diff options
| -rw-r--r-- | .editorconfig | 4 | ||||
| -rw-r--r-- | .github/workflows/android-app.yml | 339 | ||||
| -rw-r--r-- | .github/workflows/android-audit.yml | 23 | ||||
| -rw-r--r-- | .github/workflows/android-ktlint.yml | 36 | ||||
| -rw-r--r-- | .github/workflows/android-xml-tidy.yml | 32 | ||||
| -rw-r--r-- | .github/workflows/cargo-audit.yml | 60 | ||||
| -rw-r--r-- | .github/workflows/clippy.yml | 23 | ||||
| -rw-r--r-- | .github/workflows/daemon.yml | 285 | ||||
| -rw-r--r-- | .github/workflows/frontend.yml | 99 | ||||
| -rw-r--r-- | .github/workflows/ios.yml | 162 | ||||
| -rw-r--r-- | .github/workflows/rust-supply-chain.yml | 39 | ||||
| -rw-r--r-- | .github/workflows/rust-unused-dependencies.yml | 168 | ||||
| -rw-r--r-- | .github/workflows/rustfmt.yml | 46 | ||||
| -rw-r--r-- | .github/workflows/translations-converter.yml | 39 | ||||
| -rw-r--r-- | .github/workflows/translations.yml | 72 | ||||
| -rw-r--r-- | .github/workflows/unicode-check.yml | 19 | ||||
| -rw-r--r-- | .github/workflows/verify-locked-down-signatures.yml | 65 | ||||
| -rw-r--r-- | .github/workflows/yamllint.yml | 17 | ||||
| -rw-r--r-- | .yamllint | 8 | ||||
| -rw-r--r-- | gui/.prettierrc.yml | 1 |
20 files changed, 782 insertions, 755 deletions
diff --git a/.editorconfig b/.editorconfig index 839ca55766..4d0dcfc971 100644 --- a/.editorconfig +++ b/.editorconfig @@ -20,3 +20,7 @@ indent_size = 2 [*.{go}] end_of_line = lf indent_style = tab + +[*.{yml,yaml}] +indent_style = space +indent_size = 2 diff --git a/.github/workflows/android-app.yml b/.github/workflows/android-app.yml index 64a08f4380..50c10b0fc1 100644 --- a/.github/workflows/android-app.yml +++ b/.github/workflows/android-app.yml @@ -1,188 +1,191 @@ +--- name: Android - Build and test on: - # Build whenever a file that affects Android is changed in a pull request - pull_request: - paths: - - .github/workflows/android-app.yml - - android/** - - mullvad-api/** - - mullvad-daemon/** - - mullvad-jni/** - - mullvad-paths/** - - mullvad-problem-report/** - - mullvad-types/** - - talpid-core/** - - talpid-platform-metadata/** - - talpid-types/** - - talpid-types/** - - wireguard/** - - Cargo.toml - - build-apk.sh - - update-api-metadata.sh - - update-version-metadata.sh - # Build if requested manually from the Actions tab - workflow_dispatch: - inputs: - override_container_image: - description: 'Override container image' - type: string - required: false - # Build if master is updated to ensure up-to-date caches are available - push: - branches: - - master + pull_request: + paths: + - .github/workflows/android-app.yml + - android/** + - mullvad-api/** + - mullvad-daemon/** + - mullvad-jni/** + - mullvad-paths/** + - mullvad-problem-report/** + - mullvad-types/** + - talpid-core/** + - talpid-platform-metadata/** + - talpid-types/** + - talpid-types/** + - wireguard/** + - Cargo.toml + - build-apk.sh + - update-api-metadata.sh + - update-version-metadata.sh + workflow_dispatch: + inputs: + override_container_image: + description: Override container image + type: string + required: false + # Build if master is updated to ensure up-to-date caches are available + push: + branches: [master] jobs: - prepare: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 + prepare: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 - - name: Use custom container image if specified - if: "${{ github.event.inputs.override_container_image != '' }}" - run: echo "inner_container_image=${{ github.event.inputs.override_container_image }}" >> $GITHUB_ENV + - name: Use custom container image if specified + if: ${{ github.event.inputs.override_container_image != '' }} + run: echo "inner_container_image=${{ github.event.inputs.override_container_image }}" + >> $GITHUB_ENV - - name: Use default container image and resolve digest - if: "${{ github.event.inputs.override_container_image == '' }}" - run: | - echo "inner_container_image=$(cat ./building/android-container-image.txt)" >> $GITHUB_ENV + - name: Use default container image and resolve digest + if: ${{ github.event.inputs.override_container_image == '' }} + run: | + echo "inner_container_image=$(cat ./building/android-container-image.txt)" >> $GITHUB_ENV - outputs: - container_image: "${{ env.inner_container_image }}" + outputs: + container_image: ${{ env.inner_container_image }} - build: - needs: prepare - runs-on: ubuntu-latest - container: - image: "${{ needs.prepare.outputs.container_image }}" - steps: - # Fix for HOME path overridden by GH runners when building in containers, see: - # https://github.com/actions/runner/issues/863 - - name: Fix HOME path - run: echo "HOME=/root" >> $GITHUB_ENV + build: + needs: prepare + runs-on: ubuntu-latest + container: + image: ${{ needs.prepare.outputs.container_image }} + steps: + # Fix for HOME path overridden by GH runners when building in containers, see: + # https://github.com/actions/runner/issues/863 + - name: Fix HOME path + run: echo "HOME=/root" >> $GITHUB_ENV - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - - name: Calculate native lib cache hash - id: native-lib-cache-hash - shell: bash - run: | - non_android_hash="$(git grep --cached -l '' -- ':!android/' | xargs -d '\n' sha1sum | sha1sum | awk '{print $1}')" - echo "native_lib_hash=$non_android_hash" >> $GITHUB_OUTPUT + - name: Calculate native lib cache hash + id: native-lib-cache-hash + shell: bash + run: | + non_android_hash="$(git grep --cached -l '' -- ':!android/' \ + | xargs -d '\n' sha1sum \ + | sha1sum \ + | awk '{print $1}')" + echo "native_lib_hash=$non_android_hash" >> $GITHUB_OUTPUT - - name: Cache native libraries - uses: actions/cache@v3 - id: cache-native-libs - with: - path: | - ./android/app/build/extraJni - ./dist-assets/relays.json - ./dist-assets/api-ip-address.txt - key: android-native-libs-${{ runner.os }}-x86_64-${{ steps.native-lib-cache-hash.outputs.native_lib_hash }} + - name: Cache native libraries + uses: actions/cache@v3 + id: cache-native-libs + with: + path: | + ./android/app/build/extraJni + ./dist-assets/relays.json + ./dist-assets/api-ip-address.txt + key: android-native-libs-${{ runner.os }}-x86_64-${{ steps.native-lib-cache-hash.outputs.native_lib_hash}} - - name: Build native libraries - if: steps.cache-native-libs.outputs.cache-hit != 'true' - env: - RUSTFLAGS: --deny warnings - ABI: x86_64 - TARGET: x86_64-linux-android - BUILD_TYPE: debug - run: | - ARCHITECTURES="$ABI" - UNSTRIPPED_LIB_PATH="$CARGO_TARGET_DIR/$TARGET/$BUILD_TYPE/libmullvad_jni.so" - STRIPPED_LIB_PATH="./android/app/build/extraJni/$ABI/libmullvad_jni.so" - NDK_TOOLCHAIN_STRIP_TOOL="$NDK_TOOLCHAIN_DIR/x86_64-linux-android-strip" - ./wireguard/build-wireguard-go.sh --android --no-docker - cargo build --target $TARGET --verbose --package mullvad-jni - cargo run --bin relay_list > dist-assets/relays.json - $NDK_TOOLCHAIN_STRIP_TOOL --strip-debug --strip-unneeded -o "$STRIPPED_LIB_PATH" "$UNSTRIPPED_LIB_PATH" + - name: Build native libraries + if: steps.cache-native-libs.outputs.cache-hit != 'true' + env: + RUSTFLAGS: --deny warnings + ABI: x86_64 + TARGET: x86_64-linux-android + BUILD_TYPE: debug + run: | + ARCHITECTURES="$ABI" + UNSTRIPPED_LIB_PATH="$CARGO_TARGET_DIR/$TARGET/$BUILD_TYPE/libmullvad_jni.so" + STRIPPED_LIB_PATH="./android/app/build/extraJni/$ABI/libmullvad_jni.so" + NDK_TOOLCHAIN_STRIP_TOOL="$NDK_TOOLCHAIN_DIR/x86_64-linux-android-strip" + ./wireguard/build-wireguard-go.sh --android --no-docker + cargo build --target $TARGET --verbose --package mullvad-jni + cargo run --bin relay_list > dist-assets/relays.json + $NDK_TOOLCHAIN_STRIP_TOOL --strip-debug --strip-unneeded -o "$STRIPPED_LIB_PATH" "$UNSTRIPPED_LIB_PATH" - - name: Build Android app - uses: burrunan/gradle-cache-action@v1 - with: - job-id: jdk11 - arguments: assembleDebug - gradle-version: wrapper - build-root-directory: android + - name: Build Android app + uses: burrunan/gradle-cache-action@v1 + with: + job-id: jdk11 + arguments: assembleDebug + gradle-version: wrapper + build-root-directory: android - - name: Run unit tests - uses: burrunan/gradle-cache-action@v1 - with: - job-id: jdk11 - arguments: testDebugUnitTest - gradle-version: wrapper - build-root-directory: android - execution-only-caches: true + - name: Run unit tests + uses: burrunan/gradle-cache-action@v1 + with: + job-id: jdk11 + arguments: testDebugUnitTest + gradle-version: wrapper + build-root-directory: android + execution-only-caches: true - - name: Assemble instrumented test apk - uses: burrunan/gradle-cache-action@v1 - with: - job-id: jdk11 - arguments: assembleAndroidTest - gradle-version: wrapper - build-root-directory: android - execution-only-caches: true + - name: Assemble instrumented test apk + uses: burrunan/gradle-cache-action@v1 + with: + job-id: jdk11 + arguments: assembleAndroidTest + gradle-version: wrapper + build-root-directory: android + execution-only-caches: true - - name: Upload apks - uses: actions/upload-artifact@v3 - with: - name: apks - path: android/app/build/outputs/apk - if-no-files-found: error - retention-days: 1 + - name: Upload apks + uses: actions/upload-artifact@v3 + with: + name: apks + path: android/app/build/outputs/apk + if-no-files-found: error + retention-days: 1 - instrumented-tests: - name: Instrumented tests - runs-on: macos-latest - timeout-minutes: 30 - needs: - - build - strategy: - fail-fast: false - steps: - - name: Checkout repository - uses: actions/checkout@v3 + instrumented-tests: + name: Instrumented tests + runs-on: macos-latest + timeout-minutes: 30 + needs: [build] + strategy: + fail-fast: false + steps: + - name: Checkout repository + uses: actions/checkout@v3 - - uses: actions/download-artifact@v3 - with: - name: apks - path: android/app/build/outputs/apk + - uses: actions/download-artifact@v3 + with: + name: apks + path: android/app/build/outputs/apk - - name: AVD cache - uses: actions/cache@v3 - id: avd-cache - with: - path: | - ~/.android/avd/* - ~/.android/adb* - key: emulator-api-33 + - name: AVD cache + uses: actions/cache@v3 + id: avd-cache + with: + path: | + ~/.android/avd/* + ~/.android/adb* + key: emulator-api-33 - - name: Create avd and generate snapshot - uses: reactivecircus/android-emulator-runner@v2 - if: steps.avd-cache.outputs.cache-hit != 'true' - with: - force-avd-creation: false - api-level: 33 - target: google_apis - arch: x86_64 - emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none - disable-animations: true - profile: pixel - script: echo "Generated AVD snapshot for caching." - env: - API_LEVEL: 33 + - name: Create avd and generate snapshot + uses: reactivecircus/android-emulator-runner@v2 + if: steps.avd-cache.outputs.cache-hit != 'true' + with: + force-avd-creation: false + api-level: 33 + target: google_apis + arch: x86_64 + emulator-options: -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim + -camera-back none + disable-animations: true + profile: pixel + script: echo "Generated AVD snapshot for caching." + env: + API_LEVEL: 33 - - name: Run Android instrumented tests - uses: reactivecircus/android-emulator-runner@v2 - with: - force-avd-creation: false - api-level: 33 - target: google_apis - arch: x86_64 - emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect -noaudio -no-boot-anim -camera-back none - disable-animations: true - profile: pixel - script: ./android/scripts/run-instrumented-tests.sh app - env: - API_LEVEL: 33 + - name: Run Android instrumented tests + uses: reactivecircus/android-emulator-runner@v2 + with: + force-avd-creation: false + api-level: 33 + target: google_apis + arch: x86_64 + emulator-options: -no-snapshot-save -no-window -gpu swiftshader_indirect + -noaudio -no-boot-anim -camera-back none + disable-animations: true + profile: pixel + script: ./android/scripts/run-instrumented-tests.sh app + env: + API_LEVEL: 33 diff --git a/.github/workflows/android-audit.yml b/.github/workflows/android-audit.yml index 267727ca80..7c59e295c2 100644 --- a/.github/workflows/android-audit.yml +++ b/.github/workflows/android-audit.yml @@ -1,15 +1,14 @@ +--- name: Android - Audit dependencies on: - pull_request: - paths: - - .github/workflows/android-audit.yml - - android/** - workflow_dispatch: + pull_request: + paths: [.github/workflows/android-audit.yml, android/**] + workflow_dispatch: jobs: - owasp-dependency-check: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - run: | - cd android - ./gradlew dependencyCheckAnalyze + owasp-dependency-check: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - run: |- + cd android + ./gradlew dependencyCheckAnalyze diff --git a/.github/workflows/android-ktlint.yml b/.github/workflows/android-ktlint.yml index ee7ed4b67a..70aad1c264 100644 --- a/.github/workflows/android-ktlint.yml +++ b/.github/workflows/android-ktlint.yml @@ -1,25 +1,21 @@ +--- name: Android - Kotlin linter on: - # Run linter whenever a Kotlin file changes - pull_request: - paths: - - .github/workflows/android-ktlint.yml - - android/**/*.kt - # Run linter if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: [.github/workflows/android-ktlint.yml, android/**/*.kt] + workflow_dispatch: jobs: - ktlint: - runs-on: ubuntu-latest - steps: - # Checkout repository - - uses: actions/checkout@v3 + ktlint: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 - # Install Ktlint - - uses: nbadal/action-ktlint-setup@v1 - with: - ktlint_version: 0.45.1 + - name: Install Ktlint + uses: nbadal/action-ktlint-setup@v1 + with: + ktlint_version: 0.45.1 - # Check formatting - - run: | - cd android - ktlint -a + - name: Check formatting + run: |- + cd android + ktlint -a diff --git a/.github/workflows/android-xml-tidy.yml b/.github/workflows/android-xml-tidy.yml index b406e738da..dda54354b4 100644 --- a/.github/workflows/android-xml-tidy.yml +++ b/.github/workflows/android-xml-tidy.yml @@ -1,21 +1,17 @@ +--- name: Android - Check XML formatting on: - # Run verifier whenever an Android XML file changes - pull_request: - paths: - - .github/workflows/android-xml-tidy.yml - - android/app/src/main/**/*.xml - # Run verifier if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/android-xml-tidy.yml + - android/app/src/main/**/*.xml + workflow_dispatch: jobs: - xml-tidy: - runs-on: ubuntu-latest - steps: - # Checkout repository - - uses: actions/checkout@v3 - - # Check formatting - - run: | - sudo apt-get install tidy - source ci/ci-android-xml.sh - tidy-verify-xml + xml-tidy: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - run: |- + sudo apt-get install tidy + source ci/ci-android-xml.sh + tidy-verify-xml diff --git a/.github/workflows/cargo-audit.yml b/.github/workflows/cargo-audit.yml index 9ef1d756be..f908b03290 100644 --- a/.github/workflows/cargo-audit.yml +++ b/.github/workflows/cargo-audit.yml @@ -1,36 +1,36 @@ +--- name: Rust - Audit dependencies on: - pull_request: - paths: - - .github/workflows/cargo-audit.yml - - '**/*.rs' - - Cargo.lock - # Check if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/cargo-audit.yml + - '**/*.rs' + - Cargo.lock + workflow_dispatch: jobs: - audit: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 + audit: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 - - name: Install Protoc - uses: arduino/setup-protoc@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Install Protoc + uses: arduino/setup-protoc@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Install cargo-audit - uses: actions-rs/install@v0.1.2 - with: - crate: cargo-audit - version: latest + - name: Install cargo-audit + uses: actions-rs/install@v0.1.2 + with: + crate: cargo-audit + version: latest - - name: Audit - # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known - # good workarounds, and we want logs etc to be in local time. - # RUSTSEC-2021-0145: The vulnerability affects custom global allocators, - # so it should be safe to ignore it. Stop ignoring the warning once - # atty has been replaced in clap and env_logger: - # https://github.com/clap-rs/clap/pull/4249 - # https://github.com/rust-cli/env_logger/pull/246 - run: cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2021-0145 + - name: Audit + # RUSTSEC-2020-0071: Ignore the time segfault CVE since there are no known + # good workarounds, and we want logs etc to be in local time. + # RUSTSEC-2021-0145: The vulnerability affects custom global allocators, + # so it should be safe to ignore it. Stop ignoring the warning once + # atty has been replaced in clap and env_logger: + # https://github.com/clap-rs/clap/pull/4249 + # https://github.com/rust-cli/env_logger/pull/246 + run: cargo audit --ignore RUSTSEC-2020-0071 --ignore RUSTSEC-2021-0145 diff --git a/.github/workflows/clippy.yml b/.github/workflows/clippy.yml index 258f344a8c..3137e67fd1 100644 --- a/.github/workflows/clippy.yml +++ b/.github/workflows/clippy.yml @@ -1,13 +1,12 @@ +--- name: Rust - Run Clippy to check lints on: - # Check whenever a file that affects Clippy is changed in a pull request - pull_request: - paths: - - .github/workflows/clippy.yml - - clippy.toml - - '**/*.rs' - # Check if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/clippy.yml + - clippy.toml + - '**/*.rs' + workflow_dispatch: jobs: clippy_check: runs-on: ubuntu-latest @@ -25,9 +24,9 @@ jobs: - uses: actions-rs/toolchain@v1.0.6 with: - toolchain: stable - components: clippy - override: true + toolchain: stable + components: clippy + override: true - name: Install build dependencies run: | @@ -35,7 +34,7 @@ jobs: sudo apt-get install libdbus-1-dev - name: Clippy check - run: | + run: |- export RUSTFLAGS="--deny warnings" source env.sh time cargo clippy --locked --verbose diff --git a/.github/workflows/daemon.yml b/.github/workflows/daemon.yml index 262b25403d..4612df7f59 100644 --- a/.github/workflows/daemon.yml +++ b/.github/workflows/daemon.yml @@ -1,168 +1,171 @@ +--- name: Daemon+CLI - Build and test on: - # Build whenever a file that affects a Rust crate is changed in a pull request - pull_request: - paths-ignore: - - '**/*.md' - - .github/workflows/android*.yml - - .github/workflows/frontend.yml - - .github/workflows/ios.yml - - .github/workflows/rustfmt.yml - - .github/workflows/translations.yml - - android/** - - audits/** - - ci/buildserver-* - - ci/ci-* - - dist-assets/** - - docs/** - - graphics/** - - gui/** - - ios/** - - mullvad-jni/** - - scripts/** - - '.*ignore' - - .editorconfig - - .gitattributes - - Dockerfile - - build.sh - - build-apk.sh - - integration-tests.sh - - prepare-release.sh - - rustfmt.toml - # Build if requested manually from the Actions tab - workflow_dispatch: - inputs: - override_container_image: - description: 'Override container image' - type: string - required: false + pull_request: + paths-ignore: + - '**/*.md' + - .github/workflows/android*.yml + - .github/workflows/frontend.yml + - .github/workflows/ios.yml + - .github/workflows/rustfmt.yml + - .github/workflows/translations.yml + - android/** + - audits/** + - ci/buildserver-* + - ci/ci-* + - dist-assets/** + - docs/** + - graphics/** + - gui/** + - ios/** + - mullvad-jni/** + - scripts/** + - .*ignore + - .editorconfig + - .gitattributes + - Dockerfile + - build.sh + - build-apk.sh + - integration-tests.sh + - prepare-release.sh + - rustfmt.toml + workflow_dispatch: + inputs: + override_container_image: + description: Override container image + type: string + required: false jobs: - prepare-linux: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 + prepare-linux: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 - - name: Use custom container image if specified - if: "${{ github.event.inputs.override_container_image != '' }}" - run: echo "inner_container_image=${{ github.event.inputs.override_container_image }}" >> $GITHUB_ENV + - name: Use custom container image if specified + if: ${{ github.event.inputs.override_container_image != '' }} + run: echo "inner_container_image=${{ github.event.inputs.override_container_image }}" + >> $GITHUB_ENV - - name: Use default container image and resolve digest - if: "${{ github.event.inputs.override_container_image == '' }}" - run: | - echo "inner_container_image=$(cat ./building/linux-container-image.txt)" >> $GITHUB_ENV + - name: Use default container image and resolve digest + if: ${{ github.event.inputs.override_container_image == '' }} + run: | + echo "inner_container_image=$(cat ./building/linux-container-image.txt)" >> $GITHUB_ENV - outputs: - container_image: "${{ env.inner_container_image }}" + outputs: + container_image: ${{ env.inner_container_image }} - build-linux: - needs: prepare-linux - runs-on: ubuntu-latest - container: - image: "${{ needs.prepare-linux.outputs.container_image }}" + build-linux: + needs: prepare-linux + runs-on: ubuntu-latest + container: + image: ${{ needs.prepare-linux.outputs.container_image }} - strategy: - matrix: - rust: [stable, beta, nightly] - continue-on-error: true - steps: - # Fix for HOME path overridden by GH runners when building in containers, see: - # https://github.com/actions/runner/issues/863 - - name: Fix HOME path - run: echo "HOME=/root" >> $GITHUB_ENV + strategy: + matrix: + rust: [stable, beta, nightly] + continue-on-error: true + steps: + # Fix for HOME path overridden by GH runners when building in containers, see: + # https://github.com/actions/runner/issues/863 + - name: Fix HOME path + run: echo "HOME=/root" >> $GITHUB_ENV - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - - name: Checkout binaries submodule - run: git submodule update --init --depth=1 dist-assets/binaries + - name: Checkout binaries submodule + run: git submodule update --init --depth=1 dist-assets/binaries - # The container image already has rustup and Rust, but only the stable toolchain - - name: Install Rust toolchain - run: rustup default ${{ matrix.rust }} + # The container image already has rustup and Rust, but only the stable toolchain + - name: Install Rust toolchain + run: rustup default ${{ matrix.rust }} - - name: Build and test crates - run: ./ci/check-rust.sh + - name: Build and test crates + run: ./ci/check-rust.sh - build-macos: - runs-on: macos-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 + build-macos: + runs-on: macos-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 - - name: Install Protoc - uses: arduino/setup-protoc@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Install Protoc + uses: arduino/setup-protoc@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Install Rust - uses: actions-rs/toolchain@v1.0.6 - with: - toolchain: stable - default: true + - name: Install Rust + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: stable + default: true - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: 1.18.5 + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.18.5 - - name: Build and test crates - run: ./ci/check-rust.sh + - name: Build and test crates + run: ./ci/check-rust.sh - build-windows: - runs-on: windows-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 + build-windows: + runs-on: windows-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 - - name: Checkout submodules - run: git submodule update --init --depth=1 + - name: Checkout submodules + run: git submodule update --init --depth=1 - - name: Install Protoc - uses: arduino/setup-protoc@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Install Protoc + uses: arduino/setup-protoc@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Calculate Windows libraries cache hash - id: windows-modules-hash - shell: bash - run: | - hash="$(git grep --recurse-submodules --cached -l '' -- './windows/' | xargs sha1sum | sha1sum | cut -d" " -f1)" - echo "::set-output name=hash::$hash" + - name: Calculate Windows libraries cache hash + id: windows-modules-hash + shell: bash + run: | + hash="$(git grep --recurse-submodules --cached -l '' -- './windows/' \ + | xargs sha1sum \ + | sha1sum \ + | cut -d" " -f1)" + echo "::set-output name=hash::$hash" - - name: Cache Windows libraries - uses: actions/cache@v2 - id: cache-windows-modules - with: - path: | - ./windows/*/bin/x64-*/*.dll - ./windows/*/bin/x64-*/*.lib - !./windows/*/bin/x64-*/libcommon.lib - !./windows/*/bin/x64-*/libshared.lib - !./windows/*/bin/x64-*/libwfp.lib - key: windows-modules-${{ steps.windows-modules-hash.outputs.hash }} + - name: Cache Windows libraries + uses: actions/cache@v2 + id: cache-windows-modules + with: + path: | + ./windows/*/bin/x64-*/*.dll + ./windows/*/bin/x64-*/*.lib + !./windows/*/bin/x64-*/libcommon.lib + !./windows/*/bin/x64-*/libshared.lib + !./windows/*/bin/x64-*/libwfp.lib + key: windows-modules-${{ steps.windows-modules-hash.outputs.hash }} - - name: Install Rust - uses: actions-rs/toolchain@v1.0.6 - with: - toolchain: stable - default: true + - name: Install Rust + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: stable + default: true - - name: Install Go - uses: actions/setup-go@v3 - with: - go-version: 1.18.5 + - name: Install Go + uses: actions/setup-go@v3 + with: + go-version: 1.18.5 - - name: Install msbuild - uses: microsoft/setup-msbuild@v1.0.2 - with: - vs-version: 16 + - name: Install msbuild + uses: microsoft/setup-msbuild@v1.0.2 + with: + vs-version: 16 - - name: Build Windows modules - if: steps.cache-windows-modules.outputs.cache-hit != 'true' - shell: bash - run: ./build-windows-modules.sh + - name: Build Windows modules + if: steps.cache-windows-modules.outputs.cache-hit != 'true' + shell: bash + run: ./build-windows-modules.sh - - name: Build and test crates - shell: bash - run: ./ci/check-rust.sh + - name: Build and test crates + shell: bash + run: ./ci/check-rust.sh diff --git a/.github/workflows/frontend.yml b/.github/workflows/frontend.yml index b1a8153411..74fd80e7e9 100644 --- a/.github/workflows/frontend.yml +++ b/.github/workflows/frontend.yml @@ -1,64 +1,63 @@ +--- name: Desktop frontend on: - # Build whenever a file that affects the frontend is changed in a pull request - pull_request: - paths: - - .github/workflows/frontend.yml - - gui/** - - mullvad-management-interface/proto/** - # Build if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/frontend.yml + - gui/** + - mullvad-management-interface/proto/** + workflow_dispatch: jobs: - check-frontend: - strategy: - matrix: - os: [ubuntu-latest, windows-latest] + check-frontend: + strategy: + matrix: + os: [ubuntu-latest, windows-latest] - runs-on: ${{ matrix.os }} - steps: - - name: Checkout repository - uses: actions/checkout@v3 + runs-on: ${{ matrix.os }} + steps: + - name: Checkout repository + uses: actions/checkout@v3 - - name: Setup volta - uses: volta-cli/action@v4 + - name: Setup volta + uses: volta-cli/action@v4 - - name: Get npm cache directory path - id: npm-cache-dir-path - shell: bash # To ensure that Windows correctly ouputs the cache path - run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT + - name: Get npm cache directory path + id: npm-cache-dir-path + shell: bash # To ensure that Windows correctly ouputs the cache path + run: echo "dir=$(npm config get cache)" >> $GITHUB_OUTPUT - - name: Cache npm dependencies - uses: actions/cache@v3 - with: - path: ${{ steps.npm-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-npm- + - name: Cache npm dependencies + uses: actions/cache@v3 + with: + path: ${{ steps.npm-cache-dir-path.outputs.dir }} + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- - - name: Install dependencies - working-directory: gui - run: npm ci + - name: Install dependencies + working-directory: gui + run: npm ci - - name: Check formatting - if: matrix.os == 'ubuntu-latest' - working-directory: gui - run: npm run lint + - name: Check formatting + if: matrix.os == 'ubuntu-latest' + working-directory: gui + run: npm run lint - - name: Build - working-directory: gui - run: npm run build + - name: Build + working-directory: gui + run: npm run build - - name: Run headless test Linux - if: runner.os == 'Linux' - working-directory: gui - run: xvfb-run -a npm test + - name: Run headless test Linux + if: runner.os == 'Linux' + working-directory: gui + run: xvfb-run -a npm test - - name: Run headless test Windows - if: runner.os != 'Linux' - working-directory: gui - run: npm test + - name: Run headless test Windows + if: runner.os != 'Linux' + working-directory: gui + run: npm test - - name: Run Playwright tests - working-directory: gui - run: npm run e2e:no-build + - name: Run Playwright tests + working-directory: gui + run: npm run e2e:no-build diff --git a/.github/workflows/ios.yml b/.github/workflows/ios.yml index 58238ad03a..be6eb8ec1f 100644 --- a/.github/workflows/ios.yml +++ b/.github/workflows/ios.yml @@ -1,92 +1,96 @@ +--- name: iOS app on: - pull_request: - paths: - - ".github/workflows/ios.yml" - - "ios/.swiftformat" - - "ios/**/*.swift" - # Build if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/ios.yml + - ios/.swiftformat + - ios/**/*.swift + workflow_dispatch: jobs: - check-formatting: - name: Check formatting - runs-on: macos-11 - steps: - - name: Install SwiftFormat - run: | - brew update - brew upgrade swiftformat + check-formatting: + name: Check formatting + runs-on: macos-11 + steps: + - name: Install SwiftFormat + run: | + brew update + brew upgrade swiftformat - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - - name: Check formatting - run: | - swiftformat --version - swiftformat --lint . + - name: Check formatting + run: | + swiftformat --version + swiftformat --lint . - test: - name: Unit tests - runs-on: macos-11 - env: - SOURCE_PACKAGES_PATH: .spm - steps: - - name: Install xcbeautify - run: brew install xcbeautify + test: + name: Unit tests + runs-on: macos-11 + env: + SOURCE_PACKAGES_PATH: .spm + steps: + - name: Install xcbeautify + run: brew install xcbeautify - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - - name: Configure cache - uses: actions/cache@v3 - with: - path: ios/${{ env.SOURCE_PACKAGES_PATH }} - key: ${{ runner.os }}-spm-${{ hashFiles('ios/**/Package.resolved') }} - restore-keys: | - ${{ runner.os }}-spm- + - name: Configure cache + uses: actions/cache@v3 + with: + path: ios/${{ env.SOURCE_PACKAGES_PATH }} + key: ${{ runner.os }}-spm-${{ hashFiles('ios/**/Package.resolved') }} + restore-keys: | + ${{ runner.os }}-spm- - - name: Setup go-lang - uses: actions/setup-go@v3 - with: - go-version: 1.18.5 + - name: Setup go-lang + uses: actions/setup-go@v3 + with: + go-version: 1.18.5 - - name: Prepare iOS simulator - run: | - sudo mkdir -p /Library/Developer/CoreSimulator/Profiles/Runtimes - sudo ln -s /Applications/Xcode_11.7.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime /Library/Developer/CoreSimulator/Profiles/Runtimes/iOS\ 13.7.simruntime + - name: Prepare iOS simulator + # yamllint disable rule:line-length + run: | + sudo mkdir -p /Library/Developer/CoreSimulator/Profiles/Runtimes + sudo ln -s \ + /Applications/Xcode_11.7.app/Contents/Developer/Platforms/iPhoneOS.platform/Library/Developer/CoreSimulator/Profiles/Runtimes/iOS.simruntime \ + /Library/Developer/CoreSimulator/Profiles/Runtimes/iOS\ 13.7.simruntime + # yamllint enable rule:line-length - - name: Configure Xcode project - run: | - cp Base.xcconfig.template Base.xcconfig - cp App.xcconfig.template App.xcconfig - cp PacketTunnel.xcconfig.template PacketTunnel.xcconfig - cp Screenshots.xcconfig.template Screenshots.xcconfig - working-directory: ios/Configurations + - name: Configure Xcode project + run: | + cp Base.xcconfig.template Base.xcconfig + cp App.xcconfig.template App.xcconfig + cp PacketTunnel.xcconfig.template PacketTunnel.xcconfig + cp Screenshots.xcconfig.template Screenshots.xcconfig + working-directory: ios/Configurations - - name: Convert Package.resolved v2 -> v1 - run: | - jq '{ - "object": { - "pins": .pins | map({ - "package": .identity, - "repositoryURL": .location, - "state": .state - }) - }, - "version": 1 - }' Package.resolved > Package.resolved.out - mv Package.resolved.out Package.resolved - working-directory: ios/MullvadVPN.xcodeproj/project.xcworkspace/xcshareddata/swiftpm + - name: Convert Package.resolved v2 -> v1 + run: | + jq '{ + "object": { + "pins": .pins | map({ + "package": .identity, + "repositoryURL": .location, + "state": .state + }) + }, + "version": 1 + }' Package.resolved > Package.resolved.out + mv Package.resolved.out Package.resolved + working-directory: ios/MullvadVPN.xcodeproj/project.xcworkspace/xcshareddata/swiftpm - - name: Run tests - run: | - set -o pipefail && xcodebuild test \ - -project MullvadVPN.xcodeproj \ - -scheme MullvadVPN \ - -skip-testing:MullvadVPNScreenshots \ - -destination "platform=iOS Simulator,OS=13.7,name=iPhone 8" \ - -clonedSourcePackagesDirPath "${SOURCE_PACKAGES_PATH}" \ - CODE_SIGN_IDENTITY="" \ - CODE_SIGNING_REQUIRED=NO \ - ONLY_ACTIVE_ARCH=YES | xcbeautify - working-directory: ios + - name: Run tests + run: | + set -o pipefail && xcodebuild test \ + -project MullvadVPN.xcodeproj \ + -scheme MullvadVPN \ + -skip-testing:MullvadVPNScreenshots \ + -destination "platform=iOS Simulator,OS=13.7,name=iPhone 8" \ + -clonedSourcePackagesDirPath "${SOURCE_PACKAGES_PATH}" \ + CODE_SIGN_IDENTITY="" \ + CODE_SIGNING_REQUIRED=NO \ + ONLY_ACTIVE_ARCH=YES | xcbeautify + working-directory: ios diff --git a/.github/workflows/rust-supply-chain.yml b/.github/workflows/rust-supply-chain.yml index 0aea441087..67e15b7390 100644 --- a/.github/workflows/rust-supply-chain.yml +++ b/.github/workflows/rust-supply-chain.yml @@ -1,24 +1,23 @@ +--- name: Rust - Supply chain on: - # Check whenever a file that affects Rust and its dependencies is changed in a pull request - pull_request: - paths: - - .github/workflows/rust-supply-chain.yml - - deny.toml - - '**/Cargo.toml' - - Cargo.lock - - '**/*.rs' - # Check if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/rust-supply-chain.yml + - deny.toml + - '**/Cargo.toml' + - Cargo.lock + - '**/*.rs' + workflow_dispatch: jobs: - check-supply-chain: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 + check-supply-chain: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 - - name: Run cargo deny - uses: EmbarkStudios/cargo-deny-action@v1 - with: - log-level: warn - command: check all + - name: Run cargo deny + uses: EmbarkStudios/cargo-deny-action@v1 + with: + log-level: warn + command: check all diff --git a/.github/workflows/rust-unused-dependencies.yml b/.github/workflows/rust-unused-dependencies.yml index 24209855f3..3b5c3256ec 100644 --- a/.github/workflows/rust-unused-dependencies.yml +++ b/.github/workflows/rust-unused-dependencies.yml @@ -1,108 +1,108 @@ +--- name: Rust - Unused dependencies on: - pull_request: - paths: - - .github/workflows/rust-unused-dependencies.yml - - '**/*.rs' - - '**/Cargo.toml' - # Check if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/rust-unused-dependencies.yml + - '**/*.rs' + - '**/Cargo.toml' + workflow_dispatch: jobs: - prepare-containers: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 + prepare-containers: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 - - name: Fetch container image names - run: | - echo "inner_container_image_linux=$(cat ./building/linux-container-image.txt)" >> $GITHUB_ENV - echo "inner_container_image_android=$(cat ./building/android-container-image.txt)" >> $GITHUB_ENV + - name: Fetch container image names + run: | + echo "inner_container_image_linux=$(cat ./building/linux-container-image.txt)" >> $GITHUB_ENV + echo "inner_container_image_android=$(cat ./building/android-container-image.txt)" >> $GITHUB_ENV - outputs: - container_image_linux: "${{ env.inner_container_image_linux }}" - container_image_android: "${{ env.inner_container_image_android }}" + outputs: + container_image_linux: ${{ env.inner_container_image_linux }} + container_image_android: ${{ env.inner_container_image_android }} - cargo-udeps-linux: - needs: prepare-containers - runs-on: ubuntu-latest - container: - image: "${{ needs.prepare-containers.outputs.container_image_linux }}" + cargo-udeps-linux: + needs: prepare-containers + runs-on: ubuntu-latest + container: + image: ${{ needs.prepare-containers.outputs.container_image_linux }} - steps: - # Fix for HOME path overridden by GH runners when building in containers, see: - # https://github.com/actions/runner/issues/863 - - name: Fix HOME path - run: echo "HOME=/root" >> $GITHUB_ENV + steps: + # Fix for HOME path overridden by GH runners when building in containers, see: + # https://github.com/actions/runner/issues/863 + - name: Fix HOME path + run: echo "HOME=/root" >> $GITHUB_ENV - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - - name: Checkout binaries submodule - run: git submodule update --init --depth=1 dist-assets/binaries + - name: Checkout binaries submodule + run: git submodule update --init --depth=1 dist-assets/binaries - - name: Install nightly Rust toolchain - run: rustup default nightly + - name: Install nightly Rust toolchain + run: rustup default nightly - - uses: taiki-e/install-action@v2 - with: - tool: cargo-udeps + - uses: taiki-e/install-action@v2 + with: + tool: cargo-udeps - - name: Check for unused dependencies - shell: bash - run: source env.sh && cargo +nightly udeps --workspace + - name: Check for unused dependencies + shell: bash + run: source env.sh && cargo +nightly udeps --workspace - cargo-udeps-android: - needs: prepare-containers - runs-on: ubuntu-latest - container: - image: "${{ needs.prepare-containers.outputs.container_image_android }}" + cargo-udeps-android: + needs: prepare-containers + runs-on: ubuntu-latest + container: + image: ${{ needs.prepare-containers.outputs.container_image_android }} - steps: - # Fix for HOME path overridden by GH runners when building in containers, see: - # https://github.com/actions/runner/issues/863 - - name: Fix HOME path - run: echo "HOME=/root" >> $GITHUB_ENV + steps: + # Fix for HOME path overridden by GH runners when building in containers, see: + # https://github.com/actions/runner/issues/863 + - name: Fix HOME path + run: echo "HOME=/root" >> $GITHUB_ENV - - name: Checkout repository - uses: actions/checkout@v3 + - name: Checkout repository + uses: actions/checkout@v3 - - name: Install nightly Rust toolchain - run: | - rustup default nightly - rustup target add aarch64-linux-android --toolchain nightly + - name: Install nightly Rust toolchain + run: | + rustup default nightly + rustup target add aarch64-linux-android --toolchain nightly - - uses: taiki-e/install-action@v2 - with: - tool: cargo-udeps + - uses: taiki-e/install-action@v2 + with: + tool: cargo-udeps - - name: Check for unused dependencies - run: cargo +nightly udeps --target aarch64-linux-android --package mullvad-jni + - name: Check for unused dependencies + run: cargo +nightly udeps --target aarch64-linux-android --package mullvad-jni - cargo-udeps: - strategy: - matrix: - os: [macos-latest, windows-latest] - runs-on: ${{ matrix.os }} + cargo-udeps: + strategy: + matrix: + os: [macos-latest, windows-latest] + runs-on: ${{ matrix.os }} - steps: - - name: Checkout repository - uses: actions/checkout@v3 + steps: + - name: Checkout repository + uses: actions/checkout@v3 - - name: Install Protoc - uses: arduino/setup-protoc@v1 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} + - name: Install Protoc + uses: arduino/setup-protoc@v1 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} - - name: Install Rust - uses: actions-rs/toolchain@v1.0.6 - with: - toolchain: nightly - default: true - profile: minimal + - name: Install Rust + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: nightly + default: true + profile: minimal - - uses: taiki-e/install-action@v2 - with: - tool: cargo-udeps + - uses: taiki-e/install-action@v2 + with: + tool: cargo-udeps - - name: Check for unused dependencies - run: cargo +nightly udeps --workspace + - name: Check for unused dependencies + run: cargo +nightly udeps --workspace diff --git a/.github/workflows/rustfmt.yml b/.github/workflows/rustfmt.yml index f8100d585f..2d6117d547 100644 --- a/.github/workflows/rustfmt.yml +++ b/.github/workflows/rustfmt.yml @@ -1,29 +1,27 @@ +--- name: Rust - Check formatting on: - # Check whenever a file that affects Rust formatting is changed in a pull request - pull_request: - paths: - - .github/workflows/rustfmt.yml - - rustfmt.toml - - '**/*.rs' - # Check if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/rustfmt.yml + - rustfmt.toml + - '**/*.rs' + workflow_dispatch: jobs: - check-formatting: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 + check-formatting: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 - - name: Install nightly Rust - uses: actions-rs/toolchain@v1.0.6 - with: - toolchain: nightly - components: rustfmt - default: true - - - name: Check formatting - run: | - rustfmt --version - cargo fmt -- --check --unstable-features + - name: Install nightly Rust + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: nightly + components: rustfmt + default: true + - name: Check formatting + run: |- + rustfmt --version + cargo fmt -- --check --unstable-features diff --git a/.github/workflows/translations-converter.yml b/.github/workflows/translations-converter.yml index f6440a4c69..4cb65d3d4f 100644 --- a/.github/workflows/translations-converter.yml +++ b/.github/workflows/translations-converter.yml @@ -1,25 +1,24 @@ +--- name: Translations converter tool CI on: - # Run whenever a file that affects the translations converter tool is changed - pull_request: - paths: - - .github/workflows/translations-converter.yml - - android/translations-converter/** - # Check if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/translations-converter.yml + - android/translations-converter/** + workflow_dispatch: jobs: - check-translations: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 + check-translations: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 - - name: Install Rust - uses: actions-rs/toolchain@v1.0.6 - with: - toolchain: stable - default: true + - name: Install Rust + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: stable + default: true - - name: Build and test translations converter tool - working-directory: android/translations-converter - run: cargo test + - name: Build and test translations converter tool + working-directory: android/translations-converter + run: cargo test diff --git a/.github/workflows/translations.yml b/.github/workflows/translations.yml index 3472426265..577df6f278 100644 --- a/.github/workflows/translations.yml +++ b/.github/workflows/translations.yml @@ -1,45 +1,45 @@ +--- name: Translation check on: - pull_request: - paths: - - .github/workflows/translations.yml - - android/translations-converter/** - - android/app/src/**/plurals.xml - - android/app/src/**/strings.xml - - gui/** - # Check if requested manually from the Actions tab - workflow_dispatch: + pull_request: + paths: + - .github/workflows/translations.yml + - android/translations-converter/** + - android/app/src/**/plurals.xml + - android/app/src/**/strings.xml + - gui/** + workflow_dispatch: jobs: - check-translations: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v2 + check-translations: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 - - name: Setup volta - uses: volta-cli/action@v4 + - name: Setup volta + uses: volta-cli/action@v4 - - name: Get npm cache directory path - id: npm-cache-dir-path - run: echo "::set-output name=dir::$(npm config get cache)" + - name: Get npm cache directory path + id: npm-cache-dir-path + run: echo "::set-output name=dir::$(npm config get cache)" - - name: Cache npm dependencies - uses: actions/cache@v3 - with: - path: ${{ steps.npm-cache-dir-path.outputs.dir }} - key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} - restore-keys: | - ${{ runner.os }}-npm- + - name: Cache npm dependencies + uses: actions/cache@v3 + with: + path: ${{ steps.npm-cache-dir-path.outputs.dir }} + key: ${{ runner.os }}-npm-${{ hashFiles('**/package-lock.json') }} + restore-keys: | + ${{ runner.os }}-npm- - - name: Install JS dependencies - working-directory: gui - run: npm ci + - name: Install JS dependencies + working-directory: gui + run: npm ci - - name: Install nightly Rust - uses: actions-rs/toolchain@v1.0.6 - with: - toolchain: stable - default: true + - name: Install nightly Rust + uses: actions-rs/toolchain@v1.0.6 + with: + toolchain: stable + default: true - - name: Verify translations - run: scripts/localization verify + - name: Verify translations + run: scripts/localization verify diff --git a/.github/workflows/unicode-check.yml b/.github/workflows/unicode-check.yml index 2312429056..db768f8cb3 100644 --- a/.github/workflows/unicode-check.yml +++ b/.github/workflows/unicode-check.yml @@ -1,14 +1,15 @@ +--- name: Bidirectional Unicode scan on: [pull_request, workflow_dispatch] jobs: - build-linux: - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v3 + build-linux: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v3 - - name: Checkout submodules - run: git submodule update --init + - name: Checkout submodules + run: git submodule update --init - - name: Scan for code points - run: ./ci/check-trojan-source.sh . + - name: Scan for code points + run: ./ci/check-trojan-source.sh . diff --git a/.github/workflows/verify-locked-down-signatures.yml b/.github/workflows/verify-locked-down-signatures.yml index 3758705d27..cf4657a479 100644 --- a/.github/workflows/verify-locked-down-signatures.yml +++ b/.github/workflows/verify-locked-down-signatures.yml @@ -1,35 +1,36 @@ +--- name: Verify lockfile signatures on: - pull_request: - paths: - - .github/workflows/verify-locked-down-signatures.yml - - Cargo.lock - - gui/package-lock.json - - wireguard/libwg/go.sum - - ci/keys/ - - ci/verify-locked-down-signatures.sh - - ios/MullvadVPN.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved - - android/gradle/verification-metadata.xml - - android/gradle/wrapper/gradle-wrapper.properties - - building/build-and-publish.sh - - building/mullvad-app-container-signing.asc - - building/linux-container-image.txt - - building/android-container-image.txt - - building/sigstore/ - workflow_dispatch: + pull_request: + paths: + - .github/workflows/verify-locked-down-signatures.yml + - Cargo.lock + - gui/package-lock.json + - wireguard/libwg/go.sum + - ci/keys/ + - ci/verify-locked-down-signatures.sh + - ios/MullvadVPN.xcodeproj/project.xcworkspace/xcshareddata/swiftpm/Package.resolved + - android/gradle/verification-metadata.xml + - android/gradle/wrapper/gradle-wrapper.properties + - building/build-and-publish.sh + - building/mullvad-app-container-signing.asc + - building/linux-container-image.txt + - building/android-container-image.txt + - building/sigstore/ + workflow_dispatch: jobs: - verify-signatures: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - with: - ref: ${{ github.event.pull_request.head.sha }} - - name: Verify signatures - run: | - commits=${{ github.event.pull_request.commits }} - if [[ -n "$commits" ]]; then - # Prepare enough depth for diffs with master, currently hard-coded but should probably be - # whatever branch is merged into - git fetch --depth="$(( commits + 1 ))" origin ${{ github.head_ref }} master - fi - ci/verify-locked-down-signatures.sh --import-gpg-keys --whitelist origin/master + verify-signatures: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + with: + ref: ${{ github.event.pull_request.head.sha }} + - name: Verify signatures + run: |- + commits=${{ github.event.pull_request.commits }} + if [[ -n "$commits" ]]; then + # Prepare enough depth for diffs with master, currently hard-coded but should probably be + # whatever branch is merged into + git fetch --depth="$(( commits + 1 ))" origin ${{ github.head_ref }} master + fi + ci/verify-locked-down-signatures.sh --import-gpg-keys --whitelist origin/master diff --git a/.github/workflows/yamllint.yml b/.github/workflows/yamllint.yml new file mode 100644 index 0000000000..8ff2e5a498 --- /dev/null +++ b/.github/workflows/yamllint.yml @@ -0,0 +1,17 @@ +--- +name: YAML linting +on: + pull_request: + paths: + - .github/workflows/yamllint.yml + - .yamllint + - '**/**.yml' + - '**/**.yaml' + workflow_dispatch: +jobs: + check-formatting: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - run: sudo apt-get install yamllint + - run: yamllint . diff --git a/.yamllint b/.yamllint new file mode 100644 index 0000000000..98e20a9a62 --- /dev/null +++ b/.yamllint @@ -0,0 +1,8 @@ +--- +extends: default + +rules: + line-length: + max: 120 + indentation: + spaces: 2 diff --git a/gui/.prettierrc.yml b/gui/.prettierrc.yml index 7e3032aa3f..7c4217913d 100644 --- a/gui/.prettierrc.yml +++ b/gui/.prettierrc.yml @@ -1,3 +1,4 @@ +--- # .prettierrc.yml # see: https://prettier.io/docs/en/options.html printWidth: 100 |