Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ci/Improve scheduled tasks #1028

Merged
merged 7 commits into from
Dec 12, 2023
Merged

Ci/Improve scheduled tasks #1028

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3cdce17
ci: Improve vulnerabilities and dependencies configs
Luni-4 Dec 1, 2023
0b648fd
ci: Change execution day for vulnerabilities
Luni-4 Dec 1, 2023
08cbcb1
ci: Clarify action
Luni-4 Dec 1, 2023
06f3a8f
ci: Move valgrind in a different file
Luni-4 Dec 1, 2023
c2c862f
ci: Remove valgrind and update
Luni-4 Dec 1, 2023
26bd3ca
ci: Add missing checkers
Luni-4 Dec 1, 2023
df22f69
Update
Luni-4 Dec 1, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 3 additions & 1 deletion .github/workflows/dependencies.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@ on:
- cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC)
push:
tags:
- 'v*.*.*'
- 'v*.*.*' # Run when a new version is being published

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
Expand All @@ -21,6 +21,8 @@ jobs:
uses: actions/checkout@v4

- name: Audit Rust dependencies
# If a vulnerability is found, a new issue will automatically be opened
# since this action runs on main branch
uses: actions-rust-lang/audit@v1

- name: Detect multiple versions of the same crate
Expand Down
35 changes: 35 additions & 0 deletions .github/workflows/valgrind.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
name: valgrind

on:
schedule:
- cron: '0 23 * * WED' # Run every Wednesday at 23:00 (UTC)

concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
valgrind:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Install llvmpipe and lavapipe
run: |
sudo apt-get update -y -qq
sudo add-apt-repository ppa:kisak/kisak-mesa -y
sudo apt-get update
sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers

- name: Install valgrind
run: |
sudo apt-get install valgrind

- name: Run cargo-valgrind
env:
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: "valgrind -s --leak-check=full --show-leak-kinds=all --error-exitcode=1"
# Looking for vulnerabilities
run: |
cargo test
88 changes: 60 additions & 28 deletions .github/workflows/vulnerabilities.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,38 +2,16 @@ name: vulnerabilities

on:
schedule:
- cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC)
- cron: '0 21 * * WED' # Run every Wednesday at 21:00 (UTC)
push:
tags:
- 'v*.*.*'
- 'v*.*.*' # Run when a new version is being published

jobs:

valgrind:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Install llvmpipe and lavapipe
run: |
sudo apt-get update -y -qq
sudo add-apt-repository ppa:kisak/kisak-mesa -y
sudo apt-get update
sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers

- name: Install valgrind
run: |
sudo apt-get install valgrind

- name: Run cargo-valgrind
env:
CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: "valgrind -s --leak-check=full --show-leak-kinds=all --error-exitcode=1"
# Looking for vulnerabilities
run: |
cargo test
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true

jobs:
cargo-careful:

runs-on: ubuntu-latest
Expand Down Expand Up @@ -120,3 +98,57 @@ jobs:
RUSTDOCFLAGS: -Zsanitizer=thread
# Looking for data race among threads
run: cargo test -Zbuild-std --target x86_64-unknown-linux-gnu -- --nocapture

memory-sanitizer:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Install Rust nightly
uses: dtolnay/rust-toolchain@nightly
with:
toolchain: nightly
components: rustfmt, rust-src

- name: Install llvmpipe and lavapipe
run: |
sudo apt-get update -y -qq
sudo add-apt-repository ppa:kisak/kisak-mesa -y
sudo apt-get update
sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers

- name: Run MemorySanitizer
env:
RUSTFLAGS: -Zsanitizer=memory -Zsanitizer-memory-track-origins -Copt-level=3
RUSTDOCFLAGS: -Zsanitizer=memory -Zsanitizer-memory-track-origins
# Looking for unitialized memory.
run: cargo test -Zbuild-std --target x86_64-unknown-linux-gnu -- --nocapture

safe-stack:

runs-on: ubuntu-latest

steps:
- uses: actions/checkout@v4

- name: Install Rust nightly
uses: dtolnay/rust-toolchain@nightly
with:
toolchain: nightly
components: rustfmt, rust-src

- name: Install llvmpipe and lavapipe
run: |
sudo apt-get update -y -qq
sudo add-apt-repository ppa:kisak/kisak-mesa -y
sudo apt-get update
sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers
Comment on lines +144 to +147
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is repeating itself a bit everywhere, is there a way to abstract that with an action template?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#1061


- name: Run SafeStack
env:
RUSTFLAGS: -Zsanitizer=safestack -Copt-level=3
RUSTDOCFLAGS: -Zsanitizer=safestack
# Provides backward edge control flow protection
run: cargo test -Zbuild-std --target x86_64-unknown-linux-gnu -- --nocapture