Skip to content

ci: Use JA4+ to compare NSS fingerprints #4579

ci: Use JA4+ to compare NSS fingerprints

ci: Use JA4+ to compare NSS fingerprints #4579

Workflow file for this run

name: CI
on:
push:
branches: ["main"]
paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"]
pull_request:
branches: ["main"]
paths-ignore: ["*.md", "*.png", "*.svg", "LICENSE-*"]
merge_group:
workflow_dispatch:
inputs:
run_benchmarks:
description: 'Run benchmarks'
type: boolean
required: false
default: false
env:
CARGO_TERM_COLOR: always
RUST_BACKTRACE: 1
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
permissions:
contents: read
defaults:
run:
shell: bash
jobs:
toolchains:
runs-on: ubuntu-latest
outputs:
toolchains: ${{ steps.toolchains.outputs.toolchains }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: Cargo.toml
- id: toolchains
run: |
msrv="$(grep rust-version Cargo.toml | tr -d '"' | cut -f3 -d\ )"
echo "toolchains=[\"$msrv\", \"stable\", \"nightly\"]" >> "$GITHUB_OUTPUT"
check:
needs: toolchains
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
rust-toolchain: ${{ fromJSON(needs.toolchains.outputs.toolchains) }}
type: [debug]
include:
- os: ubuntu-latest
rust-toolchain: stable
type: release
env:
BUILD_TYPE: ${{ matrix.type == 'release' && '--release' || '' }}
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/rust
with:
version: ${{ matrix.rust-toolchain }}
components: ${{ matrix.rust-toolchain == 'stable' && 'llvm-tools-preview' || '' }}
tools: ${{ matrix.rust-toolchain == 'stable' && 'cargo-llvm-cov, ' || '' }} cargo-nextest
token: ${{ secrets.GITHUB_TOKEN }}
- id: nss-version
run: echo "minimum=$(cat neqo-crypto/min_version.txt)" >> "$GITHUB_OUTPUT"
- uses: ./.github/actions/nss
with:
minimum-version: ${{ steps.nss-version.outputs.minimum }}
- name: Check
run: |
# shellcheck disable=SC2086
cargo +${{ matrix.rust-toolchain }} check $BUILD_TYPE --all-targets --features ci
- name: Run tests and determine coverage
env:
RUST_LOG: trace
run: |
DUMP_SIMULATION_SEEDS="$(pwd)/simulation-seeds"
export DUMP_SIMULATION_SEEDS
# shellcheck disable=SC2086
if [ "${{ matrix.rust-toolchain }}" == "stable" ]; then
cargo +${{ matrix.rust-toolchain }} llvm-cov nextest $BUILD_TYPE --features ci --profile ci --lcov --output-path lcov.info
else
cargo +${{ matrix.rust-toolchain }} nextest run $BUILD_TYPE --features ci --profile ci
fi
- name: Run client/server transfer
run: |
# shellcheck disable=SC2086
cargo +${{ matrix.rust-toolchain }} build $BUILD_TYPE --bin neqo-client --bin neqo-server
"target/$BUILD_DIR/neqo-server" "$HOST:4433" &
PID=$!
# Give the server time to start.
sleep 1
"target/$BUILD_DIR/neqo-client" --output-dir . "https://$HOST:4433/$SIZE"
kill $PID
[ "$(wc -c <"$SIZE")" -eq "$SIZE" ] || exit 1
env:
HOST: localhost
SIZE: 54321
RUST_LOG: warn
BUILD_DIR: ${{ matrix.type == 'release' && 'release' || 'debug' }}
- uses: codecov/codecov-action@b9fd7d16f6d7d1b5d2bec1a2887e65ceed900238 # v4.6.0
with:
file: lcov.info
fail_ci_if_error: false
token: ${{ secrets.CODECOV_TOKEN }}
verbose: true
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
if: matrix.type == 'debug' && matrix.rust-toolchain == 'stable'
- name: Save simulation seeds artifact
if: always()
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: simulation-seeds-${{ matrix.os }}-${{ matrix.rust-toolchain }}-${{ matrix.type }}
path: simulation-seeds
compression-level: 9
bench:
needs: [check]
if: >
(github.event_name == 'workflow_dispatch' && github.event.inputs.run_benchmarks) ||
(github.event_name == 'pull_request' && !github.event.pull_request.draft) ||
(github.event_name != 'workflow_dispatch' && github.event_name != 'pull_request')
uses: ./.github/workflows/bench.yml