apple-ios
- name: Build for aarch64-apple-ios-sim
run: swift/build_ffi.sh --release
env:
CARGO_BUILD_TARGET: aarch64-apple-ios-sim
- name: Run pod lint
run: pod lib lint --verbose --platforms=ios