diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml index 91e16abad..d39d23289 100644 --- a/.github/workflows/check.yml +++ b/.github/workflows/check.yml @@ -26,14 +26,31 @@ concurrency: permissions: contents: read +defaults: + run: + shell: bash + jobs: + toolchains: + runs-on: ubuntu-latest + outputs: + toolchains: ${{ steps.toolchains.outputs.toolchains }} + steps: + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + with: + sparse-checkout: Cargo.toml + - id: toolchains + run: | + msrv="$(grep rust-version Cargo.toml | tr -d '"' | cut -f3 -d\ )" + echo "toolchains=[\"$msrv\", \"stable\", \"nightly\"]" >> "$GITHUB_OUTPUT" + check: + needs: toolchains strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-latest, windows-latest] - # Keep in sync with Cargo.toml - rust-toolchain: [1.76.0, stable, nightly] + rust-toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }} type: [debug] include: - os: ubuntu-latest @@ -42,9 +59,6 @@ jobs: env: BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }} runs-on: ${{ matrix.os }} - defaults: - run: - shell: bash steps: - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 @@ -52,7 +66,7 @@ jobs: - uses: ./.github/actions/rust with: version: ${{ matrix.rust-toolchain }} - components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools-preview' || matrix.rust-toolchain == 'nightly' && 'rust-src' || '' }} + components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools-preview' || '' }} tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov, ' || '' }} cargo-nextest token: ${{ secrets.GITHUB_TOKEN }} @@ -106,28 +120,6 @@ jobs: CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable' - - name: Run tests with sanitizers - if: (matrix.os == 'ubuntu-latest' || matrix.os == 'macos-latest') && matrix.rust-toolchain == 'nightly' - env: - RUST_LOG: trace - run: | - if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then - TARGET="x86_64-unknown-linux-gnu" - SANITIZERS="address thread leak" - elif [ "${{ matrix.os }}" = "macos-latest" ]; then - TARGET="aarch64-apple-darwin" - # no leak sanitizer support yet - SANITIZERS="address thread" - fi - for sanitizer in $SANITIZERS; do - echo "Running tests with $sanitizer sanitizer..." - # shellcheck disable=SC2078 - if [ "${{ env.DUMP_SIMULATION_SEEDS }}" ]; then - export DUMP_SIMULATION_SEEDS="${{ env.DUMP_SIMULATION_SEEDS }}/sanitizer/$sanitizer" - fi - RUSTFLAGS="-Z sanitizer=$sanitizer" RUSTDOCFLAGS="-Z sanitizer=$sanitizer" cargo +nightly nextest run -Z build-std --features ci --target "$TARGET" - done - - name: Save simulation seeds artifact if: env.DUMP_SIMULATION_SEEDS uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0 diff --git a/.github/workflows/sanitize.yml b/.github/workflows/sanitize.yml new file mode 100644 index 000000000..0752c7e30 --- /dev/null +++ b/.github/workflows/sanitize.yml @@ -0,0 +1,78 @@ +name: Sanitize +on: + push: + branches: ["main"] + paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"] + pull_request: + branches: ["main"] + paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"] + merge_group: + workflow_dispatch: +env: + CARGO_TERM_COLOR: always + RUST_BACKTRACE: 1 + +concurrency: + group: ${{ github.workflow }}-${{ github.ref_name }} + cancel-in-progress: true + +permissions: + contents: read + +defaults: + run: + shell: bash + +jobs: + sanitize: + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest] # No Windows support for sanitizers. + sanitizer: [address, thread, leak] # TODO: memory + exclude: + # Memory and leak sanitizers are not supported on macOS. + - os: macos-latest + sanitizer: leak + # - os: macos-latest + # sanitizer: memory + runs-on: ${{ matrix.os }} + + steps: + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 + - uses: ./.github/actions/rust + with: + version: nightly + components: rust-src + tools: cargo-nextest + token: ${{ secrets.GITHUB_TOKEN }} + + - id: nss-version + run: echo "minimum=$(cat neqo-crypto/min_version.txt)" >> "$GITHUB_OUTPUT" + + - uses: ./.github/actions/nss + with: + minimum-version: ${{ steps.nss-version.outputs.minimum }} + + - name: Run tests with sanitizers + env: + RUST_LOG: trace + RUSTFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" + RUSTDOCFLAGS: "-Z sanitizer=${{ matrix.sanitizer }}" + ASAN_OPTIONS: detect_leaks=1:detect_stack_use_after_return=1 + run: | + if [ "${{ matrix.os }}" = "ubuntu-latest" ]; then + sudo apt-get install -y --no-install-recommends llvm + TARGET="x86_64-unknown-linux-gnu" + elif [ "${{ matrix.os }}" = "macos-latest" ]; then + # llvm-symbolizer (as part of llvm) is installed by default on macOS runners + TARGET="aarch64-apple-darwin" + # Suppress non-neqo leaks on macOS. TODO: Check occasionally if these are still needed. + { + echo "leak:dyld4::RuntimeState" + echo "leak:fetchInitializingClassList" + } > suppressions.txt + PWD=$(pwd) + export LSAN_OPTIONS="suppressions=$PWD/suppressions.txt" + fi + cargo nextest run -Z build-std --features ci --target "$TARGET" diff --git a/Cargo.toml b/Cargo.toml index 5a0a3d1aa..5b7d52158 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -26,7 +26,6 @@ edition = "2021" license = "MIT OR Apache-2.0" # Don't increase beyond what Firefox is currently using: # https://searchfox.org/mozilla-central/search?q=MINIMUM_RUST_VERSION&path=python/mozboot/mozboot/util.py -# Keep in sync with .github/workflows/check.yml rust-version = "1.76.0" [workspace.dependencies]