CVPN-1445 Add ML-KEM group #646
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
branches: [main] | |
pull_request: null # target every PR | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref_name != 'main' }} | |
jobs: | |
ci: | |
needs: [earthly, coverage] | |
runs-on: ubuntu-latest | |
if: always() | |
steps: | |
- shell: bash | |
run: | | |
[[ $(echo '${{ toJSON(needs) }}' | jq 'map(select(.result != "success")) | length == 0') == 'true' ]] || exit 1 | |
earthly: | |
strategy: | |
fail-fast: false | |
matrix: | |
target: [run-tests, build-release, fmt, lint, check-dependencies] | |
runs-on: ubuntu-latest | |
env: | |
EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" | |
FORCE_COLOR: 1 | |
steps: | |
- uses: earthly/actions-setup@v1 | |
with: | |
version: v0.8.3 | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Run +${{ matrix.target }} on Earthly satellite | |
run: earthly --ci --org expressvpn --satellite wolfssl-rs +${{ matrix.target }} | |
coverage: | |
runs-on: ubuntu-latest | |
env: | |
EARTHLY_TOKEN: "${{ secrets.EARTHLY_TOKEN }}" | |
FORCE_COLOR: 1 | |
steps: | |
- uses: earthly/actions-setup@v1 | |
with: | |
version: v0.8.3 | |
github-token: ${{ secrets.GITHUB_TOKEN }} | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Run +run-coverage on Earthly satellite | |
id: coverage | |
run: | | |
earthly --ci --org expressvpn --satellite wolfssl-rs --artifact +run-coverage/* output/ | |
cat output/summary.txt | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "summary<<$EOF" >> "$GITHUB_OUTPUT" | |
cat output/summary.txt >> "$GITHUB_OUTPUT" | |
echo "" >> "$GITHUB_OUTPUT" | |
echo "$EOF" >> "$GITHUB_OUTPUT" | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: coverage | |
path: output/html | |
if-no-files-found: error | |
- name: Check coverage | |
id: coverage-check | |
run: | | |
REGIONS_SOFT_THRESHOLD=50 | |
REGIONS_HARD_THRESHOLD=40 | |
LINES_SOFT_THRESHOLD=65 | |
LINES_HARD_THRESHOLD=60 | |
regions_coverage=$(jq '.data[].totals.regions.percent | floor' output/coverage.json) | |
lines_coverage=$(jq '.data[].totals.lines.percent | floor' output/coverage.json) | |
echo "Regions: $regions_coverage% (soft: $REGIONS_SOFT_THRESHOLD%, hard: $REGIONS_HARD_THRESHOLD%)" | |
echo "Lines: $lines_coverage% (soft: $LINES_SOFT_THRESHOLD%, hard: $LINES_HARD_THRESHOLD%)" | |
FAILED=false | |
EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64) | |
echo "text<<$EOF" >> "$GITHUB_OUTPUT" | |
if [[ $regions_coverage -lt $REGIONS_HARD_THRESHOLD ]] ; then | |
echo ":x: Region coverage $regions_coverage% below hard threshold $REGIONS_HARD_THRESHOLD%" >> "$GITHUB_OUTPUT" | |
FAILED=true | |
elif [[ $regions_coverage -lt $REGIONS_SOFT_THRESHOLD ]] ; then | |
echo ":warning: Region coverage $regions_coverage% below soft threshold $REGIONS_SOFT_THRESHOLD%" >> "$GITHUB_OUTPUT" | |
else | |
echo ":white_check_mark: Region coverage $regions_coverage% passes" >> "$GITHUB_OUTPUT" | |
fi | |
if [[ $lines_coverage -lt $LINES_HARD_THRESHOLD ]] ; then | |
echo ":x: Line coverage $lines_coverage% below hard threshold $LINES_HARD_THRESHOLD%" >> "$GITHUB_OUTPUT" | |
FAILED=true | |
elif [[ $lines_coverage -lt $LINES_SOFT_THRESHOLD ]] ; then | |
echo ":warning: Line coverage $lines_coverage% below soft threshold $LINES_SOFT_THRESHOLD%" >> "$GITHUB_OUTPUT" | |
else | |
echo ":white_check_mark: Line coverage $lines_coverage% passes" >> "$GITHUB_OUTPUT" | |
fi | |
echo "$EOF" >> "$GITHUB_OUTPUT" | |
echo "Setting output: failed: $FAILED" | |
echo "failed=$FAILED" >> "$GITHUB_OUTPUT" | |
- uses: jwalton/gh-find-current-pr@v1 | |
id: find-pr | |
with: | |
state: open | |
- name: Find Coverage Comment | |
if: steps.find-pr.outputs.number | |
uses: peter-evans/find-comment@v3 | |
id: coverage-comment | |
with: | |
issue-number: ${{ steps.find-pr.outputs.number }} | |
comment-author: 'github-actions[bot]' | |
body-includes: 'Code coverage summary' | |
- name: Create or update comment | |
if: steps.find-pr.outputs.number | |
uses: peter-evans/create-or-update-comment@v4 | |
with: | |
comment-id: ${{ steps.coverage-comment.outputs.comment-id }} | |
issue-number: ${{ steps.find-pr.outputs.number }} | |
body: | | |
[Code coverage summary](${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}) for ${{ github.sha }}: | |
``` | |
${{ steps.coverage.outputs.summary }} | |
``` | |
${{ steps.coverage-check.outputs.text }} | |
edit-mode: replace | |
- name: Coverage check fails | |
if: steps.coverage-check.outputs.failed == 'true' | |
run: exit 1 |