Skip to content
rustls

Add feature flag for enabling FIPS. #437

Sign in to view logs

Add feature flag for enabling FIPS.

Add feature flag for enabling FIPS. #437

Workflow file for this run

.github/workflows/build.yml at 28ff304
name: rustls
permissions:
contents: read
on:
push:
pull_request:
merge_group:
schedule:
- cron: '23 6 * * 5'
jobs:
collect-features:
name: Collect package features
runs-on: ubuntu-latest
outputs:
NON_FIPS_FEATURES: ${{ steps.collect-non-fips-features.outputs.non-fips-features }}
DEFAULTS_WITH_RING_FEATURES: ${{ steps.collect-non-fips-features.outputs.defaults-with-ring-features }}
steps:
- id: collect-non-fips-features
run: |
yq --no-colors -oy '.features | keys | . - ["default", "fips"] | join(",") | "non-fips-features=" + @sh' Cargo.toml >> "$GITHUB_OUTPUT"
yq --no-colors -oy '.features["default"] - ["aws-lc-rs"] + ["ring"] | join(",") | "defaults-with-ring-features=" + @sh' Cargo.toml >> "$GITHUB_OUTPUT"
build:
name: Build+test
needs: collect-features
runs-on: ${{ matrix.os }}
strategy:
fail-fast: false
matrix:
# test a bunch of toolchains on ubuntu
rust:
- stable
- beta
- nightly
os: [ubuntu-20.04]
# but only stable on macos/windows (slower platforms)
include:
- os: macos-latest
rust: stable
- os: windows-latest
rust: stable
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install ${{ matrix.rust }} toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: ${{ matrix.rust }}
- name: Install NASM for aws-lc-rs on Windows
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@v1
- name: Install ninja-build tool for aws-lc-fips-sys on Windows
if: runner.os == 'Windows'
uses: seanmiddleditch/gha-setup-ninja@v4
- name: cargo check (default features)
run: cargo check --all-targets
- name: cargo test (debug; default features)
run: cargo test
env:
RUST_BACKTRACE: 1
- name: cargo test (debug; native-tokio only)
run: cargo test --no-default-features --features native-tokio
env:
RUST_BACKTRACE: 1
- name: cargo test (debug; webpki-tokio only)
run: cargo test --no-default-features --features webpki-tokio
env:
RUST_BACKTRACE: 1
- name: cargo test (debug; defaults+ring)
run: cargo test --no-default-features --features $DEFAULTS_WITH_RING_FEATURES
env:
RUST_BACKTRACE: 1
DEFAULTS_WITH_RING_FEATURES: ${{ needs.collect-features.outputs.DEFAULTS_WITH_RING_FEATURES }}
- name: cargo test (debug; all features)
if: runner.os == 'Linux'
run: cargo test --all-features
env:
RUST_BACKTRACE: 1
- name: cargo test (debug; all features, excluding FIPS)
if: runner.os != 'Linux'
run: cargo test --features $NON_FIPS_FEATURES
env:
RUST_BACKTRACE: 1
NON_FIPS_FEATURES: ${{ needs.collect-features.outputs.NON_FIPS_FEATURES }}
- name: cargo build (debug; no default features)
run: cargo build --no-default-features
- name: cargo test (debug; no default features; no run)
run: cargo test --no-default-features --no-run
- name: cargo test (release; no run)
run: cargo test --release --no-run
msrv:
runs-on: ubuntu-20.04
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@master
with:
toolchain: "1.64"
- name: Check MSRV
run: cargo check --lib --all-features
semver:
name: Check semver compatibility
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Check semver
uses: obi1kenobi/cargo-semver-checks-action@v2
docs:
name: Check for documentation errors
runs-on: ubuntu-20.04
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@nightly
- name: cargo doc (all features)
run: cargo doc --all-features --no-deps
env:
RUSTDOCFLAGS: -Dwarnings
format:
name: Format
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: rustfmt
- name: Check formatting
run: cargo fmt --all -- --check
clippy:
name: Clippy
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
with:
components: clippy
- run: cargo clippy --all-features -- --deny warnings
features:
runs-on: ubuntu-latest
steps:
- name: Checkout sources
uses: actions/checkout@v4
with:
persist-credentials: false
- name: Install rust toolchain
uses: dtolnay/rust-toolchain@stable
- name: Install cargo-hack
uses: taiki-e/install-action@cargo-hack
- name: Check feature powerset
run: cargo hack --no-dev-deps check --feature-powerset --depth 2