chore: ci optimizing-v2. #40
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: T-800 - CI | |
| 'on': | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| permissions: | |
| contents: read | |
| jobs: | |
| security: | |
| name: T-800 - Security audit | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Install stable toolchain | |
| run: rustup toolchain install stable | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Audit dependencies | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| cargo +stable install cargo-audit --locked | |
| cargo +stable audit | |
| msrv: | |
| name: T-800 - MSRV (Rust 1.81.0) | |
| runs-on: ubuntu-latest | |
| needs: security | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain (MSRV) | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Tests (MSRV) | |
| run: cargo test --all --locked | |
| build_test: | |
| name: T-800 - Test + Build (debug) | |
| runs-on: ubuntu-latest | |
| needs: [security, msrv] | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| components: rustfmt, clippy | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| JOBS="$(getconf _NPROCESSORS_ONLN 2>/dev/null || true)" | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(nproc 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(sysctl -n hw.ncpu 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS=2 | |
| fi | |
| echo "CARGO_BUILD_JOBS=${JOBS}" >> "$GITHUB_ENV" | |
| - name: Tests | |
| run: cargo test --all --locked | |
| - name: Build (debug) | |
| run: cargo build --profile dev --locked --jobs "${CARGO_BUILD_JOBS}" | |
| macos_build: | |
| name: T-800 - Build (macos native) | |
| runs-on: ${{ matrix.os }} | |
| needs: build_test | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - os: macos-15-intel | |
| target: x86_64-apple-darwin | |
| profile: pro-macos-intel-native | |
| - os: macos-latest | |
| target: aarch64-apple-darwin | |
| profile: pro-macos-aarch64-native | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| JOBS="$(getconf _NPROCESSORS_ONLN 2>/dev/null || true)" | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(nproc 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(sysctl -n hw.ncpu 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS=2 | |
| fi | |
| echo "CARGO_BUILD_JOBS=${JOBS}" >> "$GITHUB_ENV" | |
| - name: Add Rust target | |
| run: rustup target add ${{ matrix.target }} | |
| - name: Build | |
| env: | |
| RUSTFLAGS: "-C target-cpu=native" | |
| run: cargo build --profile ${{ matrix.profile }} --locked --target ${{ matrix.target }} --jobs "${CARGO_BUILD_JOBS}" | |
| android_build: | |
| name: T-800 - Build (android-aarch64) | |
| runs-on: ubuntu-latest | |
| needs: build_test | |
| if: github.event_name == 'push' | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| JOBS="$(getconf _NPROCESSORS_ONLN 2>/dev/null || true)" | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(nproc 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(sysctl -n hw.ncpu 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS=2 | |
| fi | |
| echo "CARGO_BUILD_JOBS=${JOBS}" >> "$GITHUB_ENV" | |
| - name: Setup Java | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: "17" | |
| - name: Setup Android NDK | |
| id: ndk | |
| uses: nttld/[email protected] | |
| with: | |
| ndk-version: r26d | |
| - name: Add Rust target | |
| run: rustup target add aarch64-linux-android | |
| - name: Build (android-aarch64) | |
| shell: bash | |
| env: | |
| ANDROID_NDK_HOME: ${{ steps.ndk.outputs.ndk-path }} | |
| run: | | |
| set -euo pipefail | |
| TARGET="aarch64-linux-android" | |
| TOOLCHAIN="${ANDROID_NDK_HOME}/toolchains/llvm/prebuilt/linux-x86_64" | |
| export CC_aarch64_linux_android="${TOOLCHAIN}/bin/aarch64-linux-android21-clang" | |
| export CARGO_TARGET_AARCH64_LINUX_ANDROID_LINKER="${CC_aarch64_linux_android}" | |
| cargo build --profile pro-android-aarch64 --locked --target "${TARGET}" --jobs "${CARGO_BUILD_JOBS}" | |
| linux_aarch64_build: | |
| name: T-800 - Build (linux aarch64) | |
| runs-on: ubuntu-latest | |
| needs: build_test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| JOBS="$(getconf _NPROCESSORS_ONLN 2>/dev/null || true)" | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(nproc 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(sysctl -n hw.ncpu 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS=2 | |
| fi | |
| echo "CARGO_BUILD_JOBS=${JOBS}" >> "$GITHUB_ENV" | |
| - name: Install Linux aarch64 linker | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-aarch64-linux-gnu | |
| - name: Add Rust target | |
| run: rustup target add aarch64-unknown-linux-gnu | |
| - name: Build | |
| env: | |
| CARGO_TARGET_AARCH64_UNKNOWN_LINUX_GNU_LINKER: aarch64-linux-gnu-gcc | |
| run: cargo build --profile pro --locked --target aarch64-unknown-linux-gnu --jobs "${CARGO_BUILD_JOBS}" | |
| windows_aarch64_build: | |
| name: T-800 - Build (windows aarch64) | |
| runs-on: windows-latest | |
| needs: windows_build | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: pwsh | |
| run: | | |
| $ErrorActionPreference = 'Stop' | |
| $jobs = $env:NUMBER_OF_PROCESSORS | |
| if (-not $jobs) { $jobs = 2 } | |
| "CARGO_BUILD_JOBS=$jobs" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8 | |
| - name: Add Rust target | |
| run: rustup target add aarch64-pc-windows-msvc | |
| - name: Setup MSVC dev cmd | |
| uses: ilammy/msvc-dev-cmd@v1 | |
| with: | |
| arch: amd64_arm64 | |
| - name: Build | |
| shell: pwsh | |
| run: cargo build --profile pro --locked --target aarch64-pc-windows-msvc --jobs "$env:CARGO_BUILD_JOBS" | |
| linux_cpu_variants: | |
| name: T-800 - Build (linux x86_64 variants) | |
| runs-on: ubuntu-latest | |
| needs: build_test | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - profile: pro-linux-v1 | |
| rustflags: "-C target-cpu=x86-64" | |
| - profile: pro-linux-v2 | |
| rustflags: "-C target-cpu=x86-64-v2" | |
| - profile: pro-linux-v3 | |
| rustflags: "-C target-cpu=x86-64-v3" | |
| - profile: pro-linux-v4 | |
| rustflags: "-C target-cpu=x86-64-v4" | |
| - profile: pro-linux-native | |
| rustflags: "-C target-cpu=native" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| JOBS="$(getconf _NPROCESSORS_ONLN 2>/dev/null || true)" | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(nproc 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS="$(sysctl -n hw.ncpu 2>/dev/null || true)" | |
| fi | |
| if [[ -z "${JOBS}" ]]; then | |
| JOBS=2 | |
| fi | |
| echo "CARGO_BUILD_JOBS=${JOBS}" >> "$GITHUB_ENV" | |
| - name: Build | |
| env: | |
| RUSTFLAGS: ${{ matrix.rustflags }} | |
| run: cargo build --profile ${{ matrix.profile }} --locked --target x86_64-unknown-linux-gnu --jobs "${CARGO_BUILD_JOBS}" | |
| windows_cpu_variants: | |
| name: T-800 - Build (windows x86_64 variants) | |
| runs-on: windows-latest | |
| needs: windows_build | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| include: | |
| - profile: pro-win-v1 | |
| rustflags: "-C target-cpu=x86-64" | |
| - profile: pro-win-v2 | |
| rustflags: "-C target-cpu=x86-64-v2" | |
| - profile: pro-win-v3 | |
| rustflags: "-C target-cpu=x86-64-v3" | |
| - profile: pro-win-v4 | |
| rustflags: "-C target-cpu=x86-64-v4" | |
| - profile: pro-win-native | |
| rustflags: "-C target-cpu=native" | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: pwsh | |
| run: | | |
| $ErrorActionPreference = 'Stop' | |
| $jobs = $env:NUMBER_OF_PROCESSORS | |
| if (-not $jobs) { $jobs = 2 } | |
| "CARGO_BUILD_JOBS=$jobs" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8 | |
| - name: Setup MSVC dev cmd | |
| uses: ilammy/msvc-dev-cmd@v1 | |
| with: | |
| arch: x64 | |
| - name: Build | |
| env: | |
| RUSTFLAGS: ${{ matrix.rustflags }} | |
| shell: pwsh | |
| run: cargo build --profile ${{ matrix.profile }} --locked --target x86_64-pc-windows-msvc --jobs "$env:CARGO_BUILD_JOBS" | |
| windows_build: | |
| name: T-800 - Build (windows) | |
| runs-on: windows-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Set cargo build jobs | |
| shell: pwsh | |
| run: | | |
| $ErrorActionPreference = 'Stop' | |
| $jobs = $env:NUMBER_OF_PROCESSORS | |
| if (-not $jobs) { $jobs = 2 } | |
| "CARGO_BUILD_JOBS=$jobs" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8 | |
| - name: Build (debug) | |
| shell: pwsh | |
| run: cargo build --profile dev --locked --jobs "$env:CARGO_BUILD_JOBS" | |
| fmt_clippy: | |
| name: T-800 - Format + Clippy | |
| runs-on: ubuntu-latest | |
| needs: build_test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| components: rustfmt, clippy | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Format check | |
| run: cargo fmt --all -- --check | |
| - name: Clippy | |
| run: cargo clippy --locked --all-targets --all-features -- -D warnings | |
| deny: | |
| name: T-800 - Dependency policy (cargo-deny) | |
| runs-on: ubuntu-latest | |
| needs: build_test | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Install Rust toolchain | |
| uses: dtolnay/rust-toolchain@stable | |
| with: | |
| toolchain: 1.81.0 | |
| - name: Install stable toolchain | |
| run: rustup toolchain install stable | |
| - name: Setup cache | |
| uses: Swatinem/[email protected] | |
| with: | |
| cache-on-failure: true | |
| - name: Install cargo-deny | |
| run: cargo +stable install cargo-deny --locked | |
| - name: cargo deny | |
| run: cargo +stable deny check all | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true |