Update semgrep.yml #5389

Workflow file for this run

	on: [push, pull_request]

	name: Stable

	env:
	RUSTFLAGS: "-D warnings"
	RUSTTOOLCHAIN: "stable"

	jobs:
	quiche:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	tls-feature:
	- "" # default, boringssl-vendored
	- "boringssl-boring-crate"
	- "openssl"
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}
	components: clippy

	- name: Build OpenSSL
	if: ${{ matrix.tls-feature == 'openssl' }}
	run: \|
	git clone https://github.com/quictls/openssl
	cd openssl
	./Configure --prefix="$PWD/install"
	make -j"$(nproc)"
	make install -j"$(nproc)"
	echo "PKG_CONFIG_PATH=$PWD" >> "$GITHUB_ENV"
	echo "LD_LIBRARY_PATH=$PWD" >> "$GITHUB_ENV"

	- name: Run cargo test
	run: cargo test --verbose --all-targets --features=ffi,qlog,${{ matrix.tls-feature }}

	# Need to run doc tests separately.
	# (https://github.com/rust-lang/cargo/issues/6669)
	- name: Run cargo doc test
	run: cargo test --verbose --doc --features=ffi,qlog,${{ matrix.tls-feature }}

	- name: Run cargo package
	run: cargo package --verbose --workspace --exclude=quiche_apps --allow-dirty

	- name: Run cargo clippy
	run: cargo clippy --features=ffi,qlog,${{ matrix.tls-feature }} -- -D warnings

	- name: Run cargo clippy on examples
	run: cargo clippy --examples --features=ffi,qlog,${{ matrix.tls-feature }} -- -D warnings

	- name: Run cargo doc
	run: cargo doc --no-deps --all-features --document-private-items

	- name: Build C examples
	run: \|
	sudo apt-get install libev-dev uthash-dev
	make -C quiche/examples

	quiche_macos:
	strategy:
	matrix:
	target:
	- "macos-13" # Intel (x86_64)
	- "macos-latest" # Apple Silicon (M1)
	runs-on: ${{ matrix.target }}
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}

	- name: Run cargo test
	run: cargo test --verbose --all-targets --features ffi,qlog

	- name: Build C examples
	run: \|
	brew install libev uthash
	make -C quiche/examples

	quiche_ios:
	runs-on: macos-latest
	strategy:
	matrix:
	target: ["x86_64-apple-ios", "aarch64-apple-ios"]
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}
	targets: ${{ matrix.target }}

	- name: Remove cdylib from iOS build
	run: \|
	sed -i -e 's/, "cdylib"//g' quiche/Cargo.toml

	- name: Run cargo build
	run: cargo build --target=${{ matrix.target }} --verbose

	quiche_windows:
	runs-on: windows-2019
	strategy:
	matrix:
	target: ["x86_64-pc-windows-msvc", "i686-pc-windows-msvc", "x86_64-pc-windows-gnu", "i686-pc-windows-gnu"]
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}
	targets: ${{ matrix.target }}

	- name: Set default toolchain
	run: rustup default ${{ env.RUSTTOOLCHAIN }}-${{ matrix.target }}

	- name: Set up MinGW for 64 bit
	if: matrix.target == 'x86_64-pc-windows-gnu'
	uses: bwoodsend/setup-winlibs-action@v1.10
	with:
	tag: 12.2.0-16.0.0-10.0.0-msvcrt-r5

	- name: Set up MinGW for 32 bit
	if: matrix.target == 'i686-pc-windows-gnu'
	uses: bwoodsend/setup-winlibs-action@v1.10
	with:
	architecture: i686
	tag: 12.2.0-16.0.0-10.0.0-msvcrt-r5

	- name: Install dependencies
	uses: crazy-max/ghaction-chocolatey@v3
	with:
	args: install nasm

	- name: Run cargo build
	if: endsWith(matrix.target, '-gnu')
	run: cargo build --target=${{ matrix.target }} --verbose --all-targets --features=ffi,qlog

	- name: Run cargo test
	if: endsWith(matrix.target, '-msvc')
	run: cargo test --target=${{ matrix.target }} --verbose --all-targets --features=ffi,qlog

	quiche_multiarch:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	target: ["aarch64-unknown-linux-gnu","armv7-unknown-linux-gnueabihf","i686-unknown-linux-gnu"]
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}

	- name: Install cargo-binstall
	uses: cargo-bins/cargo-binstall@main

	- name: Install cross
	run: cargo-binstall -y cross

	- name: Run cargo test using cross
	run: cross test --target=${{ matrix.target }} --verbose --all-targets --features=ffi,qlog

	http3_test:
	runs-on: ubuntu-latest
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}
	components: clippy

	- name: Run cargo test
	run: cargo test --no-run --verbose --manifest-path=tools/http3_test/Cargo.toml

	- name: Run cargo clippy
	run: cargo clippy --manifest-path=tools/http3_test/Cargo.toml -- -D warnings

	nginx:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	version: ["1.16.1"]
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}

	- name: Install dependencies
	run: sudo apt-get install libpcre3-dev zlib1g-dev

	- name: Download NGINX sources
	run: curl -O https://nginx.org/download/nginx-${{ matrix.version }}.tar.gz

	- name: Extract NGINX sources
	run: tar xzf nginx-${{ matrix.version }}.tar.gz

	- name: Build NGINX
	run: \|
	cd nginx-${{ matrix.version }} &&
	patch -p01 < ../nginx/nginx-1.16.patch &&
	./configure \
	--with-http_ssl_module \
	--with-http_v2_module \
	--with-http_v3_module \
	--with-openssl="${{ github.workspace }}/quiche/deps/boringssl" \
	--with-quiche="${{ github.workspace }}" \
	--with-debug &&
	make -j`nproc` &&
	objs/nginx -V

	docker:
	runs-on: ubuntu-latest
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Build Docker images
	run: make docker-build

	android_ndk_lts:
	runs-on: ubuntu-latest
	env:
	API_LEVEL: "21"
	strategy:
	matrix:
	target: ["aarch64-linux-android","armv7-linux-androideabi","x86_64-linux-android","i686-linux-android"]
	include:
	- target: "aarch64-linux-android"
	arch: "arm64-v8a"
	- target: "armv7-linux-androideabi"
	arch: "armeabi-v7a"
	- target: "x86_64-linux-android"
	arch: "x86_64"
	- target: "i686-linux-android"
	arch: "x86"
	# Only run on "pull_request" event for external PRs. This is to avoid
	# duplicate builds for PRs created from internal branches.
	if: github.event_name == 'push' \|\| github.event.pull_request.head.repo.full_name != github.repository
	steps:
	- name: Checkout sources
	uses: actions/checkout@v4
	with:
	submodules: 'recursive'

	- name: Install stable toolchain for the target
	uses: dtolnay/rust-toolchain@master
	with:
	toolchain: ${{ env.RUSTTOOLCHAIN }}
	targets: ${{ matrix.target }}

	- name: Install cargo-ndk
	run: cargo install cargo-ndk

	- name: Run cargo ndk
	run: cargo ndk --manifest-path quiche/Cargo.toml -t ${{ matrix.arch }} -p ${{ env.API_LEVEL }} -- build --verbose --features ffi

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Update semgrep.yml #5389

Workflow file

Update semgrep.yml #5389

Jobs

Run details

Workflow file for this run