Skip to content

Update Rust to 1.81 following CVE #731

Update Rust to 1.81 following CVE

Update Rust to 1.81 following CVE #731

Workflow file for this run

name: Build release (from macOS)
on:
workflow_dispatch:
inputs:
mavenPublish:
description: "Publish artifacts to Maven Central? non-empty to publish, empty to skip publish"
required: false
type: string
schedule:
- cron: "0 0 * * *"
pull_request:
branches:
- "**"
push:
branches:
- main
env:
ALL_ARCHS: 1
RELEASE: 1
CARGO_PROFILE_RELEASE_LTO: fat
ANDROID_NDK_VERSION: "27.0.12077973"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event.inputs.mavenPublish }}-release
cancel-in-progress: true
jobs:
build:
runs-on: macos-14
timeout-minutes: 180
steps:
- uses: actions/checkout@v4
- name: Fetch submodules
run: git submodule update --init
- name: Install/Set NDK version
run: |
export PATH="$PATH:$ANDROID_HOME/cmdline-tools/latest/bin"
./.github/scripts/install_ndk.sh ${ANDROID_NDK_VERSION}
./.github/scripts/purge_ndk.sh ${ANDROID_NDK_VERSION}
export ANDROID_NDK_LATEST_HOME="${ANDROID_SDK_ROOT}/ndk/${ANDROID_NDK_VERSION}"
echo "ANDROID_NDK_HOME=$ANDROID_NDK_LATEST_HOME" >> $GITHUB_ENV
echo "ANDROID_NDK_ROOT=$ANDROID_NDK_LATEST_HOME" >> $GITHUB_ENV
- name: Configure JDK
uses: actions/setup-java@v4
with:
distribution: "temurin"
java-version: "21" # matches Anki-Android
- name: Install Windows cross compiler
run: brew install mingw-w64 && x86_64-w64-mingw32-gcc -v
- name: Install Linux cross compiler
run: |
brew tap SergioBenitez/osxct
brew install x86_64-unknown-linux-gnu
x86_64-unknown-linux-gnu-gcc -v
- name: Restore Rust Cache
uses: actions/cache/restore@v4
with:
path: |
~/.cargo/registry
~/.cargo/git
target
anki/out/rust
anki/out/extracted
anki/out/node_modules
key: ${{ runner.os }}-rust-release-v7-${{ hashFiles('Cargo.lock') }}-${{ hashFiles('anki/yarn.lock') }}
restore-keys: |
${{ runner.os }}-rust-release-v7
- name: Setup N2
run: ./anki/tools/install-n2
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
timeout-minutes: 5
with:
# Only write to the cache for builds on the 'main' branches, stops branches evicting main cache
# Builds on other branches will only read from main branch cache writes
# Comment this and the with: above out for performance testing on a branch
cache-read-only: ${{ github.ref != 'refs/heads/main' }}
gradle-home-cache-cleanup: true
- name: Build all
run: ./build.sh
- name: Upload rsdroid AAR as artifact
uses: actions/upload-artifact@v4
with:
name: rsdroid-aar
if-no-files-found: error
path: rsdroid/build/outputs/aar
- name: Upload rsdroid-robo JAR as artifact
uses: actions/upload-artifact@v4
with:
name: rsdroid-robo
if-no-files-found: error
path: rsdroid-testing/build/libs
# following steps only run on workflow dispatch
- name: Publish AAR to Maven
if: "${{ github.event.inputs.mavenPublish != '' && github.event_name == 'workflow_dispatch'}}"
env:
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }}
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
run: |
./gradlew rsdroid:publishAllPublicationsToMavenCentral -DtestBuildType=release -Dorg.gradle.daemon=false -Dorg.gradle.console=plain
- name: Publish JAR to Maven
if: "${{ github.event.inputs.mavenPublish != '' && github.event_name == 'workflow_dispatch'}}"
env:
ORG_GRADLE_PROJECT_signingInMemoryKey: ${{ secrets.SIGNING_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingInMemoryKeyPassword: ${{ secrets.SIGNING_PASSWORD }}
ORG_GRADLE_PROJECT_mavenCentralUsername: ${{ secrets.MAVEN_CENTRAL_USERNAME }}
ORG_GRADLE_PROJECT_mavenCentralPassword: ${{ secrets.MAVEN_CENTRAL_PASSWORD }}
run: |
export ANKIDROID_LINUX_CC=x86_64-unknown-linux-gnu-gcc
export ANKIDROID_MACOS_CC=cc
export RUST_DEBUG=1
export RUST_BACKTRACE=1
export RUST_LOG=trace
export NO_CROSS=true
./gradlew rsdroid-testing:publishAllPublicationsToMavenCentral -Dorg.gradle.project.macCC=$ANKIDROID_MACOS_CC -DtestBuildType=debug -Dorg.gradle.daemon=false -Dorg.gradle.console=plain
- name: Save Rust Cache
uses: actions/cache/save@v4
if: github.ref == 'refs/heads/main'
with:
path: |
~/.cargo/registry
~/.cargo/git
target
anki/out/rust
anki/out/download
anki/out/node_modules
key: ${{ runner.os }}-rust-release-v7-${{ hashFiles('Cargo.lock') }}-${{ hashFiles('anki/yarn.lock') }}