Lading in Python #7186
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous integration | |
| on: | |
| pull_request: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| actions: read | |
| contents: read | |
| id-token: write # Required for OIDC authentication with AWS | |
| env: | |
| MISE_VERSION: "2026.3.15" | |
| jobs: | |
| shellcheck: | |
| name: Shellcheck | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - run: ci/shellcheck | |
| rust_actions: | |
| name: Rust Actions (Check/Fmt/Clippy) | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| tool: [check, fmt, clippy] | |
| include: | |
| - tool: check | |
| protobuf: true | |
| fuse: true | |
| components: "" | |
| command: ci/check | |
| - tool: fmt | |
| protobuf: true | |
| fuse: true | |
| components: "rustfmt" | |
| command: ci/fmt | |
| - tool: clippy | |
| protobuf: true | |
| fuse: true | |
| components: "clippy" | |
| command: ci/clippy | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| with: | |
| components: ${{matrix.components}} | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| if: matrix.protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| if: matrix.fuse | |
| uses: ./.github/actions/install-fuse | |
| - name: Run ${{ matrix.tool }} | |
| run: ${{ matrix.command }} | |
| cargo-deny: # only runs on Linux | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| - name: Install cargo-deny | |
| uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 | |
| with: | |
| version: ${{ env.MISE_VERSION }} | |
| install_args: "aqua:EmbarkStudios/cargo-deny" | |
| - run: ci/deny | |
| test: | |
| name: Test Suite | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| # Proptest configuration for thorough CI testing | |
| PROPTEST_CASES: "512" | |
| PROPTEST_MAX_SHRINK_ITERS: "10000" | |
| PROPTEST_MAX_SHRINK_TIME: "60000" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Install nextest | |
| uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 | |
| with: | |
| version: ${{ env.MISE_VERSION }} | |
| install_args: "aqua:nextest-rs/nextest/cargo-nextest" | |
| - run: ci/test | |
| benchmark-check: | |
| name: Check Benchmarks Compile | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Check benchmarks compile | |
| run: ci/bench-check | |
| timeout-minutes: 30 | |
| integration-test: | |
| name: Integration Tests | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - run: ci/integration-test | |
| timeout-minutes: 30 | |
| kani: | |
| name: Kani Proofs | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| crate: [lading_throttle, lading_payload] | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Install kani | |
| run: cargo install kani-verifier | |
| - run: ci/kani ${{ matrix.crate }} | |
| timeout-minutes: 30 | |
| loom: | |
| name: Loom Tests | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| crate: [lading-signal] | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - run: ci/loom ${{ matrix.crate }} | |
| timeout-minutes: 30 | |
| fuzz-check: | |
| name: Check Fuzz Targets | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| with: | |
| toolchain: nightly | |
| components: rust-src | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Install cargo-fuzz | |
| run: cargo install cargo-fuzz | |
| - run: ci/fuzz --check lading_payload | |
| timeout-minutes: 10 | |
| fingerprint: | |
| name: Payload Fingerprint Verification | |
| runs-on: ubuntu-latest | |
| env: | |
| CARGO_INCREMENTAL: "0" | |
| SCCACHE_BUCKET: "lading-sccache" | |
| SCCACHE_REGION: "us-west-2" | |
| RUSTC_WRAPPER: "sccache" | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@61815dcd50bd041e203e49132bacad1fd04d2708 # v5.1.1 | |
| with: | |
| role-to-assume: arn:aws:iam::850406765696:role/lading-ci-sccache-oidc | |
| aws-region: us-west-2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.10 | |
| - uses: mozilla-actions/sccache-action@7d986dd989559c6ecdb630a3fd2557667be217ad # v0.0.9 | |
| - name: Install Protobuf | |
| uses: ./.github/actions/install-protobuf | |
| - name: Install FUSE | |
| uses: ./.github/actions/install-fuse | |
| - name: Build payloadtool | |
| run: cargo build --release --bin payloadtool | |
| - run: ci/fingerprint | |
| timeout-minutes: 10 | |
| buf: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Check our protobufs for lint cleanliness and for lack of breaking | |
| # changes | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install buf | |
| uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 | |
| with: | |
| version: ${{ env.MISE_VERSION }} | |
| install_args: buf | |
| - run: ci/buf | |
| actionlint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install actionlint | |
| uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 | |
| with: | |
| version: ${{ env.MISE_VERSION }} | |
| install_args: actionlint | |
| - name: Check workflow files | |
| shell: bash | |
| run: | | |
| actionlint -color \ | |
| -ignore 'Double quote to prevent globbing and word splitting' \ | |
| -ignore 'Consider using { cmd1; cmd2; } >> file instead of individual redirects' \ | |
| -ignore 'Declare and assign separately to avoid masking return values' | |
| action-sha-pin-check: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out branch | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Check all GitHub Actions in ".github/workflows" are pinned to SHAs | |
| uses: stacklok/frizbee-action@c7009cdb455a69ae0dab0c37f296e0f545b4211c # v0.0.5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| actions: ".github/workflows" | |
| dockerfiles: "" | |
| fail_on_unpinned: true | |
| open_pr: false | |
| - name: Check all GitHub Actions in ".github/actions" are pinned to SHAs | |
| uses: stacklok/frizbee-action@c7009cdb455a69ae0dab0c37f296e0f545b4211c # v0.0.5 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| actions: ".github/actions" | |
| dockerfiles: "" | |
| fail_on_unpinned: true | |
| open_pr: false | |
| cargo-machete: | |
| name: Check unused dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - uses: actions-rust-lang/setup-rust-toolchain@150fca883cd4034361b621bd4e6a9d34e5143606 # v1.15.4 | |
| with: | |
| cache: false | |
| - name: Install cargo-machete | |
| uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 | |
| with: | |
| version: ${{ env.MISE_VERSION }} | |
| install_args: "github:bnjbvr/cargo-machete" | |
| - run: cargo machete | |
| custom-lints: | |
| name: Custom Lints (ast-grep) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 | |
| - name: Install ast-grep | |
| uses: jdx/mise-action@6d1e696aa24c1aa1bcc1adea0212707c71ab78a8 # v3.6.1 | |
| with: | |
| version: ${{ env.MISE_VERSION }} | |
| install_args: "aqua:ast-grep/ast-grep" | |
| - name: Test custom lints | |
| run: ci/test_custom_lints | |
| - name: Run custom lints | |
| run: ci/custom_lints |