.github/workflows/daemon.yml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157

---
name: Daemon+CLI - Build and test
on:
  pull_request:
    paths:
      - "**"
      - "!**/**.md"
      - "!.github/workflows/**"
      - ".github/workflows/daemon.yml"
      - "!.github/CODEOWNERS"
      - "!android/**"
      - 'android/translations-converter/**'
      - "!audits/**"
      - "!build.sh"
      - "!ci/**"
      - "ci/cargo-ci.sh"
      - "!clippy.toml"
      - "!deny.toml"
      - "!docs/**"
      - "!graphics/**"
      - "!desktop/**"
      - "!ios/**"
      - "!scripts/**"
      - "!.*ignore"
      - "!prepare-release.sh"
      - "!rustfmt.toml"
      - "!.yamllint"
      - "!**/osv-scanner.toml"

  workflow_dispatch:
    inputs:
      override_container_image:
        description: Override container image
        type: string
        required: false

permissions: {}

jobs:
  prepare-linux:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Use custom container image if specified
        if: ${{ github.event.inputs.override_container_image != '' }}
        run:
          echo "inner_container_image=${{ github.event.inputs.override_container_image }}"
          >> $GITHUB_ENV

      - name: Use default container image and resolve digest
        if: ${{ github.event.inputs.override_container_image == '' }}
        run: echo "inner_container_image=$(cat ./building/linux-container-image.txt)" >> $GITHUB_ENV

    outputs:
      container_image: ${{ env.inner_container_image }}

  build-linux:
    needs: prepare-linux
    runs-on: ubuntu-latest
    container:
      image: ${{ needs.prepare-linux.outputs.container_image }}

    strategy:
      matrix:
        rust: [stable, beta, nightly]
    continue-on-error: true
    steps:
      # Fix for HOME path overridden by GH runners when building in containers, see:
      # https://github.com/actions/runner/issues/863
      - name: Fix HOME path
        run: echo "HOME=/root" >> $GITHUB_ENV

      - name: Checkout repository
        uses: actions/checkout@v4

      - name: Checkout submodules
        run: |
          git config --global --add safe.directory '*'
          git submodule update --init --depth=1 dist-assets/binaries
          git submodule update --init wireguard-go-rs/libwg/wireguard-go

      # The container image already has rustup and the pinned version of Rust
      - name: Install Rust toolchain
        # When running this job for "stable" test against our pinned rust version
        # instead of the stable channel.
        # TODO: Improve this so both "stable" and the pinned version are tested if
        # they differ.
        if: ${{ matrix.rust != 'stable' }}
        run: rustup override set ${{ matrix.rust }}

      - name: Setup Rust cache
        uses: Swatinem/rust-cache@v2
        with:
          add-job-id-key: "false" # Preserve cache across jobs
          cache-targets: "false" # Only cache cargo registry

      - name: Test crates
        run: ci/cargo-ci.sh test --workspace

  build-macos:
    runs-on: macos-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4

      - uses: ./.github/actions/mullvad-build-env

      - name: Test crates
        run: ci/cargo-ci.sh test --workspace

  build-windows:
    strategy:
      # Even if onw of the Windows jobs fail, the other should not be cancelled.
      fail-fast: false
      matrix:
        config:
          - os: windows-latest
            arch: x64
          - os: windows-11-arm
            arch: arm64
    runs-on: ${{ matrix.config.os }}
    steps:
      # By default, the longest path a filename can have in git on Windows is 260 character.
      - name: Set git config for long paths
        run: |
          git config --system core.longpaths true

      - name: Checkout repository
        uses: actions/checkout@v4

      - uses: ./.github/actions/mullvad-build-env
        with:
          rust-cache-targets: "true"

      - name: Build Windows modules (x86_64)
        if: ${{ matrix.config.arch == 'x64' }}
        shell: bash
        run: ./build-windows-modules.sh build winfw

      - name: Build Windows modules (ARM64)
        if: ${{ matrix.config.arch == 'arm64' }}
        shell: bash
        # By default, ./build-windows-modules.sh will use 4 concurrent processes during compilation
        # because the Windows 11 ARM runner has 4 cores:
        # https://docs.github.com/en/actions/how-tos/write-workflows/choose-where-workflows-run/choose-the-runner-for-a-job#standard-github-hosted-runners-for-public-repositories
        #
        # Cap the number of concurrent processes to something less than 4 to avoid OOM issues.
        run: ./build-windows-modules.sh --max-concurrent-processes 2 build winfw

      # Excluding windows-installer because it builds an actual full installer
      # at the build step, which is not desired in a CI environment. Instead
      # we just `cargo check` it below.
      - name: Test crates
        shell: bash
        run: ci/cargo-ci.sh test --workspace  --exclude windows-installer