-
Notifications
You must be signed in to change notification settings - Fork 1
executable file
·144 lines (121 loc) · 3.92 KB
/
build.yml
File metadata and controls
executable file
·144 lines (121 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Build and Security
# This workflow performs builds across all supported platforms and runs security audits.
# Hardened with minimal permissions, concurrency controls, and security scanning.
on:
push:
branches: [ "main", "master" ]
paths-ignore:
- '**.md'
- 'docs/**'
pull_request:
branches: [ "main", "master" ]
workflow_dispatch:
# Minimal permissions for the workflow
permissions:
contents: read
# Cancel in-progress runs for the same PR/branch
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
CARGO_TERM_COLOR: always
PROTOC_VERSION: 25.1
jobs:
security-audit:
name: Security Audit & Lint
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4.2.2
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: clippy, rustfmt
- name: Rust Cache
uses: Swatinem/rust-cache@v2.7.5
- name: Check Formatting
run: cargo fmt --all -- --check
- name: Clippy Lint
run: cargo clippy --all-targets --all-features -- -D warnings
- name: Dependency Security Audit
uses: rustsec/audit-check@v2.0.0
with:
token: ${{ secrets.GITHUB_TOKEN }}
build:
name: Build (${{ matrix.target }})
needs: security-audit
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
include:
# Linux Targets
- os: ubuntu-latest
target: x86_64-unknown-linux-gnu
- os: ubuntu-latest
target: x86_64-unknown-linux-musl
- os: ubuntu-latest
target: i686-unknown-linux-gnu
- os: ubuntu-latest
target: i686-unknown-linux-musl
# macOS Targets
- os: macos-latest
target: x86_64-apple-darwin
- os: macos-latest
target: aarch64-apple-darwin
# Windows Targets
- os: windows-latest
target: x86_64-pc-windows-msvc
- os: windows-latest
target: i686-pc-windows-msvc
# Android Targets
- os: ubuntu-latest
target: aarch64-linux-android
- os: ubuntu-latest
target: armv7-linux-androideabi
# iOS Targets
- os: macos-latest
target: aarch64-apple-ios
steps:
- name: Checkout repository
uses: actions/checkout@v4.2.2
- name: Setup Protoc
uses: arduino/setup-protoc@v3.0.0
with:
version: ${{ env.PROTOC_VERSION }}
repo-token: ${{ secrets.GITHUB_TOKEN }}
- name: Install Rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
targets: ${{ matrix.target }}
- name: Install Build Dependencies (Linux)
if: runner.os == 'Linux'
run: |
sudo apt-get update
sudo apt-get install -y libssl-dev pkg-config
if [[ "${{ matrix.target }}" == *"musl"* ]]; then
sudo apt-get install -y musl-tools
fi
if [[ "${{ matrix.target }}" == "i686-unknown-linux-gnu" ]]; then
sudo apt-get install -y gcc-multilib g++-multilib
fi
- name: Setup Android NDK
if: contains(matrix.target, 'android')
uses: nttld/setup-ndk@v1.5.0
id: setup-ndk
with:
ndk-version: r26b
- name: Rust Cache
uses: Swatinem/rust-cache@v2.7.5
with:
key: ${{ matrix.target }}
- name: Build Standard
if: "!contains(matrix.target, 'android')"
run: cargo check --target ${{ matrix.target }}
- name: Build Android
if: contains(matrix.target, 'android')
env:
ANDROID_NDK_HOME: ${{ steps.setup-ndk.outputs.ndk-path }}
run: |
cargo install cargo-ndk --locked
cargo ndk -t ${{ matrix.target }} check