Skip to content

security(net): Stop sending peer addresses from handshakes directly to the address book #317

security(net): Stop sending peer addresses from handshakes directly to the address book

security(net): Stop sending peer addresses from handshakes directly to the address book #317

Workflow file for this run

name: Build crates individually
# Ensures that only one workflow task will run at a time. Previous builds, if
# already in process, will get cancelled. Only the latest commit will be allowed
# to run, cancelling any workflows in between
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
cancel-in-progress: true
on:
workflow_dispatch:
push:
branches:
- main
paths:
# production code and test code
- '**/*.rs'
# dependencies
- '**/Cargo.toml'
- '**/Cargo.lock'
# configuration files
- '.cargo/config.toml'
- '**/clippy.toml'
# workflow definitions
- '.github/workflows/ci-build-crates.yml'
pull_request:
paths:
# production code and test code
- '**/*.rs'
# dependencies
- '**/Cargo.toml'
- '**/Cargo.lock'
# configuration files
- '.cargo/config.toml'
- '**/clippy.toml'
# workflow definitions
- '.github/workflows/ci-build-crates.yml'
env:
CARGO_INCREMENTAL: ${{ vars.CARGO_INCREMENTAL }}
RUST_LOG: ${{ vars.RUST_LOG }}
RUST_BACKTRACE: ${{ vars.RUST_BACKTRACE }}
RUST_LIB_BACKTRACE: ${{ vars.RUST_LIB_BACKTRACE }}
COLORBT_SHOW_HIDDEN: ${{ vars.COLORBT_SHOW_HIDDEN }}
jobs:
matrix:
name: Generate crates matrix
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- uses: actions/checkout@v4.1.1
- uses: r7kamura/rust-problem-matchers@v1.4.0
# Setup Rust with stable toolchain and minimal profile
- name: Setup Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=minimal
# This step is meant to dynamically create a JSON containing the values of each crate
# available in this repo in the root directory. We use `cargo tree` to accomplish this task.
#
# The result from `cargo tree` is then transform to JSON values between double quotes,
# and separated by commas, then added to a `crates.txt` and assigned to a $JSON_CRATES variable.
#
# A JSON object is created and assigned to a $MATRIX variable, which is use to create an output
# named `matrix`, which is then used as the input in following steps,
# using ` ${{ fromJson(needs.matrix.outputs.matrix) }}`
- id: set-matrix
name: Dynamically build crates JSON
run: |
TEMP_DIR=$(mktemp -d)
echo "$(cargo tree --depth 0 --edges no-normal,no-dev,no-build,no-proc-macro --prefix none | cut -d ' ' -f1 | sed '/^$/d' | awk '{ printf "\"%s\",\n", $0 }' | sed '$ s/.$//')" > $TEMP_DIR/crates.txt
MATRIX=$( (
echo '{ "crate" : ['
echo "$(cat $TEMP_DIR/crates.txt)"
echo " ]}"
) | jq -c .)
echo $MATRIX
echo $MATRIX | jq .
echo "matrix=$MATRIX" >> "$GITHUB_OUTPUT"
check-matrix:
name: Check crates matrix
runs-on: ubuntu-latest
needs: [ matrix ]
steps:
- name: Install json2yaml
run: |
sudo npm install -g json2yaml
- name: Check matrix definition
run: |
matrix='${{ needs.matrix.outputs.matrix }}'
echo $matrix
echo $matrix | jq .
echo $matrix | json2yaml
build:
name: Build ${{ matrix.crate }} crate
timeout-minutes: 90
needs: [ matrix, check-matrix ]
runs-on: ubuntu-latest
strategy:
# avoid rate-limit errors by only launching a few of these jobs at a time
max-parallel: 2
fail-fast: true
matrix: ${{ fromJson(needs.matrix.outputs.matrix) }}
steps:
- uses: actions/checkout@v4.1.1
with:
persist-credentials: false
- uses: r7kamura/rust-problem-matchers@v1.4.0
- name: Install last version of Protoc
uses: arduino/setup-protoc@v2.1.0
with:
# TODO: increase to latest version after https://github.com/arduino/setup-protoc/issues/33 is fixed
version: '23.x'
repo-token: ${{ secrets.GITHUB_TOKEN }}
# Setup Rust with stable toolchain and minimal profile
- name: Setup Rust
run: |
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=stable --profile=minimal
# We could use `features: ['', '--all-features', '--no-default-features']` as a matrix argument,
# but it's faster to run these commands sequentially, so they can re-use the local cargo cache.
#
# Some Zebra crates do not have any features, and most don't have any default features.
- name: Build ${{ matrix.crate }} crate with no default features
run: |
cargo build --package ${{ matrix.crate }} --no-default-features
- name: Build ${{ matrix.crate }} crate normally
run: |
cargo build --package ${{ matrix.crate }}
- name: Build ${{ matrix.crate }} crate with all features
run: |
cargo build --package ${{ matrix.crate }} --all-features
failure-issue:
name: Open or update issues for building crates individually failures
# When a new job is added to this workflow, add it to this list.
needs: [ matrix, build ]
# Only open tickets for failed or cancelled jobs that are not coming from PRs.
# (PR statuses are already reported in the PR jobs list, and checked by Mergify.)
if: (failure() && github.event.pull_request == null) || (cancelled() && github.event.pull_request == null)
runs-on: ubuntu-latest
steps:
- uses: jayqi/failed-build-issue-action@v1
with:
title-template: "{{refname}} branch CI failed: {{eventName}} in {{workflow}}"
# New failures open an issue with this label.
label-name: S-ci-fail-build-crates-auto-issue
# If there is already an open issue with this label, any failures become comments on that issue.
always-create-new-issue: false
github-token: ${{ secrets.GITHUB_TOKEN }}