From 1a5f252ac6bdf9c1d3ff373fc377a5a0afdbfcf5 Mon Sep 17 00:00:00 2001 From: Luni-4 Date: Tue, 12 Dec 2023 15:42:33 +0100 Subject: [PATCH] Ci/Improve scheduled tasks (#1028) --- .github/workflows/dependencies.yml | 4 +- .github/workflows/valgrind.yml | 35 +++++++++++ .github/workflows/vulnerabilities.yml | 88 ++++++++++++++++++--------- 3 files changed, 98 insertions(+), 29 deletions(-) create mode 100644 .github/workflows/valgrind.yml diff --git a/.github/workflows/dependencies.yml b/.github/workflows/dependencies.yml index 07492aafcf..594f77d3de 100644 --- a/.github/workflows/dependencies.yml +++ b/.github/workflows/dependencies.yml @@ -5,7 +5,7 @@ on: - cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC) push: tags: - - 'v*.*.*' + - 'v*.*.*' # Run when a new version is being published concurrency: group: ${{ github.workflow }}-${{ github.ref }} @@ -21,6 +21,8 @@ jobs: uses: actions/checkout@v4 - name: Audit Rust dependencies + # If a vulnerability is found, a new issue will automatically be opened + # since this action runs on main branch uses: actions-rust-lang/audit@v1 - name: Detect multiple versions of the same crate diff --git a/.github/workflows/valgrind.yml b/.github/workflows/valgrind.yml new file mode 100644 index 0000000000..fa3caa39c5 --- /dev/null +++ b/.github/workflows/valgrind.yml @@ -0,0 +1,35 @@ +name: valgrind + +on: + schedule: + - cron: '0 23 * * WED' # Run every Wednesday at 23:00 (UTC) + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + valgrind: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install llvmpipe and lavapipe + run: | + sudo apt-get update -y -qq + sudo add-apt-repository ppa:kisak/kisak-mesa -y + sudo apt-get update + sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers + + - name: Install valgrind + run: | + sudo apt-get install valgrind + + - name: Run cargo-valgrind + env: + CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: "valgrind -s --leak-check=full --show-leak-kinds=all --error-exitcode=1" + # Looking for vulnerabilities + run: | + cargo test diff --git a/.github/workflows/vulnerabilities.yml b/.github/workflows/vulnerabilities.yml index 0b81a2bfce..1f41f70e47 100644 --- a/.github/workflows/vulnerabilities.yml +++ b/.github/workflows/vulnerabilities.yml @@ -2,38 +2,16 @@ name: vulnerabilities on: schedule: - - cron: '0 21 * * TUE' # Run every Tuesday at 21:00 (UTC) + - cron: '0 21 * * WED' # Run every Wednesday at 21:00 (UTC) push: tags: - - 'v*.*.*' + - 'v*.*.*' # Run when a new version is being published -jobs: - - valgrind: - - runs-on: ubuntu-latest - - steps: - - uses: actions/checkout@v4 - - - name: Install llvmpipe and lavapipe - run: | - sudo apt-get update -y -qq - sudo add-apt-repository ppa:kisak/kisak-mesa -y - sudo apt-get update - sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers - - - name: Install valgrind - run: | - sudo apt-get install valgrind - - - name: Run cargo-valgrind - env: - CARGO_TARGET_X86_64_UNKNOWN_LINUX_GNU_RUNNER: "valgrind -s --leak-check=full --show-leak-kinds=all --error-exitcode=1" - # Looking for vulnerabilities - run: | - cargo test +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true +jobs: cargo-careful: runs-on: ubuntu-latest @@ -120,3 +98,57 @@ jobs: RUSTDOCFLAGS: -Zsanitizer=thread # Looking for data race among threads run: cargo test -Zbuild-std --target x86_64-unknown-linux-gnu -- --nocapture + + memory-sanitizer: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust nightly + uses: dtolnay/rust-toolchain@nightly + with: + toolchain: nightly + components: rustfmt, rust-src + + - name: Install llvmpipe and lavapipe + run: | + sudo apt-get update -y -qq + sudo add-apt-repository ppa:kisak/kisak-mesa -y + sudo apt-get update + sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers + + - name: Run MemorySanitizer + env: + RUSTFLAGS: -Zsanitizer=memory -Zsanitizer-memory-track-origins -Copt-level=3 + RUSTDOCFLAGS: -Zsanitizer=memory -Zsanitizer-memory-track-origins + # Looking for unitialized memory. + run: cargo test -Zbuild-std --target x86_64-unknown-linux-gnu -- --nocapture + + safe-stack: + + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v4 + + - name: Install Rust nightly + uses: dtolnay/rust-toolchain@nightly + with: + toolchain: nightly + components: rustfmt, rust-src + + - name: Install llvmpipe and lavapipe + run: | + sudo apt-get update -y -qq + sudo add-apt-repository ppa:kisak/kisak-mesa -y + sudo apt-get update + sudo apt install -y libegl1-mesa libgl1-mesa-dri libxcb-xfixes0-dev mesa-vulkan-drivers + + - name: Run SafeStack + env: + RUSTFLAGS: -Zsanitizer=safestack -Copt-level=3 + RUSTDOCFLAGS: -Zsanitizer=safestack + # Provides backward edge control flow protection + run: cargo test -Zbuild-std --target x86_64-unknown-linux-gnu -- --nocapture