Simplification of lading-preflight skill (#1753) #6649
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous integration | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| actions: read | |
| contents: read | |
| id-token: write # Required for OIDC authentication with AWS | |
| jobs: | |
| shellcheck: | |
| name: Shellcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - run: ci/shellcheck | |
| rust_actions: | |
| name: Rust Actions (Check/Fmt/Clippy) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| tool: [check, fmt, clippy] | |
| include: | |
| - tool: check | |
| protobuf: true | |
| fuse: true | |
| components: "" | |
| command: ci/check | |
| - tool: fmt | |
| protobuf: true | |
| fuse: true | |
| components: "rustfmt" | |
| command: ci/fmt | |
| - tool: clippy | |
| protobuf: true | |
| fuse: true | |
| components: "clippy" | |
| command: ci/clippy | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| with: | |
| components: ${{matrix.components}} | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| if: matrix.protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| if: matrix.fuse | |
| uses: ./.github/actions/install-fuse | |
| - name: Run ${{ matrix.tool }} | |
| run: ${{ matrix.command }} | |
| cargo-deny: # only runs on Linux | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - run: ci/deny | |
| test: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| # Proptest configuration for thorough CI testing | |
| PROPTEST_CASES: "512" | |
| PROPTEST_MAX_SHRINK_ITERS: "10000" | |
| PROPTEST_MAX_SHRINK_TIME: "60000" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Install nextest | |
| uses: taiki-e/install-action@650c5ca14212efbbf3e580844b04bdccf68dac31 # v2.67.18 | |
| with: | |
| tool: nextest@0.9 | |
| - run: ci/test | |
| benchmark-check: | |
| name: Check Benchmarks Compile | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Check benchmarks compile | |
| run: ci/bench-check | |
| timeout-minutes: 15 | |
| integration-test: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - run: ci/integration-test | |
| timeout-minutes: 30 | |
| kani: | |
| name: Kani Proofs | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| crate: [lading_throttle, lading_payload] | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Install kani | |
| run: cargo install kani-verifier | |
| - run: ci/kani ${{ matrix.crate }} | |
| timeout-minutes: 30 | |
| loom: | |
| name: Loom Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| crate: [lading-signal] | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - run: ci/loom ${{ matrix.crate }} | |
| timeout-minutes: 30 | |
| fuzz-check: | |
| name: Check Fuzz Targets | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| with: | |
| toolchain: nightly | |
| components: rust-src | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Install cargo-fuzz | |
| run: cargo install cargo-fuzz | |
| - run: ci/fuzz --check lading_payload | |
| timeout-minutes: 10 | |
| fingerprint: | |
| name: Payload Fingerprint Verification | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Build payloadtool | |
| run: cargo build --release --bin payloadtool | |
| - run: ci/fingerprint | |
| timeout-minutes: 10 | |
| buf: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Check our protobufs for lint cleanliness and for lack of breaking | |
| # changes | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.10 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: buf-setup | |
| uses: bufbuild/buf-setup-action@a47c93e0b1648d5651a065437926377d060baa99 # v1.50.0 | |
| - run: ci/buf | |
| actionlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: set actionlint version & checksum | |
| id: version | |
| run: | | |
| export ACTIONLINT="1.7.3" | |
| export ACTIONLINT_CHECKSUM="37252b4d440b56374b0fc1726e05fd7452d30d6d774f6e9b52e65bb64475f9db" | |
| echo "actionlint version: ${ACTIONLINT}" | |
| echo "actionlint checksum: ${ACTIONLINT_CHECKSUM}" | |
| echo "ACTIONLINT=${ACTIONLINT}" >> $GITHUB_OUTPUT | |
| echo "ACTIONLINT_CHECKSUM=${ACTIONLINT_CHECKSUM}" >> $GITHUB_OUTPUT | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Download actionlint | |
| shell: bash | |
| run: | | |
| wget https://github.com/rhysd/actionlint/releases/download/v${{ steps.version.outputs.ACTIONLINT }}/actionlint_${{ steps.version.outputs.ACTIONLINT }}_linux_amd64.tar.gz | |
| echo "${{ steps.version.outputs.ACTIONLINT_CHECKSUM }} actionlint_${{ steps.version.outputs.ACTIONLINT }}_linux_amd64.tar.gz" >> CHECKSUMS | |
| sha256sum -c CHECKSUMS | |
| tar -xvf actionlint_${{ steps.version.outputs.ACTIONLINT }}_linux_amd64.tar.gz | |
| - name: Check workflow files | |
| shell: bash | |
| run: | | |
| ./actionlint -color \ | |
| -ignore 'Double quote to prevent globbing and word splitting' \ | |
| -ignore 'Consider using { cmd1; cmd2; } >> file instead of individual redirects' \ | |
| -ignore 'Declare and assign separately to avoid masking return values' | |
| action-sha-pin-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Check all GitHub Actions in ".github/workflows" are pinned to SHAs | |
| uses: stacklok/frizbee-action@c7009cdb455a69ae0dab0c37f296e0f545b4211c # v0.0.5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| actions: ".github/workflows" | |
| dockerfiles: "" | |
| fail_on_unpinned: true | |
| open_pr: false | |
| - name: Check all GitHub Actions in ".github/actions" are pinned to SHAs | |
| uses: stacklok/frizbee-action@c7009cdb455a69ae0dab0c37f296e0f545b4211c # v0.0.5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| actions: ".github/actions" | |
| dockerfiles: "" | |
| fail_on_unpinned: true | |
| open_pr: false | |
| cargo-machete: | |
| name: Check unused dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@1780873c7b576612439a134613cc4cc74ce5538c # v1.15.2 | |
| with: | |
| cache: false | |
| - uses: taiki-e/install-action@650c5ca14212efbbf3e580844b04bdccf68dac31 # v2.67.18 | |
| with: | |
| tool: cargo-machete@0.9.1 | |
| - run: cargo machete | |
| custom-lints: | |
| name: Custom Lints (ast-grep) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install ast-grep | |
| run: | | |
| wget https://github.com/ast-grep/ast-grep/releases/download/0.39.5/app-x86_64-unknown-linux-gnu.zip | |
| echo "9a1cab3e7916c98c6fe0079cc2c3b44d98832ba3bdb9db492d04a4e60e41fd0f app-x86_64-unknown-linux-gnu.zip" | sha256sum -c | |
| unzip app-x86_64-unknown-linux-gnu.zip | |
| mv sg /usr/local/bin/sg | |
| mv ast-grep /usr/local/bin/ast-grep | |
| chmod +x /usr/local/bin/sg | |
| chmod +x /usr/local/bin/ast-grep | |
| sg --version | |
| - name: Test custom lints | |
| run: ci/test_custom_lints | |
| - name: Run custom lints | |
| run: ci/custom_lints |