diff options
Diffstat (limited to '.github/workflows/ci.yml')
-rw-r--r-- | .github/workflows/ci.yml | 89 |
1 files changed, 52 insertions, 37 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9c1e563d..bf8c2004 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,6 +6,27 @@ on: - master schedule: - cron: '00 01 * * *' + +# The section is needed to drop write-all permissions that are granted on +# `schedule` event. By specifying any permission explicitly all others are set +# to none. By using the principle of least privilege the damage a compromised +# workflow can do (because of an injection or compromised third party tool or +# action) is restricted. Currently the worklow doesn't need any additional +# permission except for pulling the code. Adding labels to issues, commenting +# on pull-requests, etc. may need additional permissions: +# +# Syntax for this section: +# https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions +# +# Reference for how to assign permissions on a job-by-job basis: +# https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs +# +# Reference for available permissions that we can enable if needed: +# https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token +permissions: + # to fetch code (actions/checkout) + contents: read + jobs: test: name: test @@ -14,32 +35,21 @@ jobs: # systems. CARGO: cargo # When CARGO is set to CROSS, this is set to `--target matrix.target`. + # Note that we only use cross on Linux, so setting a target on a + # different OS will just use normal cargo. TARGET_FLAGS: # When CARGO is set to CROSS, TARGET_DIR includes matrix.target. TARGET_DIR: ./target + # Bump this as appropriate. We pin to a version to make sure CI + # continues to work as cross releases in the past have broken things + # in subtle ways. + CROSS_VERSION: v0.2.5 # Emit backtraces on panics. RUST_BACKTRACE: 1 runs-on: ${{ matrix.os }} strategy: + fail-fast: false matrix: - build: - # We test ripgrep on a pinned version of Rust, along with the moving - # targets of 'stable' and 'beta' for good measure. - - pinned - - stable - - beta - # Our release builds are generated by a nightly compiler to take - # advantage of the latest optimizations/compile time improvements. So - # we test all of them here. (We don't do mips releases, but test on - # mips for big-endian coverage.) - - nightly - - nightly-musl - - nightly-32 - - nightly-mips - - nightly-arm - - macos - - win-msvc - - win-gnu include: - build: pinned os: ubuntu-latest @@ -53,27 +63,26 @@ jobs: - build: nightly os: ubuntu-latest rust: nightly - - build: nightly-musl + - build: stable-musl os: ubuntu-latest - rust: nightly + rust: stable target: x86_64-unknown-linux-musl - - build: nightly-32 + - build: stable-x86 os: ubuntu-latest - rust: nightly + rust: stable target: i686-unknown-linux-gnu - - build: nightly-mips + - build: stable-aarch64 os: ubuntu-latest - rust: nightly - target: mips64-unknown-linux-gnuabi64 - - build: nightly-arm + rust: stable + target: aarch64-unknown-linux-gnu + - build: stable-powerpc64 os: ubuntu-latest - rust: nightly - # For stripping release binaries: - # docker run --rm -v $PWD/target:/target:Z \ - # rustembedded/cross:arm-unknown-linux-gnueabihf \ - # arm-linux-gnueabihf-strip \ - # /target/arm-unknown-linux-gnueabihf/debug/rg - target: arm-unknown-linux-gnueabihf + rust: stable + target: powerpc64-unknown-linux-gnu + - build: stable-s390x + os: ubuntu-latest + rust: stable + target: s390x-unknown-linux-gnu - build: macos os: macos-latest rust: nightly @@ -103,9 +112,17 @@ jobs: toolchain: ${{ matrix.rust }} - name: Use Cross - if: matrix.target != '' + if: matrix.os == 'ubuntu-latest' && matrix.target != '' run: | - cargo install cross + # In the past, new releases of 'cross' have broken CI. So for now, we + # pin it. We also use their pre-compiled binary releases because cross + # has over 100 dependencies and takes a bit to compile. + dir="$RUNNER_TEMP/cross-download" + mkdir "$dir" + echo "$dir" >> $GITHUB_PATH + cd "$dir" + curl -LO "https://github.com/cross-rs/cross/releases/download/$CROSS_VERSION/cross-x86_64-unknown-linux-musl.tar.gz" + tar xf cross-x86_64-unknown-linux-musl.tar.gz echo "CARGO=cross" >> $GITHUB_ENV echo "TARGET_FLAGS=--target ${{ matrix.target }}" >> $GITHUB_ENV echo "TARGET_DIR=./target/${{ matrix.target }}" >> $GITHUB_ENV @@ -177,7 +194,6 @@ jobs: run: ci/test-complete rustfmt: - name: rustfmt runs-on: ubuntu-latest steps: - name: Checkout repository @@ -191,7 +207,6 @@ jobs: run: cargo fmt --all --check docs: - name: Docs runs-on: ubuntu-latest steps: - name: Checkout repository |